Regulators in the UK are also calling for more hearings into Facebook and Cambridge Analytica

As more details emerge about Cambridge Analytica’s use of Facebook data in the U.S. presidential election, members of Parliament in the UK are joining congressional leadership in the U.S. to call for a deeper investigation and potential regulatory action.

The Chair of parliamentary committee investigating “fake news”, the conservative MP Damian Collins, accused both Cambridge Analytica and Facebook of misleading his committee’s investigation in a statement early Sunday morning indicating that both companies would be called in for more questioning.

Alexander Nix denied to the Committee last month that his company had received any data from the Global Science Research company (GSR). From the evidence that has been published by The Guardian and The Observer this weekend, it seems clear that he has deliberately mislead the Committee and Parliament by giving false statements,” Collins wrote in a statement to the press. “We will be contacting Alexander Nix next week asking him to explain his comments, and answer further questions relating to the links between GSR and Cambridge Analytica, and its associate companies.”

On Friday, Facebook announced that it had suspended the account of Cambridge Analytica for violating the social media company’s terms and conditions by obtaining user data from a third party source without users’ permissions.

The announcement, made late Friday night, was designed to preempt reports published by The New York Times and The Guardian that would have exposed the fact that Cambridge Analytica had obtained information on 50 million Facebook users — and that Facebook had known about the improper availability of that user data for two years.

The use or abuse of that data by Cambridge Analytica in work that it had done with Donald Trump’s campaign for President in 2016 and potentially for other businesses in the run up to the election is at the heart of Donal

Before basically verifying the accuracy of the story, Facebook had threatened both The Times and The Guardian with legal action to try and kill it.

The company’s response to the reports aren’t impressing anyone — and could land more than just its chief counsel in the hot seat.

Facebook Chief Legal Officer Colin Stretch

“We have repeatedly asked Facebook about how companies acquire and hold on to user data from their site, and in particular whether data had been taken from people without their consent. Their answers have consistently understated this risk, and have also been misleading to the Committee,” Collins wrote.

He went on to accuse Facebook of “deliberately answering straight questions from the committee” and failing to supply the Committee with evidence relating to “the relationship between Facebook and Cambridge Analytica.” Evidence that had been promised when members of Parliament went to Washington to quiz Facebook about its role in various political campaigns in the UK.

“I will be writing to Mark Zuckerberg asking that either he, or another senior executive from the company, appear to give evidence in front of the Committee as part our inquiry. It is not acceptable that they have previously sent witnesses who seek to avoid asking difficult questions by claiming not to know the answers. This also creates a false reassurance that Facebook’s stated policies are always robust and effectively policed,” Collins wrote.

“We need to hear from people who can speak about Facebook from a position of authority that requires them to know the truth. The reputation of this company is being damaged by stealth, because of their constant failure to respond with clarity and authority to the questions of genuine public interest that are being directed to them. Someone has to take responsibility for this. It’s time for Mark Zuckerberg to stop hiding behind his Facebook page.”

Facebook’s latest privacy debacle stirs up more regulatory interest from lawmakers

Facebook’s late Friday disclosure that a data analytics company with ties to the Trump campaign improperly obtained — and then failed to destroy — the private data of 50 million users is generating more unwanted attention from politicians, some of whom were already beating the drums of regulation in the company’s direction.

On Saturday morning, Facebook dove into the semantics of its disclosure, arguing against wording in the New York Times story the company was attempting to get out in front of that referred to the incident as a breach. Most of this happened on the Twitter account of Facebook chief security officer Alex Stamos before Stamos took down his tweets and the gist of the conversation made its way into an update to Facebook’s official post.

“People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked,” the added language argued.

While the language is up for debate, lawmakers don’t appear to be looking kindly on Facebook’s arguably legitimate effort to sidestep data breach notification laws that, were this a proper hack, could have required the company to disclose that it lost track of the data of 50 million users, only 270,000 of which consented to data sharing to the third party app involved. (In April of 2015, Facebook changed its policy, shutting down the API that shared friends data with third-party Facebook apps that they did not consent to sharing in the first place.)

