Brexit means clear your cookies for democracy – gpgmail


Brexit looks set to further sink the already battered reputation of tracking cookies after a Buzzfeed report yesterday revealed what appears to be a plan by the UK’s minority government to use official government websites to harvest personal data on UK citizens for targeting purposes.

According to leaked government documents obtained by the news site, the prime minister has instructed government departments to share website usage data that’s collected via gov.uk websites with ministers on a cabinet committee tasked with preparing for a ‘no deal’ Brexit.

It’s not clear how linking up citizens use of essential government portals could further ‘no deal’ prep.

Rather the suspicion is it’s a massive, consent-less voter data grab by party political forces preparing for an inevitable general election in which the current Tory PM plans to campaign on a pro-Brexit message.

The instruction to pool gov.uk usage data as a “top priority” is also being justified internally in instructions to civil servants as necessary to accelerate plans for a digital revolution in public services — an odd ASAP to be claiming at a time of national, Brexit-induced crisis when there are plenty more pressing priorities (given the October 31 EU exit date looming).

A government spokesperson nonetheless told Buzzfeed the data is being collected to improve service delivery. They also claimed it’s “anonymized” data.

“Individual government departments currently collect anonymised user data when people use gov.uk. The Government Digital Service is working on a project to bring this anonymous data together to make sure people can access all the services they need as easily as possible,” the spokesperson said, further claiming: “No personal data is collected at any point during the process, and all activity is fully compliant with our legal and ethical obligations.”

However privacy experts quickly pointed out the nonsense of trying to pretend that joined up user data given a shared identifier is in any way anonymous.

 

For those struggling to keep up with the blistering pace of UK political developments engendered by Brexit, this is a government led by a new (and unelected) prime minister, Boris ‘Brexit: Do or Die’ Johnson, and his special advisor, digital guru Dominic Cummings, of election law-breaking Vote Leave campaign fame.

Back in 2015 and 2016, Cummings, then the director of the official Vote Leave campaign, masterminded a plan to win the EU referendum by using social media data to profile voters — blitzing them with millions of targeted ads in final days of the Brexit campaign.

Vote Leave was later found to have channelled money to Cambridge Analytica-linked Canadian data firm Aggregate IQ to target pro-Brexit ads via Facebook’s platform. Many of which were subsequently revealed to have used blatantly xenophobic messaging to push racist anti-EU messaging when Facebook finally handed over the ad data.

Setting aside the use of xenophobic dark ads to whip up racist sentiment to sell Brexit to voters, and ongoing questions about exactly how Vote Leave acquired data on UK voters for targeting them with political ads (including ethical questions about the use of a football quiz touting a £50M prize run on social media as a mass voter data-harvesting exercise), last year the UK’s Electoral Commission found Vote Leave had breached campaign spending limits through undeclared joint working with another pro-Brexit campaign — via which almost half a million pounds was illegally channeled into Facebook ads.

The Vote Leave campaign was fined £61k by the Electoral Commission, and referred to the police. (An investigation is possibly ongoing.)

Cummings, the ‘huge brain’ behind Vote Leave’s digital strategy, did not suffer a dent in his career as a consequence of all this — on the contrary, he was appointed by Johnson as senior advisor this summer, after Johnson won the Conservative leader contest and so became the third UK PM since the 2016 vote for Brexit.

With Cummings at his side, it’s been full steam ahead for Johnson on social media ads and data grabs, as we reported last month — paving the way for a hoped for general election campaign, fuelled by ‘no holds barred’ data science. Democratic ethics? Not in this digitally disruptive administration!

The Johnson-Cummings pact ignores entirely the loud misgivings sounded by the UK’s information commissioner — which a year ago warned that political microtargeting risks undermining trust in democracy. The ICO called then for an ethical pause. Instead Johnson stuck up a proverbial finger by installing Cummings in No.10.

The UK’s Digital, Culture, Media and Sport parliamentary committee, which tried and failed to get Cummings to testify before it last year as part of a wide-ranging enquiry into online disinformation (a snub for which Cummings was later found in contempt of parliament), also urged the government to update election law as a priority last summer — saying it was essential to act to defend democracy against data-fuelled misinformation and disinformation. A call that was met with cold water.

This means the same old laws that failed to prevent ethically dubious voter data-harvesting during the EU referendum campaign, and failed to prevent social media ad platforms and online payment platforms (hi, Paypal!) from being the conduit for illegal foreign donations into UK campaigns, are now apparently incapable of responding to another voter data heist trick, this time cooked up at the heart of government on the umbrella pretext of ‘preparing for Brexit’.

The repurposing of government departments under Johnson-Cummings for pro-Brexit propaganda messaging also looks decidedly whiffy…

Asked about the legality of the data pooling gov.uk plan as reported by Buzzfeed, an ICO spokesperson told us: “People should be able to make informed choices about the way their data is used. That’s why organisations have to ensure that they process personal information fairly, legally and transparently. When that doesn’t happen, the ICO can take action.”

Can — but hasn’t yet.

It’s also not clear what action the ICO could end up taking to purge UK voter data that’s already been (or is in the process of being) sucked out of the Internet to be repurposed for party political purposes — including, judging by the Vote Leave playbook, for microtargeted ads that promote a no holds barred ‘no deal’ Brexit agenda.

