Slashdot Mirror

← Back to Stories (view on slashdot.org)

Former Cambridge Analytica Employee Says Facebook Users Affected Could Be 'Much Greater Than 87 million' (theverge.com)

Posted by msmash on from the how-about-that dept.

Cambridge Analytica and its partners used data from previously unknown "Facebook-connected questionnaires" to obtain user data from the social media service, according to testimony from a former Cambridge Analytica employee. From a report: Brittany Kaiser provided evidence to the British Parliament today as part of a hearing on fake news. Kaiser, who worked on the business team at Cambridge Analytica's parent company until January of this year, wrote in a statement that she was "aware in a general sense of a wide range of surveys" used by Cambridge Analytica or its partners, and she said she believes the number of people whose Facebook data may have been compromised is likely higher than the widely reported 87 million.

45 comments

  1. Still can't figure out ... by WoodstockJeff · · Score: 4, Insightful

    ... how information you GAVE AWAY to unknown people is "compromised", just because it was used by someone you may not have wanted to know it?

    1. Re:Still can't figure out ... by iMadeGhostzilla · · Score: 4, Interesting

      It's in CA's interest to keep fanning this flame as they only profit if people -- and potential clients -- believe CA really helped change history.

    2. Re:Still can't figure out ... by Anonymous Coward · · Score: 1

      This.

      Assuming I'm one of the 87 million, how am I affected by this? Why should I care?

      What I post on Facebook is public. That's why I put it on Facebook. What I don't want public I don't put on Facebook.

      Why is this so hard for people to understand?

    3. Re:Still can't figure out ... by ausekilis · · Score: 2

      The information was freely given to Facebook - not to third parties.

      When you do a pen-test you set boundaries with the client up-front. Things like "just break into the DMZ" or "leave our customer database alone" are part of the contract. If you go in and gather that customer database, then that customer data is compromised (and you are in breach of contract). My understanding is FB only sells anonymous data, so CA gathering real sheeple data is where the "compromise' comes from.

    4. Re:Still can't figure out ... by Anonymous Coward · · Score: 0

      What I post on Facebook is public.

      That's explicitly not how it's supposed to work. Not all of the information shared with Facebook is "posted", e.g. Messenger conversations. Some of what you post to Facebook is meant to be public. This is known as your "public profile". It's not supposed to include everything you share to Facebook.

      Why is this so hard for people to understand?

      Like people who naively believe the TOS?

    5. Re:Still can't figure out ... by Xest · · Score: 2

      It's compromised because the data was given to Facebook, therefore the contract exists between the user and Facebook. Some users also gave permission for their data to be given to an app created by Alexsandr Kogan in his capacity as a researcher, but some of the data that Alexsandr Kogan took was from friends of people who gave permission for their data to be given to the app.

      There's two issues here, one is a bit of a grey area, the other is clearly illegal, and hence reasonable to class as a breach.

      The first issue, the one that's a grey area is the fact that Kogan gathered the data as an academic, but then used it commercially - even if this was hidden in a contract upon use of his app, there's a requirement in most European countries to get explicit consent for use of the data for marketing purposes. He didn't do that, he merely sold the data on for (political) marketing purposes without obtaining explicit consent.

      The second issue, that isn't a grey area, and is clearly illegal, is that he harvested data of friends of people who used his app - those people NEVER gave consent for him or his app to gather that data, and this is illegal in all EU countries. There's no clause to allow friends to give consent on your behalf to hand your data away under EU data protection law and their never has been, thus to harvest data not just of the person who signed up to your app, but of their friends as well who didn't sign up, is completely illegal in the EU.

      As Kogan is British, and performed these acts in the EU under British implementation of EU law, he's therefore clearly obtained data illegally, and that is why it's reasonable to call it a breach. He took data he had no legal basis to acquire and then profited from selling it on - that's no different to anyone else taking data they have no legal access to and selling it on like many cyber criminals do for a living.

