Showing posts with label big data. Show all posts
Showing posts with label big data. Show all posts
Friday 11 May 2018
File this under "Yet Another National Database" cross referenced wih "What Could Possibly Go Wrong?"
The
Sydney Morning Herald,
6 May 2018:
A massive breach of
Commonweath Bank data exposed last week has raised security fears around a new
national database of Australian bank customers, as Labor pushes for a
delay to part of the scheme's scheduled introduction in less than two months.
The database - set to go
live on July 1 - will include the details of every person who has taken
out a loan or a credit card, along with their repayment history.
The Mandatory
Comprehensive Credit Reporting scheme was a recommendation of the 2014
financial system inquiry and is designed to give lenders access to a
deeper, richer set of data to ensure loans are only being approved for
people who can afford to repay them.
The new requirements
will first apply to the Commonwealth Bank, ANZ Bank, Westpac and National
Australia Bank, given they account for up to 80 per cent of lending to
households.
But the collection of
sensitive data by private companies has raised concerns in the wake of several
high-profile data breaches, including the disappearance of 20 million
customers records from the Commonwealth Bank.
The Financial Rights
Legal Centre and the Consumer Action Law Centre claim the financial
details of millions of Australians will be vulnerable under the new scheme -
which includes positive and negative credit histories.
Financial Rights Legal
Centre policy officer Julia Davis said the development "was a major
intrusion into our financial privacy".
"I don’t think
Australians realise this is about to happen," she said.
The legislation states
all credit reporting bodies must store the information on a cloud service that
has been assessed by the Australian Signals Directorate. It also contains a
provision allowing banks to stop supplying customer data to credit providers
should there be a major security breach.
Ms Davis said the
oversight was welcome but the internal systems of credit reporting bodies
remained "completely opaque."
"Once that data
goes live in the one place you can't put the toothpaste back in the tube,"
she said.
Equifax, one of the
companies which will have access to the data, had its systems in the US hacked
last year, exposing the personal information of 143 million Americans and
triggering to the resignation of its chief executive.
It is also being sued by
consumer watchdog the Australian Competition and Consumer Commission over
allegations it misrepresented its product to consumers by asking them to pay
for their own credit histories which are usually available online for free.
The company's general
manager of external relations, Matthew Strassberg, said Equifax had "only
been a marquee above the door for six months," after the US giant took
over the Australian operation formerly known as Veda.
He said the credit
reporting business would provide "a 360 degree picture."
"A bank will have a
very deep insight into what they know of you," he told Fairfax Media.
Mr Strassberg said he
recognised that Australians were concerned about data security…..
Wednesday 9 May 2018
Is Telstra selling customer location data? Did it ever specifically request permission from account holders?
The
Sydney Morning Herald,
4 May 2018:
Telstra is making money
by on-selling location data from its customers' mobile phones in similar deals
to a partnership with the Bureau of Statistics that caused a public backlash
last week.
The Australian Bureau of
Statistics came under fire for partnering with the telco for a study in 2016,
which used mobile phone data showing how many people were in particular suburbs
hour by hour.
Similar data is now
available for a fee, after the Location Insights program was quietly launched
by the telco in July 2016. The Australian Bureau of Statistics was the first
licensee under the program, but has not used Telstra's Location Insights since
then.
Data available to
Telstra's clients can be broken down into 15 minute increments, and
demographics broken down by age groups and gender. The smallest geographic
areas available for analysis are the same as the Australian Bureau of
Statistics' smallest statistical area, which have an average population of 400
people and could have as few as 200 people.
In a video used to
spruik the service by Telstra, potential customers are listed as local
governments and transport companies. It’s not clear how many organisations have
used the service, or what the price tag is for such information.
“Imagine if you could
know what is happening in your community, region, or city hub, every 15
minutes,” a voiceover in the Youtube video promoting the program said.
“Telstra Location
Insights builds industry-specific metrics where data sets are used for
modelling purposes and then extrapolated to estimate for the entire
population,” a Telstra spokesman said.
“These metrics are
aggregated spatially and temporally before differential privacy and
k-anonymisation are both applied to completely anonymise the data.”
This explanation is not
accepted by senior lecturer at the University of Melbourne Vanessa Teague.
“In order to know
whether those things actually work, we need to see what the parameters are and
how they're applied to the data in order to be assured that they’re applied
correctly and they work,” Dr Teague said.
Dr Teague is chair of
the Cybersecurity and Democracy Network and was part of a team of researchers
who re-identified patient health records from Pharmaceutical Benefits Scheme
data that was released by the government.
“It's possible that
[anonymising the data] has been done correctly, it's also possible that they
think it’s been done correctly but they’re wrong. And really the only way to
assess that is to get a clear and detailed technical description of what
they've done,” Dr Teague said.
“If they've done it
right then there's no reason to be secretive about the details of what they’ve
done, if they’ve done it wrong then they are better off getting a genuine open
assessment of it so they can find out sooner rather than later.”
Telstra said the use of
the information was in line with its privacy statement, which states that
customers’ information could be shared with “our dealers, our related entities
or our business or commercial partners and other businesses we work with”.
Dr Teague is sceptical about that explanation. “Just because a company holds highly sensitive information about you doesn’t mean that that data is their property that they should then be able to turnaround and sell without asking you,” she said.
