ETHI Committee Meeting
Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.
For an advanced search, use Publication Search tool.
If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.
Standing Committee on Access to Information, Privacy and Ethics
|
l |
|
l |
|
EVIDENCE
Tuesday, June 12, 2018
[Recorded by Electronic Apparatus]
[English]
Thank you, Mr. Silvester, for attending today. Before we begin with your opening statement, I do want to make it known that this committee issued a summons to your colleague, Mr. Massingham, and he has clearly refused to attend in the face of that summons.
Mr. Angus.
Thank you, Mr. Chair.
I am very concerned that Mr. Massingham has refused a summons by our committee. I feel that we're going to need to discuss this. We don't need to discuss it in public right now, but I think we should be referring this to the House to get instructions regarding his refusal to attend this hearing.
We have an extended meeting this morning with Mr. Silvester. I would propose that we spend some time in camera discussing how to proceed and how we might go about referring the matter of contempt to the House.
We've discussed this before, Mr. Silvester. Before your opening statement, the clerk will swear you in.
I, Jeff Silvester, do solemnly, sincerely, and truly affirm and declare the taking of any oath is according to my religious belief unlawful; and I do also solemnly, sincerely, and truly affirm and declare that the evidence I shall give on this examination shall be the truth, the whole truth, and nothing but the truth.
Thank you.
Good morning. Thank you for inviting us back to speak with you today.
As you are already aware, due to personal health reasons, Mr. Massingham is unable to attend. He asked me to pass along his sincere regrets for not being able to join us here today. If there are any questions that I'm unable to answer, he asked that I take those back to him, so he can reply as soon as he's able.
As the chief operating officer, I can assure you, though, that I can speak for AggregateIQ on all matters.
We've been entirely co-operative with this committee. After our last appearance on April 24, we immediately followed up and provided many documents related to the questions you asked. Your chair also asked us to preserve documents in a letter dated May 3. In our response on the 10th, we told the committee that we had already preserved the documents in the context of our cooperation with the Information and Privacy Commissioner of British Columbia and the federal Privacy Commissioner. We respect the important work being done by the privacy commissioners and this committee, and wish to continue a constructive dialogue in support of that work.
With respect to our discussion with you on the 24th, we were completely accurate and truthful. I didn't get a chance to answer every question in as much detail as I would have liked, given the time constraints, but I do stand behind every answer.
I would like to raise my concerns about the wildly speculative comments that some have made about AggregateIQ. I'm even more concerned that this speculation about my company has been taken as fact by others. Speculation by third parties does not constitute fact. I ask that you not rely upon rumours, innuendo, and speculation.
Once again, I'm here to give you the facts about AggregateIQ's work. There are a few points that I would like to state again.
We are co-operating with the investigations of the Office of the Information and Privacy Commissioner of British Columbia, the Privacy Commissioner of Canada, and the U.K.'s Information Commissioner's Office or ICO. In fact, I met with the ICO, after my meeting with the Digital, Culture, Media and Sport Committee in the U.K. I just spoke to the ICO's investigators again last week. We're in touch on an ongoing basis. I hope that the information we have provided and will continue to provide to them will be useful in their investigation.
To be totally transparent, we provided your clerk with our correspondence with the ICO. To the extent that there may have been a misunderstanding between us and the ICO, I'm confident that any misunderstanding has been cleared up.
With regard to our work on the EU referendum, some of you expressed concern last time about our receiving a donation from Vote Leave, for the work we did with BeLeave. This donation was always public. The Electoral Commission in the U.K. found that, in March of 2017, no further investigation was required into the donation by Vote Leave-BeLeave. On March 15 of this year, the U.K. High Court confirmed again that a donation, whether of cash or in kind, was entirely allowed under electoral law in the U.K.
With regard to the allegation during Brexit that AggregateIQ used the Facebook data that was allegedly improperly obtained by Dr. Kogan of Cambridge Analytica, Facebook has confirmed in their testimony and in writing to the U.K. DCMS committee that this was not the case. We have never had access or even seen the allegedly improperly obtained data, nor would we have any interest in doing so.
With respect to the allegation that BeLeave used three of the same audiences as Vote Leave during the referendum, Facebook confirmed in their letter that those groups were never used by BeLeave. When this came up before the U.K. DCMS committee, I told the committee that I would look into it right away. I immediately investigated the circumstances and provided a very clear and detailed explanation to the committee later that night, along with evidence that these audiences were not shared with anyone at BeLeave. Indeed, they were never used. I'll be happy to provide that information to this committee, when I return to my office.
There are so many other areas where AggregateIQ has been misrepresented, and I'll expect that I'll have the opportunity to discuss many of those here today with you, but I thought I'd provide a couple of examples.
When he was here under oath, Mr. Wylie stated that it was “true that AggregateIQ was not part of SCL. It was a separately registered company in a separate country.” While his statements seem to have changed over time, we have consistently stated the facts. We are 100% Canadian owned and operated, and we are not a part of any other company. AggregateIQ does not become part of SCL simply because we've done work for them. AggregateIQ does not become part of SCL, simply because some unknown person with SCL created a phone list or put our name on a website. AggregateIQ does not become part of Cambridge Analytica because someone makes a draft document with Cambridge Analytica in the header. Even The Guardian has had to admit that they did not intend to assert that AggregateIQ was part of SCL or Cambridge Analytica.
Mr. Vickery has appeared before this committee and the U.K. DCMS committee to float various speculative theories, based on what he's seen or what he think he's seen. Mr. Vickery's comments and tweets have made it clear that he is not an expert in the work that we do. Mr. Vickery has gained unauthorized access to our code repository. Were he simply to have made note of what he saw and let us know about the issue, that would have been fine, but he broke his own practice and downloaded the information he found there. In doing so, he may have broken the law.
As part of our investigation, we found a number of instances where Mr. Vickery's actions do not align with what he said publicly, and we'll be passing that along to the appropriate authorities.
I look forward to your questions in continuing our discussion. The work you're doing here is very important. I hope we can be of assistance.
Thank you.
Thank you very much for being here again today.
I want to address some of the things that we have heard from other witnesses. When you came before the committee before, I asked you about the psychosocial profiles that were used on Facebook to target certain audiences. I asked if you still had any of these scores in your database. Your answer to me was, “We're not a data company so we have no interest in any of that.”
When I asked Mr. Vickery about that, he said that you have a great deal of interest in data. He said that there is data within that hard drive that he provided to us that proves that many of your statements were incorrect, and he said he was really surprised that you would state those things.
Given that the committee is now in possession of the hard drive, did you want to revise that statement?
No.
The information, as I said before, was correct. We're not a data company. We don't sell data and we don't sell access to data. We provide software that uses information and data, but it's not information that we sell to clients or transfer between one party or another. It's only the information that's provided by the client for use with that client. No, I wouldn't change my statement at all.
Our intellectual property is owned by us. We also have clients who, at times, ask us to write software that they want to own at the end of the contract, in which case we will have a contract that includes them after having paid us. If they're happy with the product, we transfer the code to them, and then they own that code.
Mr. Wylie told us that you have one client, your client is SCL, and that your intellectual property is owned by SCL.
Is there any ownership arrangement in terms of your data?
That's not accurate.
We did have a contract with SCL in 2014 for the creation of the political customer relationship management tool. At the end of that contract, they paid us and then they owned the code for that tool. With respect to other work, we have done some work with SCL where we retained the ownership of the code. We've done work for other clients where they would like to retain ownership after the code.... That's a standard process for contracts in software development.
Are those are clients specifically of AIQ, not clients of SCL, where you were doing work through them?
With SCL, for example, we did work for a number of their clients as well, but it was all through SCL. With SCL, for example, we started with Trinidad and Tobago. That was one client. Then we did some work during the mid-terms—and there were a variety of campaigns during the mid-terms in 2014—and then we worked with them on the presidential primary after that. We also have our own clients completely separate from that.
It would range depending on the situation. When we first started out, we only had a few. More recently, we had quite a few more. Right now, we've got a small number of clients. We have less than 10 right now.
You've never taken data that you gathered through one client and transferred it and used it for another client?
You told us the last time that you have access to turnout scores or ranking scores that you had received through SCL, and that you used that to determine who to target on Facebook.
One of the things that we've heard is that, rather than just using Facebook's tools of demographics and age groups that you've mentioned to us, you've actually uploaded custom lists to Facebook. Is it true that you've taken custom lists? If you did, where did you get those lists from?
Yes. We have used custom lists.
The majority of the advertising we do is through the demographic type of group-based advertising that we're speaking about. We have taken lists from clients and uploaded them to Facebook or Google in order to advertise to those lists. Those lists might be things like volunteers. If you're trying to advertise to people who might have come and said that they would be a volunteer, you might send that message to remind them how important it is to volunteer. You might also use that in Facebook to expand your audience, so that when you upload that first audience and start advertising to it you can then.... It's called a “lookalike audience”. It makes the audience look bigger, based on what Facebook believes is connected to all that. We'll do that as well.
During our work with SCL, I can't be certain they didn't provide us the same list for two different clients, but because we did a considerable amount of advertising with them, I'd have to double-check, and I don't have access to Facebook right now to be able to do that. But when I do, I'll look into it. That wouldn't have been at the same time. It would have been perfectly allowed if.... I'm not certain if it did or didn't with respect Brexit or anything.... No, we've never used the same list.
You would not have used the same custom list for two clients during the Brexit campaign, for instance.
Yes, we did custom audiences like that for Vote Leave, but we didn't use them for any of the other clients.
No, none of the information that SCL ever used or provided to us was used in anything to do with Brexit.
You're maintaining that the way you targeted people was largely through Facebook's own tools, which you could go through, or through lists that were provided by volunteers or others from SCL.
The information that we used in providing advertising services to SCL's clients would only have been from information provided by those clients or by SCL for those clients. All the advertising we did on behalf of either Vote Leave or BeLeave or veterans or DUP was only to be used in information that was provided by those specific clients.
If SCL was giving you the same data for more than one of their clients, that means SCL themselves were keeping data from client to client.
In the United States, for example, in one election you might use information that is required to be kept separate for that particular election but they theoretically could have used that list again in another election later on. It is possible.
You were using data. You were targeting people on Facebook. You were given data through SCL and you knew that SCL was using the same data for multiple clients, and you never questioned where that data came from or whether there was some link between them or whether they were maintaining data they shouldn't have maintained from all clients?
All of the information that we received from SCL was in the form of a list that was consistent with what a regular voter list would look like. For example, they would give us a list of names and email addresses for a campaign—the people who live in the area where that campaign was going on—which they were legally entitled to do, just as you get a list from Elections Canada. They would have created a smaller version of that and given it to us.
Thank you, Mr. Chair.
Thank you, Mr. Silvester, for appearing before us again today.
To continue the line of questioning by Ms. Vandenbeld, when Christopher Wylie appeared before us he said:
You can't build a targeting platform that doesn't have access to data, because then what are you targeting, right? One of the things I provided to the DCMS committee here in Britain is an email from AIQ that specifically references searching the SCL databases on the Ripon project.
He said,
Frankly, I'm surprised and really disappointed that Jeff Silvester and Zack Massingham have decided to try to obfuscate or hide what happened. You'll have to ask them why they are taking this line, but in my view, that's just not true. What value would they offer, then, if they did not use any of the data?
How would you respond?
First, we're not trying to obfuscate or hide anything. We've spoken to this committee, to the U.K. DCMS committee, and to the Information Commissioner of the U.K. The U.K. Electoral Commission, the Privacy Commissioner of Canada, and the Information and the Privacy Commissioner of British Columbia have asked us questions. We've provided all the information we could provide to each of them. They're looking for still more information that we're working on getting, and we'll continue to do that.
With respect to the idea that you need to have some huge dataset to launch a national advertising campaign, no, you do not need that. The tools that Facebook and Google provide are all you need to get started. Campaigns will use data, as I described to Ms. Vandenbeld, about your supporters or the people who have signed up on your website or whatever that happens to be. Yes, depending on the situation, we'll use that as the campaign's direction.
How would you explain Mr. Wylie's allegation? He is presumably fully aware of what you need and how it works.
