On November 6, 2018, the UK’s Information Commissioner’s Office (ICO) released its final report “Investigation into the use of data analytics and in political campaigns.” (PDF) Amidst the clamor and chaos of midterm elections in the America, mainstream media has given minor attention to this report. The lack of attention is concerning because of the enormous implications the UK report holds for the United States, our political system, our social media platforms, and our private data.
The report is clear that political campaigns, insurance companies, data brokers, and social media platforms played a significant role in abusing private citizens’ data. It’s important to remember, however, that the ICO was solely interested in protecting UK citizens’ information. But the report leaves us many clues about the use and abuse of U.S. citizen data.
Political campaign involvement.
One of the key concerns for the ICO was the manner in which political campaigns obtain and use private data, particularly when such data is used to undermine free and fair elections.
Personal privacy rights have been compromised on an astronomical scale. But this doesn’t just apply to the UK referendum. As the Commission points out, it applies to US election campaigns as well. It isn’t the UK’s job to discover how US political campaigns misused private data; that is on us. This brings up a multitude of questions:
> The Commission looked at all sides of the political spectrum because their goal was to protect democracy itself, regardless of political affiliation. Shouldn’t this be our concern as well?
> How did our political parties — Republican, Democrat, Libertarian, Green, etc. — obtain and use our data in the 2016 elections?
> What are the current laws and regulations surrounding the use of private data for political ends?
> Do these laws and regulations need an overhaul since “personal and privacy rights have been compromised” on such a large scale?
To protect the basic functioning and integrity of our democracy and to protect our citizens, these issues should be a top priority for a government elected to protect citizens’ rights.
The social media platforms involved are all US companies.
The ICO investigation focused primarily on 30 organizations. Of those 30, social media platforms occupied four slots. Every one of these platforms is a US organization: Facebook, Twitter, Google, and Snapchat.
The report only tells us the findings on Facebook, which is regrettable. But what it tells us is significant and informs our concerns about the other platforms.
For instance, the report tells us that Dr. Kogan (working for Cambridge Analytica) was able to harvest the data of 87 million Facebook users — 1 million of which were from the UK.
One million UK Facebook users. That’s a lot. But what about the other 86 million? Anyone else curious how many of those 87 million users were from the US?
Additionally, we know that Twitter similarly sold data to Dr. Kogan and Cambridge Analytica. Was this data relegated to publicly available information or, like Facebook’s quagmire, did Twitter also sell direct messages, follower details, etc.? And, how many people were impacted?
Given the enormous spotlight on Facebook, the American public mostly grasps how that platform abused our data. The elephant in the room, however, is the other platforms and their long known involvement with selling private data. We know they did it. So why don’t we know exactly what they did, how many people they impacted, and whether they broke any laws?
Most of the Big Data firms involved are US companies.
Experian. The company that allows consumers to view our credit reports.
Experian is also the company that, in 2017, reported being hacked to the tune of 143 million Americans having their private data exposed.
This company is just one of the US-based companies that the Commission investigated under the umbrella of “data brokers.” The ICO found that Experian provided private data to political organizations.
Experian brokered private data for the benefit of political organizations in the UK. But Experian is a US-based company. So, what — if any — private data brokering did Experian participate in the US?
And the timing of the 2017 Experian hack should raise the hackles of anyone who’s ever read a Sherlock Holmes story. Was the “hack” a way for Experian to cover up that it had sold private data to businesses and political organizations?
The involvement of US-based companies in the biggest data scandal in history is profoundly concerning.
The ICO investigation focused heavily upon Cambridge University’s use of private data by academics for scholarly, political, and commercial use. Notably, however, the investigation also looked at the University of Mississippi in the U.S.
The investigation concluded:
Again, emphasizing that this investigation was relegated UK citizens’ information, the findings beg the question: what about U.S. citizen information? And is the University of Mississippi the only university to have considered using private data for political purposes?
At least one of our universities actively considered implementing a program that collected and analyzed large quantities of data for political purposes. That is alarming.
To citizens’ detriment, the field of academia tends to overlook data protection in the US. Given the report’s findings, the US must take a closer look at how private data is used in academia and how we might secure such data.
The UK Report and America: Lessons
It would’ve been preferable for the US to take the lead role in an investigation into the largest data scandal in history. But that isn’t what happened. Therefore, we are fortunate that the UK assumed leadership where the US did not. We are fortunate to have the UK’s findings and we’d be remiss if we ignore the road-map they’ve laid out for us.
The ICO’s findings are startling, even though they only focused on the private data of UK citizens. The implications for US citizens are alarmingly obvious. Laws were broken; businesses and political organizations have participated; private data was misused for private and political gain; our most essential rights and institutions were compromised.
It is time for the US to take the lead. It is time for us to secure the foundations of a free society. But we can’t do that unless we have the moral rectitude to hold our own accountable.
Written by Virginia Murr
Read More Commentary about Cambridge Analytica and the 2016 Elections:
Cambridge Analytica — Did They Target Voter Registration Files?
Molly Schweickert of Cambridge Analytica – What Did She Just Say?
Cambridge Analytica and the Flipping of an Election – the Law of Small Numbers