As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

[Cambridge Analytica], [Facebook], and Data Security.

milskimilski Poyo!Registered User regular
This thread is, per mod encouragement, to discuss the ongoing story regarding Cambridge Analytica's Facebook data scraping/breach and any related investigations. More broadly, it is also to discuss CA's methods in general and Facebook's response to manipulative use of user data.

This thread is not about Trump, Russia, or election outcomes. If news breaks that more directly connects CA's tactics to tge Trump/Russia investigation, please ask the mods where to post it.

I ate an engineer
«13456746

Posts

  • milskimilski Poyo! Registered User regular
    edited March 2018
    Summary of events (drawing heavily from this Atlantic article.

    In June 2014, a Russian researcher named Aleksandr Kogan developed a personality-quiz app for Facebook. This app was designed to collect a significant amount of data about its users in order to generate its results. Like many apps that requested user information, Facebook approved it provided Kogan agreed not to resell this data. Approximately 270,000 people used the app, and Kogan cheerfully collected data about those users... and all their friends (to what extent app-users versus friends of app-users had their data scraped is unclear from summaries I've read). Kogan, rather than deleting that data, saved it into a provide database and provided and/or sold this information to voter-profile company Cambridge Analytica, who used this data in order to make detailed voter profiles that were used for "micro-targeting", especially on social media. Facebook discovered this harvesting in 2015 and shut Kogan down, and Cambridge Analytica claimed to have deleted all data; whether that is true or not remains to be seen.

    This data harvesting was bad, but potentially not atypical for Facebook apps; there are reports that Facebook executives intentionally turned a blind eye towards potential abuses of their API system in order to shield themselves from culpability. Even with stories from 2016 regarding Russian-bought ads on Facebook or the prevalence of fake news on the site, this would likely have been a blip on the radar. However, Cambridge Analytica have also worked on several successful far-right campaigns, including the Brexit campaign and Donald Trump's campaign (and also for Ted Cruz). They have even claimed to have worked as a go-between for the Trump campaign and SuperPACs; such coordination is likely illegal. The biggest bombshell, though, was an undercover recording by Channel 4 News that caught Cambridge Analytica CEO Alexander Nix promoting tactics to hurt political opponents such as staging a corrupt land deal or entrapping them with Ukranian prostitutes. This has made Cambridge Analytica's data scraping a much more prominent offense, as it was not "merely" used for advertising, but used for intentional manipulation by a company with no ethical standards whatsoever that claims to have been instrumental in recent far-right success stories.

    AGAIN: This thread is not about Trump, Russia, or election outcomes. I briefly mentioned them in the summary as important context for why people care about CA's actions more than any other data breach event, but this topic should be focused on CA, Facebook, and their interaction, not the elections CA was involved in.

    milski on
    I ate an engineer
  • JragghenJragghen Registered User regular
    The past couple years have left me feeling okay if Twitter and Facebook burnt to the ground.

    I don't really have much to contribute to this shit beyond that.

  • DevoutlyApatheticDevoutlyApathetic Registered User regular
    Jragghen wrote: »
    The past couple years have left me feeling okay if Twitter and Facebook burnt to the ground.

    I don't really have much to contribute to this shit beyond that.

    What they represent aren't going away anytime soon. If we burn them down something else would rise up to fill those gaps. Not sure how the hell to deal with what interconnectiveness is doing to our society.

    Nod. Get treat. PSN: Quippish
  • DoodmannDoodmann Registered User regular
    This is the first time I've really thought I am not getting enough out of the platform to justify how much they are getting from me. I'm thinking about just ditching all of it.
    I guess I'd keep my linkedin and tumblr...I have a personal site, maybe I'll start actually using it and blogging again.

    Whippy wrote: »
    nope nope nope nope abort abort talk about anime
    Sometimes I sell my stuff on Ebay
  • ArbitraryDescriptorArbitraryDescriptor changed Registered User regular
    edited March 2018
    https://www.recode.net/2018/3/19/17141012/facebook-alex-stamos-departs-russia-fake-news
    Alex Stamos, Facebook’s chief security officer and one of the key execs who helped the company track down Russian political ads on the service, plans to leave the company, according to a source familiar with his role.

