Connect with us


Facebook’s secret settlement on Cambridge Analytica gags UK data watchdog



Remember the app audit Facebook founder Mark Zuckerberg promised to carry out a little under three years ago at the height of the Cambridge Analytica scandal? Actually the tech giant is very keen that you don’t.

The UK’s information commissioner just told a parliamentary subcommittee on online harms and disinformation that a secret arrangement between her office and Facebook prevents her from publicly answering whether or not Facebook contacted the ICO about completing a much-trumpeted ‘app audit’.

“I think I could answer that question with you and the committee in private,” information commissioner Elizabeth Denham told questioner, Kevin Brennan, MP.

Pressed on responding, then and there, on the question of whether Facebook ever notified the regulator about completing the app audit — with Brennan pointing out “after all it was a commitment Mark Zuckerberg gave in the public domain before a US Senate committee” — Denham referred directly to a private arrangement with Facebook which she suggested prevented her from discussing such details in public.

“It’s part of an agreement that we struck with Facebook,” she told the committee. “In terms of our litigation against Facebook. So there is an agreement that’s not in the public domain and that’s why I would prefer to discuss this in private.”

In October 2019 Facebook settled with the UK’s data protection watchdog — agreeing to pay in full a £500,000 penalty announced by the ICO in 2018 in relation to the Cambridge Analytica breach but which Facebook had been appealing.

When it settled with the ICO Facebook did not admit liability. It had earlier secured a win, from a first-tier legal tribunal that had held June that “procedural fairness and allegations of bias” against the regulator should be considered as part of its appeal, so its litigation against Facebook had got off to a bad start — likely providing the impetus for the ICO to settle with Facebook’s private army of in-house lawyers.

In a statement at the time, covering the bare bones of the settlement, the ICO said Denham considered the agreement “best serves the interests of all UK data subjects who are Facebook users”.

There was no mention of any ‘gagging clauses’ in that disclosure. But the regulator did note that the terms of the agreement gave Facebook permission to “retain documents disclosed by the ICO during the appeal for other purposes, including furthering its own investigation into issues around Cambridge Analytica”.

So — at a stroke — Facebook gained control of a whole lot of strategically important information.

The settlement looks to have been extremely convenient for Facebook. Not only was it fantastically cheap (Facebook paid $5BN to settle with the FTC in the wake of the Cambridge Analytica scandal just a short while later); and not only did it provide Facebook with a trove of ICO-obtained data to do its own digging into Cambridge Analytica safely out of the public eye; but it also ensured the UK regulator would be restricted in what it could say publicly.

To the point where the information commissioner has refused to say anything about Facebook’s post-Cambridge Analytica app audit in public.

The ICO seized a massive trove of data from the disgraced (and since defunct) company which had become such a thorn in Facebook’s side, after raidingCambridge Analytica’s UK offices in early 2018. How much of that data ended up with Facebook via the ICO settlement is unclear.

Interestingly, the ICO also never produced a final report on its Cambridge Analytica investigation.

Instead it sent a letter to the DCMS committee last year — in which it set out a number of conclusions, confirming its view that the umbrella of companies of which CA was a part had been aggregating datasets from commercial sources to try to “make predictions on personal data for political alliance purposes”, as it put it; also confirming the improperly obtained Facebook data had been incorporated into a pre-existing database containing “voter file, demographic and consumer data for US individuals”.

The ICO also said then that its investigation did not find evidence of the Facebook data that had been sold to Cambridge Analytica had been used for political campaigning associated with the UK’s Brexit Referendum. But there was no overarching report detailing the underlying workings via which the regulator got to its conclusions.

So, again from Facebook’s perspective, a pretty convenient outcome.

Asked today by the DCMS committee why the regulator had not produced the expected final report on Cambridge Analytica, Denham pointed to a number of other reports it put out over the course of the multi-year probe, such as audits of UK political parties and an investigation into credit reporting agencies.

