Information & Ethics Committee on April 17th, 2018

I think it's about 620,000 users. I am not an expert on electoral matters, but that number is obviously significant. So I think the answer to your question is yes.

I will certainly take note of that question.

Our point of departure is more the matter of purpose. Our investigation will focus on the use of Facebook user information—a network that essentially exists to communicate with friends—for analytical purposes in support of political goals.

You are suggesting that we push our work to a level of detail that would probably not be necessary for our purposes, but that could be useful. We will consider it, but I feel that the matter would be more the responsibility of Mr. Perrault at Elections Canada.

It can certainly have consequences on the election. So I encourage you to consider those questions. As you describe this situation to me, my main thought is that Facebook users provided the company with data mainly in order to communicate with a certain number of people, certainly not in order to receive advertising on the eve of the election urging them to vote for one reason or another.

In terms of the principles of privacy, in the scenario you are describing to us, the interpretation of consent seems to have been excessive. As to whether it would have electoral consequences, I would say that would probably be the case, even if these issues are not in my area.

I'd like to dispel some misunderstandings that may exist and further this along. The Facebook data that was scraped through Facebook apps as well as surveys that were conducted over Mechanical Turk, which is an Amazon offering that people can do—there were a lot of different ways that GSR was gathering data and tying it all back into Facebook profiles—wouldn't necessarily be needed anymore after the modelling, the analysis, the behavioural tools had been developed using that data. Once you understand the interactions and the way to make people do certain things with certain messaging, the raw data from Facebook can be purged. You don't need it anymore. You can then take that framework and use it with more election-based voting data that you start to build up to get the desired outcomes, because you've already used those frameworks on the social media data.

So no, I have not come across what is obviously the Facebook data in question within this repository. That's not to say it never existed, but yes, that's the—

I want to be clear that Amazon's Mechanical Turk system is a way to have people fill out surveys and pay them for it. That is one of the methods that GSR employed as they were gathering this type of data. They tied it back into the Facebook profile, but Amazon's Mechanical Turk was a vector used.

One of the earliest connections between Cambridge Analytica and Aggregate IQ is the fact, reflected in the code and the commentary from the employees, that they got the original software for the Ripon platform from a server owned under the name of Alexander Nix, who was the recently departed CEO over there at Cambridge Analytica SCL Group. So there is that direct tie-in.

One of the apps that was developed by AggregateIQ is a phone, community outreach, and voter-influencing messaging platform. It operated on a domain known as dclisten.com, which is also registered under the name of Alexander Nix. There are plenty of examples of resources and assets flowing between these two groups.

The only website they had up at the time...? I don't know the history of that website now. I just don't know.

The Trinidad and Tobago allegations—

I believe the evidence to show that those allegations are factual exists here. It's not in a final conclusion phase, but yes, there is a Trinidad and Tobago project in here with personally identifiable information of a great deal of people.

Whether they got it from ISPs or other means—

—is not definitive, but yes, there is personally identifiable—