Cambridge Analytica Claim To Sway Elections With Facebook Data

Facebook data was contorted without user consent to put a candidate in the White House. That's not today's news, it happened in 2012. That Cambridge Analytica obtained scraped Facebook data for political campaigning wasn't revealed last weekend, it was first published in 2015. 

This week, headlines centre on Cambridge Analytica, Trump and Brexit, revealed data from Facebook was passed via a third-party researcher and used to target individuals en masse with "psychological warfare" during the US election. Cambridge Analytica has denied the allegations, while Facebook booted both Cambridge Analytica and whistleblower Chris Wiley from its platform. 

The news is shocking, though familiar. A story about an American politician turning to Cambridge Analytica for campaign help using data hoovered up in questionable fashion from Facebook was published back in 2015, before Trump and before Brexit. Facebook said at the time it was "carefully investigating".

Clearly not carefully enough. More than two years later Facebook representatives were reportedly spotted in Cambridge Analytica's offices, trying to "secure" data while the Information Commissioner sought a warrant for a raid. So what took so long? 

"The essence of the story really isn’t that different from what was revealed in 2015," says Eerke Boiten, professor in cyber security at De Montfort University. "Then, and throughout the last few years, there were always missing details and crucial denials that could sustain the idea that it was all a conspiracy theory, or boasting by the big egos of Cambridge Analytica."

Thanks to tenacious reporting and the decision of former Cambridge Analytica employee-cum-whistleblower Wylie’s decision to go public, the story has finally been cracked open, with data watchdog raids, rumblings from MPs about hearings, share price falls and Facebook's chief information security officer suddenly departing. 

At the start of this year, Facebook founder Mark Zuckerberg admitted that the social network “make too many errors enforcing our policies and preventing misuse of our tools” and made it his priority to do better. And yet, throughout this week’s scandal, Zuckerberg had remained silent.

"With the developments since then, and the investigations that have taken place either side of the Atlantic, we’ve now had so much smoke that there really must be a fire," says Boiten. 

Add that to the dramatic Trump and Brexit results, regardless of how you view the outcome, as well as investigations into Russian influence, and, Boiten says, the fact "nobody has any illusions about good intentions of Steve Bannon or Robert Mercer anymore," and it's no wonder we're finally paying attention. 

Privacy campaigners finally have a story that shows how dangerous the misuse of our data can be.

"It was only a matter of time for some profiling application to turn up that the public would find unacceptable," says Boiten. 

"Last year it briefly looked to be wealth screening of charity donors. Personalised price discrimination based on perceived wealth and buying habits was also a long standing candidate, or the setting of very precise life insurance premiums based on health data profiling. Turned out it was social media manipulation around elections, then."

If only we'd listened to privacy activists and data-rights campaigners sooner, they've been warning us for years.

The Digital Canary
The capture of Facebook data for political ends didn't start with Cambridge Analytica. In 2012 a story about "Obama for America", as his re-election team was called, and a Facebook app it created to boost the campaign. The app was the work of Blue State Digital, which had worked on Obama's first presidential run; Blue State Digital’s founder Joe Rospar was Obama's chief digital strategist. The aim was to use people’s Facebook friends to convince them to vote for Obama. 

To do that, the app asked Facebook followers if it could access your friends data, allowed under Facebook's terms at the time but banned in 2014. That data was used for funding requests and ads, but also to help identify which of supporters' friends were dithering on the election, so they could be targeted by their own Facebook friends. 

You're more likely to listen to your friends, the argument went, than any campaign manager. Back then, Facebook was a digital darling, but the idea that it allowed third parties to access people’s data without their direct consent now seems ludicrous.

"Understanding that a message from a friend is more trusted and effective, the program matched undecided voters in swing states within supporters’ networks, and provided them with a simple yet powerful way to share voting information," the Blue State Digital website explains. 

"The peer-to-peer messages boosted target audience reach by 400 per cent and increased completion rates for important actions like registering to vote by 40 per cent."

This is a far cry from what Cambridge Analytica stands accused of; Blue State's data was collected and used legally with consent, the messages clearly came from Obama's campaign, and there were no attempts to use psychometric analysis. Yet even then it still raised prescient questions from privacy activists. 

At the time, Jeff Chester of the digital advertising watchdog Center for Digital Democracy, said Blue State Digital’s technology was "beyond J Edgar Hoover's dream. In its rush to exploit the power of digital data to win re-election, the Obama campaign appears to be ignoring the ethical and moral implications."

Cambridge Analytica appears to have taken the idea of using Facebook to persuade citizens and run to hell and back with it.

What's more convincing than your friends armed with a few facts and memes from campaign central command? Propaganda tuned to your individual psychological quirks. Rather than legally acquire Facebook data to encourage supporters to share a few facts, links or videos to convince friends or encourage voter turnout, Cambridge Analytica allegedly acquired the data through a researcher who broke Facebook’s terms and UK data laws in order to build what Wylie describes as a "psychological warfare mindfuck tool" and "a full service propaganda machine".