Now when I read Telstra's privacy statement I do not recall that it mentioned that it would be selling mobile phone location information in SA1 statistical level data bundles captured at 15 minute intervals (as mentioned in the news article) and, that those bundles could be used to create data sets which track an individual's movements over time in relatively fine detail.
Yamba in the Clarence Valley NSW is a quiet little town with a population of approx. 6,076 persons living in 3,820 dwellings spread across est. 16 SLA1 statistical levels and in over 100 even smaller statistical Mesh Blocks.
I suspect that many Yamba residents will not be happy with the idea that Telstra Corporation Limited will alllow their movements to be tracked and their daily habits predicted if an individual, private company, government agency or political party pays them for the town's mobile phone location data.
Monday 16 April 2018
In Febuary-March 2018 there were 63 Notifiable Data Breaches in Australia involving the personal information of up to 341,849 individuals
In the 2016–17 financial year, the Office of the Australian Information Commissioner (OAIC) reported that it received 114 data breach notifications on a voluntary basis.
On 22
February the Notifiable Data Breaches (NDB) scheme came into force.
Between 22
February and 31 March 2018 there were 63 mandatory notifiable data breaches reported involving the personal information of up to est. 341,849 individuals, with 55 of these breaches reported in March alone.
Of these breaches:
24 were
the result of criminal or malicious attack;
32 were
the result of human error;
2 were
system fault; and
1 was
classified as “Other”.
The type of personal information involved in the data breaches:
The type of personal information involved in the data breaches:
Three of
these data breaches involved the personal information of between 10,000 and 999,999 people in each instance.
At least
15 of the 63 data breached involved personal information held by “health service providers”. Health service providers are considered to be any organisation that provides a health service and holds health
information.
Every individual whose personal information was breached was supposed to be notified by the entity holding their information, however the OAIC Quarterly Statistics Report: January 2018 - March 2018 did not specifically state that this had occurred.
Every individual whose personal information was breached was supposed to be notified by the entity holding their information, however the OAIC Quarterly Statistics Report: January 2018 - March 2018 did not specifically state that this had occurred.
Labels:
big data,
data retention,
information technology,
privacy,
safety,
statistics
Wednesday 28 March 2018
Turns out that Facebook Inc is the biggest baddie of all on the Internet
“The
FTC is firmly and fully committed to using all of its tools to protect the
privacy of consumers. Foremost among these tools is enforcement action against
companies that fail to honor their privacy promises, including to comply with
Privacy Shield, or that engage in unfair acts that cause substantial injury to
consumers in violation of the FTC Act. Companies who have settled previous FTC
actions must also comply with FTC order provisions imposing privacy and data
security requirements. Accordingly, the FTC takes very seriously recent press
reports raising substantial concerns about the privacy practices of Facebook.
Today, the FTC is confirming that it has an open non-public investigation into
these practices.” [US Federal Trade Commission (FTC), Statement,
26 March 2018]
It may have been the Cambridge Analytica-Facebook situation as first set out by Carole Cadwalladr at The Guardian & The Observer (UK) that recently alerted the average Internet user to the issue of digital privacy on social media and, it was certainly the situation which caught the eye of the US Federal Trade Commission which is now investigating.
The story of that data harvest so far.....
The
Guardian UK,
25 March 2018:
The story of how those
data made the journey from Facebook’s servers to Cambridge Analytica’s is now
widely known. But it is also widely misunderstood. (Many people were puzzled,
for example, by Facebook’s vehement insistence that the exfiltration of a huge
trove of users’ data was not a “breach”.) The shorthand
version of what happened – that “a slug of Facebook data on 50 million
Americans was sucked down by a UK academic named Aleksandr Kogan, and wrongly
sold to Cambridge Analytica” – misses an important point, which is that in
acquiring the data in the first place Kogan was acting with Facebook’s
full knowledge and approval.
In 2013, he wrote an app
called “Thisisyourdigitallife” which offered users an online personality test,
describing itself as “a research
app used by psychologists”.
Approximately 270,000 people downloaded it and
in doing so gave their consent for Kogan to access information such as the city
they set on their profile, or content they had liked, as well as more limited
information about friends who had their privacy settings set to allow it. This
drew more than 50 million unsuspecting Facebook users into Kogan’s net.
The key point is that
all of this was allowed by the terms and conditions under which he was
operating. Thousands of other Facebook apps were also operating under similar
T&Cs – and had been since 2007, when the company turned its social
networking service into an application platform.
So Kogan was only a bit
player in the data-hoovering game: apps such as the insanely popular Candy
Crush, for example, were
also able to collect players’ public profiles, friends lists and email
addresses. And Facebook seemed blissfully indifferent to this open door because
it was central to its commercial strategy: the more apps there were on its
platform the more powerful the network effects would be and the more personal
data there would be to monetise.
That’s why the bigger
story behind the current controversy is the fact that what Cambridge
Analytica claimed to have accomplished would not have been possible
without Facebook. Which means that, in the end, Facebook poses the problem that
democracies will have to solve. [my yellow highlighting]
Now we find out that Facebook Inc is scraping information from Android devices such as mobile phones and adding phone logs to its Big Brother database.
Global
News, 25
March 2018:
In the same week Facebook found itself in
the middle of a massive data scandal, recent reports indicate that the social
media giant has also scraped records of phone calls and SMS data from its users
with Android devices without explicit permission.
