Cambridge Analytica revisited

When the Cambridge Analytica scandal broke in 2018, Facebook became a focal point for the failures in protecting people’s privacy. Facebook was pilloried in the press and hauled into U.S. Senate hearings. https://www.nytimes.com/2018/04/10/us/politics/zuckerberg-facebook-senate-hearing.html

I had just finished reading a book written by one of the early developers of Facebook’s advertising, “Chaos Monkeys” by Antonio Garcia Martinez. And I had experimented with Facebook advertising to promote my computer book. Much of what was being said and reported did not square with what I knew. The main culprits in the use and abuse of privacy information are a large number of companies known as data brokers. If you don’t know who they are and what they do this article describes the tip of a very large iceberg.
https://www.webfx.com/blog/internet/what-are-data-brokers-and-what-is-your-data-worth-infographic/

The first time most people ever heard of a data broker was when Equifax was hacked and personal records of 147 million people were stolen.
https://www.nytimes.com/2020/02/10/opinion/equifax-breach-china-hacking.html

As information about the Cambridge Analytica surfaced, many people pointed fingers at Facebook or the other tech platforms like Google and Twitter. However, the only clear call that would really address serious privacy concerns came from Tim Cook. In 2019 he called for comprehensive federal privacy legislation that would establish a data-broker clearinghouse, requiring all data brokers to register, and enabling consumers to track the transactions that have bundled and sold their data, and giving users the power to delete their data on demand, freely and easily.
https://time.com/collection/davos-2019/5502591/tim-cook-data-privacy/

This call did not garner much uptake. The data brokers and advertising industry have a lot more influence in Washington than the tech companies. They are really happy to have Facebook and the other tech companies take the fall for failures in privacy information protection. By contrast, Europe has had an extensive privacy law, the General Data Protection Regulation (GPDR) since 2018.
https://www.nytimes.com/2019/06/08/opinion/sunday/privacy-congress-facebook-google.html

I finally came across an article that explains the role of data brokers and how they use Facebook advertising to help them reach their target audiences. It also reveals that there is an “industry of political data brokers”. While I don’t get overly concerned about companies using people’s identity information to target advertising, when data brokers are using this information to target and try to influence voting in elections, then I think there is a lot more cause for concern.

How politicians target you: 3,000 data points on every voter, including your phone number.

Our quest to find what politicians know about voters uncovered data troves with intimate information about income, debt, family, religion, gun ownership and a whole lot more.

By Geoffrey A. Fowler
Washington Post technology columnist based in San Francisco. He joined The Post in 2017 after 16 years with the Wall Street Journal writing about consumer technology, Silicon Valley, national affairs and China.
October 27, 2020

The campaign messages are coming fast and furious now.

“Hi Geoffrey, I’m Jess w/ People’s Action,” reads one. “Voter Alert for Geoffrey Fowler!” says another.

And the weirdest: “It’s Jonathan Del Arco, Hugh the Borg on Star Trek … Join a grass roots fundraiser with 19 cast members!”

Perhaps your text messages, Facebook feed or mailbox have also exploded with eerily personal political ads. Ever wonder: How’d they find me? I, for one, didn’t pass my digits to a campaign — much less tell them (or Hugh the Borg) I’m a Trekkie.

Blame the assault on the voter data economy, in which candidates, parties and nonprofits quietly collect, buy and exploit a ton of information about you.

Their files treat your contact details like a matter of public record and can be more intimate than credit applications, including your income, debt, family, ethnicity, religion, gym habits, whether you own a gun and what kind of car you drive. In 2020, campaigns use this data to microtarget us with record numbers of online ads, mailers, knocks on the door and text messages.

I’ve been on a crusade to find out what politicians know about me. So over the past few months, I’ve used California’s new data privacy law to force companies that specialize in collecting my personal information for campaigns to show me the data.

What I learned: Privacy may be a cornerstone of American liberty, but politicians on both sides of the aisle have zero problem invading it.

In fiercely competitive races, campaigns see our data as their edge. The Republican National Committee proudly told me it now has more than 3,000 data points on every voter. The Democratic National Committee said it acquires enough to understand you as a person, including unique identifiers from your phone that can be used to target ads across different apps.

Politicians have long had special access to voter registration and participation data, which they use to plot strategy, run polls and coordinate volunteers. But in recent years, they’ve also begun tapping into commercial data brokers and murkier social media and smartphone tracking techniques. The scandal that erupted around Cambridge Analytica, which scraped data from Facebook while working for Donald Trump’s 2016 campaign, was just the tip of the iceberg.