      Now I'm not absolving Facebook - the fact Facebook made that friend data available in the first place even though there was no legal way for anyone to ever access or consume it in Europe is in itself something that has been known to be in breach of European law for some time, but the argument goes that it's an American company so it's fine to break European law, even at it's European subsidiaries operating in Europe with European staff. It's not of course, which is why Facebook is in so much shit now. When you have a presence and staff in a country or jurisdiction, then you have to play by their rules, else you get the fuck out, just as Google did when China tried to make them adhere to Chinese authoritarianism rather than have a search presence in the country.

      I agree the term "compromised" is classically tied to theft of data through technical exploitation of vulnerabilities, but I don't think it has to be. This is the equivalent of someone leaving a top secret file on a bus accidentally only for someone to steal it - no exploit was required, but the top secret data is still compromised in such a scenario, so I think use of the term is reasonable, even if it's not what we're used to.

    6. Re:Still can't figure out ... by AmiMoJo · · Score: 1

      The only down side being that they could get shut down or maybe even jail time in the UK.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:Still can't figure out ... by Anonymous Coward · · Score: 0

      Because actually you have little control over the information that Facebook can obtain about you. Although you may only present your most positive side to Facebook you are likely not even the primary source of information. The only information you provide to Facebook is the way in which you want to be perceived. Have you ever had a conversation about someone else in a message? Are you as careful with others information as you would be with your own?

    8. Re:Still can't figure out ... by Anonymous Coward · · Score: 1

      For the same reason that talking on the telephone has a reasonable expectation that only the other person can listen to the call.

    9. Re: Still can't figure out ... by Anonymous Coward · · Score: 0

      You're correct. If you use a social media server that you don't own and it's not housed on your property, why would anybody expect privacy? It's no longer private

    10. Re: Still can't figure out ... by Anonymous Coward · · Score: 0

      So my dropbox files and my emails on gmail are now public suddenly? /s

    11. Re:Still can't figure out ... by thsths · · Score: 1

      It is not about the data, it is what CA does with it. Basically they can write a different message for each of the 87 Million Facebook users, a different advert, a different party political program.

      And democracy only works if the options (the parties) are the same for everybody. Tailoring your party political program ultimately means that the winning party has no platform and no democratic legitimization to do anything.

    12. Re: Still can't figure out ... by wiretrip · · Score: 1

      OMG, Gmail? Seriously? Of course they are. Google have been scanning gmail for ever, that's why they set it up!

  2. The question I'm more interested in by damn_registrars · · Score: 4, Insightful

    How many non-users did Cambridge get information on? It's been known for some time - and was admitted in congress recently - that facebook has profiles for non-users as well as actual users. For myself and ... well, I'm told repeatedly that I am the only remaining person alive between the age of 8 and 80 who doesn't have a profile there ... it would be really interesting to know if Cambridge got information on "us" as well.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:The question I'm more interested in by skids · · Score: 3

      You're not alone. I wonder if we're in better standing to sue the pants off someone.

      (Congratulations, bleating sheep of America. You not only gave a huge social engineering war-chest to the evil corporations you ranted about on FaceBook, but also probably to the Evil Government you ranted about on FaceBook, and most certainly to the Evil Enemies of America you ranted about on FaceBook. I hope you are proud of yourselves.)

      --
      Someone had to do it.
    2. Re:The question I'm more interested in by Narcocide · · Score: 1

      Guaranteed if you had any friends or family on there, you're on there too. Probably this applies to co-workers in many situations as well.

    3. Re:The question I'm more interested in by chispito · · Score: 3, Interesting

      How many non-users did Cambridge get information on? It's been known for some time - and was admitted in congress recently - that facebook has profiles for non-users as well as actual users. For myself and ... well, I'm told repeatedly that I am the only remaining person alive between the age of 8 and 80 who doesn't have a profile there ... it would be really interesting to know if Cambridge got information on "us" as well.

      Citation please. Zuckerberg admitted to running analytics on anonymous users--you know, keeping web server logs--NOT to creating "shadow profiles," a term that still makes zero sense. I've read the Gizmodo article and I really think it comes down to somebody who doesn't understand what a relational database is and how trivial it is for FB to suggest contacts based on the loads of info your friends and family have already provided. There is no need to pre-generate anything.

