back to article UK watchdog finally gets search warrant for Cambridge Analytica's totally not empty offices

Cambridge Analytica’s London offices will finally be searched by the UK's Information Commissioner’s Office, following a marathon week of arguing inside and outside court. Woolwich Crown Court, sitting in the capital's Royal Courts of Justice for the occasion, granted the warrant after a five-hour hearing. The ICO, as the UK’s …

  1. DJV Silver badge

    Given the time it's take to get the warrant...

    ...bet they'll find little more than a pile of well used paper shredders...

    1. Stuart 22

      Re: Given the time it's take to get the warrant...

      ... as a diversion from the drive dump.

      I'm guessing the only way the ICO can pin this one is to go through CA's backup policy and see how reality matches up to what should be. And whether small discrepencies can underpin a court case [most likely not].

      If CA has the backing of GCHQ's best spooky hackers - no chance. One part of the corporate state defeating another. But perhaps they are more honest and respectful of individual liberty than we cynics assume.

      It's sit back and wait for a result time. But what will it be?

      1. Alan Brown Silver badge

        Re: Given the time it's take to get the warrant...

        "I'm guessing the only way the ICO can pin this one is to go through CA's backup policy"

        Why would the ICO _want_ to do that?

    2. Sgt_Oddball Silver badge

      Re: Given the time it's take to get the warrant...

      That's even if they ever brought the data onshore to the UK in the first place. Something like that could do with being kept on say an azure database hosted on Ireland (since MS is somewhat bullish over data sovereignty).

      It also doesn't mention of they're looking for evidence of work that was a result of analysis of the data... it all seems a tad suspect like everyone's trying to hide some bigger issue.

      1. This post has been deleted by its author

        1. Anonymous Coward
          Anonymous Coward

          Re: Given the time it's take to get the warrant...

          The seven day process to obtain a warrant and the requirement to tip off the subjects of that warrant in advance don't really provide a huge amount of reassurance that ICO has the ability to enforce the rules, do they?

          1. LucreLout Silver badge

            Re: Given the time it's take to get the warrant...

            The seven day process to obtain a warrant and the requirement to tip off the subjects of that warrant in advance don't really provide a huge amount of reassurance that ICO has the ability to enforce the rules, do they?

            Have you ever tried to get the ICO to take enforcement action against anyone, even where they have determined a breach of the Act has occurred and they can plainly see harm has resulted from it? It's all but impossible, unless you happen to be a media outlet.

            The biggest problem isn't the level of power they have, its their absolute stubborn refusal to use it unless cornered like a rat in a trap and nailed to the bloody floor. Seriously WAKE UP ICO!!

      2. Anonymous Coward
        Anonymous Coward

        Re: Given the time it's take to get the warrant...

        " Something like that could do with being kept on say an azure database hosted on Ireland (since MS is somewhat bullish over data sovereignty)."

        in the circumstances, and as long as they follow the processes properly, I'd guess their chances in an Irish court are probably fairly high ....

        1. Tom 7 Silver badge

          Re: their chances in an Irish court are probably fairly high

          that they will make at least one mistake at every court appearance that gets the case thrown out. A bit similar to May trying to not get Abu Hamza deported. Easily put down to incompetence but perhaps with an ulterior motive.

      3. Anonymous Coward
        Anonymous Coward

        Re: Given the time it's take to get the warrant...

        "Something like that could do with being kept on say an azure database hosted on Ireland (since MS is somewhat bullish over data sovereignty)."

        They could presumably force them to reveal the passwords using RIPA.

    3. Tromos
      Joke

      Re: Given the time it's take to get the warrant...

      ...more than enough to even take all the screws out from the door hinges so that no real damage is done when they get kicked down.

      1. Anonymous Coward
        Anonymous Coward

        Re: Given the time it's take to get the warrant...

        > more than enough to even take all the screws out from the door hinges so that no real damage is done when they get kicked down.

        I am actually going to do that next time I'm expecting a raid. :-)

    4. John Smith 19 Gold badge
      Black Helicopters

      The *only* kind of UK warrant you have to give 7 days notice to execute.

      Does anyone think this is an accident of poor legal drafting?

      1. Danny 2 Silver badge

        Re: The *only* kind of UK warrant you have to give 7 days notice to execute.

        It's definitely poor legal drafting, but I assume deliberately so. This case proves that the ICO shouldn't even require a warrant.

