19/03/2018: Millions of Facebook profiles 'mined illegally' by Cambridge Analytica
The personal data of 50 million Facebook users was leaked to a data analytics firm and used to help Donald Trump win the 2016 US presidential election, it has been claimed.
Cambridge Analytica used this information to build sophisticated software models in 2014 to target US voters with political advertising, according to a whistleblower who said he helped collect the data.
Facebook, which denied the incident amounted to a data breach, confirmed it knew about it in 2015 but didn't inform affected individuals or data protection regulators.
Whistleblower Christopher Wylie said he worked with a Cambridge University academic to collect user data via a third-party Facebook app called thisisyourdigitallife.
Aleksandr Kogan created the app through his company Global Science Research (GSR) and worked with Cambridge Analytica to pay 270,000 Facebook users to take part in a personality test. They also agreed to have their data, such as their home city and Facebook 'likes', collected for academic use.
But then-Analytica employee Wylie told the Observer, which broke the story, that the app also collected data belonging to Facebook friends of the users who signed up to the quiz, producing a pool of data of tens of millions of people.
"We exploited Facebook to harvest millions of people's profiles," Wylie told the newspaper. "And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on."
Cambridge Analytica claimed it had deleted all the data shared by GSR when it discovered this information was collected in breach of Facebook's terms of service and had no reason to believe the data was obtained illegally.
"In 2014, we contracted a company led by a seemingly reputable academic at an internationally-renowned institution to undertake a large scale research project in the United States," its statement read.
"No data from GSR was used by Cambridge Analytica as part of the services it provided to the Donald Trump 2016 presidential campaign."
On the eve of the story breaking, Facebook said it has banned Cambridge Analytica from its platform.
In explaining its decision, Facebook said that while Kogan obtained people's data legitimately, by then sharing that information with Cambridge Analytica he had "lied" to the company and broken platform rules about not sharing such information with third-parties. Kogan maintains he acted legally and had a "close working relationship" with Facebook, the Guardian reports.
Facebook learned of this violation in 2015 and subsequently removed the app from its platform. It also "demanded certifications" from Kogan, Wylie and Cambridge Analytica that they had deleted the data.
However, while Wylie said he received a letter from Facebook lawyers in August 2016 to this effect, he claimed they never followed up to verify the data was deleted.
"That to me was the most astonishing thing," he said. "They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back."
The social network also failed to report the leak of data to the affected users or to US state regulators, because it claimed the event was not a data breach.
Facebook said: "Several days ago, we received reports that, contrary to the certifications we were given, not all data was deleted. We are moving aggressively to determine the accuracy of these claims.
"If true, this is another unacceptable violation of trust and the commitments they made. We are suspending SCL/Cambridge Analytica, Wylie and Kogan from Facebook, pending further information."
UK data protection regulator the Information Commissioner's Office is already conducting an investigation into the use of personal data in political campaigns and confirmed it's looking into this incident as part of the investigation.
"Our investigation into the use of personal data for political campaigns, includes the acquisition and use of Facebook data by SCL [Strategic Communication Laboratories, which is affiliated with Cambridge Analytica], Doctor Kogan and Cambridge Analytica," said information commissioner Elizabeth Denham.
"This is a complex and far-reaching investigation for my office and any criminal or civil enforcement actions arising from it will be pursued vigorously."
Damian Collins MP, chair of the Digital, Culture, Media and Sport Committee, accused Cambridge Analytica CEO Alexander Nix of misleading the committee when he told the committee while giving evidence last month that his firm had not received any data from GSR.
Collins said: "It seems clear that he has deliberately mislead (sic) the committee and Parliament by giving false statements. We will be contacting Alexander Nix next week asking him to explain his comments, and answer further questions relating to the links between GSR and Cambridge Analytica, and its associate companies."
The committee will also demand that Facebook CEO Mark Zuckerberg, or someone similarly senior, attends the committee to answer questions about the incident.
Main image credit: Shutterstock
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
IBM: Data governance for data-driven organizationswhitepaper Master your data management
-
P2PInfect self-replicating Rust worm discovered attacking Redis instancesNews Researchers believe that the worm could be laying the groundwork for a larger campaign to be launched at some point in the future
-
Redefining modern enterprise storage for mission-critical workloadsWhitepaper Evolving technology to meet the mission-critical needs of the most demanding IT environments
-
MWC 2023: Huawei launches 'world's best' ransomware detection systemNews Huawei claims its Cyber Engine database security system has a 99.9% detection rate, but experts have been quick to weaken the sentiment
-
Dutch hacker steals data from virtually entire population of AustriaNews The data was stolen from a misconfigured cloud database found by the attacker through a search engine
-
Latest Meta GDPR fine brings 12-month total to more than €1 billionNews Meta was issued with two hefty GDPR fines for “forcing” users to consent to data processing
-
IRS mistakenly publishes 112,000 taxpayer records for the second timeNews A contractor is thought to be responsible for the error, with the agency reportedly reviewing its relationship with Accenture
-
"Unacceptable" data scraping lands Meta a £228m data protection fineNews The much-awaited decision follows the scraping of half a billion users' data and received unanimous approval from EU regulators
