Explainer: Facebook, Cambridge Analytica and the “biggest breach” in tech history

By Shreya Maskara 

A data analytics firm is under grave scrutiny and pressure by the US and British governments after media agencies revealed over the weekend the company’s role in harvesting millions of Facebook profiles since 2014, in what is being called the biggest known breach in tech history.

British firm Cambridge Analytica, the agency behind Donald Trump’s 2017 election campaign and the UK government’s 2016 Brexit campaign, is facing a search warrant from the UK Information Commissioner’s Office, questions from the US government, and a suspension and audit from Facebook.

What is Cambridge Analytica?

Formed in 2013, Cambridge Analytica is an offshoot of British parent company Strategic Communication Laboratories Group (SCL) with an aim of participating in American politics. The company was founded by chief executive officer Alexander Nix, and refers to itself as a “global election management agency” that specialises in data mining and strategic communications for military organisations and governments. Whistleblower Christopher Wylie, a former employee of the company, has described Cambridge Analytica as a “full-service propaganda machine”.

What is Cambridge Analytica accused of?

The firm has been accused of harvesting private information from the Facebook profiles of over 50 million users without their permission, making it the largest data breach in the history of the website. This information was revealed by a former employee and founder Christopher Wylie to the Observer and the New York Times.

The firm is funded by hedge-fund and a sizeable donation from Republican donor Robert Mercer, and also wooed Mercer’s political advisor Stephen Bannon—who went on to become the second most powerful man in Washington for a while—with the promise of providing them with the “tools” to “identify the personalities of American voters and influence their behaviour” ahead of the 2014 midterm elections in the US. Bannon was also on the firm’s board for two years (2014-206).

Wylie told the Observer how he worked with Aleksandr Kogan, an academic from Cambridge University, to obtain this data and exploit users.

“We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons,” Wylie said. “That was the basis the entire company was built on.”

The misuse of data may have allowed the company to build a psychological profile of a large proportion of the American electorate targeting them with specific marketing material and targeted ads, thereby swaying the results of 2016 presidential elections.

“It was a grossly unethical experiment,” said Wylie in an interview with the Guardian“It is something that I regret doing and this is why I’m talking to you, so people can know about what this company is and what this company does.”

Wylie said in the interview that he thinks the company was unethical in the way it “played with the psychology of an entire nation without its consent,” in particular with its perception of the “democratic process”.

What is Facebook doing?

Amidst global backlash about its failure to protect its users, Facebook is under tremendous pressure from American and British lawmakers to explain how Cambridge Analytica was able to violate the social network’s safety measures.

On March 16, before media organisations published information about the breach, Facebook published a blog post explaining its decision to suspend SCL, including their political data analytics firm Cambridge Analytica, from the company.

The blog post went on to detail how the company learnt in 2015 about Kogan and his violations of Facebook’s Platform Policies to forward user information to SCL/Cambridge Analytica and to Wylie’s Eunoia Technologies, Inc. The post further went on to reveal that after learning about the violations, Facebook asked Kogan to delete the data, and all three entities (Cambridge Analytica, Kogan and Wylie) certified to Facebook that the data had been destroyed.

In a further attempt to justify its actions following the global media storm about the data breach, Facebook updated the post on March 17 to share with users that “the claim that this is a data breach is completely false.”

“People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked,” reads the updated blog post. Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg have not responded to any of the allegations.

According to reports, Facebook plans to hold an open meeting to let all employees ask questions about the unfolding scandal.

Meanwhile, Facebook stocks fell 7% on Monday—the most in a single day over five years.

What happens next?

Facebook has said it has hired forensic auditors from Stroz Friedberg to probe the incident. However, this probe could perhaps only begin after government authorities finish their probe of the Cambridge Analytica offices. Authorities from the UK Information Commissioner’s Office are in the process of obtaining a search warrant to examine the internal servers of the firm. The officers have asked Facebook auditors to stand down in the meantime.

For now, Cambridge Analytica, SCL, Kogan and Wylie have been suspended from Facebook for violating its rules.

In addition, attorneys general of US states Massachusetts and Connecticut have launched investigations into the handling of Facebook data, while the attorney general’s office in California—where Facebook is headquartered—revealed their concerns about the matter. The UK Electoral Commission is also investigating what role Cambridge Analytica played in the Brexit referendum.