ETHI Committee Meeting
Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.
For an advanced search, use Publication Search tool.
If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.
Standing Committee on Access to Information, Privacy and Ethics
|
l |
|
l |
|
EVIDENCE
Tuesday, April 24, 2018
[Recorded by Electronic Apparatus]
[English]
I call the meeting to order. This is the Standing Committee on Access to Information, Privacy and Ethics, meeting number 101, pursuant to Standing Order 108(3)(h)(vii), the study of breach of personal information involving Cambridge Analytica and Facebook.
Today we have, from AggregateIQ, Zackary Massingham, Chief Executive Officer, and Jeff Silvester, Chief Operating Officer.
Welcome, gentlemen.
Mr. Massingham, go ahead.
Good morning. My name is Zack Massingham, and I'm the co-founder and Chief Executive Officer of AggregateIQ.
I would like to thank you for inviting us to join you here today to provide information to support your study and to answer your questions. I'd like to start by sharing some information about our company.
My idea for AggregateIQ started in 2011 while working for a campaign. I saw that there were a number of inefficient things that campaigns were doing, and learnings weren't being applied from one campaign through to the next. They were using paper to keep track of what they were doing.
I created AggregateIQ to provide IT services to help them use technology to campaign better. I purchased the AggregateIQ.com domain name in April 2011 and use AggregateIQ as a trade name for my consulting work. In 2013 Jeff Silvester and I decided to formally work together. We incorporated AggregatelQ Data Services Ltd. in November 2013, and today we just go by AggregateIQ or AIQ.
Given some of the testimony you have heard, some of which has been reported in the media, we thought it would be important to clarify a few things. We are not, nor have we ever been, a department or subsidiary of SCL or Cambridge Analytica. We are, and have always been, 100% Canadian owned and operated.
There were two people responsible for founding the company, and those same two people are responsible for the operations of that company: Jeff Silvester and me. All of the work we do for our clients is kept separate from every other client. The only personal information we use in our work is that which is provided to us by our clients for specific purposes. In doing so, we do our very best to comply with all applicable privacy laws in each jurisdiction where we work.
We have never managed, had access to, or used any Facebook data allegedly improperly obtained by Cambridge Analytica or by anyone else.
We are an online advertising website and software development company from Victoria, British Columbia. With determination, a lot of hard work, and the help of our amazing team, we've had the opportunity to work on projects around the world, but we remain a small Canadian company.
Thank you.
Good morning. My name is Jeff Silvester, and I'm the Chief Operating Officer and the other co-founder of AggregateIQ.
I'd like to tell you a little bit more about what we do, but before that, I'd like to tell you what we do not do. We are not a big data company. We are not a data analytics company. We do not harvest, or otherwise illegally obtain, data. We never share information from one client to another, and we are not a practitioner of the so-called digital dark arts. As Zack said, we do online advertising, make websites, and software for our clients.
Let me explain that a little bit.
During an election, politicians from all parties go out into their communities. They put up signs on busy street corners and on supporters' lawns. They do burma-shaves on the side of the road, waving at passing cars. There are coffee parties, town halls, debates, and countless conversations in doorways, on the phone, as you try to share your vision, and your ideas for making your community and our country a better place.
All of this, of course, while listening to your constituents and talking about what they care about most. What we do is no different, it's just online.
When we place a Facebook ad for a client, it's a lot like a burma-shave when you stand on the side of the road waving. You might measure the success of waving at passing cars by the number of folks who honk, and wave back with a smile, versus the number of those who might honk, and use a slightly less appropriate wave.
You might have an idea as to the number of cars that went by, and how many were positive or negative, but you don't know who those people were, and it's the same with an online ad.
You can choose to show your ad in a particular geography, or to a general demographic, but you only get back how many times it was shown, or how many people clicked on it. You don't know who those people were, and you don't have access to their personal information.
Our employees are software developers and online advertising specialists. The software we make is the same as the tools that each of the parties represented here use on their campaigns. There's software for helping go door-to-door, software for making phone calls, and software to send emails to remind people to vote. We also have reporting software to help show campaigns how they're doing along the way.
These tools help candidates and elected officials connect with more people than they've ever been able to before. Now, instead of a quick handshake at a town hall meeting, constituents can have a meaningful dialogue with the people who represent them, whether they're at home, in Ottawa, or anywhere around the world.
Having said that, while we do our best, we don't always get everything right.
On Sunday, March 25, we were alerted by the media to unauthorized access to a code repository. We took immediate steps to lock down that server, and indeed all of our servers and services, to ensure no further access was possible. During the process of locking down the server, and investigating how the unauthorized access had occurred, we discovered that some personal information from voters in the U.S. was inadvertently left in one of the code backups.
Within a few hours of the initial report by the media, in addition to notifying our clients, we contacted the acting deputy commissioner from the Office of the Information and Privacy Commissioner for British Columbia, and we launched a full and thorough investigation.
That investigation is still ongoing, but we're committed to examining every detail to see what caused that system to be modified to allow the individual access to that server. As part of that investigation, we've sent letters to the individuals who gained unauthorized access to ask that they certify that they've deleted all of the information they obtained without permission. We're following the guidelines from the Office of the Information and Privacy Commissioner for British Columbia, and we look forward to following up with that office as our investigation progresses.
That there was any personal information in our code repository at all was a mistake on our part. It was not supposed to be there. As the person ultimately responsible for that, I'm sorry.
We've already put in place measures to prevent that from happening again, and as we complete our investigation, I anticipate there may be additional recommendations and improvements that can be made.
The federal and provincial privacy commissioners may also have recommendations, which we welcome and will act upon.
We are committed to ensuring that this investigation is done thoroughly and done right.
In closing, we have built a successful tech company in Victoria, British Columbia. We've employed, and continue to employee, many highly educated young people, and we're proud of what we have built right here in Canada.
There are a lot of misconceptions about the modern use of advertising for political and other purposes, and to the extent that we can assist the committee by explaining what actually happens, and how the technology is used, we're committed to doing that.
I would like to thank the committee for inviting us here today, and for its important and valuable work. I, too, look forward to your questions.
Thank you.
Thanks very much.
You are on record as saying that AIQ has never knowingly been involved in any illegal activity, but given what you know now, do you have reason to believe that AIQ was unknowingly involved in any illegal activity in the past?
Dominic Cummings, the director of Vote Leave is quoted as saying:
Without a doubt, the Vote Leave campaign owes a great deal of its success to the work of AggregateIQ. We couldn't have done it without them.
How much was AIQ paid by Vote Leave?
We invoiced an amount for all of the advertising, but we were paid approximately.... Now I have to think. It was—
That's for the advertising as a whole. Other than the amount we talked about, the vast majority of that was for advertising, so that would go directly, through us, to places like Facebook and Google.
When I asked how much AIQ was paid by Vote Leave, the answer was 2.7 million pounds, but with the profit being different.
Where did AIQ obtain the data it used to profile and target voters in the course of the Brexit campaign?
Okay, was it just that you were selecting certain demographic characteristics on Facebook ads. Is that the idea?
Generally, yes. The campaign provided us with the information on who they would like, from a general demographic sense, who they believed their target audience was, and then we put that into the tools, like Facebook and Google, in order to show—
How many parties paid AIQ further to the Brexit campaign? Vote Leave paid you—I understand this to be correct—and also Change Britain, the DUP, Gove 2016, Veterans for Britain, and BeLeave. Were there any other campaigns that paid you?
Okay.
You were paid, I understand, by BeLeave in the amount of over 600,000 pounds, again directed to an ad spend.
Okay.
I understand that you haven't agreed to co-operate with the U.K. Information Commissioner's inquiry into the use of data during the Brexit referendum. Is that correct?
No, that's not correct.
On May 17, 2017, the Information Commissioner from the U.K. sent us a letter. We responded on May 24, and then we didn't hear from her again until January 30, 2018, when she sent us a letter and we replied.
Okay.
You had a number of different campaigns that were all using your services further to the Brexit campaign. Who coordinated and directed the ad spend of each?
We have your point of contact for the Vote Leave campaign whom you've mentioned already. Who was your point of contact at the BeLeave campaign?
There was no coordination, in your view, between the BeLeave and Vote Leave campaigns in directing the ad spend of BeLeave.
Okay, so perhaps you can explain. What was the purpose of the Google Drive that you, Mr. Massingham, had access to, and the owner of which was Ms. Woodcock, the chief operating officer of Vote Leave, but it was a BeLeave Google Drive. Explain to this committee how that can possibly happen if there was no coordination whatsoever.
