$0.75 – about how much Cambridge Analytica paid per voter in bid to micro-target their minds, internal docs reveal

Whether brain prodding worked is another matter


Cambridge Analytica bought psychological profiles on individual US voters, costing roughly 75 cents to $5 apiece, each crafted using personal information plundered from millions of Facebook accounts, according to revealed internal documents.

Over the course of the past two weeks, whistleblower Chris Wylie has made a series of claims against his former employer, Cambridge Analytica, and its parent organizations SCL Elections and SCL Group.

He has alleged CA drafted in university academic Dr Aleksander Kogan to help micro-target voters using their personal information harvested from Facebook, and that the Vote Leave campaign in the UK's Brexit referendum “cheated” election spending limits by funneling money to Canadian political ad campaign biz AggregateIQ through a number of smaller groups.

Cambridge Analytica has denied using Facebook-sourced information in its work for Donald Trump's US election campaign, and dubbed the allegations against it as "completely unfounded conspiracy theories."

A set of internal CA files released Thursday by Britain's House of Commons’ Digital, Culture, Media and Sport Select Committee includes contracts and email exchanges, plus micro-targeting strategies and case studies boasting of the organization's influence in previous international campaigns.

Psychological

Among them is a contract, dated June 4, 2014, revealing a deal struck between SCL Elections and Kogan’s biz Global Science Research, referred to as GS in the documents. It showed that Kogan was commissioned by SCL to build up psychological profiles of people, using data slurped from their Facebook accounts by a quiz app, and match them to voter records obtained by SCL.

The app was built by GS, installed by some 270,000 people, and was granted access to their social network accounts and those of their friends, up to 50 million of them. The information was sold to Cambridge Analytica by GS.

The idea being that, armed with these Facebook-based psychological profiles and linked electoral records, SCL could narrowly target voters with messaging, ads, and whatnot, to influence their political views, in theory. SCL would have some kind of grasp on each person's personality and level of Republican party support, and apparently exploit this to nudge voters' thoughts in one direction or another.

It can be argued that these ads and propaganda may not have any real effect on folks, or not as much as SCL hyped, but in any case, it's claimed this profiling and targeting took place and influencing was attempted.

The contract [PDF, from page 67] stated that GS had to provide SCL ideally with two million matched records of American citizens across eleven US states: Arkansas, Colorado, Florida, Iowa, Louisiana, Nevada, New Hampshire, North Carolina, Oregon, South Carolina, and West Virginia.

Earlier this week, Wylie told British members of Parliament that the GS work took place in three phases: a very small pilot to see if accounts on social networks could be matched to electoral register entries; a bigger one to make sure GS could acquire data at the speed required; and then the much larger slurp. The contract fleshed out the first two stages, stating that the trial sample would cover 10,000 to 30,000 citizens, and the full sample would cover between 1.5 and 2 million matches; a possible extension is mentioned but no figures were given.

Show me the money

GS's fee was a nominal £3.14, and up to $5 per person during the trial stage. The maximum payment would have been $150,000 for 30,000 records.

The price tag for the full sample was to be established after the trial, the document stated, but the total fee was not to exceed $0.75 per matched record. The total cost of the full sample stage would have been up to $1.5m for all two million matches. Wylie claimed roughly $1m was spent in the end.

What Cambridge Analytica was charged by GS

The rate card GS gave to Cambridge Analytica for people's personal information ... Click to enlarge

The minimum data points required per matched person were: forename, surname, gender and location, along with four GS-modeled components: “big five personality scores” according to OCEAN (openness, conscientiousness, extraversion, agreeableness, and neuroticism); a Republican party support score; a political involvement/enthusiasm score; and a political volatility score.

Additional data points are listed: date of birth; ZIP code; residential address, or any component thereof; and answers to political quizzes, if completed.

The contract contained five sections on data protection, which asserted GS as the data controller for “any and all data harvested” using its technology or any online social media database. It also stated that GS “warrants to SCL that its terms and conditions of the GS Technology and any other related data harvesting exercise it conducts shall seek out informed consent of the seed user engaging with the GS Technology.”