        1. Anonymous Coward
          Anonymous Coward

          Re: News of the World

          Any CIOs or executives/managers on the IT side from that organisation, with the experience gained from this kind of ICO / criminal investigation, would be worth their weight in gold to an organisation with something to hide. Not that I would trust them one micron in order to hire them - they'll either have been aware of all those goings on and turning a blind eye or even sanctioning the operation and therefore untrustworthy in the extreme, or they won't have been doing their job and therefore be of only limited value.

          I wonder what's happened to them all? Does anyone have a list?

        2. rmason Silver badge

          Re: The *only* kind of UK warrant you have to give 7 days notice to execute.

          They absolutely should always need a warrant.

          That's the only step in the process that stops bodies like this being used as weapons.

          It's the business equivalent of SWATing someone (US prank calls to the police that result in heavily armed fuzz putting your door through, usually after an online fallout with someone). People have been killed like this over falling out/name calling while gaming online.

          Same thing here. With no requirement for a warrant they'd get 100s of "tips" per day , about various businesses, made by a competitor.

    5. Anonymous Coward
      Anonymous Coward

      Re: Given the time it's take to get the warrant...

      And some new, very shiny and oddly magnetic cup coasters.

      If CA had *any* sense, the instant the mention of "warrant" appeared then every HD was securely wiped / trashed.

      Pointless exercise now. Any actual evidence is long gone.

    6. BillG Silver badge
      FAIL

      You Can't Delete Data

      Facebook, the court was told by barristers Christopher Coltart QC and Philip Coppel QC on behalf of CA, demanded that the slurped data be deleted...

      This always pisses me off when I read it. Everyone knows you can't delete data and it is naive to assume otherwise. Any company with such a lack of ethics that they would slurp private data in the first place is going to have a backup hidden somewhere.

      The only way to guarantee this doesn't happen again is criminal penalties for upper management. It's the only way.

      1. Anonymous Coward
        Anonymous Coward

        Re: You Can't Delete Data

        If they are made to delete all their copies of the data and later it reappears then they have gone against the court.

        So deleting is removing the company's right to hold/use/sell the data, something that I would suggest most people would agree was a minimum requirement.

        1. ThatOne Bronze badge
          Devil

          Re: You Can't Delete Data

          > If they are made to delete all their copies of the data and later it reappears then they have gone against the court.

          But the data itself doesn't appear anywhere, it's just used, and it will be very hard to prove any future mailings/whatever some future incarnation of CA sends out might be based on that dataset - given nobody knows for sure what it contains.

          I'm not even sure they actually have to hide the database. One can expect to find databases in a company like that, so all they have to do is to change the label form "Facebook data" to "Current subscribers" or some such, and that's it: "Why, this is a completely different database. The one you're looking for has been deleted, and if you pretend otherwise we'll sue you for slander"...

    7. Anonymous Coward
      Anonymous Coward

      Re: Given the time it's take to get the warrant...

      AND WE THINK WE HAVE NO CORRUPTION IN THE UK

      1. Jimmy2Cows

        Re: Given the time it's take to get the warrant...

        AND WE THINK WE HAVE NO CORRUPTION IN THE UK

        Says who? I seriously doubt anyone believes that statement.

    8. MudFever

      Re: Given the time it's take to get the warrant...

      > ...bet they'll find little more than a pile of well used paper shredders...

      .. and a note stating "Anderson Consulting woz 'ere"

    9. PickledAardvark

      Re: Given the time it's take to get the warrant...

      Having used a small office paper shredder last week to delete accumulated financial statements, I wouldn't try to shred many documents in-house. It didn't work well for the STASI in 1990 either. You have to use an industrial shredder* which makes it interesting to consider why CA allegedly removed boxes of material...

      * I once watched a DEC RL02 disk pack being fed into a shredder.

    10. Michael Strorm

      Re: Given the time it's take to get the warrant...

      @DJV; "a pile of well used paper shredders"

      I would *not* rely on a paper shredder alone- not even a cross-cut one- to protect me in a case as serious as this.

      I'm pretty certain there must be software out there able to take arbitrary amounts of scanned pieces, figure out which bits are most likely to join together- using multiple heuristics- then reassemble most of the "destroyed" documents.

      If you can scatter them far and wide enough before anyone is likely to get their hands on them, this might not be workable, but you have to get away with *that* as well.

      1. TRT Silver badge

        Re: ... would *not* rely on a paper shredder alone

        Building's combined heat, power, energy, ventilation and security system should take care of that.

  2. Kaltern Silver badge

    I'm sure they'll find a nice laptop, ready with a friendly login screen.