New Zealand-based
software developer Dylan McKay tweeted earlier this week that upon downloading
his Facebook data in zip file (which is
an option for all users) he claims to have discovered records of phone
calls and a historical data of every contact on his phone., including contacts
he no longer had, from a period between 2016 and 2017.
Downloaded my facebook data as a ZIP file— Dylan McKay (@dylanmckaynz) March 21, 2018
Somehow it has my entire call history with my partner's mum pic.twitter.com/CIRUguf4vD
After he made the
discovery, McKay set up a Google poll to gather evidence from other users who’ve
been affected.
So far, just under 900
people have responded to the poll, and more than 20 per cent confirmed they
found call records and/or text metadata in their Facebook data archive. Another
74 people responded to the poll saying that MMS data was collected, 106 people
responded saying that SMS data was collected, and 104 responded saying that
cellular calls were collected.
The story was first
published by the tech news website Ars
Technica on Saturday, who interviewed several Facebook users, and had
a member of its staff download their Facebook data archive. Following, this,
the site could confirm that the data file downloaded by the staff member
contained call logs from a device that individual used between 2015 and 2016,
as well as SMS and MMS message data.
Several Global News
staff members also requested their data archives as well in the preparation of
this story and some found that the contact lists from their mobile devices were
recorded in the file. No one noted any text message or call logs in the data
files they downloaded.
Ars Technica reached out to Facebook for comment before the publication of its story, who said that the practice was a common one among social networking and messaging apps.
“The most important part
of apps and services that help you make connections is to make it easy to find
the people you want to connect with. So, the first time you sign in on your
phone to a messaging or social app, it’s a widely used practice to begin by
uploading your phone contacts.”
Following McKay’s
tweets, other users came out on social media expressing similar concerns about
what they discovered after downloading their data archives.
Oh wow my deleted Facebook Zip file contains info on every single phone cellphone call and text I made for about a year- cool totally not creepy.— Mat Johnson (@mat_johnson) March 23, 2018
I’ve just looked at the data files I requested from Facebook and they had every single phone number in my contacts. They had every single social event I went to, a list of all my friends (and their birthdays) and a list of every text I’ve sent.— Emma Kennedy (@EmmaKennedy) March 25, 2018
…In recent years, the
company has updated this process to clarify that when requesting access to your
contact list, it intends to access all call logs and SMS text messages as well,
but Android users in the past may have unknowingly given Facebook access to
this data. [my yellow highlighting]
It is also wise to remember that even Internet users who do not have a Facebook account have their PC or other digital device scanned for information each time they click on a link to Facebook.
Facebook image via ZDNet, 3 January 2014
ZDNet on 3 January 2014: By "content"
Facebook means “anything you or other users post on Facebook”. By
"information" Facebook means “facts and other information about you,
including actions taken by users and non-users who interact with Facebook”. [my yellow highlighting]
Nor should we ignore this report about Facebook's surreptitious activities.......
Law360
(March 2, 2018, 7:02 PM EST) -- A California federal judge held Friday that
Facebook can’t shake a proposed class action over its allegedly unlawful
collection and storage of non-users’ facial scans, declining to toss the matter
for lack of standing, just as he recently did in a related suit involving users
of the site.
U.S. District Judge James Donato rejected Facebook Inc.’s renewed motion to dismiss litigation led by Frederick William Gullen for lack of subject-matter jurisdiction, pointing to his Feb. 26 decision in a related proposed class action accusing the social media... [my yellow highlighting]
Then there is the lobbying to discourage federal regulation of Facebook.......
U.S. District Judge James Donato rejected Facebook Inc.’s renewed motion to dismiss litigation led by Frederick William Gullen for lack of subject-matter jurisdiction, pointing to his Feb. 26 decision in a related proposed class action accusing the social media...
Then there is the lobbying to discourage federal regulation of Facebook.......
According to SOCIAL MEDIA CASEROUNDUP (selected cases) in April 2015, by 2013 Facebook Inc had spent more than US$1 million on lobbying efforts to water down the US Children's
Online Privacy Protection Act (COPPA). It was particularly concerned about any change of status of third party "add ons"/"plug-ins" which might by default make platforms like Facebook legally liable for any harm to a minor/s which occurred, as well asbeing resistant to any increase in general protections for minors or any expanded definition of protected "personal information" being included in the Act.
Quartz, 22 March 2018:
Facebook
CEO Mark Zuckerberg said yesterday that the
company welcomes more regulation, particularly to bring transparency
to political advertising online. But in recent months, Facebook has been
quietly fighting lawmakers to keep them from passing an act that does exactly
that, campaign transparency advocates and Congressional staff tell Quartz.
The Honest Ads Act was introduced
last October to close a loophole that has existed since politicians
started advertising on the internet, and was expected by many to sail through
Congress. Coming as Congress investigated how Russia used tech companies to
influence the 2016 election, it was considered by many in Washington DC to be
the bare minimum lawmakers could do to address the problem.
The act introduces
disclosure and disclaimer rules to online political advertising. Tech companies
would have to keep copies of election ads, and make them available to the
public. The ads would also have to contain disclaimers similar to those
included in TV or print political ads, informing voters who paid for the ad,
how much, and whom they targeted.
