$0.75 – about how much Cambridge Analytica paid per voter in bid to micro-target their minds, internal docs reveal

Whether brain prodding worked is another matter


Cambridge Analytica bought psychological profiles on individual US voters, costing roughly 75 cents to $5 apiece, each crafted using personal information plundered from millions of Facebook accounts, according to revealed internal documents.

Over the course of the past two weeks, whistleblower Chris Wylie has made a series of claims against his former employer, Cambridge Analytica, and its parent organizations SCL Elections and SCL Group.

He has alleged CA drafted in university academic Dr Aleksander Kogan to help micro-target voters using their personal information harvested from Facebook, and that the Vote Leave campaign in the UK's Brexit referendum “cheated” election spending limits by funneling money to Canadian political ad campaign biz AggregateIQ through a number of smaller groups.

Cambridge Analytica has denied using Facebook-sourced information in its work for Donald Trump's US election campaign, and dubbed the allegations against it as "completely unfounded conspiracy theories."

A set of internal CA files released Thursday by Britain's House of Commons’ Digital, Culture, Media and Sport Select Committee includes contracts and email exchanges, plus micro-targeting strategies and case studies boasting of the organization's influence in previous international campaigns.

Psychological

Among them is a contract, dated June 4, 2014, revealing a deal struck between SCL Elections and Kogan’s biz Global Science Research, referred to as GS in the documents. It showed that Kogan was commissioned by SCL to build up psychological profiles of people, using data slurped from their Facebook accounts by a quiz app, and match them to voter records obtained by SCL.

The app was built by GS, installed by some 270,000 people, and was granted access to their social network accounts and those of their friends, up to 50 million of them. The information was sold to Cambridge Analytica by GS.

The idea being that, armed with these Facebook-based psychological profiles and linked electoral records, SCL could narrowly target voters with messaging, ads, and whatnot, to influence their political views, in theory. SCL would have some kind of grasp on each person's personality and level of Republican party support, and apparently exploit this to nudge voters' thoughts in one direction or another.

It can be argued that these ads and propaganda may not have any real effect on folks, or not as much as SCL hyped, but in any case, it's claimed this profiling and targeting took place and influencing was attempted.

The contract [PDF, from page 67] stated that GS had to provide SCL ideally with two million matched records of American citizens across eleven US states: Arkansas, Colorado, Florida, Iowa, Louisiana, Nevada, New Hampshire, North Carolina, Oregon, South Carolina, and West Virginia.

Earlier this week, Wylie told British members of Parliament that the GS work took place in three phases: a very small pilot to see if accounts on social networks could be matched to electoral register entries; a bigger one to make sure GS could acquire data at the speed required; and then the much larger slurp. The contract fleshed out the first two stages, stating that the trial sample would cover 10,000 to 30,000 citizens, and the full sample would cover between 1.5 and 2 million matches; a possible extension is mentioned but no figures were given.

Show me the money

GS's fee was a nominal £3.14, and up to $5 per person during the trial stage. The maximum payment would have been $150,000 for 30,000 records.

The price tag for the full sample was to be established after the trial, the document stated, but the total fee was not to exceed $0.75 per matched record. The total cost of the full sample stage would have been up to $1.5m for all two million matches. Wylie claimed roughly $1m was spent in the end.

What Cambridge Analytica was charged by GS

The rate card GS gave to Cambridge Analytica for people's personal information ... Click to enlarge

The minimum data points required per matched person were: forename, surname, gender and location, along with four GS-modeled components: “big five personality scores” according to OCEAN (openness, conscientiousness, extraversion, agreeableness, and neuroticism); a Republican party support score; a political involvement/enthusiasm score; and a political volatility score.

Additional data points are listed: date of birth; ZIP code; residential address, or any component thereof; and answers to political quizzes, if completed.

The contract contained five sections on data protection, which asserted GS as the data controller for “any and all data harvested” using its technology or any online social media database. It also stated that GS “warrants to SCL that its terms and conditions of the GS Technology and any other related data harvesting exercise it conducts shall seek out informed consent of the seed user engaging with the GS Technology.”