There was a Vote Leave Google Drive that we had access to, and that was a place where the campaign would put.... When you send an email, it can't contain too many pictures, like your photos. You might put it on something like Dropbox, and that was what that drive was used for: when they're sending us large sets of images.
I want to be clear. You're getting 2.7 million pounds in an ad spend from the Vote Leave campaign, over 600,000 pounds from the BeLeave campaign, you have access to a Google Drive, and the owner of the Google Drive is the chief operating officer of Vote Leave, but it's a BeLeave Google Drive, and you have access to it, Mr. Massingham, and you have no idea why, and you don't remember?
The drive itself was a Vote Leave drive, and images were on that drive. We have access to things like that, that we might use for advertising. Appreciate we did not have access to the entire drive. In looking back, we—
Okay, make sure you have them, and please provide to this committee any direction you received from Mr. Grimes on the ad spend of 600,000 pounds.
Did you communicate with Mr. Grimes and with anyone from Vote Leave about the Electoral Commission's investigation?
I'd also like any correspondence between Mr. Grimes and anyone from Vote Leave about the Electoral Commission's investigation provided to this committee. Is that fair?
I don't know that I have any because any communication was done by phone, but I'll see what I can find.
Thank you, Chair.
Thanks to both of you for attending today.
According to Christopher Wylie's narrative, AIQ wouldn't exist but for him, because of his connections with you through the Liberal Party of Canada, work you had done in the past. He suggested that AIQ be set up to enable people to work for Cambridge Analytica who didn't want to move to the U.K. Is that an accurate characterization of the relationship?
No. Zack and I set up AggregateIQ. As Zack mentioned in his opening statement, he had registered the domain as part of his personal work in 2011, and Zack and I had been talking about how we could work together for a long time. Mr. Wylie certainly introduced us to SCL but we had never heard of Cambridge Analytica at that time, and indeed hadn't for a long time after that. So, no, Mr. Wylie did not set up AggregateIQ.
Last week Mr. Vickery testified before this committee and said he's not sure of the precise relationship between AIQ and Cambridge Analytica and SCL, but his direct quote was, “The walls of the separation...are very porous.” Again, would you agree with that characterization?
This comes back to Mr. Wylie's narrative. He said that he helped get AIQ up and running to help SCL, essentially a Canadian entity for people who wanted to work on SCL projects who didn't want to move to London. Facebook suspended AggregateIQ for its connections with Cambridge Analytica and the possibility that it might have some of the data that Cambridge Analytica improperly obtained.
From your answers this morning do you believe that Facebook, in its suspension of AIQ, acted improperly or without justification?
Facebook is its own company. I can't speak to why they choose to do things. But I know they are investigating, and we've contacted them and offered to co-operate as best we can. I'm looking forward to their completing their investigation, and again continuing as good customers of Facebook.
Now, when Mr. Vickery stumbled upon the subdomain GitLab at AIQ, he said he didn't use any of the log-ins or access facilities that he might have. He says there is no evidence that the exposed code or private data was taken, but he also says there is no evidence that it wasn't taken.
Do you yourself have any evidence one way or the other?
We indeed can see that the security researcher did gain a copy of that data, but upon learning of that, we launched a full investigation and notified the Office of the Information and Privacy Commissioner for British Columbia. That investigation is continuing.
We are committed to going through every line and every record to make sure that no such access occurred.
To clarify, it's not a data repository but rather a code repository.
That it was exposed, of course, was an issue. It should not have been. We're still investigating to see exactly how that change occurred to allow it to be accessed. As I said, we're going to work with the Office of the Information and Privacy Commissioner for British Columbia to work through that process.
I mean, a skeptical person, a suspicious person, might say that while your company might not have improperly used information or manipulated information or mined information, by leaving it open and by leaving all of the access codes and log-ins available, others could have freely misused that information.
The information that was in there, in terms of access—much of it was dummy codes. A couple were not, but as soon as we learned of the access, we secured all of those servers and changed all of the codes. We have no records of any access to anything else other than the code repository.
As I said, we're going to work carefully through this process, following best practices and the guidelines from the Office of the Information and Privacy Commissioner.
Again, one knows that those who work in the digital world have original senses of humour, but one of the page grabs from that subdomain has a file called Ephemeral with a subtitle saying, “Because there is no such thing as THE TRUTH”. This was attached to the U.S. election projects, I understand, that AggregateIQ was working on. Is that correct?
That is work that we're doing for a client in the U.S. The names and comments are just things that our developers write in there from time to time.
While you said today that you weren't handling improperly harvested Facebook data, did you work with the Amazon platform Mechanical Turk in your massaging of data that perhaps had been processed from Facebook through that Amazon site?
I wouldn't say we massage data, and I don't recall ever....
No, we've never worked with Mechanical Turk.
Thank you very much.
Again, Mr. Vickery said that within 11 minutes of him notifying federal authorities of that subdomain, the site was shut down.
So it was that instant.
He also said in his testimony that he had found evidence of cryptocurrency on your website, and that too has been taken down. Can you explain why?
The cryptocurrency project is a project that we were doing for a client. They had asked us to create a token sale. A token is something that's attached to the blockchain. It's a rather complicated topic, but in short, it's a way that they can keep track of folks who might be interested in their project.
Right now that project is not launched for that client, because they're working with their legal team to make sure they're meeting all of the British Columbia Securities Commission and American federal securities commission guidelines for such sales.
Thank you, Mr. Chair, and thank you, Mr. Silvester and Mr. Massingham.
I'm very interested in how AggregateIQ obtained $5 million, is it, in contracts on the Brexit vote?
Mr. Massingham, did you get those contracts through SCL?
I'm interested because when I look at SCL's commercial, elections, and social group management, you are listed as the head of SCL Canada, so did you go rogue on SCL?
You were never a part of SCL.
Well, you do realize that what you testify here is like testifying in court, Mr. Massingham. You can't make things up.
Okay.
I'm looking at the agreement with SCL Group Trinidad on what work they will do, and it's AIQ that's going to deliver for SCL. I'm looking at their American elections pitch and the key team members number one and number two: Zack Massingham, Jeff Silvester, SCL. I see their elections group management, head of SCL Canada, Zack Massingham. Four spots to hire IT engineers: AIQ to hire, AIQ to hire, AIQ to hire, and AIQ to hire.
So you're not part of SCL Canada?
Would there be any reason that you would take the fall for SCL? Because you've damaged your reputation substantially, don't you think, with this international crisis? Why would you guys take the fall for SCL?
Okay.
You received 40% from the Vote Leave campaign. You worked with the Democratic Unionist Party, Veterans for Britain, and BeLeave.
BeLeave was a marginal students' group that had an email contact list of fewer than 1,000, and yet they were given 625,000 pounds. They're under investigation in the U.K. for possibly circumventing the electoral finance limits.
Do you believe that they should be under investigation?
The investigation is by the Electoral Commission. Of course, the Electoral Commission contacted us last year. It was around March of 2017. We answered all of their questions with respect to our relationship with BeLeave and with Vote Leave.
Okay.
It's really interesting. BeLeave is this marginal students' group that gets funnelled 625,000 pounds. Now, if I were a student activist, that would be a lot of money for me to use, yet they contact this group, this Canadian company that's above an optometrist's shop in Victoria and give them the full amount.
Now, that full amount of money was directed to ads in the last six days of the campaign. That would certainly be a way of circumventing the electoral financing limits. Do you not agree?
You don't agree.
Well, it's interesting, because Christopher Wylie is on the record, and he gave testimony. Like I said, testimony is supposed to be true. He said that he asked you if you were siloing your work, because you had all these interconnected campaigns, interconnected financing, and interconnected Google Drives, and you said, Mr. Silvester—quote—“Absolutely not. It was just one common ad program.”
That would be illegal, would it not?
That's what he said you said. He said:
They conceded to me—and this is a verbatim quote, and I stand by it, I remember Jeff Sylvester telling me...
that what you were doing
...was, quote, “totally illegal”.
I did have a conversation with Mr. Wylie in April of 2017, well after Brexit. Mr. Wylie and I have known each other since 2005. As part of that conversation, we certainly did speak about what the media was talking about: the BeLeave relationship with Vote Leave.
I've never believed that what was going on was illegal or that anything we did was anything but above board.
Okay, but you could see how strange it looks that there were campaign financing limits and all the groups that were given money, who seemed to be fairly marginal names, funnelled the money to your company to be used in the ads. You shared the same Google Drive between these, and they are under investigation for evading the electoral limits, and it keeps coming back to AggregateIQ.