“The benefit of having
disclaimers on all political ads [is] the more suspicious ads would be more
identifiable,” said Brendan Fischer, the director of federal and Federal
Election Commission reform at theCampaign Legal
Center (CLC) in Washington.
In a vote of confidence
from bitterly-divided Washington, the act was rolled out by a bipartisan group
of senators—John McCain, the Republican from Arizona, and Democrats Amy
Klobuchar from Minnesota and Mark Warner of Virginia—and it currently
has the support of 18 senators. But it hasn’t moved from the committee on
“Rules and Administration” since was first introduced, thanks in part to
Facebook’s lobbying efforts.
Fischer, who is a
co-author of a CLC
report on US vulnerabilities online after the 2016 election, accuses
Facebook of “working behind the scenes using the levers of power to stop any
legislation from moving forward.”
Facebook’s lobbying
clout
Lobbyists for the
company have been trying to dissuade senators from moving the Honest Ads Act
forward, some Congressional aides say.
Facebook’s argument to
Congress behind the scenes has been that they are “voluntarily complying” with
most of what the Honest Ads Act asks, so why pass a law, said one Congressional
staffer working on the bill. Facebook also doesn’t want to be responsible for
maintaining the publicly accessible repository of political advertising,
including funding information, that the act demands, the staffer said.
Facebook spent nearly
$3.1 million lobbying Congress and other US federal government agencies in the
last quarter of 2017, on issues including the Honest Ads Act according to its latest
federal disclosure form. It also signed on Blue Mountain Strategies, a
lobbying firm founded by Warner’s former chief of staff, an
Oct. 30, 2017 filing shows.
It’s part of a massive
uptick in lobbying spending in recent years. [my yellow highlighting]
Despite all its lobbying Facebook Inc is not immune from official censure for its deceptive business practices.
Take this analysis of a 2011 binding agreement between the US Federal Trade Commission and Facebook Inc.....
FEDERAL TRADE COMMISSION [File No. 092 3184], 2 December 2011:
Despite all its lobbying Facebook Inc is not immune from official censure for its deceptive business practices.
Take this analysis of a 2011 binding agreement between the US Federal Trade Commission and Facebook Inc.....
FEDERAL TRADE COMMISSION [File No. 092 3184], 2 December 2011:
The Federal Trade
Commission has accepted, subject to final approval, a consent agreement from
Facebook, Inc. (‘‘Facebook’’)……
The Commission’s
complaint alleges eight violations of Section 5(a) of the FTC Act, which
prohibits deceptive and unfair acts or practices in or affecting commerce, by
Facebook:
*
Facebook’s Deceptive Privacy Settings: Facebook communicated
to users that they could restrict certain information they provided on the site
to a limited audience, such as ‘‘Friends Only.’’ In fact, selecting these
categories did not prevent users’ information from being shared with Apps that
their Friends used.
*
Facebook’s Deceptive and Unfair December 2009 Privacy Changes:
In December 2009, Facebook changed its site so that certain information that
users may have designated as private— such as a user’s Friend List —was made
public, without adequate disclosure to users. This conduct was also unfair to
users.
*
Facebook’s Deception Regarding App Access: Facebook represented
to users that whenever they authorized an App, the App would only access the
information of the user that it needed to operate. In fact, the App could
access nearly all of the user’s information, even if unrelated to the App’s
operations. For example, an App that provided horoscopes for users could access
the user’s photos or employment information, even though there is no need for a
horoscope App to access such information.
* Facebook’s Deception Regarding Sharing
with Advertisers: Facebook promised users that it would not share their
personal information with advertisers; in fact, Facebook did share this
information with advertisers when a user clicked on a Facebook ad.
*
Facebook’s Deception Regarding Its Verified Apps Program:
Facebook had a ‘‘Verified Apps’’ program through which it represented that it
had certified the security of certain Apps when, in fact, it had not.
*
Facebook’s Deception Regarding Photo and Video Deletion: Facebook stated to
users that, when they deactivate or delete their accounts, their photos and
videos would be inaccessible. In fact, Facebook continued to allow access to
this content even after a user deactivated or deleted his or her account.
*
Safe Harbor: Facebook deceptively stated that it
complied with the U.S.-EU Safe Harbor Framework, a mechanism by which U.S.
companies may transfer data from the European Union to the United States
consistent with European law.
The proposed order
contains provisions designed to prevent Facebook from engaging in practices in
the future that are the same or similar to those alleged in the complaint.
Part I of the proposed
order prohibits Facebook from misrepresenting the privacy or security of ‘‘covered
information,’’ as well as the company’s compliance with any privacy, security,
or other compliance program, including but not limited to the U.S.-EU Safe
Harbor Framework. ‘‘Covered information’’ is defined broadly as ‘‘information
from or about an individual consumer, including but not limited to:
(a) A first
or last name;
(b) a home or other physical address, including street name and
name of city or town; (c) an email address or other online contact information,
such as an instant messaging user identifier or a screen name;
(d) a mobile or
other telephone number;
(e) photos and videos; (f) Internet Protocol (‘‘IP’’)
address, User ID, or other persistent identifier; (g) physical location; or
(h)
any information combined with any of (a) through (g) above.’’
