Slashdot Mirror
Did Cambridge Analytica Harvest 50 Million Facebook Profiles? (theguardian.com)
Slashdot reader umafuckit shared this article from The Guardian:
The data analytics firm that worked with Donald Trump's election team and the winning Brexit campaign harvested millions of Facebook profiles of U.S. voters, in one of the tech giant's biggest ever data breaches, and used them to build a powerful software program to predict and influence choices at the ballot box... Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer: "We exploited Facebook to harvest millions of people's profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on."
Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals... On Friday, four days after the Observer sought comment for this story, but more than two years after the data breach was first reported, Facebook announced that it was suspending Cambridge Analytica and Kogan from the platform, pending further information over misuse of data. Separately, Facebook's external lawyers warned the Observer on Friday it was making "false and defamatory" allegations, and reserved Facebook's legal position...
The evidence Wylie supplied to U.K. and U.S. authorities includes a letter from Facebook's own lawyers sent to him in August 2016, asking him to destroy any data he held that had been collected by GSR, the company set up by Kogan to harvest the profiles... Facebook did not pursue a response when the letter initially went unanswered for weeks because Wylie was travelling, nor did it follow up with forensic checks on his computers or storage, he said. "That to me was the most astonishing thing. They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back."
Wylie worked with Aleksandr Kogan, the creator of the "thisisyourdigitallife" app, "who has previously unreported links to a Russian university and took Russian grants for research," according to the article. Kogan "had a licence from Facebook to collect profile data, but it was for research purposes only. So when he hoovered up information for the commercial venture, he was violating the company's terms...
"At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential U.S. voters."
Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals... On Friday, four days after the Observer sought comment for this story, but more than two years after the data breach was first reported, Facebook announced that it was suspending Cambridge Analytica and Kogan from the platform, pending further information over misuse of data. Separately, Facebook's external lawyers warned the Observer on Friday it was making "false and defamatory" allegations, and reserved Facebook's legal position...
The evidence Wylie supplied to U.K. and U.S. authorities includes a letter from Facebook's own lawyers sent to him in August 2016, asking him to destroy any data he held that had been collected by GSR, the company set up by Kogan to harvest the profiles... Facebook did not pursue a response when the letter initially went unanswered for weeks because Wylie was travelling, nor did it follow up with forensic checks on his computers or storage, he said. "That to me was the most astonishing thing. They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back."
Wylie worked with Aleksandr Kogan, the creator of the "thisisyourdigitallife" app, "who has previously unreported links to a Russian university and took Russian grants for research," according to the article. Kogan "had a licence from Facebook to collect profile data, but it was for research purposes only. So when he hoovered up information for the commercial venture, he was violating the company's terms...
"At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential U.S. voters."
It includes private data. The app used to take everything.
And, yes, it is a breach. It doesn't matter what you set public, if you operate in the EU (and Cambridge is still in there), you abide by EU Data Protection laws. You are forbidden from collecting personal data without both a license and permission (they had neither) and you are forbidden from reselling it to a nation with weaker data protection laws (the U.S. included).
Every last one of those 50 million can sue Data Analytics. And they should. Even if they're awarded only £100 each, CA will deserve the consequences.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
First, it wasn't. This was stolen by malware in apps through private accounts with non-public access rights. RTFA.
Second, it's in violation of the CMA and DPA of the UK and EU. The EU takes these things seriously.
Third, it violated election laws in the U.S., along with civil service laws. Trump might not care, but the special prosecutor will, as will politicians who are up for re-election.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Oh, wow... Would hiring a British spy, who then engaged his contacts among Russians, qualify?
There is no crime described in TFA... At the most, there is a violation of Facebook's TOS...
In Soviet Washington the swamp drains you.
Unless youre a baker that doesn't want to make a cake for gays, and even gives you a reference to other bakers who will happily serve you, right?
Actually the baker in question was perfectly willing to make a cake for gays (the gays who sued had been long time customers). They merely refused to bake a cake celebrating the sexual relationship between the two gays.
The truth is that all men having power ought to be mistrusted. James Madison