Cambridge Analytica Suspended from Facebook Operations–Zuckerberg Testifies

By Teddy Calderone

Photo courtesy of

Photo courtesy of

Cambridge Analytica (CA), a privately held data mining and analysis company, has been suspended from purchasing ads on Facebook and denied administration of its clients’ Facebook accounts. On March 16, Facebook announced in a blog post that it would be suspending the political consulting firm from its platform indefinitely. This news comes after reports from both The New York Times and The Reporter that CA had acquired personal information from Facebook via an external source and subsequently used it to supplement their behavioral microtargeting practices.

What is CA?

CA was formed in 2013 as a US branch of its UK based parent company, Strategic Communications Laboratories (SCL) Group. SCL Group, founded in 1993, has been involved in over 25 international political and electoral campaigns since 1994 and has had its services employed by militaries, governments, and politicians for the purpose of manipulating public opinion. As such, SCL Group describes itself as a “global election management agency”.

This “management of global elections” is carried out by what is known as “psychographic” profiling. This type of profiling involves the use of data collected from online sources (e.g. Facebook) to create personality profiles for voters. These personality profiles then allow data analytics firms such as CA and SCL Group to tailor messaging that better targets and persuades voters based on the data provided by their profiles. Typically, this type of political targeting is based on demographics such as age, race, and gender, and, while generally useful, a political targeting model based on specific personality traits would yield even better results in terms of the desired voting manipulation.

Where did CA come from?

Back in 2013, word of SCL Group’s work had reached Steve Bannon who was, at the time, a trusted political advisor to conservative mega-donors Robert and Rebekah Mercer. Intrigued by this work, Bannon and the Mercers proceeded to contact the UK based firm about a possible expansion of their practices into US politics. In response, SCL Group pitched to Bannon and the Mercers what would later become known as Cambridge Analytica. SCL Group was subsequently able to secure $15 million from the Mercers to jumpstart this US expansion through its claims that its political targeting services would include survey questions that measure the 5 “OCEAN” personality traits–Openness, Conscientiousness, Extraversion, Agreeableness, and Neuroticism–not just your conventional age, race, gender, location, etc. SCL Group claimed that these questions would then be used to create personality profiles so that the firm would be able to tailor messaging that would better persuade voters.

Thus, CA was born. Soon after beginning operations, the firm became involved in various Congressional, Senate, and State-level elections during the 2014 midterms, before landing its first big job with the Cruz campaign (Ted Cruz’s bid for president in the 2016 election) in 2014 as a prerequisite for receiving Mercer donation money. According to a report from the New York Times, however, CA’s operations did not end well with the Cruz campaign, with the campaign disputing a $2.5 million invoice from the firm (the Cruz campaign spent close to $6 million on CA operations in total).

After Cruz dropped out of the 2016 Republican presidential nomination, CA began working for the Trump campaign. Although the Trump campaign ultimately spent less than $1 million on data work, CA had been encouraged to work for the campaign as Mercer money both directly and indirectly (through affiliated super-PACs) funded their operations. It should be noted that the Mercers threw their support behind Trump after Cruz dropped out of the nomination.

What Happened?

Back in 2015 (as reported by the NYT), Facebook learned that Dr. Alexsandr Kogan, a Cambridge University lecturer, had collected personal data from over 270,000 Facebook users (in compliance with Facebook terms of service) via a personality quiz app, but had subsequently breached Facebook’s terms of service by sharing the information with CA. What did Facebook do in response, you might ask? The company declined to notify the public, and instead privately instructed both CA and Dr. Kogan to delete any, and all, information that had been collected.

Even so, reports surfaced that not all the data was deleted, and Facebook said in a statement: “Several days ago, we received reports that, contrary to the certifications we were given, not all data was deleted. We are moving aggressively to determine the accuracy of these claims. If true, this is another unacceptable violation of trust and the commitments they made. We are suspending SCL/Cambridge Analytica, Wylie and Kogan from Facebook, pending further information.”

Dr. Kogan’s personality quiz app was able to acquire personal data from some 87 million Facebook users through misleading its quiz takers. Upon signing up for the app, users consented to have their data harvested, but at the same time unknowingly granted the app access to their Facebook friends personal data as well. This resulted in the app gaining access to the friend network of 87 million users (originally estimated to be around 50 million by whistleblower Christopher Wylie but denied by CA to be as low as 30 million. Facebook is the actor that has claimed that the figure is around 87 million).

So, was this a data breach?