AggregateIQ deal

Elsewhere in the cache are documents relating to the relationship between AggregateIQ and SCL.

One file laid out an AIQ contract to develop a platform called Ripon – which SCL and later CA is said to have used for micro-targeting political campaigns – in the run-up to the 2014 US mid-term elections. Although this document wasn't signed, it indicated the first payment to AIQ was made on April 7, 2014: a handsome sum of $25,000 (CA$27,000, £18,000).

It is worth noting here that AIQ previously stated it had “never entered into a contract with Cambridge Analytica.” While the deal is written as being between SCL and AIQ, it is drawn up on Cambridge Analytica-headed paper.

Contract between AIQ and SCL

The contract between AIQ and SCL ... The News Corp building, as well as being home to Rupert Murdoch's global empire, also has sections available for other companies to lease. Click to enlarge

The document revealed that the Canadian data analytics biz was offered CA$575,000 for the work (about $550,000 at the time), which is the same amount as detailed in another, glossy document that appears to be AIQ's initial pitch to SCL. The agreement described the Ripon platform thus:

A scalable engagement platform that leverages the strength of SCLs modelling data, providing an actionable toolset and dashboard interface for the target campaigns in the 2014 election cycle. This will consist of a bespoke engagement platform (SCL Engage) to help make SCLs behavioural microtargeting data actionable while making campaigns more accountable to donors and supporters.

Deliverables include the ability to send bulk physical and email lists, carry out robo-dialing, and send volumes of text messages to “target individual voters, or groups of voters” – all of which were due to be in beta by August 5, 2014 – and online marketing and social integration, due for beta by September 5.

A separate contract showed the two companies had worked together before this. It is dated November 25, 2013, and set out a deal in wbhich AIQ would “assist” SCL by creating a constituent relationship management (CRM) system and help with the “acquisition of online data" for a political campaign in Trinidad and Tobago.

The payment for this work was $50,000, followed by three further installments of $50,000. The document is signed by AIQ cofounders: president Zackary Massingham, and chief operating officer Jeff Silvester. Project deliverables include data mapping, and use of behavioral datasets of qualified sources of data “that illustrate browsing activity, online behaviour and social contributions.”

A large section in the document, under the main heading for CRM deliverables, between sections labelled “reports” and “markup and CMS integration design / HTML markup,” is heavily redacted.

The document dump also revealed discussions between Rebekah Mercer, daughter of billionaire CA backer Robert Mercer, and Trump strategist Steve Bannon, about how to manage the involvement of UK-based Cambridge Analytica – a foreign company – with American elections and US election law, as well as praise for SCL from the UK's Ministry of Defence.

All of which should make excellent fodder for the Commons committee's grilling of suspended Cambridge Analytica CEO Alexander Nix, whose appearance has been scheduled for April 17. Don't forget the popcorn. ®

Similar topics


Other stories you might like

  • These six proposed bipartisan antitrust laws put Big Tech in the cross-hairs – and a House committee just OK'd them

    Well, it's a start

    The US House Judiciary Committee this week approved half a dozen major bipartisan antitrust bills aimed at clamping down on the growing power of Big Tech and its monopolization of some markets.

    The panel, led by Jerry Nadler (D-NY), debated for nearly 30 hours on Wednesday and Thursday to advance the wide-sweeping six-bill package. The proposed laws includes all sorts of measures to prevent companies like Google, Apple, Amazon, Microsoft, Facebook, and others from dominating their sectors of the technology industry.

    There was likely plenty of lobbying and other wrangling going on in the back and foreground over the exact wording of the package. For instance, there was a concern by some lawmakers that Microsoft would end up avoiding certain provisions in the proposed acts that would otherwise hit Google and Apple. Tweaks were made – such as removing "mobile" from "mobile operating system" in the fine-print – to ensure no one was wriggling out.

