Cambridge Analytica, the British company that earned infamy for its exploitation of Facebook data, is calling it quits. According to a statement released by the company on May 2, CA and its parent SCL Elections are filing for bankruptcy in the U.S. and commencing insolvency proceedings in the UK.
“Over the past several months, Cambridge Analytica has been the subject of numerous unfounded accusations and, despite the company’s efforts to correct the record, has been vilified for activities that are not only legal, but also widely accepted as a standard component of online advertising in both the political and commercial arenas,” the company said in its release.
“The siege of media coverage has driven away virtually all of the Company’s customers and suppliers.“
The company also released the resultsof an investigation performed by Queen’s Counsel Julian Malins, who was hired by CA to determine the truth of a number of allegations made against the company. The report on the investigation showed, according to Malins, that none of the core allegations were true and that the reporting in the media was unfounded.
However, a careful reading of the results of the investigation shows little depth in critical areas. For example when Malins investigated the deletion of all Facebook data held by CA, he depended on written statements by then CEO Alexander Nix. There did not appear to be any effort to look beyond those statements. This essentially echoed the investigation by Facebook, which also said that it depended on certifications by Nix and others at CA.
On the other hand, the Malin investigation did confirm that researcher Aleksandr Kogan exploited not only data from the Facebook users who used his This is Your Digital Life app, but the personality data from those people’s friends.
Much of the investigation report spends its time on either describing data analysis concepts or terms, which is probably necessary for a paper aimed at a general audience, and on repeatedly stressing that no laws were broken. To some extent this is a smokescreen. The media coverage was not about the breaking of laws, but about the misuse of supposedly private data.
In addition, some factions are upset about the possible use of the data by the Trump campaign, but there’s no evidence that this ever happened. In fact, the CA mess started and ended before Donald Trump became a candidate.
What really caused the ruckus about CA was the belief that personal data was misused. This belief was reinforced by a number of televised statements by former CEO Alexander Nix recorded during an undercover investigation by the UK’s ITV Channel 4.
Then, believing that he was talking to wealthy donors to a Sri Lankan campaign, Nix spun some lurid tales of how CA would compromise opposing candidates to help win an election. Those tales ended up on television, but there’s no indication that any of it actually happened. Now, Nix is listed as a principal at a new data analytics firm, Emerdata in the UK.
However, the Malin report also confirmed one thing that we’ve been reporting all along, which is that there’s no upper limit on stupidity. This was true of Facebook, which naively didn’t check when the company was assured that CA wasn’t misusing customer data. Stupidity also played a role when Nix let his braggadocio get the better of him while trying to impress those phony Sri Lankans.
The fact is that it appears that Cambridge Analytica did not break any laws, and so far no legal jurisdiction in the U.S. or UK has said otherwise. In fact, the company thought it was using data that it was allowed to have and may have even quit using it when asked to by Facebook. But what didn’t happen is confirmation that the data was actually deleted, and when it was discovered by the media a couple of years later, CA reacted badly.
Perhaps worse, Facebook and investigators at CA took a signed statement to be actual evidence. It’s not. This is why the penalties for lying on things like security certifications are so steep. But in this case there was no criminal penalty. Instead, the penalty for CA was the implosion of the business.
There’s an important lesson for companies that use the data people share with them, and that’s transparency. When you ask people for their data, tell them up front exactly how the data will be used and do it in words a normal person can understand.
What you don’t want to do is have your legal department produce a dense, multi-page document that nobody will read. While the lawyers will think you’re protected, the reality is you’re not, any more than Cambridge Analytica was protected.
And once you’ve told your customers and users what you plan to do with their data, don’t change that without telling them clearly and without giving them a chance to opt out of whatever the new use might be. As you’ve seen, your users or your customers are becoming very concerned about what happens to their personal data. The best thing you can do is respect that level of concern, and do everything you can to keep them informed.
Had Cambridge Analytica opted for transparency rather than trying a legalistic approach to defending itself, the company would probably still be a going concern.