Cambridge Analytica: ICO seeks warrant to raid London offices

Cambridge Analytica: ICO seeks warrant to raid London offices

Offshore Technology International -
Controversial data mining firm fails to respond to ICO's demand to access records

The UK's data privacy watchdog is seeking a warrant to raid Cambridge Analytica's London headquarters in order to investigate allegations that the company illegally harvested the information of 50 million Facebook profiles.

The Information Commissioner's Office (ICO) confirmed to IT Pro this morning that it is seeking an urgent warrant following the company's failure to comply with its request on 7 March for access to its databases and records.

'Cambridge Analytica has not responded to the commissioner by the deadline provided; therefore, the information commissioner is seeking a warrant to obtain information and access to systems and evidence related to her investigation,' an ICO spokesman said.

The news follows an exposé by the Observer that claimed Cambridge Analytica had used the Facebook data of more than 50 million people in order to build a powerful predictive analytics algorithm that could accurately predict political preferences, sexuality and other personal traits.

It has also emerged that Facebook was in the process of conducting its own internal investigation into Cambridge Analytica's actions separately to the ICO, which it ceased yesterday at the regulator's behest. Damian Collins, chair of the culture select committee, expressed doubt as to Facebook's motives in conducting its own investigation, telling the BBC that 'This is a matter for the authorities'.

'The concern would have been, were they removing information or evidence which could have been vital to the investigation? It's right they stood down but it's astonishing they were there in the first place.'

Facebook is planning an open meeting today, to let staff grill the company's management on the unfolding incident. According to the Verge, the meeting will be led by Facebook deputy general counsel Paul Grewal, who will give staff background information on the case and field questions from staff.

It will mark the first time that staff have had an official opportunity to ask questions of the company's leadership since the scope of Cambridge Analytica's use of Facebook data was publicly revealed - although Facebook has admitted it was aware of the issue in 2015, a year after it happened.

The meeting is planned to last just half an hour, and an employee told the Verge that the move felt like a temporary solution to buy time until Friday's all-hands meeting where founder and CEO Mark Zuckerberg - who has thus far been silent on the issue - is expected to address employees. Collins has called on Zuckerberg or a senior Facebook executive to give evidence to his Parliamentary committee on the scandal.

To understand what the Cambridge Analytica and Facebook scandal is all about, read our explainer.

Facebook maintains that this is not a data breach in the traditional sense, and is instead a misuse of legitimately-obtained data. Security expert Graham Cluley agreed with the assessment, but said it shows fundamental issues with Facebook's design. 'From Facebook's point of view, it's not a traditional data breach,' he told IT Pro. 'That's because this is how Facebook was designed, and many apps over the years have scooped up users' information and (privacy settings permitting) those of their friends as well.'

'Hundreds of millions of times every day Facebook hones the content it displays to you based on what it has determined you are interested in, who you are, and what it thinks will be most effective. So, it's not that different from what Cambridge Analytica does with the same access to the data,' he added.

'None of this is news. Facebook has been working this way for years. The only way to reduce your exposure is to refuse to play Facebook's game and not be a member of the site. If you can't bring yourself to leave, at the very least lock down your privacy settings and reduce the level of information that you share.'

Cambridge Analytica's CEO, Alexander Nix, was also caught in an undercover sting by Channel 4, which recorded Nix seemingly bragging about using ex-intelligence operatives, micro-targeted propaganda and 'honeypot' traps to influence elections and other political proceedings.

'We’re used to operating through different vehicles, in the shadows, and I look forward to building a very long-term and secretive relationship with you,' Nix told undercover reporters posing as potential clients in an initial phone call.

'We have two projects at the moment, which involve doing deep, deep depth research on the opposition and providing... really damaging source material, that we can decide how to deploy in the course of the campaign,' he said as part of a later meeting recorded by Channel 4.

Cambridge Analytica denied that it uses any of the methods alleged by the investigation, and stated that it was simply 'humouring' the potential client.