Mr. Wylie also said that when he talked to you and had the conversation where he said that you said what was happening was “totally illegal”, the two of you found this whole thing amusing, which I find is an interesting word. He said, “You have to remember that this is a company that has gone around the world and undermined democratic institutions in all kinds of countries.” He said that they “could care less as to whether or not their work is compliant”, because “[t]hey like to win”.
I want to go back to SCL, then, because I'm looking at the SCL group's contract, of which you were a part, and yet you say you're not part of that. How could you be listed as a partner in doing work in Trinidad and Tobago through SCL if you're not connected with them?
We have done work for SCL, and we've not hidden that. We did a few projects for them starting in 2013 and ending in 2016. For a few of those projects, we signed some contracts with SCL to do that work, but we're not a part of them. We're a—
Would you say that that work was totally legal? Because I see something about getting Internet service provider log files. Mr. Wylie says that you go around the world doing illegal work and that's what you did in Brexit. How would you assure us that the Trinidad work was legal?
The work we did in Trinidad was two things. One was to make a political customer relationship management tool for SCL's client there, and the other was to provide SCL with information on popular websites in Trinidad and Tobago.
But that's not what it says here. It says that what you were doing was gathering data for them that would include Internet service provider log files. That's a very specific kind of work, and to me it would certainly be questionable as to whether it's legal. You were doing that contracted by SCL.
Yes, the information that we provided to SCL was simple, commercially available information on which websites in Trinidad and Tobago were popular among folks there.
So, Mr. Nix was not involved with you on the Brexit campaign. Again, I find it so odd, and nothing against your company, but you're set up above this optometrist's shop in Victoria. Nobody has ever heard of you. Your only access through a website is through an SCL Canada link that, apparently, you say you're not. Yet, you got 40% of the Brexit contracts. You had all these front groups that were set up. The money was funnelled to you. I'm just amazed that you guys have those connections.
How did all that happen?
With regard to your first point about our website, we've had a website since before we were even incorporated, and I know that because I made it.
With respect to how we got the work from Brexit, we submitted a proposal to the Vote Leave campaign at the end of March, beginning of April 2016. Within a few weeks, they selected our proposal, and we started working for them once they became a designated campaign.
Thank you for being here.
First of all, I wrote down, to get an understanding of your business, that you said you work with different campaigns and do online advertising, make websites, do digital marketing, and these types of things.
You do software for going door-to-door, for phone calling, for emailing, for general stuff that campaigns work at.
Is there some specific skill set that you have, or some access to a database, that would make you stand out? I assume that you have a lot of competitors even here in Canada, let alone in the United States, Europe, and that. Would that be fair to say?
I can't say. In terms of the number of competitors, it's not a huge space in terms of the work we do.
With regard to your question about big databases, we don't have big databases of data. We don't keep data.
No, the information that we get is from clients for provision of service to those clients specifically.
Fair enough.
Who are your competitors just in Canada? You've been in business for, you said, seven...and five years ago you incorporated. You must know your Canadian competitors.
I didn't say that you did. I asked who would be your competitors because I assume that you're obviously bidding on Canadian opportunities, too.
I wouldn't say bidding. It's not like a public bidding process. From time to time, someone might suggest that so-and-so is looking for digital advertising, and then we submit a proposal to them and talk to them.
Okay, the same thing happened in the United Kingdom. You said that you made a proposal. I assume that other people made proposals.
Okay.
What I'm going to try to ask then is this. You did work for four Leave groups: Vote Leave, DUP, Veterans for Britain, and BeLeave. Did you do any work for any of the Remain campaigns?
Okay. So, you did work for four of the Leave campaigns. What would bring all four of them together to you? Did you have an amazing website? What was it that brought them to you?
I can't speak on their behalf. I just know that with respect to BeLeave, they contacted us. I'm trying to think in terms of the others. We may have reached out to the organizations and suggested that they work with us, and then had a conversation.
With Veterans for Britain, I think we reached out to them, and again, this is a long time ago, but they contacted us by email.
I don't recall the exact, specific.... It was just through an introduction from someone whom we had talked to.
And no one introduced you to the Remain? They seem to be pretty strong in the Britain market. No one said, “Hey, these guys are really good”?
You don't have any unique skill sets, unless I missed something, and you've got four of these groups that somehow came to you.
Was Mr. Wylie involved in any of those?
And you didn't ask BeLeave, “By the way, how did you hear about us?” Did you ask that question just out of curiosity?
Okay, so you didn't ask that question.
With respect now to the amounts that BeLeave transferred, £635,000, that full amount made its way to you, though it wasn't your profit. It was to buy ads, correct?
Okay.
And there was no coordination, to your knowledge, among the DUP, BeLeave, Vote Leave, and Veterans? There was no coordination between those groups.
What specifically did you do differently for BeLeave that you did not do for Veterans for Britain? What things did you do differently for them?
Okay, so they called you up, and there was no coordination. You did nothing differently, and they said, “We'd like you to do A, B, C” and guess what? These guys called you up and said, “We'd like you to do A, B, C” again, exactly the same thing.
Do you mean in terms of how the ads were placed or just specifically the type of work we were doing?
Okay, in that one there, you did online ads for A, B, C, D, all four of them. So you were doing the same thing.
We did some website work just as part of the online advertising for BeLeave and for Veterans for Britain.
That's what I thought, too. So what did you do differently, because there's been no coordination to your argument behind it. You have no specific skills that you've said. You haven't said, “Look, Frank, we can do this that no one else in the world can do” or “We have this amazing database that no one else in the world has.“
We have done no coordination. You get contacted, and you don't know why BeLeave called you up. They just called you out of the blue. Fair enough, it happens, I guess, and they asked you to do exactly the same thing for the same amount of money that they've just been transferred.
What specifically different did you do that would tell me that they were at least, “You know what? You've done something great here.” We don't know. Theoretically, they don't even know, right? Because how would they know, unless they coordinated it, that you were working with Vote Leave?
I believe at that point that Vote Leave had made a reporting of their financials to the Electoral Commission, which had been released publicly, and there was a little bit of media about that—
So you think that BeLeave read this financial report and said, “Hey, look at this. It looks like Vote Leave has got this great company.” They went on your website, and looked it up, and called you. Is that what happened?
But before on that, you didn't bother to ask them. You're in data gathering. You're looking for customers, I assume. You didn't bother to ask them. Like you get this box asking if you were you referred by a friend, if you saw our website, or if you had a coupon. You didn't ask that question.
They emailed you, but how did they find your name? Did they do a Google search, and you came up first or second, or what happened?
[Translation]
Thank you, Mr. Chair.
I also want to thank the two witnesses for being here.
It is interesting to hear that you offer specialized services for election campaigns, but I find it hard to understand why your clients use your company to do work that a permanent employee of a party or organization could do themselves, which is to place ads on Facebook.
What additional service do you offer to entice those clients to use your company? It is fairly easy to find people who can place ads on Facebook. I suspect that is not all they expect of you. Surely you must offer some additional service, some added value that accounts for your receiving contracts. What service is that?
[English]
With respect to the work we do for the campaigns, we specialize in online advertising for politics. It's no different in any other industry. If you understand the industry a bit, it helps to make that process a bit more efficient, but it's really no different from any of us fixing a car. We also have owner's manuals for our cars, but we still bring them to mechanics, because they're the experts at it.
We help the campaigns to take their messages, craft them into size—in terms of how big they are, how much text there is. We use our experience in what sorts of things have worked in terms of layout in order to place them online.
The added value we bring, of course, is that we can do it very quickly and efficiently for them so they can get their information out there. Not all campaigns, and particularly those that aren't connected to a long-term political party, have that expertise in-house. The parties represented here have folks who can do that for them, but not everyone does.
They need help, and we're happy to provide that help.
[Translation]
Your services are all included. In other words, you place ads at the beginning of the campaign, you follow up on them, and you probably consider people's reaction, right up to the last day of the campaign when people go to vote.
Are you active throughout the process, from the start to the last day of the campaign?
[English]
Depending on the clients, we can work with them to provide a political customer relationship management tool, and that is no different from what the Conservatives here have for their CIMS, or what's now C-Vote; or what the NDP have, NDP Vote or Populus. The Liberals used to use ManagElect. Now they use Liberalist, which is based on the American NGP VAN.
We sometimes provide a tool for campaigns to use, and then, yes, we'll support them through the use of that tool, through our advertising right through to voting day.
[Translation]
You seem to be well informed about the computerized systems that the political parties use. If you have had access to those programs, is that because you have worked for a number of those parties?
[English]
As you know, I've been involved in politics in Canada for a while. I used to work with a Liberal member of Parliament, and I've certainly volunteered on his campaigns. I've volunteered on campaigns of many parties, so I have seen different systems.