One thing is clear: Any action would need to be swiftly enacted and robustly enforced if it were to have a meaningful chance of defending democracy from ethics-free data-targeting.

Sadly, the ICO has yet to show an appetite for swift and robust action where political parties are concerned.

Likely because a report it put out last fall essentially called out all UK political parties for misusing people’s data. It followed up saying it would audit the political parties starting early this year — but has yet to publish its findings.

Concerned opposition MPs are left tweeting into the regulatory abyss — decrying the ‘coup’ and forlornly pressing for action… Though if the political boot were on the other foot it might well be a different story.

Among the cookies used on gov.uk sites are Google Analytics cookies which store information on how visitors got to the site; the pages visited and length of time spent on them; and items clicked on. Which could certainly enable rich profiles to be attached to single visitors IDs.

Visitors to gov.uk properties can switch off Google Analytics measurement cookies, as well as denying gov.uk communications and marketing cookies, and cookies that store preferences — with only “strictly necessary” cookies (which remember form progress and serve notifications) lacking a user toggle.

What should concerned UK citizens to do to defend democracy against the data science folks we’re told are being thrown at the Johnson-Cummings GSD data pooling project? Practice good privacy hygiene.

Clear your cookies. Indeed, switch off gov.uk cookies. Deny access wherever and whenever possible.

It’s probably also a good idea to use a fresh browser session each time you need to visit a government website and close the session (with cookies set to clear) immediately you’re done.

When the laws have so spectacularly failed to keep up with the data processors, limiting how your information is gathered online is the only way to be sure. Though as we’ve written before it’s not easy.

Privacy is personal and unfortunately, with the laws lagging, the personal is now trivially cheap and easy to weaponize for political dark arts that treat democracy as a game of PR, debasing the entire system in the process.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Facebook really doesn’t want you to read these emails – gpgmail


Oh hey y’all, it’s Friday! It’s August! Which means it’s a great day for Facebook to drop a little news it would prefer you don’t notice. News that you won’t find a link to on the homepage of Facebook’s Newsroom — which is replete with colorfully illustrated items it does want you to read (like the puffed up claim that “Now You Can See and Control the Data That Apps and Websites Share With Facebook”.)

The blog post Facebook would really prefer you didn’t notice is tucked away in a News sub-section of this website — where it’s been confusingly entitled: Document Holds the Potential for Confusion. And has an unenticing grey image of a document icon to further put you off — just in case you happened to stumble on it after all. It’s almost as if Facebook is saying ‘definitely don’t click here‘…

So what is Facebook trying to bury in the horse latitudes of summer?

An internal email chain, starting September 2015, which shows a glimpse of what Facebook’s own staff knew about the activity of Cambridge Analytica prior to The Guardian‘s December 2015 scoop — when the newspaper broke the story that the controversial (and now defunct) data analytics firm, then working for Ted Cruz’s presidential campaign, had harvested data on millions of Facebook users without their knowledge and/or consent, and was using psychological insights gleaned from the data to target voters.

Facebook founder Mark Zuckerberg’s official timeline of events about what he knew when vis-a-via the Cambridge Analytica story has always been that his knowledge of the matter dates to December 2015 — when the Guardian published its story.

But the email thread Facebook is now releasing shows internal concerns being raised almost two months earlier.

This chimes with previous (more partial) releases of internal correspondence pertaining to Cambridge Analytica  — which have also come out as a result of legal actions (and which we’ve reported on previously here and here).

If you click to download the latest release, which Facebook suggests it ‘agreed’ with the District of Columbia Attorney General to “jointly make public”, you’ll find a redacted thread of emails in which Facebook staffers raise a number of platform policy violation concerns related to the “political partner space”, writing September 29, 2915, that “many companies seem to be on the edge- possibly over”.

Cambridge Analytica is first identified by name — when it’s described by a Facebook employee as “a sketchy (to say the least) data modelling company that has penetrated our market deeply” — on September 22, 2015, per this email thread. It is one of many companies the staffer writes are suspected of scraping user data — but is also described as “the largest and most aggressive on the conservative side”.

Screenshot 2019 08 23 at 16.34.15

On September 30, 2015, a Facebook staffer responds to this, asking for App IDs and app names for the apps engaging in scraping user data — before writing: “My hunch is that these apps’ data-scraping is likely non-compliant”.

“It would be very difficult to engage in data-scraping activity as you described while still being compliant with FPPs [Facebook Platform Policies],” this person adds.

Cambridge Analytica gets another direct mention (“the Cambridge app”) on the same day. A different Facebook staffer then chips in with a view that “it’s very likely these companies are not in violation of any of our terms” — before asking for “concrete examples” and warning against calling them to ask questions unless “red flags” have been confirmed.

On October 13, a Facebook employee chips back into the thread with the view that “there are likely a few data policy violations here”.

The email thread goes on to discuss concerns related to additional political partners and agencies using Facebook’s platform at that point, including ForAmerica, Creative Response Concepts, NationBuilder and Strategic Media 21. Which perhaps explains Facebook’s lack of focus on CA — if potentially “sketchy” political activity was apparently widespread.