AggregateIQ deal

Elsewhere in the cache are documents relating to the relationship between AggregateIQ and SCL.

One file laid out an AIQ contract to develop a platform called Ripon – which SCL and later CA is said to have used for micro-targeting political campaigns – in the run-up to the 2014 US mid-term elections. Although this document wasn't signed, it indicated the first payment to AIQ was made on April 7, 2014: a handsome sum of $25,000 (CA$27,000, £18,000).

It is worth noting here that AIQ previously stated it had “never entered into a contract with Cambridge Analytica.” While the deal is written as being between SCL and AIQ, it is drawn up on Cambridge Analytica-headed paper.

Contract between AIQ and SCL

The contract between AIQ and SCL ... The News Corp building, as well as being home to Rupert Murdoch's global empire, also has sections available for other companies to lease. Click to enlarge

The document revealed that the Canadian data analytics biz was offered CA$575,000 for the work (about $550,000 at the time), which is the same amount as detailed in another, glossy document that appears to be AIQ's initial pitch to SCL. The agreement described the Ripon platform thus:

A scalable engagement platform that leverages the strength of SCLs modelling data, providing an actionable toolset and dashboard interface for the target campaigns in the 2014 election cycle. This will consist of a bespoke engagement platform (SCL Engage) to help make SCLs behavioural microtargeting data actionable while making campaigns more accountable to donors and supporters.

Deliverables include the ability to send bulk physical and email lists, carry out robo-dialing, and send volumes of text messages to “target individual voters, or groups of voters” – all of which were due to be in beta by August 5, 2014 – and online marketing and social integration, due for beta by September 5.

A separate contract showed the two companies had worked together before this. It is dated November 25, 2013, and set out a deal in wbhich AIQ would “assist” SCL by creating a constituent relationship management (CRM) system and help with the “acquisition of online data" for a political campaign in Trinidad and Tobago.

The payment for this work was $50,000, followed by three further installments of $50,000. The document is signed by AIQ cofounders: president Zackary Massingham, and chief operating officer Jeff Silvester. Project deliverables include data mapping, and use of behavioral datasets of qualified sources of data “that illustrate browsing activity, online behaviour and social contributions.”

A large section in the document, under the main heading for CRM deliverables, between sections labelled “reports” and “markup and CMS integration design / HTML markup,” is heavily redacted.

The document dump also revealed discussions between Rebekah Mercer, daughter of billionaire CA backer Robert Mercer, and Trump strategist Steve Bannon, about how to manage the involvement of UK-based Cambridge Analytica – a foreign company – with American elections and US election law, as well as praise for SCL from the UK's Ministry of Defence.

All of which should make excellent fodder for the Commons committee's grilling of suspended Cambridge Analytica CEO Alexander Nix, whose appearance has been scheduled for April 17. Don't forget the popcorn. ®


Vodafone chief gushes over OpenRAN, says commercial deployments to start this year

But still some way to go before standards-based tech can match mainstream products

Last year Vodafone bet big on OpenRAN, announcing it would shift a huge portion of its tower estate to the standards-based tech. Now Andrew Dona, the telco's director of network and development, has shed some light on how this will work.

Speaking to Telecom TV, Dona said Vodafone had already deployed two OpenRAN sites to its production network, situated in the southwest of England. These deployments are part of its testing process, which Dona said would conclude in May.

The wide-scale macro rollout, which will replace roughly 2,600 4G masts with OpenRAN alternatives, is expected to commence later this year, winding up in 2027 in time to meet the UK government's edict to excise high-risk vendors from the telecommunications networks.

In 2019, Vodafone's then-CTO, Scott Petty, said 32 per cent of its 4G base stations used Huawei-made kit. The following year, he said Vodafone's Huawei-based 5G NSA (non-standalone) RAN equipment was "inextricably linked" to its legacy networks, which include 5G. Removing Huawei's equipment from the RAN and legacy core networks is expected to cost approximately €200 million (roughly £170 million) over a five-year period.

Continue reading

Swedish startup Logical Clocks takes a crack at scaling MySQL backend for live recommendations

Takes a 'different approach' to YouTube's Vitess to munch complex transactions in microseconds

Swedish startup Logical Clocks is launching a new key-value database as a managed service, based on the MySQL derivative MySQL NDB Cluster.