While most lawmakers and politicians haven’t crafted formal statements yet (expect a landslide of those on Monday), a few are weighing in. Minnesota Senator Amy Klobuchar calling for Facebook’s chief executive — and not just its counsel — to appear before the Senate Judiciary committee.

Senator Mark Warner, a prominent figure in tech’s role in enabling Russian interference in the 2016 U.S. election, used the incident to call attention to a piece of bipartisan legislation called the Honest Ads Act, designed to “prevent foreign interference in future elections and improve the transparency of online political advertisements.”

“This is more evidence that the online political advertising market is essentially the Wild West,” Warner said in a statement. “Whether it’s allowing Russians to purchase political ads, or extensive micro-targeting based on ill-gotten user data, it’s clear that, left unregulated, this market will continue to be prone to deception and lacking in transparency.”

That call for transparency was echoed Saturday by Massachusetts Attorney General Maura Healey who announced that her office would be launching an investigation into the situation. “Massachusetts residents deserve answers immediately from Facebook and Cambridge Analytica,” Healey tweeted. TechCrunch has reached out to Healey’s office for additional information.

On Cambridge Analytica’s side, it looks possible that the company may have violated Federal Election Commission laws forbidding foreign participation in domestic U.S. elections. The FEC enforces a “broad prohibition on foreign national activity in connection with elections in the United States.”

“Now is a time of reckoning for all tech and internet companies to truly consider their impact on democracies worldwide,” said Nuala O’Connor, President of the Center for Democracy & Technology. “Internet users in the U.S. are left incredibly vulnerable to this sort of abuse because of the lack of comprehensive data protection and privacy laws, which leaves this data unprotected.”

Just what lawmakers intend to do about big tech’s latest privacy debacle will be more clear come Monday, but the chorus calling for regulation is likely to grow louder from here on out.

Facebook suspends Cambridge Analytica, the data analysis firm that worked on the Trump campaign

Facebook announced late Friday that it had suspended the account of Strategic Communication Laboratories, and its political data analytics firm Cambridge Analytica — which used Facebook data to target voters for President Donald Trump’s campaign in the 2016 election. In a statement released by Paul Grewal, the company’s vice president and deputy general counsel, Facebook explained that the suspension was the result of a violation of its platform policies. The company noted that the very unusual step of a public blog post explaining the decision to act against Cambridge Analytica was due to “the public prominence of this organization.”

Facebook claims that back in 2015 Cambridge Analytica obtained Facebook user information without approval from the social network through work the company did with a University of Cambridge psychology professor named Dr. Aleksandr Kogan. Kogan developed an app called “thisisyourdigitallife” that purported to offer a personality prediction in the form of “a research app used by psychologists.”

Apparently around 270,000 people downloaded the app, which used Facebook Login and granted Kogan access to users’ geographic information, content they had liked, and limited information about users’ friends. While Kogan’s method of obtaining personal information aligned with Facebook’s policies, “he did not subsequently abide by our rules,” Grewal stated in the Facebook post.

“By passing information on to a third party, including SCL/Cambridge Analytica and Christopher Wylie of Eunoia Technologies, he violated our platform policies. When we learned of this violation in 2015, we removed his app from Facebook and demanded certifications from Kogan and all parties he had given data to that the information had been destroyed. Cambridge Analytica, Kogan and Wylie all certified to us that they destroyed the data.”

Facebook said it first identified the violation in 2015 and took action — apparently without informing users of the violation. The company demanded that Kogan, Cambridge Analytica and Wylie certify that they had destroyed the information.

Over the past few days, Facebook said it received reports (from sources it would not identify) that not all of the data Cambridge Analytica, Kogan, and Wylie collected had been deleted. While Facebook investigates the matter further, the company said it had taken the step to suspend the Cambridge Analytica account as well as the accounts of Kogan and Wylie.

