Cambridge Analytica Claim To Sway Elections With Facebook Data

Facebook data was contorted without user consent to put a candidate in the White House. That's not today's news, it happened in 2012. That Cambridge Analytica obtained scraped Facebook data for political campaigning wasn't revealed last weekend, it was first published in 2015. 

This week, headlines centre on Cambridge Analytica, Trump and Brexit, revealed data from Facebook was passed via a third-party researcher and used to target individuals en masse with "psychological warfare" during the US election. Cambridge Analytica has denied the allegations, while Facebook booted both Cambridge Analytica and whistleblower Chris Wiley from its platform. 

The news is shocking, though familiar. A story about an American politician turning to Cambridge Analytica for campaign help using data hoovered up in questionable fashion from Facebook was published back in 2015, before Trump and before Brexit. Facebook said at the time it was "carefully investigating".

Clearly not carefully enough. More than two years later Facebook representatives were reportedly spotted in Cambridge Analytica's offices, trying to "secure" data while the Information Commissioner sought a warrant for a raid. So what took so long? 

"The essence of the story really isn’t that different from what was revealed in 2015," says Eerke Boiten, professor in cyber security at De Montfort University. "Then, and throughout the last few years, there were always missing details and crucial denials that could sustain the idea that it was all a conspiracy theory, or boasting by the big egos of Cambridge Analytica."

Thanks to tenacious reporting and the decision of former Cambridge Analytica employee-cum-whistleblower Wylie’s decision to go public, the story has finally been cracked open, with data watchdog raids, rumblings from MPs about hearings, share price falls and Facebook's chief information security officer suddenly departing. 

At the start of this year, Facebook founder Mark Zuckerberg admitted that the social network “make too many errors enforcing our policies and preventing misuse of our tools” and made it his priority to do better. And yet, throughout this week’s scandal, Zuckerberg had remained silent.

"With the developments since then, and the investigations that have taken place either side of the Atlantic, we’ve now had so much smoke that there really must be a fire," says Boiten. 

Add that to the dramatic Trump and Brexit results, regardless of how you view the outcome, as well as investigations into Russian influence, and, Boiten says, the fact "nobody has any illusions about good intentions of Steve Bannon or Robert Mercer anymore," and it's no wonder we're finally paying attention. 

Privacy campaigners finally have a story that shows how dangerous the misuse of our data can be.

"It was only a matter of time for some profiling application to turn up that the public would find unacceptable," says Boiten. 

"Last year it briefly looked to be wealth screening of charity donors. Personalised price discrimination based on perceived wealth and buying habits was also a long standing candidate, or the setting of very precise life insurance premiums based on health data profiling. Turned out it was social media manipulation around elections, then."

If only we'd listened to privacy activists and data-rights campaigners sooner, they've been warning us for years.

The Digital Canary
The capture of Facebook data for political ends didn't start with Cambridge Analytica. In 2012 a story about "Obama for America", as his re-election team was called, and a Facebook app it created to boost the campaign. The app was the work of Blue State Digital, which had worked on Obama's first presidential run; Blue State Digital’s founder Joe Rospar was Obama's chief digital strategist. The aim was to use people’s Facebook friends to convince them to vote for Obama. 

To do that, the app asked Facebook followers if it could access your friends data, allowed under Facebook's terms at the time but banned in 2014. That data was used for funding requests and ads, but also to help identify which of supporters' friends were dithering on the election, so they could be targeted by their own Facebook friends. 

You're more likely to listen to your friends, the argument went, than any campaign manager. Back then, Facebook was a digital darling, but the idea that it allowed third parties to access people’s data without their direct consent now seems ludicrous.

"Understanding that a message from a friend is more trusted and effective, the program matched undecided voters in swing states within supporters’ networks, and provided them with a simple yet powerful way to share voting information," the Blue State Digital website explains. 

"The peer-to-peer messages boosted target audience reach by 400 per cent and increased completion rates for important actions like registering to vote by 40 per cent."

This is a far cry from what Cambridge Analytica stands accused of; Blue State's data was collected and used legally with consent, the messages clearly came from Obama's campaign, and there were no attempts to use psychometric analysis. Yet even then it still raised prescient questions from privacy activists. 

At the time, Jeff Chester of the digital advertising watchdog Center for Digital Democracy, said Blue State Digital’s technology was "beyond J Edgar Hoover's dream. In its rush to exploit the power of digital data to win re-election, the Obama campaign appears to be ignoring the ethical and moral implications."

Cambridge Analytica appears to have taken the idea of using Facebook to persuade citizens and run to hell and back with it.

What's more convincing than your friends armed with a few facts and memes from campaign central command? Propaganda tuned to your individual psychological quirks. Rather than legally acquire Facebook data to encourage supporters to share a few facts, links or videos to convince friends or encourage voter turnout, Cambridge Analytica allegedly acquired the data through a researcher who broke Facebook’s terms and UK data laws in order to build what Wylie describes as a "psychological warfare mindfuck tool" and "a full service propaganda machine".

