Former Cambridge Analytica Employee Says Facebook Users Affected Could Be 'Much Greater Than 87 million' (theverge.com)

← Back to Stories (view on slashdot.org)

Former Cambridge Analytica Employee Says Facebook Users Affected Could Be 'Much Greater Than 87 million' (theverge.com)

Posted by msmash on Tuesday April 17, 2018 @05:25AM from the how-about-that dept.

Cambridge Analytica and its partners used data from previously unknown "Facebook-connected questionnaires" to obtain user data from the social media service, according to testimony from a former Cambridge Analytica employee. From a report: Brittany Kaiser provided evidence to the British Parliament today as part of a hearing on fake news. Kaiser, who worked on the business team at Cambridge Analytica's parent company until January of this year, wrote in a statement that she was "aware in a general sense of a wide range of surveys" used by Cambridge Analytica or its partners, and she said she believes the number of people whose Facebook data may have been compromised is likely higher than the widely reported 87 million.

25 of 45 comments (clear)

Min score:

Reason:

Sort:

Still can't figure out ... by WoodstockJeff · 2018-04-17 05:31 · Score: 4, Insightful

... how information you GAVE AWAY to unknown people is "compromised", just because it was used by someone you may not have wanted to know it?
1. Re:Still can't figure out ... by iMadeGhostzilla · 2018-04-17 05:57 · Score: 4, Interesting
  
  It's in CA's interest to keep fanning this flame as they only profit if people -- and potential clients -- believe CA really helped change history.
2. Re:Still can't figure out ... by Anonymous Coward · 2018-04-17 05:58 · Score: 1
  
  This.
  Assuming I'm one of the 87 million, how am I affected by this? Why should I care?
  What I post on Facebook is public. That's why I put it on Facebook. What I don't want public I don't put on Facebook.
  Why is this so hard for people to understand?
3. Re:Still can't figure out ... by ausekilis · 2018-04-17 06:04 · Score: 2
  
  The information was freely given to Facebook - not to third parties.
  When you do a pen-test you set boundaries with the client up-front. Things like "just break into the DMZ" or "leave our customer database alone" are part of the contract. If you go in and gather that customer database, then that customer data is compromised (and you are in breach of contract). My understanding is FB only sells anonymous data, so CA gathering real sheeple data is where the "compromise' comes from.
4. Re:Still can't figure out ... by Xest · 2018-04-17 07:50 · Score: 2
  
  It's compromised because the data was given to Facebook, therefore the contract exists between the user and Facebook. Some users also gave permission for their data to be given to an app created by Alexsandr Kogan in his capacity as a researcher, but some of the data that Alexsandr Kogan took was from friends of people who gave permission for their data to be given to the app.
  There's two issues here, one is a bit of a grey area, the other is clearly illegal, and hence reasonable to class as a breach.
  The first issue, the one that's a grey area is the fact that Kogan gathered the data as an academic, but then used it commercially - even if this was hidden in a contract upon use of his app, there's a requirement in most European countries to get explicit consent for use of the data for marketing purposes. He didn't do that, he merely sold the data on for (political) marketing purposes without obtaining explicit consent.
  The second issue, that isn't a grey area, and is clearly illegal, is that he harvested data of friends of people who used his app - those people NEVER gave consent for him or his app to gather that data, and this is illegal in all EU countries. There's no clause to allow friends to give consent on your behalf to hand your data away under EU data protection law and their never has been, thus to harvest data not just of the person who signed up to your app, but of their friends as well who didn't sign up, is completely illegal in the EU.
  As Kogan is British, and performed these acts in the EU under British implementation of EU law, he's therefore clearly obtained data illegally, and that is why it's reasonable to call it a breach. He took data he had no legal basis to acquire and then profited from selling it on - that's no different to anyone else taking data they have no legal access to and selling it on like many cyber criminals do for a living.
  Now I'm not absolving Facebook - the fact Facebook made that friend data available in the first place even though there was no legal way for anyone to ever access or consume it in Europe is in itself something that has been known to be in breach of European law for some time, but the argument goes that it's an American company so it's fine to break European law, even at it's European subsidiaries operating in Europe with European staff. It's not of course, which is why Facebook is in so much shit now. When you have a presence and staff in a country or jurisdiction, then you have to play by their rules, else you get the fuck out, just as Google did when China tried to make them adhere to Chinese authoritarianism rather than have a search presence in the country.
  I agree the term "compromised" is classically tied to theft of data through technical exploitation of vulnerabilities, but I don't think it has to be. This is the equivalent of someone leaving a top secret file on a bus accidentally only for someone to steal it - no exploit was required, but the top secret data is still compromised in such a scenario, so I think use of the term is reasonable, even if it's not what we're used to.
5. Re:Still can't figure out ... by AmiMoJo · 2018-04-17 08:36 · Score: 1
  