    'To search our database, please create a free FaceBook account. It'll only take a minute!'

  3. Anonymous Coward
    Anonymous Coward

    Please tell me those "ICO. enforcement" jackets are available online as fancy dress so I can go to a party as a waterproof teabag.

    1. The Mole

      My assumption is that they are special order and took a while to be made - hence the delay in processing the search order (they all looked brand new after-all).

      1. TRT Silver badge

        Special order hi-vis...

        "CA tour, 2018" emblazoned across the back like it's some sort of hen do...

        1. Teiwaz Silver badge

          Re: Special order hi-vis...

          "CA tour, 2018" emblazoned across the back like it's some sort of hen do...

          What does a hen do?

          Sorry, drunk....Pull my finger...

      2. Teiwaz Silver badge

        'I searched CA Offices and all I got was this lousy ICO jacket'

  4. VinceH Silver badge

    "They suggested that the application for the warrant was flawed because, among other things, CA had offered to allow the ICO access to its offices, subject to agreeing the terms and scope of access with the regulator."

    Where the "terms and scope of access" presumably included not being able to look in places CA didn't want them to.

    1. Flocke Kroes Silver badge

      In hindsight

      First get the warrant quietly. Negotiate partial access then bring out the warrant an search every else first.

  5. The Nazz Silver badge

    Why? And what's all the fuss about?

    OK i'm a thicko but my understanding so far is that CA dubiously acquired , ok nicked (NO not nicked, took an unauthorised copy of) some of Facebooks data on users and , ye gads, horror of horrors, used it for political purposes.

    So what? It's not as though Facebooks data is gathered entirely ethically or lawfully in the first place. What is the ICO doing about that aspect?

    On a smaller scale, a local organisation ( well, a handful of people) have gathered data about myself and, using it for political purposes, regularly post their shite through my letterbox.

    Ok, they may call it a Liberal Democrat newsletter but it's still shite. Tbf, the Tories don't even bother, no point, at all.

    Haven't the ICO and indeed Courts got better things to do?

    1. Roland6 Silver badge

      Re: Why? And what's all the fuss about?

      >So what?

      Perhaps with all the accusations that have been flying around, this was the first one that had sufficient evidence (and high profile enough) to enable the ICO to have real grounds to go all the way in getting a warrant...

      1. Danny 14 Silver badge

        Re: Why? And what's all the fuss about?

        so what dear chap?

        Thats just not cricket! If you want to get that sort of skullduggery done you need to grease an mp or two!

    2. Jack of Shadows Silver badge

      Re: Why? And what's all the fuss about?

      @The Nazz

      I've always loved the creation, care and feeding of databases; they fit right into my bent on doing the same with models. They are the model once you create your rules sets. From everything I've read, and I've been reading rather a lot, the creation of this dataset was done using Facebook's graph database and Facebook's API's. It's a bit rich for Facebook to come back and say that this was wrong. I'd put Mr. Z up against the wall especially for his comments and non-apologies.

      And the worst part? Way too many people, including nation-state actors, have extracted similar datasets. Apparent acts in accordance power-conflict theory, thanks Marx, as applied to IT. Looks like we need an ethics course for all of IT, and related professional fields. Not that they seem to work as applied to lawyers or journalists.

      As to the ICO, they were either complicit or willfully blind. This was all known about for years. Were they interested at what was harvested and held, they could have applied for an API key and had someone with an inkling about databases see what they could turn up. I've been able to do this, with a total lack of documentation on mainframes since I began working with computers. Way back when ISAM was king which is saying something. One tool, comes with every OS I've run into, pointed at the database itself. I guess they need to bring some database/data-scientist types with a clue.

    3. Flocke Kroes Silver badge

      Re: Why? And what's all the fuss about?

      To the best of my knowledge, the Liberal Democrats did not send out a fake Labour manifesto promising to solve the housing crisis by nationalising property and billeting homeless foreigners on anyone who can't afford the legal fees to prevent it. They did not distribute a fake conservative election promise to disband the Serious Fraud Office so business could proceed without hindrance. They did not even publish an article in the local newspaper saying that the reason for all the potholes was that 97% of council tax goes to Europe [but someone actually did and I met people who believed it].

      CA/Aggregate IQ claimed to have received a clean bill of health from the electoral commission. The real conversation when something like UKEC: "Have you done anything naughty?" Aggregate IQ: "We do not have to answer your questions, we are Canadian."

