When I began reading about the scandal involving Facebook and data analytics firm Cambridge Analytica, I was curious to see if any publications had assembled a timeline of what had happened. That’s because, like many of you, I’m best able to understand a story when it’s explained chronologically. But I couldn’t find any news outlet that offered this sequential approach.
So, I made one myself. At its core, this is a story about how Facebook’s systematic refusal to police its own platform — even at the urging of its own employees — led to third party developers harvesting data from 87 million Americans, most without their consent.
I’m intentionally omitting any of my personal opinions and instead allowing the timeline of events, which includes sources and has been fact-checked, to speak for itself. Cybersecurity is a topic I’ve written about before, which you can check out in my ongoing series.
Our lives are increasingly digital, and most of us want our data to be convenient and transportable, but security is often overlooked in the name of convenience. As such, it’s worth noting that Facebook is no different than any other social media platform or free web service. It’s our responsibility to understand that when digital platforms and services are offered to us for free, we end up being the actual product.
That means, at the end of the day, each of us is partially responsible for what we willingly share online.
Kosinski proved that, with of an average of 68 Facebook “likes,” he could predict users’ skin color (with 95 percent accuracy), sexual orientation (88 percent accuracy), and their affiliation to the Democratic or Republican party (85 percent). Intelligence, religious affiliation, as well as alcohol, cigarette and drug use, could also be determined. Kosinski could even deduce whether someone’s parents were divorced.
During this time, Facebook’s developer guidelines allow all third-party developers to harvest data about users and each of those user’s Facebook friends, a feature called “friends permissions.”Developers are required to sign an agreement to keep data safe but, unfortunately, no one is enforcing that agreement. Sandy Parakilas is Facebook’s platform operations manager during this time, a role that made him responsible for policing data breaches by third-party developers. “In the time I was there, I didn’t see them conduct a single audit of a developer’s systems,” he claims. For several years, he informs managers and senior executives of the possible dangers. The company is unwilling to investigate his claims and he leaves the company in 2012.
Data analytics company Cambridge Analytica (CA) is founded as an offshoot of the now 20-year-old SCL Group with an initial backing of $15 million provided by hedge fund mogul, Robert Mercer, a longtime supporter and donor to conservative candidates and causes. The company is co-founded by a political operative named Christopher Wylie who has ties to people from Barack Obama’s presidential campaigns. CA’s goals were (and still are) to use large sets of data to help their clients score political victories using highly targeted marketing campaigns. Their public list of political clients are all conservatives.
CA co-founder Christopher Wylie learns of Stillman and Kosinski’s research. According to the NY Times, Wylie recruits the researchers to join to Cambridge Analytica; according to Vice, he taps Aleksandr Kogan — co-founder of GSR and an assistant professor in the psychology department at the University of Cambridge — to do the recruiting. What’s clear from all reports is that Stillman and Kosinski decline the offer once they learn of SCL’s use of data in politics. As a result, CA contracts with GSR to create the quiz app for them instead, underwriting the $800,000 cost of creating the app and paying people to take it. Kogan is paid no money, but he’s allowed to keep a copy of the data for his own research purposes. He posts on job boards — under “Global Science Research” — that he’ll pay a few bucks for Americans to take his quiz, resulting in about 270,000 people signing up and participating, providing Kogan with an initial data set. However, as a result of Facebook’s “friends permission” guidelines, Kogan not only has access to data about the quiz-takers, he also has access to information about all of their Facebook friends.
“And so that means that, all of a sudden, I only need to engage 50,000, 70,000, 100,000 people to get a really big data set really quickly, and it’s scaled really quickly. We were able to get upwards of 50 million plus Facebook records in the span of a couple of months.”
— Christopher Wylie, Co-founder of and former Director of Research at Cambridge Analytica
Alexander Nix, CEO of Cambridge Analytica, presents at the “Concordia Summit,” an annual global affairs conference, where he explains that CA has changed the world of political campaigning using psychographic data. He explains how the power of psychometrics had allowed CA to boost Senator Ted Cruz’s name recognition during the Republican primaries. He also says the following about the infamous quiz that Aleksandr Kogan created for them: “[W]e have four to five thousand data points on every adult in the United States” and “by having hundreds and hundreds of thousands of Americans undertake this survey, we were able to form a model to predict the personality of every single adult in the United States of America.”
Julian Assange tweets that he had been contacted by Cambridge Analytica prior to the U.S. presidential elections in November 2016 but had declined working with them. The matter of why CA had contacted him is up for debate.