Part II of the proposed
order requires Facebook to give its users a clear and prominent notice and
obtain their affirmative express consent before sharing their
previously-collected information with third parties in any (a) through (g)
above.’’ Part II of the proposed order requires Facebook to give its users a
clear and prominent notice and obtain their affirmative express consent before
sharing their previously-collected information with third parties in any way
that materially exceeds the restrictions imposed by their privacy settings. A
‘‘material . . . practice is one which is likely to affect a consumer’s choice
of or conduct regarding a product.’’ FTC Policy Statement on Deception,
Appended to Cliffdale Associates, Inc.,
103 F.T.C. 110, 174 (1984).
Part III of the proposed
order requires Facebook to implement procedures reasonably designed to ensure
that a user’s covered information cannot be accessed from Facebook’s servers
after a reasonable period of time, not to exceed thirty (30) days, following a
user’s deletion of his or her account.
Part IV of the proposed
order requires Facebook to establish and maintain a comprehensive privacy
program that is reasonably designed to:
(1) Address privacy risks related to
the development and management of new and existing products and services, and
(2) protect the privacy and confidentiality of covered information. The privacy
program must be documented in writing and must contain controls and procedures
appropriate to Facebook’s size and complexity, the nature and scope of its
activities, and the sensitivity of covered information. Specifically, the order
requires Facebook to:
* Designate an employee
or employees to coordinate and be responsible for the privacy program;
* Identify
reasonably-foreseeable, material risks, both internal and external, that could
result in the unauthorized collection, use, or disclosure of covered
information and assess the sufficiency of any safeguards in place to control
these risks;
* Design and implement
reasonable controls and procedures to address the risks identified through the
privacy risk assessment and regularly test or monitor the effectiveness of these
controls and procedures;
* Develop and use
reasonable steps to select and retain service providers capable of appropriately
protecting the privacy of covered information they receive from respondent, and
require service providers by contract to implement and maintain appropriate
privacy protections; and
* Evaluate and adjust
its privacy program in light of the results of the testing and monitoring, any
material changes to its operations or business arrangements, or any other
circumstances that it knows or has reason to know may have a material impact on
the effectiveness of its privacy program.
Part V of the proposed
order requires that Facebook obtain within 180 days, and every other year
thereafter for twenty (20) years, an assessment and report from a qualified,
objective, independent third-party professional, certifying, among other
things, that it has in place a privacy program that provides protections that
meet or exceed the protections required by Part IV of the proposed order; and
its privacy controls are operating with sufficient effectiveness to provide
reasonable assurance that the privacy of covered information is protected.
Parts VI through X of the proposed order are reporting and compliance
provisions. Part VI requires that Facebook retain all ‘‘widely disseminated
statements’’ that describe the extent to which respondent maintains and
protects the privacy, security, and confidentiality of any covered information,
along with all materials relied upon in making such statements, for a period of
three (3) years. Part VI further requires Facebook to retain, for a period of
six (6) months from the date received, all consumer complaints directed at
Facebook, or forwarded to Facebook by a third party, that relate to the conduct
prohibited by the proposed order, and any responses to such complaints. Part VI
also requires Facebook to retain for a period of five (5) years from the date
received, documents, prepared by or on behalf of Facebook, that contradict,
qualify, or call into question its compliance with the proposed order. Part VI
additionally requires Facebook to retain for a period of three (3) years, each materially
different document relating to its attempt to obtain the affirmative express
consent of users referred to in Part II, along with documents and information
sufficient to show each user’s consent and documents sufficient to demonstrate,
on an aggregate basis, the number of users for whom each such privacy setting
was in effect at any time Facebook has attempted to obtain such consent.
Finally, Part VI requires that Facebook retain all materials relied upon to
prepare the third-party assessments for a period of three (3) years after the
date that each assessment is prepared.
Part VII requires dissemination of the
order now and in the future to principals, officers, directors, and managers,
and to all current and future employees, agents, and representatives having
supervisory responsibilities relating to the subject matter of the order. Part
VIII ensures notification to the FTC of changes in corporate status. Part IX
mandates that Facebook submit an initial compliance report to the FTC and make
available to the FTC subsequent reports. Part X is a provision ‘‘sunsetting’’
the order after twenty (20) years, with certain exceptions.
The purpose of the
analysis is to aid public comment on the proposed order. It is not intended to
constitute an official interpretation of the complaint or proposed order, or to
modify the proposed order’s terms in any way.
By direction of the Commission.
Donald S. Clark, Secretary. [FR Doc. 2011–31158 Filed 12–2–11; 8:45
am [my yellow highlighting]
Labels:
Big Brother,
big data,
ethics,
Facebook,
information technology,
Internet,
law,
privacy,
safety
Monday 26 March 2018
A brief scrutiny of the byzantium maze that is Cambridge Analytica
Attempting to make sense of a group of corporate actors who obviously delighted in establishing a veritable labyrinth of companies and to create a reference to follow any future revelations.........
So what does the British-US company Cambridge Analytica which;
(i) has been accused of rat f**king the 2015 Nigerian presidential election and the 2013 & 2017 Kenyan elections,
(ii) allegedly influenced the 2016 UK Brexit referendum vote by assisting the Leave.EU campaign,
(iii) was known to have purchased data from Global Science Research Ltd who harvested personal details from an est. 50 million Facebook user accounts and,
(iv) later sold a breakdown of user data first to a number of GOP candidates during 2014 midterms, as well as to Ted Cruz during the US primaries and then to Donald Trump during the 2016 US presidential campaign,
actually look like on paper?
