The Cambridge Analytica Facebook data breach explained

Ever taken one of those cute personality tests on Facebook? Maybe think twice.

What happened?

Data firm Cambridge Analytica is fast becoming a house-hold name after two media outlets revealed its involvement in Donald Trump’s 2016 presidential campaign. Cambridge Analytica has been accused of harvesting the data of some 50 million Facebook users' profiles without their knowledge to help it design software to predict and influence voters’ choices at the ballot box.

Just hours before the Observer and the New York Times broke the story over the weekend, Facebook suspended Cambridge Analytica from its platform, pending an investigation, in an apparent pre-emptive strike to limit the damage to its own brand.

The tech giant has announced a review into the potential privacy breach as it comes under intense scrutiny by US and British politcians. Cambridge Analytica, meanwhile, has said it deleted the data before it even started work on the Trump campaign.

Cambridge Analytica CEO Alexander Nix will now face another grilling by British politicians, while Facebook founder Mark Zuckerberg has been summoned to speak to a UK House of Commons committee about the misuse of data.  

Why do we care?

Well, because so many of us are on Facebook, which has built its entire massive business on its users’ data - their likes, networks, locations and browsing histories. Facebook is free to you, because you are not the customer but the product. Your data, aggregated with millions of others', is an incredibly powerful tool for anyone who wants to convince a lot of people to vote for someone or buy something.

We exploited Facebook to harvest millions of people's profiles. And built models to exploit what we knew about them and target their inner demons. Christopher Wylie
In the words of Christopher Wylie, the Canadian data analytics specialist and whistle-blower that created the system and now, deeply troubled by its consequences, has exposed it: “I built Steve Bannon’s psychological warfare mindf--k tool.” Steve Bannon was the driving force behind the election of Donald Trump, one of the most disruptive and controversial presidents in US history.

"We exploited Facebook to harvest millions of people's profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis that the entire company was built on," Wylie told the Observer.

This appears to be the starkest example yet of how social media is being used for political purposes at the highest levels. 

How did it work?

The New York Times reports that Cambridge Analytica spent US$800,000 in 2014 to get Russian-American academic Aleksandr Kogan to build an app to harvest the data of Facebook users. He created a personality quiz called "thisisyourdigitallife" and Cambridge Analytica paid for people to take it. 270,000-odd people downloaded the app. 

According to Facebook, users consent for their information to be used simply by downloading the app, but media reports said it also extracted the personal data of each of those users’ friends, unbeknown to them.

Aleksandr Kogan then passed all the data his app collected on some 50 million users onto Cambridge Analytica and other companies. Of those accounts, sufficient data had been gleaned to create psychographic profiles on 30 million of them, which it used to understand and influence voter behaviour for its clients.

Facebook said it removed the app in 2015 when it learned of the violations, and told everyone who received the misappropriated data to destroy it. But it has now emerged from several sources speaking to several media outlets that the data had not been deleted.

Facebook has since pushed back a bit, quibbling that it was “not a data breach.” The tech giant's deputy general counsel Paul Grewal  that all misused data was “knowingly provided” by users, and did not extend to those users’ Facebook friends - or at least not to those who had privacy settings turned on.

But Facebook has suspended it anyway because it violated Facebook’s rules when the data was handed to a third party - Cambridge Analytica - for targeting political ads.

Seek out views you aren’t going to ‘like’
File: Facebook Source: AFP Karen Bleier

Who is Cambridge Analytica?

Set up in London in 2013, Cambridge Analytica purports to help its clients “change audience behaviour” using consumer data from social media and polling combined with behavioural science. Its right wing founder Alexander Nix that it was set up “to address the vacuum in the US Republican political market” after Mitt Romney’s 2012 defeat.

Former Cambridge Analytica insider Chris Wylie outlined the firm's strategy to ABC America. 

"It is sort of like the digital shadow of yourself. So, when you think about what you do on social media, you curate your identity."

"Cambridge Analytica will try to pick at whatever mental weakness or vulnerability that we think you have and try to warp your perception of what's real around you," he said.

The firm was bankrolled to the tune of $15 million by US hedge fund billionaire Robert Mercer, a major Republican donor. At the time, Steve Bannon - a top Trump adviser until he was fired last summer - was a director of the company.

Following the suspension on the weekend, the company said it was in touch with Facebook "in order to resolve this matter as quickly as possible ," denying it violated Facebook’s terms of service. It blamed the misuse of data on Aleksandr Kogan and said it has since deleted all the data it received from a company he founded, Global Science Research.

What is the Trump connection?

Donald Trump’s son-in-law Jared Kushner had boasted that he brought in Cambridge Analytica to help win the 2016 US Presidential election for Mr Trump, according to the New York Times. Special Counsel Robert Mueller, who is investigating possible Trump campaign collusion with Russia during the election, thinks the company could be a key link in his case. The Wall Street Journal reported on Friday that Mr Mueller has ordered Cambridge Analytica to turn over internal documents.

The company has sought quickly to hose down the Trump connection, claiming that none of the data obtained through Kogan and Global Science Research “was used by Cambridge Analytica as part of the services it provided to the Donald Trump 2016 presidential campaign.”

But Robert Mueller is not expected to let this one go.

What does this mean for Facebook users?

The compromise of 50 million users’ data raises a lot of questions over whether, as Facebook said in its statement: “protecting people’s information is at the heart of everything we do.” The company was already under fire over the way its news feed was effectively gamed to spread deliberate misinformation deployed by Russian interests to sway voters during the 2016 US election campaign - another huge blow to its reputation.

Facebook has not informed users whose data was compromised of the fact. Going forward, even if third party apps obtain users' data legitimately according to Facebook's own rules, they may then be acquired by other companies who use it, in breach of the rules. 

So the social media platform’s 2.2 billion users may well be wondering how safe their data is, and whether the company has undertaken any systemic action to stop misuse when it has clearly known about this problem for a few years, but only acted on Friday ahead of media exposure. 

What happens now?

In the UK, Cambridge Analytica and Facebook are already the subject of an inquiry into data and politics by the Information Commissioner’s Office and another one by the Electoral Commission to investigate what role it played in the Brexit referendum (the company has said it did not work for the ‘Leave’ vote, but this has been contradicted by the co-founder of Leave.EU, Arron Banks).

In the US, Democrat senators called for new regulations on Facebook over the weekend, and some Republican senators questioned the company’s actions. But it was unclear whether the Republican-controlled Congress would act. Facebook said it was conducting a thorough internal review.

Australian connection

The data mining firm has been trying to expand its operations overseas, including in Australia. Cambridge Analytica is registered in Australia at a property in the Sydney suburb of Maroubra; however, the man who registered the firm said it has never conducted any business here. 

But in April 2017, Senator Dan Tehan was among a group of Liberal politicians who met an executive from Cambridge Analytica. In a brief statement issued on Monday, the Liberal Party said it was not using the firm.

With Reuters.

8 min read
Published 19 March 2018 at 8:05pm
By Kelsey Munro