that's interesting news: Aleksandr Kogan *refused to be interviewed by ICO Commissioner Denham's investigation.* Yes, same Kogan who allegedly with his equal partner, Joseph Chancellor, harvested 80+ million Facebook records and sold tens of millions to SCL/Cambridge Analytica.
"Facebook needs to significantly change its practices and business model in order to be trusted" - UK ICO Commissioner Elizabeth Denham just now in response to question whether she would ever use Facebook. She then testifies Facebook needs stricter regulation.
Here is the link to the full ICO update for those following this important UK hearing in the States. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/11/ico-s-investigation-into-the-use-of-data-analytics-in-political-campaigns/ …
"There is an underlying tension between the business model of Facebook the underlying rights of its users" - ICO Commissioner Denham
ICO has over 50 million pages of data they've seized from Cambridge Analytica. Again, they've already previously stated this is likely the largest data investigation in the history of our planet.
This timely point in ICO post along with its update report:
"We are at a crossroads. Trust and confidence in the integrity of our democratic processes risks being disrupted because the average person has little idea of what is going on behind the scenes.
This must change. "
"given the way Facebook has bullied journalists and was present when you seized documents from Cambridge Analytica, do you think Mark Zuckerberg should appear before this @CommonsCMS committee?" Denham answers "it would be very useful to have Zuckerberg appear."
important. @IanCLucas asking questions who at Facebook knew about breach back in 2015 and in advance of public reports. ICO won't answer yet, says it has the emails to confirm timeline. Lucas presses on when and whether Zuckerberg knew. @SenKamalaHarris will be interested.
Important #2, @IanCLucas presses on whether GSR seized data was used for targeting. ICO is relying on Facebook's answers but Lucas rightly wants ICO to audit and confirm this. Point being, Facebook long ago lost trust in its word.
Important #3, "and others" would also include Kogan's co-partner who Facebook hired in 2015 after this all happened. Kogan refused to do the voluntary interview despite testifying he was cooperating. https://ico.org.uk/media/action-weve-taken/2260271/investigation-into-the-use-of-data-analytics-in-political-campaigns-final-20181105.pdf …
The 87+ million Facebook records taken by GSR for CA were stored on a cloud server and ICO is still investigating who had access to it. Also, noting report said passwords were on post-it notes in the office when they were raided.
ICO Commissioner Denham points out the problems in Facebook's efforts to have the data deleted including some of the certifications weren't even signed. She called Facebook's efforts "less than robust."
Denham says Facebook's 3rd party contractors were in the building when ICO raided it. Facebook had not started its audit. ICO doesn't have evidence any data was taken or deleted and contractors left the building upon request to Facebook corporate.
Denham is concerned the Facebook harvested data could still be used in other future campaigns. ICO is still investigating. "the data was gathered and held illegally under UK law."
ICO Commissioner Denham is crystal clear about what she calls the "very disturbing disregard of the many organizations across the whole system for the privacy of UK users." and confirms by this she means Facebook, data brokers and Cambridge Analytica.
woah, ICO Commissioner Denham confirms again there were IP addresses found which had resolved to Russia. They clarify these IP addresses accessed the Facebook data stored at Cambridge University and were addresses previously listed as addresses of cybersecurity concern.
"this investigation is unprecedented for any data authority worldwide" ICO in describing the costs, people involved and what's at stake which ICO Commissioner describes as the fundamentals of the democratic process.
Based on this hearing and the ICO report, IMHO it's unequivocal that @SenJohnThune should be asking Kogan, and I would suggest Chancellor, back for a real hearing. Thune was our only Senator who even probed a bit on what Kogan was up to during summer hearing. @CommonsCMS
Based on report and ICO Commission Denham's testimony, I don't see how Facebook didn't likely violate its FTC Consent Decree. @FTC does have the power to exert a massive fine, as Denham indicates they now have under GDPR. Now they need to do it. @CommonsCMS should ask about this.
ICO Commissioner Denham, a globally respected data regulator, has been incredibly clear in using the word "harm" to describe the impact of the actions of Facebook, GSR, and Cambridge Analytica. She then says "the ship has sailed" on self-regulations.
probably worth @CommonsCMS asking about Joseph Chancellor just to get it on record. Considering he was hired by Facebook in 2015 -> after the breach, it would be good to know if his name or involvement surfaced in any ways we know beyond what press has dug up.
Denham just testified that "inferred data" is "personal data" under the law. I need to review her exact statement here but very well could have implications to the entire ad tech targeting ecosystem.
"A disturbing amount of disrespect for personal data for voters and prospective voters" and the model from commercial sector has been utilized in the political sector" when Commissioner Deham is asked to sum up in one sentence her reaction to this.