  The only down side being that they could get shut down or maybe even jail time in the UK.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
6. Re:Still can't figure out ... by Anonymous Coward · 2018-04-17 08:45 · Score: 1
  
  For the same reason that talking on the telephone has a reasonable expectation that only the other person can listen to the call.
7. Re:Still can't figure out ... by thsths · 2018-04-17 19:25 · Score: 1
  
  It is not about the data, it is what CA does with it. Basically they can write a different message for each of the 87 Million Facebook users, a different advert, a different party political program.
  And democracy only works if the options (the parties) are the same for everybody. Tailoring your party political program ultimately means that the winning party has no platform and no democratic legitimization to do anything.
8. Re: Still can't figure out ... by wiretrip · 2018-04-17 22:05 · Score: 1
  
  OMG, Gmail? Seriously? Of course they are. Google have been scanning gmail for ever, that's why they set it up!
The question I'm more interested in by damn_registrars · 2018-04-17 05:32 · Score: 4, Insightful

How many non-users did Cambridge get information on? It's been known for some time - and was admitted in congress recently - that facebook has profiles for non-users as well as actual users. For myself and ... well, I'm told repeatedly that I am the only remaining person alive between the age of 8 and 80 who doesn't have a profile there ... it would be really interesting to know if Cambridge got information on "us" as well.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:The question I'm more interested in by skids · 2018-04-17 05:41 · Score: 3
  
  You're not alone. I wonder if we're in better standing to sue the pants off someone.
  (Congratulations, bleating sheep of America. You not only gave a huge social engineering war-chest to the evil corporations you ranted about on FaceBook, but also probably to the Evil Government you ranted about on FaceBook, and most certainly to the Evil Enemies of America you ranted about on FaceBook. I hope you are proud of yourselves.)
  
  --
  Someone had to do it.
2. Re:The question I'm more interested in by Narcocide · 2018-04-17 05:54 · Score: 1
  
  Guaranteed if you had any friends or family on there, you're on there too. Probably this applies to co-workers in many situations as well.
3. Re:The question I'm more interested in by chispito · 2018-04-17 06:01 · Score: 3, Interesting
  
  How many non-users did Cambridge get information on? It's been known for some time - and was admitted in congress recently - that facebook has profiles for non-users as well as actual users. For myself and ... well, I'm told repeatedly that I am the only remaining person alive between the age of 8 and 80 who doesn't have a profile there ... it would be really interesting to know if Cambridge got information on "us" as well.
  Citation please. Zuckerberg admitted to running analytics on anonymous users--you know, keeping web server logs--NOT to creating "shadow profiles," a term that still makes zero sense. I've read the Gizmodo article and I really think it comes down to somebody who doesn't understand what a relational database is and how trivial it is for FB to suggest contacts based on the loads of info your friends and family have already provided. There is no need to pre-generate anything.
  
  Simplified example: Friend A and Friend B frequently tagged you in pictures. They also tagged Stranger C. Do you know Stranger C?
  