    Continue reading
  • You won't want that Linux bling if it comes from Pling: Marketplace platform has critical vulnerabilities

    No one wants to be pwned by a drive-by RCE

    A Berlin startup has disclosed a remote-code-execution (RCE) vulnerability and a wormable cross-site-scripting (XSS) flaw in Pling, which is used by various Linux desktop theme marketplaces.

    Positive Security, which found the holes and is not to be confused with Russia’s Positive Technologies, said the bugs are still present in the Pling code and its maintainers have not responded to vulnerability reports.

    Pling presents itself as a marketplace for creative folk to upload Linux desktop themes and graphics, among other things, in the hope of making a few quid from supporters. It comes in two parts: code needed to run your own bling bazaar, and an Electron-based app users can install to manage their themes from a Pling souk. The web code has the XSS in it, and the client has the XSS and an RCE. Pling powers a bunch of sites, from pling.com and store.kde.org to gnome-look.org and xfce-look.org.

    Continue reading
  • Would-be password-killer FIDO Alliance aims to boost uptake with new UX guidelines

    Throws a bone to complex enterprise deployment, too

    The FIDO Alliance, which operates with no smaller mission than to "reduce the world's over-reliance on passwords", has announced the release of new user experience (UX) guidelines aimed at bringing the more technophobic on board.

    Launched back in 2013 as the Fast Identity Online Alliance, the FIDO Alliance aims to do away with passwords altogether through the introduction of standards-compliant "authenticators" including USB security dongles, fingerprint readers, Trusted Platform Modules (TPMs) and more.

    While the organisation's standards, which were updated with the launch of FIDO2 in 2018, have enjoyed adoption in the majority of web browsers and with a range of companies, they're still seen as unusual and even inconvenient compared to the good ol' username and password combo – which is where the new UX guidelines come in.

    Continue reading
  • UK's Vodafone network runs trials on standalone 5G in London, Manchester and Cardiff

    These are networks that are not dragged down by LTE core

    Vodafone has launched 5G SA (Standalone) trials in London, Manchester, and Cardiff in its largest test of the technology yet.

    The commercial launch has allowed the carrier to experiment with new ways to commercialise its network, including network slicing – where a portion of network is dedicated to a specific customer for their exclusive use. It will also allow customers to test 5G SA devices on a live, public network.

    Vodafone selected Ericsson's dual-mode 5G core network as the dedicated provider for this trial. It follows trials at Coventry University in 2020, and a separate trial in Spain.

    Continue reading
  • What you need to know about Microsoft Windows 11: It will run Android apps

    The operating system they said shouldn't exist

    Microsoft on Thursday announced Windows 11, or tried to as an uncooperative video stream left many viewers of the virtual event flummoxed by intermittent transmission gaps in the opening minutes.

    The technical issues proved bad enough that Matt Velloso, Technical Advisor to the CEO at Microsoft, suggested trying the YouTube video stream as an alternative to the Microsoft-hosted one.

    But with some of the features already known as a result of a leaked build last week, the impact of the intermittent video dropouts was less than it might have been.

    Continue reading
  • Russia spoofed AIS data to fake British warship's course days before Crimea guns showdown

    Great powers clash while the rest of us sigh and tut at data feed meddling

    Russia was back up to its age-old spoofing of GPS tracks earlier this week before a showdown between British destroyer HMS Defender and coastguard ships near occupied Crimea in the Black Sea.

    Yesterday Defender briefly sailed through Ukrainian waters, triggering the Russian Navy and coastguard into sending patrol boats and anti-shipping aircraft to buzz the British warship in a fruitless effort to divert her away from occupied Crimea's waters.

