Cambridge Analytica illegally kept a massive trove user data from Facebook, worked with Russians

; Date: Sun Mar 18 2018

Tags: Facebook »»»» Social Media Warfare

Cambridge Analytica, funded by the Mercer Family for manipulating the public to a hard-line-right-wing political, illegally collected a massive trove of Facebook user data, then used Big Data techniques to develop highly targeted advertising meant to influence public opinion. The company was founded when a young computer science researcher focusing on big data machine learning techniques met the Mercers, who promised to give him a free hand and fund his research. What resulted was a massive information warfare weapon used by the Mercer's, and their puppet at Breitbart News Steve Bannon, to manipulate public opinion.

Oh ... and ... there are Kremlin/Putin-connected Russians mixed all through the story.

The issue here for Techsparx readers is a big warning -- when we play those silly games on social media networks, pay close attention to the access being requested. What Cambridge Analytica did is create viral games that then collected data from not only the Facebook profile of the person who played the game, but all their friends, and all their likes, and postings, and everything else.

The information here comes from reporting by the NY Times and the Guardian (a well-respected newspaper based in London England). They rely heavily on information provided by Christopher Wylie, a Canadian-born genius who was in England studying big data technologies with the purpose of determining social and political influences.

To Wylie it was all an intellectual exercise. He had gained some practical knowledge of using data science technologies while working for the Lib Dems party in Great Britain. While working for that party he told the Lib Dems the data showed they'd lose a bunch of seats, and they scoffed the idea, but the party ended up losing many more seats than Wylie predicted. But a contact in the party led him to working for the SCL Group, and further contacts led to an investment by the Mercer family that launched Cambridge Analytica.

Cambridge Analytica is a "data analytics" firm that played a role in electing Donald Trump as President of the USA, and in getting Great Britain to vote BREXIT.

Wylie was a high school dropout who, by 24 years old, was getting a PhD at Cambridge Univ (England) in "fashion trend forecasting". He's a genius who didn't fit very well with high school, but was able to shine at a good University. He then developed an idea of using Facebook to gather the Facebook profiles of millions of US citizens, with an eye to developing highly targeted Facebook ads.

The key was to develop an app for Facebook - like a personality quiz. But in the process of running the app, the user gives the app owner permission to access their data, and in the case of Cambridge Analytica they misused access to that data in several ways. In order to run the app the Facebook user must agree to give access to certain account information.

This is fairly normal - anytime we use Facebook or Twitter et al credentials to log-in to a website, we are asked whether to grant authorization to access that account. There are different levels of access, and the sort of access gets described during the process of granting authorization. The process is governed by one of the standard Internet Protocols - OAuth - and is extremely widely used for authentication and authorization.

Typical OAuth authorization request flow -- From: ``
Typical OAuth authorization request notification -- From: ``

These two images show how the OAuth protocol works. A user clicks on a "Sign in with Facebook/Twitter/etc" button, and that starts a dance described in the OAuth protocol. Part of that dance is a notification of the level of access being requested.

What these researchers did was request extremely broad access to not only the Facebook profile of the person, but the profile of all their friends. As we'll see shortly, that greatly amplified the amount of data they could collect.

They also violated Facebook's rules - by retaining the data longer than allowed, and more importantly sharing the data with other companies. Yesterday Facebook proclaimed they'd blocked Cambridge Analytica and the SCL group from Facebook. But that's like bolting the barn doors after the horses have fled. Especially as Cambridge Analytica has demonstrated an ability to work through 3rd party companies.

It was someone in the Lib Dems party who introduced Christopher Wylie to SCL Elections, a subsidiary of the SCL Group. According to The Guardian, Alexander Nix, then CEO of SCL Elections, made Wylie an offer he couldn’t resist. “He said: ‘We’ll give you total freedom. Experiment. Come and test out all your crazy ideas.’” Wylie didn't think it through, and leapt at the opportunity.

SCL was described by The Guardian as "a nexus of defence and intelligence projects, private contractors and cutting-edge cyberweaponry". The company worked in "information operations" and had contracts with both the British and USA governments to work on a wide range of secretive operations.

Within a few months, Wylie met Steve Bannon. Bannon at the time was head of Breitbart News, and was being funded by the Mercers. The elder Mercer made zillions of dollars as a hedge fund manager using data science to drive investment decisions, and the clan was deeply involved with funding the Alt-Right movement and seeking to subvert Democracy to establish a right-wing nirvana.

The Mercers ended up funding the development of Cambridge Analytica.

