THREAD: Finally had a chance to do a close reading of the @ICOnews #CambridgeAnalytica report. Key passages follow, with an emphasis on the impact on US politics and implications for what’s to come…
2. Right upfront, Elizabeth Denham emphasizes unique transnational conditions of investigation. When critics say Cambridge Analytica no different than Obama campaign please consider this internationalization of Republican data operation and new challenges of enforcement.
3. We may never know if influence operation was effective. But we definitely know that personal privacy rights were badly infringed. Data crimes occurred. We need to focus on this more than debating “psychometrics” as we consider how to prevent another #CambridgeAnalytica debacle
5. Summarizing the actions against CA/SCL we see a new announcement here that is very significant. The ICO is intervening in the companies’ attempt to liquidate. This extends the idea that companies can’t just go out of business after they commit data crimes against democracies.
6. Critical to realize that the big 3 data brokers Experian, Equifax and Axciom have been slammed with notices to cooperate with audits and assessments. Facebook is not the only bad actor in this epic data crimes scandal. Also shows CA/SCL failed to disclose all my data to me.
8. You realize how important it is to hold CA/SCL and others accountable if they “attempted to undermine the investigation” on top of refusing to cooperate. It’s like telling the data cops to kiss off. Think about it.
9. “We are at risk of developing a system of voter surveillance by default” and this is why I have been fighting for transparency and justice for data crimes for almost 2 years now. This report and others are vindication for me.
10. Perfect example of why we need a muscular regulator in the US capable of server seizure under criminal warrant to perform forensics. GSR appears to be set up as a cutout to deliberately break UK data protection laws but insulate CA/SCL. Their scheme failed in the end.
11. Again, an exemplary precedent for why the US needs to transform the FTC into an enforcement agency that can seize equipment and catch rogue actors in the act. Also, we need to contend with data models not just data when it comes to deletion orders.
12. Kogan insists he did nothing wrong because his own research was a fraud (Breached Facebook data didn’t “work”). But he refuses to cooperate with the authorities. He’s an accomplice to data crimes. That’s all that matters to me.
13. US voter data was processed by CA/SCL in the UK. I proved this in January of 2017. It remains outrageous and it shows we need a national data protection act that prohibits and enforces the processing of voter data by campaigns overseas and by foreign nationals.
15. Here’s where a US citizen caused the criminal prosecution of Cambridge Analytica. Perhaps the trial in January will finally attract the attention of journalists in the US because this fact has gone largely unreported especially by major papers including NYT, WaPo, WSJ
16. This is a crucial passage of the report. Clearly CA/SCL had shoddy security practices, so distressing knowing the databases of electorates around the world that this negligent beast of a company accumulated. Also, their scheme to liquidate quietly is not going as planned.
17. The relationship betwen CA/SCL and AggregateIQ has been the subject of immense controversy. Again, a contractor across international boundaries served as a useful cutout to commit alleged electoral crimes in the illegal coordination of ad buying and digital strategy.
18. Facebook plays a key role in providing authorities regulating democratic processes by making ad purchasing transparent to regulators. All members of a democracy deserve MAXIMAL transparency of political advertisers to ensure that bad actors will get caught sooner not later.
19. My fellow Americans, imagine if our elections were as highly scrutinized as Britain’s. Imagine if our FEC wasn’t a partisan disaster. Imagine if our FTC was watching politicians abuse American’s privacy…they are.
20. Digital data flows around the globe freely. And yet rogue actors seek to exploit how jurisdictions have different data protection regimes. It could not be more clear to us now that US needs a national data protection act to harmonize with the GDPR. Democracy depends on it.
21. OK now things really hit home. Guess what? Academia is a data protection disaster waiting to happen. I’m guessing almost no American universities have grappled with their GDPR responsibilities yet. This is a ticking time bomb in the Ivory Tower.
22. There are concerns that the original psychometrics app that GSR cloned was breached by known cybersecurity actors in Russia. This will be is a big test of “de-anonymization” claims. If data wasn’t truly de-identified then this could be the worst breach in academia.
23. Now that Democrats have seized the House we must tell our electeds that the US needs a Right of Access just like UK, EU and now the great state of California. And it also needs to apply to political campaigns. So politicians need to open up themselves to scrutiny.
24. Read the report yourself. It’s very accessible even tho it covers obscure international legal concepts and at least 3 democracies, US, UK, Canada. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/11/ico-s-investigation-into-the-use-of-data-analytics-in-political-campaigns/ …
Here is the best thread of commentary on the @CommonsCMS hearing on the report.
25. This thread focused on US perspective. We know that ICO furnished FBI and Special Counsel with materials. Now that the President is ratcheting up pressure on Mueller by pushing Sessions out, it’s imperative we understand how CA/SCL fits into the crime of the century. /END
FAQ 1. Why did ICO release this report on election day in US?
ICO said October was slated release. I suppose dropping on election day was a smart move. Can’t be criticized for influencing our election nor being too late. Threading the needle.
You can follow @profcarroll.