Who will protect our democracy from industrialised disinformation?

Several recent events have raised urgent questions about the threat to our democracy from unscrupulous digital operatives. Disturbingly, these questions remain largely unanswered by a report this week from the Information Commissioner’s Office (ICO).

Last week, Channel Four reported on a data leak from Trump’s 2016 presidential campaign that revealed how ‘Team Trump’ had worked with Cambridge Analytica to suppress the black vote in key marginal states in the US. Using micro-targeted social media ads, the Trump campaign had successfully instilled fear and distrust of Hillary Clinton in black voters who had been psychologically profiled as likely to be susceptible to such messaging. This strategy appears to have resulted in a dramatic drop in the black vote in the small number of states that swung the election for Trump.

As I wrote last week for Byline Times, there is no doubt that similar techniques were used in the UK during the Brexit referendum campaign, and that many of the same people were involved in this. Both Vote Leave, the official Leave campaign run by Dominic Cummings, and Leave.EU, the unofficial campaign spearheaded by Nigel Farage and bankrolled by Arron Banks, were helped by Cambridge Analytica or the closely associated Canadian company AIQ  to target British voters. Indeed, Cummings has boasted publicly about how he subjected some seven million voters to a blizzard of 1.5 billion individually tailored social media ads in days leading up to the vote in June 2016.

Each of these false claims was tailored to an identified characteristic of the individual voters on whom the ad was targeted – for instance, people who were worried about immigration or had expressed an interest in the environment or animal welfare. Many of the ads contained no imprint, as legally required, to identify them as being from Vote Leave – though of course these ads were not visible to the Electoral Commission.

Last week also brought news that the former CEO of Cambridge Analytica, Alexander Nix,  had been disqualified as a company director for seven years for offering “shady political services”. These included “bribery or honey trap stings, voter disengagement campaigns, obtaining information to discredit political opponents and spreading information anonymously in political campaigns”.

So does this mean that we are now safer from the sort of voter manipulation and industrialised lying in which Cambridge Analytica specialised? Far from it. In fact, it seems that the agencies that should be safeguarding the democratic process from such practices are struggling to do this effectively.

This was shown by some other news about Cambridge Analytica this week, in the shape of a letter from UK Information Commissioner Elizabeth Denham to Julian Knight MP, Chair of the Digital, Culture and Media and Sport (DCMS) select committee. The Information Commissioner’s Office, or ICO, is the body charged with protecting the public against abuses of personal data, and the letter was in answer to various questions the committee had raised on how Cambridge Analytica and SCL (its parent company) “had used the personal data it held, whether these methods could be used in the future, and the associated risks to citizens”.

This letter has been held up by pro-Brexit groups as proof that Cambridge Analytica, and illicitly gathered  data it provided, were not involved in the Brexit campaign. In fact, it is anything but, and it raises far more questions than it answers.

The Information Commissioner’s letter states: “I have found no further evidence to change my earlier view that SCL/CA were not involved in the EU referendum campaign in the UK.” A decidedly odd view, given that Cambridge Analytica insider Brittany Kaiser was on the speaker platform at Leave.EU’s launch in November 2015, where she was introduced in glowing terms by campaign chair Richard Tice: “We have Brittany Kaiser from Cambridge Analytica, a world leader in target-voter messaging using specialist non-traditional techniques.” And in February 2016, the Company’s CEO Alexander Nix described how Cambridge Analytica was working for Leave.EU in an article for Campaign magazine: “We have already helped supercharge Leave.EU’s social media campaign by ensuring the right messages are getting to the right voters online.”

Kaiser later told the DCMS Committee: “Chargeable work was completed for UKIP and Leave.EU, and I have strong reasons to believe that those data sets and analysed data processed by Cambridge Analytica … were later used by the Leave.EU campaign without Cambridge Analytica’s further assistance.”

“SM0_9363” by Web Summit is licensed under CC BY 2.0

The Information Commissioner’s letter itself contradicts Elizabeth Denham’s conclusion on SCL/Cambridge Analytica not being involved in the Brexit campaign, stating later on that “Cambridge Analytica did appear to do a limited amount of work for Leave.EU.” But it is the role played by AIQ, a Canadian company that worked hand-in-glove with Cambridge Analytica, that was far more significant in influencing UK voters, and on this the ICO letter displays a startling naivety.