This appears to be the company whose business name is included in so many media reports at the moment:
Cambridge Analytica LLC incorporated in Delaware USA on 31 December 2013 offering data mining, analysis, and behavioral communication solutions according to Bloomberg.com and, now considered a subsidiary of SCL Group Limited.
“The genesis of Cambridge Analytica was to address the vacuum in the US Republican political market that became evident after [Mitt] Romney’s defeat in 2012” [Alexander Nix, CEO Cambridge Analytics].
Executives
Alexander James Ashburner Nix Chief Executive Officer
Julian David Wheatland Chief Financial Officer
Mark Turnbull Managing Director of CA Political Global
Thomas Finkle Global Head of Client ServicesIt shares its name with a UK Company CAMBRIDGE ANALYTICA (UK) LIMITED - formerly SCL USA Limited incorporated 6 January 2015.
Directors
NIX,
Alexander James Ashburner Appointed founding sole director 6 January 2015. Only shareholder - in his own name and through
another company solely owned by him, SCL Elections
Limited (incorporated
17 October 2012).
SCL Elections Limited is described by Cambridge Analylitica as "an affiliate of Cambridge Analytica" and also the "genisis" of Cambridge Analytica. It is now being blamed for receiving harvested Facebook data and Cambridge Analytica is hypocritically trying to distance itself in a company media release on 23 March 2018.
The Cambridge Analytica website states it has offices in London, New York, Washington DC, Brazil and Malaysia. Until 20 March 2018 Alexander Nix was listed as its CEO. Acting CEO is now Chief Data Scientist at SCL Group Limited Dr. Alexander Tayler.
How do two firms on opposite sides of the world - one of which has only one director/owner and no indentifiable board members - suddenly become this company with reputed influence and tentacles everywhere?
Perhaps the answer lies in the est. US$15 million in indirect funding Cambridge Analytica has allegedly received from right-wing American billionaire Robert Mercer & his daughter Rebekah through one or all five affiliated US 'front' companies including Cambridge Analytica LLC and in its relationship with another UK corporation with which it shares information/data/personnel.
The remaining US 'front' companies are:
SCL Elections Limited is described by Cambridge Analylitica as "an affiliate of Cambridge Analytica" and also the "genisis" of Cambridge Analytica. It is now being blamed for receiving harvested Facebook data and Cambridge Analytica is hypocritically trying to distance itself in a company media release on 23 March 2018.
The Cambridge Analytica website states it has offices in London, New York, Washington DC, Brazil and Malaysia. Until 20 March 2018 Alexander Nix was listed as its CEO. Acting CEO is now Chief Data Scientist at SCL Group Limited Dr. Alexander Tayler.
How do two firms on opposite sides of the world - one of which has only one director/owner and no indentifiable board members - suddenly become this company with reputed influence and tentacles everywhere?
Perhaps the answer lies in the est. US$15 million in indirect funding Cambridge Analytica has allegedly received from right-wing American billionaire Robert Mercer & his daughter Rebekah through one or all five affiliated US 'front' companies including Cambridge Analytica LLC and in its relationship with another UK corporation with which it shares information/data/personnel.
The remaining US 'front' companies are:
Cambridge Analytica Holdings LLC (Delaware (US), 9 May 2014- )
Cambridge Analytica Commercial LLC (Delaware (US), 21 Jan 2015- )
Cambridge Analytica Political LLC (Delaware (US), 21 Jan 2015- )
That other UK company is SCL Group
Limited – formerly Strategic Communication Laboratories Limited incorporated on 20 July
2005 by STG Secretaries Limited on behalf of an unidentified person/s, with an opening share capital of £100,000.
Directors
NIX,
Alexander James Ashburner
Appointed co-founding director along with Alexander Waddinton Oakes on 20 July 2005, resigned on 7 December 2012 and reappointed on 28
January 2016. Shareholder. Owner of Cambridge
Analytica (UK) Limited.
OAKES,
Nigel John Appointed
on 3 October 2005. Shareholder.
GABB,
Roger Michael Appointed
on 10 November 2005. Shareholder. Ownership of shares – more than 25% but not
more than 50%. Ownership of voting rights - more than 25% but not more than 50%
Barclays
Bank PLC – current lender to the company It seems this bank assisted in restructuring SCL Group Limited's finances.