      CA made an effort not to be noticed. They made an effort to present their activities as either legal or beyond UK jurisdiction. Their most obvious cock-up involves possibly illegal use of Facebook data. I have a small preference for laws more specific to what CA have actually done. I have a much larger preference for teaching critical thinking in schools. Both have unpleasant consequences for current politicians, so I will just have to make do with the laws we have being enforced to the full (tiny) extent of the ICO's powers.

  6. Jim Mitchell
    Thumb Up

    "One of those is the question of whether or not the court is satisfied that the evidence which is the subject of the application is in fact on the premises in question.”

    So to get the warrant, you've convinced the court the evidence is there. When you execute said warrant, and the evidence is not found, by definition, in the court's eyes they must be guilty of destruction of said evidence. This seems pretty smart to me! The ICO either has the evidence or an easy conviction... (this is how it all works, right?)

    1. Roland6 Silver badge

      So to get the warrant, you've convinced the court the evidence is there.

      Well CA's "top barristers" pretty much confirmed they had someting to hide:

      CA had offered to allow the ICO access to its offices, subject to agreeing the terms and scope of access with the regulator.

  7. Omarosa
    Pint

    UK watchdog finally gets search warrant

    Wonder what the ICO expected to find after Cambridge Analytica was warned of the search well in advance? There must not have been any sober judges in existence in the U.K. to sign the search warrant when it mattered most. Pitiful.

    1. d3vy Silver badge

      Re: UK watchdog finally gets search warrant

      My understanding from the article is that for the type of warrant being issued they need to be given seven days advanced notification of the warrant. Nothing to do with judges or the ICO - its just the law*

      *Whether or not that makes sense is another matter - Im sure that there's a good reason for it.

      1. BebopWeBop Silver badge

        Re: UK watchdog finally gets search warrant

        *Whether or not that makes sense is another matter - Im sure that there's a good reason for it.

        Of course - it allow them to hide their tracks

        1. Anonymous Coward
          Anonymous Coward

          Re: UK watchdog finally gets search warrant

          Yes, that certainly seems like the kind of language that gets added to a law after envelopes of cash have been passed around by Corporations that want a heads up in case they'll be investigated.

  8. Anonymous Coward
    Anonymous Coward

    They might also want to check "Netvibes"...

    found that app installed in my FB apps list.. and they had default access to all my profile and social network =( I dont even know how it got there in the first place and when!! Also they dont even have a way to remove your data..

    Anonymous, because you never know.

  9. Anonymous Coward
    Anonymous Coward

    Must be lots of judges and politicians with new Ukrainian girlfriends...

    Utterly pathetic as it was designed to be entirely a useless watchdog paying lip service to its job. Just like Ofwat, Ofgem, and plenty of others. Its only purpose is to keep the 'little people' happy for the few seconds they actually bother wondering why they've been ripped off yet again by the neoliberal establishment. After the right wing press have been wheeled out to prove to them 'somethings being done about it by the regulator' they can return to their diet of immigrant hating, footie and tits.

    Welcome to feudal Britain.

  10. Fruit and Nutcase Silver badge
    Coat

    BOFH

    ROFL

  11. Fruit and Nutcase Silver badge

    Elvis has left the building

    Information Commissioner Elizabeth Denham's Posse have left CA London office;

    "The seven-hour search finished in the early hours of Saturday"

    http://www.bbc.co.uk/news/uk-43522775

    1. Anonymous Coward
      Anonymous Coward

      Re: Elvis has left the building

      Looking at that article the only word that springs to mind is "circus".

      Have we really seen so much fake news that we now accept this bullshit? That's what it is and to call it any other name is insulting to bulls.

      How does it take seven hours to realise that there is no data on the premises and never was?

      Here's the logic. You are running queries against a data set of potentially 50 million users, what server do you need for that and how much disk space is required? Do we believe they could fit it in an office in London? Lets not be stupid, it's in a cloud instance somewhere or at a proper data centre. Maybe they didn't need to collect all the data and had a deal with Facebook where they could target people directly through Facebook while paying for the privilege. That makes much more sense.

      1. Ken Hagan Gold badge

        Re: Elvis has left the building

        "You are running queries against a data set of potentially 50 million users, what server do you need for that and how much disk space is required? "

        You are Austin Powers and I claim my (old money) five pounds

        50 million records and the power to search them sounds like it would run on a web page on my phone.

      2. Anonymous Coward
        Anonymous Coward

        Re: Elvis has left the building

        Have you actually read anything about this case? As above, 50,000,000 datasets is peanuts in term of today’s computing power. Even if it is in “the cloud”, what do you think “the cloud” is? Could it possibly be a data centre in... London?