      Simplified example: Friend A and Friend B frequently tagged you in pictures. They also tagged Stranger C. Do you know Stranger C?

      My suspicion is that they will simply stop suggesting contacts, as they should. Unfortunately, this doesn't prevent your friends and families from tagging you all over the place and providing all sorts of details about your life.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    4. Re:The question I'm more interested in by Anonymous Coward · · Score: 0

      Jokes on you, I only used facebook to creep out on girls.

    5. Re:The question I'm more interested in by Locke2005 · · Score: 0

      Young whippersnappers! Back in my day, when we wanted to stalk a girl, we had to sneak over to her house and HIDE IN THE BUSHES! Get offa my lawn! (Trump doesn't use Facebook to see what his old girlfriends are doing; he used PornHub!)

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    6. Re: The question I'm more interested in by DNS-and-BIND · · Score: 1

      Honestly I wonder why we bleating sheep even bother. Why have we not withdrawn all our armies from the wealthy nations of Europe and used that money to help our own people?

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    7. Re:The question I'm more interested in by Anonymous Coward · · Score: 0

      Trump doesn't use Facebook to see what his new girlfriends are doing; he uses PornHub!

      FTFY

    8. Re:The question I'm more interested in by Anonymous Coward · · Score: 0

      How many non-users did Cambridge get information on? It's been known for some time - and was admitted in congress recently - that facebook has profiles for non-users as well as actual users. For myself and ... well, I'm told repeatedly that I am the only remaining person alive between the age of 8 and 80 who doesn't have a profile there ... it would be really interesting to know if Cambridge got information on "us" as well.

      If someone took a photo of you at a party, posted it on their Facebook page and then tagged your image with your name then you have a Facebook profile. If you're in the phone contact list of an FB user that's allowed full access to the app then that's more information. You've now been linked with every other person in that list and in some cases their contacts as well. And then every website that you visit that has a Facebook tracker can follow you around the net. (you may be using something like NoScript but most people aren't)

  3. Ideal mix by Anonymous Coward · · Score: 0

    The ideal cross section of Facebook users is a 50/50 troll/bot mix.

  4. But as great as the deep state is . . . by Anonymous Coward · · Score: 0

    deep?

      No, not THE Deep State, but the Trump-Putin-Cohen-Broidy-Hannity-RNC deep state, which aims to ... hm, pluck and BBQ Hillary? No, of course not. It's to steal more money. Duh!

  5. Let me get this straight by Anonymous Coward · · Score: 1

    Facebook users ran an app that asked for permission to access the profile and then asked them a series of questions.
    So the users gave consent for the app to access their information, how is that compromised?

    1. Re:Let me get this straight by thsths · · Score: 1

      Well, for one, the app also accessed the information of all their friends, who did not give permission. That seems like a pretty significant breach to me. If 500 000 gave permission, and 87 000 000 profiles were harvested, that is a breach. A pretty big breach.

  6. Surprised? Nope ... by Anonymous Coward · · Score: 1

    All of these questionnaires and Facebook linked apps primarily exist to harvest your data, and sell it for ads.

    Nobody is making these things for your benefit, it's always been about corporate greed.

    Sorry people, but that's what Facebook is for, it just comes in the guise of something you think you can't live without.

    LOL, captcha: exploit

    That about sums it up.

  7. These are American companies by Anonymous Coward · · Score: 1

    but 13 Russian Twitter trolls swayed your entire electoral system! Not only is your president a joke, your whole electoral process is as fragile as a paper tiger in a typhoon!

    1. Re:These are American companies by syn3rg · · Score: 1

      I can't tell if this is satire or not.

      --
      The contents of this message have been doubly encrypted by ROT13
    2. Re:These are American companies by Anonymous Coward · · Score: 0

      No no, I believe that the multi-billion dollar advertising campaigns from the Democrats was able to be defeated by tweets like these

      https://www.recode.net/2017/10...

      seen once or twice by a few people. This can totally affect the opinion of millions of people bombarded all day by ads on CNN.

