The Facebook data leak: What happened and what’s nextComments
Late last week, the UK’s Information Commissioner’s Office (ICO) confirmed 30 organisations, including Facebook, were being investigated as part of a national inquiry into the use of personal data and analytics for political and commercial purposes.
It came weeks after the regulatory body was granted a warrant to search Cambridge Analytica’s (CA) headquarters in London, the political consulting firm at the heart of the data leak scandal.
But how were they able to access and harness Facebook users’ data for their political partners and clients, and how will that impact people going forward?
This Is Your Digital Life
CA’s mass data-mining project began in June 2014, when, according to its co-founder Christopher Wylie, a commercial data-sharing deal was signed between SCL Elections (CA’s parent company) and Global Science Research (GSR), an organisation owned by Cambridge University lecturer Aleksandr Kogan.
The psychology professor created a quiz app called This Is Your Digital Life, with which data would be extracted from personality tests taken by its users and given to CA. The firm then advertised the app on an Amazon web service and paid participants up to $5 to encourage take-up, but only US voters with a Facebook account were eligible to take part. Their responses were then paired with information taken from their social media profile, including their gender, age, relationship status, location and ‘likes’, to establish their personality traits and political views.
Within months, around 320,000 Facebook users had downloaded the app, exposing both their profiles and those belonging to their Facebook Friends – around 87 million in total – as the social network allowed apps to retrieve such data at the time.
Those individuals were then linked to electoral records obtained by SCL, and targeted with highly personalized political advertising for CA’s partners and clients.
President Trump and Brexit
CEO Alexander Nix has previously said CA was a major player in Donald Trump’s election in 2016, telling undercover reporters that the company “ran all the digital campaign” for the Republican candidate.
The company also received payments totaling almost $6 million from Trump’s campaign team in 2016, according to government records, yet they have since vehemently downplayed CA’s role in their success.
In a statement released in October, campaign director Michael Glassner said data analysis was managed solely by the Republican National Committee and “any claims that voter data from any other source played a key role in the victory are false”.
CA’s work may have also influenced the result of the UK’s Brexit referendum, when Britons voted to leave the European Union in 2016. Aaron Banks, the co-founder of pro-Brexit campaign group Leave.EU, said in a book published in October 2015 that the group had hired the firm which uses “big data and advanced psychographics” to influence people. In November that year, Leave.EU also announced its partnership with the company on its website, saying CA “will be helping us map the British electorate and what they believe in, enabling us to better engage with voters”.
But again, there have been stringent denials that the organisations worked together, with Banks telling Reuters that the group accepted “no benefit in kind, no data, no nothing” from CA.
He later told a parliamentary committee that his reference to the firm being “hired” in a book solely signaled Leave.EU’s intention to work with them.
In the aftermath of the Guardian’s exposé in March, Facebook has stated that claims Kogan’s app committed a data breach were “completely false” as “people knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked”.
Yet Strategic Communication Laboratories (SCL), CA and Kogan were banned from the social network, pending an investigation, for violating the platform’s policies. Their infringements included passing information to a third party and allegedly failing to delete Facebook data at the company’s request.
The technology giant went on to update their terms and conditions to restrict data access from third-party apps.
But this weekend, Canadian political consulting firm AggregateIQ was also suspended amid reports of ties to CA, as well as the data analysis company CubeYou, which is associated with Cambridge University. The latter, which used personality quizzes to grab data, reportedly labeled its product as being "for non-profit academic research", even though the information was being shared with marketers.
And Facebook’s maneuvers have not been enough to pacify the authorities, nor settle debates concerning data privacy and regulation.
In March, ICO investigators raided CA’s headquarters in London. And earlier this month, the body confirmed it was investigating 30 organisations, including Facebook, as part of a national inquiry into the use of personal data and analytics for political and commercial purposes.
Information Commissioner Elizabeth Denham said in a statement: “The ICO is looking at how data was collected from a third-party app on Facebook and shared with Cambridge Analytica. We are also conducting a broader investigation into how social media platforms were used in political campaigning.”
The US Federal Trade Commission is also investigating whether Facebook improperly allowed Cambridge Analytica access to users’ personal data, breaching a consent agreement the social network signed with the agency in 2011. The decree stipulated that Facebook must notify users and acquire their explicit permission before sharing their data beyond what their privacy settings allowed.
The technology giant’s CEO Mark Zuckerberg will answer lawmakers' questions in Washington on Tuesday and Wednesday (April 10-11).