On December 11 another Facebook staffer writes to ask for an expedited review of Cambridge Analytica — saying it’s “unfortunately… now a PR issue”, i.e. as a result of the Guardian publishing its article.

The same day a Facebook employee emails to say Cambridge Analytica “is hi pri at this point”, adding: “We need to sort this out ASAP” — a month and a half after the initial concern was raised.

Also on December 11 a staffer writes that they had not heard of GSR, the Cambridge-based developer CA hired to extract Facebook user data, before the Guardian article named it. But other Facebook staffers chip in to reveal personal knowledge of the psychographic profiling techniques deployed by Cambridge Analytica and GSR’s Dr Aleksandr Kogan, with one writing that Kogan was their postdoc supervisor at Cambridge University.

Another says they are friends with Michal Kosinsky, the lead author of a personality modelling paper that underpins the technique used by CA to try to manipulate voters — which they described as “solid science”.

A different staffer also flags the possibility that Facebook has worked with Kogan — ironically enough “on research on the Protect & Care team” — citing the “Wait, What thread” and another email, neither of which appear to have been released by Facebook in this ‘Exhibit 1’ bundle.

So we can only speculate on whether Facebook’s decision — around September 2015 — to hire Kogan’s GSR co-founder, Joseph Chancellor, appears as a discussion item in the ‘Wait, What’ thread…

Putting its own spin on the release of these internal emails in a blog post, Facebook sticks to its prior line that “unconfirmed reports of scraping” and “policy violations by Aleksandr Kogan” are two separate issues, writing:

We believe this document has the potential to confuse two different events surrounding our knowledge of Cambridge Analytica. There is no substantively new information in this document and the issues have been previously reported. As we have said many times, including last week to a British parliamentary committee, these are two distinct issues. One involved unconfirmed reports of scraping — accessing or collecting public data from our products using automated means — and the other involved policy violations by Aleksandr Kogan, an app developer who sold user data to Cambridge Analytica. This document proves the issues are separate; conflating them has the potential to mislead people.

It has previously also referred to the internal concerns raised about CA as “rumors”.

“Facebook was not aware that Kogan sold data to Cambridge Analytica until December 2015. That is a fact that we have testified to under oath, that we have described to our core regulators, and that we stand by today,” it adds now.

It also claims that after an engineer responded to concerns that CA was scraping data and looked into it they were not able to find any such evidence. “Even if such a report had been confirmed, such incidents would not naturally indicate the scale of the misconduct that Kogan had engaged in,” Facebook adds.

The company has sought to dismiss the privacy litigation brought against it by the District of Columbia which is related to the Cambridge Analytica scandal — but has been unsuccessful in derailing the case thus far.

The DC complaint alleges that Facebook allowed third-party developers to access consumers’ personal data, including information on their online behavior, in order to offer apps on its platform, and that it failed to effectively oversee and enforce its platform policies by not taking reasonable steps to protect consumer data and privacy. It also alleges Facebook failed to inform users of the CA breach.

Facebook has also failed to block another similar lawsuit that’s been filed in Washington, DC by Attorney General Karl Racine — which has alleged lax oversight and misleading privacy standards.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

After data incidents, Instagram expands its bug bounty – gpgmail


Facebook is expanding its data abuse bug bounty to Instagram.

The social media giant, which owns Instagram, first rolled out its data abuse bounty in the wake of the Cambridge Analytica scandal, which saw tens of millions of Facebook profiles scraped to help swing undecided voters in favor of the Trump campaign during the U.S. presidential election in 2016.

The idea was that security researchers and platform users alike could report instances of third-party apps or companies that were scraping, collecting and selling Facebook data for other purposes, such as to create voter profiles or build vast marketing lists.

Even following he high profile public relations disaster of Cambridge Analytica, Facebook still still had apps illicitly collecting data on its users.

Instagram wasn’t immune either. Just this month Instagram booted a “trusted” marketing partner off its platform after it was caught scraping millions of users’ stories, locations and other data points on millions of users, forcing Instagram to make product changes to prevent future scraping efforts. That came after two other incidents earlier this year where a security researcher found 14 million scraped Instagram profiles sitting on an exposed database — without a password — for anyone to access. Another incident saw another company platform scrape the profile data — including email addresses and phone numbers — of Instagram influencers.

Last year Instagram also choked developers’ access as the company tried to rebuild its privacy image in the aftermath of the Cambridge Analytica scandal.

Dan Gurfinkel, security engineering manager at Instagram, said its new and expanded data abuse bug bounty aims to “encourage” security researchers to report potential abuse.

Instagram said it’s also inviting a select group of trusted security researchers to find flaws in its Checkout service ahead of its international rollout, who will also be eligible for bounty payouts.

Read more:


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Facebook denies making contradictory claims on Cambridge Analytica and other ‘sketchy’ apps – gpgmail


Facebook has denied contradicting itself in evidence to the UK parliament and a US public prosecutor.

