On 20 March 2018, Chris Vickery — the director of cyber risk research at data security firm UpGuard — came across a large library of code evidently belonging to a Canadian digital advertising and software development company named AggregateIQ, or AIQ. As disclosed in a 22 March 2018 UpGuard blog post:
On the night of March 20th, 2018, […] Chris Vickery discovered a large data warehouse hosted on a subdomain of AIQ and using a custom version of popular code repository Gitlab, located at the web address gitlab.aggregateiq.com.
Within these repositories appear to be nothing less than mechanisms capable of organizing vast quantities of data about individuals, measuring how they are being influenced or reached by advertising, and even tracking their internet browsing behavior.
On the one hand, this was an extremely careless move by AIQ that made public at least a portion of their company’s intellectual property. “The simple matter of fixing a permission setting to exclude public registrants from viewing this development repository would have been the difference between whether the code was exposed or secured,” wrote Vickery in the first of a four–part series on the breach.
Much more significantly, however, is the fact that the code appears to be the technical framework for a software package named “Ripon” which has been utilized, in some form, by the Cambridge Analytica-led campaign operations of Ted Cruz, Donald Trump, and several pro-Brexit groups in the UK — among others.
Not only do the documents uncovered by Vickery expose powerful tools capable of creating detailed profiles of millions of voters prior to the 2016 U.S. presidential election, the code indicates a willingness to target voters for “disengagement” purposes and appears to betray AIQ’s link to the now-infamous political consulting firm Cambridge Analytica.
What Is AggregateIQ?
AggregateIQ, or AIQ, was founded in 2013 by Canadians Jeff Silvester and Zack Massingham. According to their website, they are “a digital advertising, web and software development company based in Canada.” They have been mired in scandal ever since allegations that the company worked with Cambridge Analytica first surfaced in March 2017.
These claims gained further credence when former director of research at Cambridge Analytica Chris Wylie — now a whistleblower — alleged in March 2018 that AIQ essentially operated as a “department” of Cambridge Analytica:
“AIQ wouldn’t exist without me,” [Wylie] said. “When I became research director for SCL [the parent company of Cambridge Analytica] we needed to rapidly expand our technical capacity and I reached out to a lot of people I had worked with in the past.”
That included Jeff Silvester, his former boss, who lived in Wylie’s home town — Victoria, capital of the province of British Columbia. Wylie suggested Silvester should work for the firm in London. “But he had just had a family and wasn’t keen to go to London,” he said.
Instead of moving, Wylie alleged, Silvester just started what was in effect a Canadian branch of SCL Group, the parent company of Cambridge Analytica. AIQ’s website makes it clear they vigorously dispute Wylie’s assertions of a link to Cambridge Analytica and its parent company:
AggregateIQ has never been and is not a part of Cambridge Analytica or SCL. Aggregate IQ has never entered into a contract with Cambridge Analytica. Chris Wylie has never been employed by AggregateIQ.
Despite their website’s assurances that there has never been a link between AIQ and Cambridge Analytica, Sylvester acknowledged to Gizmodo on 26 March 2018 that they had done “some” software development work for SCL. “We last worked with SCL in 2016 and have not worked with them since,” he said.
What Software Product Did AggregateIQ Allegedly Develop?
In 2015, Senator Ted Cruz’s candidacy for United States president was backed by the Mercer family, who are politically-minded conservative billionaires and a significant source of financial support for Cambridge Analytica, Breitbart News, and (following Cruz’s defeat) the campaign of Donald Trump. As reported by Mother Jones in March 2018, the Mercers pitched a revolutionary piece of software to aid in Cruz’s primary efforts:
Brought to Cruz by two of the campaign’s biggest backers, hedge fund billionaire Robert Mercer and his daughter Rebekah, Cambridge Analytica was put in charge of the entire data and digital operation, embedding 12 of its employees in Houston.
The company, largely owned by Robert Mercer, said it had something special for Cruz. According to marketing materials obtained by Mother Jones, it pitched a “revolutionary” piece of software called Ripon, an all-in-one tool that let a campaign manage its voter database, microtargeting efforts, door-to-door canvassing, low-dollar fundraising, and surveys. Ripon, Cambridge vowed, was “the future of campaigning.”
“Ripon” — named after the town in Wisconsin where some say the Republican party was born — made its debut (fairly unsuccessfully) with the campaign of Ted Cruz, but it appears to have become the underlying framework for all Cambridge Analytica data-mining and voter targeting operations — their so-called “special sauce.” These ventures include work for the campaign of Donald Trump and several pro-Brexit political groups.