      3. VinceH Silver badge

        Re: Elvis has left the building

        "Here's the logic. You are running queries against a data set of potentially 50 million users, what server do you need for that and how much disk space is required? Do we believe they could fit it in an office in London? Lets not be stupid, it's in a cloud instance somewhere or at a proper data centre."

        The actual data in question isn't the only thing that would count as evidence. There would also have been documentation related to it, whether that's in paper form (all the way down to post-it notes that could have something incriminating written on them), electronic form (emails, text messages), invoices and receipts, entries in accounting records, and so on. It's important to find as much of this as possible - even if each element on its own doesn't look like much - then put the jigsaw together.

        The actual data itself would be a massive bonus. The chances of that still being there is slim to none - the chances of there being any of the above is also slim, but greater than the data in question. (The more disparate the pieces of the jigsaw, the harder it is to hide it all away/dispose of it).

      4. John Brown (no body) Silver badge

        Re: Elvis has left the building

        "Here's the logic. You are running queries against a data set of potentially 50 million users, what server do you need for that and how much disk space is required? Do we believe they could fit it in an office in London?"

        I did a repair on a server grade desktop box a few years ago at a university. The user was running queries for research on a local copy of the entire NHS patient database, over 60 million records. No network connection due to data sensitivity. The HDD looked exactly the same physical dimensions as any other 3.5" HDD. Weird that it all managed to fit in there eh?

        1. Anonymous Coward
          Anonymous Coward

          Re: Elvis has left the building

          Ok folks, thanks for the corrections. I'm still unsure how they did it though, you can only put just under two million records in excel so that's like 25 worksheets.

          1. smudge Silver badge

            Re: Elvis has left the building

            Please tell me that's an attempt at humour!

            1. Anonymous Coward
              Anonymous Coward

              Re: Elvis has left the building

              @smudge

              Yes, yes it was, of course I know they would use access instead.

          2. Steve Todd

            Re: Elvis has left the building

            >you can only put just under two million records in excel so that's like 25 worksheets.

            Erm, Microsoft make more than one program that can handle sets of data. Access for example lets you have databases up to 2GB in size, or SQL Server, depending on the version chosen, can handle terabytes at a time.

            That’s just if you stick with MS. There are plenty of other database systems out there which can handle databases way larger than a puny 50 million records.

            1. Jack of Shadows Silver badge

              Re: Elvis has left the building

              It'd be one of the NoSQL graph databases. Several examples, even one from GCHQ, are F/OSS. It's not rocket science as applied by Wall Street firms. As to hardware, that really depends on how much wait time your willing to accept with your queries.

          3. Anonymous Coward
            Anonymous Coward

            Re: Elvis has left the building

            For the two millionth time, Excel Is Not A Database…!

      5. Roland6 Silver badge

        Re: Elvis has left the building

        >Looking at that article the only word that springs to mind is "circus".

        Yes, it does seem to have been a bit of a circus, but look at what the ICO have achieved:

        1. They have shown the powers given to the ICO by the Westminster politicians are laughable, further showing the lie to the government's commitments to data protection etc.

        2. Given notice to others, if the ICO want to take a look at your organisation, no is not an acceptable answer.

        3. Given their investigative team a chance to use their skills and tools in a real-world trial.

        As yet we don't know if CA are another Enron et al., where the company never expected to have its offices raided and so overlooked their incriminating data archival and destruction practices...

        >How does it take seven hours to realise that there is no data on the premises and never was?

        I'm actually a little surprised the search only took 7 hours (8pm to 3am) on a friday night. Given how CA behaved, I would have expected the ICO to have taken at least a few weeks to complete their search...

        Also the ICO were probably between a rock and a hard place. As having got the court to issue the warrant, they had to be seen to exercise it, or their failure to do so might come back to haunt them...

        1. Danny 14 Silver badge

          Re: Elvis has left the building

          we have a 2 year browsing history for 1400 people. The dataset is about 1.2Tb. The sql server it sits on has a measly 4 cores and 64Gb RAM allocated to the VM. The actual physical server is a pair of R610s with dual quad cores and 192Gb ram connected to an MD3220i raid10 array using quad 1gb mpio. The same sql server also has a print manager dataset with about 400Gb and WSUS database plus sophos database giving another 300Gb or so. Response time is more than adequate.

          the whole shebang is 6U high if you count the UPS and switch.