    Update: Stamos tweeted Monday afternoon that he is “still fully engaged with my work at Facebook,” though did not say that he was staying at the company indefinitely. He also confirmed that his role internally has changed. “I’m currently spending more time exploring emerging security risks and working on election security.” Our sources say that while Stamos is still at Facebook, he does plan to leave. The New York Times reported that he plans to stay at Facebook until August.

    Stamos, who joined the social giant almost three years ago after a very public stint in a similar role at Yahoo, ran the team inside Facebook tasked with hunting down ads related to the Kremlin’s efforts to sow unrest in the U.S. ahead of the presidential election.

    But Stamos’s responsibilities have eroded over the past few months, and most of his team was reassigned to other managers inside the company, including Chris Cox’s product group, according to two sources familiar with his role.

    Stamos also lost his day-to-day role overseeing Facebook’s security team back in December, and didn’t always see eye to eye with Facebook COO Sheryl Sandberg about how the company should handle the aftermath of the 2016 presidential election, the New York Times reported Monday. The Times was first to report Stamos’s departure.

    Is the work Stamos is now doing (bolded) new, and what the COO disagreed with, or a subset of his previous efforts?

    I think that answer informs whether he quit and only agreed to stay to do it, or was he forced out, but given a stay of execution to wrap up.

    I can read the phrasing of his having 'lost team members to other operations' either way.

    ArbitraryDescriptor on
  • ArbitraryDescriptorArbitraryDescriptor changed Registered User regular
    Apparently Facebook is claiming that their visit to CA is allegedly to verify that CA no longer had their user data.
    Facebook says the user data in question was initially properly gathered by a psychology professor, who then passed it to Cambridge Analytica. That breached Facebook's rules.

    Cambridge Analytica says it deleted all the data in 2015 when it learned that Facebook rules had been broken. It has agreed to an inspection by Facebook-hired auditors, Facebook said Monday.

    There is a real conflict of interest in whether they find it, given they're also afraid of an FTC investigation about the privacy data.
    Facebook said Tuesday it expected to receive a letter from the FTC with questions, but has not been informed of a formal probe.

    A violation of the consent decree could carry a penalty of $40,000 per violation, which could mean a fine conservatively estimated to be "many millions of dollars in fines" for Facebook, The Washington Post reported over the weekend, citing a former FTC official.
    https://www.cnbc.com/amp/2018/03/20/ftc-reportedly-to-investigate-facebooks-use-of-personal-data.html

  • schussschuss Registered User regular
    Based on what I've read, Facebook has criminally lax controls on their data. If I exposed anything on the order they do, I'd be fired tomorrow. Also, we have very strict proto old and audits around data security to the point that major customers demand to actually see our data centers and audit trails before signing with us.

  • GoumindongGoumindong Registered User regular
    Apparently Facebook is claiming that their visit to CA is allegedly to verify that CA no longer had their user data.
    Facebook says the user data in question was initially properly gathered by a psychology professor, who then passed it to Cambridge Analytica. That breached Facebook's rules.

    Cambridge Analytica says it deleted all the data in 2015 when it learned that Facebook rules had been broken. It has agreed to an inspection by Facebook-hired auditors, Facebook said Monday.

    There is a real conflict of interest in whether they find it, given they're also afraid of an FTC investigation about the privacy data.
    Facebook said Tuesday it expected to receive a letter from the FTC with questions, but has not been informed of a formal probe.