As it turns out, the code left publicly available on AIQ’s GitLab repository and uncovered by Chris Vickery had several files with the name “Ripon” and is littered with references to Ted Cruz and SCL:
Among the most interesting is the configuration file titled “config.ia.php,” likely signifying Iowa, the crucial first caucus state Ted Cruz won in 2016 while using Cambridge Analytica’s data. […]
Other data reveals that any time a new configuration is created for a new state, four user accounts are automatically added as the new file is seeded with starter data. The last two of these four accounts – System, Admin, SCL, and AIQ – are the most intriguing. While AggregateIQ’s acronym is obvious, SCL likely refers to Cambridge Analytica’s parent company, SCL Elections.
This, Vickery argued, seems to suggest that a version of the app Cambridge Analytica promised would be “revolutionary” for the Cruz campaign was found in the development repository of AggregateIQ — despite those vigorous denials that AIQ had any tie to Cambridge Analytica.
What Can the AIQ Breach Tell Us About Cambridge Analytica’s Capabilities?
In 2017, David Carroll, a professor of media design at Parson’s School of Design, obtained the voter profile Cambridge Analytica had generated about him prior to the 2016 election. Disturbed by its accuracy, he noted that it came with no real information on how the profile had been generated.
“It was very strange and unsettling because they had given me ‘scores’ for different issues but I had no idea what they’d based this on,” he said in 2017. The company, UK’s Observer reported, scored him 3/10 on “Gun Rights Importance”, a 7/10 on “National Security Importance,” and “unlikely” to vote Republican:
“I was perplexed by it. I started thinking, ‘Have I had conversations about gun rights on Facebook? Where are they getting this from? And what are they doing with it?’” He reported the firm to the UK Information Commissioner’s Office, which is investigating the use of data in political campaigning; he has also launched a CrowdJustice campaign and is appealing to the public to help him take the case as far as he can through the British courts.
In what has become an important Internet privacy litigation test case, Carroll continues to fight for that data, as reported in March 2018:
Last week, David Carroll, an associate professor at Parsons School of Design in New York, filed a statement in the high court in London in support of a claim to recover his data and reveal its source, citing Cambridge Analytica and SCL Elections Ltd, described as its parent company. […]
Carroll found that he could sue to obtain access to his information in Britain in part because one of the companies is a UK limited company. Carroll’s request for information […] was formally entered with the UK courts on Friday.
In addition to containing files for a version of Cambridge Analytica’s vaunted Ripon software, the code left on AIQ’s GitLab account details myriad other digital processes potentially employed to gather the kind of data necessary to make what they call “psychographic profiles” of voters like the one Carroll found about himself:
[Projects] titled “Monarch,” “Saga,” and “Duke,” appear to have the capability to track individual’s preferences and habits on Facebook and other websites, combining those data points. Once compiled in this manner by Monarch and Saga, this information could be combined with other datasets to maximize the accuracy of outreach campaigns – whether via canvassing, direct mail, or simply through strengthened online ad targeting.
Carroll, who studies digital advertising, told us how such technology is likely used to create “enriched voter profiles”:
You start with the voter registration and then you blend that with other data sources to create the various profiles. In that case, you see them as a psychographic profile. There was also an ideological profile, and there was sort of the predictions on what segments they were, in terms of their propensities. And those three facets can be used to create what I would call pre-targeted lists.
This is especially problematic, he said, when combined with features on Facebook that make possible the creation of posts tailor-made to specific individuals and visible (without their knowledge) only to them, so-called “dark posts”:
A voter who they’ve calculated to be a very valuable vote, because they’ve modeled [their location] to be a very competitive district, that individual, by name, receives the ad.
That person doesn’t know that their voter file has been used in this way, and they don’t know that they’re the only one seeing this. Their neighbors are not seeing it, and their family members aren’t seeing it, so they can’t even have a conversation with their local community about these messages they’re seeing.
“It really erodes the notion of sort of the public sphere, which is sort of essential for democracy — that we get to talk together as a public about campaigns and candidates,” he said.
What Does the Breach Tell Us About the 2016 U.S. Election?
While many campaigns seek to build voter rolls that have as detailed information as possible for voter turnout efforts — the campaigns of Barack Obama were groundbreaking in this regard — the code also hints at something potentially more nefarious: efforts to dissuade people from voting.