I'm not aware of Mr. Wylie's experience when it comes to advertising. He has asked us in the past if we could help with advertising for projects he was working with. His questions at the time seemed to suggest he was not fully aware of how these platforms work. He may have educated himself since. The assertion on his part that you need some huge database and information is not correct.
Advertising in the commercial world is very different from the sort of advertising that we're talking about, a manipulation of data that we're talking about here with regard to political activities. Mr. Wylie testified that he drew the line—although he'd been working for some years with all of you—when he became aware of the intent to affect voter's intentions and to suppress the vote by discouraging people from voting.
Did you become aware of that? At some point did you have any of the similar concerns that Mr. Wylie said motivated him to blow the whistle?
I've never seen any evidence from any of our clients that they were attempting to suppress a vote of any type. We've certainly never run any advertising to try to suppress a vote or done any work to try to suppress a vote in any way. Our goal is to encourage people to vote. It just happens that we encourage them to vote for the client we're working for. I wouldn't even know what efforts to suppress a vote would look like.
Mr. Wylie may have seen some evidence of that in some of the work that he's done in the past. I don't know; he has not talked to me about that. That's not work that we would undertake.
He was speaking in specific regard to the American campaigns, which the various corporate entities were involved in. He said that the intent there was to discourage black voters to vote, to discourage their participation in a democratic process.
If you were managing the advertising, would you not have seen something that might have triggered in your mind an attempt to suppress the voting by that particular demographic?
If there was a campaign that was trying to advertise to a group and use that advertising to somehow suppress that vote, and they were using us as their advertiser, we would definitely see that. As I've said, we've never seen any evidence of that with any of the clients we've worked with.
Have you ever seen the technical briefing that Mr. Wylie gave to Dominic Cummings for the Vote Leave campaign, in which he basically pitches the capability of affecting voter attitudes?
I've seen some portions of it as they've been posted here and there in different media articles, but I've not read the whole thing.
One of the lines that I read back to Mr. Wylie that certainly concerns me if it were applied in a Canadian context was, “We can trigger the underlying dispositional motivators that drive each psychographic audience.” In other words, we can tap into how the voter sees the world and use our understanding of their personality to speak their language when crafting their arguments.
Doesn't that concern you somewhat if, basically, they're using this capability, this psychographic micro targeting, to change individual's minds by exploiting the vulnerabilities of their own personal prejudices, biases, and anxieties?
What you've described there, and I haven't seen that document, sounds horrible and scary. The process of advertisers trying to influence people is what advertisers do.
If, for example, you're a car company, you might realize that for your particular car, it's males, perhaps, who buy it more often. You'll create advertising that will appeal to those males who might want to buy your car. Some car companies have done research to show that they need to raise their prices and make their vehicle look more exclusive than others; that's manipulation as well. To the point in terms of specific, individual, personalities, I don't know of a way online in which you can target an individual specifically for advertising. You have to target large groups.
Well, yes.
Again, Mr. Wylie says in this pitch document—it's effectively a pitch document—“People think they know their opinions better than they do and can often be lying to themselves.”
Essentially, he's saying that he has ways of using deep data points, very large numbers of individual data points, put into various demographic blocks to change their minds.
Do you believe that there's a line that should be drawn in terms of where political parties collect data, how far they can go in the sort of data they collect, how they can manipulate it, and how they can use it?
Yes, and there are two questions there. To the first point, with respect to the psychographics and all of that sort of stuff—again, I'm not an expert on that—the work that Mr. Wylie did with SCL before he left ended up not working. The campaigns that used it reported in the press and other places that it didn't work. So insofar as, if he was doing the same thing as he did that time....
In fact, actually, at the DCMS committee, Mr. Kogan reported that, again, the testing on those results that he provided to SCL weren't accurate. If he was doing the exact same thing as he did before, then it didn't work. I know there are theoretical journals and papers that get into that, about how it's theoretically possible, but I'm not aware of any political organization that's done that successfully or any corporate organization that's done that successfully.
To your second point, though, is that something that political parties and indeed Parliament should be looking at? Yes. When you provide information to an organization, then you should know, when you're providing it, why you're providing it, what they're going to do with it, and what you can do to get that information back if you need to. Right now in Canada, and indeed on all of your websites, you collect information, but you....
Well, your website, Mr. Kent, does have a privacy statement, but typically we don't tell people on political sites what is going to happen with that information or how they can get it back.
One thing that I think would be really important for the committee to do, which I think Mr. Erskine-Smith talked about before, is to have very clear and easy-to-read statements on everyone's website, if they're collecting information, about what that information is being collected for, how it's going to be used, what it can be used for in the future, and how they can get it back.
I think that's an area where there is opportunity for change, because right now that's not the case. You can use implied consent, but it's certainly something that politicians, companies, organizations, or anyone, really, should have.
Far be it from me to cut you off while you're quoting me, but it's Mr. Angus's turn for seven minutes.
Thank you, Mr. Chair.
Thank you, Mr. Silvester. I want to say at the outset that what we're trying to do here is get at the facts. We have no axe to grind with AggregateIQ. Your evidence is as valuable to us as anyone else's.
I would say that we're very frustrated, because we felt last time that your colleague Mr. Massingham was not forthcoming at all. We have a number of questions. To me, the fact that he's not here raises serious concerns, because there are questions that I don't believe you can answer, based on the Slack messages we have from him.
Having said that, we will carry on. I want to go back to the conversation you and Chris Wylie had about the siloing of information between the Vote Leave and BeLeave campaigns. He asked you if you siloed the information, and he said that you said you did not. Did you silo and keep those two campaigns separate?
Yes. We always keep campaigns separate. We kept all the information separate from the two campaigns.
I did mention in my opening statement about the information that Facebook found about that one group. I'll provide all that information and the evidence to you just to demonstrate how that wasn't shared between the campaigns.
Okay, because I'm looking at some of the Google Drive documents. We see that the BeLeave folder on the drive includes several senior Vote Leave staff members, employees of AggregateIQ, the company secretary of BeLeave. AIQ said that this work was siloed, but we see from these Google Drive documents that BeLeave documents were very accessible to Vote Leave.
So how could it have been siloed?
We keep all the information for our clients separate. What you're referring to is a drive that's owned by Vote Leave.
That's really a question for Vote Leave. I know that they made representations about that to the Electoral Commission, but I couldn't tell you what their process was or anything about that.
Chris Wylie repeated under oath that you told him that what you were doing was completely illegal and you knew it. He said that under oath. We asked you, and you said you sent him a text saying that you didn't understand how he misunderstood that.
That's not the text that I sent. Mr. Wylie and I had a conversation in April of 2017, well after Brexit, where we did talk about what the media was saying about Vote Leave and BeLeave. I've never believed that what we were doing was illegal, so I can't imagine ever having said that to him. With respect—
The last time you were here, I asked you. You said that you were surprised and sent him a text. Are you now saying that wasn't the text? We asked him, and he said he never received a text from you.
I'll just finish that by saying that we had that meeting in April, and we had a number of conversations, meetings, and texts back and forth after that. I never brought up the issue with him at that point, because I didn't there was any issue, that he'd misunderstood, or that he had come to any conclusion different from what I had about our conversation.
I sent him a text just recently when I learned of his very public allegations about exactly what you're saying now. That would have been at the end of March or beginning of April of this year. I sent him the message then, and the message was essentially—I don't have it with me—to the effect of, “If you have a second, can we talk?” That was all I said.
Okay. He said he never received a text from you, so would you share your text with us? It seems pretty shocking to me that a colleague of yours says that you were very emphatic in saying that you knew that what you were doing was completely illegal, and you say you're just surprised by that.
Did you say that what you were doing was completely illegal? Did you know that what you were doing was illegal?
I don't believe we've done anything illegal. With respect to having sent texts, the message I sent to him was via a program that we had been using to communicate called Signal. Signal deletes those messages after they're sent, so I don't have a record of that, but I know that I sent it, as I say, in and around the end of March or beginning of April.
To be completely clear, it was to a number that I'd last used to communicate with him back in September of 2017. As I mentioned at the DCMS committee, it's entirely possible that he's changed his number. I don't know.
He said he never got it. You might just have sent it to the wrong number. I mean, for tech people, you guys should be more on top of this, I would think, especially since your reputation is at stake.
I'm running out of time here, so I'm going to move on. I have a number of questions for your colleague who's not here, Mr. Massingham, based on the potential illegalities of your using the BeLeave campaign as a money laundering vehicle for Vote Leave. I want to look through some conversations. Maybe you can help us since he's not here.
Ten days before the campaign ended, Darren Grimes, a 22-year-old fashion student, wrote to your colleague and said they wanted him take on this campaign for them, and the next day, he sent a £400,000 order. That's a lot of money for a 22-year-old fashion student. Then Mr. Massingham responded to it at one point and said, “you're on track to spend 300k USD today.... ddi you need me to grab some money for you?”
Where would you guys be grabbing money from for your clients?
The donation from Vote Leave to BeLeave came directly to us, and Mr. Grimes had expressed to Zack that he needed some of that money for some activities that they were undertaking. He was asking at one point for that money to be transferred back, but he inevitably resolved that issue and didn't require it.
When Mr. Grimes wrote to the U.K. Information Commissioner, saying what he got for £625,000 and 10 days of work from you, he said that you guys collected 1,000 phone numbers for him, collected 1,164 emails, and placed a few ads.
It sounds like you guys were extremely overpaid, don't you think?
No. We placed—I don't have the exact numbers, but it was approximately.... There were more than 150 million impressions. There were 800,000 clicks. There were a number of measures of what we provided, and we provided a full report to them about that at the end.
That's funny. Why would Grimes say it was merely 1,164 email addresses? The question here is how this group that did not exist before came into £625,000 that was passed on to you. Christopher Wylie has said under oath that this was basically set up as a money-laundering campaign for Vote Leave, and you were the vehicle to do that. When I see what he claims is the work you did in that 10 days, it not much work for that amount of money.
The amount of work we did was for exactly that amount of money. We provided full reports to BeLeave on that. We expressed to them before the campaign that collecting email addresses or mobile phone numbers was not going to be very efficient because it was such a short campaign. They agreed that this was okay, and their goal was to show the ads. That was their primary goal. If he's providing that information to the Information Commissioner, that's the only information the Information Commissioner will be concerned about with respect to how much information they collected.
I'm sure that Mr. Grimes has reported to the Electoral Commission all of the advertising work we did on his behalf. With respect to the donation, as I said in my opening statement, that was demonstrated to be entirely okay under U.K. electoral law.
It would be entirely okay, if these were two separate campaigns, but they were being run out of the same office, and the Google drives were all connected. You were brought in to handle £625,000 in the final 10 days, and it was funnelled through BeLeave. Again, Mr. Massingham asks, “Do you need me to get you some money?” Mr. Grimes says, “No, don't worry; Victoria Woodcock's going to get it for us.” It sounds as though you were just one very tightly run happy family, which would be okay if it weren't against the law.
That's why we go back to the opening conversation we had about your conversation with Mr. Wylie, in which he said that you knew and you thought it was funny that what you were doing was completely illegal. Then you tell us that at some point you sent him some kind of message, to a phone or some service that may not exist anymore.
I find it very hard to believe you. You are under oath, remember that.
I can only provide you the information that I have. With respect to the message I sent Mr. Wylie, as I said, it was at the end of March or the beginning of April when I learned about his allegations about exactly what we're speaking about.
No, no, I mean as to whether or not what you said was a complete lie: that you knew that what you were doing was illegal.
Did he lie to our committee?
I believe it is. When someone says that what you were doing was completely illegal, that's a complete attack on your professional career, and he said you laughed. That couldn't be a misinterpretation; it's either true or it's false. He either lied or, I suggest, you may be lying, but you can't just say it's a difference of opinion. It's legal or illegal.
This is a conversation that took place in April 2017. I don't recall ever telling him that I thought it was illegal. We spoke about the media and what they thought. Perhaps he interpreted what I was saying about the media as my saying it myself. I don't know, because I have not been able to communicate about them. The best way to resolve this would be for him and me to talk about it, but unfortunately that has not happened.