[Translation]
So the expertise you acquired before you launched your company was developed through your work on federal or provincial election campaigns. You are now in the private sector and you use what you learned here or from political parties. So you are well aware of the personal information that your clients entrust you with.
In reality, it is a smoke screen to say that you do not have any databases because you use the ones your clients provide, and that some of them may include personal information about Canadians that should not be in there.
What do you do when they provide databases to you that may be questionable?
[English]
When a client provides us information, it's typically for two purposes. The information they provide us might be information on the registered voters in their area. This is information that when all of you become registered candidates you get access to from Elections Canada. In the United States, they get it from their county or from their state. This is your basic contact information on who is registered.
When we get that information, if we're providing a political customer relationship management tool, we'll help them load that into that tool so they have a way of keeping track of who is deciding to vote for them or not. Customers might also provide us with an email list, for example, that they want help in loading into an email tool that we've created for them, or into the door-to-door tool, or into a phoning tool. That's how we use the information.
There are times, as well, that they might ask to use that information for reporting, in which case we will also provide those reporting services.
Good morning, gentlemen. I have just a quick question.
You said that you both started the company. What I'm assuming is that both of you went to a lawyer. You had articles of incorporation that were drawn up. In those articles of incorporation are both your names.
So in the articles of incorporation that were set up by your company, there are only your two names that are there.
You obviously had start-up costs. You were starting an office. You needed desks, chairs, computers, pencils, pens, coffee machine.
Where did that money come from?
When you had the articles of incorporation—I'm assuming that's when you started the company—where did the funding to start and set up that company come from?
Well, it wasn't much money to start because we did it from our homes. Zack worked from home. I worked from home.
Okay.
I have it here, and I'm going to quote Mr. Wylie in his testimony before the U.K.'s digital, culture, media and sport committee. He testified that AggregateIQ was set up as a separate, Canadian legal entity so that Canadians who were not willing to move to the U.K. would be able to work on SCL products.
He went on to confirm that it was in essence a shell company or franchise, that you were assigned to the SCL group and that you would be known as SCL Canada.
Is this true or not?
You never had a conversation with Mr. Wylie where he told you that he was working for an entity in England and was reaching out to you to find out if there was anybody you knew who could do the work.
Mr. Wylie and I did have a conversation when he started working for SCL...or not a conversation, rather he sent me an email. In that email, he introduced his new employer to me and I read the pamphlet. But in terms of later, when he introduced me to his employer, we didn't have a conversation about setting us up as a shell corporation or however you described it.
Because there was some hesitancy, according to his report, of you guys moving to England to work there—because of what he quotes as you both being recently married, you had young kids, you had bought a home—it would have been easier for you guys to have a shop in Victoria and work transatlantically.
Ripon is a project of SCL. A part of that project was that they contracted to us to create a political customer relationship management tool. As I've mentioned, it's no different than Liberalist or C-Vote or the NDP's Populus tool.
They wanted us to build this tool for them so that they could use it in the American elections.
Is that customary in your line of work? You develop a software that's proprietary. You put your efforts into making this. It becomes intellectual property.
Why would somebody else want it?
It was an independent promoter—an independent expenditure sort of thing—in support of Goodluck Jonathan.
Goodluck Jonathan, okay.
In front of the committee in the U.K., Mr. Wylie said that the video that AIQ distributed in Nigeria, with the sole intent of intimidating voters, "included content where people were being dismembered, where people were having their throats cuts and bled to death in a ditch. They were being burned alive. There was incredibly anti-Islamic, threatening messages portraying Muslims as violent."
Who did that?
The video was given to us, but we were not willing to distribute it or run any ads to it or anything like that.
I don't know why Mr. Wylie said that. Mr. Wylie was not involved. He was gone from SC by that time, so I don't know how he'd have knowledge of that.
We were given the video, and, no, we didn't run any ads to it or anything like that. And we informed the client that we were unwilling to do that.
I think I mentioned before, we did a political customer relationship management tool for a political party there, and—
Ripon is a separate entity? Every time you have a customer you develop individual proprietary software for each company?
We do development in a number of different ways. Sometimes we make our own software, that we then license to clients along the way. Other times they will want their own custom software. In the case of Trinidad and Tobago, they were asking for some custom software.
Thank you, Chair.
We learned from UpGuard, the data breach investigator that is associated with Chris Vickery's cyber-risk research, that two of the project families, as described by UpGuard, called Saga and Monarch, "are designed to gather and use data across a number of platforms".
Saga seems quite innocent and similar to programs that are used by political parties in perhaps a less sophisticated way, which is intended or "able to automate the creation, analysis and targeting of ads in way that would make it easy for a small number of people to manage a large number of Facebook ad accounts."
UpGuard says—and I'll ask you whether or not it's accurate—that "Saga was used specifically to interface with the Facebook ad system through APIs and scraping methods and gauge response to images and messages."
UpGuard says that Monarch takes up where Saga leaves off. Saga, they say, "is a tool capable of tracking what happens when someone clicks a Facebook ad, Monarch seems designed to track what happens afterward, giving a controlling entity a more complete picture of their targets' behavior."
Is this what is described as “psychographic profiling”, and is that essentially what Saga and Monarch do?
The security researcher, while he's able to see some of the code, is not able to see how we deploy or implemented that, so he can only make assumptions based on what he's looking at. The Saga tool does connect to the Facebook ad account side. That is where we place the ads in order to get numbers on how ads have performed over time for our clients. Monarch takes information that people voluntarily enter when they go to our customer's website. Indeed, many of the members here have websites that ask for the exact same thing. You might ask on your site, for example, “Please sign up to my mailing list.” You want to make sure when someone puts their email address in there they get signed up to a mailing list. That's what Monarch does. It helps to make sure that information gets to the right place on behalf of the client.
What UpGuard seems to be suggesting is that some of the data that would be provided to AIQ to process and to report on may have been improperly harvested.
Do you have any way of knowing whether or not the data you're dealing with is properly or improperly harvested?
Yes and no. With the information that we get from Monarch or Saga when we implement that for a client, that's information that is provided by people who visit their website voluntarily when they enter their information on the website, like joining a mailing list, volunteering, or whatever it happens to be. The information from Facebook is completely anonymous information on the performance of a particular ad—whether it was seen x number of times, how many times it was clicked on.
To your question about processing data, we don't really process data for folks. We take information that they provide to us, like a voter list, as I mentioned, and put it into a tool like the political customer relation management tool.
We're not data harvesters by any stretch of the imagination. Certainly, we don't do psychographic profiling, or profiling of any other type. We're not psychologists; we're tech people, and we place ads.
Have you or has AggregateIQ ever used a database like The Database of Truth or the Saga or Monarch programs to affect the outcomes of elections in Canada, either federal or provincial?
We have done work in Canada, though not for the federal parties. Do we use information in the tools that we've created and deployed for a customer to help influence the outcome of the election? I would suggest that the volunteers and the candidates who use that are certainly trying to influence the outcome.
When you go door to door, I expect you're doing so because you would like to influence the person you speak to into perhaps voting for you. It's really no different from what we do. The ads that we show are the digital equivalent of an ad on someone's lawn or on a street corner. You choose where you want it to go, you put your message on there, and people drive by and see it. It's the same for the internet. It's same with going door to door and the same with making phone calls.
[Translation]
Thank you very much, Mr. Chair.
Thank you for being here, gentlemen.
My next question is for you, Mr. Massingham. You have been oddly silent; I would like to hear more from you.
In your testimony, you said that you comply with the legal and regulatory framework as well as possible. On your website, you clearly and unequivocally state that you comply with it.
Would I be correct in saying that you have received legal advice and that you may have violated certain Canadian or foreign laws in this regard?
[English]
[Translation]
[English]
[Translation]
[English]
[Translation]
[English]
As a Chief Operating Officer, I'm the one who's responsible for our compliance with privacy and information laws wherever we work. If we encounter a situation that's different from what we're used to in Canada or the United States, then there are times when we will seek a legal opinion. Certainly, when working with regulators to make sure that we're giving them all the information we want, we make sure that we speak to a lawyer to make sure we're giving them all the information that they've asked for.
[Translation]
[English]
[Translation]
Thank you.
Now for my next question. Have you ever used the data or databases in your possession for political organizations, third parties, or non-profit organizations in municipal, provincial or federal elections in Canada?
[English]
We have.
If an organization that we're working with would like our help in organizing their information in something like a political CRM, then yes, of course they will provide us with that information for the purposes of doing that work. Then, at the end of that work, we delete that information. They may ask us to return it to them and then delete it or just to delete it. We'll comply with whichever they prefer.
