Cambridge Analytica Claim To Sway Elections With Facebook Data

Facebook data was contorted without user consent to put a candidate in the White House. That's not today's news, it happened in 2012. That Cambridge Analytica obtained scraped Facebook data for political campaigning wasn't revealed last weekend, it was first published in 2015. 

This week, headlines centre on Cambridge Analytica, Trump and Brexit, revealed data from Facebook was passed via a third-party researcher and used to target individuals en masse with "psychological warfare" during the US election. Cambridge Analytica has denied the allegations, while Facebook booted both Cambridge Analytica and whistleblower Chris Wiley from its platform. 

The news is shocking, though familiar. A story about an American politician turning to Cambridge Analytica for campaign help using data hoovered up in questionable fashion from Facebook was published back in 2015, before Trump and before Brexit. Facebook said at the time it was "carefully investigating".

Clearly not carefully enough. More than two years later Facebook representatives were reportedly spotted in Cambridge Analytica's offices, trying to "secure" data while the Information Commissioner sought a warrant for a raid. So what took so long? 

"The essence of the story really isn’t that different from what was revealed in 2015," says Eerke Boiten, professor in cyber security at De Montfort University. "Then, and throughout the last few years, there were always missing details and crucial denials that could sustain the idea that it was all a conspiracy theory, or boasting by the big egos of Cambridge Analytica."

Thanks to tenacious reporting and the decision of former Cambridge Analytica employee-cum-whistleblower Wylie’s decision to go public, the story has finally been cracked open, with data watchdog raids, rumblings from MPs about hearings, share price falls and Facebook's chief information security officer suddenly departing. 

At the start of this year, Facebook founder Mark Zuckerberg admitted that the social network “make too many errors enforcing our policies and preventing misuse of our tools” and made it his priority to do better. And yet, throughout this week’s scandal, Zuckerberg had remained silent.

"With the developments since then, and the investigations that have taken place either side of the Atlantic, we’ve now had so much smoke that there really must be a fire," says Boiten. 

Add that to the dramatic Trump and Brexit results, regardless of how you view the outcome, as well as investigations into Russian influence, and, Boiten says, the fact "nobody has any illusions about good intentions of Steve Bannon or Robert Mercer anymore," and it's no wonder we're finally paying attention. 

Privacy campaigners finally have a story that shows how dangerous the misuse of our data can be.

"It was only a matter of time for some profiling application to turn up that the public would find unacceptable," says Boiten. 

"Last year it briefly looked to be wealth screening of charity donors. Personalised price discrimination based on perceived wealth and buying habits was also a long standing candidate, or the setting of very precise life insurance premiums based on health data profiling. Turned out it was social media manipulation around elections, then."

If only we'd listened to privacy activists and data-rights campaigners sooner, they've been warning us for years.

The Digital Canary
The capture of Facebook data for political ends didn't start with Cambridge Analytica. In 2012 a story about "Obama for America", as his re-election team was called, and a Facebook app it created to boost the campaign. The app was the work of Blue State Digital, which had worked on Obama's first presidential run; Blue State Digital’s founder Joe Rospar was Obama's chief digital strategist. The aim was to use people’s Facebook friends to convince them to vote for Obama. 

To do that, the app asked Facebook followers if it could access your friends data, allowed under Facebook's terms at the time but banned in 2014. That data was used for funding requests and ads, but also to help identify which of supporters' friends were dithering on the election, so they could be targeted by their own Facebook friends. 

You're more likely to listen to your friends, the argument went, than any campaign manager. Back then, Facebook was a digital darling, but the idea that it allowed third parties to access people’s data without their direct consent now seems ludicrous.

"Understanding that a message from a friend is more trusted and effective, the program matched undecided voters in swing states within supporters’ networks, and provided them with a simple yet powerful way to share voting information," the Blue State Digital website explains. 

"The peer-to-peer messages boosted target audience reach by 400 per cent and increased completion rates for important actions like registering to vote by 40 per cent."

This is a far cry from what Cambridge Analytica stands accused of; Blue State's data was collected and used legally with consent, the messages clearly came from Obama's campaign, and there were no attempts to use psychometric analysis. Yet even then it still raised prescient questions from privacy activists. 

At the time, Jeff Chester of the digital advertising watchdog Center for Digital Democracy, said Blue State Digital’s technology was "beyond J Edgar Hoover's dream. In its rush to exploit the power of digital data to win re-election, the Obama campaign appears to be ignoring the ethical and moral implications."

Cambridge Analytica appears to have taken the idea of using Facebook to persuade citizens and run to hell and back with it.

