Cambridge Analytica 2 - ICO Rides Forth

[Zetetic]

As far as I can tell (and yes, that's telling in itself) - it was mostly about suggesting to people that they 'Share' this or that message with these friends on the basis of information shared, by those friends, with the campaign - including simply voter list. Or possibly pseudonymous demographics, I'm not sure.

Creepy, unclear, opaque? Yes. Worth discussing? Yes.

[Zetetic]

Or you could kill any discussion about any of it but blankly saying that it's all the same anyway, and waving any attempt to actually investigate any flagrant transgressions of our existing too-weak data protection laws is a 'red herring'.

Even if you believed that, you'd still recognise the difference as relevant to pursuing the wider issue properly.

[Zetetic]

I mean here's a Forbes article that tries to insist that the two are extremely similar (and alleges bias on Facebook's part), fails to properly tackle the DPA implications (which is perhaps more forgivable given the context) and so on but it still manages all that without coming across like an ass trying to disable any consideration of the problems.

[Johnny Yesno]

Great. Another thread in which biggy talks bollocks authoritatively.

[manticore]

Well, judging from that Forbes article, in my limited understanding there is indeed a fag paper's difference between what the Trump campaign did and what Obama did.

'Yes but your friend gave us permission to burgle your house'. 'Oh well that's okay then'.

[Zetetic]

"Burgle your house" there is misleading - as far as I can tell people didn't share info about their friends beyond the fact that they were friends, which resulted in being able build a social graph, and suggest sharing messages. That's different - to my mind - about sharing personal information about your friends other than the fact of your friendship with them. The linkage is worth discussing as well, to be sure.

Should you ever be able to share that you're friends with this person? Or that person? (Or these type of people?)



It's not just about the friend's list - although that's important.

It's also about that information and the other personal data collected.

In one case, people shared information about themselves (including who they're friends with) for the purpose of scientific research with organisation A who then passed it - seemingly with identifying information - to organisation B to use for political campaigning. (Without consent or even telling the people involved.)

In the other case, people shared information about themselves with organisation A for the explicit purpose of helping with a particular political campaign that they supported.

[Zetetic]

The Forbes article shrugs that off with "the claims that Facebook data was collected for academic research and then made available to a commercial enterprise are hardly unsurprising for anyone familiar with the processes and procedures at most top US research universities".

Right - but that's illegal here without the appropriate justifications for sharing and that's why it's a useful toe in the door to begin challenging the wider issue.

(Edit: I think that the Forbes article does misunderstand the allegations to extent about the data sharing - "it is likely Cambridge Analytica could easily have simply funded the necessary research directly at a university to ensure all usage was still considered to be academic in nature" is bollocks.)

[Johnny Yesno]

The Forbes article shrugs that off with "the claims that Facebook data was collected for academic research and then made available to a commercial enterprise are hardly unsurprising for anyone familiar with the processes and procedures at most top US research universities".

Right - but that's illegal here without the appropriate justifications for sharing and that's why it's a useful toe in the door to begin challenging the wider issue.

(Edit: I think that the Forbes article does misunderstand the allegations to extent about the data sharing - "it is likely Cambridge Analytica could easily have simply funded the necessary research directly at a university to ensure all usage was still considered to be academic in nature" is bollocks.)

Doesn't the data have to be anonymised when academic research is made available to commercial enterprises in the US?

[Zetetic]

I wouldn't know for certain - I don't believe it actually matters in this case, because of Cambridge Analytica being based here.

[Johnny Yesno]

I wouldn't know for certain - I don't believe it actually matters in this case, because of Cambridge Analytica being based here.

Good point, but I was wondering about accuracy of the 'hardly unsurprising' bit of the Forbes article.

[Johnny Yesno]

https://www.eugdpr.org/

Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company's location.

Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).

Enforcement date: 25 May 2018

Balls.

[Howj Begg]

https://news.vice.com/en_us/article/bjp87a/cambridge-analytica-bragged-about-using-fake-news-bribes-and-ukranian-hookers-to-influence-elections

[marquis_de_sad]

Mark Zuckerberg Has Lost $5 Billion So Far Today Amid Facebook Data Controversy

[Buelligan]

Incidentally, I cannot think of a better way to make the population at large feel more helpless about controlling their own information than insisting:
1. "Choosing to share information for a particular express purpose to benefit you" is identical to "information being shared about you without your for someone else's purposes".
2. The only way to assert control is to cut yourself off from everyone around you.

I absolutely agree with this.  I think personal information should be enshrined as the intellectual property of the individual concerned and no one should have the right to access or share it (apart from that individual and then only where conclusive proof exists that they have been fully informed as to any potential use of the material and they agree to it). 

IMO, personal information is more valuable than money - money can be replaced, personal information, once shared loses its singular quality of being personal and private, like virginity, something that cannot be restored.  Companies that breach this, stealing material, for whatever reason, should face the stiffest of penalties (IMO, at its worst, it is a form of rape).  I also think it should be illegal for individuals or groups to share information (any private personal information) about a third party (friend). 

Of course, this opens up huge issues with how we communicate.  Humans, over aeons, have developed delicate rules for data sharing in our cultures that, on the whole, work for us as individual humans.  Global businesses are forcing their way into our lives and destroying these conventions, something has to give.  I think it should always be the rights or powers of business - where that impinges on the lives of individuals but this needs a lot of work and thought to find the point where people are protected whilst still free to live as happy social animals.  IMO, we're a long way off that at the moment.

