The Cambridge Analytica scandal rocked Facebook when it came to light last year, but newly revealed documents containing internal Facebook conversations released jointly by Facebook and the District of Columbia attorney general show that the company was already investigating complaints about Cambridge Analytica potentially abusing data as early as September 2015, months before the December date that Facebook has repeatedly testified to.
“We suspect many of these companies are doing similar types of scraping, the largest and most aggressive on the conservative side being Cambridge Analytica, a sketchy (to say the least) data modeling company that has penetrated our market deeply,” an email from a Facebook employee on September 22nd, 2015, reads. They ask whether the company can develop specific responses to these types of inquiries and for help determining what Cambridge Analytica was actually doing.
What the newly revealed messages prove is a matter of interpretation and how much you’d like to split hairs over what Cambridge Analytica’s specific violation was. In a hilariously titled blog post “Document Holds the Potential for Confusion,” Facebook deputy counsel Paul Grewal argues that the document proves nothing new, noting that Facebook only knew about Aleksandr Kogan selling data in December 2015, as it originally claimed, and the September 2015 discussion was a separate accusation that Cambridge Analytica was improperly scraping profiles that ultimately didn’t amount to anything.
“Facebook was not aware that Kogan sold data to Cambridge Analytica until December 2015.” Grewal writes. “That is a fact that we have testified to under oath, that we have described to our core regulators, and that we stand by today.”
But two things are clear from the documents: one, Cambridge Analytica was at least on Facebook’s radar for potential policy violations as early as September 2015, and two, Facebook’s team was woefully unprepared for the level to which Cambridge Analytica (and similar firms) were abusing its policies to gather data.
Reading the message thread, you can see Facebook employees noting that there isn’t an explicit policy of what is or isn’t allowed for these sorts of political analysis and data-scraping apps. As one employee wrote in response to the original query about Cambridge Analytica’s data scraping on September 30th, 2015, “I don’t believe we currently have any language/boilerplate messaging,” although their hunch is that “these app’ data-scraping activity is likely non-compliant.”
Further in the thread, employees begin to investigate those apps, even going as far as to try to set up time with developers and watch as everything explodes as the company finds out — seemingly, alongside everyone else in the world — the true extent of the issue, thanks to The Guardian’s exposé. “Can you expedite the review of Cambridge Analytica?” an email reads, noting that the whole problem has just become a much larger PR issue.
It’s that lack of awareness that’s most concerning about these emails, rather than the specific month when Facebook became aware of the issue. Whether it knew in September or December, Facebook wasn’t remotely prepared to handle the issue — and that’s a far bigger problem than Facebook’s concerns over a “potential for confusion.”