We are well over time. Thank you, Mr. Angus.
If you don't mind, I'll take the next seven minutes.
What is the name of your point of contact at SCL?
We had a variety of contacts over time. Alexander Taylor was probably the chief point of contact at various times, but there were a number, depending on what the project was.
You did a considerable amount of advertising for SCL, as you indicated to Ms. Vandenbeld, and you may have received the same audience and the same information from SCL. You said you did such a large amount it's hard to know.
You did Trinidad and Tobago, the U.S., and Nigeria. What other countries did you work for?
We created a door-to-door tool for Lithuania as well, and then, of course, worked on the presidential primary.
In Nigeria, who specifically asked you to disseminate that video that you rightly opted not to disseminate?
Mr. Massingham was there, so the work for the Brexit campaign was in fact being done in the U.K., to a large degree.
No. Mr. Massingham would just get the information and send it back to the people in Canada, who would do the work at our offices.
I've read the Slack messages. Mr. Massingham was doing work for the Brexit campaign, and he was in the U.K. Is that fair to say?
I wouldn't say he's doing work. He's communicating these meetings. He's getting information and sharing it back with our staff. It's a question of whether meetings are work, or collecting information and relaying it back to us is work. We could talk about that all day, I suppose.
Well, in an advertising campaign, talking about the advertising and accounts of the advertising sounds like work.
What was on the BeLeave Google drive that Massingham had access to?
At the time we weren't aware that Vote Leave officials may or may not have had access to it, and I don't know whether they did or didn't. Mr. Grimes sent us a link with information for their advertising campaign, and we clicked the link and downloaded that information.
In his last attendance, Mr. Massingham noted that he was aware that had further moneys been spent under Vote Leave and not the BeLeave campaign, they would have gone over the election finance limit. How were you aware of that at the time?
Everything that Vote Leave had spent to date? You only knew what it had spent with you. That wasn't anywhere near the cap. How did you know it was up near the cap?
We knew what our advertising budget was. When you approach the end of a campaign and you're approaching the end of your advertising budget—
I don't know personally that it was reaching the cap. I know that it was reaching the end of its advertising limit.
That's interesting, because at the outset of your statement today you said that you were completely aware of everything. You're the COO, that you know everything do with AIQ, and Mr. Massingham need not attend before us.
But that's not really the case if you can't answer certain questions.
Have you read all the Slack messages that were sent to us?
That's interesting, again. Mr. Massingham was actually sending and receiving those Slack messages.
At one point, he indicated that the timing was useful, because the softer stuff for the BeLeave campaign played really well at a certain time, and was different from the hard stuff, presumably the Vote Leave campaign stuff.
Is that what he was getting at?
Do you believe the following statement:
We have no reason to believe that there was any content shared between the campaigns we worked for, nor did we see any evidence of coordination.
The monies, the donation amounts moving back and forth, the fact that there was access to the drive, the fact that the Vote Leave officials had, in fact, established BeLeave's constitution, none of this indicated a coordination to you or raise red flags?
With respect to the donation, as I mentioned in my opening statement, that was entirely allowed under U.K. electoral law.
With respect to the drive or constitution, we were unaware of that. It's only now that we're seeing any information about that particular bit.
Whether it is or is not allowed, I'm not the expert on that.
One of the donors is blacked out in the messages we received. It was for £50,000. The name started with A.
Is that Arron Banks?
I can see what I can do with respect to my confidentiality obligations, and see if I can get you that information.
You may want to consult with your lawyers, and understand that no confidential allegations mean that you don't have to provide information requested by this committee, okay?
In total, I think you ran 1,390 ads on behalf of the pages linked to the referendum campaign between February 2016 and June 23, inclusive. That's directly from Facebook, so you ran 1,400 ads for the referendum.
In the Slack messages, there's no indication of how money is to be spent; how many ads were to be run; how much money is to be put into the ads to be run. Ostensibly, you provided us with all the Slack messages between BeLeave and Mr. Massingham.
Why would I have not seen how almost £700,000 would have been spent? How many ads should have be run? How much money should have been delivered through each ad?
A great amount of the conversation was done verbally. In one of the email messages Zack talks about having a call with Darren. That's when he would have gotten that information, and relayed it back.
Very convenient.
Who is the administrator on the Facebook accounts? You? Mr. Massingham? Who were the administrators?
We have advertisers who are administrators on different accounts. Sometimes it's me, sometimes Mr. Massingham. It depends.
Facebook notes:
Our investigations to date have found there was one data file custom audience, one website custom audience, and one lookalike audience that were used to select targeting criteria for potential ads during this period by both the Vote Leave and BeLeave pages.
That suggest there were some convenient similarities, if not coordination, between the campaigns being run by the two.
Can you speak to that?
That's something you and I spoke about just briefly before the meeting. I actually addressed it during my opening statement.
When we created the account for BeLeave, initially one of our junior staff just copied one of the other campaign accounts that we created for Vote Leave, thinking it was the same campaign. They were quickly told that was not the case.
Those audiences were deleted. All of that stuff was deleted. They started again, but they used the same account.
That information was created, but it was never used, never shared. No one from BeLeave ever saw it. We provided all of that information, and a very detailed description to the DCMS committee.
As I've said, when I get back to the office, I'll provide it to you as well.
I'm running out of time, so I have just one last question in this round.
Before the U.K. committee, they indicated that they have possession of internal emails that show senior AIQ staff discussing accessing the Kogan data from SCL and Cambridge Analytica servers for the Bolton PAC. Do you have any knowledge of that?
I spoke about it there. The email that they're speaking about came from an SCL person asking me where the political CRM was. The information in that particular email is a survey that they were doing about issues unrelated to any personality or anything like that, and they were using a tool called Qualtrics to do normal surveys of people across America to get their general—
No. With respect to the Kogan data, in that particular conversation—and that's what I can speak to—they were speaking about a Qualtrics survey they were doing of some 6,000 or so people.
[Translation]
Thank you, Mr. Chair.
Mr. Silvester, in light of everything that is happening at this time, do you intend to change your business model for the delivery of services in future, or are you going to keep things exactly the same?
[English]
We've already put into place new procedures, because there were some things that happened that were not the right way to do business with respect to our git repository, and so on. There are also changes that we'll have to make with respect to how we work with Facebook, because Facebook has changed the way they allow advertisers to do work. So yes, there are changes that we're making.
In addition, of course, we're doing a full investigation into that git repository access by Mr. Vickery, and I anticipate that when that concludes there may be additional things we'll need to do as a result. We've also learned that instead of informal policies, we need to formalize a lot of our policies in our conversations with the Office of the Information and Privacy Commissioner of British Columbia. I imagine they're going to give us some formal recommendations in that respect, and of course we'll change our business practices with respect to that, and we've already started down that path.
[Translation]
Under your previous business model, did your company pay for advertising on Facebook directly and then bill it to its electoral clients, or did it only provide consulting services about the placement of advertising, so that there were two different billings?
[English]
We've done both over time. We have advertised on Facebook for our client and then billed them, and we've provided advice to clients, who then do their own advertising; and we've directed their advertising and they've done it on their own pages and paid for it. It's happened both ways at different times.
[Translation]
Did you make sure that everything that was billed to clients during election campaigns was declared in the Chief Electoral Officer's report, or was that not your responsibility?
[English]
[Translation]
I'm referring to the United Kingdom, but also to other countries, since you have clients around the world.
When you bill your clients for work done during an election campaign, you expect to see the services you provided in the electoral report, regardless of which campaign, as well as all of the billing done. Everything must be declared.
Did you check to see whether all of the work you did during the election campaigns was declared by the parties?
[English]
Certainly when we invoice, we understand that different clients have different reporting requirements. A lot of our campaigns, of course, were provided...in the U.S., those campaigns that I mentioned, in terms of the midterms or the presidential, were done through SCL, so SCL or companies they're working with show up in the reporting. But yes, in terms of Brexit, or here, or anywhere else, when we invoice, we fully expect that that's going to show up in public reporting. Sometimes we do check, but not always. If the Electoral Commission or any organization asks us for clarity about that, we're happy to provide it, as we've done in the past.
[Translation]
A part of the work was done in the United Kingdom, and another part in Canada. Were there technical advantages to working from another country? When you worked by day in Canada, it was night in the United Kingdom. Was that to enable you to go faster? Or was it because the laws were not the same and that gave a certain legitimacy to the work?
[English]
I wouldn't say actual legitimacy or value, insofar as taxation might be different. I know in the U.K. we weren't subject to the VAT—the value-added tax—so that might have been an advantage to the client. I don't know if that was a decision that they undertook in terms of choosing us. With respect to some Canadian clients we've attempted to work with in the past, they've opted not to use us. They went with an American company vendor because there was an advantage to using the American company vendor for taxation reasons.
With respect to the 24-hour cycle, there's certainly an advantage to having people awake and working when other people aren't, but regardless of where we work, we'll structure our working hours to match up with what the client is doing. There are some advantages. There are also disadvantages.
[Translation]
The money received for the services you provided during the campaigns usually came from the election campaigns. Was the money provided entirely by the election campaigns, or did it come from a third party?
[English]
The advertising we did on behalf of Vote Leave-BeLeave during Brexit came directly to us from either the campaign or as a donation from Vote Leave with respect to veterans or BeLeave. With respect to work we did for SCL for their clients, that money came through SCL. It just depends on the client. We have relationships with a number of companies that in turn use our services to provide it to their clients, or we also provide services directly. If it's direct, then we invoice directly, but if we're doing work through another company, then we will invoice that company, and that company will in turn invoice the client.
Thank you.
Sir, what are the names of the Russian clients, or what kind of service do you provide to Russian clients?
I don't know. Mr. Erskine-Smith mentioned that earlier. I have not seen any code in our repository that has Russian, but it's possible we've downloaded code samples that might have included stuff, but I don't know. I would have to look into it. If you have specific information that I can look into, I'm happy to do that.
Johnny-Five is our— Oh, I think I might know what you're thinking about.
Johnny-Five is an app, an iPhone and android app that we have made for one of our clients. The client is WPA Intelligence out of the United States. It in turn has sold that to its clients. That's how we arranged that. One of their—
Yes. It in turn has sold access to that app to its clients. One of those clients is in Ukraine. We did some translation work for them that included English, Russian, and Ukrainian, to make the app work in Ukraine.
We're not always aware of all the other clients of our client—only if we're working with them with respect to that specific client.
Yes. That particular app is for sharing social messages with other people; it's for joining campaign activities, seeing what the campaign is up to, making phone calls, and this sort of thing.
I want to follow up on one question Mr. Erskine-Smith asked about the £600,000 that was agreed upon verbally. This was for a specific campaign. Which one?
Okay. I guess if this money was for a specific campaign, and you say this money was agreed upon verbally, how did they justify their expenses then? What kind of document did you provide for them to justify their expense for political reasons?
For that particular discussion, Mr. Grimes emailed us. Mr. Massingham and Mr. Grimes then had the conversation about what their goals were and what they wanted to do. Then all of the decisions on what ads were run, and everything, was done via the Slack channel that I provided you and also verbally on the phone.
We provided them insertion orders and invoices that I believe have been made public by the Electoral Commission in the U.K.
It may be my mistake if I didn't see it, but yes, I need a copy of that invoice.
You say that you kept the two campaigns separate, although I guess there's a Chinese wall in your office, then, that looked at the BeLeave campaign and—what's the name of the other one—Vote Leave?
I guess there's a Chinese wall in your office to be sure that you separate those two cases when you work in your office on those two campaigns.
In terms of those two campaigns, there's not a separate office for that, because the people who are doing the work are not decision-makers in that respect. We get the direction from the client, and we don't share that information back and forth between clients. It is possible that someone in our office was able to see both campaigns at the same time.
When you say you siloed those two campaign, how did you end up with a Swift message where there's an amount of money from one campaign saying that this amount should be treated for the other campaign? Therefore, you were the middleman in the transfer of money, helping one company to avoid exceeding the expense limit by doing so.
Well, the donation that we received from Vote Leave to BeLeave, as I mentioned, was entirely allowed under electoral law in the U.K.