Many Americans, like me, find targeted ads creepy when they come from businesses, especially when they use personal data we didn’t really consent to have tracked. But I found it downright unsettling to learn that my credit score — and so much else — was going to politicians who could use it to try to manipulate me. Online political ads are so potentially dangerous for democracy that Twitter banned them entirely and Google limited how campaigns can target them. (In September, Britain’s Channel 4 documented how Cambridge Analytica used voter data to specifically disenfranchise African American voters in 2016.)

I’m not saying politicians are breaking any laws; I’m saying there just aren’t many laws designed to protect our data from politicians. As an institution, Congress has shown little interest in regulating the digital tools its members use to get into office. (Even the California Consumer Privacy Act I used in my quest applies only to the for-profit part of this economy.) Citizens with a lot of free time can try to opt out of some political databases and communications, but for the most part, we have little control.

In my data crusade, I should have been an enigma for the politicians. As a journalist, I don’t donate, sign petitions or participate in surveys. I also avoid campaign communications, though I recently signed up for text messages from both the Trump and Biden campaigns as part of this reporting.

It turns out campaigns didn’t need me to volunteer information to build detailed profiles about me. I found five major sources of personal data that fuel the political machine. 

1. State voter files

Voter registration details and voting history are a matter of semipublic record in most places. I say semipublic because states generally restrict access to campaigns, parties, academics and journalists (and the companies that help them).

When I acquired my California voter data as a journalist, I discovered the state was sending campaigns my email address and phone number, along with my address and party affiliation. If I wanted to remove the email and phone number — technically voluntary information — I could re-register to vote. But, as I learned, campaigns have plenty of other sources for that data.

2. Commercial voter files

An industry of political data brokers collects the state voter files and enhances them. They sell these files to campaigns, political parties and academics. (The Washington Post also uses these kinds of files to help run its polls.)

Where do their “enhancements” come from? Largely from data brokers that also sell it to commercial marketers. Firms such as Experian and Acxiom gobble up records and buy personal data sold by banks, subscriptions, TV companies, apps, and more. Then the voter file firms use their own algorithms to make inferences about you, including how likely you are to vote and how much you’re likely to donate.

L2, one of the largest political data firms, sent me two files with more than 700 data points, including my phone number, estimated income and credit rating, and inferences about my politics and hobbies. A few categories were real head-scratchers, such as “home decor enthusiast.”

Another firm, Aristotle, had more than 150 data points on me, including the amount of my mortgage, whether I had insurance from my employer and its guess for my interest in immigration reform. A third, called Data Trust, had over 1,500 data points, including — I kid you not — scores for how much I care about privacy and how much I trust tech companies.

After the shock of finding so much personal data subsided, what struck me was how some of it was inaccurate. Several of the voter files had wrong information about my religious background, whether I’m married and whether I have children.

This isn’t the same as when companies put you in the wrong marketing segments, such as calling you a Prius driver instead of F-150 truck lover. This information is being used by politicians to judge how you might act, donate or vote — before you’ve even made up your mind.

California residents can, like me, use the CCPA law to force voter file companies and data brokers to disclose what they know and even stop selling it. But you have to make the requests one by one.

3. What we tell them (even unintentionally)

When you engage with a politician — signing up for news updates or donating — you’re adding to his or her data trove. You might not mind, if they’re a candidate you believe in.

Every move gets registered. When I signed up, as an experiment, to stream one of President Trump’s recent rallies, it kicked off a deluge of campaign text messages begging for money, with messages appearing three, four or five times per day. (At least replying “STOP” cuts off the messages. That works for Biden, too, though not for all campaigns.)

Even when you’re just poking around a campaign website for information, you’re passing along data. Campaign websites, including for both Trump and Biden, often contain hidden trackers that, for example, tell Facebook you were there and then allow campaigns to target ads to you in the future.

Smartphones also now allow campaigns to know where we go in the physical world. The Wall Street Journal reported that campaigns for both parties have used location-data brokers to target people who attend in-person rallies. It’s now even possible for campaigns to identify people who set foot in churches, and — based on the frequency of their visits — target them with specific ads.

Sometimes, your politically active friends can be a source. Campaign apps and volunteer texting campaigns often ask people to upload their contacts list.