I also object enormously to this habit/encouragement of posting photographs online with everyone in them labelled.  Who is that for?  It's an absolute invasion of personal privacy and should never, ever, be done without the explicit permission of those in the image.  I never allow my photograph to be taken and haven't for years, for this reason.

[AllisonSays]

That's interesting, Buelligan. What I would say is that it seems like the generations of children younger than me seem to be less prone to sharing lots of things on social media, at least , that's my impression. I'm of the age where social media became a cultural phenomenon just as I was the age to be into it, as a teenager, and I guess I don't feel anything like your anxiety about, for instance, photographs. Which isn't intended to diminish your own feeling - it's just striking and presumably a kind of generational marker that a few easily-Googleable images of me existing online doesn't bother me at all.

I used to have some shit and Googleable poetry online which I have definitely deleted, though. Mortifying, albeit no use to Cambridge Analytica.

[biggytitbo]

The best thing about this story is that it shines more light on facebook themselves, who are the real problem, not CA who are snake oil salesman amongst many others. The ludicrously overblown way the relatively minor indiscretion (in terms of facebook, the other stuff the did was another matter) suggests this is a partizan story because it was Trump, when obviously the real issue is the fact Facebook is abke to harvest so much data in such an opaque way at all.

[marquis_de_sad]

Don't forget Brexit too.

[biggytitbo]

It's funny that they only give a shit about this now, because the dems and the rest of the centralist establishment are still stinging with bitterness and scrabbling for excuses as to why Trump won. Its amusingly disengenious but if it means we finally tackle surveillance companies like Facebook then good.

[Zetetic]

I don't think that's the only reason, although its part of it. A reflection on the wider problem thanks to a bad outcome wrought by obviously unpleasant people.

Another part if it is the breach of existing data protection law in the UK as has now been explained to you several times. For all the problems with "consent" as currently realised, using data that someone shared with you for one purpose for a very different purpose matters.

It can be both .

[Pdine]

Doesn't the data have to be anonymised when academic research is made available to commercial enterprises in the US?

If it is properly anonymised it stops being subject to Data Protection legislation. However it is extremely hard to anonymise this kind of data without substantial aggregation. Person-level information can often be de-anonymised easily using other publicly available data. If that's the case, and as a data controller you could be reasonably expected to know that, then person-level anonymisation becomes impossible and the data remains subject to the act. In terms of the current research exemption, this

http://www.adls.ac.uk/wp-content/uploads/2011/04/Section-33-of-the-DPA-a-practical-note-for-researchers.pdf

gives a good summary as I understand it. As noted above though, this will all change in May, with data controllers getting more responsibilities around informing subjects, documenting their processing and preparing internal risk assessments on behalf of data subjects. GDPR does also, though, expand the range of organisations able to claim that their activities are research.

[Zetetic]

"In the US" was a significant part of Johnny Yesno's post.

[biggytitbo]

He problem is when you have billions of people in the network, and the network is connected to countless other networks, data mining can deanonymize 'anonymous' data alarmingly easily.

[Pdine]

Another part if it is the breach of existing data protection law in the UK as has now been explained to you several times. For all the problems with "consent" as currently realised, using data that someone shared with you for one purpose for a very different purpose matters.

Yes, I'd agree with this, and I'm sad to see Biggy once again la-la-laing through information that doesn't fit his pre-selected explanations. The Obama app and this are distinct in terms of what they did and how they did it, hand-wavy attempts to blur the distinction notwithstanding.

[Pdine]

"In the US" was a significant part of Johnny Yesno's post.

I don't really think so, if the data controller is in the EU.

[biggytitbo]

They're not different in any substantive way, they both highlight that the problem is Facebook and the fact it is a survellence operation disguised as a social media platform.

[Pdine]

They're not different in any substantive way,

That's not right. One is far more likely to be in compliance with data protection law than the other, for numerous reasons. That's a substantive difference in terms of the subject of this thread...

they both highlight that the problem is Facebook and the fact it is a survellence operation disguised as a social media platform.

...but less so in terms of the point you are making. I agree that Facebook is monstrous and personally I have no profile for that reason. This thread, though, is at least in part about misuse of personal data and the legal ramifications of that, and for those purposes the distinction between the Obama app and the Cambridge Analytica activity is substantive.

Anyway - if this article is correct:

https://motherboard.vice.com/en_us/article/mg9vvn/how-our-likes-helped-trump-win

...it would seem that Cambridge University is at least off the hook with the ICO. CA lifted their technique to reproduce their data independently.

[Zetetic]

I don't really think so, if the data controller is in the EU.

Well, no, I agree. But Yesno was concerned if Forbes was right in its characterisation when that isn't the case.

[Pdine]

Well, no, I agree. But Yesno was concerned if Forbes was right in its characterisation when that isn't the case.

I really don't know if that is the case with a US commercial enterprise funding research at a US research university. Here it would be a clear breach, but the US has large unregulated gaps in its data privacy framework.

[Straight Faced Customer]

I was watching C4 last night thinking, 'this is all so very, very white.' Even the name should set off alarm bells.

I've always been of the belief that if you need Facebook to tell you what's Fake News and what isn't, then perhaps you need to have a long dark night of the soul ASAP.

[Johnny Yesno]

Well, no, I agree. But Yesno was concerned if Forbes was right in its characterisation when that isn't the case.

This is correct. Forbes was rather pompously suggesting what they were saying about data protection was obvious, when it sounded unlikely to me. But thanks to you and Pdine for the additional information. I appreciate the significance, even if biggy has used this as an excuse to hop aboard one of his usual hobby horses, as he always does.