Looks like another early-morning wake-up to catch Cambridge Analytica's regulator @ICOnews giving oral evidence to @CommonsCMS tomorrow. I might be livetweeting the livestream if Information Commissioner Elizabeth Denham offers any new revelations. parliament.uk/business/commi…
2/ Hopefully you've seen @Billbrowder give testimony about his Magnitsky Act campaign. Despite his accent, he's a British citizen, asked to talk about disinformation campaign waged against him. @DamianCollins jests that Russian Embassy and Brietbart have gone after @CommonsCMS
3/ @edwardlucas articulates how "fairness doctrine" in media coverage can be exploited by Kremlin propaganda mouthpieces that spray doubt over reasonable positions as media especially BBC oblige 'both sides' rather than understand that position as state propaganda.
4/ @edwardlucas argues that advertisers (especially political) give up their right to privacy and so Facebook should adhere to British election law and provide payment and targeting transparency and authenticated identity for propagated political messages on platforms.
5/ @edwardlucas argues for an opt-in identity authentication certificate, like the Twitter Verified "blue tick" more widely deployed across all internet infastructure, like license plates and flags on ships. Right of anonymous IDs must be preserved for political dissidents also.
6/ @Billbrowder argues tech platforms it has insufficient financial incentives to self-police imposter activity like banks bear responsibility for facilitating money laundering. @DamianCollins asks about false audiences and advertisers being defrauded as commercial incentives.
7/ @edwardlucas describing how DCLeaks was a counterfeit fake news site for weaponizing state intelligence operations as an asymmetric attack. They started out as quick and cheap experiments to see how they would work. Important to look forward toward the next asymmetric models.
8/ @Billbrowder asked about social media identity theft, the pervasiveness of the problem for him, responsiveness of platforms. YouTube is most difficult platform to contend with, while Facebook has been responsive, Twitter protects parody accounts. A high-profile figure though.
9/ Asked about privacy rights, data protection rights, noting the US has fewer rights in this regard, @edwardlucas describes benefits #GDPR model of data ownership. Describes photo tagging consent on Facebook as example of the complexity of privacy, ability to de-anonymize people
10/ As discussion drifts to emerging ability fabricate false images, sounds, video (fake fake media, deepfakes), @edwardlucas argues for need for cryptographic signature for images and recordings to certify their authenticity.
11/ @edwardlucas describes browser malware warning screens as an example of public health warning to propose that websites with obfuscated whois domain registrations could have user-facing warning
12/ @Billbrowder describing Putin's interest in dismantling the EU and NATO and "bringing the world down to them" by infecting other countries with corruption so he can stay in power and keep his money. But he can only wage asymmetric war with plausible deniability.
13/ @edward describes how Nordic nations, Estonia, the countries that have been warning us for a long time, those we patronized, now need to be held up for managing these threat models that aren't a new problem. Commercial vulnerabilities are being exploited by hostile actors.
14/ Session adjourned with Browder and Lucas. Next up Elizabeth Denham from @ICOnews
15/ Denham launched ICO investigation into voter analytics in May 2017. 10 full-time people working on investigation across 30 organizations, including Cambridge Analytica, and political parties and campaigns. She's working on "pulling back the curtain" and report for Spring 2018
16/ @DamianCollins asks Denham about cooperation with Facebook, Twitter, Google. She has served 7 legal information notices. 1 challenged by tribunal. Will be serving 5 more notices this week.
17/ Denham describes information notice due process and a legal requirement and fulsome response which can be penalized with monetary fine, as the "data cops" but @DamianCollins asks about ICO's authority to conduct investigative probes into company data.
18/ Denham sees deficiency in her powers in ICO, her ability to enforce cooperation. "People shouldn't be able to buy themselves out of compliance with our office."
19/ UKIP challenged their ICO information notice to the tribunal, to be heard in May 2018 (in the public domain). Denham asked if membership in Facebook Groups membership is accessible to third parties. (Reference to AggregateIQ news reported by CBC, Bannon's FB Groups tool?)
20/ Under GDPR and new UK DPA, Denham will have new tools and expanded sanctions to enforce data protection law (4% of global revenue) and ability to order to cease of data processing or enforced data deletion, compulsory audits, something ICO can't do now.
21/ Denham says how the model of a regulator sitting back, waiting for complaints isn't working anymore because data processing is so opaque and people can't understand it. Data protection is right up front in the discussions about democracy, not a back office issue anymore.
22/ Denham has run some focus groups on how people understand their personal data being used by campaigns to target them. She suggests that people do not understand, and so they could not have granted consent, nor does it indicate sufficient transparency.
23/ Denham asked about last week's @CommonsCMS session with Cambridge Analytica but she declined to offer a reaction citing the ongoing investigation of them.
24/ Denham does not have "derogation" concerns about GDPR and new UK Data Protection bill even considering Brexit.
25/ Denham asked if any other similar inquiries are underway in other countries. No, not to her knowledge, so the pending ICO report in the spring will be groundbreaking, hopefully before the end of May. Denham asked about ICO resources to take on deep pocketed litigation.
26/ Denham is "deeply curious" which is why their information notices have been issued again if necessary when answers have not been sufficient.
27/ @DamianCollins asks Denham about the "right to be forgotten", how it is applied in current law (UK DPA of 1998), ICO gets 100s of requests to enforce de-linking in Google results. GDPR provides more explicit right to be forgotten. Collins asks about data profiles and deletion
28/ @DamianCollins asks about data deletion beyond Facebook, such as Cambridge Analytica, how do you know who to go to? ICO policy report will stress importance of transparency, chain of data custody. Regulator's job to push companies toward solutions that work. Too opaque now.
29/ @DamianCollins asks Denham about my Subject Access Request! She says I'm interested in the provenance of the data sources, and it's part of their line of inquiry but their is broader than that.
30/ My Subject Access Request to Cambridge Analytica has been specifically mentioned at three @CommonsCMS sessions. "His concerns are in line with our concerns" "We're paddling in the same canoe."
31/ Denham describes the jurisdiction question: Because my data was processed in the UK, it is subject to the Data Protection Act and British jurisdiction. This position differs from Mr. Nix's assertion before @CommonsCMS last week that Americans do not have rights in the UK.
32/ Hearing is adjourned. I could not be more pleased with Commissioner Denham's responses, especially with regard to being aligned and supported by Cambridge Analytica's regulator on the basis of my complaint and legal challenge. We will #TakeBackOurVoterData /fin