“The letter was extensive,” she also argued. “My office produced three reports on the investigation into the misuse of data in political campaigning. So we had a policy report and we had two enforcement reports. So we had looked at the entire ecosystem of data sharing and campaigning… and the strands of that investigation are reported out sufficiently, in my view, in all of our work.”

“Taken together the letter, which was our final line on the report, with the policy and the enforcement actions, prosecutions, fines, stop processing orders, we had done a lot of work in this space — and what’s important here is that we have really pulled back the curtain on the use of data in democracy which has been taken up by… many organizations and parliamentarians around the world,” she added.

Denham also confirmed to the committee that the ICO has retained data related to the Cambridge Analytica investigation — which could be of potential use to other investigations still ongoing around the world. But she denied that her office had been asked by the US Senate Intelligence Committee to provide it with information obtained from Cambridge Analytica — seemingly contradicting an earlier report by the US committee that suggested it had been unable to obtain sought for information. (We’ve contacted the committee to ask about this.)

Denham did say evidence obtained from Cambridge Analytica was shared with the FTC, SEC and with states attorneys general, though.

We’ve also reached out to Facebook about its private arrangement with the ICO, and to ask again about the status of its post-Cambridge Analytica ‘app audit’. (And will update this report with any response.)

The company has produced periodic updates about the audit’s progress, saying in May 2018 that around 200 apps had been suspended as a result of the internal probe, for example.

Then in August 2019 Facebook also claimed to the DCMS committee that the app audit was “ongoing”.

In its original audit pledge — in March 2018 — Zuckerberg promised a root and branch investigation into any other ‘sketchy’ apps operating on Facebook’s platform, responding in a ‘crisis’ length Facebook post to the revelations that a third party had illicitly obtained data on millions of users with the aim of building psychographic profiles for voter targeting. It later turned out that an app developer, operating freely on Facebook’s platform under existing developer policies, had sold user data to Cambridge Analytica.

“We will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity,” Zuckerberg wrote at the time. “We will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps. That includes people whose data [Aleksandr] Kogan misused here as well.”

It’s notable that the Facebook founder did not promise to transparently and publicly report audit findings. This is of course what ‘self regulation’ looks like. Invisible final ‘audit’ reports.

An ‘audit’ that’s entirely controlled by an entity deeply implicated in core elements of what’s being scrutinized obviously isn’t worth the paper it’s (not) written on. But, in Facebook’s case, this opened-but-never-closed ‘app audit’ appears to have served its crisis PR purpose.

Continue Reading


Donald Trump is one of 15,000 Gab users whose account just got hacked



Promotional image for social media site Gab says

Enlarge (credit:

The founder of the far-right social media platform Gab said that the private account of former President Donald Trump was among the data stolen and publicly released by hackers who recently breached the site.

In a statement on Sunday, founder Andrew Torba used a transphobic slur to refer to Emma Best, the co-founder of Distributed Denial of Secrets. The statement confirmed claims the WikiLeaks-style group made on Monday that it obtained 70GB of passwords, private posts, and more from Gab and was making them available to select researchers and journalists. The data, Best said, was provided by an unidentified hacker who breached Gab by exploiting a SQL-injection vulnerability in its code.

“My account and Trump’s account were compromised, of course as Trump is about to go on stage and speak,” Torba wrote on Sunday as Trump was about to speak at the CPAC conference in Florida. “The entire company is all hands investigating what happened and working to trace and patch the problem.”

Read 10 remaining paragraphs | Comments

Continue Reading


Kaltura files to go public on the back of accelerating revenue growth, rising losses



Kaltura, a software company focused on providing video technology to other concerns, has filed to go public.

The Kaltura S-1 filing only partially surprised. TechCrunch previously covered the company as part of our ongoing $100 million ARR series focusing on private companies that have reached material scale. (TechCrunch has also covered its product life to a moderate degree.)