Wylie says Cambridge Analytica tried to understand what kinds of messaging would change a person's mind, be it the right topic or tone, such as scary or warm, and then use a team of designers and developers to create that content as websites, blogs or other sources. 

"We will create content on the internet for them to find," he says. Those posts and blogs would have seemed organic and authentic, but they weren't. Cambridge Analytica denies it used Facebook data in the Trump campaign. 

Why don't we Listen?
Why did we wait for electoral carnage before heeding the warnings from privacy experts and investigative journalists? Privacy campaigners have been warning against this for years.  The Wall Street Journal reported on political data mining as early 2010, The Intercept laid out details of political data mining firms in 2016 and the Daily Mail asked in 2014 if Facebook could "swing an election." All those warnings and many more, before Cambridge Analytica was even formed, were all ignored. 

Cambridge Analytica has been the subject of repeated stories for years. In 2015 it made news with the story described above, detailing the use of scraped Facebook data on Ted Cruz's candidacy campaign.  Christopher Soghoian, chief technologist of the American Civil Liberties Union, said the news was "troubling" and Facebook claimed at the time it was "carefully investigating the situation." It took two years for anyone to fully appreciate what was going on.

Boiten believes the public and activists focused too much on keeping data private, rather than how private data could be abused. "The big data protection stories, and in the UK, fines, have been about information leaking and being sold, for example in data breaches," he says. 

At the start of this week, the first round of headlines on the latest Cambridge Analytica scoop highlighted a breach, sparking arguments on semantics. The idea of "privacy as control" also gained some traction, with even Boiten arguing that "the precise use of Facebook privacy settings to share particular things with particular audiences is a triumph of privacy-as-control". However, he notes that it hasn't been well explained how data could be used against people; while we were warned that Facebook could "swing an election" or predict sensitive characteristics, we didn't understand what that meant for us. 
"The dimension of privacy that has proved hardest to catch is the use of, possibly innocuous-seeming, personal data against people," he says. We've got one heck of a case study now, at least, the slimmest of silver linings on this debacle. 

What about Facebook?
We've heard ad nauseum that on Facebook we're not the customers but the product. We all know Facebook is designed to collect data on its users, massage it for preferences, and try to influence us, that's behavioural advertising, after all. Will the association with Cambridge Analytica and the clear view of the danger of data misuse convince us to change our promiscuity with data sharing? Aral Balkan, privacy activist and developer of the Better anti-tracking tool, doesn't think we'll smarten up and ditch Facebook. "People are still more worried that a third-party company like Cambridge Analytica used Facebook’s data instead of what they should actually be worried about: that Facebook had that data to begin with," he says

"Cambridge Analytica and Facebook have the same business model," says Balkan. "If Cambridge Analytica can sway elections and referenda with a relatively small subset of Facebook’s data, imagine what Facebook can and does do with the full set."

If that doesn't alarm you, you haven't been paying attention. Not enough of us have, but it's time to start.

Wired

You Might Also Read:

How AI Has Conquered Democracy:

Millions Of Facebook Profiles Were ‘Harvested’  In US Election Breach:

You Probably Don’t Know All the Ways Facebook Tracks You:
 

 

« About Strategic Threat Intelligence
Slingshot: Avoiding Sophisticated Cyber Espionage »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

Israel Aerospace Industries (IAI)

Israel Aerospace Industries (IAI)

IAI offers a holistic approach that provides defense forces, governments, critical infrastructures and large enterprises with end-to-end cyber security & monitoring tools.

Introspective Networks

Introspective Networks

Introspective Networks (IN) is a Cybersecurity company focusing on securing data in the network and automating knowledge work to decrease vulnerability points to critical infrastructure.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

Savanti Consulting

Savanti Consulting

Savanti provides practitioner-led cyber security services tailored to meet each organisation’s unique requirements.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

Global Incubator Network Austria (GIN Austria)

Global Incubator Network Austria (GIN Austria)

GIN Austria is the connecting link between Austrian and international startups, investors, incubators and accelerators with a focus on selected hotspots in Asia.

KBR

KBR

To help governments and other agencies to combat cyber threats, KBR is safeguarding their most valuable systems with sophisticated tools, hardware and training.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

1Kosmos

1Kosmos

1Kosmos provide Digital Identity and Passwordless Authentication for workforce and customers. Powered by advanced biometrics and blockchain technology.

Brennan IT

Brennan IT

For over 25 years, Brennan’s expert team has helped businesses achieve real success through innovative and secure technology solutions.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.

Panasonic Automotive Systems

Panasonic Automotive Systems

Panasonic Automotive Systems brings together security technologies and human resources cultivated across an extensive range of businesses into the automotive field.