Controversial data mining firm fails to respond to ICO's demand to access records
Millions of Facebook profiles 'mined illegally' by Cambridge Analytica

The personal data of 50 million Facebook users was leaked to a data analytics firm and used to help Donald Trump win the 2016 US presidential election, it has been claimed.

Cambridge Analytica used this information to build sophisticated software models in 2014 to target US voters with political advertising, according to a whistleblower who said he helped collect the data.

Facebook, which denied the incident amounted to a data breach, confirmed it knew about it in 2015 but didn't inform affected individuals or data protection regulators.

Whistleblower Christopher Wylie said he worked with a Cambridge University academic to collect user data via a third-party Facebook app called thisisyourdigitallife.

Aleksandr Kogan created the app through his company Global Science Research (GSR) and worked with Cambridge Analytica to pay 270,000 Facebook users to take part in a personality test. They also agreed to have their data, such as their home city and Facebook 'likes', collected for academic use.

But then-Analytica employee Wylie told the Observer, which broke the story, that the app also collected data belonging to Facebook friends of the users who signed up to the quiz, producing a pool of data of tens of millions of people.

'We exploited Facebook to harvest millions of people's profiles,' Wylie told the newspaper. 'And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.'

Cambridge Analytica claimed it had deleted all the data shared by GSR when it discovered this information was collected in breach of Facebook's terms of service and had no reason to believe the data was obtained illegally.

'In 2014, we contracted a company led by a seemingly reputable academic at an internationally-renowned institution to undertake a large scale research project in the United States,' its statement read.

'No data from GSR was used by Cambridge Analytica as part of the services it provided to the Donald Trump 2016 presidential campaign.'

On the eve of the story breaking, Facebook said it has banned Cambridge Analytica from its platform.

In explaining its decision, Facebook said that while Kogan obtained people's data legitimately, by then sharing that information with Cambridge Analytica he had 'lied' to the company and broken platform rules about not sharing such information with third-parties. Kogan maintains he acted legally and had a 'close working relationship' with Facebook, the Guardian reports.

Facebook learned of this violation in 2015 and subsequently removed the app from its platform. It also 'demanded certifications' from Kogan, Wylie and Cambridge Analytica that they had deleted the data.

However, while Wylie said he received a letter from Facebook lawyers in August 2016 to this effect, he claimed they never followed up to verify the data was deleted.

'That to me was the most astonishing thing,' he said. 'They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back.'

The social network also failed to report the leak of data to the affected users or to US state regulators, because it claimed the event was not a data breach.

Facebook said: 'Several days ago, we received reports that, contrary to the certifications we were given, not all data was deleted. We are moving aggressively to determine the accuracy of these claims.

'If true, this is another unacceptable violation of trust and the commitments they made. We are suspending SCL/Cambridge Analytica, Wylie and Kogan from Facebook, pending further information.'

UK data protection regulator the Information Commissioner's Office is already conducting an investigation into the use of personal data in political campaigns and confirmed it's looking into this incident as part of the investigation.

'Our investigation into the use of personal data for political campaigns, includes the acquisition and use of Facebook data by SCL [Strategic Communication Laboratories, which is affiliated with Cambridge Analytica], Doctor Kogan and Cambridge Analytica,' said information commissioner Elizabeth Denham.

'This is a complex and far-reaching investigation for my office and any criminal or civil enforcement actions arising from it will be pursued vigorously.'

Damian Collins MP, chair of the Digital, Culture, Media and Sport Committee, accused Cambridge Analytica CEO Alexander Nix of misleading the committee when he told the committee while giving evidence last month that his firm had not received any data from GSR.

Collins said: 'It seems clear that he has deliberately mislead (sic) the committee and Parliament by giving false statements. We will be contacting Alexander Nix next week asking him to explain his comments, and answer further questions relating to the links between GSR and Cambridge Analytica, and its associate companies.'

The committee will also demand that Facebook CEO Mark Zuckerberg, or someone similarly senior, attends the committee to answer questions about the incident.

You can write your opinion

No comment posted.