Denham then reiterates the call for an ethical pause in micro-targeted advertising, as done on Facebook, due to the concerns from her investigation. Important to understand as polls are now open here in the United States. @CommonsCMS
Based on everything I'm hearing, I don't see how Facebook isn't the more significant actor and larger problem than many of the bad/foreign actors involved over the past few years in meddling with our data and politics. This entire hearing is enlightening on Facebook's role here.
good follow-up by @DamianCollins on "inferred data" being "personal data" as Commissioner Denham suggests even Facebook Lookalike targeting may be problematic, the public is uncomfortable and may even be illegal under GDPR.
<finished> my takeaway from @CommonsCMS hearing:
- significant new and confirmed facts in report/testimony
- Zuck needs to testify to joint Parliament more than ever
- ICO full audit underway, critical
- US public needs to understand what is being done for our citizens here
I'm going to follow up with some exact timestamps for US press to focus on. At 49:00-55:00 part of inquiry on access to the Facebook breached data, stand down of Facebook's contractors during raid. https://twitter.com/i/broadcasts/1djGXOBgQrkKZ …
39:00-42:00 => this will matter. @IanCLucas smartly asking for who knew about the Facebook breach in 2015. This is highly relevant to FTC investigation and @SenKamalaHarris questions. ICO promises timeline later. 41:00 he asks about CEO Mark Zuckerberg. https://twitter.com/i/broadcasts/1djGXOBgQrkKZ …
at 58:40-63:00 oral evidence (not in ICO report) to possible Russian access to Facebook's data records. ICO testified it was the data harvested at Cambridge University (separate data set). The IP addresses have been linked to other cybersecurity matters. https://twitter.com/i/broadcasts/1djGXOBgQrkKZ …
64:30- Commissioner Denham points out they have a "Stop Processing" power which they can exercise. She says this before noting Facebook's lookalike audiences and data collection across the web may well be against the law. https://twitter.com/i/broadcasts/1djGXOBgQrkKZ …
79:30-81:00 "Purposeful, intentional, illegal misuse of personal data which was reused in political campaigning" - Commissioner Denham before offering perspective on Google and Facebook's role with regulators and the lack of accountability for these companies.
81:30 "the time for self-regulation is over. I think that ship has sailed." - Commissioner Denham on harms by big tech companies. https://twitter.com/i/broadcasts/1djGXOBgQrkKZ …
89:30-91:00 This part will make Facebook shake in its shoes as @pow_rebecca smartly asks about Facebook being labeled as a "crime scene." Commissioner Denham calmly refills water then references @EU_EDPB, Irish DPA investigation of Facebook's practices. https://twitter.com/i/broadcasts/1djGXOBgQrkKZ …
94:40-98:00 - @DamianCollins specifically gathering evidence from Commissioner as it relates to "inferred data" being "personal data" (confirming @pow_rebecca questions at 87:30). This directly relates to Facebook's entire biz model and lack of consent. https://twitter.com/i/broadcasts/1djGXOBgQrkKZ …
the entire @issielapowsky report on Cambridge U deserves another read alongside ICO report and testimony. Importantly, after oral evidence known bad Russian IP addresses likely accessed Univ data set. Who knew about this? anyone help with it? Why? https://www.wired.com/story/the-man-who-saw-the-dangers-of-cambridge-analytica/ …
Facebook's CTO testified as to overlap with the Kogan data set and election campaigns. I don't recall anyone asking FB about the Cambridge U data set which we now know may have been accessed by Russian IP addresses previously reported as concerning. @DamianCollins @CommonsCMS
for those who are not able to access the archived version of the hearing on Twitter, here is the direct link to the archives hearing on the Parliament website. https://parliamentlive.tv/Event/Index/54537179-b275-470b-afe7-5d180031de35 …
Uploading a few specific clips.
yesterday, UK regulator testified known Russian IP addresses from other cybersecurity incidents may have accessed a significant Facebook data set. This data set would have included a significant number of Americans personal data. cc @issielapowsky
"Was it Mark Zuckerberg?" - @IanCLucas pressing yesterday. See lawmaker holding power to account. Relevant to @ftc, @SenKamalaHarris line of questions about decision not to inform 87 million users of the breach. (2 minutes)
"Facebook is basically being labeled by some people as a crime scene." - @pow_rebecca. UK Commissioner then sips water and calmly shares new GDPR powers and fellow DPAs with oversight on Facebook.
Watch a top regulator consider whether Facebook would have been fined $1 or 2 billion for a breach she describes as involving "purposeful, intentional, illegal, misuse of personal data." Hey press, remember when Facebook was pushing you hard around on use of the word "breach?"
You can follow @jason_kint.