An Audit of Facebook's Political Ad Policy Enforcement

Victor Le Pochat; Laura Edelson; Tom Van Goethem; Wouter Joosen; Damon McCoy; Tobias Lauinger

An Audit of Facebook's Political Ad Policy Enforcement

Victor Le Pochat, Laura Edelson, Tom Van Goethem, Wouter Joosen, Damon McCoy, Tobias Lauinger

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Major technology companies strive to protect the integrity of political advertising on their platforms by implementing and enforcing self-regulatory policies that impose transparency requirements on political ads. In this paper, we quantify whether Facebook's current enforcement correctly identifies political ads and ensures compliance by advertisers. In a comprehensive, large-scale analysis of 4.2 million political and 29.6 million non-political ads from 215,030 advertisers, we identify ads correctly detected as political (true positives), ads incorrectly detected (false positives), and ads missed by detection (false negatives). Facebook's current enforcement appears imprecise: 61% more ads are missed than are detected worldwide, and 55% of U.S. detected ads are in fact non-political. Detection performance is uneven across countries, with some having up to 53 times higher false negative rates among clearly political pages than in the U.S. Moreover, enforcement appears inadequate for preventing systematic violations of political advertising policies: for example, advertisers were able to continue running political ads without disclosing them while they were temporarily prohibited in the U.S. We attribute these flaws to five gaps in Facebook's current enforcement and transparency implementation, and close with recommendations to improve the security of the online political ad ecosystem.

Original language	English (US)
Title of host publication	Proceedings of the 31st USENIX Security Symposium, Security 2022
Publisher	USENIX Association
Pages	607-624
Number of pages	18
ISBN (Electronic)	9781939133311
State	Published - 2022
Event	31st USENIX Security Symposium, Security 2022 - Boston, United States Duration: Aug 10 2022 → Aug 12 2022

Publication series

Name	Proceedings of the 31st USENIX Security Symposium, Security 2022

Conference

Conference	31st USENIX Security Symposium, Security 2022
Country/Territory	United States
City	Boston
Period	8/10/22 → 8/12/22

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

Cite this

An Audit of Facebook's Political Ad Policy Enforcement. / Le Pochat, Victor; Edelson, Laura; Van Goethem, Tom et al.
Proceedings of the 31st USENIX Security Symposium, Security 2022. USENIX Association, 2022. p. 607-624 (Proceedings of the 31st USENIX Security Symposium, Security 2022).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Le Pochat, V, Edelson, L, Van Goethem, T, Joosen, W, McCoy, D & Lauinger, T 2022, An Audit of Facebook's Political Ad Policy Enforcement. in Proceedings of the 31st USENIX Security Symposium, Security 2022. Proceedings of the 31st USENIX Security Symposium, Security 2022, USENIX Association, pp. 607-624, 31st USENIX Security Symposium, Security 2022, Boston, United States, 8/10/22.

@inproceedings{946a2d7ea38540d698f48dcac8e6d4f7,

title = "An Audit of Facebook's Political Ad Policy Enforcement",

abstract = "Major technology companies strive to protect the integrity of political advertising on their platforms by implementing and enforcing self-regulatory policies that impose transparency requirements on political ads. In this paper, we quantify whether Facebook's current enforcement correctly identifies political ads and ensures compliance by advertisers. In a comprehensive, large-scale analysis of 4.2 million political and 29.6 million non-political ads from 215,030 advertisers, we identify ads correctly detected as political (true positives), ads incorrectly detected (false positives), and ads missed by detection (false negatives). Facebook's current enforcement appears imprecise: 61% more ads are missed than are detected worldwide, and 55% of U.S. detected ads are in fact non-political. Detection performance is uneven across countries, with some having up to 53 times higher false negative rates among clearly political pages than in the U.S. Moreover, enforcement appears inadequate for preventing systematic violations of political advertising policies: for example, advertisers were able to continue running political ads without disclosing them while they were temporarily prohibited in the U.S. We attribute these flaws to five gaps in Facebook's current enforcement and transparency implementation, and close with recommendations to improve the security of the online political ad ecosystem.",

author = "{Le Pochat}, Victor and Laura Edelson and {Van Goethem}, Tom and Wouter Joosen and Damon McCoy and Tobias Lauinger",

