Internal correspondence provides new insight into how Facebook staff
reacted to concerns about use of user data by political campaign
consultants
Internal Facebook correspondence
from September 2015, released as part of a US government lawsuit on
Friday, reveals new details about Facebook’s early knowledge of
potentially improper data collection by Cambridge Analytica.
The existence of the internal discussion was first reported by the Guardian in March 2019. That report marked Facebook’s first acknowledgement that some of its employees were aware of concerns about improper data practices by Cambridge Analytica four months before the Guardian’s 11 December 2015 article exposed them.
Facebook’s lack of candor about this earlier knowledge to both investors and the press was one of the subjects of a Securities and Exchange Commission (SEC) complaint that Facebook settled by paying a $100m fine in July. Facebook did not admit or deny the SEC’s allegations as part of its settlement.
But the correspondence – which the Washington DC attorney general’s office fought for months to unseal as part of its lawsuit – provides new insight into how Facebook staff reacted, or did not react, to concerns about the use of user data by political campaign consultants.
A request to clarify Facebook’s policies for how political campaigns could legitimately use Facebook data appears to have languished with little attention or “resources”, until after the Guardian reported in 2015 on Cambridge Analytica’s use of Facebook data to create “psychographic profiles” of voters for Ted Cruz’s campaign. At that point, the topic was flagged as “hi pri” [high priority].
The Observer’s March 2018 report
on Cambridge Analytica’s continued use of the data and links to Donald
Trump’s campaign erupted into an international scandal, inspiring global
outrage over the company’s failure to protect users’ personal data and
wiping $134bn off Facebook’s market value as its stock price plunged.
The correspondence was initiated on 22 September 2015, when a Facebook staff member requested clarification on Facebook’s policies for political consultancies that were scraping data to match Facebook profiles to the lists of voters that campaigns use, known as voter files. (The names of Facebook employees are redacted.)
“We suspect many of these companies are doing similar types of scraping, the largest and most aggressive on the conservative side being Cambridge Analytica … a sketchy (to say the least) data modeling company that has penetrated our market deeply.”
The employee requested clarity on Facebook’s policies and an investigation into “what Cambridge specifically is actually doing”, as well as further information about the activities of another political consultancy, NationBuilder.
No one appears to have responded for a week, and on 29 September another message was sent reiterating that political clients were submitting “pointed questions … around what is in bounds versus what is out of bounds”. “Many companies seem to be in on the edge – possibly over,” the staffer wrote.
This second message prompted a handful of responses with differing opinions on the legitimacy of the data practices. One respondent said the request was being passed to “DevOps for initial review”. Another respondent said that their “hunch” is that the data-scraping was “likely non-compliant” with a number of Facebook’s Platform Policies, but noted that it was difficult to decide without more information about how Cambridge Analytica was tapping into Facebook’s system.
One staffer appeared intent on tamping down on expectations that
Facebook would expend “resources” to proactively investigate the apps
that were extracting data from its users, however.The existence of the internal discussion was first reported by the Guardian in March 2019. That report marked Facebook’s first acknowledgement that some of its employees were aware of concerns about improper data practices by Cambridge Analytica four months before the Guardian’s 11 December 2015 article exposed them.
Facebook’s lack of candor about this earlier knowledge to both investors and the press was one of the subjects of a Securities and Exchange Commission (SEC) complaint that Facebook settled by paying a $100m fine in July. Facebook did not admit or deny the SEC’s allegations as part of its settlement.
But the correspondence – which the Washington DC attorney general’s office fought for months to unseal as part of its lawsuit – provides new insight into how Facebook staff reacted, or did not react, to concerns about the use of user data by political campaign consultants.
A request to clarify Facebook’s policies for how political campaigns could legitimately use Facebook data appears to have languished with little attention or “resources”, until after the Guardian reported in 2015 on Cambridge Analytica’s use of Facebook data to create “psychographic profiles” of voters for Ted Cruz’s campaign. At that point, the topic was flagged as “hi pri” [high priority].
