Another Suppressed ReportFacebook & the Brexit Data Breach
Former Labour MP and Digital Culture, Media and Sport Committee member Ian Lucas looks at diluted parliamentary oversight after two landmark reports on dirty data and dark money
The Unresolved Investigation
The Information Commissioner, Elizabeth Denham was questioned last week by the Commons’ Digital, Culture, Media and Sport (DCMS) Committee – specifically, its Sub-Committee on Disinformation – and, thanks to dogged, well-briefed questions by particular MPs, we learned a lot.
We learned, for example, that Facebook’s secret deal with the Information Commissioner’s Office (ICO) in October 2019 prevented the public from being told about many issues. I was a member of the DCMS Committee at the time, waiting on tenterhooks, for a report the ICO which it had been promised by Autumn 2019.
I was hoping that the report would arrive before the 2019 General Election as that it would address issues relevant to the 2016 EU Referendum – including whether the Vote Leave campaign, led by Boris Johnson, Michael Gove and Dominic Cummings, had shared data unlawfully.
I wanted the public to know the answer to this question before they voted. I hoped it would give the DCMS Committee information about what exactly had been seized in the ICO’s dramatic raids on the offices of the scandal-hit data analytics firm Cambridge Analytica in March 2018 – raids which had followed news of large-scale data breaches by the company linked to the 2016 US Presidential election; concerns around Facebook’s suspicious, subsequent appearance at the same offices; and questions raised about what exactly Facebook’s connections to Cambridge Analytica were.
The Committee had passed information it had secured during its Disinformation Inquiry in summer 2018 to the ICO, including a digital repository from the firm AIQ – Vote Leave’s main social media campaign arm – showing that Gove had instructed it to act in his 2016 Conservative Party leadership campaign.
We also hoped that we would learn more about the relationship between AIQ and Cambridge Analytica. The Committee had heard contradictory evidence from witnesses: former Cambridge Analytica employee Chris Wylie told us that Cambridge Analytica shared data with AIQ; AIQ’s Jeff Silvester told us that it had not and that there was never a contractual relationship between the two businesses.
There were important questions to answer.
Background to the Breach
In the event, just like the Russia Report, it did not arrive by the December 2019 General Election. In fact, it never arrived.
Instead, in October 2020, the ICO wrote to the DCMS Committee and said that it had concluded the matter. Media coverage in the UK at that time focused almost exclusively on the Information Commissioner’s bald conclusion that “I have found no further evidence to change my earlier view that SCL/CA [Cambridge Analytica and its parent company] were not involved in the EU Referendum campaign in the UK”.
I had expected a full report from the ICO and I hoped that it would explain why it was that different organisations including Vote Leave, BeLeave, the DUP, Veterans for Britain, and others, had all used the Canadian firm AIQ in the referendum campaign and whether Wylie’s allegation of data sharing – which would be a good (though illegal) explanation for AIQ’s popularity with the Leave campaigning organisations – was well or ill-founded.
We knew from the elections watchdog, the Election Commission, that the Vote Leave and BeLeave campaigns had collaborated unlawfully on election finance – had they also collaborated on the use of data?
Addressing this question, the ICO stated in its letter to the DCMS Committee – without disclosing its rationale or the evidence which justified its view – that “we have not discovered any evidence to support that such data sharing occurred”.
Later in October, therefore, I was very puzzled by a document released, for the first time, by former Cambridge Analytica employee Brittany Kaiser – a 2015 draft agreement relating to the 2016 US Presidential Election campaign headed “Cambridge Analytica in partnership with AIQ”. This flatly contradicted AIQ’s evidence to the DCMS Committee that the two businesses had “no contractual relationship”. It also appeared to question the ICO’s conclusion that Cambridge Analytica was not involved in the 2016 EU Referendum campaign.
If AIQ was in partnership with Cambridge Analytica in November 2015, as the document disclosed, how distant was it from the Referendum campaign in the first half of 2016?