    A violation of the consent decree could carry a penalty of $40,000 per violation, which could mean a fine conservatively estimated to be "many millions of dollars in fines" for Facebook, The Washington Post reported over the weekend, citing a former FTC official.
    https://www.cnbc.com/amp/2018/03/20/ftc-reportedly-to-investigate-facebooks-use-of-personal-data.html

    "Many Millions" is very conservative. $40K for 50M accounts is $2T

    wbBv3fj.png
  • Fuzzy Cumulonimbus CloudFuzzy Cumulonimbus Cloud Registered User regular
    When Congress went after FB last year over fake news I thought it was kind of silly. Now I’m not so sure. I think a platform creator is responsible for the data they collect and harbor. And so far it’s been used for some really bad stuff. Illegal stuff? Maybe. But definitely bad stuff. The fact that FB engaged in a coverup re: CA issues is kind of surprising since FB pushes a very very power to the user, here’s a fun video of your birthday posts!, company culture and brand. I feel like those days are coming to an end. I would have put my money on Google or Amazon being the first of the big social data people to muck it up but it seems like Facebook went full in.

  • ElldrenElldren Is a woman dammit ceterum censeoRegistered User regular
    Jragghen wrote: »
    The past couple years have left me feeling okay if Twitter and Facebook burnt to the ground.

    I don't really have much to contribute to this shit beyond that.

    What they represent aren't going away anytime soon. If we burn them down something else would rise up to fill those gaps. Not sure how the hell to deal with what interconnectiveness is doing to our society.

    Then we burn down whatever grows in their place

    Salt the earth

    Facebook delenda est

    fuck gendered marketing
  • Fuzzy Cumulonimbus CloudFuzzy Cumulonimbus Cloud Registered User regular
    We could learn a lot from Germany’s overly ambitious and sometimes silly data privacy laws. I think Spool even had the idea for a data bill of rights. Which I agree with for the most part.

  • CelestialBadgerCelestialBadger Registered User regular
    Social media is here to stay. Talk of shutting it down is equivalent to burning the printing press. The printing press caused all sorts of problems to arise that didn't exist before but overall it advanced society. Social media has improved a lot of things, like I know a lot more people in different countries than I would have without it, and people who didn't fit in, like trans people, have realized that they are not alone, and organized accordingly. But there's disadvantages, too, obviously!

  • FawstFawst The road to awe.Registered User regular
    Nix is out at CA, per the WSJ.

  • spool32spool32 Contrary Library Registered User regular
    We could learn a lot from Germany’s overly ambitious and sometimes silly data privacy laws. I think Spool even had the idea for a data bill of rights. Which I agree with for the most part.

    The solution to this is, ultimately, a privacy amendment to the US Constitution. And let's not forget that this forum is Social Media, and crafting laws for Facebook also crafts them for Vanilla and for Penny Arcade!

    German data privacy laws get in the way of business like whoa, but they do protect privacy better than the wild west we have here in the USA.

  • AthenorAthenor Battle Hardened Optimist The Skies of HiigaraRegistered User regular
    Yeah. There is no right to privacy in the US, and a lot of people don't realize that.

    The GDPR is requiring tighter security for those of us who deal with the EU, but we really need a US version of it.

    https://www.eugdpr.org/

    He/Him | "A boat is always safest in the harbor, but that’s not why we build boats." | "If you run, you gain one. If you move forward, you gain two." - Suletta Mercury, G-Witch
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    Is there a link that summarizes the recent news about CA?

    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • DevoutlyApatheticDevoutlyApathetic Registered User regular
    Athenor wrote: »
    Yeah. There is no right to privacy in the US, and a lot of people don't realize that.

    Eh, that's sorta not true.

    There is no enumerated right to privacy but our case law has established a right to privacy.

    I'd be all for an actual amendment to spell it out though.

    Nod. Get treat. PSN: Quippish
  • CouscousCouscous Registered User regular
    edited March 2018
    Edit: Wait, this thread is supposed to be specifically about CA in relation to Facebook and not the latest scandals about them in general. Never mind.
    Edit2: Do the Channel4 reports need their own thread or do they go here or somewhere else?

    Couscous on
  • Fleur de AlysFleur de Alys Biohacker Registered User regular
    Separately, Mr Turnbull described how the company could create proxy organisations to discreetly feed negative material about opposition candidates on to the Internet and social media.