Company Positions
Identified by LinkedIn
United
Kingdom
Web / Software Developer
at Cambridge Analytica / SCL Group
Twickenham, United Kingdom
Current: Web
Developer at SCL Group
Data
Engineer presso Cambridge Analytica
London, United
Kingdom
Current: Data Engineer at Cambridge Analytica &
SCL Group
Account Director at
Cambridge Analytica
London, United Kingdom
Current: Senior
Project Manager at SCL Group
Chairman at SCL Group
Chief Executive at Hatton International
London, United Kingdom
Current: Chairman
at SCL Group
CEO, SCL Group -
Behavioural Influence
London, United Kingdom
Current: CEO
at SCL Group - Strategic Communication Laboratories
Financial Crime
Investigations & Security Intelligence
London, United Kingdom
Current: Head
- Fraud Surveillance, Corruption, Investigations at SCL Group
Head of Elections
London, United Kingdom
Current: Head
of Elections at SCL Group
Lead Data Scientist at
SCL Group
London, United Kingdom
Director of Operations
(SCL) / Consultant (BDI)
London, United Kingdom
Current: Director
of Operations (from 2011), Head of Infrastructures (2009-2011) at The SCL Group
DevOps Engineer at SCL
Group
London, United Kingdom
Current: Development
Operations Engineer at SCL Group
Senior Planning Engineer
at SCL Group
Birmingham, United Kingdom
Community manager chez
SCL Group
London, United Kingdom
Current: Community
manager at SCL Group
Financial Controller at
SCL Group
London, United Kingdom
Management Accountant at
SCL Group
London, United Kingdom
Account Coordinator at
SCL Group
United Kingdom
Paralegal
London, United Kingdom
Current: Paralegal
at SCL Group
IT Support Analyst at
SCL Group
Slough, United Kingdom
United
States
Director, Business
Development at SCL Group
Washington D.C. Metro Area
Senior Data Scientist at
SCL Group
Washington D.C. Metro Area
Canada
Technical Manager at SCL
Group
Alberta, Canada
Russia
Менеджер
по закупкам - SCL Group [purchasing manager]
Russian
Federation
Current: Менеджер
по закупкам at SCL Group
Macedonia
Head of
SCL Balkans at SCL Group
Macedonia
Germany
Project
Manager bei SCL Group
Hannover Area, Germany
Current: Project
Manager at SCL Group
Netherlands
Behavioural
& Legal Research Scientist // BDI Consultant
Breda Area, Netherlands
Australia
Project
Portfolio Manager at SCL Group Australia
Sydney, Australia
Current: Project
Portfolio Manager at SCL Group
New
Zealand
SCL
Products Manager at SCL Group
Auckland, New Zealand
Malaysia
Head, CA
Political/Commercial Southeast Asia
Putra Jaya, Malaysia
Current: Director
of SCL Southeast Asia at SCL Group
India
Research Analyst at SCL
Group
New Delhi Area, India
Director Business
Development at SCL Group
New Delhi Area, India
China
CUSTOMER SERVICE at SCL
Group
China
Open Corporates' Company Grouping for Cambridge Analytica
SCL
GROUP LIMITED (United Kingdom, 20 Jul 2005- ) directors
SCL
INSIGHT LIMITED (United Kingdom, 13 Sep 2016- ) directors
SCL
ELECTIONS LIMITED (United Kingdom, 17 Oct 2012- ) director
SCL
ANALYTICS LIMITED (United Kingdom, 23 Oct 2015- ) directors
CAMBRIDGE
ANALYTICA(UK) LIMITED (United Kingdom, 6 Jan 2015- ) director
STRATEGIC
COMMUNICATION LABORATORIES PRIVATE LIMITED (India, 16 Nov
2011- )
SCL
COMMERCIAL LIMITED (United Kingdom, 10 Jan 2014- ) director
inactive SCL
SOVEREIGN LIMITED (United Kingdom, 6 Jan 2015-28 Jun 2016) director Voluntarily dissolved June 2016
inactive BOLDNOTE
LIMITED (United Kingdom, 27 Oct 2004- 8 Jan 2013) directors Voluntarily dissolved January 2013
inactive SCL DIGITAL LIMITED (United Kingdom, 6 Jan 2015-28 Jun 2016) director Voluntarily dissolved January 2015
CAMBRIDGE ANALYTICA LLC (Delaware (US), 31 Dec 2013- )
inactive branch SCL USA INC. (Virginia (US), 25 May 2016-31 Jul 2017)
SCL USA INC. (Delaware (US), 22 Apr 2014- ) details
branch SCL USA INC. (New York (US), 10 May 2016- )
branch SCL USA Inc. (District of Columbia (US), 22 Apr 2014- )
inactive Strategic
Communication Laboratories LLC (Virginia (US), 7 Mar 2011-30
Jun 2013)
STRATEGIC
COMMUNICATION LABORATORIES, INC. (Delaware (US), 23 Aug 2006-
)
CAMBRIDGE
ANALYTICA COMMERCIAL LLC (Delaware (US), 21 Jan 2015- )
CAMBRIDGE
ANALYTICA POLITICAL LLC (Delaware (US), 21 Jan 2015- )
BACKGROUND
The
Sydney Morning Herald,
23 March 2018:
Wylie, a Canadian
citizen, moved to London in 2010 and started to work in 2013 for SCL Group,
which he said conducted "information operations" around the world and
also worked in campaigns, especially in African nations.
As research director,
Wylie helped that company give birth to Cambridge Analytica as "an
American brand" that would focus on US politics with at least $US10
million from billionaire hedge fund manager Robert Mercer. The Cambridge
Analytica office was in the posh Mayfair neighbourhood of London, and the
dozens of young workers - many of them contractors, a number of whom were from
Eastern Europe - buzzed about with Apple laptops.
At the helm, said Wylie,
was Mercer's daughter Rebekah, who was president, and conservative strategist
Steve Bannon, who was vice president. Running day-to-day operations was a
smooth-talking upper-crust Briton, Alexander Nix……
Wylie said that it was
under Nix's direction - but with the knowledge of Bannon and Rebekah Mercer -
that Cambridge Analytica began an ambitious data-gathering program that included
tapping into the Facebook profiles of 50 million users through the use of a
personality-testing app. The company did that with the help of a Russian
American psychologist at Cambridge University, Aleksandr Kogan, who also made
regular visits back to Russia, according to Wylie.
