AFRICA ZEAL UNIVERSITY

INCULCATING PROFESSIONAL
DIGNITY

Department: Information Technology

Program: Bachelor Degree

Student Name: Abdasalam Kumondan Juma

Index Number: 079830

Course Name: Computer Ethics and Law

Instructor Name: Mr. Jamiga George

Assignment One

Submission Date:
Analysis of the Facebook–Cambridge
Analytica Data Scandal and Ethics of
Hacking

Part 1: Facebook–Cambridge Analytica Data Scandal

Introduction

The Facebook–Cambridge Analytica scandal, which erupted in 2018, is one of the most
significant cases highlighting the ethical challenges of data privacy in the digital age. It revealed
how personal data harvested from social media platforms could be exploited for political gain,
raising fundamental questions about privacy, consent, and corporate responsibility. This analysis
delves into the ethical issues involved in the scandal, examines what could have been done
differently, and reflects on the implications for data governance in technology companies.

Background of the Scandal

In the 2010s, Facebook was one of the world's largest social media platforms, with billions of
users sharing personal information online. Cambridge Analytica (CA), a data analytics firm,
exploited access to Facebook user data via a third-party app created by researcher Aleksandr
Kogan. This app collected data not only from consenting users but also from their Facebook
friends, resulting in the unauthorized harvesting of approximately 87 million users' data.

This data was employed to construct psychological profiles aimed at influencing voter behavior
during political campaigns, most notably the 2016 US presidential election between Donald
Trump and Hillary Clinton, and the Brexit referendum. The scandal highlighted serious breaches
in data privacy and sparked global discussions about the ethical use of personal information.

Ethical Issues Involved

1. Violation of User Privacy

Fundamentally, the scandal was a gross violation of user privacy. Users were either unaware or
insufficiently informed about how their data was being collected and used. The secondary
collection of friends’ data without explicit consent compounded the violation.
  Breach of Privacy Expectations: Users trusted Facebook to safeguard their personal
information, not to share it with third parties for political profiling or micro-targeting.
 Inadequate Consent Mechanisms: The app obtained consent only from direct users but
exploited Facebook’s API to harvest additional data from their connections without those
individuals' knowledge or approval.

2. Lack of Transparency and Accountability

Neither Facebook nor Cambridge Analytica were transparent about their data collection and use
practices.

 Opaque Data Practices: Facebook’s policy allowed the initial data gathering but did not
clearly inform users or partners about limits on further data use.
 Cambridge Analytics Deceptive Role: CA misrepresented the purpose of data use,
claiming it was for academic research but instead using it for political campaigning.
 Delayed Accountability: Facebook was slow to act, only responding to the scandal once
it became public, undermining trust.

3. Manipulation and Exploitation of Democratic Processes

Using psychological data profiling for voter influence raised ethical concerns around
manipulation and fairness.

 Behavioral Targeting as Manipulation: Micro-targeted ads based on detailed

psychological profiles could unfairly sway voters by exploiting emotional vulnerabilities.
 Undermining Informed Consent: Voters were unaware of being targeted by campaigns
tailored to manipulate their beliefs or emotions.
 Threat to Democratic Integrity: The scandal exposed vulnerabilities in democratic
systems, where technology can be used to influence election outcomes covertly.

4. Conflict of Interest and Responsibility

Facebook’s business model, reliant on targeted advertising, conflicted with user privacy
protection.

 Profit vs Privacy: Facebook prioritized growth and advertising profits over safeguarding
user data.
 Inadequate Oversight: Insufficient internal policies and external regulation allowed
these practices to go unchecked.

What Could Have Been Done Differently?

1. Improved Data Privacy Controls

  More Restrictive API Access: Facebook could have limited third-party apps’ access to
user and friends' data, enforcing granular permissions.
 Data Minimization Principles: Apps should only collect data strictly necessary for their
stated functions.
 Regular Audits and Monitoring: Continuous oversight of apps accessing user data
could identify misconduct early.

2. Stronger User Consent and Transparency

 Clear, Informed Consent: Explicit and understandable consent should be obtained from
users and any individuals whose data might be indirectly collected.
 User Awareness Campaigns: Facebook could educate users on how their data is used
and shared.
 Easy Access to Data Controls: Allow users to view, control, or delete data shared with
third parties.

3. Ethical Corporate Governance

 Accountability Frameworks: Facebook and analytic firms should establish ethical

guidelines and a code of conduct governing data use.
 Whistleblower Protection: Encourage internal reporting of unethical behavior.
 Public Accountability Statements: Transparent communication on data policies and
breach consequences.

4. Regulatory and Legal Interventions

 Stricter Data Protection Laws: Governments should enforce regulations such as GDPR
that mandate protections and penalties for data misuse.
 Cross-Border Cooperation: Handling multinational data requires collaboration between
countries for enforcement.

Part 2: Ethics of Hacking

Defining Ethical and Unethical Hacking

 Ethical Hacking (White Hat Hacking): Ethical hacking involves authorized and legal
attempts to identify and fix security vulnerabilities before malicious hackers can exploit
them. Ethical hackers work with organizations to improve cybersecurity and protect data.
 Unethical Hacking (Black Hat Hacking): Unethical hacking refers to unauthorized,
illegal hacking activities intended to steal, damage, or manipulate data and systems for
personal or financial gain.
Comparison of Ethical and Unethical Hacking

Aspect Ethical Hacking Unethical Hacking

Authorization Performed with explicit permission Performed without permission
To improve security, uncover
Purpose To exploit vulnerabilities, cause harm
vulnerabilities
Legal Status Legal and approved Illegal and punishable
Transparency Findings reported to stakeholders Activities hidden to avoid detection
Harms users, steals sensitive
Impact on Users Protects users and systems
information

Real-World Examples

Ethical Hacking Examples

1. Google Vulnerability Reward Program (VRP)

o Google’s bug bounty program rewards ethical hackers who discover and
responsibly disclose security flaws in Google products. This promotes continual
security improvement.
2. Penetration Testing by Security Teams
o Companies often hire penetration testers to simulate cyber-attacks on systems to
identify vulnerabilities. For example, banks frequently employ ethical hackers to
test their online banking security.
3. Government Cybersecurity Exercises
o Entities like the US Department of Defense (DoD) engage ethical hackers to test
the resilience of critical infrastructure against cyber threats in authorized
exercises.

Unethical Hacking Examples

1. WannaCry Ransomware Attack (2017)

o Hackers deployed ransomware exploiting vulnerabilities in Windows systems
worldwide, encrypting users’ data and demanding ransom payments.
2. Equifax Data Breach (2017)
o Cybercriminals stole sensitive personal data, including social security numbers,
impacting 147 million people due to exploited vulnerabilities.
3. Stuxnet Malware
o A sophisticated worm developed to sabotage Iran’s nuclear centrifuges;
considered cyber sabotage and malicious hacking.
Conclusion
The Facebook–Cambridge Analytica scandal serves as a powerful case study exposing how
modern technology firms and data analytics can overstep ethical boundaries, infringing on
individual privacy and democratic integrity. The ethical lapses involved underline the necessity
for stronger data governance, transparency, and enhanced user control of personal information.

REFERENCES

 Facebook–Cambridge Analytica data scandal.

(2024). Wikipedia. Retrieved
from https://en.wikipedia.org/wiki/Facebook
%E2%80%93Cambridge_Analytica_data_scandal
 Hacking Ethics. (2023). Ethical vs Unethical Hacking Explained.