Last month the Department for Digital, Culture, Media and Sport (DCMS) committee wrote to the company to raise what it said were discrepancies in evidence Facebook has given to international parliamentarians vs evidence submitted in response to the Washington, DC Attorney General — which is suing Facebook on its home turf, over the Cambridge Analytica data misuse scandal.

Yesterday Bloomberg obtained Facebook’s response to the committee.

In the letter Rebecca Stimson, the company’s head of U.K. public policy, denies any inconsistency in evidence submitted on both sides of the Atlantic, writing:

The evidence given to the Committees by Mike Schroepfer (Chief Technology Officer), Lord Allan (Vice President for Policy Solutions), and other Facebook representatives is entirely consistent with the allegations in the SEC 
Complaint filed 24 July 2019. In their evidence, Facebook representatives truthfully answered questions about when the company first learned of Aleksandr Kogan / GSR’s improper transfer of data to Cambridge Analytica, which was in 
December 2015 through The Guardian’s reporting. We are aware of no evidence to suggest that Facebook learned any earlier of that improper transfer.

 As we have told regulators, and many media stories have since reported, we heard speculation about data scraping by Cambridge Analytica in September 2015. We have also testified publicly that we first learned Kogan sold data to Cambridge Analytica in December 2015. These are two different things and this 
is not new information.

Stimson goes on to claim that Facebook merely heard “rumours in September 2015 that Cambridge Analytica was promoting its ability to scrape user data from public Facebook pages”. (In statements made earlier this year to the press on this same point Facebook has also used the word “speculation” to refer to the internal concerns raised by its staff, writing that “employees heard speculation that Cambridge Analytica was scraping data”.)

In the latest letter, Stimson repeats Facebook’s earlier line about data scraping being common for public pages (which may be true, but plenty of Facebook users’ pages aren’t public to anyone other than their hand-picked friends so… ), before claiming it’s not the same as the process by which Cambridge Analytica obtained Facebook data (i.e. by paying a developer on Facebook’s platform to build an app that harvested users’ and users friends’ data).

The scraping of data from public pages (which is unfortunately common for any internet service) is different from, and has no relationship to, the illicit transfer to third parties of data obtained by an app developer (which was the subject of the December 2015 Guardian article and of Facebook representatives’ evidence),” she writes, suggesting a ‘sketchy’ data modeling company with deep Facebook platform penetration looked like ‘business as usual’ for Facebook management back in 2015. 

As we’ve reported before, it has emerged this year — via submissions to other US legal proceedings against Facebook — that staff working for its political advertising division raised internal concerns about what Cambridge Analytica was up to in September 2015, months prior to The Guardian article which Facebook founder Mark Zuckerberg has claimed is the point when he personally learned what Cambridge Analytica was doing on his platform.

These Facebook staff described Cambridge Analytica as a “sketchy (to say the least) data modeling company that has penetrated our market deeply” — months before the newspaper published its scoop on the story, per an SEC complaint which netted Facebook a $100M fine, in addition to the FTC’s $5BN privacy penalty.

Nonetheless, Facebook is once claiming there’s nothing but ‘rumors’ to see here.

The DCMS committee also queried Facebook’s flat denial to the Washington, DC Attorney General that the company knew of any other apps misusing user data; failed to take proper measures to secure user data by failing to enforce its own platform policy; and failed to disclose to users when their data was misused — pointing out that Facebook reps told it on multiple occasions that Facebook knew of other apps violating its policies and had taken action against them.

Again, Facebook denies any contradiction whatsoever here.

“The particular allegation you cite asserts that Facebook knew of third party applications that violated its policies and failed to take reasonable measures to enforce against them,” writes Stimson. “As we have consistently stated to the Committee and elsewhere, we regularly take action against apps and developers who violate our policies. We therefore appropriately, and consistently with what we told the Committee, denied the allegation.”

So, turns out, Facebook was only flat denying some of the allegations in para 43 of the Washington, DC Attorney General’s complaint. But the company doesn’t see bundling responses to multiple allegations under one blanket denial as in any way misleading…

In a tweet responding to Facebook’s latest denial, DCMS committee chair Damian Collins dubbed the company’s response “typically disingenuous” — before pointing out: “They didn’t previously disclose to us concerns about Cambridge Analytica prior to Dec 2015, or say what they did about it & haven’t shared results of investigations into other Apps.”

On the app audit issue, Stimson’s letter justifies Facebook’s failure to provide the DCMS committee with the requested information on other ‘sketchy’ apps it’s investigating, writing this is because the investigation — which CEO Mark Zuckerberg announced in a Facebook blog post on March 21, 2018; saying then that it would “investigate all apps that had access to large amounts of information”; “conduct a full audit of any app with suspicious activity”; “ban any developer from our platform that does not agree to a thorough audit”; and ban any developers found to have misused user data; and “tell everyone affected by those apps” — is, er, “ongoing”.

More than a year ago Facebook did reveal that it had suspended around 200 suspicious apps out of “thousands” reviewed. However updates on Zuckerberg’s great app audit have been thin on the ground since then, to say the least.

“We will update the Committee as we publicly share additional information about that extensive effort,” says Stimson now.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Brittany Kaiser dumps more evidence of Brexit’s democratic trainwreck – gpgmail


A UK parliamentary committee has published new evidence fleshing out how membership data was passed from UKIP, a pro-Brexit political party, to Leave.EU, a Brexit supporting campaign active in the 2016 EU referendum — via the disgraced and now defunct data company, Cambridge Analytica.