4. Other politicians

When campaigns end, sometimes they pay the bills or help out a friendly campaign by selling their data. Contact information for donors is particularly valuable. (No wonder Congress is not eager to legislate.) The fine print in Sen. Elizabeth Warren’s privacy policy reads: “We may share information about you … with candidates, organizations, campaigns, groups or causes that we believe have similar political viewpoints.”

Political parties themselves have also become among the largest sources of data to campaigns, doling out access to campaigns they want to support — and starving the ones they don’t. (Campaign finance laws prohibit candidates and national parties from coordinating their data with outside groups that raise money from unlimited sources.)

RNC press secretary Mandi Merritt told me the committee’s data is taken from voter registration files, information collected by volunteers, and consumer data such as magazine subscriptions, what kind of car a voter drives and whether a voter has a gym subscription. (Voters who have gym memberships are more reliable voters, she said.)

“Our historic investment in building a robust data infrastructure has given us an unprecedented ability to target and engage with voters on the issues they care about,” Merritt said.

Nellwyn Thomas, the chief technology officer of the DNC, said her party acquires data from firms that use “ethical data practices,” though she declined to name them other than Experian. “There are absolutely times we have turned down data sets where we believe the collection methods do not live up to our standards,” she said.

Thomas also said combining data resources inside DNC systems, where it’s accessed by some 9,000 campaigns, helps to ensure our privacy by keeping it secure.

But once your data is in the hands of a political party or campaign, there’s little transparency about what happens to it, or what ethical rules apply to using it. For example, do campaigns need your consent to send you texts? My phone is chock-full of evidence some think they do not.

And unfortunately, California’s don’t-sell-my-data privacy law doesn’t apply to campaigns or parties. When I sent them data requests, they either ignored me or told me go stuff it. Neither the RNC or DNC would share my data with me when I asked as a journalist, either.

If you want some of the targeted ads to go away, the DNC’s Thomas suggests voting early — that will update party databases, and campaigns won’t want to waste money on you. 

5. Facebook

Even 3,000 data points on a voter pales in comparison to the gobs that Facebook collects about what its members share and do on and off the social network. Facebook is quick to say it doesn’t sell our data to anyone, but its ad-targeting abilities are extraordinarily valuable. That’s one reason the Trump and Biden campaigns have spent more than $210 million on the social network in 2020, according to OpenSecrets, far more than the $81 million Facebook says the Trump and Hillary Clinton campaigns spent in the 2016 race.

Facebook allows, for example, a campaign to upload a list of people it knows are responsive to a particular message and then use the social network’s algorithms to find a “look-alike audience” of new people to target. Facebook has acknowledged the power and peril of its microtargeting capabilities: For the week before Election Day, Facebook has paused allowing new political ads to be created (though existing ads will still be around).

In the name of transparency, Facebook now offers a button you can click labeled “Why You’re Seeing This Ad.” But I haven’t found it very useful, in part because it doesn’t explain how my experience — the ads I see — might be different from yours.

Remember my Hugh the Borg ad? Facebook’s disclosure said only the Biden campaign wanted to reach people in the United States who were 18 or older. I wasn’t convinced that was the only reason. Sure enough, digging through my Facebook advertising settings, I discovered from years of tracking my life that Facebook on its own had decided that Star Trek was one of my advertising “interests.”

How Windows Update can screw you

After logging in to a website that needed a username and password, the screen just went blank. After a few tries, I resorted to the classical work around of trying the website in another browser. I usually work in Chrome but I also have Thunderbird and Microsoft Edge installed on my machine. 

I encountered the same problem with Thunderbird, so I concluded that this was not a browser problem. I contacted technical support for the website. After a long-winded online chat session I did get logged in. But later that day I found that logging in from the browser still failed with the blank screen. 

The next step is a Windows reboot. I had ruled this out because everything else on my computer was working normally.

When I clicked the Windows “Shut Down” options, I noticed that there was an entry there for “Update and restart”. 


This triggered some memories of unstable behavior in the past when software updates had been installed but were waiting for a final reboot. After I did the Update and restart, my browser could login to the website.

So what is the problem here? 

Earlier versions of Windows had an option to ask before doing a software update. But a lot of users were not installing software updates. Their machines were vulnerable to virus and other software attacks because they didn’t have the latest security patches. So Microsoft changed this policy and automatically updates Windows 10 machines.

A good way to see if your machine is in the middle of a software update is to look in the Shut Down menu. If there is the extra entry for “Update and restart” you should do this as soon as possible to avoid some very strange and unpredictable behavior.