A donor is somewhere. A donor gives money to help a campaign. In order to do that, someone takes money and gives it to the campaign. Instead of giving it to one specific campaign, they give it to you, who then transfers it to the other, while they just have to call the person and transfer the money.
Why do you use a third party to transfer what seems to be a donation and apparently not money for contracts?
Well, I understand at the time that the BeLeave campaign didn't have all of their bank accounts set up, and so they asked Vote Leave to transfer the money directly to us. We understood that was entirely allowed.
Thank you, Chair.
Earlier, Mr. Silvester, when we were talking about access to databases, you pointed out that you don't need a huge database.
Did you use the modifier “huge” advisedly? What size of database do you require?
Well, you'll want to keep track of the ads that you're running, and you'll want to keep track of the click rates and conversion rates, and this sort of thing. Typically you do that in a small database, but that's not personal information. That's information about the ads themselves, not about the individuals you're targeting.
A custom audience is made from a list of individuals, so that would be, at minimum, about a thousand people, with their names and email addresses.
Mr. Wylie, in testimony, made that point, that Facebook limits the custom audiences to a thousand, but he said that you could have a thousand custom audiences of a thousand to make up a million, and then you have a thousand different messages to a million people. Exponentially, you can grow that as you wish to use those custom audiences—
Yes, you could make as many different custom audiences as you want. The numbers of custom audiences that we've ever worked with are not in that scale or scope of size, but we certainly have used them in the past.
In the Brexit campaign for the different leave projects, what sort of numbers of custom audiences would you have used?
It was the Vote Leave campaign. That's where we would have used that. I don't have the numbers right in front of me, but I can certainly get that for you.
In terms of the number of custom audiences, less than 10, maybe less than 20—somewhere in that range—but I don't want you to quote me on that, because I'd have to look and see the exact number. I don't recall exactly right now, but it was not a ton.
That would seem to be rather small value for the money that was paid, if we're talking 20,000 to 30,000 individuals in these different custom audiences.
In terms of the money paid, the vast, vast majority of all of it went directly to the advertising. There are also reporting tools and things like that. There's our time. We did some IT work with Vote Leave as well, which we talked about when I was here last time.
With respect to the value for money, labour—because of course we were also helping them create the ads with graphic designers and this sort of thing.... So between labour and everything else, it all adds up.
When you say you helped them create the ads, coming back to Mr. Wylie's suggestion of voter suppression in the United States and the black demographic, would you have helped customize or create those advertisements?
Even if I look back at all the work we've ever done, I can't even in my imagination try to stretch that to be anything close to voter suppression.
When Mr. Wylie was with us by video link, we discussed GitLab, and Mr. Vickery's visit to the Ephemeral project—the GitLab-AIQ Ephemeral project—and discussed the database of truth, the project Saga, the project Monarch.
Recognizing that there is good humour among those who work in the digital world in your business, and the subtitle of the Ephemeral project on the website, which said, “Because there is no truth”, I asked if that was just humour, or more of an underlying reflection of the mentality at AIQ.
Mr. Wylie answered that he couldn't speak to any of “the specific intentions of AIQ and why they put certain things there”, but he said, “there was a systemic culture in the group of companies that we've been speaking about that completely disregarded the importance of truth in an election.” He said, “SCL and Cambridge Analytica regularly advertised disinformation as a service offering.”
Are you saying you weren't aware of that: offering a disinformation service?
We don't conduct ourselves to provide disinformation; we provide information. All of the advertising we do is clearly attached to the clients we do the advertising for. We're not trying to hide any of that. All of that information has been provided to the different regulators and, indeed, to different committees. They're going to do the work that they need do to ensure that it was all within the limits, but none of the advertising we've ever seen and none of the work we've ever done for any of our clients would come close to the type of description of what Mr. Wylie was saying.
With respect to the Ephemeral project, that particular comment was just a comment by one of our staff. With regard to that particular project, the comment is making reference to—and I talked about this at the DCMS committee—the fact that, when you have multiple databases that have potentially the same information in them, if you're going to put those back together at some point, you need to know which one is in charge. It's like a parent-child relationship in data. That database of truth is a comment that one is always the most right one. If you ever have a conflict like there's a phone number over here, and there's a phone number there, we're trying to put together which one is right. The comment is that that particular server is the one that's going to be found to be right.
Do you think that that comment isn't particularly helpful as people become familiar with the illegal harvesting of Facebook information and the way it was used by Cambridge Analytica in the Brexit campaigns and in the United States? You mentioned in your opening remarks that a lot of this discussion has been wildly speculative. Certainly reference to those sorts of individual findings, which, as you say, may have been innocent in their origin, doesn't reflect particularly well to people who believe that there was a cynical attempt to interfere with the democratic process.
First, the comment itself is perhaps not a perfect representation of what it is, but we are working with our developers to be a little better on that. Second, we never used any of the information from Cambridge Analytica, Facebook, or anyone else in that that was improperly obtained during Brexit, and Facebook has confirmed that.
Good morning, Mr. Silvester.
There are two points I want to raise. One, in response to Mr. Erskine-Smith the last time your were here, you said, “We don't have data to profile and target, and we don't profile and target individuals”. I just picked up on what Mr. Kent said about suppressing the vote.
Chris Vickery uncovered evidence that, in the Ripon voter querying data, there's an option value for “disengagement target”. I have a copy of it here, and I think he's posted it on his Twitter. Can you please explain what this means and how your past statement can be accurate in light of this information?
In the context, that was during the presidential primary campaign. A disengagement target is the people whom you just don't want to talk to. For example, if you're campaigning, and you know there's a street full of hard-core Conservatives, you're just not going to bother knocking on those doors, and that's who the disengagement targets are. It's a list that you can use so that when, for example, you're making a mailing list to send out mailers to people, you can then take out the people who you know are never going to vote for you because they're hard-core Conservatives or, in the case of the primary campaigns, they're extreme Democrats or something like this.
The disengagement target was to eliminate data; it was not to provide them other information to suppress the vote or to turn the voting? They were eliminated from any of the advertising you were doing.
Not all of the advertising, but specifically, they would be eliminated from lists that campaign had.
You've stated here it's a disengagement. You just told me that those are people you want to avoid, and you used the example that, if you know there are Conservatives on the street, you wouldn't bother with them. If I know there are Conservatives on the street, what am I going to target to them?
Exactly. When you're doing a list that you might match for advertising, if you're going door to door, or if you're doing a mailer or anything where you would be directly communicating with an individual, then yes, you would exclude those people, but with respect to general demographic advertising or geographic advertising, you might still show them ads. You never know who those people are because it's all just through Facebook, Google, or whatever.
Okay. On the second point, there's some similar data showing that Ripon querying data called for psychographic targeting based on high openness, extroversion, high neuroticism, and high conscientiousness. What other psychographic targeting do you do, for which clients, and on what campaigns?
We don't do any psychographic targeting. The information you're speaking about were scores or rankings that were provided to us by SCL for their clients.
Yes, I'm just about to get to that.
We created their political CRM that they call Ripon. Within that, it had the ability to display those scores or rankings that SCL created, so the client could go and look at those values. Insofar as we wrote code to allow it to be displayed to the client....
We wrote the code to display the values. We didn't find the values, or make the values, or anything like that—
I don't understand what that means.
You have in your code certain criteria, certain values. I'm a coder, but I just want to understand. You have certain codes or certain values that you've written into a program. Now you're saying that they didn't work or.... Explain it to me.
Sure.
A political CRM has a database underneath it. For that database, and certainly the empty database, we wrote code for a client to look at that database. The actual data that was in that database was provided by SCL. They told us what the values were and what they would look like. For example, with respect to that psychographic scoring, it was a number between zero and one. What we got were five columns. In each column there was usually a number between zero and one, so from zero, 0.5, 0.7....
Are you stating that for SCL, for this specific project, you had these values, but these values were not available in other projects?
They were available in the projects that we worked with SCL on. They asked us to use their Ripon tool that we wrote for them. We haven't used them anywhere else.
You wrote the code with what SCL told you to write the code for, but you don't know where else it could have been used.
You would be surprised.
Why was it written in the code then. What was the purpose? Did you not have a query as to why you were writing this in the code?
Didn't it sound odd to you that you're using psychographic profiling with this sort of...? If you look at the high-openness, extroversion, neuroticism factors, did you not find that odd? You weren't doing a psychology experiment; you were doing political work. Did you not find that odd that you were writing code? A client has asked you to write code for certain things. Did you not find that odd?
But would you, as the coder, not have thought differently that you were putting this kind of language in the code? You had no concern, or any query, as to why they were doing this, or what the point of it was.
So somebody gives you work as a professional person, and they're telling you to put this in there. Did it not strike you as odd that they were asking for this kind of stuff?
Yes. If you look at some of the words, you see they're highly charged: neuroticism, conscientiousness, extroversion. That didn't really....
Those were all based off of the “big five” personality profiling that's quite common in the personality space. When they told us that's what they were doing, I looked at what the big five personalities were. I think I took one of the online tests.
Mr. Saini, unfortunately we are over the time. We'll come back to you, though.
For the next three minutes, we have Mr. Angus.
Thank you.
When he was here last time, Mr. Wylie was very forthcoming about the various companies that SCL comprises, SCL Elections and SCL Social. He's provided us documents, where your colleague, who's not here, as head of SCL Canada, says that you were set up to be SCL Canada.
What do you say?
Whether that was SCL's intention at the time, it was not told to us. As I mentioned when I was here last time, or perhaps it was to the DCMS committee.... They did ask us at one point. This was well after we started working with them. They did ask us if we would create SCL Canada, and we declined. Why they would then put that on their website, I don't know.
He says your claims are “completely false”. He said that under oath.
It seems to me really strange. We have a listing of documents with your colleague—who's not here—as head of SCL Canada, with a phone number for SCL Canada.
He says AIQ was set up because there were projects that were run by SCL and then Cambridge Analytica that needed a team of engineers to perform the work. You were set up to do that work as a franchise operation of SCL, is what he said. He said that to us under oath. Is that true?
We were never set up as a franchise. We certainly did work for SCL, and we certainly have software engineers on our staff to do coding and that sort of thing, but we were not—
You're able to do outside work, but you were set up to be the franchise data engineers of SCL. That's what he said under oath. Brittany Kaiser in the U.K. said the same thing. Why would you tell us that...? You've never given us any clear picture of how you were set up with SCL. He said under oath that you were set up for this purpose.
I've given a very clear picture. We were an external contractor. We did work for SCL, but we are entirely separate. We are not a part of their company. We don't take direction from them on what we do. Insofar as we have a contract with them, we do the work in that contract, provide them with that work, and get paid for it, just like any other company.
Why they would put Zack's phone number on their website without letting us know, I don't know.
Okay. Then Christopher Wylie said under oath that what you and your colleague have told us—you've just repeated what you said the last time—was “completely false”. That would mean lying to our committee, so either Christopher Wylie is lying or I would suggest that we're not getting the full facts from you.
You are under oath as well, Mr. Silvester. He says it's completely false. Is he lying to us?
Well, the fact is, he says that your position as not being set up to be the franchise operation to SCL Canada, that your claim that you were not “completely false”. He said that under oath. Was he lying to us?
He also said under oath that it was true—and I'll quote him—that “AggregateIQ was not part of SCL”. He said that here under oath. His story seems to have changed over time.
Yes, he said you were set up as a franchise. You were set up specifically because they were running projects by SCL Elections group management and then through Cambridge Analytica, and we have the documents where we actually see the four hirings that are going to be taking place by AIQ under SCL Commercial, with Zack Massingham as head of SCL.
Why would the documents be there if this is not true?
We've never done any work for SCL Commercial. All the work we did for SCL was for SCL Elections. With respect to—
You were working for SCL Elections. You were hiring for them. You're listed as their head. Christopher Wylie says you were set up for this purpose. You could do side projects. That's okay, because it seems that a lot of loosey-goosey stuff was done under SCL's world operations, but he says that you have misrepresented your role with SCL to our committee.
