by_adr - Fotolia

Illegitimate Facebook data harvesting may have affected elections

A whistleblower claims a company with suspicious motives exploited Facebook data harvesting to build profiles on 50 million users and influence the 2016 U.S. presidential election and Brexit vote.

New evidence claims to show a company exploited Facebook data harvesting access to build profiles on 50 million users and influence elections around the world, including the 2016 U.S. presidential election and U.K. Brexit vote.

Facebook has suspended both political data analytics firm Cambridge Analytica and its parent company, Strategic Communication Laboratories (SCL), from the social network for violating its privacy policy and gathering user data through an intermediary.

"In 2015, we learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/Cambridge Analytica, a firm that does political, government and military work around the globe," Facebook wrote in a blog post. "He also passed that data to Christopher Wylie of Eunoia Technologies, Inc."

The company asserted the Facebook data harvesting was not a breach because users gave permission to Kogan's app to "access information such as the city they set on their profile, or content they had liked, as well as more limited information about friends who had their privacy settings set to allow it."

However, Kogan reportedly broke trust by then sharing the Facebook user data with Cambridge Analytica and SCL.

According to Facebook, 270,000 people willingly downloaded Kogan's app and gave it permissions to gather certain data, but Wylie, former head of research for Cambridge Analytica, claimed the profiles of more than 50 million users were gathered in order to build psychological profiles on users and influence the 2016 U.S. presidential election.

This is not the first time Cambridge Analytica and SCL have been accused of election tampering. SCL has been connected to election-rigging attempts around the globe. In 2015, The Guardian reported Cambridge Analytica was helping both the Ted Cruz and Ben Carson presidential campaigns using Facebook user data from an online survey. In 2017, The Intercept accused Cambridge Analytica and Kogan of improperly harvesting Facebook user data on 30 million users

However, the difference now is Wylie blowing the whistle and providing data to The Guardian and The Observer to prove how Cambridge Analytica ultimately created psychological profiles on 230 million Americans and used the data to help the Donald Trump campaign under the direction of Trump's former chief strategist, Steve Bannon.

Cambridge Analytica, which has a history of bullying and demeaning any news outlet that reports negative stories about it, denied using any data gathered from Facebook "as part of the services it provided to the Donald Trump 2016 presidential campaign." The company asserted Global Science Research -- contracted by Cambridge Analytica -- "obtained Facebook data via an API provided by Facebook."

"When it subsequently became clear that the data had not been obtained by GSR in line with Facebook's terms of service, Cambridge Analytica deleted all data received from GSR," Cambridge Analytica wrote in a public statement. "We worked with Facebook over this period to ensure that they were satisfied that we had not knowingly breached any of Facebook's terms of service and also provided a signed statement to confirm that all Facebook data and their derivatives had been deleted."

The Guardian reported that Wylie has a copy of the signed contract between SCL and GSR for the "harvesting and processing of Facebook data, so that it could be matched to personality traits and voter rolls."

Wylie even claimed to have a letter from 2014 in which Facebook lawyers admitted Cambridge Analytica had harvested the data improperly.

Cambridge Analytica reportedly improperly harvested Facebook user data for purposes of influencing elections
Cambridge Analytica reportedly improperly harvested Facebook user data for purposes of influencing elections

Facebook data harvesting fallout

Throughout the unfolding story of how Cambridge Analytica abused Facebook data harvesting access to gather this data, Facebook has not answered questions regarding when it learned of the breach of trust by Cambridge Analytica, and CEO Mark Zuckerberg has not commented at all.

Meanwhile, both U.S. and U.K. government officials have begun to take action against Facebook. Damian Collins, a member of U.K. Parliament, and Sen. Ron Wyden (D-Ore.), sent letters requesting Zuckerberg give oral testimony to their respective governments regarding the alleged improper Facebook data harvesting by Cambridge Analytica.

Additionally, the U.S. Federal Trade Commission has begun an investigation into whether the Facebook data harvesting issues violate a 2011 agreement in which Facebook agreed to more transparent sharing permissions in order to avoid users accidentally sharing more information than intended.

Paul Bischoff, privacy advocate at U.K.-based Comparitech, said Facebook needs to do more to resolve privacy issues, because its settings can be confusing to users.

"Facebook users can and should take matters into their own hands. You can disable the option to allow friends' apps to glean information from your account. This setting is in the apps menu, and not in the privacy menu. Most people don't look here, and Facebook never instructs users to do so in its Privacy Checkups," Bischoff told SearchSecurity. "By disabling this feature, you can prevent companies like Cambridge Analytica from getting their hands on your data through friends' apps."

Andy Patel, cybersecurity researcher from global cybersecurity tech provider F-Secure, said the potential risks in Facebook data harvesting extend far beyond the news of Cambridge Analytica.

"Cambridge Analytica had/has access to the same information as anyone else using Facebook for business purposes. Other firms are most certainly harvesting data in a similar manner in order to more accurately target their own marketing campaigns," Patel told SearchSecurity via email. "Businesses won't change the way they collect, store or use Facebook data unless Facebook decides to introduce further limits on what information can be obtained via their API."

Next Steps

Election data revolutionizes the running of campaigns

Dig Deeper on Compliance

Enterprise Desktop
Cloud Computing