    He said: “Sometimes you can use proxy organisations who are already there. You feed them. They are civil society organisations.. Charities or activist groups, and we use them – feed them the material and they do the work…

    “We just put information into the bloodstream to the internet and then watch it grow, give it a little push every now and again over time to watch it take shape. And so this stuff infiltrates the online community and expands but with no branding – so it’s unattributable, untrackable.”

    ....

    In one exchange Alexander Nix revealed the company used a secret self-destructing email system that leaves no trace. He said: “No-one knows we have it, and secondly we set our… emails with a self-destruct timer… So you send them and after they’ve been read, two hours later, they disappear. There’s no evidence, there’s no paper trail, there’s nothing.”

    Mr Nix also belittled representatives on the House Intelligence Committee to whom he gave evidence in 2017. He claims Republican members asked just three questions. “After five minutes – done.”
    He all but admitted to feeding Russian troll farms (yes it could conceivably be some other group I guess, but who that had the successes he's boasting they caused?).

    I'd love to see that bit about the HIC blared across media, repeated over and over again. Even Fox viewers shouldn't be so insulated that they couldn't hear it.

    Triptycho: A card-and-dice tabletop indie RPG currently in development and playtesting
  • milskimilski Poyo! Registered User regular
    Feral wrote: »
    Is there a link that summarizes the recent news about CA?

    I would appreciate this as well, since I mostly threw this up to save the other thread and don't have a comprehensive picture yet.

    I ate an engineer
  • BronzeKoopaBronzeKoopa Registered User regular
    Listening to pod save america talking about the CA data use, it involved an app used for academic purposes? That you would log in via facebook, but not only did it harvest your data but also scrapped info from your friends/contacts list on your facebook.

  • zeenyzeeny Registered User regular
    Listening to pod save america talking about the CA data use, it involved an app used for academic purposes? That you would log in via facebook, but not only did it harvest your data but also scrapped info from your friends/contacts list on your facebook.

    Which isn't an exploit, but a default fb settings behavior.

  • m!ttensm!ttens he/himRegistered User regular
    Part 3 of the Channel 4 report on Cambridge Analytica is available online now. This one specifically deals with how CA ran the Trump Digital Campaign. Haven't had a chance to watch yet but I hear it's a doozy.

    https://youtu.be/cy-9iciNF1A

  • CelestialBadgerCelestialBadger Registered User regular
    zeeny wrote: »
    Listening to pod save america talking about the CA data use, it involved an app used for academic purposes? That you would log in via facebook, but not only did it harvest your data but also scrapped info from your friends/contacts list on your facebook.

    Which isn't an exploit, but a default fb settings behavior.

    It was more designed for marketing to you than political propaganda. Let's see if Facebook fixes that. I don't mind Facebook picking up that I have a kid and trying to sell cute little dresses to me. What I *do* mind is Facebook using the same system to send political propaganda.

  • fightinfilipinofightinfilipino Angry as Hell #BLMRegistered User regular
    Fawst wrote: »
    Nix is out at CA, per the WSJ.

    CA's official statement
    CA Board wrote:
    In the view of the Board, Mr. Nix’s recent comments secretly recorded by Channel 4 and other allegations do not represent the values or operations of the firm and his suspension reflects the seriousness with which we view this violation.

    that's right, the CEO didn't represent the views of the company for which he was chiefly executing.

    ffNewSig.png
    steam | Dokkan: 868846562
  • JragghenJragghen Registered User regular
    In one exchange Alexander Nix revealed the company used a secret self-destructing email system that leaves no trace. He said: “No-one knows we have it, and secondly we set our… emails with a self-destruct timer… So you send them and after they’ve been read, two hours later, they disappear. There’s no evidence, there’s no paper trail, there’s nothing.”

    Mr Nix also belittled representatives on the House Intelligence Committee to whom he gave evidence in 2017. He claims Republican members asked just three questions. “After five minutes – done.”

    “They’re politicians, they’re not technical. They don’t understand how it works,” he said.

    Mr Nix further claimed that Democrats on the Committee are motivated by “sour grapes”.