[Translation]
So you have no framework or concrete measures. You and the client decide what to do with that data subsequently, whether to keep it or delete it.
[English]
[Translation]
Okay.
Mr. Silvester, in your testimony you said there are measures in place to protect the data in your possession. Can you give me some specific examples of those measures in your company?
[English]
Yes. When we're using any information that's provided by a client, we make sure that we follow standard industry practice with respect to security certificates, encryption, and all of the technologies companies use to protect their information. We ensure that meets all of our standards here and, of course, their standards in the places where they're operating.
[Translation]
In the various activities you have conducted using that data, has there ever been a breach of privacy or has any data ever been at risk?
[English]
As I mentioned at the beginning, an incident was reported to us on March 25, and we acted right away to secure the information that was there at those servers, and indeed all of our servers. Once we discovered that there was some personal contact information that had inadvertently been left, we contacted the Office of the Information and Privacy Commissioner for B.C. to let them know about that.
That information should not have been there. As I mentioned, it happened when someone was backing up code and accidentally also backed up some data that went with that code, so when we deleted it off the customer's server, it wasn't deleted off the code repository, unfortunately.
[Translation]
In light of this unfortunate situation, do you need to adopt new measures or do you think you have everything you need to truly protect that data in future activities?
[English]
Yes. We have put measures in place already to protect the information on that code repository. We have also put into place some new measures with respect to auditing all of our servers more frequently.
I imagine there will be additional recommendations that come out as our investigation continues, and we may also get some recommendations from the federal or provincial privacy commissioners, which of course we welcome and will follow.
[Translation]
[English]
Thank you, Chair.
Mr. Massingham, I'm very interested in the work of SCL, Cambridge, and AIQ in Nigeria. Let's talk about the murder video. This video was sent around with horrific pictures of people being burned alive; the message was very clearly to incite anti-Muslim hatred in Nigeria. Who gave that video to you to release?
Okay. Cambridge Analytica says it gave you that video, so Cambridge was working with you and SCL in Nigeria.
It says, to your credit, that you were very freaked out by this video. You called it the murder video, but you were directed by SCL, and SCL is involved in what they call international psyops.
Christopher Wylie explains why SCL is so interested in these international campaigns. He says you don't make a ton of money working on politics, particularly on a small island nation such as Trinidad and Tobago, but part of the business model is to capture a government and win an election. You get paid for that, but you don't make a ton of money. Where you make the money is then going into the government and making the deals.
Once again we have the three hombres, Cambridge, SCL, and AIQ working hand in hand in Nigeria. How were you coordinated with the other two? I'm asking Mr. Massingham, as president.
You were given the video. Cambridge said they gave you the video. You said it was SCL. It's the three of you. They didn't just give you a video that totally freaked you out and tell you—
Sorry, I want to hear this, Mr. Massingham. You weren't aware that Cambridge Analytica existed when Cambridge Analytica said they gave you the video? I just want to hear you follow that up for us a bit. You weren't aware that Cambridge Analytica existed.
Christopher Wylie says that when you look at how Cambridge Analytica operates or how SCL operates, “they don't care whether...what they do is legal as long as it gets the job done.” He said that AIQ “inherited a lot of the company culture of total disregard for the law.”
Working in Nigeria, where Cambridge Analytica says they turned that murder video over to you, you said you weren't aware the Cambridge Analytica existed. Is that correct, Mr. Massingham?
What was your relationship? Did you know Cambridge Analytica was in Nigeria trying to undermine that election?
I have a question. I think a lot of us are concerned about third party influence. We have certain laws about spending limits in campaigns, and you've been accused. This is a quote from Mr. Wylie:
Aggregate IQ was just used as a proxy money laundering vehicle.
Was AggregateIQ a proxy money laundering vehicle for the pro-Brexit campaign, as Mr. Wylie said?
Thank you very much.
I'd like to go back to the relationship between you, Cambridge Analytica, and SCL. You're saying that you are a separate company, but you have done work with them. Was this a subcontract? What was the nature of the contract you had with them?
As I mentioned, we started work with SCL in 2013, and we did that work in Trinidad and Tobago. In 2014 they asked us to make a special American political CRM, which we've talked about. We did some online advertising for them along the way as well.
We finished working with them in 2016 and have not worked with them or contacted them since.
So this was very straight up. You were subcontracting. Do they refer people to you? Clearly, you have personal relationships with some of the key people there.
I had a personal relationship with Mr. Wylie previous to his introduction to SCL, but he left SCL in 2014. We continued to do some work for SCL until 2016.
Typically they would have a client who wanted services that they needed help with in terms of software development or online advertising, and they would ask us if we would like to help them with that.
Have you received datasets from Cambridge Analytica? You mentioned you had access to Google Drive, but have you received data from them or from SCL?
We worked directly with SCL.
During an election, just as with any regular candidate, if there were a political CRM we were supporting, then they might provide the voter file list of registered electors for that particular campaign. Then we would load that into the political CRM for them.
Mr. Vickery, when he testified, talked about certain electronic fingerprints, the ID number of a piece of data, or the listing of somebody as a client, and suggested that it made the relationship look as though it were the same company, the exact same dataset, as opposed to two separate datasets.
I don't know what the researcher was referring to there, but I can say that the only information we received from SCL in the provisioning of services for SCL was specifically for those campaigns that we were assisting with.
We certainly have databases that we use, but we don't retain any personal information from one campaign to the next. When a campaign or a client stops working with us, we delete all of that information.
We provide the tool, or the platform, like a political CRM, for a customer, and during that time, it does have personal contact information in it. Then once the campaign is over and our contract work is done, we delete that information.
No, we don't transfer that information to anyone, other than back to the people who provided it to us.
In addition to the actual data, obviously a lot of these Facebook profiles are used to create these psychosocial behavioural profiles. Cambridge Analytica, according to the media, had 30 million of these psychographic profiles. Did you ever have access to those profiles?
SCL is the one we were contracted to. When SCL provided information to us for voters during elections in the U.S., some scores or rankings were contained in that information. One of those was, for example, a turnout score. A turnout score might be something you use when going door to door in order to see who you should go to first or last based on how many elections a person has voted in previously. In the U.S., of course, voter turnout in elections is public information. But it also had five rankings or scores for personality in it.
Would you have ever used these scores for other clients, in order to determine which ads to target which people on Facebook?
Okay, you're saying that when you're targeting who to advertise to, this is just done by whatever the client says— “I want someone in this region”—and absolutely none of these psychosocial profiles are being used to determine who to target ads to.
No, the tools we have access to through Facebook or Google already provide all of the targeting information we need with respect to an audience. With Facebook in particular, you can target based on geography, down to a postal code level. You can target an ad based on the general demographic characteristics—male, female, general age category. You can also target based on an interest category. That information is really all you need to create an advertising campaign, and that's provided to us by the client.
Which laws apply to you? Is it Canadian law or it is the law in the country in which you're working?
When we're working with any client, we follow the laws in Canada and the laws that they have in their jurisdiction.
Okay, as you know, in Canada, as was mentioned, we have very strong laws in regard to third party advertising.
You say you worked for campaigns. Have you worked with any third parties, other organizations that would want to spend money to influence elections, who are not themselves political parties or candidates?
Okay, other countries—we've talked about Nigeria and we've talked about Trinidad and Tobago. With what other countries have you worked?
We did work in Lithuania, providing a door-to-door tool for a candidate, and with the United States, Canada, the U.K., those three.
We have not done any pro bono work for any campaigns or related. We've done some charity work, but not—
Thanks again, Chair.
Mr. Wylie has said he came to know you, Mr. Silvester, because of work that you both did on Liberal election campaigns in Canada. You mentioned that you worked on Liberal campaigns. We all have our own political affinities, and many people in this room have volunteered on any number of campaigns for any number of parties, but we do know that Mr. Wylie was contracted by the Liberal Party of Canada up until 2009, when his contract was terminated by the then-Liberal leader Ignatieff for what he described as invasive work in terms of his contract work, his work in this digital area on election campaigns. We also know that Mr. Wylie was paid $100,000 for a contract shortly after the 2015 election for work either done before the election or after the election. That question is still unanswered.
Did you work with Mr. Wylie in either of those two periods, either as an individual or through your company, AIQ, for the Liberal Party of Canada?