          1. ravenviz Silver badge

            Re: Elvis has left the building

            Or 2^4 times larger than all of those values...

      6. Fruit and Nutcase Silver badge
        Go

        Re: Elvis has left the building

        @AC

        Looking at that article the only word that springs to mind is "circus".

        Cambridge Analytica are at 55 New Oxford St. A few streets away is... Cambridge Circus

        1. TRT Silver badge

          Re: Elvis has left the building

          Ooh! I took a picture of that some years ago. 55 New Oxford Street.

    2. sanmigueelbeer Silver badge

      Re: Elvis has left the building

      "The seven-hour search finished in the early hours of Saturday"

      ... and failed to find any evidences of any wrongdoings.

      1. Anonymous Coward
        Anonymous Coward

        Re: Elvis has left the building

        “The seven-hour search finished in the early hours of Saturday”

        Ah so they’re using Oracle them.

  12. Danny 2 Silver badge

    A ruse by any other name smells like a cheat

    The sheer number of shell company names suggest planned malfeasance, especially Aleksandr Kogan's 'cloak and data' pseudonym Aleksandr Spectre.

    An innocent company wouldn't have paid those huge legal fees to buy time, and whatever skeletons were in those crates hastily removed on Monday, shamelessly under the journalists noses, will be disappeared by now.

    The delay in getting a warrant hints at corruption or complicity within the British establishment and highlights that the ICO should no longer be required to obtain a warrant.

    Facebook's complicity is shown by its legal threats against The Observer before publication, but it's lack of legal action against Cambridge Analytica for reputational damage after losing many billions of dollars.

    1. Alan Brown Silver badge

      Re: A ruse by any other name smells like a cheat

      "crates hastily removed on Monday, shamelessly under the journalists noses"

      Journalists who apparently didn't think to follow them.

      "highlights that the ICO should no longer be required to obtain a warrant."

      Do you honestly think that the reason the ICO is like this isn't by design?

      1. John Brown (no body) Silver badge

        Re: A ruse by any other name smells like a cheat

        "Do you honestly think that the reason the ICO is like this isn't by design?"

        Considering that FAST, an industry group seem to be able to do unannounced raids with Police assistance + warrants on no notice, it does seem a little odd.

    2. Jimmy2Cows

      @Danny 2 : ...the ICO should no longer be required to obtain a warrant

      The issue wasn't the need to obtain a warrant.

      The issue is the legal requirement to give 7 days notice to the other party.

      As previous comments have noted, the ICO should always be required to obtain a warrant. Same for any other body wanting to search premises or equipment. It's the only thing that prevents these bodies being used as a blunt instrument to squash competitors.

      The laughable bit is the legally required 7 day notice period to. That's the part that shouldn't be required.

  13. Anonymous Coward
    Anonymous Coward

    Anton Piller RIP?

    Once upon a time, in cases where there was reason to believe an offence (or offences) had been committed and there was a real risk of evidence being destroyed in the time before a search warrant could be executed, the authorities could apply for what was commonly called an "Anton Piller order".

    Whatever happened to that concept? Gone? Not applicable? Inconveniently career limiting for any "lawyers for hire; no win no fee" involved in not properly protecting the corporate guilty?

  14. Snorlax Silver badge
    Black Helicopters

    Good Luck Finding Anything...

    Channel 4 reported during the week that they had seen Facebook 'security consultants' in the building...

    I'll be very surprised if anything of evidential value is left.

  15. Harry Stottle

    Relatively simple fix...

    This is a relatively simple example of another problem which can be fixed by the solution to Accountability Theatre.

    Had the solution been in place for this instance, every data item or collection they'd ever received, together with all correspondence and recorded conversations about the project (including, for example, the internal emails from their Academic Colleaugues at Cambridge, protesting at the "get rich quick" scheme) would have been hashed on receipt or creation and those hashes committed to an immutable audit trail. Mandatory access controls would have ensured that no data could be processed (or, in appropriate cases even accessed) without confirmation that its hash was duly recorded, along with identity and proof of access.

    This process would render doubts and discussion about the length of time it takes to get warrants utterly irrelevant as the audit trail would either confirm the completeness of material - or reveal which items were missing or tampered with. As I say, (Relatively) Simples.

    Solving the larger problem of Facebook (et al) leeching private data from their victims is not quite so simple, by virtue of scale. But the ability to prove, indisputably, who has agreed to, or authorised or implemented or paid for (whatever) would go a long way to forcing transparency into their murky world.