To me, this is a very important thing, because we have to make a report to the House about the evidence we've heard. I'm giving you an opportunity: why would Christopher Wylie lie to our committee if this is not true?
I don't know why Mr. Wylie would continue to state what he's saying. He ought to have been fully aware of what our relationship was early on. He in fact, when he had his own company, pitched to us to work with him.
Unfortunately, Mr. Angus, we are almost at five minutes, so we're going to have to get back to you for the next seven-minute round.
Thank you, Chair.
Mr. Silvester, you started your testimony by saying, “We've been entirely co-operative with this committee.”
We've come, answered all your questions, and answered further questions when you asked us to provide additional information. I've provided a ton of information. I think that's what co-operating is: answering all your questions as best as we can and contributing—
Pardon me?
Mr. Frank Baylis: Answering them as best as you can...?
Mr. Jeff Silvester: Well, that's all I can do.
Sometimes I won't have all the information, just like I mentioned earlier, and then I will go back and try to find that information for you.
If you're entirely co-operating—because you said you were “entirely” co-operating—how is that even more so? What would you do more?
I just simply mean that we have co-operated as best as we can and tried to answer your questions as best as we can. We've come twice now and, like I said, answered all your questions and provided a ton of information.
For example, you also said in your opening statement you were co-operative with the people in the United Kingdom, their Information Commissioner, and their committee as well.
The last time you were here, I had a hard time understanding something, because I kept asking you a question about the Information Commissioner, and you were not co-operating, and you kept telling me.... You had a very perplexed look on your face and said that you'd answered their questions. You got one letter; you answered it. You got a second letter; you answered it.
This is what you said in that second letter to the U.K. people: “We are not subject to the jurisdiction of your office”.
Can you explain to me how that statement is co-operative?
I know that. I didn't say you are. I am asking how it is co-operative. Then could you tell me how it is “entirely” co-operative?
It's true. I know that. That's not what I asked you, though. Let's answer my question this time. How is that statement co-operative?
Okay, I'll read another sentence of the letter. You answer none of her questions, but you're co-operating and you're “entirely” co-operating. That's what you told us right now, today.
In that letter, you answered none of her questions. You ended the letter: “We consider our involvement in your office's investigation to be closed.” In sum, you stated that you were not subject to their jurisdiction and that you considered your involvement in their office's investigation to be closed.
You told us this morning, right here, that you have been entirely co-operative. You didn't answer any of her questions, and you wrote this letter saying that you're not subject to her jurisdiction, and you unilaterally closed the discussion.
How is that being entirely co-operative? Answer that question.
You did not answer her questions, and I didn't ask you about that. I'm asking you very specifically, and you'll answer my question now, how does this letter, in which you tell her you're not going to answer any of her questions and that you're not subject to her jurisdiction, represent your being entirely co-operative? When I asked you why there was a disconnect between what you're saying and what she's saying, why did you sit there with a perplexed look on your face, after you told me you've been entirely co-operative and after you explained to me what “co-operative” means? Answer that question.
Just so I'm sure, you also mentioned to my colleague there that you're not obfuscating. I just want to make sure that what you're doing now is not obfuscating.
No, you're answering very clearly.
You said you've closed the investigation. You decided that. They didn't decide that.
I asked you why there was a disconnect. Did it not dawn on you when you wrote this that you did not answer any of her questions and that's why she wanted to take legal action against you?
Not after the meeting. When I asked you that the last time you were here, you obfuscated—and, quite frankly, Mr. Silvester, you lied to me. Now you're here again and you're under oath. This is what was written in the letter. Is it not clear to you that you did not answer her questions, and that you told her, by unilaterally saying it was closed, that you were not going to answer her questions?
I didn't lie to you before, and with respect to your bringing up that issue, I did wonder how she came to that conclusion. That's why we reached out afterwards to have a conversation directly with her. We heard back from them as to why they thought—
You wondered how she got to that conclusion. When you said your involvement in the investigation is closed and that you weren't subject to her jurisdiction, you wondered how she came to that conclusion? You just said that.
Let me ask you something. If I asked you a question and you told me, I'm not subject to your jurisdiction and the investigation is closed, would you wonder how I came to the conclusion that you're not co-operating?
If I asked you a question and you said, “We are not subject to the jurisdiction of your office.... We consider our involvement in your office's investigation to be closed,” you would wonder why I would think you're not being “entirely” co-operative?
Thank you, Mr. Chair.
When he appeared before us, Mr. Wylie said of the past several months of discussions, the claims and counterclaims, the contradictions, and so forth, “The way I look at it...Cambridge Analytica is the canary in the coal mine.” Would you agree with that statement by Mr. Wylie?
As he went on to explain, he basically said that what has been exposed “is how easy it is to misappropriate information, take funds from mysterious sources, and then go and interfere in elections, particularly in cyberspace.” He said what it really shows “is how the Internet and the growing digitization of society have opened up vulnerabilities in our election system.”
Do you believe that vulnerabilities have been opened up by the Brexit leave campaigns and the way they were—
No, I don't believe so. Everything that was done with Vote Leave and BeLeave and the others was all publicly reported. In that respect, I don't think there's any problem there. They could certainly look at their electoral laws and whether they're appropriate or not, but that's for them to decide.
With respect to the use of the Internet, there are some genuine concerns. People can advertise from anywhere in the world. If the advertising platform let's them do it, they could attempt to advertise during an election without having to meet spending limits, or whatever it happens to be. However, Facebook has already put in place measures to prevent that. I imagine other advertising providers will be doing the same.
There is certainly more work that can be done. I'm hopeful that will happen.
Mr. Wylie suggested that one remedy might be if Facebook were willing to document all of the advertising placements—who placed them, and when, and the origins—as much as they can determine who made the buys.
I understand that's exactly what they're doing. I'm not Facebook, but I understand that they are. In the United States, for example, they're requiring people to provide some enhanced identification to show who they are. They're giving people all the information about political advertising. You can go and look at all the ads they've run, who ran them, and all of that. All of the information—by which it was chosen for a particular audience, and that sort of thing—is going to be or can already be found by people on Facebook.
One of the major areas where suspicions have been raised about motivation, means, and manipulation has been the different corporate entities in different parts of the world and different jurisdictions—the cloud, the location of servers, the storage of data, and the destruction of data at the end of certain contracts. With the European Union's general data protection regulation that has come into place.... As you know, there's discussion here in Canada. The Privacy Commissioner has said that our current minimum adequacy should be upgraded significantly in some areas—perhaps not all—to match the GDPR. Would that change the way AggregateIQ's business model operates, in terms of domestic Canadian election work?
No, I don't think so.
With respect to GDPR, there are some changes. For example, they assert that an IP address and a time is personal information. That would prevent you from using things like pixel to show an ad to somebody who has previously been on your website, without knowing who they are. That would certainly change, but that would be implemented by Google or Facebook, or whatever advertising platform.
With respect to the work we do with clients, the services we provide would generally be the same, other than whatever specific regulations might go around it.
In terms of the ownership of individual, personal information and the new opt-in requirement—granting permission for subsequent use in any number of ways—and given your explanation that you don't know where a lot of the data models have come from and how they were obtained, wouldn't that then create new concerns or new protocols that you would want to follow to be sure that you aren't in the future dragged into something similar to the Cambridge Analytica-SCL-Facebook scandal?
Yes. Certainly there's an opportunity to provide clarity to people about what information they're providing and what it's going to be used for, either right away or in the future.
One of the challenges with Facebook, for example, is that when I signed up a long time ago—and I'm not on there now—its privacy statement may have said one thing and then 10 years later it's had a number of different updates. Now it's doing all of this different advertising; it wasn't advertising when I started. In that respect, there do need to be clear statements and clear guidelines. I think there's a role for government to provide that legislation and those regulations so that companies know what they need to provide to consumers, voters, political parties, and whomever to let them know what's going to happen, what they can do get their information back if they don't want it to be used, and what type of notification requirements there are. All of that stuff should really be included.
With respect to going as far as the GDPR does in all of the ways, I know there are a number of services in the U.K. and Europe that have had to shut down, not because they're doing anything wrong, but simply because of the IP restrictions and limitations. They're working on ways to work within the rules to still provide those services. We have to be cautious about how that's done, but there's certainly a lot of room for opportunity there.
We saw in recent weeks since the GDPR came into effect that several dozen American news organizations have actually closed access to EU users because of their concerns that they may be in violation of the GDPR.
Hypothetically, if we were to believe everything that you and Mr. Massingham have told us in the two sessions of testimony, would it be fair for us, nonetheless, to conclude that in some ways you have been dealing, or may have been dealing, in stolen goods?
No. I don't think we've dealt in stolen goods as you're describing it, in so far as that all the information that we've received from clients is information that, in itself, they have obtained correctly.
As I said earlier, the information that we receive is entirely consistent with that you get as a registered candidate.
As I was saying to Mr. Erskine-Smith earlier—and I think we were talking about it earlier as well—it is entirely possible that they decide who to put into that list by some other means, and I don't know what those means are. The actual information that I get from them in order to run ads or to load into their political CRM is information that they legally have.
There is opportunity even in that, in the legislation, to define what is allowed and what isn't allowed, and the companies will always work within those rules. It's just a matter of defining for them what those rules are and giving them clear guidelines to follow. The first thing is very clear disclosure as to what that's being used for.
Thanks very much.
I know Mr. Angus was worried about running out with three minutes, so he has seven minutes this time around.
Thank you, Mr. Chair.
The last time you were here we were trying to get a sense of how your very obscure company in Victoria got a huge contract for both the Vote Leave and the BeLeave campaigns.
You said that it was through a competition. How did you get that contract?
The individual's name was Mark Gettleson. He introduced us and let us know that they were looking for advertising providers. He then sent us an introductory email to Vote Leave. We then took over from that, had conversations with Vote Leave, created a proposal, sent them a proposal, and they selected us. Then we started doing work for them.
Mr. Gettleson has come forward as a whistle-blower, and he said that he helped coordinate BeLeave as the front for Vote Leave in getting this extra money, in setting up the bank logs and the emails, and he put you in that position.
Were you aware that he was doing this with BeLeave?
No. The last interaction we had with him was when he introduced us to Vote Leave in that campaign. I have spoken with him since, but that was well after Brexit.
Okay.
Since your colleague is not here, I want to go back to the conversation with the 22-year old. I have nothing against being 22. I was 22 at one time as well, except nobody gave me £625,000 to affect the biggest referendum in British history. At one point, your colleague, who's not here, said to Mr. Grimes, “you're on track to spend almost 300k USD today”. That half the budget in a single day. Would that have been at the end of this 10-day campaign?
I don't recall the exact time frame, but the money from BeLeave came in three different chunks. It didn't all come in as £625,000 at the same time.
Mr. Charlie Angus: Yes, I know.
Mr. Jeff Silvester: I think we provided the invoices to you and I think the first one was £400,000.
Okay.
We talked about this in the first round, but I'm just trying to get a clearer picture of it. So Mr. Massingham said to Mr. Grimes, “you're on track to spend almost 300k USD today.... ddi you need me to grab some money for you?”
You've been involved in political campaigns. Don't you think it's highly unusual for your data geeks to be in charge of getting money for a campaign? How does that work?
As I mentioned earlier, what Mr. Massingham was referring to is that Mr. Grimes said to ask if we could transfer some of that money back to him that had been provided, because they had some expenses. Mr. Massingham was saying in the email that if you want us to transfer money back, let us know. It wasn't that we were getting money for anything else. We were providing their money back to them because they—
He doesn't say that. He asks, “Do you need me to grab some money for you?”
I find that very unusual phrasing. And then he said, no, it was fine, that Victoria was sorting. Is that Victoria Woodcock from Vote Leave?
Okay.
So it was perfectly fine for that £625,000 to be transferred because donations are legal, correct?
Okay.
So when Mr. Massingham is offering to get the money to them, and he said it was okay, that the representative of Vote Leave was going to get the money, Mr. Massingham was taking on the role of helping to coordinate the transfer of funds from Vote Leave to BeLeave, correct?