The correspondence was initiated on 22 September 2015, when a Facebook staff member requested clarification on Facebook’s policies for political consultancies that were scraping data to match Facebook profiles to the lists of voters that campaigns use, known as voter files. (The names of Facebook employees are redacted.)
“We suspect many of these companies are doing similar types of scraping, the largest and most aggressive on the conservative side being Cambridge Analytica … a sketchy (to say the least) data modeling company that has penetrated our market deeply.”
The employee requested clarity on Facebook’s policies and an investigation into “what Cambridge specifically is actually doing”, as well as further information about the activities of another political consultancy, NationBuilder.
No one appears to have responded for a week, and on 29 September another message was sent reiterating that political clients were submitting “pointed questions … around what is in bounds versus what is out of bounds”. “Many companies seem to be in on the edge – possibly over,” the staffer wrote.
This second message prompted a handful of responses with differing opinions on the legitimacy of the data practices. One respondent said the request was being passed to “DevOps for initial review”. Another respondent said that their “hunch” is that the data-scraping was “likely non-compliant” with a number of Facebook’s Platform Policies, but noted that it was difficult to decide without more information about how Cambridge Analytica was tapping into Facebook’s system.
“To set expectations, we can’t certify/approve apps for compliance, and it’s very likely these companies are not in violation of any of our terms,” the employee wrote. “If we had more resources we could discuss a call with the companies to get a better understanding, but we should only explore that path if we do see red flags.”
Facebook had a headcount of 11,996 employees and $15.8bn in cash or cash equivalents as of 30 September 2015, according to financial filings.
Discussion on the thread lagged after that message and focused on other political consultancies until 11 December 2015, when the Guardian published its expose.
Another staffer added: “Hi everyone – this is hi[gh] pri[ority] at this point. This story just ran in the Guardian and is now prompting other media requests. We need to sort this out ASAP.”
Over the course of the rest of the day, discussion focused on understanding the relationship between GSR, a company formed by Aleksandr Kogan, a former Cambridge University academic, which extracted the data of tens of millions of Facebook users, and Cambridge Analytica, which obtained the data from Kogan and GSR for use in political campaigning.
The discussion also revealed a number of additional links between Facebook employees and the academics responsible for the research underpinning Cambridge Analytica’s psychometric targeting.
One said that they were “good friends” with Michal Kosinski, an erstwhile colleague of Kogan’s at Cambridge. Kosinski had helped pioneer the use of Facebook data to predict personality traits.
“Alex Kogan was my postdoc supervisor at Cambridge, although I left before he founded GSR,” a second employee wrote. “I have a cursory understanding on the basic principles behind GSR’s products and data collection methods, if that helps. Feel free to ask me anything.”
(Another of Kogan’s Cambridge postdoc students, Joseph Chancellor, had been hired by Facebook in November 2015, but he does not appear to be referenced in the thread. Chancellor co-founded GSR with Kogan and, according to Kogan, was an equal partner in the enterprise.)
A third person pointed out a direct relationship between Facebook and Kogan, writing: “It sounds like Facebook has worked with this ‘Aleksandr Kogan’ on research with the Protect & Care team.” The Guardian reported on Kogan’s research collaborations with Facebook in 2018.
On Friday, Facebook published a blogpost by Paul Grewal, the company’s vice president and deputy general counsel, entitled “Document holds the potential for confusion”. The post downplays the importance of the document.
“There is no substantively new information in this document and the issues have been previously reported,” Grewal wrote. “In September 2015, a Facebook employee shared unsubstantiated rumors from a competitor of Cambridge Analytica, which claimed that the data analytics company was scraping public data ... An engineer looked into this concern and was not able to find evidence of data scraping. Even if such a report had been confirmed, such incidents would not naturally indicate the scale of the misconduct that Kogan had engaged in.
“Cambridge Analytica was a clear lapse for us, which we have worked hard to address. We’ve learned many lessons that will help us become a stronger company going forward.”
No comments:
Post a Comment