As I said, I've known Mr. Wylie since 2005, and while I was working for a member of Parliament I did help him get the job because he had volunteered with a member of Parliament, and I did help him get the job in the leader's office under—
While I was working for the member of Parliament, it was just to the folks I met that I suggested taking Mr. Wylie on in the leader's office. I think that was under Mr. Dion, but I wouldn't—
I was a staffer for a member of Parliament, but once he moved on with Ignatieff's office, I knew he was there but I didn't work directly with him. With respect to the further work that he did, I was aware that he was doing some work for them, but we weren't working with him, nor do I know the exact content of what he was doing.
Okay.
Does AIQ have a publicly available mission statement or a statement available to clients, past or prospective, which states exactly where the line is drawn in terms of acceptable data processing, or delivery of advertisements, or work to affect the outcomes of elections?
After the work in Nigeria, where we encountered that video that we talked about earlier, we did put in place some new language into our standard contract that talked about the ethics and morality of the particular videos and giving us the final say in what we would run or not run.
It's not explicit; it's more per occasion. If you come upon something that you find ethically unacceptable, you draw the line with that client.
We've been talking about servers and working on client servers or your own servers. How many servers do you have and are they all in Canada? How many are there at AIQ?
We don't own our own servers. We use cloud service providers—right now, a lot. Every project has its own server. It has development servers. There are test servers and things for the code. You know about our code repository. I don't know the exact number, but I'd say there's quite a number of servers that we control, sir. We don't own them. They're Amazon web services typically, but they're servers that we control.
Right.
Has either the British Columbia or the federal privacy commissioner asked to access your servers or the content of those servers in their respective investigations?
We've been co-operating with the Office of the Information and Privacy Commissioner of British Columbia, and, indeed, we suggested that we go and meet with them and talk to them about all of the work. They've asked us lots of questions and we've provided all the answers. They followed up again just when we came here and, of course, we'll be responding to them very shortly. In the latest letter, they've asked us a number of things that I haven't had a chance to address, so I couldn't say accurately if they've asked for that. Previously, though, they've asked us about the information that we hold, but not for the specific information that we hold.
They may have in their most recent communications, but I have not spent the time because it was just as we were arriving, so I haven't spent the time unfortunately to look at that yet.
Sure.
Can you tell us why the British privacy commissioner, Denham, formerly the privacy commissioner of British Columbia, is on record as saying that AggregateIQ has not been particularly helpful in her investigation?
I don't know why she would say that. As I said, we received a letter on May 17, 2017. We responded in about a week and offered to answer any other questions or provide any clarification, if we could. Then we didn't hear from her again until January 30, 2018. I don't know how answering her questions and responding promptly constitutes not being co-operative.
Have you been requested to appear at hearings in the U.K., either parliamentary or with respect to privacy, or in the United States before Congress?
We've not been asked with respect to privacy or anywhere in the United States, but we did get a request from the U.K. Parliament to appear at a committee not dissimilar from this one.
It's in the future, so we're going to be following up with them in this coming week to schedule that.
Thank you, Chair.
Brittany Kaiser testified this past week in the U.K., and she said, “when I joined [Cambridge Analytica]...AggregateIQ was our exclusive digital and data-engineering partner”.
Mr. Massingham, is that correct?
Cambridge Analytica says, “Aggregate IQ was our exclusive digital and data-engineering partner”. So, is AIQ the exclusive data and engineering partner of Cambridge Analytica?
No. Okay.
Chris Vickery says that AIQ is a data digital development team for SCL Canada and Cambridge Analytica. Mr. Massingham, is that true?
Okay.
Christopher Wylie says that you are a “franchise” operation of Cambridge Analytica and SCL. Is that true?
Okay.
Mr. Wylie says that when he was appointed at Cambridge Analytica, he said they needed a Canadian office. He went to Alexander Nix and said there were a couple of Canadians he wanted to hire. And then he said that the group was set up as SCL Canada, but they had a Canadian entity and that legal name was AggregateIQ. Is that correct?
He said one of the reasons that they set this up was that it was very useful to keep the company at arm's length. It was useful, he said, particularly for American projects where you need different entities to work on campaigns and pacts in various other entities where you cannot necessarily coordinate, but if you have different companies, the paperwork looks appropriate, the paperwork compliance...even if behind the scenes you're talking back and forth and using the same underlying technology. Is that correct?
The question is this. He said that they were set up to keep you at arm's length because it was useful in order to make sure that the paperwork was compliant particularly with American projects.
Okay. Up until March 2017, SCL had a phone that went directly to you, Mr. Massingham, as their head of SCL Canada. Is that correct?
It was your personal phone. So SCL had that. Christopher Wylie also testified that you guys have been very careful about being technically precise but that you were using “weasel words”. Would that be correct?
No, you wouldn't.
I guess what I'm thinking here is that everyone else must be involved in an amazing conspiracy against you, Mr. Massingham. They're accusing you of being a part of Cambridge Analytica, which you said you didn't know existed until during the Nigeria campaign. Mr. Wylie said he helped set you up, which you said isn't true. SCL Canada lists you as their head of Canada services, which you say is not true. You had a phone that went directly to you.
Why is everybody against you, Mr. Massingham?
I'm not sure. I can only speak to the work that we do at AggregateIQ and that Jeff and I have done together.
That takes me back to the question of the Brexit campaign. There's a spectacular success story of this unknown company above an optometrist shop in Victoria that got all those campaigns, all that money, and coordinated it. They said you were set up as a proxy money laundering campaign. Is that true, Mr. Massingham?
You know, the great thing about being in Parliament, when you speak at our committee, is parliamentary privilege. You can't be sued for what you say, Mr. Massingham. They can't use it against you in court. So I'm not sure why you expect us to believe that all these people are making stuff up about you when you could just explain to us why you were set up with SCL and what your direct role is with SCL and Cambridge Analytica. The idea that this is all a series of isolated companies that had nothing to do with each other, didn't know each other, just happened to be working on all the same projects.... You are listed as SCL Canada. Why don't you just tell us what you're covering up for SCL Canada, Mr. Massingham, and why are you taking the fall for these guys?
Mr. Massingham is listed. You're not listed as the head of SCL Canada. Mr. Massingham is. I want to know how that happens.
Mr. Angus, I can't speak to what marketing materials they've put out or what they do with my contact information, but I can tell you that we are not a part of SCL or Cambridge Analytica.
Really? Okay. I would suggest, then, that there's been incredible international fraud perpetrated here against you, Mr. Massingham, when I look at your name and see it's listed as the head of SCL Canada by a reputable British company that's been involved in all kinds of international work, see they had a phone that led right to you. Were you aware? When did you become aware that SCL had a phone that went directly to you?
Okay. I want to get back to the issue that brought us here, the issue that came out of the Brexit campaign, that they're accusing you of being an electoral money laundering machine. One of the key elements of that is your role with BeLeave and the 625,000 pounds that went directly through this marginal students group into your operation, and then was used in the last six days of the Brexit campaign. Do you think that may have affected the result, because that's what they're saying in the United Kingdom?
I can't speak to what effect it might have had. I only know what BeLeave asked us to do, which was to place their ads, and that's what we did.
Did you have any concerns at any time that it might be illegal?
Actually, Mr. Silvester, here's a chance for you to answer. Mr. Wylie said he approached you, and he said you thought it was all quite amusing, and that you said it was totally illegal.
Mr. Silvester, why did you say it was totally illegal?
I don't think I ever said to Mr. Wylie that what was happening was totally illegal. As I mentioned to you earlier—
Mr. Wylie's going to come, and he's going to say you did say it. He's already said it in testimony, so just fess up. Did you say it was totally illegal?
Mr. Angus, we're trying to provide you all the information we have to be as helpful as possible, and to give everything we know about what is true. That's what we're continuing to do.
I don't know how Mr. Wylie came to the misunderstanding about what I had said. When I heard about it in the press, I believed it was a misunderstanding. I sent a text to Mr. Wylie to ask him to talk about it.
Thank you very much.
After my first round of questioning, I received a note from the chair of the U.K. digital and culture committee, Damian Collins. After my questions, he has spoken to the U.K. Information Commissioner. She has indicated that AIQ has refused to answer her specific questions relating to data usage during the referendum campaign, and that the U.K. Information Commissioner is considering taking further legal measures to secure the information she needs.
So, in this round of questioning, I would ask for a little bit more honesty.
Mr. Massingham, you received 625,000 pounds, or so, from the Vote Leave campaign to do work on behalf of BeLeave. Is that correct?
You also received 100,000 pounds from the Vote Leave campaign to do work for Veterans for Britain. Is that correct?
The 625,000 pounds from Vote Leave for BeLeave, the 100,000 pounds for Veterans for Britain from Vote Leave, and then the 2.7 million pounds directly from Vote Leave for work for Vote Leave. That is the picture.