AIQ was paid  £3,657,000 by Vote Leave and associated campaign groups to target UK voters. In fact, Vote Leave illegally overspent on its officially allowed campaign budget by funnelling money to AIQ through an associated campaign group, BeLeave.

The ICO was asked about how AIQ had used datasets in the targeting process, and whether there had been sharing of such datasets between organisations and campaign groups (which would have been illegal). Astonishingly, it appears to have taken AIQ’s assurance that such sharing did not take place at face value: “Our investigation found that AIQ’s own internal firewall policy prohibited the sharing of data between campaigns.” Given that these supposedly separate campaign groups had illegally combined their budgets to pay AIQ for the same services, it is, to say the least, surprising that such an assurance was taken on trust.

Just as surprising is that the ICO appears to view AIQ as a separate entity from Cambridge Analytica/SCL. While this may be the case in terms of their constitution as legal entities, there is a mountain of evidence showing that these companies were effectively joined at the hip. As Cambridge Analytica whistleblower Christopher Wylie has described, AIQ was set up “to service SCL and Cambridge Analytica projects” (SCL is Cambridge Analytica’s parent company).

In 2018, data breach specialist Chris Vickery was able to gain access to an insecurely guarded online data warehouse set up by AIQ, giving insights into the range of digital tools used by the company and showing its hand-in-glove relationship with Cambridge Analytica. Vickery described what he found to the DCMS committee set up to investigate disinformation and fake news: “a set of sophisticated applications, data management programs, advertising trackers, and information databases that collectively could be used to target and influence individuals through a variety of methods, including automated phone calls, emails, political websites, volunteer canvassing, and Facebook ads”.

In 2018, Damian Collins MP, then chair of the DCMS committee, gave evidence to the Canadian Parliament’s Standing Committee on Access to Information, Privacy and Ethics, which was investigating AIQ as part of a wider inquiry into abuses of personal data involving Cambridge Analytica and Facebook. Asked whether the inquiry should believe the assertion by AIQ’s CEO that there was no connection between AIQ and Cambridge Analytica/SCL, Collins said:

“The evidence we’ve received contradicts that. We’ve been told by Chris Wylie and Brittany Kaiser that, as far as they were concerned, that’s what it was. It was SCL Canada, and indeed there are documents that Chris Wylie gave us that show employee lists and directories where SCL Canada is listed. We know there’s a huge number of projects that SCL and AIQ worked on together—the staff teams worked together—going back a number of years […] Again, there were staff members from SCL, Cambridge Analytica, and AIQ all working on the same projects, including Dr. Kogan [the academic who illicitly supplied large volumes of personal Facebook data to Cambridge Analytica] as well. The impression you get is one of a high-level of integration and partnership, and the evidence we had from Chris Vickery, yesterday, looking at these datasets he found on GitLab would, again, suggest that this is an entity of work that is totally integrated.”

Nothing in the ICO’s letter contradicts any of this, which makes the Information Commissioner’s assertion that SCL and Cambridge Analytica “were not involved” in the Brexit campaign look even more far-fetched.

This is a complex story, and one that is likely to go over the heads of many voters. But it is one that has a vital bearing not just on the integrity of the 2016 referendum, but on that of all future elections, and indeed the future of democracy in our country.

Alexander Nix may be disqualified as a company director, but the people who targeted UK voters’ Facebook feeds with disinformation and outright lies in 2016 have not gone away. Nor have the techniques and datasets used to target them – in fact, these are likely to have become even more powerful and sophisticated.

Facebook, the platform that has done more than any other to facilitate the industrialised spread of political disinformation, has done little to curb this, and instead has made efforts to silence its critics. Earlier this week it succeeded in having the website of the recently established ‘Real Facebook Oversight Board’ – a group set up by leading academics, journalists, lawyers and activists –  removed from the internet.

Meanwhile, Dominic Cummings is reported to be advancing a scheme to remove the data protection rights currently enjoyed by UK citizens under the European Union’s general data protection regulation (GDPR). Currently, GDPR offers the best available legal protection against the sort of data abuses in which Cambridge Analytica and others were engaged.

We urgently need stronger safeguards against these abuses. We also need to be sure the bodies entrusted to protect us from them, and to ensure the integrity of the democratic process, have the will and the necessary resources to do so effectively.

In their absence, elections become essentially commodities to be bought by whoever has the deepest pockets and the least ethical aversion to the micro-targeting of lies on the electorate.