UK watchdog finally gets search warrant for Cambridge Analytica's totally not empty offices Cambridge Analytica’s London offices will finally be searched by the UK's Information Commissioner’s Office, following a marathon week of arguing inside and outside court. Woolwich Crown Court, sitting in the capital's Royal Courts of Justice for the occasion, granted the warrant after a five-hour hearing. The ICO, as the UK’s …
... as a diversion from the drive dump.
I'm guessing the only way the ICO can pin this one is to go through CA's backup policy and see how reality matches up to what should be. And whether small discrepencies can underpin a court case [most likely not].
If CA has the backing of GCHQ's best spooky hackers - no chance. One part of the corporate state defeating another. But perhaps they are more honest and respectful of individual liberty than we cynics assume.
It's sit back and wait for a result time. But what will it be?
That's even if they ever brought the data onshore to the UK in the first place. Something like that could do with being kept on say an azure database hosted on Ireland (since MS is somewhat bullish over data sovereignty).
It also doesn't mention of they're looking for evidence of work that was a result of analysis of the data... it all seems a tad suspect like everyone's trying to hide some bigger issue.
This post has been deleted by its author
The seven day process to obtain a warrant and the requirement to tip off the subjects of that warrant in advance don't really provide a huge amount of reassurance that ICO has the ability to enforce the rules, do they?
Have you ever tried to get the ICO to take enforcement action against anyone, even where they have determined a breach of the Act has occurred and they can plainly see harm has resulted from it? It's all but impossible, unless you happen to be a media outlet.
The biggest problem isn't the level of power they have, its their absolute stubborn refusal to use it unless cornered like a rat in a trap and nailed to the bloody floor. Seriously WAKE UP ICO!!
" Something like that could do with being kept on say an azure database hosted on Ireland (since MS is somewhat bullish over data sovereignty)."
in the circumstances, and as long as they follow the processes properly, I'd guess their chances in an Irish court are probably fairly high ....
Any CIOs or executives/managers on the IT side from that organisation, with the experience gained from this kind of ICO / criminal investigation, would be worth their weight in gold to an organisation with something to hide. Not that I would trust them one micron in order to hire them - they'll either have been aware of all those goings on and turning a blind eye or even sanctioning the operation and therefore untrustworthy in the extreme, or they won't have been doing their job and therefore be of only limited value.
I wonder what's happened to them all? Does anyone have a list?
They absolutely should always need a warrant.
That's the only step in the process that stops bodies like this being used as weapons.
It's the business equivalent of SWATing someone (US prank calls to the police that result in heavily armed fuzz putting your door through, usually after an online fallout with someone). People have been killed like this over falling out/name calling while gaming online.
Same thing here. With no requirement for a warrant they'd get 100s of "tips" per day , about various businesses, made by a competitor.
Facebook, the court was told by barristers Christopher Coltart QC and Philip Coppel QC on behalf of CA, demanded that the slurped data be deleted...
This always pisses me off when I read it. Everyone knows you can't delete data and it is naive to assume otherwise. Any company with such a lack of ethics that they would slurp private data in the first place is going to have a backup hidden somewhere.
The only way to guarantee this doesn't happen again is criminal penalties for upper management. It's the only way.
If they are made to delete all their copies of the data and later it reappears then they have gone against the court.
So deleting is removing the company's right to hold/use/sell the data, something that I would suggest most people would agree was a minimum requirement.
> If they are made to delete all their copies of the data and later it reappears then they have gone against the court.
But the data itself doesn't appear anywhere, it's just used, and it will be very hard to prove any future mailings/whatever some future incarnation of CA sends out might be based on that dataset - given nobody knows for sure what it contains.
I'm not even sure they actually have to hide the database. One can expect to find databases in a company like that, so all they have to do is to change the label form "Facebook data" to "Current subscribers" or some such, and that's it: "Why, this is a completely different database. The one you're looking for has been deleted, and if you pretend otherwise we'll sue you for slander"...
Having used a small office paper shredder last week to delete accumulated financial statements, I wouldn't try to shred many documents in-house. It didn't work well for the STASI in 1990 either. You have to use an industrial shredder* which makes it interesting to consider why CA allegedly removed boxes of material...
* I once watched a DEC RL02 disk pack being fed into a shredder.
@DJV; "a pile of well used paper shredders"
I would *not* rely on a paper shredder alone- not even a cross-cut one- to protect me in a case as serious as this.
I'm pretty certain there must be software out there able to take arbitrary amounts of scanned pieces, figure out which bits are most likely to join together- using multiple heuristics- then reassemble most of the "destroyed" documents.
If you can scatter them far and wide enough before anyone is likely to get their hands on them, this might not be workable, but you have to get away with *that* as well.
"They suggested that the application for the warrant was flawed because, among other things, CA had offered to allow the ICO access to its offices, subject to agreeing the terms and scope of access with the regulator."