Do you know what your Windows PC is sending to Microsoft?

I was working on my laptop in the kitchen instead of my office where I usually work. I noticed that the login to Windows was really slow. I was further from the router than normal, so my Internet connection was probably a little slower. Why should this affect a simple login?

I remembered that I set up Windows 10 with a Microsoft account. There were many recommendations to do this and it didn’t seem to be that easy to use an alternative.

I reviewed the “advantages” of using a Microsoft account, and didn’t really see any that were relevant to the way I use my PC, or to the way I suspect most other people use Windows. I don’t use many Microsoft apps and I didn’t see any value to synchronize my laptop with my Android phone or iPad (if Microsoft software even works very well with “foreign” machines).

I found that it is not that difficult to switch from a Microsoft account to a Local Account. Just go into Settings and search for Accounts/My info.

Once this was done, sure enough my Windows login was a lot faster. To see a noticeable speedup like this, a fair amount of data must have been transmitted (sent and/or received) between my computer and Microsoft servers.

So what was my PC sending to Microsoft?

I have no idea. I spent some time researching this question and I could not find any detailed explanations from Microsoft or third party tech experts.

Whatever data is being copied, I would rather none of it get stored on Microsoft servers. If you have similar concerns, switch your Windows user to a Local Account.

Blog Bugs

When I created this blog, I wanted it to include my earlier Virus Info email messages. So I simply copied and pasted each email into a blog post. They all looked good.

Then a reader informed me he was seeing image.png instead of images in one of the blogs.

I found that Firefox in Windows and Safari on my iPad had this problem. I had never seen any of these broken images because I always use Chrome.

For my blog I use the platform WordPress. I compose the blog message in a word processing type window. WordPress converts it to HTML so that it will display on a website. Clearly it was not generating the correct HTML for all browsers.

WordPress is big, really big.

“WordPress is the most popular web management system in the world and is used by nearly 75 million websites. According to WordPress, more than 409 million people view more than 23.6 billion pages each month and users produce 69.5 million new posts and 46.8 million new comments every month.”

So how could my simple copy and paste fail so badly?

Software bugs.

Trying to contact WordPress for help to correct this would have been a long, arduous process. So I did some experimentation and found a way to “fix” this myself. In each blog, I saved the images separately to my computer, deleted them from the blog message and then copied in the saved images.

Why you may not get the Internet speed you are paying for

When you signed up with an Internet Service Provider (ISP) you probably got a range of options for download speed, ranging from 10 Mbps (Megabits per second) up to 1 Gbps per second (1000 Mbps).

A byte is 8 bits, so 10 Mbps is 1.25 MB per second.

At 50 Mbps (40 MB/s), you will get good Internet access including HD (High-definition) streaming and online gaming. Plus you can share the connection with 3–4 other computers without noticing a slowdown. You can download high resolution photos in seconds and HD videos in just a few minutes.

Let’s suppose you have 50 Mbps service. Can you actually download data from the Internet this fast?

It depends on the Wi-Fi speed between your computer and the router. Here’s a typical home set up for your Internet connection. Anything using the Internet has to first send the data over the Wi-Fi network.

Wi-Fi is subject to a lot of noise interference (see the previous blog). Generally, the further your computer is from the router the slower your Wi-Fi connection is going to be because of interference from walls, ceilings and any other large objects in the path.

You can measure the speed of your Wi-Fi connection with this tool.
https://www.speedtest.net

The Wi-Fi is network is shared among all the computers in your house so you need to run this from each device that uses the Internet. If you find that some of your Wi-Fi speeds are low, you should see if you can move the router and/or the computer so they are closer together.

Then add up all the Wi-Fi download speeds to see if your Internet connection is fast enough when all computers are streaming video. If the Wi-Fi total is greater than your Internet speed on your plan, you might want to consider upgrading to a higher speed. But if the Wi-Fi total is less than your Internet plan, you may want to change your Internet plan so you are paying for only the speed you can use.

Why Wi-Fi fails and how to fix it

I was happily working on my computer in my home office the other day and suddenly most of the tabs in my browser reported a network error.

Like most home Internet setups, my computer uses a Wi-Fi wireless connection to connect to the router provided by my Internet Service Provider (ISP). The router connects to a modem that sends your request to the ISP network where it gets forwarded on to the Internet.

