Information & Ethics Committee on April 24th, 2018

Good morning. My name is Zack Massingham, and I'm the co-founder and Chief Executive Officer of AggregateIQ.

I would like to thank you for inviting us to join you here today to provide information to support your study and to answer your questions. I'd like to start by sharing some information about our company.

My idea for AggregateIQ started in 2011 while working for a campaign. I saw that there were a number of inefficient things that campaigns were doing, and learnings weren't being applied from one campaign through to the next. They were using paper to keep track of what they were doing.

I created AggregateIQ to provide IT services to help them use technology to campaign better. I purchased the AggregateIQ.com domain name in April 2011 and use AggregateIQ as a trade name for my consulting work. In 2013 Jeff Silvester and I decided to formally work together. We incorporated AggregatelQ Data Services Ltd. in November 2013, and today we just go by AggregateIQ or AIQ.

Given some of the testimony you have heard, some of which has been reported in the media, we thought it would be important to clarify a few things. We are not, nor have we ever been, a department or subsidiary of SCL or Cambridge Analytica. We are, and have always been, 100% Canadian owned and operated.

There were two people responsible for founding the company, and those same two people are responsible for the operations of that company: Jeff Silvester and me. All of the work we do for our clients is kept separate from every other client. The only personal information we use in our work is that which is provided to us by our clients for specific purposes. In doing so, we do our very best to comply with all applicable privacy laws in each jurisdiction where we work.

We have never managed, had access to, or used any Facebook data allegedly improperly obtained by Cambridge Analytica or by anyone else.

We are an online advertising website and software development company from Victoria, British Columbia. With determination, a lot of hard work, and the help of our amazing team, we've had the opportunity to work on projects around the world, but we remain a small Canadian company.

Thank you.

Good morning. My name is Jeff Silvester, and I'm the Chief Operating Officer and the other co-founder of AggregateIQ.

I'd like to tell you a little bit more about what we do, but before that, I'd like to tell you what we do not do. We are not a big data company. We are not a data analytics company. We do not harvest, or otherwise illegally obtain, data. We never share information from one client to another, and we are not a practitioner of the so-called digital dark arts. As Zack said, we do online advertising, make websites, and software for our clients.

Let me explain that a little bit.

During an election, politicians from all parties go out into their communities. They put up signs on busy street corners and on supporters' lawns. They do burma-shaves on the side of the road, waving at passing cars. There are coffee parties, town halls, debates, and countless conversations in doorways, on the phone, as you try to share your vision, and your ideas for making your community and our country a better place.

All of this, of course, while listening to your constituents and talking about what they care about most. What we do is no different, it's just online.

When we place a Facebook ad for a client, it's a lot like a burma-shave when you stand on the side of the road waving. You might measure the success of waving at passing cars by the number of folks who honk, and wave back with a smile, versus the number of those who might honk, and use a slightly less appropriate wave.

You might have an idea as to the number of cars that went by, and how many were positive or negative, but you don't know who those people were, and it's the same with an online ad.

You can choose to show your ad in a particular geography, or to a general demographic, but you only get back how many times it was shown, or how many people clicked on it. You don't know who those people were, and you don't have access to their personal information.

Our employees are software developers and online advertising specialists. The software we make is the same as the tools that each of the parties represented here use on their campaigns. There's software for helping go door-to-door, software for making phone calls, and software to send emails to remind people to vote. We also have reporting software to help show campaigns how they're doing along the way.

These tools help candidates and elected officials connect with more people than they've ever been able to before. Now, instead of a quick handshake at a town hall meeting, constituents can have a meaningful dialogue with the people who represent them, whether they're at home, in Ottawa, or anywhere around the world.

Having said that, while we do our best, we don't always get everything right.

On Sunday, March 25, we were alerted by the media to unauthorized access to a code repository. We took immediate steps to lock down that server, and indeed all of our servers and services, to ensure no further access was possible. During the process of locking down the server, and investigating how the unauthorized access had occurred, we discovered that some personal information from voters in the U.S. was inadvertently left in one of the code backups.

Within a few hours of the initial report by the media, in addition to notifying our clients, we contacted the acting deputy commissioner from the Office of the Information and Privacy Commissioner for British Columbia, and we launched a full and thorough investigation.

That investigation is still ongoing, but we're committed to examining every detail to see what caused that system to be modified to allow the individual access to that server. As part of that investigation, we've sent letters to the individuals who gained unauthorized access to ask that they certify that they've deleted all of the information they obtained without permission. We're following the guidelines from the Office of the Information and Privacy Commissioner for British Columbia, and we look forward to following up with that office as our investigation progresses.

That there was any personal information in our code repository at all was a mistake on our part. It was not supposed to be there. As the person ultimately responsible for that, I'm sorry.

We've already put in place measures to prevent that from happening again, and as we complete our investigation, I anticipate there may be additional recommendations and improvements that can be made.

The federal and provincial privacy commissioners may also have recommendations, which we welcome and will act upon.

We are committed to ensuring that this investigation is done thoroughly and done right.

In closing, we have built a successful tech company in Victoria, British Columbia. We've employed, and continue to employee, many highly educated young people, and we're proud of what we have built right here in Canada.

There are a lot of misconceptions about the modern use of advertising for political and other purposes, and to the extent that we can assist the committee by explaining what actually happens, and how the technology is used, we're committed to doing that.

I would like to thank the committee for inviting us here today, and for its important and valuable work. I, too, look forward to your questions.

Thank you.

No.

We invoiced an amount for all of the advertising, but we were paid approximately.... Now I have to think. It was—

It was about $140,000 all together.

That's for the advertising as a whole. Other than the amount we talked about, the vast majority of that was for advertising, so that would go directly, through us, to places like Facebook and Google.

That's not profit, and that's where—

Correct.

At Vote Leave, it was the director of digital operations.

Henry de Zoete.

We don't have data to profile and target, and we don't profile and target individuals.

Generally, yes. The campaign provided us with the information on who they would like, from a general demographic sense, who they believed their target audience was, and then we put that into the tools, like Facebook and Google, in order to show—