15 comments

[ 2.7 ms ] story [ 43.6 ms ] thread
How useful is a physical search warrant when much information is stored in the cloud? Wouldn’t it be more useful to procure one for the cloud providers the company uses?
I think they'd want to look at email trails (and local copies of such e.g. Outlook data files) as much as looking for the 'big datasets' that Cambridge Analytica claims are now deleted. It's more likely, maybe, that internal emails from the time of the US presidential elections are still archived, and those would shed a light on the company's true conduct at the time.

I don't know if they're allowed to seize actual computers/hard drives (let's hope they have on-disk encryption), but I imagine that would be very valuable too.

Also, CA has had days of warning that this search is coming. Plenty of time to clean up.
If such a clean-up leaves even the tiniest trace and the investigators are worth their salt, this will land people in jail for obstruction of justice. Doubt anyone wants to risk jail time in their already pretty screwed situation.
Obstruction of justice can be less bad for you than the offense concealed, so if the offense is bad enough, risking punishment for that may not be irrational if it offers a real chance of concealing another offense.
If, as is likely, the chargeable offence is breaching the Data Protection Act I'd probably rather plead guilty to that than be on trial for obstruction of justice or perjury
The thing is that once you get to criminal charges, everyone is looking out just for his own head. The IT guy who will be asked to delete files couldn’t be gotten on election tampering, so he’s not going to commit obstruction of justice. And if you delete files such that the files are gone but the fact that you deleted them remains, then the government can implicate you for literally anything, so unless it was the worst of the worst crimes like child sex trafficking you’re probably better off pleading guilty to the offense.
If I were in charge of company that does what CA does, I'd specifically hire 'IT guys' that I have dirt on that is worse than any of this... Or I'd find dirt on people that my IT guy cares about.

I might be giving CA more credit than they're due in the smarts department, but considering that I'm just a dude making up scenarios, I find this particular one pretty plausible. And assuming the worst seems like a sensible approach in this case.

Is there any reason to believe this isn't completely too late? 24 hours after the ICO announced she was seeking a warrant, crates of documents were observed being unloaded from Cambridge Analytica's building. The offices weren't actually raided for an entire working week! Surely, with that kind of notice, they'd be idiots to leave anything incriminating lying around?
Most of the relevant information will be in digital form, and it would be quite difficult to destroy that evidence without a trace.
Why was facebook in the offices the very night this story broke then?
>>Surely, with that kind of notice, they'd be idiots to leave anything incriminating lying around?

They'd actually be super idiots if they touched anything.

Obstruction of justice and all. Plus related statues can very easily catch you, even if you come up clean in the original investigation. Say, they investigate you for X but you destroy documents or try to make it harder for "justice to do its work." Maybe in the end, the conclude that you committed no crime in X but you destroyed evidence...

Which specific law does "the use of personal data and analytics for political purposes" violate?
Don't know, but if you can pay a lawyer $2000 an hour, he/she can tell you.

Or just wait, the prosecutors will tell us for free.

None, intrinsically.

But, receiving, storing, and/or processing personal data without consent is, in most situations, likely to be against the the Privacy and Electronic Communication Regulations and the Data Protection Act. Additionally, information about political affiliation.

The key point in this case is that CA didn't have consent. CA don't dispute this, but say that they believed at the time that they did. It is a defence to show that you "exercised all due diligence" in complying.

ICO will be looking for not only evidence of the actual use of personal data, but also evidence regarding whether and to what extent CA were knowingly or recklessly non-compliant.