Good morning. My name is Zack Massingham, and I'm the co-founder and Chief Executive Officer of AggregateIQ.
I would like to thank you for inviting us to join you here today to provide information to support your study and to answer your questions. I'd like to start by sharing some information about our company.
My idea for AggregateIQ started in 2011 while working for a campaign. I saw that there were a number of inefficient things that campaigns were doing, and learnings weren't being applied from one campaign through to the next. They were using paper to keep track of what they were doing.
I created AggregateIQ to provide IT services to help them use technology to campaign better. I purchased the AggregateIQ.com domain name in April 2011 and use AggregateIQ as a trade name for my consulting work. In 2013 Jeff Silvester and I decided to formally work together. We incorporated AggregatelQ Data Services Ltd. in November 2013, and today we just go by AggregateIQ or AIQ.
Given some of the testimony you have heard, some of which has been reported in the media, we thought it would be important to clarify a few things. We are not, nor have we ever been, a department or subsidiary of SCL or Cambridge Analytica. We are, and have always been, 100% Canadian owned and operated.
There were two people responsible for founding the company, and those same two people are responsible for the operations of that company: Jeff Silvester and me. All of the work we do for our clients is kept separate from every other client. The only personal information we use in our work is that which is provided to us by our clients for specific purposes. In doing so, we do our very best to comply with all applicable privacy laws in each jurisdiction where we work.
We have never managed, had access to, or used any Facebook data allegedly improperly obtained by Cambridge Analytica or by anyone else.
We are an online advertising website and software development company from Victoria, British Columbia. With determination, a lot of hard work, and the help of our amazing team, we've had the opportunity to work on projects around the world, but we remain a small Canadian company.
Good morning. My name is Jeff Silvester, and I'm the Chief Operating Officer and the other co-founder of AggregateIQ.
I'd like to tell you a little bit more about what we do, but before that, I'd like to tell you what we do not do. We are not a big data company. We are not a data analytics company. We do not harvest, or otherwise illegally obtain, data. We never share information from one client to another, and we are not a practitioner of the so-called digital dark arts. As Zack said, we do online advertising, make websites, and software for our clients.
Let me explain that a little bit.
During an election, politicians from all parties go out into their communities. They put up signs on busy street corners and on supporters' lawns. They do burma-shaves on the side of the road, waving at passing cars. There are coffee parties, town halls, debates, and countless conversations in doorways, on the phone, as you try to share your vision, and your ideas for making your community and our country a better place.
All of this, of course, while listening to your constituents and talking about what they care about most. What we do is no different, it's just online.
When we place a Facebook ad for a client, it's a lot like a burma-shave when you stand on the side of the road waving. You might measure the success of waving at passing cars by the number of folks who honk, and wave back with a smile, versus the number of those who might honk, and use a slightly less appropriate wave.
You might have an idea as to the number of cars that went by, and how many were positive or negative, but you don't know who those people were, and it's the same with an online ad.
You can choose to show your ad in a particular geography, or to a general demographic, but you only get back how many times it was shown, or how many people clicked on it. You don't know who those people were, and you don't have access to their personal information.
Our employees are software developers and online advertising specialists. The software we make is the same as the tools that each of the parties represented here use on their campaigns. There's software for helping go door-to-door, software for making phone calls, and software to send emails to remind people to vote. We also have reporting software to help show campaigns how they're doing along the way.
These tools help candidates and elected officials connect with more people than they've ever been able to before. Now, instead of a quick handshake at a town hall meeting, constituents can have a meaningful dialogue with the people who represent them, whether they're at home, in Ottawa, or anywhere around the world.
Having said that, while we do our best, we don't always get everything right.
On Sunday, March 25, we were alerted by the media to unauthorized access to a code repository. We took immediate steps to lock down that server, and indeed all of our servers and services, to ensure no further access was possible. During the process of locking down the server, and investigating how the unauthorized access had occurred, we discovered that some personal information from voters in the U.S. was inadvertently left in one of the code backups.
Within a few hours of the initial report by the media, in addition to notifying our clients, we contacted the acting deputy commissioner from the Office of the Information and Privacy Commissioner for British Columbia, and we launched a full and thorough investigation.