In evidence sessions last year, during the DCMS committee’s enquiry into online disinformation, it was told by both the former CEO of Cambridge Analytica, and the main financial backer of the Leave.EU campaign, the businessman Arron Banks, that Cambridge Analytica did no work for the Leave.EU campaign.

Documents published today by the committee clearly contradict that narrative — revealing internal correspondence about the use of a UKIP dataset to create voter profiles to carry out “national microtargeting” for Leave.EU.

They also show CA staff raising concerns about the legality of the plan to model UKIP data to enable Leave.EU to identify and target receptive voters with pro-Brexit messaging.

The UK’s 2016 in-out EU referendum saw the voting public narrowing voting to leave — by 52:48.

New evidence from Brittany Kaiser

The evidence, which includes emails between key Cambridge Analytica, employees of Leave.EU and UKIP, has been submitted to the DCMS committee by Brittany Kaiser — a former director of CA (who you may just have seen occupying a central role in Netflix’s The Great Hack documentary, which digs into links between the Trump campaign and the Brexit campaign).

“As you can see with the evidence… chargeable work was completed for UKIP and Leave.EU, and I have strong reasons to believe that those datasets and analysed data processed by Cambridge Analytica as part of a Phase 1 payable work engagement… were later used by the Leave.EU campaign without Cambridge Analytica’s further assistance,” writes Kaiser in a covering letter to committee chair, Damian Collins, summarizing the submissions.

Kaiser gave oral evidence to the committee at a public hearing in April last year.

At the time she said CA had been undertaking parallel pitches for Leave.EU and UKIP — as well as for two insurance brands owned by Banks — and had used membership survey data provided by UKIP to built a model for pro-brexit voter personality types, with the intention of it being used “to benefit Leave.EU”.

“We never had a contract with Leave.EU. The contract was with the UK Independence party for the analysis of this data, but it was meant to benefit Leave.EU,” she said then.

The new emails submitted by Kaiser back up her earlier evidence. They also show there was discussion of drawing up a contract between CA, UKIP and Leave.EU in the fall before the referendum vote.

In one email — dated November 10, 2015 — CA’s COO & CFO, Julian Wheatland, writes that: “I had a call with [Leave.EU’s] Andy Wigmore today (Arron’s right hand man) and he confirmed that, even though we haven’t got the contract with the Leave written up, it’s all under control and it will happen just as soon as [UKIP-linked lawyer] Matthew Richardson has finished working out the correct contract structure between UKIP, CA and Leave.”

Another item Kaiser has submitted to the committee is a separate November email from Wigmore, inviting press to a briefing by Leave.EU — entitled “how to win the EU referendum” — an event at which Kaiser gave a pitch on CA’s work. In this email Wigmore describes the firm as “the worlds leading target voter messaging campaigners”.

In another document, CA’s Wheatland is shown in an email thread ahead of that presentation telling Wigmore and Richardson “we need to agree the line in the presentations next week with regards the origin of the data we have analysed”.

“We have generated some interesting findings that we can share in the presentation, but we are certain to be asked where the data came from. Can we declare that we have analysed UKIP membership and survey data?” he then asks.

UKIP’s Richardson replies with a negative, saying: “I would rather we didn’t, to be honest” — adding that he has a meeting with Wigmore to discuss “all of this”, and ending with: “We will have a plan by the end of that lunch, I think”.

In another email, dated November 10, sent to multiple recipients ahead of the presentation, Wheatland writes: “We need to start preparing Brittany’s presentation, which will involve working with some of the insights David [Wilkinson, CA’s chief data scientist] has been able to glean from the UKIP membership data.”

He also asks Wilkinson if he can start to “share insights from the UKIP data” — as well as asking “when are we getting the rest of the data?”. (In a later email, dated November 16, Wilkinson shares plots of modelled data with Kaiser — apparently showing the UKIP data now segmented into four blocks of brexit supporters, which have been named: ‘Eager activist’; ‘Young reformer’; ‘Disaffected Tories’; and ‘Left behinds’.)

In the same email Wheatland instructs Jordanna Zetter, an employee of CA’s parent company SCL, to brief Kaiser on “how to field a variety of questions about CA and our methodology, but also SCL. Rest of the world, SCL Defence etc” — asking her to liaise with other key SCL/CA staff to “produce some ‘line to take’ notes”.

Another document in the bundle appears to show Kaiser’s talking points for the briefing. These make no mention of CA’s intention to carry out “national microtargeting” for Leave.EU — merely saying it will conduct “message testing and audience segmentation”.

“We will be working with the campaign’s pollsters and other vendors to compile all the data we have available to us,” is another of the bland talking points Kaiser was instructed to feed to the press.

“Our team of data scientists will conduct deep-dive analysis that will enable us to understand the electorate better than the rival campaigns,” is one more unenlightening line intended for public consumption.