No. It is important to make the distinction between a data breach and a breach of trust. Facebook has, since its conception, allowed researchers to access Facebook user data for academic purposes. In the Facebook Terms of Service, this practice is explicitly stated and subsequently consented to by users. The problem, therefore, occurs not with Dr. Kogan’s collection of personal data, rather, his passing it onto CA operations, as Facebook prohibits this type of data to be passed onto “any ad network, data broker or other advertising or monetization-related service.”  As such, Facebook has defined the situation as a “breach of trust”.

In a March 21 post on the social media platform, Facebook CEO Mark Zuckerberg writes, “This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.”

So what’s happening now?

A lot.

To start, the Federal Trade Commision (F.T.C.) has opened an inquiry into whether or not Facebook violated a 2011 consent decree that was supposed to keep Facebook users’ personal data private. The settlement was reached after the F.T.C. learned that third-party apps on the social media platform were able to harvest almost all personal data about a potential user, even though Facebook had assured users that these third-party apps did not have the ability to do so. As it stands, there are multiple concerns in relation to Facebook’s upholding of the settlement stipulations.

David Vladeck, former director of consumer protection at the F.T.C., proposed that “there are all sorts of obligations under the consent decree that may not have been honored here.”

In light of these concerns, the British Parliament’s Digital, Culture, Media and Sport Committee sent a letter to Zuckerberg requesting an appearance before a panel of members of Parliament (MPs) to answer questions about Facebook’s ties to Cambridge Analytica. This letter comes as British MPs conduct their own investigations into Russia’s potential use of Facebook to influence the 2016 Brexit vote. And, while Zuckerberg has not appeared before the British Parliament, he has testified before US Congress.

On April 10, Zuckerberg testified under oath in a joint hearing that entertained both the Senate Judiciary Committee and the Senate Committee on Commerce, Science, and Transportation. Zuckerberg’s Senate testimonial ultimately led to more questions than it answered, however.

When pressed on what his company would do to protect its users’ personal data, Zuckerberg delivered vague answers (presumably on the basis of legal advisory from his many lawyers). Similarly, Zuckerberg was unable to give insight on special counsel Robert Mueller’s work with Facebook. While Zuckerberg did confirm that the company was cooperating with the special counsel’s investigation into Russian hacking of the 2016 election, the Facebook CEO declined to answer any questions about the nature of this work, citing legal obligations to not reveal confidential information about the special counsel’s inquiry.

What was also made glaringly evident by Zuckerberg’s testimony was the Senate’s collective ineptitude concerning the operation of social media platforms such as Facebook.

As part of his questioning, Sen. Orrin Hatch (R-Ut) asked Zuckerberg, “How do you sustain a business model in which users don’t pay for your service?” to which Zuckerberg responded, “Senator, we run ads.”

Overall, Zuckerberg’s testimony can be summed up by the phrases, “I’m sorry,” and, “We made a mistake.” (Not to mention his constant need to explain to Senators how his company works).

What does Facebook plan to do?

In response to this so-called “data mishandling”, Zuckerberg has said that his company will investigate all apps that had access to large amounts of information prior to 2014 data policy modifications in order to ensure that no other third-party applications mishandled personal data.  Zuckerberg has also said that his company will restrict app developers’ data access more broadly, including mandating that developers sign a contract with Facebook to harvest personal data and requiring that they get approval from users to do so. Facebook will also make it easier for users to both view and modify which apps can access their personal data by adding a new, more accessible tool to the top of users’ news feeds.

In addition to these restrictions, Facebook began notifying users on April 9 as to whether or not they were affected by Dr. Kogan’s data collection. This notification came in the form of a detailed message on users’ news feeds that briefly explained the nature of Dr. Kogan’s data mishandling and Cambridge Analytica’s role in utilizing it, as well as providing a link to a page that describes ways to protect user privacy. Some 70 million Americans will receive this message, with the rest of the users residing in the Philippines, Indonesia, and Great Britain.

How do I protect myself on Social Media?

If you have a Facebook account, or belong to any social media platform in general, you may be wondering how you can protect your privacy.

Skylar Bachman, a PHHS junior and Facebook user, says, “I’m pretty concerned about Facebook’s data policies and their commitment to our privacy, and, being a user myself, it’s scary to think that my personal data could be harvested and analyzed as part of political targeting practices. I will probably still use the app, though, as long as I can choose where my data goes via the Facebook settings page.”

As Skylar has done, you can protect your privacy by logging into your Facebook account, tapping on the settings option from the right-hand drop-down menu, and modifying an array of settings that enable data marketers to harvest your data. If you click on “Apps”, for example, you can then click “Edit”, and deselect each button that corresponds with a piece of information you are not comfortable with sharing with your data marketers.

It should be noted that this can be done for almost any social media platform. By simply reviewing the settings menu and becoming familiar with the functions that enable data harvesting, a user can learn a lot about where their data is going, as well as how to manage that data flow.