Depending on who you ask, UK-based Cambridge Analytica either played a pivotal role in the U.S. presidential election or cooked up an effective marketing myth to spin into future business. Last year, a handful of former Trump aides and Republican consultants dismissed the potency of Cambridge Analytica’s so-called secret sauce as “exaggerated” in a profile by the New York Times. A May 2017 profile in the Guardian that painted the Robert Mercer-funded data company as shadowy and all-powerful resulted in legal action on behalf of Cambridge Analytica. Last October, the Daily Beast reported that Cambridge Analytica’s chief executive Alexander Nix contacted Wikileaks’ Julian Assange with an offer to help disseminate Hillary Clinton’s controversial missing emails.

In an interview with TechCrunch late last year, Nix said that his company had detailed hundreds of thousands of profiles of Americans throughout 2014 and 2015 (the time when the company was working with Sen. Ted Cruz on his presidential campaign).

…We used psychographics all through the 2014 midterms. We used psychographics all through the Cruz and Carson primaries. But when we got to Trump’s campaign in June 2016, whenever it was, there it was there was five and a half months till the elections. We just didn’t have the time to rollout that survey. I mean, Christ, we had to build all the IT, all the infrastructure. There was nothing. There was 30 people on his campaign. Thirty. Even Walker it had 160 (it’s probably why he went bust). And he was the first to crash out. So as I’ve said to other of your [journalist] colleagues, clearly there’s psychographic data that’s baked-in to legacy models that we built before, because we’re not reinventing the wheel. [We’ve been] using models that are based on models, that are based on models, and we’ve been building these models for nearly four years. And all of those models had psychographics in them. But did we go out and rollout a long form quantitive psychographics survey specifically for Trump supporters? No. We just didn’t have time. We just couldn’t do that.

The key implication here is that data leveraged in the Trump campaign could have originated with Kogan before being shared to Cambridge Analytica in violation of Facebook policy. The other implication is that Cambridge Analytica may not have destroyed that data back in 2015.

The tools that Cambridge Analytica deployed have been at the heart of recent criticism of Facebook’s approach to handling advertising and promoted posts on the social media platform.

Nix credits the fact that advertising was ahead of most political messaging and that traditional political operatives hadn’t figured out that the tools used for creating ad campaigns could be so effective in the political arena.

“There’s no question that the marketing and advertising world is ahead of the political marketing the political communications world,” Nix told TechCrunch last year. “…There are some things which [are] best practice digital advertising, best practice communications which we’re taking from the commercial world and are bringing into politics.”

Responding to the allegations, Cambridge Analytica sent the following statement.

In 2014, SCL Elections contracted Dr. Kogan via his company Global Science Research (GSR) to undertake a large scale research project in the US. GSR was contractually committed to only obtain data in accordance with the UK Data Protection Act and to seek the informed consent of each respondent. GSR were also contractually the Data Controller (as per Section 1(1) of the Data Protection Act) for any collected data. The language in the SCL Elections contract with GSR is explicit on these points. GSR subsequently obtained Facebook data via an API provided by Facebook. When it subsequently became clear that the data had not been obtained by GSR in line with Facebook’s terms of service, SCL Elections deleted all data it had received from GSR. For the avoidance of doubt, no data from GSR was used in the work we did in the 2016 US presidential election.

Under Section 55 of the Data Protection Act (Unlawful obtaining etc. of personal data), a criminal offense has not been committed if a person has acted in the reasonable belief that he had in law the right to obtain data. GSR was a company led by a seemingly reputable academic at an internationally renowned institution who made explicit contractual commitments to us regarding the its legal authority to license data to SCL Elections. It would be entirely incorrect to attempt to claim that SCL Elections

illegally acquired Facebook data. Indeed SCL Elections worked with Facebook over this period to ensure that they were satisfied that SCL Elections had not knowingly breached any of Facebook’s Terms of Service and also provided a signed statement to confirm that all Facebook data and their derivatives had been deleted.

Cambridge Analytica and SCL Elections do not use or hold Facebook data.