What's more convincing than your friends armed with a few facts and memes from campaign central command? Propaganda tuned to your individual psychological quirks. Rather than legally acquire Facebook data to encourage supporters to share a few facts, links or videos to convince friends or encourage voter turnout, Cambridge Analytica allegedly acquired the data through a researcher who broke Facebook’s terms and UK data laws in order to build what Wylie describes as a "psychological warfare mindfuck tool" and "a full service propaganda machine".

Wylie says Cambridge Analytica tried to understand what kinds of messaging would change a person's mind, be it the right topic or tone, such as scary or warm, and then use a team of designers and developers to create that content as websites, blogs or other sources. 

"We will create content on the internet for them to find," he says. Those posts and blogs would have seemed organic and authentic, but they weren't. Cambridge Analytica denies it used Facebook data in the Trump campaign. 

Why don't we Listen?
Why did we wait for electoral carnage before heeding the warnings from privacy experts and investigative journalists? Privacy campaigners have been warning against this for years.  The Wall Street Journal reported on political data mining as early 2010, The Intercept laid out details of political data mining firms in 2016 and the Daily Mail asked in 2014 if Facebook could "swing an election." All those warnings and many more, before Cambridge Analytica was even formed, were all ignored. 

Cambridge Analytica has been the subject of repeated stories for years. In 2015 it made news with the story described above, detailing the use of scraped Facebook data on Ted Cruz's candidacy campaign.  Christopher Soghoian, chief technologist of the American Civil Liberties Union, said the news was "troubling" and Facebook claimed at the time it was "carefully investigating the situation." It took two years for anyone to fully appreciate what was going on.

Boiten believes the public and activists focused too much on keeping data private, rather than how private data could be abused. "The big data protection stories, and in the UK, fines, have been about information leaking and being sold, for example in data breaches," he says. 

At the start of this week, the first round of headlines on the latest Cambridge Analytica scoop highlighted a breach, sparking arguments on semantics. The idea of "privacy as control" also gained some traction, with even Boiten arguing that "the precise use of Facebook privacy settings to share particular things with particular audiences is a triumph of privacy-as-control". However, he notes that it hasn't been well explained how data could be used against people; while we were warned that Facebook could "swing an election" or predict sensitive characteristics, we didn't understand what that meant for us. 
"The dimension of privacy that has proved hardest to catch is the use of, possibly innocuous-seeming, personal data against people," he says. We've got one heck of a case study now, at least, the slimmest of silver linings on this debacle. 

What about Facebook?
We've heard ad nauseum that on Facebook we're not the customers but the product. We all know Facebook is designed to collect data on its users, massage it for preferences, and try to influence us, that's behavioural advertising, after all. Will the association with Cambridge Analytica and the clear view of the danger of data misuse convince us to change our promiscuity with data sharing? Aral Balkan, privacy activist and developer of the Better anti-tracking tool, doesn't think we'll smarten up and ditch Facebook. "People are still more worried that a third-party company like Cambridge Analytica used Facebook’s data instead of what they should actually be worried about: that Facebook had that data to begin with," he says

"Cambridge Analytica and Facebook have the same business model," says Balkan. "If Cambridge Analytica can sway elections and referenda with a relatively small subset of Facebook’s data, imagine what Facebook can and does do with the full set."

If that doesn't alarm you, you haven't been paying attention. Not enough of us have, but it's time to start.

Wired

You Might Also Read:

How AI Has Conquered Democracy:

Millions Of Facebook Profiles Were ‘Harvested’  In US Election Breach:

You Probably Don’t Know All the Ways Facebook Tracks You:
 

 

« About Strategic Threat Intelligence
Slingshot: Avoiding Sophisticated Cyber Espionage »

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IBackup

IBackup

IBackup is a Web Based Online Backup service provider.

Morphisec

Morphisec

Morphisec Endpoint Threat Prevention blocks zero-days and advanced attacks in real time, before they cause any damage.

Sudan CERT

Sudan CERT

Sudan CERT is the national Computer Emergency Response Team of Sudan.

Niagara Networks

Niagara Networks

Niagara Networks is a Network Visibility industry leader, with emphasis in 1/10/40/100 Gigabit systems and mission-critical IT and security appliances.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

Resilia

Resilia

RESILIA is a comprehensive portfolio of tools and training to help your organization achieve global best practice in cyber security.

ioXt Alliance

ioXt Alliance

The ioXt Alliance is a group of manufacturers, industry alliances and government organizations dedicated to harmonizing best security practices in a highly connected world.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

CybX Security LLC

CybX Security LLC

CybX is led by a veteran team with experience in enterprise security system design, development and deployment.