Cambridge Analytica Claim To Sway Elections With Facebook Data

Uploaded on 2018-03-21 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Facebook data was contorted without user consent to put a candidate in the White House. That's not today's news, it happened in 2012. That Cambridge Analytica obtained scraped Facebook data for political campaigning wasn't revealed last weekend, it was first published in 2015. 

This week, headlines centre on Cambridge Analytica, Trump and Brexit, revealed data from Facebook was passed via a third-party researcher and used to target individuals en masse with "psychological warfare" during the US election. Cambridge Analytica has denied the allegations, while Facebook booted both Cambridge Analytica and whistleblower Chris Wiley from its platform. 

The news is shocking, though familiar. A story about an American politician turning to Cambridge Analytica for campaign help using data hoovered up in questionable fashion from Facebook was published back in 2015, before Trump and before Brexit. Facebook said at the time it was "carefully investigating".

Clearly not carefully enough. More than two years later Facebook representatives were reportedly spotted in Cambridge Analytica's offices, trying to "secure" data while the Information Commissioner sought a warrant for a raid. So what took so long? 

"The essence of the story really isn’t that different from what was revealed in 2015," says Eerke Boiten, professor in cyber security at De Montfort University. "Then, and throughout the last few years, there were always missing details and crucial denials that could sustain the idea that it was all a conspiracy theory, or boasting by the big egos of Cambridge Analytica."

Thanks to tenacious reporting and the decision of former Cambridge Analytica employee-cum-whistleblower Wylie’s decision to go public, the story has finally been cracked open, with data watchdog raids, rumblings from MPs about hearings, share price falls and Facebook's chief information security officer suddenly departing. 

At the start of this year, Facebook founder Mark Zuckerberg admitted that the social network “make too many errors enforcing our policies and preventing misuse of our tools” and made it his priority to do better. And yet, throughout this week’s scandal, Zuckerberg had remained silent.

"With the developments since then, and the investigations that have taken place either side of the Atlantic, we’ve now had so much smoke that there really must be a fire," says Boiten. 

Add that to the dramatic Trump and Brexit results, regardless of how you view the outcome, as well as investigations into Russian influence, and, Boiten says, the fact "nobody has any illusions about good intentions of Steve Bannon or Robert Mercer anymore," and it's no wonder we're finally paying attention. 

Privacy campaigners finally have a story that shows how dangerous the misuse of our data can be.

"It was only a matter of time for some profiling application to turn up that the public would find unacceptable," says Boiten. 

"Last year it briefly looked to be wealth screening of charity donors. Personalised price discrimination based on perceived wealth and buying habits was also a long standing candidate, or the setting of very precise life insurance premiums based on health data profiling. Turned out it was social media manipulation around elections, then."

If only we'd listened to privacy activists and data-rights campaigners sooner, they've been warning us for years.

The Digital Canary
The capture of Facebook data for political ends didn't start with Cambridge Analytica. In 2012 a story about "Obama for America", as his re-election team was called, and a Facebook app it created to boost the campaign. The app was the work of Blue State Digital, which had worked on Obama's first presidential run; Blue State Digital’s founder Joe Rospar was Obama's chief digital strategist. The aim was to use people’s Facebook friends to convince them to vote for Obama. 

To do that, the app asked Facebook followers if it could access your friends data, allowed under Facebook's terms at the time but banned in 2014. That data was used for funding requests and ads, but also to help identify which of supporters' friends were dithering on the election, so they could be targeted by their own Facebook friends. 

You're more likely to listen to your friends, the argument went, than any campaign manager. Back then, Facebook was a digital darling, but the idea that it allowed third parties to access people’s data without their direct consent now seems ludicrous.

"Understanding that a message from a friend is more trusted and effective, the program matched undecided voters in swing states within supporters’ networks, and provided them with a simple yet powerful way to share voting information," the Blue State Digital website explains. 

"The peer-to-peer messages boosted target audience reach by 400 per cent and increased completion rates for important actions like registering to vote by 40 per cent."

This is a far cry from what Cambridge Analytica stands accused of; Blue State's data was collected and used legally with consent, the messages clearly came from Obama's campaign, and there were no attempts to use psychometric analysis. Yet even then it still raised prescient questions from privacy activists. 

At the time, Jeff Chester of the digital advertising watchdog Center for Digital Democracy, said Blue State Digital’s technology was "beyond J Edgar Hoover's dream. In its rush to exploit the power of digital data to win re-election, the Obama campaign appears to be ignoring the ethical and moral implications."

Cambridge Analytica appears to have taken the idea of using Facebook to persuade citizens and run to hell and back with it.