    Russia invaded Ukraine in 2014 and has occupied parts of the region, mostly in the Crimean peninsula, ever since. The UK and other NATO allies do not recognise Ukraine as enemy-held territory so Defender was sailing through an ally's waters – and doing so through a published traffic separation scheme (similar to the TSS in the English Channel), as Defence Secretary Ben Wallace confirmed this afternoon.*

    Continue reading
  • Lego bricks, upcycled iPhone lenses used in new low-cost, high-res microscope

    Full instructions given away for free, to 'nurture natural curiosity'

    A trio of boffins at the Georg August University Göttingen and Münster University have put together a low-cost yet high-resolution microscope for educational users – using smartphone parts and Lego bricks.

    "An understanding of science is crucial for decision-making and brings many benefits in everyday life, such as problem-solving and creativity," said Timo Betz, professor at the University of Göttingen and co-author of the paper detailing the project. “Yet we find that many people, even politicians, feel excluded or do not have the opportunities to engage in scientific or critical thinking.

    "We wanted to find a way to nurture natural curiosity, help people grasp fundamental principles and see the potential of science."

    Continue reading
  • Romance in 2021: Using creepware to keep tabs on your partner or ex. Aww

    With this app, I thee stalk

    Online stalking appears to be as much a part of modern relationships as lovingly sharing a single spoon and dessert in a dimly lit restaurant or arguing over who should put out the bins.

    That's just one of the conclusions from antivirus merchant Norton's latest look at online trends which found that nearly one in 10 people in the US admit to using stalkerware or creepware to keep tabs on a partner.

    What's more, the threat of cyber snooping works both ways, with those involved in relationships increasingly resigned to the fact that their significant other might be stalking them – either now or in the future.

    Continue reading
  • Report picks holes in the Linux kernel release signing process

    Security procedures need documenting, improving, and mandating - though they're better than they used to be

    A report looking into the security of the Linux kernel's release signing process has highlighted a range of areas for improvement, from failing to mandate the use of hardware security keys for authentication to use of static keys for SSH access.

    The Linux kernel is at the heart of a wealth of modern technology, from embedded gadgets and network equipment all the way up to supercomputers. Its broad deployment makes it a tempting target for ne'er-do-wells, as was made all-too-obvious in 2011 when attackers gained root access to key servers used in its development and distribution.

    In response to that breach, traced back to a Trojan installed on a developer's personal machine which gave the attackers complete control over the affected servers for the 17 days before it was detected, a new release signing process was introduced. The idea: to minimise the trust placed in any given part of the Linux development infrastructure.

    Continue reading
  • British minister claims technology makes maritime cannibalism obsolete

    Even in a shipboard COVID lockdown, chowing down on ailing cabin boys is apparently no longer a thing

    A British government minister has claimed that cannibalism on the high seas should now be a thing of the past, as modern navigation and safety technology have made it very unlikely sailors will find themselves in circumstances where they might want to eat each other.

    This hopeful statement came during a debate in the House of Lords on human rights at sea when Baron Mackenzie of Framwellgate stood to ask a question of Charlotte, Baroness Vere of Norbiton, the Conservative government's Parliamentary Under-Secretary of State for Transport.

    The debate had begun with Baroness Vere answering questions about the government's policy regarding the many merchant sailors worldwide who found themselves stuck on vessels thousands of miles from home, sometimes without pay or current contracts, due to the effects of the COVID pandemic.

    Continue reading
  • In our digital future, IT is really all about experience

    Time to focus on people, not just SLAs

    Sponsored Experience is everything when it comes to delivering IT-enabled products and services. But it’s no longer about how many deadlines your team smashed, how often you’d exceeded service-level agreements (SLAs), or how many lines of code you’ve spat out.

    Rather it’s about how the services and products you deliver impact the rest of the organisation’s ability to do their jobs, increase productivity, deliver customer satisfaction and co-create value.

    “Experience” may be seen as subjective, even ephemeral, compared to the traditional IT metrics, deadlines and SLAs. But if you want proof of its importance, consider how ITIL® 4, the latest revision of the best practice framework for service management from AXELOS, focuses on improving user experience of digital services and how this enhances productivity right across the organisation.

    Continue reading

Biting the hand that feeds IT © 1998–2021