No. As I said earlier, that specific question was about transferring some of the money that had been given to us, back to BeLeave because they needed money for expenses other than advertising. So Mr. Massingham's comment was in relation to that. It didn't end up happening because, I guess, Darren found another way to—
Yes, he was getting the money directly from Vote Leave. But 300K in a single day is an enormous amount of money that would certainly help tip an election, which is why I think the investigation as to whether or not you were, as Mr. Wylie says, a money laundering vehicle for Vote Leave is the question we keep coming back to.
Given the enormous amount of money that was transferred on a single day to buy ads, you didn't front Vote Leave through the coordination because Mr. Massingham was willing to coordinate it, but Victoria Woodcock did it. Do you disagree with Mr. Wylie's statement that you were involved in a money laundering operation?
But I note at the same time that he only says it in committee, because it's not true. Were he to say it outside, then we might have some legal recourse. We don't because he's saying it at committee.
But you're protected by privilege as well. So you could tell us and you'd be protected, and I think that you haven't made use of that.
I want to go back to the information commission letter that Darren Grimes wrote, where he explained that for 600K, you got some emails and that, and he said he did not undertake any working together with Vote Leave Limited, that he had no involvement with Vote Leave Limited's work with AggregateIQ Data Service Limited or any other companies. He says this was a completely separate operation, but then he says in the Slack messages to Mr. Massingham not to worry about getting 300K on a single day, that he would get it from Victoria from Vote Leave. Mr. Grimes is on record as saying he wasn't coordinating the finances. Mr. Massingham seems to be stepping up to offer to help coordinate the finances.
How are we to interpret this as anything other than that you play a much bigger role than simply doing the data clicks?
The £300,000 was money that we'd spent that had already been paid to us by BeLeave. We didn't undertake advertising until we got the money for BeLeave. What Mr. Massingham is saying is, “We've spent £300,000 of your money on your ads, and since you've asked me to transfer some back to you, would you like me to transfer that money?” That is what he was asking. He was not suggesting that he get £300,000 from Victoria for Darren or anything of that nature. Darren had asked if he could get money back—
Actually, he's not saying that. He said, “you're on track to spend 300K today.... ddi you need me to grab some money for you?” He's not saying they spent 300K; he said that we're going to spend 300K. Do you need me to get you some money?
I don't want to go down the rabbit hole of this, but it seems pretty clear that he's in a position to find out where the money is coming from, and Mr. Grimes says, “Don't worry, it's coming over from Vote Leave”. The only interpretation we can have is that you were helping to coordinate it—and to coordinate that would be illegal.
We don't know what Mr. Massingham was saying, because he's not here, so you and I, I guess, are dealing with hypotheticals.
Mr. Massingham refused to come, so we can't ask him what exactly he meant; we're just asking for your interpretation. This, to me, is a very concerning issue because, again, the question that we see is that we have group that was set up that had no history; that has a pro forma constitution within their Google drive; that gets their banking information from BeLeave; and that you were brought in by Mr. Gettleson, who, specifically, is now saying that he was helping to coordinate the two campaigns illegally; and that the key person who was involved in all of the decision-making, Mr. Massingham, is not here. We have no ability to get to the truth today, because you were not involved in that transfer of money; it was Mr. Massingham. Correct?
Well, when it came to the money transfer, I was involved. I was here in Canada taking care of the business of our business. With respect, again, to that £300,000, Mr. Massingham was not offering to get additional money from Vote Leave; he was offering to provide back to BeLeave money they had already given us so that they could use it, not for advertising, but for other purposes of the campaign.
Thank you very much.
Thank you for being here.
As requested, you provided this committee with documents, including contracts, invoices, and insertion documents. Do you agree?
Can you explain the difference between an insertion order and an invoice, and are they sent together?
They're often sent together, yes, not always. An insertion order is a description of what the advertising is in a general sense. Where we might have multiple insertion orders, we then put them into one invoice, or sometimes they're the same.
Thank you.
At the top I see there's a principal contact name from your business. Is that who you consider the primary lead for the contract?
That's usually the person who whoever is in charge of paying those things knows from our company, yes.
I think there are primary and secondary contacts on each, and I think there may have been different secondary contacts, people who might have been doing the advertising, but I think the primary contact might have been Zack on all of them. I don't know.
Going back to the invoices, you mentioned that the contract and the insertion were produced and sent at the same time. Am I correct with that?
Usually, yes, but not all the time. With Vote Leave I know we sent insertion orders and then we would sometimes group some of them in one invoice, I think. I think with BeLeave it was at the same time, I think.
That's what I see here, but I wanted to confirm.
How long would it take you to be paid? How much do you take up front, 50% or 75%, 10%?
It depends on the client, and it depends on the advertising, so there are some clients that we will advertise for, then invoice them at the end of the period, and then get paid. There are others that we ask for payment from up front for the whole amount of their budget, and then we draw down off of that.
Once they paid us the first time, when they said they were transferring another sum, we may have started advertising into that sum, knowing that they'd paid us before and were likely to pay us again. However, in the first instance, if I recall correctly, we got the money first and then started doing the advertising. With Vote Leave, however, we started advertising before we got money.
Okay.
Going through the documents, one contract that you provided us and that I have in front of me is for work done from June 14 to June 23, 2016.
Why would it be dated April 30, 2018? This is 2018. It's this year. When was this document produced, and why is it dated 2018? It was done in response to inquiries done by our committee. Just as a reminder, that was two weeks after you testified here at our committee.
Right. It may have been a Word document. If I open a Word document, sometimes it has auto-dates on it, in which case it might have updated the date. I would have to go back and look at the original again.
I know that all of that information has been sent to the—
It just may have been the format I had it in. I apologize if it came through that way. I will definitely go and double-check to see the exact date, if that's incorrect. It might have auto-updated.
Correct.
Mrs. Mona Fortier: That's huge.
Mr. Jeff Silvester: I think it aligns with the 400,000 U.K. I think that's what that's from.
No. We don't do the money translation. Typically, we will do an approximate translation the day of in terms of what the fee ought to be.
If you could provide the committee with that information, it would help us better understand how you work with invoices and—
Yes, but that would have been sent at the time of the invoice and everything that went along with it. If there's a mistake with the date, I can certainly look at it. It was likely a Word document and I opened it up to see if that was what it was. Then I printed it. Sometimes Word documents auto-update. I apologize if that happened. I will certainly double-check.
Yes. We were doing some work for a client outside of the U.K. We had been creating a reporting tool for them to show where in their area people were volunteering from. They could see a map and little dots as to where people were coming from. When we did that, we found that there were some people coming from the U.K. who showed up on their map. In light of the information we had been providing in working with the U.K. ICO, we didn't want any U.K. information in there, so I asked my programmers to remove the information from the database and then to make sure that more information couldn't get back in there from the U.K.
It does happen from time to time in campaigns, even here in Canada, that people go to the website from outside of Canada. It could be that they are expats, or it could be that they're just generally interested in what's going on. We saw that a lot in the U.S. primaries. But in this case, because of the investigations that were ongoing with respect to Brexit and the ICO, we didn't want any of that information in that database.
So the note that was in there, that suggested that it might violate U.K. privacy laws, was simply because the data was there accidentally. It wasn't because—
The data wasn't there accidentally. Someone from the U.K. went and put their information into a form, and that ended up in the database. That's not accidental. We just—
Ms. Anita Vandenbeld: “Someone.”
Mr. Jeff Silvester: Yes, well, we had their name and their email address, because they came to the website we created for our client and entered it. We just didn't want it there. So I asked the developers to delete it and to make it not possible for people from the U.K. to enter that information again.
That's a comment in relation to a particular project we're working on for a client. As I think I was saying to Mr. Kent earlier, it's a reference to which database is more accurate than any other database.
So you would have us believe....
Here you have comments on one of your files that, well, this might violate U.K. laws. You have another file called the “database of truth” that includes huge repositories of Republican voter data, which should not leave U.S. jurisdiction. You're set up in Canada. You tell the U.K. Information Commissioner that they have no jurisdiction over you.
So we're to believe that you're here in Canada; that you are outside the jurisdiction of the U.S. and the U.K., so you conveniently don't have to apply those laws; that you were given £600,000 for a single...just go onto Facebook and click, and pick some demographics; and that you had no idea that this might be something fishy or that there might actually be some sort of collusion. You just sat there and took these very similar datasets to different clients, took huge amounts of money for it, happened to be outside their jurisdiction, and it had nothing to do with trying to get around laws within the U.S. or U.K. for privacy. That's what you're actually telling us today.
There are three points there that I think you've made.
With respect to the work in the U.S., that particular project is a project for a client. They use it; it's their servers. We help them set it all up, sure, but we don't use that data for anything. It's theirs. They use it with their client. That's the ephemeral project. It is for a client.
The database of truth is not even built yet. That's not what it's called; it's a comment about it. That particular thing is not even built. There are other components of that project that are finished, but that one isn't.
With respect to Brexit, we didn't use any information from anyone in the U.S., or anywhere else for that, other than what was provided to us by the clients. That's the only information we used there.
[Translation]
Thank you, Mr. Chair.
Regarding the advertising you placed on Facebook, were the computer graphics, design and video or image production already done, or did you take part in those steps?
[English]
Both. Sometimes we help with making images. We have done a limited few videos, but usually videos come from some other place. Oftentimes, what happens is that a client has an idea. They have an image. They generally have the text they want to have, or the message they want to convey, and then we help them craft that into the advertisement that we then place on their behalf.
[Translation]
So you provided advice to make the advertising more attractive or more effective. If you see that some advertising makes no sense, you have a word to say about it. You may say that you won't touch it.
[English]
Yes.
Sometimes clients want to do advertising that is just not going to work. We know from experience that it's not compelling or it's not particularly interesting. The individual or the campaign thinks it is, but we know that it's just not going to work. We let them know. If they insist, we'll certainly run that ad for them. We certainly provide that level of knowledge to say that here's the context where it will tend to work in the future, and this would work better if you put it as a tiny ad versus a big ad, and this sort of thing. We work with them to provide all that information to make their campaign as efficient as possible.
[Translation]
To comply with the election laws, is there a notice indicating that the advertising is paid for and authorized by the official agent of the party or the candidate? In the advertising we place in newspapers, and even on the campaign posters along the roads, it must say that they are paid for and authorized by the official agent.
Was that authorization published in that advertising?
[English]
If it's a requirement in that particular jurisdiction, then certainly we would add that information. I know that in British Columbia, for example, as long as the ad links back directly to the candidate who is advertising it, then you don't need to have the “paid for by” at the bottom of that particular ad. It depends on the jurisdiction that you're working in. We certainly make sure we comply with all of those rules. If the campaign asked us for something and we think there's a problem, we'll let them know about it.
[Translation]
Was any of the advertising you placed negative? There is positive advertising, but there are also attack ads that are negative. Do you use that type of ads?
[English]
Clients have asked us to run ads that are quite negative. We let them know, typically, that they are less effective than ones that might be towards their campaign, but we have run ads that have been negative, in limited circumstances. They are attached directly to the campaign, and that's very clear.
[Translation]
How did you determine that an ad that you probably accepted because your client absolutely wanted it to appear corresponded to the category of negative advertising? The margin between negative advertising and disinformation is very thin. If the information in a negative ad was inaccurate and thus constituted disinformation, were there measures to deal with that, or did you accept it anyway as it was?
[English]
We make sure that all of the ads we run are attached directly to the candidate and to the campaign. If they're publicly espousing something that other people might take issue with, they can take it up particularly with that campaign. To your specific question as to how I would know whether it's misinformation versus just being negative, my response is that sometimes negative advertising is simply pointing out the truth about that person.
I can think of specific advertising. It was an ad saying look at what this person has done. Once you clicked on the ad, it brought you to a website. We didn't control the website, though it had factual information on it about some of the things that the particular candidate had done in the past that people might find unsavoury. That was negative advertising, but it also appeared to be correct.
[Translation]
Indirectly, advertising could lead us to other sites containing disinformation about an election campaign. This might not be your fault, but these stratagems and means provided by your company probably allowed people to spread disinformation during election campaigns, despite your good intentions.