note = "Funding Information: We thank the anonymous reviewers and our shepherd Mainack Mondal for their valuable feedback. We also thank Davy Preuveneers for help with the classification metrics. Victor Le Pochat holds a PhD Fellowship of the Research Foundation Flanders - FWO (11A3421N). This research is partially funded by the Research Fund KU Leuven, and by the Flemish Research Programme Cybersecurity. Cybersecurity for Democracy at NYU{\textquoteright}s Center for Cybersecurity has been supported by Democracy Fund, Luminate, Media Democracy Fund, the National Science Foundation under grant 1814816, Reset, and Wellspring. This material is based upon work supported by the Google Cloud Research Credits program. Publisher Copyright: {\textcopyright} USENIX Security Symposium, Security 2022.All rights reserved.; 31st USENIX Security Symposium, Security 2022 ; Conference date: 10-08-2022 Through 12-08-2022",

year = "2022",

language = "English (US)",

series = "Proceedings of the 31st USENIX Security Symposium, Security 2022",

publisher = "USENIX Association",

pages = "607--624",

booktitle = "Proceedings of the 31st USENIX Security Symposium, Security 2022",

}

TY - GEN

T1 - An Audit of Facebook's Political Ad Policy Enforcement

AU - Le Pochat, Victor

AU - Edelson, Laura

AU - Van Goethem, Tom

AU - Joosen, Wouter

AU - McCoy, Damon

AU - Lauinger, Tobias

N1 - Funding Information: We thank the anonymous reviewers and our shepherd Mainack Mondal for their valuable feedback. We also thank Davy Preuveneers for help with the classification metrics. Victor Le Pochat holds a PhD Fellowship of the Research Foundation Flanders - FWO (11A3421N). This research is partially funded by the Research Fund KU Leuven, and by the Flemish Research Programme Cybersecurity. Cybersecurity for Democracy at NYU’s Center for Cybersecurity has been supported by Democracy Fund, Luminate, Media Democracy Fund, the National Science Foundation under grant 1814816, Reset, and Wellspring. This material is based upon work supported by the Google Cloud Research Credits program. Publisher Copyright: © USENIX Security Symposium, Security 2022.All rights reserved.

PY - 2022

Y1 - 2022

N2 - Major technology companies strive to protect the integrity of political advertising on their platforms by implementing and enforcing self-regulatory policies that impose transparency requirements on political ads. In this paper, we quantify whether Facebook's current enforcement correctly identifies political ads and ensures compliance by advertisers. In a comprehensive, large-scale analysis of 4.2 million political and 29.6 million non-political ads from 215,030 advertisers, we identify ads correctly detected as political (true positives), ads incorrectly detected (false positives), and ads missed by detection (false negatives). Facebook's current enforcement appears imprecise: 61% more ads are missed than are detected worldwide, and 55% of U.S. detected ads are in fact non-political. Detection performance is uneven across countries, with some having up to 53 times higher false negative rates among clearly political pages than in the U.S. Moreover, enforcement appears inadequate for preventing systematic violations of political advertising policies: for example, advertisers were able to continue running political ads without disclosing them while they were temporarily prohibited in the U.S. We attribute these flaws to five gaps in Facebook's current enforcement and transparency implementation, and close with recommendations to improve the security of the online political ad ecosystem.

AB - Major technology companies strive to protect the integrity of political advertising on their platforms by implementing and enforcing self-regulatory policies that impose transparency requirements on political ads. In this paper, we quantify whether Facebook's current enforcement correctly identifies political ads and ensures compliance by advertisers. In a comprehensive, large-scale analysis of 4.2 million political and 29.6 million non-political ads from 215,030 advertisers, we identify ads correctly detected as political (true positives), ads incorrectly detected (false positives), and ads missed by detection (false negatives). Facebook's current enforcement appears imprecise: 61% more ads are missed than are detected worldwide, and 55% of U.S. detected ads are in fact non-political. Detection performance is uneven across countries, with some having up to 53 times higher false negative rates among clearly political pages than in the U.S. Moreover, enforcement appears inadequate for preventing systematic violations of political advertising policies: for example, advertisers were able to continue running political ads without disclosing them while they were temporarily prohibited in the U.S. We attribute these flaws to five gaps in Facebook's current enforcement and transparency implementation, and close with recommendations to improve the security of the online political ad ecosystem.

UR - http://www.scopus.com/inward/record.url?scp=85137163898&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85137163898&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85137163898

T3 - Proceedings of the 31st USENIX Security Symposium, Security 2022

SP - 607

EP - 624

BT - Proceedings of the 31st USENIX Security Symposium, Security 2022

PB - USENIX Association

T2 - 31st USENIX Security Symposium, Security 2022

Y2 - 10 August 2022 through 12 August 2022

ER -

An Audit of Facebook's Political Ad Policy Enforcement

Abstract

Publication series

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this