Americans Should Be Alarmed by the UK Report on Cambridge Analytica and Big Data
On November 6, 2018, the UK’s Information Commissioner’s Office released its final report “Investigation into the use of data analytics in political campaigns.” Amidst the clamor and chaos of midterm elections in the U.S., mainstream media has given minimal attention to this report. The lack of attention is concerning given the enormous implications the report holds for the United States, our political system, our social media platforms, and our private data.
While the report is clear that political campaigns, insurance companies, data brokers, and social media platforms have played a significant role in abusing private citizens’ data—one of the key points to remember is that the Commission was solely interested in protecting the information of UK citizens. But the report leaves us many clues about how U.S. citizen data was likely used and abused by similar entities.
Political campaign involvement.
One of the key concerns for the UK Commissioner’s office was the manner in which political campaigns obtain and use private data, particularly when such data is used to undermine free and fair elections.
Personal privacy rights have been compromised on an astronomical scale—not only surrounding the UK referendum, but, as the Commission specifically points out, US election campaigns as well. It isn’t the UK’s job to discover how US political campaigns misused private data; that is on us. This brings up a multitude of questions:
The Commission looked at all sides of the political spectrum because their goal was to protect democracy itself—to protect free and fair elections, regardless of political affiliation. Shouldn’t this be our concern as well?
How did our political parties—Republican, Democrat, Libertarian, Green, etc.—obtain and use our data in the 2016 elections?
What are the current laws and regulations surrounding the use of private data for political ends?
Do these laws and regulations need an overhaul since “personal and privacy rights have been compromised” on such a large scale?
To protect the basic functioning and integrity of our democracy, to protect our citizens, one would think that these issues would be a top priority for a government elected to protect our rights.
The social media platforms involved are all US companies.
The UK Commissioner’s investigation focused primarily on 30 organizations. Of those 30—social media platforms occupied four slots. Every one of these platforms is a US organization: Facebook, Twitter, Google, and Snapchat.
The report only tells us the findings on Facebook, which is regrettable. But what it tells us is significant and informs our concerns about the other platforms.
For instance, the report tells us that Dr. Kogan (working for Cambridge Analytica) was able to harvest the data of 87 million Facebook users—1 million of which were from the UK.
One million UK Facebook users. That’s a lot. But what about the other 86 million? Anyone else curious how many of those 87 million users were from the US?
Additionally, we know that Twitter similarly sold data to Dr. Kogan and Cambridge Analytica. Was this data strictly relegated to publicly available information—or, like Facebook’s quagmire—did Twitter also sell direct messages, follower details, etc.? And, how many people were impacted?
Given the spotlight that has been placed on Facebook, the American public has a decent grasp of how our data was abused by that platform. The elephant in the room, however, is the other platforms and their previously known involvement with selling private data. We know they did it, so why don’t we know exactly what they did, how many people they impacted, and whether they broke any laws?
Most of the Big Data firms involved are US companies.
Experian. The company that allows users to view our credit reports. The company that in 2017 reported being hacked to the tune of 143 million Americans having their private data exposed.
This company is just one of the US-based companies that the Commission investigated under the umbrella of “data brokers.” The commission found that Experian provided private data to political organizations.
Given that Experian was directly involved with brokering private data for the benefit of political organizations in the UK, and Experian is a US-based company, what—if any—private data brokering did Experian participate in here, in the US?
And the timing of the 2017 Experian hack should raise the hackles of anyone who’s ever read a Sherlock Holmes story. Was the “hack” simply a way for Experian to cover the fact that it had sold private data to various businesses and political organizations?
The involvement of US-based companies in the biggest data scandal in human history should be a concern for all of us.
The Commissioner’s investigation, based in the UK, focused heavily upon Cambridge University’s use of private data by academics for scholarly and commercial use. But, notably, the investigation also looked at the University of Mississippi in the U.S.
The investigation concluded:
Again, emphasizing that this investigation was relegated UK citizens’ information, the findings beg the question: what about U.S. citizen information? And is the University of Mississippi the only university to have considered using private data for political purposes?
Given that—at least—one of our universities actively considered implementing a program that collected and analyzed large quantities of data for political purposes, it is reasonable to conclude that Americans should be alarmed.
To citizens’ detriment, data protection across the field of academia is often overlooked in the US. Given the report’s findings, the US needs to take a closer look at how private data is used in academia and how we might best secure such data.
While it would have been preferable for the US to take the lead role in an investigation into the largest data scandal in history, we are fortunate that the UK assumed leadership where the US did not. We are fortunate to have their findings—and we would be glaringly remiss if we ignore the road-map they’ve laid out for us.
The UK Commission’s findings are startling, even though they only focused on the private data of UK citizens. The implications for US citizens are obvious. Laws have been broken; businesses and political organizations have participated; private data has been misused for private and political gain; our most essential rights and institutions have been compromised.
It is time for the US to take the lead. It is time for us to secure the foundations of a free society by having the moral fortitude to hold our own accountable.
By Virginia Murr, Character HQ