[English]
I don't believe that we've ever done that. It is theoretically possible, except that the different advertising networks also check the landing pages, so if you're directing something to a landing page, I guess the company could ask us to advertise. We could start and, pointing to web paging at the time we began, everything looked fine. Then they went back and changed that web page afterwards, and we didn't know they'd changed it. Yes, it is theoretically possible. We have not seen that happen in any of the work that we've done, but I suppose it would be possible.
Thank you very much, Mr. Gourde.
If nobody minds, I'll take the next five minutes from here. I want to start with a bit of a summary of what I understand, just so I've got it all clear in my mind.
Mr. Massingham testified previously that he was aware that if any additional expenditures had gone through the Vote Leave account, they would have been over their limit. Enter 22 year-old Darren Grimes, who starts the BeLeave campaign just weeks before the referendum with no resources and no data. They get in touch with you somehow. We don't know exactly how they became aware of you, but they did presumably through Vote Leave. Mr. Massingham has added to a Google drive. He testified before us that he had no idea what was on the drive, even though this was one of the largest campaigns you've ever run. Mr. Grimes makes purchase orders in large sums mere days in-between, or close together to his receiving the same large amounts from Vote Leave that weren't the exact right numbers of the purchase orders he made. We learn that 1,400 ads were placed by AIQ between the two campaigns. Almost £700,000 was spent in total. We're directed to Slack messages, and on those Slack messages we see statements from Mr. Massingham to the effect of “your soft stuff will play better here versus the hard stuff”. Presumably that's Mr. Massingham speaking to the Vote Leave materials and to differentiate between the two. But nowhere in those Slack messages is there an indication of how many ads to run, which content to use exactly for those large number of ads, or how much money to put behind the ads. That was all done verbally from what we know.
Oh, I forgot to add, but there was absolutely no collaboration or coordination whatsoever. Is that right?
To your point, Mr. Massingham said he didn't know the entire contents of the Vote Leave drive, so when BeLeave sent us a link, they sent us a link to images and stuff they'd used previously. I just wanted to clarify that one point.
Well, no. The information that was given to us to do the advertising was certainly initially communicated by Mr. Grimes verbally. The actual direction on the ads did come from Slack. We did have a reporting tool up at the time that allowed BeLeave to see how their ads were doing, and how things were going, but we don't have that anymore. That was shut down at the end. We provided a full report to them at the end of it to show exactly where everything went, and they were happy with what we provided.
So moving to a different country, we've got the Ripon tool that was developed. You've indicated to the U.K. committee that, “I want to be completely clear, the Ripon tool, the political customer relationship management tool, did have some of SCL's personality scoring in it, but we do not know the datasets they used in order to arrive at that.” And you've said similar things today.
You are under oath, so looking back at the tool that you created, the psychographic scoring as it were, and knowing what you know now about how SCL obtained information through Cambridge Analytica improperly through Facebook, is it your belief that that information did feed into that psychographic scoring?
With the information that has come out now, it looks as though they may have indeed used that Facebook information to come up with their scoring. I don't know that to be the case.
In terms of additional data, you've got the psychographic scoring, and you say that you know this number, but you don't know what it's based on. Then Mr. Vickery comes along and somehow stumbles into this hub database, and he's testified before us that it's pulled from a master dataset of.... He sees some RNC Trust information, some election list information, some information from the Koch brothers, and more. There are many data points for different individuals, including data points, such as that they lead a biblical life. However, you've indicated here that you don't keep data, that you destroy data, and that you don't share data across campaigns.
How do we reconcile this information that we have? Why is all of this information in a database from AIQ that is pulling it in from so many different sources?
It's not one database. The Git repository, though it does have its own database to keep track of what's there, is essentially a file storage location. When those databases were backed up, some of those back-ups were intentional. For example, they were supposed to back up the list of users of a website. However, with respect to backing up lists of people who had signed up to a website, those weren't supposed to be backed up.
Now we've put in place measures to make sure that doesn't happen again. When I was here, I described in detail how that happened and what we've done to change that, but we're going to make sure that doesn't happen again. We're still investigating how Mr. Vickery got access. I said before that I would report to the committee when we're done. I'm committed to doing that, as well, as soon as we're done with the report.
Let's take the example of leading a biblical lifestyle. Would you target potential voters based on that criterion?
Some of the information that's in that repository is not information we created, used, or did anything....
If a client had information on their server, and we backed up the code from that server, we may have pulled some of their information inadvertently. That's part of the problem with what happened originally.
With respect to that specific criterion, I have never run ads for anybody targeting “living a biblical lifestyle”, but I know that in the work SCL did, they certainly had a broad range of issues and all kinds of things they were providing to campaigns.
In retrospect, knowing what we know now, do you think you should have exercised more due diligence in taking information from SCL and simply converting it into advertising and targeting, and have been more aware and perhaps asked more questions about where the data came from?
We did ask questions about where it came from, but the information we got was that it was from public data sources, and there are tons of them in the United States. We were unaware they were obtaining information improperly at the time. I don't know that we could have asked more questions. It's difficult to look back retrospectively and say what I would have done at the time, were I to know what I know now, because we didn't.
With respect to everything that's transpired after having worked with SCL, would I do it again? I probably wouldn't, given that I've now been here twice. It's not that I mind, but I have been here twice, and there are all the investigations, media attention, people camping outside our houses, horrible messages sent to us, and all kinds of things. Do I want that? Would I wish that on my enemies? No.
What is data harvesting? It would be collecting data from sources, I suppose. It just depends on which context you're speaking of.
In your office, for example, you might have four phones, but no matter which one you dial from, the main office number is the one that comes up when you make the call. It's not the actual number you're calling from, but when people call, they get back to the office you called from, essentially.
That's what it is. When you make that outgoing call, it places a number that's different from the number that's calling on the call display, so that when someone sees the number and responds or calls back, it will go to the number that came on their call display. It's not the one the call originated from.
In a legal sense, if you didn't do the crime but you aided or abetted someone to do the crime, it means you can be found guilty too.
So if you program things that you know—or don't know, even, for that matter—are illegal and going to be used in an illegal manner, whether in the United States or the U.K., you're doing something illegal, and you are aiding and abetting a crime.
You just said that you did data harvesting in jurisdictions where it's not allowed, where it is illegal, so you have aided and abetted in a crime.
You know what? You're actually lucky. You know why? Because you stated very clearly to the U.K. people—and I'll repeat it—that “We are not subject to the jurisdiction of your office”. Why did you say that, again? Why did you write to her to say, “We are not subject to the jurisdiction of your office”?
Why did you think that she would not be aware that you were not subject to the jurisdiction of her office?
It was important that she knew that you were not subject, and you knew that, obviously, because you wrote it. Right?
Yes, so you knew that. So when you were busy writing your programs.... Because you've said—and I'll quote you directly now, Mr. Silvester—“We're not data harvesters”. And you're not. I know you're not. Right? You said that. That's your statement.
Of course, because that was a true statement. However, it was an obfuscation and a misleading statement. You are people who write code to do data harvesting, but you don't do it. You don't worry about that, though, because you know very well the jurisdictions in which you operate, and you've made it very clear to those people that you're not subject to their laws.
You'd better hope....
I'm not a lawyer, Mr. Silvester, and I don't know about how these jurisdictions work or don't work. You seem to know more than I do because you've made it very clear to them. What you've done is aided and abetted crimes in other jurisdictions, in other countries, and right now you may be benefiting from the fact that you live in Canada. You have done data spoofing. You've done data harvesting. You're aware of it. You've stated that you're not subject to the jurisdiction, and you have misled this committee time and again by obfuscating when they ask a direct question and you say things like, “We're not data harvesters”. No, you're not. You are people who help other people do data harvesting by writing their code.
Here's the thing. Data harvesting in the places where companies have used our software in order to help them gain insights into whatever they're collecting data for is not illegal. And with respect to the work that we did—
You haven't done data harvesting anywhere. What you've done is written programs for other people. You can continue with this mincing of your words, but what you've done is written programs for other people who have done it. You have not done it. I know that. You have aided and abetted in a crime.
I disagree.
You've said a couple of things. One was phone number spoofing. The tool that we created is a phone-from-home phone bank for campaigns to have their volunteers phone potential supporters during the campaign in order to ask questions.
I don't care what you've created and how you can explain it away. What you've done is put together programs to do things in other jurisdictions that are against the laws of those jurisdictions. Then you've stated very clearly that you don't care because you've stated it for everybody to know, to make sure, in case they didn't know, that you want to clarify that—and I'll repeat—“We are not subject to the jurisdiction of your office”.
I have to caution. If I'm doing work in the U.S., and the work I'm doing in the U.S. is entirely legal in the U.S., and then later I'm doing some work in the U.K., and the work I'm doing in the U.K. is entirely legal in the U.K.—
I'll repeat it again. You're “not subject to the jurisdiction”. Why did you make that statement about whether it's legal or not? You're not subject to their jurisdiction, so why do you make that statement?
And he's not here today.
The last time you were here, you stated, “We saw no evidence of any coordination between the two [campaigns in the U.K.]”, and yet we have the BeLeave hard drive folder. Your colleague, Zack Massingham, who is not here, is in this folder, along with the senior representatives of the Vote Leave staff. He would have seen that there was coordination because they were in the BeLeave folder. Were you aware that Mr. Massingham had that knowledge?
When you say he was aware that they were in the folder, what I think you're talking about is the permissions concerning who could access the folder.
When you click on a link, you don't get to see who has access to it. You just see the files that are there.
I don't know whether you've used tools such as Dropbox or anything like that before, but when you click a link, it opens up the folder and shows you the files that you as an individual have access to. That's all Mr. Massingham would have seen when he clicked on that link.
Was he never aware? Shahmir Sanni, who was the face of BeLeave, has come out as a whistle-blower and said that it was a front and that it was illegal. Mark Gettleson, who was one of the coordinators of Vote Leave, has come out and said that what they did was coordinated and illegal. Your colleague, who's not here, was in the same Google drive with the key people on Vote Leave, which would have suggested a coordination. He's talking about getting money. He's not here to answer that.
Given what you know now, would you say that if you knew what Mr. Massingham knew, you might have thought that what you were doing was illegal?
You've made a number of statements there that we've talked about already, concerning which I've described exactly how it happened.
Yes, it's just that the key people on the campaign have come out and said this was coordinated, and the coordination link is AggregateIQ, because you're the one placing the ads.
There's a pro forma constitution to set up a committee. That was in the Google drive. Were you aware of that as well?
You get 600K in the final 10 days. Mr. Massingham, who is not here to answer this, is talking about where to get the money from, and it's going to come from Vote Leave.
I don't want to keep circling around and around, because Mr. Massingham could probably give us a nice clear explanation, but don't you think the question of its being illegal became very obvious to many people—everyone, it seems, except AggregateIQ?
Then we go back to Mr. Wylie, who said that you laughed and said that yes, of course it was totally illegal.
You're protected by parliamentary privilege here, Mr. Silvester. Why don't you just tell us: given all you've seen, don't you think there's an obvious impression that this could have been illegal and that AggregateIQ could have been the connecting link?
With respect to parliamentary privilege, I also swore an oath and in my testimony the last time I was here I also behaved as if I had. I can only tell you the truth, and when we were working with BeLeave, we had no indication and saw no evidence that there was any coordination.
With respect to other information that has come out now, all of that information and more has been given to the Electoral Commission in the U.K.
When Facebook wrote to the U.K. committee, they said, contrary to your testimony:
Our investigations to date have found there was one data file custom audience, one website custom audience, and one lookalike audience that were used to select targeting criteria for potential ads during this period by both the Vote Leave and BeLeave pages
Don't you think, if Facebook says the same datasets were being used on both campaigns, that it goes back to AggregateIQ's having used them?
I described that particular issue earlier in detail to Mr. Erskine-Smith and in my opening statement. While they existed for a period of time, they were never used. I thought I explained that fully.
We are out of time for your portion, Mr. Angus, and we are actually at the end of the second round.
We have more time. I know that certain members don't have questions and I know that Mr. Saini and Mr. Picard do. I don't think we'll have the full five minutes per person, but two or three questions each should be sufficient.
Mr. Silvester, I want to pick up on my colleague's point.