Wylie says Cambridge Analytica tried to understand what kinds of messaging would change a person's mind, be it the right topic or tone, such as scary or warm, and then use a team of designers and developers to create that content as websites, blogs or other sources. 

"We will create content on the internet for them to find," he says. Those posts and blogs would have seemed organic and authentic, but they weren't. Cambridge Analytica denies it used Facebook data in the Trump campaign. 

Why don't we Listen?
Why did we wait for electoral carnage before heeding the warnings from privacy experts and investigative journalists? Privacy campaigners have been warning against this for years.  The Wall Street Journal reported on political data mining as early 2010, The Intercept laid out details of political data mining firms in 2016 and the Daily Mail asked in 2014 if Facebook could "swing an election." All those warnings and many more, before Cambridge Analytica was even formed, were all ignored. 

Cambridge Analytica has been the subject of repeated stories for years. In 2015 it made news with the story described above, detailing the use of scraped Facebook data on Ted Cruz's candidacy campaign.  Christopher Soghoian, chief technologist of the American Civil Liberties Union, said the news was "troubling" and Facebook claimed at the time it was "carefully investigating the situation." It took two years for anyone to fully appreciate what was going on.

Boiten believes the public and activists focused too much on keeping data private, rather than how private data could be abused. "The big data protection stories, and in the UK, fines, have been about information leaking and being sold, for example in data breaches," he says. 

At the start of this week, the first round of headlines on the latest Cambridge Analytica scoop highlighted a breach, sparking arguments on semantics. The idea of "privacy as control" also gained some traction, with even Boiten arguing that "the precise use of Facebook privacy settings to share particular things with particular audiences is a triumph of privacy-as-control". However, he notes that it hasn't been well explained how data could be used against people; while we were warned that Facebook could "swing an election" or predict sensitive characteristics, we didn't understand what that meant for us. 
"The dimension of privacy that has proved hardest to catch is the use of, possibly innocuous-seeming, personal data against people," he says. We've got one heck of a case study now, at least, the slimmest of silver linings on this debacle. 

What about Facebook?
We've heard ad nauseum that on Facebook we're not the customers but the product. We all know Facebook is designed to collect data on its users, massage it for preferences, and try to influence us, that's behavioural advertising, after all. Will the association with Cambridge Analytica and the clear view of the danger of data misuse convince us to change our promiscuity with data sharing? Aral Balkan, privacy activist and developer of the Better anti-tracking tool, doesn't think we'll smarten up and ditch Facebook. "People are still more worried that a third-party company like Cambridge Analytica used Facebook’s data instead of what they should actually be worried about: that Facebook had that data to begin with," he says

"Cambridge Analytica and Facebook have the same business model," says Balkan. "If Cambridge Analytica can sway elections and referenda with a relatively small subset of Facebook’s data, imagine what Facebook can and does do with the full set."

If that doesn't alarm you, you haven't been paying attention. Not enough of us have, but it's time to start.

Wired

You Might Also Read:

How AI Has Conquered Democracy:

Millions Of Facebook Profiles Were ‘Harvested’  In US Election Breach:

You Probably Don’t Know All the Ways Facebook Tracks You:
 

 

« About Strategic Threat Intelligence
Slingshot: Avoiding Sophisticated Cyber Espionage »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the world’s largest privately held vendors of endpoint cybersecurity solutions.

K7 Computing

K7 Computing

K7 provides antivirus and internet security products for business and home users.

Cambridge Intelligence

Cambridge Intelligence

Cambridge Intelligence are experts in network visualization and finding hidden trends in complex connected data. Applications include cybersecurity.

KLC Consulting

KLC Consulting

KLC Consulting offers information assurance / Security, IT Audit, and Information Technology products and services to government and Fortune 1000 companies.

RIPS Technologies

RIPS Technologies

RIPS Technologies delivers automated security analysis for PHP applications as platform independent software or highly scalable cloud service.

CyberGuarded

CyberGuarded

CyberGuarded are an accredited vendor independent information security testing and auditing company.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

TDRA focuses on regulating the telecommunications sector and enabling government entities in the field of smart transformation. It is responsible for the overall digital infrastructure in the UAE.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

OAS Chain

OAS Chain

OAS Blockchain Renaissance Project presents three platforms that address the major challenges of public blockchain, private blockchain, and IoT security.

Drootoo

Drootoo

Drootoo is transforming businesses and making them high performing entities with its unified cloud platform.

Stratosphere Networks

Stratosphere Networks

Stratosphere Networks offer managed cybersecurity services rooted in Managed Detection and Response and Security Operations Center services that our team can tailor to meet your needs.

RevealSecurity

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.

Beetles Cyber Security

Beetles Cyber Security

Beetles is a crowdsourced penetration testing platform designed to build a trusted, hacker-centric approach to protectan organization’s digital attack surface.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.