Brittney Kaiser, a former employee for Cambridge Analytica — who left the company in January and is today giving evidence in front of a UK parliament committee that’s investigating online misinformation — has suggested that data on far more Facebook users may have found its way into the consultancy’s hands than the up to 87M people Facebook has so far suggested had personal data compromised as a result of a personality quiz app running on its platform which was developed by an academic working with CA.
Another former CA employee, Chris Wylie, previously told the committee the company worked with professor Aleksandr Kogan to gather Facebook users’ data — via his thisisyourdigitallife quiz app — because Kogan had agreed to work on gathering and processing the data first, instead of negotiating commercial terms up front.
CA’s intent was to use Facebookers’ data for political microtargeting, according to evidence provided by Wylie.
In her written evidence to the committee Kaiser claims:
I should emphasise that the Kogan/GSR datasets and questionnaires were not the only Facebook-connected questionnaires and datasets which Cambridge Analytica used. I am aware in a general sense of a wide range of surveys which were done by CA or its partners, usually with a Facebook login – for example, the “sex compass” quiz. I do not know the specifics of these surveys or how the data was acquired or processed. But I believe it is almost certain that the number of Facebook users whose data was compromised through routes similar to that used by Kogan is much greater than 87 million; and that both Cambridge Analytica and other unconnected companies and campaigns were involved in these activities.
Asked to expand on this point during today’s hearing, Kaiser said Cambridge Analytica’s internal creative, psychology and data science teams worked together to design questionnaires for deploying on Facebook’s platform.
“I am aware now of what the questionnaire was that professor Kogan used, although I didn’t know about it when I joined the company. But I would see questionnaires — for example there was one called the ‘Sex Compass’ to find out what your personal preferences were privately. And then there was another one on your ‘Music Personality’,” she told the committee.
“In my pitches I used to give examples even to clients that if you go on Facebook and you see these viral personality quizzes — not all of them would have been designed by Cambridge Analytica/SCL Group or our affiliates but that these applications were designed specifically to harvest data from individuals, using Facebook as the tool.”
“I know at least of those two examples,” she added. “Therefore it can be inferred or implied that there were many additional individuals as opposed to just the ones, through Aleksandr Kogan’s test, whose data may have been compromised.”
Committee chair Damian Collins asked Kaiser whether the viral app approach to harvesting Facebook data, which CA had developed for work in the U.S., would have been used by the company in other markets too.
“That was the idea — although in Europe it’s quite difficult because of the data protection laws,” responded Kaiser.
“Well if you observe them,” quipped Collins.
“Correct,” said Kaiser.
A little later another committee member returned to the topic, asking Kaiser to confirm whether these survey apps would definitely have been able to pass Facebook data on users if they provided their Facebook login details at the end of the survey process — noting that the committee had been told by former CA CEO, Alexander Nix, that Facebook users’ personal data may not have been accessed by CA via the surveys.
“What you’re saying is that that was not the case — that actually the purpose of the survey was to gather [Facebook] information and by completing it with your Facebook login as well then CA would also get access to your data on Facebook too?”
“I believe that was the point of the quizzes in the first place, yes,” responded Kaiser.
Since the data misuse scandal blew up last month, Facebook has said it is conducting a full audit of any apps which had access to “a large amount” of information before it changed app permissions on its platform in mid 2015 to prevent developers from being able to suck out data on Facebook users’ friends.
We’ve reached out to Facebook to ask whether it can provide an estimate on the total number of users’ data that could have also been compromised by additional quiz apps running on its platform — and will update this story with any response. Update: A Facebook spokesperson said: “We are currently investigating all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014. We will conduct a full audit of any app with suspicious activity. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected.”
Earlier this month the company confirmed that as many as 87 million Facebook users could have had information passed to Cambridge Analytica as a result of just Kogan’s app — which was downloaded around 270,000 times.
CEO Mark Zuckerberg has said the full audit process of third party apps with access to lots of user data will take some time.
Also earlier this month the company revealed that another historical feature — intended to be used for search and account recovery — had been systematically exploited by “malicious actors” to scrape public information from Facebook users’ profiles.
It warned that “most” Facebook users will have had their public info scraped by unknown entities as a result of this security loophole. The company’s platform has more than 2BN active users now, meaning that between 1BN and 2BN people will have had some of their Facebook information taken without their consent.