  8. No surprises here by Anonymous Coward · · Score: 0

    It's weird to me. Everyone is freaked out over CA because they... broke Facebook's Terms of Service? That doc nobody reads? Facebook exists to violate your privacy. That's how they make money. This is WHY people like me never made an account there. And even that barely helps--friends and family are happy to feed FB all kinds of info about me and I have zero control over that.

    If you're going to freak out about being manipulated, FB itself should scare you far more than CA does. It's still there gathering your data and sharing it with partners that can do whatever they want with it. There are thousands more CAs out there right now and you have no idea what they're doing with your data.

    But the media is likely to tell you that once CA is gone that everything is A-OK again and you don't have to worry about this.

    Problem is, you do. Turns out that a ToS can't stop people from sharing information any more than those FBI warnings stop people from copying movies. Funny that. Yes, this also means that laws are pretty useless, too. Only way to keep a secret is not to tell it to anyone.

  9. God forbid... by Anonymous Coward · · Score: 0

    someone actually comes along with documented proof that the CIA was involved in facebooks creation.

  10. Honest question by Lucas123 · · Score: 1

    Why should anyone care about the kind of information farmed from Facebook. I mean, it's not all THAT sensitive. People are acting like Cambridge Analytica gained access to electronic medical records or bank accounts. This is crap anyone whose your friend, or in many cases anyone period, can see.

    1. Re:Honest question by Quantum+gravity · · Score: 4, Insightful

      This is what Christopher Wylie (The whistleblower in the Facebook–Cambridge Analytica scandal) has to say about it:

      "So whenever you go, and you like something, you are giving me a clue as to who you are as a person. And so all of this can be captured very easily and run through an algorithm that learns who you are. When you go to work - right? - your co-workers only see one side of you. Your friends only see one side of you. But a computer sees all kinds of sides of you. And so we can get better than human level accuracy at predicting your behavior."

    2. Re:Honest question by Anonymous Coward · · Score: 0

      Why should anyone care about the kind of information farmed from Facebook. I mean, it's not all THAT sensitive

      Actually, some of those surveys contain questions which could give people insights to answering those idiotic standard security questions ...

      People may not fully realize what they're giving away in what seems like an innocent set of questions. Hell, Facebook wants half of that information for your damned profile ... DOB, school, that kind of stuff.

      People need to get into the mindset of understanding they simply can't trust stuff like this on the internet, because it's likely to be anything but safe.

      It's bad enough that banks and other things you need to use have such moronic canned questions (often pretty much the same set), but at that point, providing that to anybody else is just dangerous.

    3. Re:Honest question by Lucas123 · · Score: 1

      That's a really great explanation. Honestly, it just seemed to me that Cambridge Analytics just cheated the system and got some survey-like data from Facebook that they sold off.

    4. Re:Honest question by Xest · · Score: 1

      There's a pretty good explainer on the BBC here:

      http://www.bbc.co.uk/news/av/t...

    5. Re:Honest question by Quantum+gravity · · Score: 1

      Besides the 120-question survey, Cambridge Analytica's app would download information from a your profile, like education, where you lived and worked, your relationship status, and your “likes”. It was also possible, at that time, to do the same for your friends.

  11. Analytica & Others 0wn3d Every FB User, Then S by JBrow · · Score: 1

    The expectation of privacy is invalid. Assume that everyone is "compromised" on FB. Live with facts. Live as though your privacy is no more. I learned this a long time ago when I got my Amateur Radio License KJ7L. I'm world-searchable via the FCC.gov website for just being a Ham Radio guy. Thus, how should I expect my privacy to be anything but a smoke screen?

    --
    --- You are in a little twisty maze of comments, all different.
  12. Re:Analytica & Others 0wn3d Every FB User, The by Anonymous Coward · · Score: 0

    Except your less likely to be censored and less likely to be tracked as it is not filtered through a Facebook algo and more one on one.

  13. What Zuckerberg does with 2.2 BILLION accounts . . by Anonymous Coward · · Score: 0

    That is the question.

    Cambridge Analytica is small potatoes -- a misdirection