But while CA was preparing to present the UK media with a sanitized false narrative to gloss over the individual voter targeting work it actually intended to carry out for Leave.EU, behind the scenes concerns were being raised about how “national microtargeting” would conflict with UK data protection law.

Another email thread, started November 19, highlights internal discussion about the legality of the plan — with Wheatland sharing “written advice from Queen’s Counsel on the question of how we can legally process data in the UK, specifically UKIP’s data for Leave.eu and also more generally”. (Although Kaiser has not shared the legal advice itself.)

Wilkinson replies to this email with what he couches as “some concerns” regarding shortfalls in the advice, before going into detail on how CA is intending to further process the modelled UKIP data in order to individually microtarget brexit voters — which he suggests would not be legal under UK data protection law “as the identification of these people would constitute personal data”.

He writes:

I have some concerns about what this document says is our “output” – points 22 to 24. Whilst it includes what we have already done on their data (clustering and initial profiling of their members, and providing this to them as summary information), it does not say anything about using the models of the clusters that we create to extrapolate to new individuals and infer their profile. In fact it says that our output does not identify individuals. Thus it says nothing about our microtargeting approach typical in the US, which I believe was something that we wanted to do with leave eu data to identify how each their supporters should be contacted according to their inferred profile.

For example, we wouldn’t be able to show which members are likely to belong to group A and thus should be messaged in this particular way – as the identification of these people would constitute personal data. We could only say “group A typically looks like this summary profile”.

Wilkinson ends by asking for clarification ahead of a looming meeting with Leave.EU, saying: “It would be really useful to have this clarified early on tomorrow, because I was under the impression it would be a large part of our product offering to our UK clients.” [emphasis ours]

Wheatland follows up with a one line email, asking Richardson to “comment on David’s concern” — who then chips into the discussion, saying there’s “some confusion at our end about where this data is coming from and going to”.

He goes on to summarize the “premises” of the advice he says UKIP was given regarding sharing the data with CA (and afterwards the modelled data with Leave.EU, as he implies is the plan) — writing that his understanding is that CA will return: “Analysed Data to UKIP”, and then: “As the Analysed Dataset contains no personal data UKIP are free to give that Analysed Dataset to anyone else to do with what they wish. UKIP will give the Analysed Dataset to Leave.EU”.

“Could you please confirm that the above is correct?” Richardson goes on. “Do I also understand correctly that CA then intend to use the Analysed Dataset and overlay it on Leave.EU’s legitimately acquired data to infer (interpolate) profiles for each of their supporters so as to better control the messaging that leave.eu sends out to those supporters?

“Is it also correct that CA then intend to use the Analysed Dataset and overlay it on publicly available data to infer (interpolate) which members of the public are most likely to become Leave.EU supporters and what messages would encourage them to do so?

“If these understandings are not correct please let me know and I will give you a call to discuss this.”

About half an hour later another SCL Group employee, Peregrine Willoughby-Brown, joins the discussion to back up Wilkinson’s legal concerns.

“The [Queen’s Counsel] opinion only seems to be an analysis of the legality of the work we have already done for UKIP, rather than any judgement on whether or not we can do microtargeting. As such, whilst it is helpful to know that we haven’t already broken the law, it doesn’t offer clear guidance on how we can proceed with reference to a larger scope of work,” she writes without apparent alarm at the possibility that the entire campaign plan might be illegal under UK privacy law.

“I haven’t read it in sufficient depth to know whether or not it offers indirect insight into how we could proceed with national microtargeting, which it may do,” she adds — ending by saying she and a colleague will discuss it further “later today”.

It’s not clear whether concerns about the legality of the microtargeting plan derailed the signing of any formal contract between Leave.EU and CA — even though the documents imply data was shared, even if only during the scoping stage of the work.

“The fact remains that chargeable work was done by Cambridge Analytica, at the direction of Leave.EU and UKIP executives, despite a contract never being signed,” writes Kaiser in her cover letter to the committee on this. “Despite having no signed contract, the invoice was still paid, not to Cambridge Analytica but instead paid by Arron Banks to UKIP directly. This payment was then not passed onto Cambridge Analytica for the work completed, as an internal decision in UKIP, as their party was not the beneficiary of the work, but Leave.EU was.”

Kaiser has also shared a presentation of the UKIP survey data, which bears the names of three academics: Harold Clarke, University of Texas at Dallas & University of Essex; Matthew Goodwin, University of Kent; and Paul Whiteley, University of Essex, which details results from the online portion of the membership survey — aka the core dataset CA modelled for targeting Brexit voters with the intention of helping the Leave.EU campaign.

(At a glance, this survey suggests there’s an interesting analysis waiting to be done of the choice of target demographics for the current blitz of campaign message testing ads being run on Facebook by the new (pro-brexit) UK prime minister Boris Johnson and the core UKIP demographic, as revealed by the survey data… )

Call for Leave.EU probe to be reopened

Ian Lucas, MP, a member of the DCMS committee has called for the UK’s Electoral Commission to re-open its investigation into Leave.EU in view of “additional evidence” from Kaiser.

We reached out to the Electoral Commission to ask if it will be revisiting the matter.