That investigation is still ongoing, but we're committed to examining every detail to see what caused that system to be modified to allow the individual access to that server. As part of that investigation, we've sent letters to the individuals who gained unauthorized access to ask that they certify that they've deleted all of the information they obtained without permission. We're following the guidelines from the Office of the Information and Privacy Commissioner for British Columbia, and we look forward to following up with that office as our investigation progresses.
That there was any personal information in our code repository at all was a mistake on our part. It was not supposed to be there. As the person ultimately responsible for that, I'm sorry.
We've already put in place measures to prevent that from happening again, and as we complete our investigation, I anticipate there may be additional recommendations and improvements that can be made.
The federal and provincial privacy commissioners may also have recommendations, which we welcome and will act upon.
We are committed to ensuring that this investigation is done thoroughly and done right.
In closing, we have built a successful tech company in Victoria, British Columbia. We've employed, and continue to employee, many highly educated young people, and we're proud of what we have built right here in Canada.
There are a lot of misconceptions about the modern use of advertising for political and other purposes, and to the extent that we can assist the committee by explaining what actually happens, and how the technology is used, we're committed to doing that.
I would like to thank the committee for inviting us here today, and for its important and valuable work. I, too, look forward to your questions.
We learned from UpGuard, the data breach investigator that is associated with Chris Vickery's cyber-risk research, that two of the project families, as described by UpGuard, called Saga and Monarch, "are designed to gather and use data across a number of platforms".
Saga seems quite innocent and similar to programs that are used by political parties in perhaps a less sophisticated way, which is intended or "able to automate the creation, analysis and targeting of ads in way that would make it easy for a small number of people to manage a large number of Facebook ad accounts."
UpGuard says—and I'll ask you whether or not it's accurate—that "Saga was used specifically to interface with the Facebook ad system through APIs and scraping methods and gauge response to images and messages."
UpGuard says that Monarch takes up where Saga leaves off. Saga, they say, "is a tool capable of tracking what happens when someone clicks a Facebook ad, Monarch seems designed to track what happens afterward, giving a controlling entity a more complete picture of their targets' behavior."
Is this what is described as “psychographic profiling”, and is that essentially what Saga and Monarch do?
The chair of the committee, Damian Collins, in response to something that Ms. Kaiser says, says, “ On a point of clarification, you mentioned Chris Wylie worked for SCL Canada”.
Her answer was, “That was a name used for—I don't know him as an individual or the AIQ office. That was considered SCL Canada. Our company tended to have a business model where we would partner with another company, and that company would represent us as SCL Germany or SCL U.S.A. That was the model.”
His response was, “So as far as you're concerned, SCL Canada and AIQ are the same thing?”
Her response was, “ I believe so, yes”.
I think all of us have got this idea of you guys being SCL Canada. Everybody who knew you or contacted you, worked with you, considered you as SCL Canada. How would they have got that impression? Can you explain that?
The next step of questions of illegality is going back to BeLeave, which is on the same Google Drive as the Vote Leave, which is 625,000 pounds transferred and spent in the final six days. The British Parliament is investigating whether that was illegal.
Yet, when you were spoken to about this by Christopher Wylie, Jeff Silvester was saying it was “totally illegal”. He said, “they found it amusing”—that's you and your partner there—“You have to remember this is a company that’s gone around the world and undermined democratic institutions in all kinds of countries. They couldn’t care less if their work is compliant because they like to win.”
I put it to you that if you've been lying to our committee and that you can't even answer on your relationship with SCL Canada, you should not be involved in any way in elections because of your total disrespect that we see at our committee here. We might seem a like a quaint little operation, but we represent the people of Canada.
Mr. Massingham, when we ask direct questions about how you could have had a phone directed to you as the head of SCL Canada and you say you weren't aware of that, that just beggars belief. I can't see how anybody could give you a 625,000-pound campaign, let alone a 5 million-pound campaign, if you didn't even know that you had a phone listing you as the head of another company.
Don't you have anything to tell us, Mr. Massingham?