Where the "terms and scope of access" presumably included not being able to look in places CA didn't want them to.
OK i'm a thicko but my understanding so far is that CA dubiously acquired , ok nicked (NO not nicked, took an unauthorised copy of) some of Facebooks data on users and , ye gads, horror of horrors, used it for political purposes.
So what? It's not as though Facebooks data is gathered entirely ethically or lawfully in the first place. What is the ICO doing about that aspect?
On a smaller scale, a local organisation ( well, a handful of people) have gathered data about myself and, using it for political purposes, regularly post their shite through my letterbox.
Ok, they may call it a Liberal Democrat newsletter but it's still shite. Tbf, the Tories don't even bother, no point, at all.
Haven't the ICO and indeed Courts got better things to do?
@The Nazz
I've always loved the creation, care and feeding of databases; they fit right into my bent on doing the same with models. They are the model once you create your rules sets. From everything I've read, and I've been reading rather a lot, the creation of this dataset was done using Facebook's graph database and Facebook's API's. It's a bit rich for Facebook to come back and say that this was wrong. I'd put Mr. Z up against the wall especially for his comments and non-apologies.
And the worst part? Way too many people, including nation-state actors, have extracted similar datasets. Apparent acts in accordance power-conflict theory, thanks Marx, as applied to IT. Looks like we need an ethics course for all of IT, and related professional fields. Not that they seem to work as applied to lawyers or journalists.
As to the ICO, they were either complicit or willfully blind. This was all known about for years. Were they interested at what was harvested and held, they could have applied for an API key and had someone with an inkling about databases see what they could turn up. I've been able to do this, with a total lack of documentation on mainframes since I began working with computers. Way back when ISAM was king which is saying something. One tool, comes with every OS I've run into, pointed at the database itself. I guess they need to bring some database/data-scientist types with a clue.
To the best of my knowledge, the Liberal Democrats did not send out a fake Labour manifesto promising to solve the housing crisis by nationalising property and billeting homeless foreigners on anyone who can't afford the legal fees to prevent it. They did not distribute a fake conservative election promise to disband the Serious Fraud Office so business could proceed without hindrance. They did not even publish an article in the local newspaper saying that the reason for all the potholes was that 97% of council tax goes to Europe [but someone actually did and I met people who believed it].
CA/Aggregate IQ claimed to have received a clean bill of health from the electoral commission. The real conversation when something like UKEC: "Have you done anything naughty?" Aggregate IQ: "We do not have to answer your questions, we are Canadian."
CA made an effort not to be noticed. They made an effort to present their activities as either legal or beyond UK jurisdiction. Their most obvious cock-up involves possibly illegal use of Facebook data. I have a small preference for laws more specific to what CA have actually done. I have a much larger preference for teaching critical thinking in schools. Both have unpleasant consequences for current politicians, so I will just have to make do with the laws we have being enforced to the full (tiny) extent of the ICO's powers.
"One of those is the question of whether or not the court is satisfied that the evidence which is the subject of the application is in fact on the premises in question.”
So to get the warrant, you've convinced the court the evidence is there. When you execute said warrant, and the evidence is not found, by definition, in the court's eyes they must be guilty of destruction of said evidence. This seems pretty smart to me! The ICO either has the evidence or an easy conviction... (this is how it all works, right?)
My understanding from the article is that for the type of warrant being issued they need to be given seven days advanced notification of the warrant. Nothing to do with judges or the ICO - its just the law*
*Whether or not that makes sense is another matter - Im sure that there's a good reason for it.
found that app installed in my FB apps list.. and they had default access to all my profile and social network =( I dont even know how it got there in the first place and when!! Also they dont even have a way to remove your data..
Anonymous, because you never know.
Must be lots of judges and politicians with new Ukrainian girlfriends...
Utterly pathetic as it was designed to be entirely a useless watchdog paying lip service to its job. Just like Ofwat, Ofgem, and plenty of others. Its only purpose is to keep the 'little people' happy for the few seconds they actually bother wondering why they've been ripped off yet again by the neoliberal establishment. After the right wing press have been wheeled out to prove to them 'somethings being done about it by the regulator' they can return to their diet of immigrant hating, footie and tits.
Welcome to feudal Britain.
Information Commissioner Elizabeth Denham's Posse have left CA London office;
"The seven-hour search finished in the early hours of Saturday"
Looking at that article the only word that springs to mind is "circus".
Have we really seen so much fake news that we now accept this bullshit? That's what it is and to call it any other name is insulting to bulls.
How does it take seven hours to realise that there is no data on the premises and never was?
Here's the logic. You are running queries against a data set of potentially 50 million users, what server do you need for that and how much disk space is required? Do we believe they could fit it in an office in London? Lets not be stupid, it's in a cloud instance somewhere or at a proper data centre. Maybe they didn't need to collect all the data and had a deal with Facebook where they could target people directly through Facebook while paying for the privilege. That makes much more sense.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