When you received the 625,000 pounds from Vote Leave to do work for BeLeave, was there any consultation with Vote Leave officials about how that should be spent?
So, there would be no correspondence in and around the time of that 625,000 pounds transfer with you and Vote Leave officials.
I don't believe so, but there may be communication between me and one of their comptrollers about the wiring instructions.
Was there any correspondence, email, Slack, or otherwise, between you, or Mr. Silvester, and Vote Leave officials about how that ad spend should be directed? I would like you to provide that to this committee.
Since AIQ had access to programs for Vote Leave, BeLeave, and Veterans for Britain, did you optimize that ad spending in any way to ensure that there weren't overlapping messages to the same targets?
How does a 22-year-old kid at BeLeave, who up to that point had spent in the tens of thousands of pounds, if that...and now gets an intake of 625,000 pounds. He then has the know-how to direct 625,000 pounds of ad spend, and tells you specifically how to do it. Is that your evidence?
Take the display and Facebook Creative, and target it to the discuss leave and BeLeave audiences with their message, which was separate from the Vote Leave message.
Darren and BeLeave wanted to target a more youthful audience with a positive vision of what a future might look like outside of the EU.
Were you aware that if the 625,000 pounds were spent by Vote Leave as Vote Leave, it would have violated election finance law?
If there wasn't coordination, why would there be a Google Drive owned by the COO of Vote Leave, holding BeLeave-related documents to which you had access on behalf of AIQ?
It seems to indicate there was coordination. Is that fair to say?
The question is for Mr. Massingham.
Okay. Have you read the Matrix law chambers' report to the digital and culture committee of the U.K.?
In that report, they note that on June 13, Grimes was in a position to make arrangements with yourselves to provide services. Does that sound right, June 13, 2016?
Okay.
On June 17, Grimes asked Vote Leave to transfer funds to AIQ, but he didn't know what amount was due to be transferred. Does that sound right?
Okay. On the same day that Grimes asked Vote Leave to transfer the funds, AIQ provided an insertion order for services that corresponded to the amount of the transfer to AIQ made by Vote Leave.
Here's what I don't understand. In the very short period of time—this is according to the law report—between the offer of donations by Vote Leave and the conclusion of an advertiser agreement and insert orders between Grimes and yourselves, there is a surprising similarity between the sums donated and the contractual obligations ostensibly already undertaken by BeLeave to AIQ. How is this not a coordinated campaign?
Mr. Massingham.
No, no, no. I'm asking Mr. Massingham.
We're talking in some cases 22 minutes between the offer and asking for it to be paid by AIQ. Mr. Grimes is asking for 625,000 pounds to be spent. He doesn't actually know what he's going to receive yet, but he's directing you to do an ad spend and somehow gets the exact same amount from Vote Leave immediately thereafter, to coordinate the ad spend with you. How is this not a coordinated campaign between Vote Leave and BeLeave?
The 100,000 pounds spent by Veterans for Britain was the same idea. You received 100,000 pounds from Vote Leave to spend on behalf of Veterans for Britain, but there was no coordination whatsoever?
Veterans for Britain told us they had received a donation and that they would like to put that money towards online advertising.
Did you not think it was strange? You received 625,000 pounds from Vote Leave to spend on behalf of BeLeave? Did you not think that was strange in the sense that if they had spent it on behalf of Vote Leave themselves, they would have gone over the limit? Did this not raise any flags for you at the time?
You're saying it was perfectly normal to receive a 625,000-pound donation from Vote Leave on behalf of BeLeave. That was just normal.
When they asked us to do the work, we sent an invoice to BeLeave, and then they let us know that it was going to be paid by Vote Leave. It was odd to us that Vote Leave was making a donation to—
In a couple of days, you get 625,000 pounds directed to ad spend, told to you by Grimes, a 22-year-old kid who's never spent more than 10,000 or 20,000 pounds in the course of the campaign to date. Six days before the campaign end he says spend 625,000 pounds, and then a couple of days later he says, oh, it's going to be paid for by Vote Leave. That doesn't raise any red flags for you, Mr. Massingham?
[Translation]
I will try to get back to a more positive note.
Are your clients happy with the services you provide?
[English]
With respect to the Brexit campaign, I think mostly, yes. Most of our clients are satisfied, but not all of them.
[Translation]
People seem to appreciate the speed with which your company provides its services. You are asked to place ads on Facebook, for instance.
Are you involved in developing ads or do you simply receive them and post them on Facebook? Does your team prepare the ads?
[English]
Clients will come to us with their vision, their message, and the things they want to talk about. They'll oftentimes have images to go with it. We take their words and try to shrink them down into something that will fit online. The content really comes from the client, and we just help craft that into something that will fit in an online ad.
[Translation]
If your client provides an ad that seems to be fake news, do you post it without a critical look, simply because you are paid to do so?
[English]
No, and that has not happened in the course of us providing services either.
The information that clients provide to us is typically very well aligned to exactly what they're doing in their campaign, whether it be their vision, their ideas for the future, or the things they care about. These are the sorts of things that clients provide us with typically.
[Translation]
In your experience with Brexit, did the companies you dealt with declare the amounts they paid you for the election campaign or was it really outside their election campaign?
[English]
Sorry, I don't understand the question. Did they provide the amounts of the spending, or are we talking about the content of the ads?
[Translation]
I am talking about the amounts you were paid for the services you provided during the election campaign. You are a Canadian company that provided services in another country, in the United Kingdom. Were the amounts you received during the Brexit election campaign declared in the United Kingdom? In other words, did your clients declare the amounts you were paid for your services or was that omitted?
[English]
[Translation]
[English]
Thank you.
I'm going to follow up on the point my colleague just raised here. He received a text just now refuting what you said. Specifically, the U.K. Information Commissioner, Elizabeth Denham, says that AIQ refused to answer her specific questions relating to data usage during the referendum campaign. It's to the point that the U.K. is considering taking further legal action to secure the information she needs.
This is in real time. It just happened based on what you said.
Who's not telling us the truth, you or her? It's a straight question now. Who's not telling us the truth?
You just led us to believe that you got two letters and answered them fully. She's saying that is not the case, to the point that they're looking at taking legal action.
She does not say that. She said that you refused to answer, so she doesn't have additional ones; she has the same ones that you refused to answer.
Is she not telling us the truth, or are you, Mr. Silvester, not telling us the truth?
I'm asking you a straightforward question. This is directly refuted. Who's not telling us the truth here?
I will repeat it.
She is happy to say that AIQ has refused to answer her specific questions.
You've just said again that you did answer them all. Did you answer them?
We have provided answers to all of the questions she provided and have offered to provide any clarification, in our letters to her.
Are you willing to go to the United Kingdom to testify?
Do they need to take legal action to get you to testify?
No. We've already provided information to them. The U.K. parliamentary committee has invited us, and we'll follow up with them, to talk to them.
My colleague, Mr. Angus has pointed out time and time again where everybody else is wrong and AIQ is right. Mr. Silvester and Mr. Massingham, you've told us how everybody has it incorrect. Now, here, in real time, you've told us point-blank that you received two letters and that you answered them, and we are told by their information commissioner that you refused to answer them, to the point that they're looking to take legal action against you.
Explain this to me. Who's not right, her or you?
I don't think the two pieces of information are opposed. If she's not happy with the answers we've provided, then I'm hoping she'll reach out to us.
She does not say that. I'll read it again.
AIQ refused to answer her specific questions.
She doesn't say she's not happy; she said you refused. You said you answered them.
Who's not correct here? Who's not telling us the truth?
Keep in mind, as Mr. Angus just pointed out, everybody else has not been telling the truth, as you refuted.... In this case here, is she not telling us the truth?
I can speak only for what we've done. She sent us the letter on May 17, and we responded. She sent us a letter again on January 30, and we responded.
You have just purposely misled us to the point that someone would contact us during your questioning and say you refused. You did not say you refused. She says you refused.
The U.K. Information Commissioner's office. You need to check with her whether you can provide us the information that you didn't give her?
It's part of their—
We've answered the questions. If they have more questions, we'll happily answer them.
I have one other quick question. You said Vote Leave paid BeLeave's invoice. Is that correct? You just said that.
—and now I just heard that BeLeave contacts you, engages your service, and—guess what?—Vote Leave paid. You've told us and led us to believe there was no coordination. How did they know to call up and pay the exact amount that you invoiced them? How did they know that?
You led us to believe there was no coordination between BeLeave and Vote Leave, and yet somehow they picked up the phone and said, “You know what? I'm not only going to pay BeLeave's invoice; I'm going to pay the exact amount.” How did that happen if there was no coordination?