An Electoral Commission spokesperson told us: “We are considering this new information in relation to our role regulating campaigner activity at the EU referendum. This relates to the 10 week period leading up to the referendum and to campaigning activity specifically aimed at persuading people to vote for a particular outcome.

“Last July we did impose significant penalties on Leave.EU for committing multiple offences under electoral law at the EU Referendum, including for submitting an incomplete spending return.”

Last year the Electoral Commission also found that the official Vote Leave Brexit campaign broke the law by breaching election campaign spending limits. It channelled money to a Canadian data firm linked to Cambridge Analytica to target political ads on Facebook’s platform, via undeclared joint working with a youth-focused Brexit campaign, BeLeave.

Six months ago the UK’s data watchdog also issued fines against Leave.EU and Banks’ insurance company, Eldon Insurance — having found what it dubbed as “serious” breaches of electronic marketing laws, including the campaign using insurance customers’ details to unlawfully to send almost 300,000 political marketing messages.

A spokeswoman for the ICO told us it does not have a statement on Kaiser’s latest evidence but added that its enforcement team “will be reviewing the documents released by DCMS”.

The regulator has been running a wider enquiry into use of personal data for social media political campaigning. And last year the information commissioner called for an ethical pause on its use — warning that trust in democracy risked being undermined.

And while Facebook has since applied a thin film of ‘political ads’ transparency to its platform (which researches continue to warn is not nearly transparent enough to quantify political use of its ads platform), UK election campaign laws have yet to be updated to take account of the digital firehoses now (il)liberally shaping political debate and public opinion at scale.

It’s now more than three years since the UK’s shock vote to leave the European Union — a vote that has so far delivered three years of divisive political chaos, despatching two prime ministers and derailing politics and policymaking as usual.

Many questions remain over a referendum that continues to be dogged by scandals — from breaches of campaign spending; to breaches of data protection and privacy law; and indeed the use of unregulated social media — principally Facebook’s ad platform — as the willing conduit for distributing racist dogwhistle attack ads and political misinformation to whip up anti-EU sentiment among UK voters.

Dark money, dark ads — and the importing of US style campaign tactics into UK, circumventing election and data protection laws by the digital platform backdoor.

This is why the DCMS committee’s preliminary report last year called on the government to take “urgent action” to “build resilience against misinformation and disinformation into our democratic system”.

The very same minority government, struggling to hold itself together in the face of Brexit chaos, failed to respond to the committee’s concerns — and has now been replaced by a cadre of the most militant Brexit backers, who are applying their hands to the cheap and plentiful digital campaign levers.

The UK’s new prime minister, Boris Johnson, is demonstrably doubling down on political microtargeting: Appointing no less than Dominic Cummings, the campaign director of the official Vote Leave campaign, as a special advisor.

At the same time Johnson’s team is firing out a flotilla of Facebook ads — including ads that appear intended to gather voter sentiment for the purpose of crafting individually targeted political messages for any future election campaign.

So it’s full steam ahead with the Facebook ads…

Boris Facebook ads

Yet this ‘democratic reset’ is laid right atop the Brexit trainwreck. It’s coupled to it, in fact.

Cummings worked for the self same Vote Leave campaign that the Electoral Commission found illegally funnelled money — via Cambridge Analytica-linked Canadian data firm AggregateIQ — into a blitz of microtargeted Facebook ads intended to sway voter opinion.

Vote Leave also faced questions over its use of Facebook-run football competition promising a £50M prize-pot to fans in exchange for handing over a bunch of personal data ahead of the referendum, including how they planned to vote. Another data grab wrapped in fancy dress — much like GSR’s thisisyourlife quiz app that provided the foundational dataset for CA’s psychological voter profiling work on the Trump campaign.

The elevating of Cummings to be special adviser to the UK PM represents the polar opposite of an ‘ethical pause’ in political microtargeting.

Make no mistake, this is the Brexit campaign playbook — back in operation, now with full-bore pedal to the metal. (With his hands now on the public purse, Johnson has pledged to spend £100M on marketing to sell a ‘no deal Brexit’ to the UK public.)

Kaiser’s latest evidence may not contain a smoking bomb big enough to blast the issue of data-driven and tech giant-enabled voter manipulation into a mainstream consciousness, where it might have the chance to reset the political conscience of a nation — but it puts more flesh on the bones of how the self-styled ‘bad boys of Brexit’ pulled off their shock win.

In The Great Hack the Brexit campaign is couched as the ‘petri dish’ for the data-fuelled targeting deployed by the firm in the 2016 US presidential election — which delivered a similarly shock victory for Trump.

If that’s so, these latest pieces of evidence imply a suggestively close link between CA’s experimental modelling of UKIP supporter data, as it shifted gears to apply its dark arts closer to home than usual, and the models it subsequently built off of US citizens’ data sucked out of Facebook. And that in turn goes some way to explaining the cosiness between Trump and UKIP founder Nigel Farage…

 

Kaiser ends her letter to DCMS writing: “Given the enormity of the implications of earlier inaccurate conclusions by different investigations, I would hope that Parliament reconsiders the evidence submitted here in good faith. I hope that these ten documents are helpful to your research and furthering the transparency and truth that your investigations are seeking, and that the people of the UK and EU deserve”.