The vendor told us its RonDB can be used to provide live data to machine learning models for real-time decision-making – as commonly used in online recommendations and fraud detection.

Although it has a history going back to the late 1990s, the new open-source distribution is currently in closed beta, with interested users encouraged to apply to participate. General availability is expected in the second quarter.

Logical Clocks said the database can respond in 100-200 microseconds on individual requests, in less than a millisecond on batched read requests and perform complex transactions in a highly loaded cluster within 10 milliseconds. It can perform hundreds of millions of read or write operations per second, the company added, and apparently offers 99.9999 per cent availability – no more than 30 seconds of downtime per year.

Continue reading

Microsoft quantum lab retracts published paper: Readings that cast doubt on crucial discovery went AWOL

Quasiparticle eggheads were 'caught up in the enthusiasm of the moment'

A paper published in Nature two years ago and spearheaded by a Microsoft scientist has been retracted after it emerged that the data presented simply didn't add up.

The work was produced at a quantum computer lab set up by Microsoft and QuTech, a research center co-founded by the Delft University of Technology (TU Delft) in the Netherlands. The study, led by Microsoftie and TU Delft Professor Leo Kouwenhoven, reported the discovery of a theoretical quasiparticle the academics believed would prove useful for future quantum computers.

"A 2018 academic paper published in Nature and led by one of our scientific directors, primarily in his capacity as a Professor at TU Delft, was retracted,” Zulfi Alam, a Microsoft Quantum unit veep, told The Register on Monday.

“As part of proposing the retraction, the authors of the paper took feedback from the scientific community, re-analyzed the data, wrote a new paper based on the analysis, and embraced the paper’s examination by independent experts in the field. This is an excellent example of the scientific process at work.

Continue reading

Deploy AI workloads with confidence using OpenVINO

Write once, deploy anywhere

Sponsored Artificial Intelligence techniques have been finding their way into business applications for some time now. From chatbots forming the first line of engagement in customer services, to image recognition systems that can identify defects in products before they reach the end of the production line in a factory.

But many organisations are still stuck at where to start in building machine-learning and deep-learning models and taking them all the way from development through to deployment. Another complication is how to deploy a model onto a different system than the one that was used to train it. Especially for situations such as edge deployments, where less compute power is available than in a datacentre.

One solution to these problems is to employ OpenVINO™ (Open Visual Inference & Neural Network Optimization), a toolkit developed by Intel to speed the development of applications involving high-performance computer vision and deep-learning inferencing, among other use cases. OpenVINO takes a trained model, and optimises it to operate on a variety of Intel hardware, including CPUs, GPUs, Intel® Movidius™ Vision Processing Unit (VPU), FPGAs, or the Intel® Gaussian & Neural Accelerator (Intel® GNA).

This means that it acts like an abstraction layer between the application code and the hardware. It can also fine tune the model for the platform the customer wants to use, claims Zoë Cayetano, Product Manager for Artificial Intelligence & Deep Learning at Intel. “That's really useful when you're taking an AI application into production. There's a variety of different niche challenges in inferencing that we've tackled with OpenVINO, that are different from when models and applications are in the training phase,” she says.

Continue reading

China outlines plan to boost economy with AI, a cloud OS it controls – and bringing in skilled foreigners

Other fun bits: An 'asteroid patrol', brain:computer fusion, DNA storage, enhanced privacy laws

China has put quantum communications networks and a brain:machine interface on its to-do list in plans unveiled at its annual "Two Sessions" parliamentary sittings.

The centerpiece of the Two Sessions, which sees 5,000 of the nation's political elite gather for meetings of the National People's Congress (NPC) and top political advisory body the National Committee of the Chinese People's Political Consultative Conference (CPPCC), is discussion of a new five-year plan for the nation's development.

The 14th Five-Year Plan, a document outlining objectives from 2021 until 2025, is not allowed to be released before finalization. However a 142-page long draft in Mandarin was made legally public and select parts have been translated by Chinese journalist, Zichen Wang of state-controlled Xinhua News.

