Consider the Following Scenario
During the 2016 election campaign, a political firm named Cambridge Analytica was hired by the Trump Campaign. The firm obtained access to the private user information of 50 million Facebook users and had developed tools to assess the personality traits of the users. Based on usage habits largely relating to what a user “liked” on Facebook garnered from the user data, they were able to target digital advertisements tailored for various audiences to the individuals that comprised those groups.
According to testimony before Congress, Facebook contends that this was not a data breach in that it has routinely allowed access to data for academic purposes and that users consent to this when signing up for an account and further states that the data collected did not contain any sensitive data. They do concede that their previous policy which allowed this data to be harvested allowed a vulnerability to remain despite their prohibition against the data being transferred outside of the intended academic purposes and has since banned it.
The exploitation of this data by Cambridge Analytica was seen by many as a gross violation of their personal privacy and has brought about a considerable investigation, discussion and debate of what needs to be done to better protect peoples private information so it cannot be used in ways they find objectionable. In addition to the privacy concerns relating to this case, there is also considerable worry about the influence foreign powers may be having on our elections by spreading propaganda and fake news stories via Facebook and concern as to how far these actors are willing to go. Facebook is under extreme scrutiny by Congress, the Federal Trade Commission and other, very numerous, entities both domestically and internationally and has taken a hit to not only its reputation but also its bottom line with shareholders expressing significant disapproval a by-product.
This 2-3 page individual writing assignment requires reading the 2018 New York Times article, Facebook and Cambridge Analytica: What You Need to Know as Fallout Widens (Links to an external site.)involving Cambridge Analytica and Facebook as a case study that you should use to base for your answers to the three questions posed below. Use the tools introduced in this lesson to assess the risk to the United States election system:
- Bottom Line Up Front: Using the information above, in a BLUF or by mathematical equation estimate a value at risk proposition with regard to the current state of data privacy and integrity on social networking platforms such as Facebook and the vulnerability that exists with this data to exploitation by foreign governments.
- How would this value proposition change if rather than Cambridge Analytica doing the exploitation and foreign governments merely making use of what’s available to attempt to influence elections, that the nation-state actors instead begin the conduct of targeted cyber operations?
- With operations aimed at far more than merely influencing but actually breaching our election systems and compromising our elections as a future state?
- Mention and apply the three variables associated with Value @ Risk in your answer.
- Complete a Risk – Consequence – Action Matrix: the Risk Framework, based on the above scenario in which the two independent variables are the US government action and nation states conduct of cyber operations targeting our election systems. Clearly note action is on which axes.
- Complete the cells in the framework. These cells are the consequence of the convergence of the two actions.
- Explicitly identify the cell in which the precautionary principle occurs remembering the principle reflects pre-emptive action that may have costs and countervailing risks.
Risk-Consequence-Action Assessment
Risk/Consequence
Threat/Action Positive Negative
True
False
Grading Rubric
BLUF: Clear articulation of the bottom-line up front for the assignment scenario.
VAR: Addressed the VAR for an attempt to influence the US election system without taking an overt cyber action and with them taking an overt cyber action. Identified the three variables influencing VAR.
PRECAUTIONARY PRINCIPLE: Cells are properly completed with the possible action/consequence. Identified the precautionary principal cell.
PRESENTATION/GRAMMAR: Cohesive responses, good presentation, summary free of spelling and grammatical errors, citations and bibliography where appropriate.