  My suspicion is that they will simply stop suggesting contacts, as they should. Unfortunately, this doesn't prevent your friends and families from tagging you all over the place and providing all sorts of details about your life.
  
  --
  The Daddy casts sleep on the Baby. The Baby resists!
4. Re: The question I'm more interested in by DNS-and-BIND · 2018-04-17 08:06 · Score: 1
  
  Honestly I wonder why we bleating sheep even bother. Why have we not withdrawn all our armies from the wealthy nations of Europe and used that money to help our own people?
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Let me get this straight by Anonymous Coward · 2018-04-17 05:40 · Score: 1

Facebook users ran an app that asked for permission to access the profile and then asked them a series of questions.
So the users gave consent for the app to access their information, how is that compromised?
1. Re:Let me get this straight by thsths · 2018-04-17 19:33 · Score: 1
  
  Well, for one, the app also accessed the information of all their friends, who did not give permission. That seems like a pretty significant breach to me. If 500 000 gave permission, and 87 000 000 profiles were harvested, that is a breach. A pretty big breach.
Surprised? Nope ... by Anonymous Coward · 2018-04-17 05:43 · Score: 1

All of these questionnaires and Facebook linked apps primarily exist to harvest your data, and sell it for ads.
Nobody is making these things for your benefit, it's always been about corporate greed.
Sorry people, but that's what Facebook is for, it just comes in the guise of something you think you can't live without.
LOL, captcha: exploit
That about sums it up.
These are American companies by Anonymous Coward · 2018-04-17 05:51 · Score: 1

but 13 Russian Twitter trolls swayed your entire electoral system! Not only is your president a joke, your whole electoral process is as fragile as a paper tiger in a typhoon!
1. Re:These are American companies by syn3rg · 2018-04-17 07:36 · Score: 1
  
  I can't tell if this is satire or not.
  
  --
  The contents of this message have been doubly encrypted by ROT13
Honest question by Lucas123 · 2018-04-17 06:27 · Score: 1

Why should anyone care about the kind of information farmed from Facebook. I mean, it's not all THAT sensitive. People are acting like Cambridge Analytica gained access to electronic medical records or bank accounts. This is crap anyone whose your friend, or in many cases anyone period, can see.
1. Re:Honest question by Quantum+gravity · 2018-04-17 06:48 · Score: 4, Insightful
  
  This is what Christopher Wylie (The whistleblower in the Facebook–Cambridge Analytica scandal) has to say about it:
  
  "So whenever you go, and you like something, you are giving me a clue as to who you are as a person. And so all of this can be captured very easily and run through an algorithm that learns who you are. When you go to work - right? - your co-workers only see one side of you. Your friends only see one side of you. But a computer sees all kinds of sides of you. And so we can get better than human level accuracy at predicting your behavior."
2. Re:Honest question by Lucas123 · 2018-04-17 06:54 · Score: 1
  
  That's a really great explanation. Honestly, it just seemed to me that Cambridge Analytics just cheated the system and got some survey-like data from Facebook that they sold off.
3. Re:Honest question by Xest · 2018-04-17 08:00 · Score: 1
  
  There's a pretty good explainer on the BBC here:
  http://www.bbc.co.uk/news/av/t...
4. Re:Honest question by Quantum+gravity · 2018-04-17 08:02 · Score: 1
  
  Besides the 120-question survey, Cambridge Analytica's app would download information from a your profile, like education, where you lived and worked, your relationship status, and your “likes”. It was also possible, at that time, to do the same for your friends.
Analytica & Others 0wn3d Every FB User, Then S by JBrow · 2018-04-17 08:10 · Score: 1

The expectation of privacy is invalid. Assume that everyone is "compromised" on FB. Live with facts. Live as though your privacy is no more. I learned this a long time ago when I got my Amateur Radio License KJ7L. I'm world-searchable via the FCC.gov website for just being a Ham Radio guy. Thus, how should I expect my privacy to be anything but a smoke screen?

--
--- You are in a little twisty maze of comments, all different.