Did Cambridge Analytica Harvest 50 Million Facebook Profiles?

Slashdot reader umafuckit shared this article from The Guardian: The data analytics firm that worked with Donald Trump's election team and the winning Brexit campaign harvested millions of Facebook profiles of U.S. voters, in one of the tech giant's biggest ever data breaches, and used them to build a powerful software program to predict and influence choices at the ballot box... Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer: "We exploited Facebook to harvest millions of people's profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on."

Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals... On Friday, four days after the Observer sought comment for this story, but more than two years after the data breach was first reported, Facebook announced that it was suspending Cambridge Analytica and Kogan from the platform, pending further information over misuse of data. Separately, Facebook's external lawyers warned the Observer on Friday it was making "false and defamatory" allegations, and reserved Facebook's legal position...

The evidence Wylie supplied to U.K. and U.S. authorities includes a letter from Facebook's own lawyers sent to him in August 2016, asking him to destroy any data he held that had been collected by GSR, the company set up by Kogan to harvest the profiles... Facebook did not pursue a response when the letter initially went unanswered for weeks because Wylie was travelling, nor did it follow up with forensic checks on his computers or storage, he said. "That to me was the most astonishing thing. They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back."
Wylie worked with Aleksandr Kogan, the creator of the "thisisyourdigitallife" app, "who has previously unreported links to a Russian university and took Russian grants for research," according to the article. Kogan "had a licence from Facebook to collect profile data, but it was for research purposes only. So when he hoovered up information for the commercial venture, he was violating the company's terms...

"At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential U.S. voters."

Re:This is a "Breach"?

[vux984]

The same way a restaurateur can refuse to serve a customer who previously made a mess of your dining room.

Facebook may be 'facing the public' but its still a private service and it can decide not to provide service, or do business with anyone it wants pretty much for any reason, at any time. The ToS maybe "bullshit", but its not even necessary... they don't have to wait until you violate the ToS they can decide they just don't like your face, without any ToS at all.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: Like it matters....

-1? This is kinda true though. If you don't follow the social media expectations for political views, then they cut you off. How many liberal posts make it on Fox? If anything, this proves Facebook is taking sides and is not apolitical.

Re: Like it matters....

[jd]

No, Republicans only try to believe that.

Regardless, data theft is a criminal enterprise, conspiracy to defraud is a criminal enterprise, violation of US election laws by involving foreign nationals is a criminal enterprise, government agencies conspiring to defraud the electorate is - essentially - treason, and Cambridge Analytics violated EU data protection laws on top of all that.

Fine, arrest everyone who is guilty of such a crime, throw the lot in a SuperMAX and never let them see the light of day again. Exonerate no-one. If that means incarcerating the entire DNC as well as the GOP and half the intelligence services, who the hell cares? Take the criminals off the streets, every last one of them.

Re: I'm more concerned about shadow profiles

[jd]

Cambridge Analystics is in the EU. Different rules. Each profile stolen violates the Data Protection Act and European Human Rights, regardless of where the person was located, because the data was stored in Europe and CA was a European company under European law.

If those 50 million sued, they'd win, because under the DPA your data cannot be transferred from the E.U. to any country with weaker protections.

Furthermore, the U.S. election laws forbid foreign national involvement, violations of the fourth for electioneering and spying on American nationals by US agencies even via third parties.

If this goes to court, the proverbial fan will be crushed under the impact.

Re: BS story

[jd]

No, you didn't RTFA.

And they admit they wrote malware, specifically a logic bomb, that downloaded private and confidential information, a clear-cut example of violating the Computer Misuse Act in addition to the Data Protection Act.

If this reaches court before Brexit, Facebook will be liable for at least £5 billion and CA will be crushed into oblivion. Possibly taking Cambridge University with it, if it's shown the university was aware of the activities.