Both The New York Times and the Observer published major stories Saturday morning about Cambridge Analytica, a data analytics company that contracted with the Trump campaign. As Kurt Wagner at Recode pointed out, these stories made Facebook’s belated suspension of Cambridge a few hours earlier more understandable. But Facebook may have a difficult time shielding itself from the fallout from revelations like those described under this headline—50 million Facebook profiles harvested for Cambridge Analytica in major data breach:
The data analytics firm that worked with Donald Trump’s election team and the winning Brexit campaign harvested millions of Facebook profiles of US voters, in one of the tech giant’s biggest ever data breaches, and used them to build a powerful software program to predict and influence choices at the ballot box.
A whistleblower has revealed to the Observer how Cambridge Analytica – a company owned by the hedge fund billionaire Robert Mercer, and headed at the time by Trump’s key adviser Steve Bannon – used personal information taken without authorisation in early 2014 to build a system that could profile individual US voters, in order to target them with personalised political advertisements.
Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer: “We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.” [...]
Actually tens of millions. From documents and a confirmation from Facebook, the Observer confirmed that the social media giant had by 2015 learned that the information had been harvested. But it didn’t let Facebook users know about this gigantic data breach and it didn’t do much to improve the security of 50 million people on its site.
But last night Facebook finally moved, issuing this statement:
Protecting people’s information is at the heart of everything we do, and we require the same from people who operate apps on Facebook. In 2015, we learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/Cambridge Analytica, a firm that does political, government and military work around the globe. He also passed that data to Christopher Wylie of Eunoia Technologies, Inc.
Like all app developers, Kogan requested and gained access to information from people after they chose to download his app. His app, “thisisyourdigitallife,” offered a personality prediction, and billed itself on Facebook as “a research app used by psychologists.” Approximately 270,000 people downloaded the app. In so doing, they gave their consent for Kogan to access information such as the city they set on their profile, or content they had liked, as well as more limited information about friends who had their privacy settings set to allow it.
I hate to be all jaded and stuff, but protecting people’s information ought to at the heart of everything Facebook does. But, by focusing on the 270,000 people who consented and downplaying the extent of the breach by saying it only affected “friends who had their privacy settings set to allow it”—without mentioning that this is apparently 50 million people—Facebook executives failed once again to be transparent.
As for the uses those data reaped via Facebook were put, The New York Times reported:
Christopher Wylie, who helped found Cambridge and worked there until late 2014, said of its leaders: “Rules don’t matter for them. For them, this is a war, and it’s all fair.”
“They want to fight a culture war in America,” he added. “Cambridge Analytica was supposed to be the arsenal of weapons to fight that culture war.”
Details of Cambridge’s acquisition and use of Facebook data have surfaced in several accounts since the business began working on the 2016 campaign, setting off a furious debate about the merits of the firm’s so-called psychographic modeling techniques.
But the full scale of the data leak involving Americans has not been previously disclosed — and Facebook, until now, has not acknowledged it. Interviews with a half-dozen former employees and contractors, and a review of the firm’s emails and documents, have revealed that Cambridge not only relied on the private Facebook data but still possesses most or all of the trove.