 
I went into the Wi-Fi settings on my Windows computer, disconnected the Wi-Fi and then reconnected it. You can find the Wi-Fi settings by using the Search on the Taskbar (magnifying glass icon).

I went back to work and for a time everything was fine. But then I lost the Wi-Fi again. I checked on my mobile phone and it still had a Wi-Fi connection. So there was no problem with the Wi-Fi router, it was strictly a local problem on my computer.

I looked along a line of sight from my computer to the router which was downstairs in the kitchen and tried to think of what might be blocking the signal. Well right front of me I saw that the door to my room was closed. Now I often work with the door closed but this time on a hunch I got up and opened the door. Now after I reset the Wi-Fi it worked for the rest of the day without any further outages.

Why did this happen?

Wi-Fi is a radio signal. As such, it is subject to all kinds of noise disruptions. If you have ever listened to an analog radio, you know that there is often interference and you get crackle and other noises. For a digital signal such as Wi-Fi, the tiniest little noise that you wouldn’t even notice on a radio is enough to signal an error. Internet data is sent in packets typically about 1,500 bytes long. Any error in the packet means that the whole packet is discarded and the sender has to transmit the whole packet again. So a small amount of interference or noise on your Wi-Fi connection can create a lot of retransmissions that result in long delays when you are trying to use the Internet.

A major source of interference in our house is the microwave oven. Microwave uses radio signals that are in the same frequency band as our Wi-Fi, the 2.4 GHz frequency band. Our Internet router is in the kitchen and whenever the microwave is on it effectively knocks out the Internet for everybody.

Cordless phones, baby monitors and garage door openers also use the 2.4 GHz frequency band, so they can also interfere with your Wi-Fi.

Some routers support another Wi-Fi frequency band, at 5 GHz. If your router has this option, you will see another Wi-Fi network name in your device’s WiFi settings. You might want to consider using it instead of 2.4 GHz.

5 GHz is faster and less prone to interference from other devices since fewer devices use this frequency. However 5 GHz may have a smaller coverage area and is less successful at penetrating solid objects.

So computers that aren’t too far from the router should use 5 GHz. But mobile phones which move around and may be farther away from the router should use 2.4 GHz. 

Why Google map directions may send you around in circles

We were looking forward to a lovely dinner at a restaurant in Rome. I checked Google maps on my phone for the directions. It was about a 15 minute walk and looked pretty straightforward. Every few blocks I checked the map because there were a lot of turns onto small streets.

After about 15 minutes, I noticed that the street corner I was approaching looked kind of familiar. Sure enough, we had been there earlier. While I was scratching my head, my wife asked a shopkeeper for directions. Ignoring my phone, we were able to follow the directions and arrive at the restaurant.

But it was too late; it was a very popular restaurant and they had given our reservation to someone else. But in Rome this is not a problem. There are so many restaurants that we had no trouble finding one nearby on the lovely Piazza Navona and had a thoroughly enjoyable dinner.

So what in the world had caused the directions on my phone to fail so badly?

I knew that mobile phones have a radio receiver that reads signals from GPS satellites (Global Positioning System) that are continually broadcasting their position and time. The phone’s position can be calculated by solving for four unknown quantities — latitude, longitude, altitude and the time it took for the signal to travel from the satellite to your location. If you remember some high school algebra, you know that solving for four unknowns requires four equations. So your mobile phone needs to get GPS readings from four satellites.

I also knew that GPS signals could be obstructed when you were surrounded by tall buildings, such as in Manhattan, downtown New York City. But Rome, and certainly where we were, does not have very high buildings. On the other hand, the streets are extremely narrow so there is not much sky visible. This was probably the reason I did not get the right directions on my phone.

View of the sky in a narrow street in Rome


What is the lesson to be learned from this?

Simple. If you suspect that your GPS may not be accurate, look up at the sky. If you can’t see lot of sky, your GPS may not work. However, this does not necessarily mean that your map directions will fail because mobile phones also use cell phone towers to determine location, but it may not be as accurate as GPS which determines location to within 5 meters.

Historical note: The first GPS system was developed for the U.S. military during the cold war. In 1983 a passenger plane on route from New York City to Korea entered prohibited airspace because of navigational errors and was shot down by Russia (the Soviet Union). After this, the U.S. made GPS available for civilian use to try and avoid such disasters. Not long after this, Russia also made their  satellite system available for civilian use. Many smartphones will use the Russian satellites as well as GPS. Europe and China are also developing navigational satellite systems.