October 31, 2017
Colin Stretch, vice-president and general counsel at Facebook testifies before a Senate panel regarding Russia’s use of social media platforms (Google, Twitter and Facebook) in the run up to the 2016 elections. Then Minnesota Senator Al Franken asks him, “How did Facebook, which prides itself on being able to process billions of data points and instantly transform them into personal connections for its users, somehow not make the connection that electoral ads paid for in rubles were coming from Russia? Those are two data points! American political ads and Russian money: rubles. How could you not connect those two dots??!” The counsel’s answer doesn’t satisfy Senator Franken.
November 2017 — January 2018
An undercover, hidden video investigation by Britain’s Channel 4 captures Cambridge Analytica CEO Alexander Nix admitting to using entrapment to help his clients beat their political opponents. He offers to send “Ukrainian girls” to candidates’ houses, or to blackmail them by capturing video footage of the politicians agreeing to unsavory deals.
November 19, 2017
In the wake of revelations about how Russia used Facebook to influence the 2016 presidential election, Congress asks executives from Facebook to come to Capitol Hill for questioning. Sandy Parakilas — Facebook’s former platform manager for operations back in 2011 and 2012 — pens an op-ed in The New York Times blasting Facebook as “a company that prioritized data collection from its users over protecting them from abuse,” and suggesting that “lawmakers shouldn’t allow Facebook to regulate itself. Because it won’t.”
Both the New York Times and the Guardian publish stories about the harvesting of Kogan’s data to feed Cambridge Analytica’s business with the Trump campaign, with the aid of Christopher Wylie’s testimony. The same day, Facebook updates its announcement from the previous day insisting that there was no data breach because “everyone involved gave their consent.” At 12:26 a.m., they claim 270,000 user accounts were compromised. By 1:19 p.m., that number has swollen to 50 million.
Also on this day the NY Times publishes a story about CSO Stamos having specific tension with Facebook COO Sheryl Sandberg. Two days later, they alter the story, to scrub Sandberg’s name from the reporting. One of the three reporters who wrote the original article confirmed the change.
Aleksandr Kogan, appears on BBC Radio 4. He explains how his quiz app works and calls the claim, made by Alexander Nix, that he was the one who approached CA with the data from millions of Facebook users “a fabrication.” Rather, Kogan explains, it was CA that approached him and even drew up the terms of service for their joint Facebook app. He also confirms that he received no money from the endeavor, but was promised access to the data for his own research purposes.
Brittany Kaiser, a former director at Cambridge Analytica, steps forward as a second whistle-blower. She details the ways in which CA used social media to help the Trump campaign place 10,000 ads that were most favorable to the candidate and most hostile to Hillary Clinton in the months leading up to the election. The ads were viewed billions of times, according to documents obtained by the Guardian provided by Kaiser, demonstrating the power of CA’s precision methodology.
The European Union’s General Data Protection Regulation (GDPR) is regarded as the strongest consumer data rights and protection policies in the world. When asked by Senator Maria Cantwell if those kinds of consumer-first data regulations should be enacted in the US, Facebook’s CEO responds that Facebook already has plans to implement those kinds of policies, regardless of “the regulatory outcome”.
“Cambridge Analytica has been exposed as a company undermining democratic institutions around the world. There are still many unanswered questions, and we must be sure that its decision to close is not merely a rebranding exercise or a way to circumvent ongoing investigations.”
May 14, 2018
In a statement from their VP of Product Partnerships, Facebook announces the results from auditing thousands of apps on their platform. They state that “around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data.” The names of the applications are not released, so consumers are left wondering if any of the connected FB apps they currently use are among those suspended. Instead, they point everyone to a generic Facebook help page that simply tells you IF your data has been compromised.
May 15th, 2018
The New York Times reports that the FBI is investigating the now defunct Cambridge Analytica organization. “The investigation by the Justice Department and FBI appears to focus on the company’s financial dealings and how it acquired and used personal data pulled from Facebook and other sources, the Times said.”
As the story continues to unravel—and believe me, it will— I will continue to update my timeline, so check back. Additionally, if you are an employee at any of the companies involved with this story and wish to anonymously contact me with further relevant details, please ask how to contact me via secure, encrypted channels.
In my next installment, I outline the ways you can lock down, back-up, deactivate or even delete your Facebook account. I also discuss a few of my top choices for newer social networks that honor and protect your privacy.