Wylie / Cambridge Analytica also partnered with another researcher, Dr. Aleksandr Kogan, a Moldovan who's spent a lot of time in Russia. Kogan developed a game that became viral and also collected lots of Facebook user data. The game was played by about 320,000 people, but because it asked for access to their friends Facebook user data, they were able to collect data on about 50 million people.

According to Facebook's rules - a company is not allowed to transfer collected user data to another organization. The data is for their own use, and there is a strict time period the data is allowed to be retained. However, Kogan's company, Global Science Research (GSR), did both those things.

Facebook could see that a massive amount of data was being collected. Facebook contacted GSR, and when Kogan said it was for research purposes Facebook apparently said 'Fine'.

Kogan is not only a Researcher at Cambridge University, but holds an associate Professorship at St. Petersburg University (Russia).

Another Russia connection came when Cambridge Analytica had to write up a memo describing their methodologies to Lukoil, a giant Russian oil company whose CEO, Vagit Alekperov, is closely linked to Vladimir Putin.

Cambridge Analytica did not rely solely on data gathered via Facebook. The company also bought consumer marketing datasets, matching it up with the Facebook profile data. The goal was to collect as much data as possible about everyone, and use that data to craft personalized messaging.

The key was to find “persuadable” voters who could be triggered, for example, with images of immigrants “swamping” the country. The key is finding emotional triggers for each individual voter.

The articles describe Cambridge Analytica as being different from a normal company. Instead of being driven to be profitable, the Mercers simply funded the company to further their political aims.

From one of the Guardian's articles:

Tamsin Shaw, an associate professor of philosophy at New York University, helps me understand the context. She has researched the US military’s funding and use of psychological research for use in torture. “The capacity for this science to be used to manipulate emotions is very well established. This is military-funded technology that has been harnessed by a global plutocracy and is being used to sway elections in ways that people can’t even see, don’t even realise is happening to them,” she says. “It’s about exploiting existing phenomenon like nationalism and then using it to manipulate people at the margins. To have so much data in the hands of a bunch of international plutocrats to do with it what they will is absolutely chilling.

“We are in an information war and billionaires are buying up these companies, which are then employed to go to work in the heart of government. That’s a very worrying situation.”


The Guardian - ‘I made Steve Bannon’s psychological warfare tool’: meet the data war whistleblower ( Is an interview with Christopher Wylie, founder of Cambridge Analytica, and how he unwittingly (so he claims) caused this weapon of information warfare.

The Guardian - The Cambridge Analytica Files - ( - A trove of other reporting on Cambridge Analytica

NY Times - How Trump Consultants Exploited the Facebook Data of Millions - ( -- Another interview with Christopher Wylie

The Guardian - Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach - (

The Guardian - Cambridge Analytica: links to Moscow oil firm and St Petersburg university - (

The Guardian - The great British Brexit robbery: how our democracy was hijacked - (

The Guardian - Robert Mercer: the big data billionaire waging war on mainstream media - (

The Guardian - ‘Dark money’ is threat to integrity of UK elections, say leading academics - (

Facebook announces suspension of Cambridge Analytica and parent company Strategic Communication Laboratories (SCL) - ( Among other things in the statement, Facebook said this:

We Maintain Strict Standards and Policies

Protecting people’s information is at the heart of everything we do, and we require the same from people who operate apps on Facebook. In 2015, we learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/Cambridge Analytica, a firm that does political, government and military work around the globe. He also passed that data to Christopher Wylie of Eunoia Technologies, Inc.

Like all app developers, Kogan requested and gained access to information from people after they chose to download his app. His app, “thisisyourdigitallife,” offered a personality prediction, and billed itself on Facebook as “a research app used by psychologists.” Approximately 270,000 people downloaded the app. In so doing, they gave their consent for Kogan to access information such as the city they set on their profile, or content they had liked, as well as more limited information about friends who had their privacy settings set to allow it.

Although Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time, he did not subsequently abide by our rules. By passing information on to a third party, including SCL/Cambridge Analytica and Christopher Wylie of Eunoia Technologies, he violated our platform policies. When we learned of this violation in 2015, we removed his app from Facebook and demanded certifications from Kogan and all parties he had given data to that the information had been destroyed. Cambridge Analytica, Kogan and Wylie all certified to us that they destroyed the data.

About the Author(s)

( David Herron : David Herron is a writer and software engineer focusing on the wise use of technology. He is especially interested in clean energy technologies like solar power, wind power, and electric cars. David worked for nearly 30 years in Silicon Valley on software ranging from electronic mail systems, to video streaming, to the Java programming language, and has published several books on Node.js programming and electric vehicles.