I also asked myself whether the ICO had seen the document, or similar documents, on Cambridge Analytica’s servers seized in 2016 as it appeared to be a Cambridge Analytica document from a Cambridge Analytica source.
Private Briefings
Elizabeth Denham offered a private briefing “to unpack that finding” that there was no evidence of data sharing by the Leave campaign organisations.
Such private briefings have become very popular in the world of Big Tech. Facebook, in particular, is very fond of them. Its CEO, Mark Zuckerberg, who, famously, refused to give evidence in public to the DCMS Committee has nonetheless met privately with UK Government ministers to discuss tech issues and Facebook’s role in the Cambridge Analytica scandal. The advantage of such private meetings is that they offer businesses influence without scrutiny.
The opaque operations of Facebook and Zuckerberg were a constant barrier to scrutiny by the DCMS Committee. The business failed to deal with the DCMS Committee in good faith on a number of occasions during the 2017-19 Disinformation Inquiry, in which it played such a key role.
It is, however, important that the public are aware of the issues and, crucially, the evidence upon which conclusions, actions and policy are formulated. I know from being a DCMS Committee member myself how important contributions from the public, including those with specialist knowledge in technical areas, were in the work of the Committee which is, of course a publicly accountable body.
This is why it was so disturbing that no report was issued by the ICO at the conclusion of its investigation.
Direct, public scrutiny is very important, as Scottish National Party MP John Nicolson showed in last week’s session. He highlighted a little known ICO report from November 2020 which concluded that the Conservatives had collected data on the ethnicity of particular voters during the 2019 General Election campaign.
In response, Denham confirmed to the DCMS Committee that “it was illegal to collect the ethnicity data and this has been destroyed”. The ICO chose to apply no sanction to the Conservative Party.
Diluted Oversight
Threats to public scrutiny of the actions of Government and regulators are not, nowadays, confined to information. The increasingly closely-linked work of the Electoral Commission is accountable to an obscure parliamentary committee, the Speaker’s Committee on the Electoral Commission.
The Electoral Commission, responsible for regulating electoral finance and political donations, gave evidence a number of times to the DCMS Committee’s Disinformation Inquiry. No substantive, public report on the Speaker’s Committee’s work has been produced since the 2019 General Election. This belies substantial activity away from the public eye.
The Electoral Commission is very unpopular with the Conservative Party, which called for its abolition last year. One member of the Speaker’s Committee, Conservative MP Craig McKinlay, was unsuccessfully prosecuted by the Commission in 2015. Michael Gove, co-chair of the Vote Leave campaign’s coordinating committee in 2016, is another member of the Speaker’s Committee.
The DCMS Committee itself has changed since my time on it. Its membership now includes MP Heather Wheeler, who in last week’s session said that the General Data Protection regulations were “a pain in the neck” and were “not a blessing”.
The session itself concluded with an unfortunate, unnecessary outburst by Conservative MP, Julian Knight, who was elected to replace the previous chair, Conservative MP Damian Collins, at the beginning of this Parliament.
One of the great strengths of the last DCMS Committee’s Disinformation Report was that it strove to be politically non-partisan and was broadly, I believe, perceived as such. Knight was a member and knows how hard the Committee worked to achieve this in the febrile post-Brexit Referendum environment.
However, in last week’s session, Knight asked Elizabeth Denham:
“Is your feeling that perhaps there was a circus, there was confirmation bias and that effectively you were being used as a means by which to bring about a political objective, as in the undermining of a democratic decision of the people of this country?”
It now seems that we can no longer rely on the DCMS Committee for full, independent scrutiny, untainted by a political prism.
At a time when there is increased pressure for data regulation from many legislators across the world and the Big Tech giants themselves are in the process of shifting their own positions in this area, it is sad that the one UK parliamentary committee which led the way can no longer be relied upon to be part of the solution to the challenges of information and data regulation.
Ian Lucas was Labour MP for Wrexham from 2001 to 2019, and was a member of Parliament’s Digital, Culture, Media and Sport (DCMS) Committee from 2017 to 2019