    He said: “They don’t understand because the candidate never, is never involved. He’s told what to do by the campaign team.”

    “So the candidate is the puppet?,” the undercover reporter asked.

    “Always,” replied Mr Nix.

    He added that his firm could avoid any US investigation into its foreign clients. “I’m absolutely convinced that they have no jurisdiction…,” he said. “We’ll say none of your business.”

    https://www.channel4.com/news/exposed-undercover-secrets-of-donald-trump-data-firm-cambridge-analytica

  • CelestialBadgerCelestialBadger Registered User regular
    So... there's no wrongdoing at all, but the firm uses a self-destructing email system? I thought that Clinton "acid washing" her emails was a big problem to the Republicans? But I guess, if it's them or their people, that's different.

  • CommunistCowCommunistCow Abstract Metal ThingyRegistered User regular
    zeeny wrote: »
    Listening to pod save america talking about the CA data use, it involved an app used for academic purposes? That you would log in via facebook, but not only did it harvest your data but also scrapped info from your friends/contacts list on your facebook.

    Which isn't an exploit, but a default fb settings behavior.

    It was more designed for marketing to you than political propaganda. Let's see if Facebook fixes that. I don't mind Facebook picking up that I have a kid and trying to sell cute little dresses to me. What I *do* mind is Facebook using the same system to send political propaganda.

    Where do you draw the line? At the very least you can have facebook adhere to the same election laws that tv stations have to follow when displaying political ads. That would prevent the foreign entities from targeting you with political ads. VAN/VoteBuilder which is used by the DNC and democratic candidates is built off datasets like what facebook has and it is used to get people out to the polls and to send direct mailers to potential voters. I'm going to wildly guess that most people here are ok with that type of usage?

    No, I am not really communist. Yes, it is weird that I use this name.
  • PhyphorPhyphor Building Planet Busters Tasting FruitRegistered User regular
    Two hours is... short but it's not unusual to purge old emails past a date

  • ButtersButters A glass of some milks Registered User regular
    I think it's important to point out that Cambridge Analytica is yet another Mercer-funded project and I think it's possible people are overestimating their effectiveness much like they were with Breitbart simply because they were able to attach their name to Trump's victory.

    Mercer originally backed Ted Cruz and CA went to work for that campaign first. Ted Cruz touted their data as revolutionary and an important advantage only to lose very handily. It was surmised by the Pod Save crew that CA may only have been brought on board by the Trump campaign to placate the Mercers whom donate a ton of money to GOP causes.

    PSN: idontworkhere582 | CFN: idontworkhere | Steam: lordbutters | Amazon Wishlist
  • VeeveeVeevee WisconsinRegistered User regular
    They also admitted that the Trump campaign worked directly with super PACs, and that without them this wouldn't have been possible. Or at least as easy to do.

  • VeeveeVeevee WisconsinRegistered User regular
    edited March 2018
    Butters wrote: »
    I think it's important to point out that Cambridge Analytica is yet another Mercer-funded project and I think it's possible people are overestimating their effectiveness much like they were with Breitbart simply because they were able to attach their name to Trump's victory.

    Mercer originally backed Ted Cruz and CA went to work for that campaign first. Ted Cruz touted their data as revolutionary and an important advantage only to lose very handily. It was surmised by the Pod Save crew that CA may only have been brought on board by the Trump campaign to placate the Mercers whom donate a ton of money to GOP causes.

    The video directly states that the mercers saved a broke Trump campaign with a donation, and in return demanded that Steve Bannon be made campaign chair and they use CA.

    Veevee on
  • m!ttensm!ttens he/himRegistered User regular
    Yeah Jragghen, I just finished watching the video, and felt some combination of sickness and furious rage at what transpired during those meetings.

    The other quote that made my blood boil:
    "We just put information into the bloodstream to the internet and then watch it grow, give it a little push every now and again over time to watch it take shape. And so this stuff infiltrates the online community and expands but with no branding - so it's unattributable, untrackable."