Banks and Wigmore have responded to the publication in their usual style, with a pair of dismissive tweets — questioning Kaiser’s motives for wanting the data to be published and throwing shade on how the evidence was obtained in the first place.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

The Great Hack tells us data corrupts  – gpgmail


This week professor David Carroll, whose dogged search for answers to how his personal data was misused plays a focal role in The Great Hack: Netflix’s documentary tackling the Facebook-Cambridge Analytica data scandal, quipped that perhaps a follow up would be more punitive for the company than the $5BN FTC fine released the same day.

The documentary — which we previewed ahead of its general release Wednesday — does an impressive job of articulating for a mainstream audience the risks for individuals and society of unregulated surveillance capitalism, despite the complexities involved in the invisible data ‘supply chain’ that feeds the beast. Most obviously by trying to make these digital social emissions visible to the viewer — as mushrooming pop-ups overlaid on shots of smartphone users going about their everyday business, largely unaware of the pervasive tracking it enables.

Facebook is unlikely to be a fan of the treatment. In its own crisis PR around the Cambridge Analytica scandal it has sought to achieve the opposite effect; making it harder to join the data-dots embedded in its ad platform by seeking to deflect blame, bury key details and bore reporters and policymakers to death with reams of irrelevant detail — in the hope they might shift their attention elsewhere.

Data protection itself isn’t a topic that naturally lends itself to glamorous thriller treatment, of course. No amount of slick editing can transform the close and careful scrutiny of political committees into seat-of-the-pants viewing for anyone not already intimately familiar with the intricacies being picked over. And yet it’s exactly such thoughtful attention to detail that democracy demands. Without it we are all, to put it proverbially, screwed.

The Great Hack shows what happens when vital detail and context are cheaply ripped away at scale, via socially sticky content delivery platforms run by tech giants that never bothered to sweat the ethical detail of how their ad targeting tools could be repurposed by malign interests to sew social discord and/or manipulate voter opinion en mass.

Or indeed used by an official candidate for high office in a democratic society that lacks legal safeguards against data misuse.

But while the documentary packs in a lot over an almost two-hour span, retelling the story of Cambridge Analytica’s role in the 2016 Trump presidential election campaign; exploring links to the UK’s Brexit leave vote; and zooming out to show a little of the wider impact of social media disinformation campaigns on various elections around the world, the viewer is left with plenty of questions. Not least the ones Carroll repeats towards the end of the film: What information had Cambridge Analytica amassed on him? Where did they get it from? What did they use it for? — apparently resigning himself to never knowing. The disgraced data firm chose declaring bankruptcy and folding back into its shell vs handing over the stolen goods and its algorithmic secrets.

There’s no doubt over the other question Carroll poses early on the film — could he delete his information? The lack of control over what’s done with people’s information is the central point around which the documentary pivots. The key warning being there’s no magical cleansing fire that can purge every digitally copied personal thing that’s put out there.

And while Carroll is shown able to tap into European data rights — purely by merit of Cambridge Analytica having processed his data in the UK — to try and get answers, the lack of control holds true in the US. Here, the absence of a legal framework to protect privacy is shown as the catalyzing fuel for the ‘great hack’ — and also shown enabling the ongoing data-free-for-all that underpins almost all ad-supported, Internet-delivered services. tl;dr: Your phone doesn’t need to listen to if it’s tracking everything else you do with it.

The film’s other obsession is the breathtaking scale of the thing. One focal moment is when we hear another central character, Cambridge Analytica’s Brittany Kaiser, dispassionately recounting how data surpassed oil in value last year — as if that’s all the explanation needed for the terrible behavior on show.

“Data’s the most valuable asset on Earth,” she monotones. The staggering value of digital stuff is thus fingered as an irresistible, manipulative force also sucking in bright minds to work at data firms like Cambridge Analytica — even at the expense of their own claimed political allegiances, in the conflicted case of Kaiser.

If knowledge is power and power corrupts, the construction can be refined further to ‘data corrupts’, is the suggestion.

The filmmakers linger long on Kaiser which can seem to humanize her — as they show what appear vulnerable or intimate moments. Yet they do this without ever entirely getting under her skin or allowing her role in the scandal to be fully resolved.

She’s often allowed to tell her narrative from behind dark glasses and a hat — which has the opposite effect on how we’re invited to perceive her. Questions about her motivations are never far away. It’s a human mystery linked to Cambridge Analytica’s money-minting algorithmic blackbox.

Nor is there any attempt by the filmmakers to mine Kaiser for answers themselves. It’s a documentary that spotlights mysteries and leaves questions hanging up there intact. From a journalist perspective that’s an inevitable frustration. Even as the story itself is much bigger than any one of its constituent parts.

It’s hard to imagine how Netflix could commission a straight up sequel to The Great Hack, given its central framing of Carroll’s data quest being combined with key moments of the Cambridge Analytica scandal. Large chunks of the film are comprised from capturing scrutiny and reactions to the story unfolding in real-time.

But in displaying the ruthlessly transactional underpinnings of social platforms where the world’s smartphone users go to kill time, unwittingly trading away their agency in the process, Netflix has really just begun to open up the defining story of our time.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something