In a 10 June 2018 tweet, Vickery shared a portion of the Ripon code that showed different possible groupings of voters. One such category was titled “disengagement target”:
Ripon voter querying contains the pictured filtering option. pic.twitter.com/YCEx8dCTmj
— Chris Vickery (@VickerySec) June 11, 2018
Speaking to us by phone (and not as a representative of his employer), Vickery argued that this “damning” capability could possibly be an example of illegal voter suppression:
The fact that there is a segment that they have classified [as a] disengagement target, and that, Christopher Wylie testified that “disengagement” was their codeword for suppression, [makes this] so damning. It’s not like it says “disengage target”, like maybe it was “delete this group” or something. It literally says “disengagement.”
(CEO Jeff Silvester told Canadian MPs on 12 June 2018 that “a disengagement target are just the people you don’t want to talk to.”)
The Trump campaign had explicitly claimed to be using “voter suppression” techniques during the 2016 United States presidential election, and those efforts could have been supercharged by a software package that could precisely and accurately identify targets for disengagement. In October 2016, 12 days before the general election that would unexpectedly catapult Donald Trump into the nation’s highest office, Bloomberg reported on three specific voter suppression efforts targeted at potentially wavering Hillary Clinton voters:
Instead of expanding the electorate, [Trump Campaign chair and Cambridge Analytica board member Steve] Bannon and his team are trying to shrink it. “We have three major voter suppression operations under way,” says a senior official. They’re aimed at three groups Clinton needs to win overwhelmingly: idealistic white liberals, young women, and African Americans.
Their strategy for suppressing the votes of black Americans — as an example — centered around publicizing a 1996 statement by Hillary Clinton referring to gang members as “superpredators” while discussing a community policing initiative — a discussion that offended many people. Using the aforementioned “dark posts,” Cambridge Analytica bombarded black Americans specifically with memes highlighting that comment with the hope that it would discourage them from voting at all:
A young [Trump] staffer showed off a South Park-style animation he’d created of Clinton delivering the “super predator” line (using audio from her original 1996 sound bite), as cartoon text popped up around her: “Hillary Thinks African Americans are Super Predators.”
The animation will be delivered to certain African American voters through Facebook “dark posts”—nonpublic posts whose viewership the campaign controls so that, as [digital media director for Donald Trump’s 2016 campaign Brad] Parscale puts it, “only the people we want to see it, see it.” The aim is to depress Clinton’s vote total. “We know because we’ve modeled this,” says the official. “It will dramatically affect her ability to turn these people out.”
What the AIQ data breach tells us is that software used by Cambridge Analytica specifically had the ability to create massive lists of people who had, knowingly or unknowingly, undergone extensive psychological profiling, and that one of its features was to identify individuals who would be prime targets for such “disengagement” efforts — a concept in line with Trump’s reported turnout strategy.
United States law describes “cases of voter intimidation, coercion, threats and other tactics aimed at suppressing a person’s ability to vote” as civil rights violations of federal election law. Vickery’s personal view is that efforts aimed at deterring people from voting by — for example — sending them negative messages about a candidate they are likely to support in a way that is tailored to their specific psychological profile, could fit that definition:
What it’s gonna to come down to in the law I believe, is that last part of it: “Ability to vote”. The people that are doing this are gonna argue it didn’t stop their ability. It stopped their willingness to vote. […] But I’m firmly behind the idea that somebody’s willingness to vote is inherently their ability to vote.
What Has Become of Aggregate IQ?
On 24 April 2018, AIQ’s founder and chief operating officer Jeff Silvester and chief executive officer Zack Massingham testified before the Canadian House of Commons’ privacy and ethics committee to respond to allegations that they were linked to Cambridge Analytica. They denied much of the claims that had been introduced by whistleblower Chris Wylie.
Both Sylvester and Massingham were later subpoenaed to provide further testimony after the committee accused the firm of mischaracterizing their relationship with SCL under oath. On 12 June 2018, Silvester once again denied any impropriety before the committee, but this time Massingham did not show up, citing undisclosed “health reasons” to the displeasure of the gathered members of Parliament:
[MP] Erskine-Smith said the committee would meet behind closed doors after hearing from Silvester to discuss referring Massingham’s absence to the House of Commons, as it may constitute grounds for a finding of contempt of Parliament.
Whatever becomes of AIQ from a legal or financial standpoint is of secondary importance to the information gleaned from their accidentally-public development files. “If you have enough money to afford the storage and the processing power,” Vickery told us, “a lot of teams could do what they did. But it takes a lot of money to have the kind of Cloud processing that they’ve utilized here.”
“The […] arms race to make the stuff more precise is exponential, especially without any countervailing forces,” Carroll told us. “We should assume that without any further restrictions or accountability, [microtargeting] will only get more powerful.”
Update [13 June 2018]: Added testimony from CEO Jeff Silvester; edited to reflect that dark posts (but not dark ads) are still allowed on Facebook.