  16. DCFusor Silver badge

    Funny

    How many people here are saying '"give government agencies even easier access to warrants and snooping".

    Is this the same crowd that complains about that the rest of the time? Are you being played over this?

    We know that despite shenanigans, they had little if any effect.

    But you want to arm the government with even more power over you?

    That can backfire, you know. The progressives in the US and a lazy congress handed the office of president all these extra executive powers - fine as long as it was their guy promoting the corrupt status quo, but look at 'em spin now! They are afraid (perhaps rightly, too soon to judge) that these powers will be used as corruptly against them now as they used them against us before.

    Shortsighted much?

    1. Anonymous Coward
      Anonymous Coward

      Re: Funny

      The whole thing shows the pointlessness of the Snoopers Charter; anyone who wants to hide will, the sort of legislation proposed will catch some people of course, but the type of threat we're being told it's aimed at ...

      In this case, one of the Cambridge Analytic (nearly put CA, apologies to Computer Associates) "gentlemen" was on camera talking about using ProtonMail - I wonder if Amber Rudd, or her immediate predecessor, would care to go on TV and explain exactly how the Snoopers Charter would have enabled the government to take action against Cambridge Analytica the moment it became clear information obtained by irregular means was being used by a political campaign with no accountability?

    2. Anonymous Coward
      Anonymous Coward

      Re: Funny

      Are you sure it was the progressives in the US that gave extra powers to the presidency? I think you'll find that a lot of that happened after 911 which was under W, who was considered one of the worst Presidents until Trump, unless you consider W a progressive. I do agree with you that giving governments more search and seizure rights can be short sighted. Although, the way this has played out seems odd, at the least.

    3. Anonymous Coward
      Anonymous Coward

      Re: Funny

      "But you want to arm the government with even more power over you?"

      Not over me. Or any other individual, but corporations and that changes the game totally.

      I really wish I had the privilege of a court order and 7-day warning period of any search in my house as currently any police (literally) can write a warrant outside my house to himself and use that to break in, without any previous warning. Whole process takes 2 minutes.

      Why any corporation is having that kind of protection when none of the individuals do?

      Remove those and drop the corporations to the same level as individuals. It's obvious that those restrictions are there just to protect good buddies, who paid for that to legislator.

  17. adam payne Silver badge

    Cambridge Analytica (CA) sent two QCs – top barristers – to argue against the ICO’s application. They suggested that the application for the warrant was flawed because, among other things, CA had offered to allow the ICO access to its offices, subject to agreeing the terms and scope of access with the regulator.

    Presumably the scope the ICO wanted was full access and CA didn't want to give it.

    1. TRT Silver badge

      TBH, the appeals are all for show. CA knew, from an analysis of MPs, ICO staffers and other persons of interest's social media accounts that there was an 87% chance of an ICO raid in the first 3 months of 2018, and they've hidden the evidence long ago.

  18. Anonymous Coward
    Anonymous Coward

    "user data was harvested through a Facebook app, named in court as This Is Your Digital Life"

    Interesting! I remember coming across that application not long ago (perhaps a month or two). Sadly I would have been unable to check it out, had I been so inclined, because of the privacy settings of my Facebook profile, which consist of not having a Facebook profile in the first place (and not ever having had one, cause it seemed like a dodgy idea from day zero).

  19. Anonymous Coward
    Anonymous Coward

    Ex parte orders

    Not being familiar with the legislation around ICO, I would have thought that the initial warrant would have been given ex parte so they move into to seize the assets. Then, the respondent would then be able to go court to determine whether the ICO were able to continue with the seizure, or if the ICO had to return the assets unsearched.

    However, destroying all the data is problematic, since that could be construed as a contempt.

    In the end, I suspect that Cambridge Analytica's defence will be simple: they did not break the law at the time of their actions and therefore should not be prosecuted.

  20. SVV Silver badge

    Coming soon to a TV channel near you....

    Data Enforcers UK. A variant on the Bodycam Cops and Crime Vanquishers type of series that clog the airwaves showing dramatic scenes of vans full of police officers turning up to search houses of small time soft drug dealers in which a team move in rapidly to arrest these menacing scumbags.

    Thrill as they turn up as expected armed with court documents authorisaing a search relating to the possible manipulation of democracy in the most powerful nation on Earth, bearing terrifying threats like "you must let us in in 7 days to look at your computers to check that you've not been breaking the data protection rules and therefore become liable for a fine"........

