Facebook/Cambridge Analytica Summary
Originally at https://notes.shaunagm.net/post/172109977907/facebook-cambridge-analytica-summary
Here’s a summary of what we know as of the afternoon of Wednesday, March 21st:
Cambridge Analytica (CA) is a subsidiary of Strategic Communication Laboratories (SCL). Right-wing billionaire Robert Mercer was one of the initial investors in CA, as was Steve Bannon, a board member who also named the firm. There are additional connections between Trump and CA through its parent company, SCL. Mike Flynn, the former NSA director who has pled guilty to one count of lying to the FBI and who Trump allegedly fired James Comey to protect, was hired by SCL as an advisor on securing US government contracts, a relationship Flynn failed to disclose. Paul Manafort and Erik Prince are also connected to SCL through business partnerships. Manafort is Trump’s former presidential campaign manager, currently facing life in prison for crimes related to the Russia scandal. Erik Prince, the brother of Secretary of Education Betsy DeVos, is under investigation for allegedly attempting to set up a secret backchannel between Trump and Putin. Mueller requested emails from CA related to the Trump campaign and related to the Brexit campaign back in December.
In 2014, CA worked with a British professor named Aleksandr Kogan to build a mobile app utilizing Facebook’s third party app ecosystem. Although Kogan claimed to be conducting an academic study, CA poured $800,000 into making the app in exchange for getting a full copy of the data collected. At the time, Facebook’s Friends API allowed apps to gather information not just from users who gave permission but from the friends of those users - even if the friends themselves had not given permission. Users who used Facebook Login additionally had their data made available to apps without their knowledge or permission. Taking advantage of these elements, Kogan gathered data from about 50 million people, only 270,000 of which were participants who he explicitly had permission from. According to reports, 30 of those 50 million had enough information, such as places of residence, that they could be matched to other records. In April 2015 FB shut shown the Friends API. (Facebook Login still reveals data to third party apps.)
In 2016, Jared Kushner hired CA to take over data operations for the Trump campaign. Under the guidance of Trump campaign officials, CA provided services including “designing target audiences for digital ads and fund-raising appeals, modeling voter turnout, buying $5 million in television ads and determining where Mr. Trump should travel to best drum up support”. It’s worth noting here that despite some American investors and employees, CA is predominantly European and Canadian - for instance the CEO of CA, Alexander Nix, a British citizen (more on him momentarily). This means CA may have violated US law against foreign interference in elections.
Given CA’s British origins, it’s not surprising that they were also involved in the Brexit campaigns, on the pro-Leave side. In a Parliament hearing a few months ago, Alexander Nix testified that CA did not use Facebook data as part of the Brexit campaign. These false statements prompted UK Information Commissioner Elizabeth Denham toseek a warrant to access CA’s servers. When they reached CA’s offices on Monday evening, they discovered representatives of Facebook (via cybersecurity firm Stroz Friedberg) already there. They left when ICO told them to, but it’s unknown what they did before ICO arrived.
Why was Facebook there? Well, back in 2015 a Guardian piece revealed the CA had Facebook user data. Although CA had collected data that Facebook’s API made available to anyone, Facebook said CA’d violated its rules by misrepresenting its app as an academic study. Facebook told CA to destroy the data and accepted a certified legal document that they had. As far as we know, Facebook did not inform its users, shareholders, or regulators about the incident or its response, nor did they take any further action on the matter until they discovered that reporters were about to publish this story. Then, they threatened to sue to try and prevent the Guardian from publishing their expose; disabled the Facebook account of the whistleblower who talked to the Guardian; and, as mentioned, sent representatives to CA’s offices. The FTC has opened an investigation into whether Facebook has violated an 2011 agreement to protect user privacy.
We’re almost done! A little bit more about Alexander Nix, the now suspended CEO of CA. In footage secretly filmed by Channel 4 News and described in the NY Times “he boasted of employing front companies and former spies on behalf of political clients around the world, and even suggested ways to entrap politicians in compromising situations. […] WikiLeaks founder, Julian Assange, disclosed in October that Mr. Nix had reached out to him during the campaign in hopes of obtaining private emails belonging to Mr. Trump’s Democratic opponent, Hillary Clinton.” Between that and lying to Parliament, Nix is likely in for a bad time.
Let’s finish by summarizing the things that Cambridge Analytica, Facebook, and the Trump Campaign may have done wrong and may be legally on the hook for.
Cambridge Analytica:
-
Pretending that their app was part of an academic study, when the data was used for other purposes.
-
Lying to Facebook when they certified that they had destroyed the data in 2015.
-
“Peddling false statements” to Parliament about whether or not they used Facebook’s data.
-
Interfering with the US election as foreign nationals.
-
Attempting to collaborate with Russia to data stolen from the Clinton campaign via Assange.
-
Helping to coordinate campaign spending between Trump campaign and outside groups, in violation of US campaign finance laws.
-
Anything related to the spying, entrapping, and other dirty work Nix bragged about in Channel 4’s secret footage.
Facebook:
-
Giving away too much user data, in violation of 2011 FTC agreement.
-
Failing to notify shareholders of the incident, which may be a violation under securities law. (Update: shareholders are suing.)
-
Facebook is arguing that what CA did was not a “breach” but, if it is later determined that it was, Facebook would be in violation of state and federal data breach notification laws.
Trump Campaign, through their relationships with CA:
-
Working with foreign nationals illegally attempting to influence an election, if it’s determined that Cambridge Analytica‘s British/Canadian directors and employees were too involved in the campaign.
-
Illegal coordination of campaign spending between the campaign and outside groups.
-
Collaborating with Russia to use data stolen from the Clinton campaign.
Please let me know if you catch any mistakes or missing info in this summary. Hope it’s helpful.