According to his translations, the five-year plan has two sections that pertain to technology.

Continue reading

Mobile World Congress seemingly serious about in-person Barcelona event in June, shares safety plan

Is Spain really ready for 50,000 people at one venue? Sounds like a super spreader event ready to happen

Mobile World Congress appears determined to run its annual Barcelona super-conference as an in-person event this year, mid-pandemic, posting a safety plan online on Monday.

The tech-fest is due to take place at the end of June, having been pushed back from its usual late February slot, giving it less than four months until doors open: a risky timeline given that the vaccination rate for Spain and the Catalan region currently stands at just under nine per cent.

But the organizers reckon that the global COVID-19 pandemic can be defeated within the walls of its conference venue with a few simple steps: social distancing, personal hygiene, event hygiene, and training staff.

Continue reading

GitHub bug briefly gave valid authenticated session cookies to wrong users

Don’t panic: Fewer than 0.001% of sessions compromised through flaw that couldn’t be maliciously triggered

If you visit GitHub today you’ll be asked to authenticate anew because the code collaboration locker has squished a bug that sometimes “misrouted a user’s session to the browser of another authenticated user, giving them the valid and authenticated session cookie for another user.”

GitHub disclosed the problem today, explain that it could only happen under “extremely rare circumstances” and “occurred in fewer than 0.001% of authenticated sessions on GitHub.com.”

The service knows which users’ sessions were exposed by the flaw and says it has contacted them with guidance and additional information.

Continue reading

Azure flings out free virtual trusted platform module for cloudy VMs

Take that, rootkits and other low-level nasties - if they take a crack at fresh VMs, on certain instance types under a handful of OSes

Microsoft has revealed that its Azure IaaS platform now offers free a virtual trusted platform module.

Dubbed “Azure Trusted Launch for virtual machines” and launched as a preview on March 8th, Microsoft’s CTO for Azure Mark Russinovich said the new offering “allows administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and a boot policy that leverages the Trusted Launch Virtual Trusted Platform Module (vTPM) to measure and attest to whether the boot was compromised.”

All of which is pretty familiar stuff on-prem, as TPM has been around for over a decade and is just-about standard issue on modern servers. Google brought virtual TPM to its cloud in mid-2018 and made it the default server configuration in April 2020.

Continue reading

Cisco issues blizzard of end-of-life notices for Nexus 3K and 7K switches

Service options decline starting next year... so there may be a Nexus 9K switch in your future

Cisco has in recent days issued a blizzard of end-of-life and end-of-sale announcement for switches in its Nexus 3000 and Nexus 7000 ranges.

By The Register’s count, the networking giant has announced that the 18 devices, listed below, across the ranges will soon be sent to the knacker's yard.

The initial batch of notices advised users that the listed devices would not be sold after late August 2021, with shipments to end in November of the same year and support services dwindling as of August 2022. November 2025 was set as the last date on which a service contract could be renewed.

However, Chipzilla has since updated a handful of the notices and extended some of the deadlines mentioned above by as much as 18 months. You can find the 3K notices here and the 7K notices here. The last day of hardware support will be sometime in 2026 or 2027, depending on the model.

Continue reading

Apple emits patches for iOS, macOS, Safari, etc to stop dodgy websites hijacking people's gadgets

Plus: Chrome also patched, Microsoft and Intel team up for homomorphic encryption, and more

In brief Apple on Monday released security patches for macOS, iOS, iPadOS, watchOS, and Safari to fix up a vulnerability that can be exploited by malicious web pages to run malware on victims' computers and gadgets.

Thus surfing to a dodgy page could be enough to hand over control of your iThing or Mac to miscreants. Apple thanks Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research for reporting the arbitrary code execution security flaw, CVE-2021-1844, which is present in WebKit, the browser engine used by various bits of Cupertino code.

As such, users should upgrade to Safari 14.0.3, macOS Big Sur 11.2.3, watchOS 7.3.2, iOS 14.4.1, and iPadOS 14.4.1, as necessary.

Here's a rapid-fire summary of other infosec news today.

Continue reading

Biting the hand that feeds IT © 1998–2021