I'm trying to explain that. As Mr. Erskine-Smith asked earlier and I was trying to explain, when BeLeave told us that Vote Leave was going to pay for that information, we thought it a little odd ourselves. We looked into it on the website from the electoral commission and we talked to the folks we knew at Vote Leave who were doing compliance.
You told us there was no evidence of any coordination between BeLeave and Vote Leave. You said that. Now you're telling us that they had enough coordination to pay an invoice, not just any invoice: 625,000 pounds. That's a million plus dollars, and there's no coordination.
Thanks, Chair.
Gentlemen, you said that AggregateIQ merely works with volunteer information, supporter information, donor information, which the client provides to you. In the case of Cambridge Analytica, or SCL, how can you determine that the information that they are providing you to work with in campaigns of different sorts, like the ones we're discussing today, has been acquired legally, properly?
It would seem that shifting all of the responsibility to your clients provides you with plausible deniability. Surely you must sense in some situations when particularly large databases are presented to you that you might have questions and that, given that you have worked with Mr. Wylie in the past and know the circumstances of his contract ending with the Liberal Party in 2009, there might be invasive elements to the way the data was acquired.
I don't know the nature of why he stopped working with the Liberal Party in 2009. I know, though, that the data that we get or the information that we get is typical voter file information. In the United States, for example, it includes their name and address and oftentimes it will include their voting history. That's typical information that any registered political party or any candidate is going to get. That's the type of information we get. That's not unusual by any stretch of the imagination.
Mr. Vickery, in his testimony regarding the Republican National Committee's Data Trust data and any number of other groups that they worked with, such as the Koch brothers-backed information company i360, said that, in fact, this goes far beyond that basic voter information. It digs down deeper into sexual preferences, religious biases or attitudes, and racial attitudes. He says that basically it's a complete identity profile and that the information that you may have worked with on the Republican campaigns was deeply personal and beyond the line, over the line, in terms of profiling those individuals who you were targeting.
I haven't seen datasets that have the specific information you're talking about, but we are doing some work with the Republican national database for one client in particular. That's for that client. The information in that database that we have access to is basic border data in each state that we're working with.
My last question is more simple housekeeping. I understand that AggregateIQ received an industrial research assistance program grant. Would you be willing to provide the committee with a list of the names of the individuals you communicated with regarding the application and awarding of that grant?
We worked with the NRC, with an industrial technology adviser, to complete that grant, and went through a very rigorous process with him. I think all that information is available through NRC.
We made a reporting platform that took information from online advertising or door-to-door to gauge a general idea about how a campaign was performing in that time. We have not deployed that program yet, but we're looking forward to doing that in the near future.
We've approached people, and we have had someone who we thought was going to move forward with it. They opted not to, and recently we had a few more and they've opted to delay for the time being.
Obviously you would be discreet and not share with the committee who those potential clients might have been?
Part of what has transpired has been because of one survey, but I'm sure multiple surveys occurred. Has there been any data transfer between Cambridge Analytica and AIQ not only on this topic, but on other subjects?
I have in front of me testimony from Brittany Kaiser who was the former director of program development at Cambridge Analytica, and this is the testimony she gave in the House of Commons committee. MP Ian C. Lucas asked her, “Did you know that Cambridge Analytica had an agreement with AIQ to transfer data?”
Her answer was, “We would have had that, because that would have been essential to our work on Senator Ted Cruz's presidential campaign”.
Is that incorrect?
I'm aware that SCL had some relationship with Cambridge Analytica.
I don't know the extent of that relationship.
She says, “We would have had that, because that would have been essential to our work on Senator Ted Cruz's presidential campaign”.
Then MP Lucas on a follow-up says, “Can you confirm that Cambridge Analytica transferred data to AIQ?”
Her answer was:
...the essential relationship between AIQ and Cambridge Analytica—or the SCL group—was that AIQ had built platforms that we used to collect data, so we would have had to transfer data between ourselves for us to access that.
As I mentioned, we did create that software for SCL and we talked about that earlier, the political customer relationship management. That platform would track that, if candidates were going door-to-door, making phone calls, this sort of thing.
But this goes to the contradiction. She's saying one thing and you're saying another. I want to know who's right and who's wrong.
Perhaps it's a question of which organization. As I said, when we were working on Ted Cruz we were working with SCL. She may have been unaware of the—-
When you worked on Ted Cruz's campaign you received no data from that campaign in the United States to your headquarters in Victoria; no data was transferred?
I didn't say that, no. We received information from the campaign and from SCL for our work during that campaign.
The chair of the committee, Damian Collins, in response to something that Ms. Kaiser says, says, “ On a point of clarification, you mentioned Chris Wylie worked for SCL Canada”.
Her answer was, “That was a name used for—I don't know him as an individual or the AIQ office. That was considered SCL Canada. Our company tended to have a business model where we would partner with another company, and that company would represent us as SCL Germany or SCL U.S.A. That was the model.”
His response was, “So as far as you're concerned, SCL Canada and AIQ are the same thing?”
Her response was, “ I believe so, yes”.
I think all of us have got this idea of you guys being SCL Canada. Everybody who knew you or contacted you, worked with you, considered you as SCL Canada. How would they have got that impression? Can you explain that?
The work we did for SCL came through SCL. I can't control how they speak about us within their company, but we've represented ourselves as AggregateIQ always.
The chair's follow-up question goes, “Do you believe Chris Wylie was working for AIQ if he was also working for SCL Canada?”
Her answer was, “Yes, I believe that SCL Canada was just a glorified title, but he was full time engaged with AIQ.”
Thank you, Mr. Chair.
The question of the integrity of the electoral system here and around the world to me is sacrosanct. I'm looking at the pitch that SCL and AggregateIQ made on the Trinidad and Tobago deal, Mr. Massingham. It was boasting of the ability to get de-anonymizing data. That included emails. That would be illegal, would it not, Mr. Massingham?
That was SCL working with AggregateIQ in Trinidad.
In NIgeria, your friend company, SCL, working with you and Cambridge Analytica was also involved with a rogue Israeli ops team that included gathering private medical records and emails. You would be aware if you were involved in this that it would be illegal, right Mr. Massingham?
What Chris Wylie says is that people were getting very concerned, they were getting panicked phone calls. He said:
'My predecessor was found dead,' he said. 'One of my other co-workers had a massive head injury and is missing part of his skull. People do get hurt at this firm. They work with Israeli private intelligence firms who are willing to do essentially whatever if you pay them. This is why so many people' . . . 'are afraid to come forward to talk about the firm because it’s intimidating.'
Mr. Massingham, you're listed as the head of SCL Canada. Do you want to continue to tell us that you're not the head of SCL Canada?
The next step of questions of illegality is going back to BeLeave, which is on the same Google Drive as the Vote Leave, which is 625,000 pounds transferred and spent in the final six days. The British Parliament is investigating whether that was illegal.
Yet, when you were spoken to about this by Christopher Wylie, Jeff Silvester was saying it was “totally illegal”. He said, “they found it amusing”—that's you and your partner there—“You have to remember this is a company that’s gone around the world and undermined democratic institutions in all kinds of countries. They couldn’t care less if their work is compliant because they like to win.”
I put it to you that if you've been lying to our committee and that you can't even answer on your relationship with SCL Canada, you should not be involved in any way in elections because of your total disrespect that we see at our committee here. We might seem a like a quaint little operation, but we represent the people of Canada.
Mr. Massingham, when we ask direct questions about how you could have had a phone directed to you as the head of SCL Canada and you say you weren't aware of that, that just beggars belief. I can't see how anybody could give you a 625,000-pound campaign, let alone a 5 million-pound campaign, if you didn't even know that you had a phone listing you as the head of another company.
Don't you have anything to tell us, Mr. Massingham?
Thank you, Mr. Angus.
We're at the end of our questions.
I have one question for you left outstanding.
Were you ever part of or involved in coordinating or organizing multiple clients' ads for the same or similar campaigns?
Sorry, were we involved in coordinating between the clients or just that we worked with the clients?
I'll state it again, so it's clear.
Were you ever part of or involved in coordinating or organizing multiple clients' ads for the same or similar campaigns? Yes or no?
Thank you.
I would say, as the chair of this committee, that I know we're all saying the same thing and we're all concerned. Something doesn't smell right here. I would challenge AIQ to do the right thing.
That's the end of our testimony today. I'd like to thank everybody for your questions and thank you for appearing today.
The meeting is adjourned.
Publication Explorer
Publication Explorer