What has Facebook allowed to happen with our data?

In a newly released report, it appears the Trump-linked data firm, Cambridge Analytica, was able to gather the personal information of over 50 million Facebook users, without their permission.

The company is owned by wealthy Republican donor Robert Mercer, and was once headed up by former White House chief strategist Steve Bannon.

In a story in The Guardian, it’s revealed how a whistleblower has come forward to spill the beans on just what the company was up to, and how they used our information to build profiles of voters.

Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer: “We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.”

Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals.

Thanks a lot, Zuckerberg.

The data was collected through an app called thisisyourdigitallife, built by academic Aleksandr Kogan, separately from his work at Cambridge University. Through his company Global Science Research (GSR), in collaboration with Cambridge Analytica, hundreds of thousands of users were paid to take a personality test and agreed to have their data collected for academic use.

However, the app also collected the information of the test-takers’ Facebook friends, leading to the accumulation of a data pool tens of millions-strong. Facebook’s “platform policy” allowed only collection of friends’ data to improve user experience in the app and barred it being sold on or used for advertising.

On Friday, Facebook suspended Cambridge Analytica, as well as Kogan from the site.

This, of course, was 2 years after the initial report of the data breach. A request for information from the media about 4 days before may have precipitated the move.

Facebook’s UK policy director, Simon Milner insists that if they have the data of Facebook users, it’s not because it was provided to them by Facebook.

Also, Cambridge Analytica’s chief executive, Alexander Nix, has insisted that they do not use private Facebook data.

So where did it come from?

Wylie, a Canadian data analytics expert, who worked with Cambridge Analytica and Kogan to devise and implement the scheme, showed a dossier of evidence about the data misuse to the Observer which appears to raise questions about their testimony. He has passed it to the National Crime Agency’s cybercrime unit and the Information Commissioner’s Office. It includes emails, invoices, contracts and bank transfers that reveal more than 50 million profiles – mostly belonging to registered US voters – were harvested from the site in one of the largest ever breaches of Facebook data.

Kogan is an associate professor at St. Petersburg University, and has received grants from Russia to research the emotional state of Facebook users. Just an FYI.

Facebook on Friday said that it was also suspending Wylie from accessing the platform while it carried out its investigation, despite his role as a whistleblower.

So what kind of evidence does Wylie have?

Well, he’s got a 2016 letter from Facebook’s lawyers, asking him to destroy any data he was holding onto that was leftover from GSR’s harvesting of profile information.

 “Because this data was obtained and used without permission, and because GSR was not authorised to share or sell it to you, it cannot be used legitimately in the future and must be deleted immediately,” the letter said.

And then, they did nothing. There was no follow-up to assure the information was deleted.

It’s being called a “data breach,” and one of some significance, but Facebook is quick to point out that it’s not a data breach, but rather, Kogan and Cambridge Analytica “gained access to this information in a legitimate way and through the proper channels” but “did not subsequently abide by our rules” because he passed the information on to third parties.

So how does it work?

Kogan and his colleagues studied the profiles of Facebook users and used them to determine personality and political leanings.

Cambridge Analytica spent nearly $1m on data collection, which yielded more than 50 million individual profiles that could be matched to electoral rolls. It then used the test results and Facebook data to build an algorithm that could analyse individual Facebook profiles and determine personality traits linked to voting behaviour.

They used that information to craft the language for political gain.

“The ultimate product of the training set is creating a ‘gold standard’ of understanding personality from Facebook profile information,” the contract specifies. It promises to create a database of 2 million “matched” profiles, identifiable and tied to electoral registers, across 11 states, but with room to expand much further.

At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential US voters. Yet when asked by MPs if any of his firm’s data had come from GSR, Nix said: “We had a relationship with GSR. They did some research for us back in 2014. That research proved to be fruitless and so the answer is no.”

Cambridge Analytica are insisting that the contract they had with GSR stipulates that Kogan first seek consent for data collection.

They’re further insisting that none of the data was used in the 2016 election.

Maybe.

What we also know about these moves is that special counsel Robert Mueller has requested to see the emails between the Trump campaign and Cambridge Analytica.