What's more convincing than your friends armed with a few facts and memes from campaign central command? Propaganda tuned to your individual psychological quirks. Rather than legally acquire Facebook data to encourage supporters to share a few facts, links or videos to convince friends or encourage voter turnout, Cambridge Analytica allegedly acquired the data through a researcher who broke Facebook’s terms and UK data laws in order to build what Wylie describes as a "psychological warfare mindfuck tool" and "a full service propaganda machine".

Wylie says Cambridge Analytica tried to understand what kinds of messaging would change a person's mind, be it the right topic or tone, such as scary or warm, and then use a team of designers and developers to create that content as websites, blogs or other sources. 

"We will create content on the internet for them to find," he says. Those posts and blogs would have seemed organic and authentic, but they weren't. Cambridge Analytica denies it used Facebook data in the Trump campaign. 

Why don't we Listen?
Why did we wait for electoral carnage before heeding the warnings from privacy experts and investigative journalists? Privacy campaigners have been warning against this for years.  The Wall Street Journal reported on political data mining as early 2010, The Intercept laid out details of political data mining firms in 2016 and the Daily Mail asked in 2014 if Facebook could "swing an election." All those warnings and many more, before Cambridge Analytica was even formed, were all ignored. 

Cambridge Analytica has been the subject of repeated stories for years. In 2015 it made news with the story described above, detailing the use of scraped Facebook data on Ted Cruz's candidacy campaign.  Christopher Soghoian, chief technologist of the American Civil Liberties Union, said the news was "troubling" and Facebook claimed at the time it was "carefully investigating the situation." It took two years for anyone to fully appreciate what was going on.

Boiten believes the public and activists focused too much on keeping data private, rather than how private data could be abused. "The big data protection stories, and in the UK, fines, have been about information leaking and being sold, for example in data breaches," he says. 

At the start of this week, the first round of headlines on the latest Cambridge Analytica scoop highlighted a breach, sparking arguments on semantics. The idea of "privacy as control" also gained some traction, with even Boiten arguing that "the precise use of Facebook privacy settings to share particular things with particular audiences is a triumph of privacy-as-control". However, he notes that it hasn't been well explained how data could be used against people; while we were warned that Facebook could "swing an election" or predict sensitive characteristics, we didn't understand what that meant for us. 
"The dimension of privacy that has proved hardest to catch is the use of, possibly innocuous-seeming, personal data against people," he says. We've got one heck of a case study now, at least, the slimmest of silver linings on this debacle. 

What about Facebook?
We've heard ad nauseum that on Facebook we're not the customers but the product. We all know Facebook is designed to collect data on its users, massage it for preferences, and try to influence us, that's behavioural advertising, after all. Will the association with Cambridge Analytica and the clear view of the danger of data misuse convince us to change our promiscuity with data sharing? Aral Balkan, privacy activist and developer of the Better anti-tracking tool, doesn't think we'll smarten up and ditch Facebook. "People are still more worried that a third-party company like Cambridge Analytica used Facebook’s data instead of what they should actually be worried about: that Facebook had that data to begin with," he says

"Cambridge Analytica and Facebook have the same business model," says Balkan. "If Cambridge Analytica can sway elections and referenda with a relatively small subset of Facebook’s data, imagine what Facebook can and does do with the full set."

If that doesn't alarm you, you haven't been paying attention. Not enough of us have, but it's time to start.

Wired

You Might Also Read:

How AI Has Conquered Democracy:

Millions Of Facebook Profiles Were ‘Harvested’  In US Election Breach:

You Probably Don’t Know All the Ways Facebook Tracks You:
 

 

« About Strategic Threat Intelligence
Slingshot: Avoiding Sophisticated Cyber Espionage »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ID-SIRTII/CC

ID-SIRTII/CC

Security Incident Response Team for Internet Infrastructure in Indonesia.

ThetaRay

ThetaRay

ThetaRay’s solution for Industrial cyber security protects against unknown cyber-attacks that target industry and critical infrastructure.

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

KeyXentic

KeyXentic

KeyXentic Inc. is a professional mobile and data security service provider. We are devoted to design convenient and strong security for user’s data protection and privacy without any compromise.

Voxility

Voxility

Voxility provides Infrastructure-as-a-Service in the biggest Internet hubs in the world.

neoEYED

neoEYED

neoEYED helps banks and fintech to detect and prevent frauds using a Behavioral AI that recognizes the users just by looking at “how” they interact with the applications.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

Crosspoint Capital Partners

Crosspoint Capital Partners

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity and privacy sectors.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

Harrison Clarke

Harrison Clarke

Harrison Clarke is a leading staffing and recruiting firm in the Cloud, Cybersecurity, Data & AI space.

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

ABPCyber

ABPCyber

ABPCyber offers holistic cybersecurity solutions spanning DevSecOps, advisory and consultancy, designing and integration, managed operations, and cybersecurity investment optimization.