Wylie said he and others
at Cambridge Analytica were initially skeptical of the power of this tactic for
gathering data. But when the company approved $US1000 for Kogan to experiment
with his app, he produced data on 1000 people who downloaded it and roughly
160,000 of their friends - all in a matter of hours.
Cambridge Analytica next
approved $US10,000 for a second round of testing and was rewarded with nearly a
million records, including names, home towns, dates of birth, religious
affiliations, work and educational histories, and preferences, as expressed
using the popular Facebook "like" button on many social media
updates, news stories and other online posts.
They soon married that
data with voter lists and commercial data broker information and discovered
they had a remarkably precise portrait of a large swath of the American
electorate.
Kogan's app, called
"thisisyourdigitallife" and portrayed as being for research purposes,
gathered data on the 270,000 people who downloaded it and tens of millions of
their Facebook friends. It was this data and others that Wylie later worried
might have ended up in Russian hands.
"I'm not saying
that we put it on a drive and posted it to Vladimir Putin on Number 1 Red
Square," Wylie said, referring to the Russian president's official
residence. But he said that he and others affiliated with Cambridge Analytica
briefed Lukoil, a Russian oil company, on its research into American
voters.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The
Guardian, 14
May 2017:
What was not known,
until February, was the relationship between all these figures and the Leave
campaign. That was when Andy
Wigmore, Leave.EU’s communications director, revealed to this paper that
Farage was a close friend of both Bannon and Mercer. He said that the Leave
campaign was a “petri dish” for the Trump campaign. “We shared a lot of
information because what they were trying to do and what we were trying to do
had massive parallels.”
Wigmore also said that Mercer had been “happy to help” and Cambridge Analytica had given its services
to the campaign for free. It was the general secretary of Ukip, a British lawyer called Matthew Richardson, who effected Leave.eu’s introduction to Cambridge
Analytica, Wigmore said. “We had a guy called Matthew Richardson who’d known Nigel for a long time and he’s always looked after the Mercers. The Mercers hadsaid that here’s this company that we think might be useful.”
He said that Mercer,
Farage and co had all met at a conference in Washington. “The best dinner we
ever went to. Around that table were all the rejects of the political world.
And the rejects of the political world are now effectively in the White House.
It’s extraordinary. Jeff Sessions. [Former national security adviser Michael]
Flynn, the whole lot of them. They were all there.”
When the Observer revealed
Mercer’s “help” in February, a “gift” of services, it triggered two
investigations. One by the Information
Commissioner’s Office about possible illegal use of data. And another
by the Electoral Commission. Cambridge Analytica is a US company and Mercer
is a US citizen and British law, designed to protect its electoral system from
outside influence, expressly forbids donations from foreign – or impermissible
– donors. The commission is also looking into the “help” that Gunster gave the
campaign. It was not declared in Leave.EU’s spending returns and if donated, it
would also be impermissible. Gavin Millar QC, an expert in electoral law, says
it raises questions of the utmost importance about the influence of an American
citizen in a UK election.
But the contents of this
document raise even more significant and urgent questions. Coordination between
campaigns destroys the “level playing field” on which UK electoral law is
based. It creates an unfair advantage.
Millar said that one of
the significant and revealing aspects of the arrangement was that it was
hidden. “It’s the covert nature of the relationship between these two companies
and campaigns that I find particularly revealing and alarming. If there is covert
cooperation via offshore entities, [it] is about as serious a breach of the
funding rules as one can imagine in the 21st century.”
Millar said that this
case was without precedent. “To have a billionaire so directly buying influence
in a British election is absolutely unheard of. This is completely out of the
ordinary. And what’s clear is that our electoral laws are hopelessly
inadequate. The only way we would be able to find the truth of what happened is
through a public inquiry.”
The link between Cambridge
Analytica and AggregateIQ was never supposed to come to light. And it is still
uncertain how Vote Leave came to work with AggregateIQ.
There are several major
Tory donors and pro-Brexit figures associated with Cambridge Analytica and SCL
Elections, including Lord Marland, former treasurer of the Conservative party
and head of the Commonwealth Enterprise and Investment Council. The pro-Brexit
Tory donor Roger Gabb, the owner of South African wine company Kumala, is also
a shareholder and was involved in one of the Leave campaigns. In
a separate incident he was fined £1,000 by the Electoral Commission
for failing to include “imprints” – or campaign branding – on newspaper ads.
The Observer revealed
last week that two core members of the Vote Leave team used to work with both
Cambridge Analytica and AggregateIQ. Cummings said that he found the company –
on which he spent by far the biggest chunk of his campaign budget – “on the
internet”.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Digital, Culture, Media and Sport
Committee, Oral
evidence: Fake News, HC 363, Tuesday 27 February 2018, Ordered
by the House of Commons to be published on 27 February 2018.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cambridge Analytica is currently under investigation in the UK with the Information Commissioner's Office entering the company's London office under search warrant on 23 March 2018.
Labels:
big data,
data mining,
data retention,
elections,
ethics,
Facebook,
politics
Subscribe to:
Posts (Atom)