    This was said just after mentioned that they produced hundreds of pieces of copy and videos for the election, seeded them all over the place and watched it grow virally.

    Pure speculation on my part:
    While they didn't mention outright how they seeded all that, I wouldn't be surprised if some agency that does research on the internet (they could call themselves the Cyberspace Investigation Bureau, or Internet Research Agen---oohhhhhh) wouldn't be well suited to do that seeding.

  • BurnageBurnage Registered User regular
    Butters wrote: »
    I think it's important to point out that Cambridge Analytica is yet another Mercer-funded project and I think it's possible people are overestimating their effectiveness much like they were with Breitbart simply because they were able to attach their name to Trump's victory.

    Cambridge Analytica was also heavily involved in the Brexit vote, it's not just Trump's victory that they've had a hand in.

  • CelestialBadgerCelestialBadger Registered User regular
    What Cambridge Analytica did may not have been illegal in the USA, but they are located in the UK, and it's illegal there.

  • MadicanMadican No face Registered User regular
    What Cambridge Analytica did may not have been illegal in the USA, but they are located in the UK, and it's illegal there.

    And the UK is probably not as inclined as the current US government to let things slide.

  • So It GoesSo It Goes We keep moving...Registered User regular
    Couscous wrote: »
    Edit: Wait, this thread is supposed to be specifically about CA in relation to Facebook and not the latest scandals about them in general. Never mind.
    Edit2: Do the Channel4 reports need their own thread or do they go here or somewhere else?

    It goes here.

  • AngelHedgieAngelHedgie Registered User regular
    zeeny wrote: »
    Listening to pod save america talking about the CA data use, it involved an app used for academic purposes? That you would log in via facebook, but not only did it harvest your data but also scrapped info from your friends/contacts list on your facebook.

    Which isn't an exploit, but a default fb settings behavior.

    It was more designed for marketing to you than political propaganda. Let's see if Facebook fixes that. I don't mind Facebook picking up that I have a kid and trying to sell cute little dresses to me. What I *do* mind is Facebook using the same system to send political propaganda.

    Actually, I mind that as well, because it's all the same thing, and can be bent to bad ends - read up on the story where a girl had her pregnancy outed to her family by Target via data mining . The reality is that personal data should be regulated in the same vein as HIPAA does for medical data.

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
  • CelestialBadgerCelestialBadger Registered User regular
    Madican wrote: »
    What Cambridge Analytica did may not have been illegal in the USA, but they are located in the UK, and it's illegal there.

    And the UK is probably not as inclined as the current US government to let things slide.

    The UK is seriously pissed off about all things Russia right now.

  • OghulkOghulk Tinychat Janitor TinychatRegistered User regular
    spool32 wrote: »
    We could learn a lot from Germany’s overly ambitious and sometimes silly data privacy laws. I think Spool even had the idea for a data bill of rights. Which I agree with for the most part.

    The solution to this is, ultimately, a privacy amendment to the US Constitution. And let's not forget that this forum is Social Media, and crafting laws for Facebook also crafts them for Vanilla and for Penny Arcade!

    German data privacy laws get in the way of business like whoa, but they do protect privacy better than the wild west we have here in the USA.

    I've been telling a friend this since the Amazon Echo/Alexa, Siri, and the like started showing up. Our country has to have a serious conversation about what is and isn't private. Machine learning* can have really tremendous benefits for society, like in the production of goods, energy efficiency, etc. But when most of it until now has been literally just for advertising (Google's search engine is this, same with Facebook) we need to seriously rethink a lot of our concepts of privacy. I've maintained for a really long time that advertising is parasitic on our economy and society, and this whole debacle has kinda reinforced that view (recall that Facebook collects this data literally for fucking selling advertisements).

    Like, I think tube in another thread mentioned that he's fine with data collection for automatic driving. And I agree with that! There are a lot of things where massive data collection and computational observation (as opposed to surveillance) can completely change the way we live. But until we have a serious conversation about our culture and the laws put in place we're gonna end up with more events like this.

    *OLS with constructed regressors

Sign In or Register to comment.