You have admitted that you have created spoofing caller ID numbers, haven't you?
We created a tool with a program called Twilio, which allows you to register a phone number for a campaign, for example, or for a central office, so that when people call, that's what shows up. All of those people had to be registered with the campaign in order to do that.
For that particular program, there's a mobile app, and it's being used by one of our clients to provide it in turn to another client, but both are in the U.S.
I also understand that recently Facebook has suspended a number of your apps, after apparently banning you from the platform. Do you have any other apps running under the AIQ name on Facebook?
If we made something a long time ago and it happens to be running but we're not using it, I don't know, but any of the things that we've been actively working with in any way with Facebook have been stopped.
The final question is this. What is the Breitbart Orion project, or what was your role in the project?
We created this tool—our internal development name was Orion—and it was for SCL. SCL had sold it to one of their clients to use. It's a reporting tool for Facebook pages. They wanted to do a pitch to Breitbart, so they asked us to make a custom version for them to do that pitch to Breitbart. They did the pitch, but Breitbart didn't move ahead with that relationship, so that was the end of that.
I hope that when you referred to Mr. Saini's question saying that the app program for a U.S. client was for another U.S. client, both in the U.S., U.S. targets, I hope you weren't referring to the Johnny-Five app—
You were? You just said that the client's client was Ukrainian. Ukraine is a bit on the east side of the U.S., isn't it?
This client of ours in the U.S. has three clients using it. Two are in the U.S., and one is in the Ukraine.
Johnny-Five has sub-files related to Cruz, which seems to relate to Ted Cruz, who's a senator in Texas.
This app seems to serve a Ukrainian company. The app program that you put together, therefore, is used by a Ukrainian company, using a third party in the U.S. with code written in Canada and aimed at Texas, because we have a bunch of files where we have Texas residents sorted by ethnic origin, —even under your name, you have test queries with this project.
Do I understand that this Ukrainian company asked for an app to survey or monitor or work on data that is, in fact, Americans in Texas?
No. Each individual app is its own tool. We deployed it for our client, who by the way, is taking complete control over that in this next little while, but when they provide the app to their client, the client is limited to the information they get from their clients.
They ask their members to sign up or whatever it happens to be, and whatever information is provided by those individuals, only that particular organization, in this case the Osnova, has access to that. In the United States, you know the senatorial campaign or the gubernatorial campaign, they're the only ones who have access to theirs. The information is not shared between them.
No, but in the Johnny-Five files, there are sub-files linked to Cruz, suggesting that this data was working on Cruz-related data, Cruz being obviously Ted Cruz, the senator, and we do have files with Texas residents in the files we have.
My understanding is that, if it's not Ukrainian business, why the Ukrainian app, then, because it's the end product, sub-files that should be tested with Texas residents?
The information that you're seeing is our code to create each individual tool. Every time we create it for a client, we make a new instance of that somewhere else with no information in it already. It's just a blank version of the app. That would have been created three different times, completely blank each time, and then the client would use that information.
The information that we have in the repository, however, might in some way relate to each of the clients so that if they ask us again to make a change to their app, we can make that change for them but it would still reflect what they have in their app. None of the information—
Johnny-Five is what we called our development project. When it's deployed for the client, it's called something completely different, and when we make the version of the app for them, it's completely fresh and clean, and empty. It only has the one user, who is the administrator from the campaign, and that's completely independent of any other campaign.
What are the names of the programs or projects—I have Monarch, Ephemeral? There are so many cases in there. What are the names of projects or initiatives where the program applied to or was aimed at Canadians?
To Canadians? I believe we may have used Saga. Yes, we used Saga in Canada and we may have used Monarch as well.
We were working with a political campaign in British Columbia. As part of that campaign, we helped them make their website, and their website would ask people to sign up to volunteer. We used the Monarch tool to put that information into their own voter database. They used NationBuilder. It would just take the information and put it over there.
Other than that, we may have used it a couple more times in Canada in small campaigns, but we've not done a ton of work in Canada.
Chair, can we ask the witness and company to provide us with the detailed name of the program and project they used, which application, and Canadian data?
Just to be clear, you want a list of any of the programs we used in Canada, basically for Canadian clients?
Not just the names, but I would like the codes and the program itself, to see how it works and how it operates. We're going to put some people on that to see how it works. Obviously, since they don't control what the client does with the final data, someone has to know how they work to see whether it was used for a specific, well-explained—
Let's do it this way, which might be easier. If you agree to answer follow-up questions that we might have, in writing—
Mr. Jeff Silvester: Yes.
—that's great. Then we'll submit a specific question to you in writing on that front.
When I leave, I'll write a response to you that has all the detail that I believe you're asking for. If you want more than that, then you can let me know. That will probably—
Thank you, Mr. Chair.
I just have a few quick questions.
First of all, one of the items in the documents found in the repository was a cryptocurrency called a Midas token. The minimum buy-in for this cryptocurrency is $10,000. Who was this done for?
We have a client, who came to us in British Columbia, who wanted to create a token. We did the work for them. They haven't launched it yet, though.
Essentially, the idea is that they were trying to raise money for a project they were doing. Once the project gets up and going, people who contributed to the token then receive the benefits of that project. The company, or the organization, I should say, is working with their legal team to meet all of the British Columbia and federal security regulations. We haven't launched that yet.
No. From a company, no. I've bought some poutine for a friend and they paid me in cryptocurrency, but our company has not been paid in cryptocurrency.
Do you know of any transfers of any amounts of data by anyone within SCL, or anyone with whom you might have a relationship, who was paid in cryptocurrency, by you or others?
I'm not aware of anything that was paid for by cryptocurrency, with respect to us, or SCL, or any other company that we've worked with.
Okay.
On another line, you said that you had these lists that were provided to you by SCL. When you looked at those lists, did you see any patterns of demographic data, for instance racial patterns or any other patterns within those lists?
No. It was not evident to us. We don't always look at every entry in the lists we get. We get a sense of what's there. We'll look and see that they have given us some names, some of this, some of that, and what the columns are. When you get a list like that, if it's for advertising, mostly, it will just be their name, address, and email, or maybe even just a name and email.
There was absolutely nothing that ever made you think that perhaps these lists were targeting, for instance, African Americans?
Going back to Mr. Picard's question about Canadian clients, it seems that the model here is that SCL has multiple entities that will do work in other jurisdictions. You were doing work in the U.K. and the U.S. through Canada. Did you ever refer any Canadian clients to other SCL entities in other jurisdictions?
Are you aware of any other occasions, other than the Vote Leave and BeLeave, where a client paid for another client's service that you provided?
No, for us, aside from that, all of our bills have been paid for by the clients who we're doing the work for.
Mr. Silvester, you stated that the donations between Vote Leave and BeLeave and all that were legal.
You started doing work for Vote Leave. How does BeLeave know about you? It's not about how they got paid, because that's okay, that's allowable.
How did they know about you?
I don't know how they came to know about us specifically, but I do know how they contacted us at first and that was via email. I think I provided that to the committee.
It's fine how they contacted you by email.
My question for you is, how did they know about you, because at the time—
Well, I'm asking you. At the time, this was the sum total of your Facebook page. It says, “AggregateIQ, changing the way you work with your data”.
You're a small company in B.C. How does BeLeave know to contact you?
This is all that's on your database. This is your Facebook page.
I'll repeat it: “AggregateIQ, changing the way you work with your data”.
Not during the Brexit vote and not in the lead-up to the Brexit vote when the coordination may have taken place.
Those donations are legal; the coordination is not.
Mr. Massingham goes there and suddenly he knows about BeLeave, and you don't know how they know about you. We can assume it's not through your website and you did no marketing for them, but somehow they know, and you don't know. But Mr. Massingham now is in the United Kingdom and that makes him subject to their jurisdictions.
This coordination took place. You are the centrepiece of that coordination. Is that correct?
Mr. Massingham reached out to them there.
Who told you to coordinate? You said someone told you to get a hold of Veterans for Britain.
Who told you to do that?
To be fair, I don't know that this is exactly the case. As I said, I went through the email communication to try to find the answers to your questions, and I provided what I found.
You have a customer who shows up and spends £600,000, and you have no idea how they know about you, how they showed up—
I submit to you, Mr. Silvester, that you and Mr. Massingham specifically were coordinating this, and the fact that he did it when he was in the United Kingdom, irrespective of what you're saying about your not being subject to the jurisdictions of their offices and their laws, and you were coordinating with them in the United Kingdom, specifically Mr. Massingham, you were breaking their laws. When you were doing it in Canada you were, again, aiding and abetting in a crime. You helped by coordinating this effort, and that is illegal in the United Kingdom. You aided and abetted that crime. You happened to be sitting here in Canada, and that may or may not protect you. I don't know; I'm not a lawyer, but Mr. Massingham was in the U.K. when he was doing it. That makes him subject to their laws.
With respect to crimes, no, I don't believe any crimes have occurred in this regard. With respect to our aiding and abetting, no, we have not aided and abetted anyone to our knowledge, because it requires a knowledge of it. If someone else were doing some coordination through the campaign that we were unaware of, if Mr. Gettleson was sharing information, I don't know.
To your knowledge, you're not aiding and abetting. However, you knew very well the rules about donations. You knew about the court case. You told me about that. You knew about all of these laws. You knew enough to tell the commissioner that you're not subject to their jurisdiction. You have Mr. Massingham stating that “AggregateIQ works in full compliance within all legal and regulatory requirements in all jurisdictions where we operate.” Those are his words.
But clearly he was in the United Kingdom operating and not following their laws, and you were here operating and not following their laws.
There is a investigation now by the U.K. Electoral Commission into all of this. They are working through it. It's their job to determine if anything illegal happened. If they come out and say that something we did was wrong that we were unaware of, okay, but I don't believe that's the case.
So for you to say this is illegal, you're not a lawyer, you're not in the U.K., and you don't have all the information.... It's those types of assumptions that have been a real problem. There is a lot of miscommunication, but all I can do is tell you what I know. I know we didn't do anything wrong.
What you told me that you know is this: that you're not subject to their jurisdiction. That's what you told me, and that's what you put in writing. That's in fact what you didn't tell me. When I asked you the question the first time, you didn't answer me. I found that out when I went through the documents.
A Middle Eastern language. I'm just checking, because you have in your files close to 300,000 websites. What's the purpose of having that many websites in your files?
Well, I don't have time to list all 300,000 names. I think that domain is part of a number of domains that is more than one file. In one file there are close to 300,000 websites.
I would have to look into it, but I can definitely respond in writing when you follow up, because I don't know what you're talking about, but I'll certainly look into it.
Thank you, Mr. Silvester.
First, I want to impress upon you the disappointment of this committee at the failure of Mr. Massingham to attend. I encourage you to impress upon your colleague the significance of this, and that we are going to have a conversation as a committee about how to proceed, and we're going to discuss the potential of moving forward with a finding of contempt. I would encourage your colleague to attend before us, and to come forward with dates that he could make himself available.
You have clearly lawyered up, and frankly, the information you provided isn't adequate.
I just have one last question before we move in camera. Do you think that Ripon was used for multiple SCL clients? I know it was used for the Cruz campaign in the primary. Who else was it used for?
During the 2014 mid-terms there were a number of clients that it was used for. Bolton was one you brought up. I can get you the list. Off the top of my head, I don't have—
If you could get us the list to us, that would be very useful.
After you were involved with SCL, Ripon stayed in SCL's hands. Is that correct?
After the work we did, we did transfer the code to them. There is a version of the code that we last provided to them in our repository, but we have not used it. We did transfer the code to them after we were done, yes.
You suggested today that it's likely, based on the information we now know, that the improperly obtained Facebook information is what was backing up SCL's psychographic profiling in Ripon.
It was used by Cruz. It was used by Bolton, and thereafter it was in SCL's hands. We know that Bannon played a role. We know that Mercer played a role. Plausibly, it was used in the Trump campaign as well, but I know that is after your time and that you can't speak to it.
With that, I thank you, Mr. Silvester.
We will now move in camera.
[Proceedings continue in camera]
Publication Explorer
Publication Explorer