The company’s IPO documentation details a business that did more than merely accelerate its growth in 2020, and more specifically, during the COVID-19 era. Seeing a company that powers video tooling do well when much of the world has transitioned to remote work and education is not a bolt from the blue. What is notable, however, is that the company’s revenue growth has accelerated yearly since at least 2018 and its final quarter of 2020 placed the company at a new growth rate maximum.

Public investors, hungry for growth, may find such a progression compelling.

Kaltura also has an interesting profitability profile: As its GAAP net losses scaled in the last year, its adjusted profitability improved. Depending on your stance regarding adjusted metrics, Kaltura’s bottom line will either irk or delight you.

This afternoon, let’s rip into the company’s S-1 and yank out what we need to know. It is IPO season, with SPACs galore and other private companies taking more traditional routes to the public markets, including Coupang announcing a price range for its traditional debut today and Coinbase’s impending direct listing.

For now we’ll focus on Kaltura. Let’s get into it.

Inside Kaltura’s IPO filing

When TechCrunch last covered Kaltura’s financial results, we noted that the company founded in 2006 had raised just north of $166 million, crossed the $100 million ARR mark, and was, per its own reporting, “profitable on an EBITDA.” Kaltura also told TechCrunch that it had margins in the 60% range and was growing at around 25% year over year. That was just over a year ago.

Do those figures hold up? In the Q1 2020 period Kaltura recorded $25.9 million in revenue, software margins of around 78% and blended gross margins of 59.8%. And the company had grown 16.6% from the year-ago quarter. In Kaltura’s defense, the company’s growth accelerated to 24% in the year, so its self-reported numbers were mostly fair. Better than, I think, most numbers we get from private companies.

Continue Reading


Square’s bank arm launches as fintech aims ‘to operate more nimbly’



Known for its innovations in the payments sector, Square is now officially a bank.

Nearly one year after receiving conditional approval, Square said Monday afternoon that its industrial bank, Square Financial Services, has begun operationsSquare Financial Services completed the charter approval process with the FDIC and Utah Department of Financial Institutions, meaning its ready for business.

The bank, which is headquartered in Salt Lake City, Utah, will offer business loan and deposit products, starting with underwriting, and originating business loans for Square Capital’s existing lending product.

Historically, Square has been known for its card reader and point-of-sale payment system, used largely by small businesses – but it has also begun facilitating credit for the entrepreneurs and smalls businesses who use its products in recent years.

Moving forward, Square said its bank will be the “primary provider of financing for Square sellers across the U.S.”

In a statement, Square CFO and executive chairman for Square Financial Services, Amrita Ahuja said that bringing banking capability in house will allow the fintech to “operate more nimbly.”

Square Financial Services will continue to sell loans to third-party investors and limit balance sheet exposure. The company said it does not expect the bank to have a material impact on its consolidated balance sheet, total net revenue, gross profit, or adjusted EBITDA in 2021.

Opening the bank “deepens Square’s unique ability to expand access to loans and banking tools to underserved populations,” the company said.

Lewis Goodwin had been tapped to serve as the bank’s CEO, and Brandon Soto its CFO. With today’s announcement, Square also announced the following new appointments:

  • Sharad Bhasker, Chief Risk Officer
  • Samantha Ku, Chief Operating Officer
  • Homam Maalouf, Chief Credit Officer
  • David Grodsky, Chief Compliance Officer
  • Jessica Jiang, Capital Markets and Investor Relations Lead

The trend of fintechs becoming bank continues. In February, TechCrunch reported on the fact that Brex had applied for a bank charter.

The fast-growing company, which sells a credit card tailored for startups with Emigrant Bank currently acting as the issuer, said that it had submitted an application with the Federal Deposit Insurance Corporation (FDIC) and the Utah Department of Financial Institutions (UDFI) to establish Brex Bank.

A number of fintech companies, or those with fintech services, have spun up products typically offered by banks, including deposit and chequings accounts as well as credit offerings. Often, these are designed to provide capital to customers who might not be able to get funding on favorable terms from traditional banking institutions, but who might qualify for business-building loans from a provider who knows their company, like Square, inside and out.

Continue Reading