  21. Ian Johnston Silver badge

    I have a fiver which says that a Cambridge Analytica contract with the Conservative Party will eventually be brought to light.

    1. anonymous boring coward Silver badge

      I have a fiver that says that CA has worked for the Tories, but it will never come to light officially.

    2. Craigie Bronze badge

      'I have a fiver which says that a Cambridge Analytica contract with the Conservative Party will eventually be brought to light.'

      We can only hope it happens before March 2019.

      1. Jellied Eel Silver badge

        There's something worse potentially waiting in the wings

        HMRC and a tax audit. One comment that struck me from the C4 clips was the Cambridge Analytica execs offering to run everything through an SPV/shell company. Depending on who their clients were, that could raise tax problems, along with possible money laundering/election spending. Hopefully that won't result in any Sarkozy moments.

  22. Mage Silver badge

    require those on the receiving end be given seven days of notice

    BONKERS.

    Obviously designed to protect "friends" of the Government?

    It should be secret with NO notice.

    Then normal appeals etc should apply if there was any charges.

    Does it apply to suspected Child Pron, or Terrorism, or other suspected illegal computer contents?

  23. Fruit and Nutcase Silver badge
    Coat

    ICO

    Information Commissioner's Office Inspector Clouseau's Office

    icon - "ico" branded jacket

    1. Anonymous Coward
      Anonymous Coward

      Re: ICO

      "Does your (watch) doge bite?"

  24. FuzzyWuzzys Silver badge
    Happy

    An ill-wind for Computer Associates?

    Computer Associates rebranded as CA many years ago, now all those searches will lead to CA the software company, every cloud.

  25. Anonymous Coward
    Anonymous Coward

    Are you guys ready yet?

    Whirrrrrrrrrrrr NO! whiiiirrrrrrrrr

  26. Michael Habel Silver badge

    Users explicit consent?

    Ain't nobody time for that!

    What, when you can just pay a smallish wad to choke a Ravenous Bugblater Beast of Traal with, to the Zuckkster, and let him then pass along his Golden Key to you little Organization, to make what use of as they can.

    I mean what the **** did you ruddey well think was gonna happen with this Data anyway? I'm actually still quite gobsmacked that the left, and their MSM cronies still haven't quite worked out the connection between Cambridge Analytica, and the Kremlin yet.

  27. Potemkine! Silver badge

    "Open that door! Not now but in seven days!"

    "warrants issued under Blighty's Data Protection Act must by law, in most circumstances, require those on the receiving end be given seven days of notice of the intended swoop in writing, and be given a chance to argue against the warrant if they so wish."

    What's the point of such a law if not giving corporations all the time they need to clean the mess?

  28. anonymous boring coward Silver badge

    In any event, unlike virtually all other search warrants, warrants issued under Blighty's Data Protection Act must by law, in most circumstances, require those on the receiving end be given seven days of notice of the intended swoop in writing, and be given a chance to argue against the warrant if they so wish.

    Brilliant! Only in the UK...

    One also wonders what they could achieve in 7 hours on the premises?

    Unless they took hardware with them for forensic analysis off-site?

    They really are looking for evidence that the data was recently wiped. Not the actual data.

  29. Craigie Bronze badge

    I used to be an optimist

    But it does look from this that power has been exerted to ensure certain information is not uncovered...a very bad sign.

  30. Anonymous Coward
    Anonymous Coward

    Facebook Analytica

    The wheels fell off a few years before my prediction.

    Still, carry on!

  31. Anonymous Coward
    Anonymous Coward

    the regulator had been attempting to negotiate access

    it's not like they have nothing to hide, so nothing to fear, right?

  32. Anonymous Coward
    Anonymous Coward

    GSR was dissolved late last year

    it's not like those cold-calling scumbags that file for bankruptcy, when the ground becomes hot under their feet. Move on, citizens, there's absolutely NOTHING to see, pure coincidence, companies are born and die every minute, move on, NOTHING to see, move on...

    p.s. I'm sure our government would not be, in any way, involved, by means of personal links (oops!) and backhand deals, eh? NOTHING to see, move on, MOVE ON!!!!

  33. unwarranted triumphalism Bronze badge

    Lots of allegations...

    Nothing proven.

    1. Anonymous Coward
      Anonymous Coward

      Re: Lots of allegations...

      Must be the Russians then.

      As we say in Britain, "Guilty unless proven innocent".

  34. Anonymous Coward
    Anonymous Coward

    Well, as long as justice is seen to be done...

    /Sarcasm off.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019