DC on T2

Capitol Corner — March

DC-CapitolCorner

Published monthly as part of the FLC’s DC Perspective content, Capitol Corner focuses on one notable news item pertaining to the T2 community. The focus stems from agency publications, news sites, and DC-central organizations, with original sources, contacts, and links provided. For more information and Corner-related inquiries, please contact dcnews@federallabs.org.

Facebook, Cambridge Analytica, and Data Thievery: An Introduction

Just last week, social media giant Facebook found itself tangled in a controversy involving users’ data being breached and collected for use without their consent. To understand this complex and troubling situation, there are intersecting timelines that need to be considered before the whole picture can come to light. Both sides are withholding information, and that’s only the beginning.

Events According to Facebook’s Mark Zuckerberg

Facebook founder and CEO Mark Zuckerberg published a statement on behalf of the company and explained the platform features that caused this mass exposure of personal information. In 2007, the Facebook Platform was launched with a portfolio of social applications to integrate a user’s experiences with their friends’. In 2013, Cambridge University research Aleksandr Kogan created a personality quiz completed by around 300,000 users. Due to a platform loophole, Kogan not only was able to mine data from those accounts, but also data from each of those users’ friend networks—without their knowledge. Zuckerberg claims the quiz netted “tens of millions” of data points from Facebook Platform users. In 2014, Facebook retooled its Platform to limit what user data was shared with third-party developers, but Facebook was informed that Kogan shared his quiz result data with Cambridge Analytica (CA) a year later. Despite Facebook’s demands that CA delete the redistributed information, it was found not to have done so. Kogan and CA have since been banned from the service, but only after CA used social media as part of its digital strategy for the Trump campaign.

Events According to Cambridge Analytica                     

CA offered a different timeline in an online news release, but like with Facebook, the issues began in 2013. Other parallels to Zuckerberg’s timeline include Facebook’s demand to delete its data in December 2015, but the rest opens how the controversy entered the public arena.

SCL Elections, the U.K.-based company that became CA after ex-Trump strategist Steve Bannon joined as vice president, also hired Christopher Wylie at the start of the relaunch. Wylie recently testified in the U.K. Parliament about CA’s acquisition of this Facebook data and its role in the Trump campaign. (CA is also under fire for its involvement in Brexit.) In an earlier testimony, Wylie confirmed that CA paid for Kogan’s harvested information as part of a “research project” with his company, GSR, in May 2014. CA received a request from GSR to verify that all of its licensed Facebook data was deleted in July 2016, took legal action against Kogan a month later for the illegal data acquisition, and reached a settlement in November in time for the presidential election. CA’s role in the election deserves its own small deliberation as well.

American Politics and Cambridge Analytica – From Across the Pond

Wylie’s whistleblower alerted the Information Commissioner’s Office (ICO) earlier this month. ICO previously and comprehensively audited CA for processing Facebook data on American users in the U.K. CA was ultimately hired to oversee the Trump campaign, but using that foreign data was illegal. Bannon received a warning that foreigners cannot be employed in U.S. political campaigns, as did company CEO Alexander Nix. To make matters more troubling, WikiLeaks founder Julian Assange confirmed that Nix tapped him for Hillary Clinton’s private emails. FBI Director Robert Mueller has also demanded that the company turn over campaign staff emails as part of his Russian interference investigation.

The Government’s Response: Slowly Building on Facebook, But What About CA?

Trump’s campaign and what it means for the future of American democracy grow thornier as details of CA’s involvement continue to emerge. With that said, the Federal Trade Commission (FTC) issued a statement about its open nonpublic investigation into Facebook’s data usage and privacy practices. (This isn’t just an American movement as India’s Ministry of Electronics and IT is requesting that Facebook divulge further information about this data breach past Zuckerberg’s timeline by April 7.) That’s only one player in this dangerous game, however. How is CA being taken care of while the investigation proceeds behind closed doors?

Unfortunately, CA—specifically its predecessor SCL—has a defense contract with the State Department and its Global Engagement Center (GEC). The Center was created by the Obama administration in 2016 as a defense against ISIS propaganda through targeted social media messaging. As NextGov reports, a State Department spokesperson claims as “SCL … is a major company in the field of research and analytics,” its data fluency could be invaluable to digital counterterrorism. (GEC director Michael Lumpkin said the data came from information used to enhance Facebook ad campaigns and not the same avenues obtained from Kogan’s loophole.) As the contract is still in progress, SCL’s continued work poses questions about how the government currently has a split reaction to this controversy, particularly with CA’s involvement. 

While the FTC investigation is in its infancy—the statement was posted only days ago—the potential solutions have been from outside opinion. Franklin Foer, writing for NextGov, calls for the creation of a Data Protection Authority. This hypothetical body would function similarly to how the Environmental Protection Agency stands to safeguard the environment from unregulated human use. The regulated parties in the name of Data Protection would be companies and their privacy settings, making surveillance and data collection an opt-in service, rather than an unspoken certainty.

Until the FTC emerges with new details and the State Department acts against CA, the resolution of this situation seems unclear. For now, government agencies monitoring this news item should verify the sources, purposes, and usages of citizen data to avoid another international complication like this.

Category: 
DC on T2