Good morning. Thank you for inviting us back to speak with you today.
As you are already aware, due to personal health reasons, Mr. Massingham is unable to attend. He asked me to pass along his sincere regrets for not being able to join us here today. If there are any questions that I'm unable to answer, he asked that I take those back to him, so he can reply as soon as he's able.
As the chief operating officer, I can assure you, though, that I can speak for AggregateIQ on all matters.
We've been entirely co-operative with this committee. After our last appearance on April 24, we immediately followed up and provided many documents related to the questions you asked. Your chair also asked us to preserve documents in a letter dated May 3. In our response on the 10th, we told the committee that we had already preserved the documents in the context of our cooperation with the Information and Privacy Commissioner of British Columbia and the federal Privacy Commissioner. We respect the important work being done by the privacy commissioners and this committee, and wish to continue a constructive dialogue in support of that work.
With respect to our discussion with you on the 24th, we were completely accurate and truthful. I didn't get a chance to answer every question in as much detail as I would have liked, given the time constraints, but I do stand behind every answer.
I would like to raise my concerns about the wildly speculative comments that some have made about AggregateIQ. I'm even more concerned that this speculation about my company has been taken as fact by others. Speculation by third parties does not constitute fact. I ask that you not rely upon rumours, innuendo, and speculation.
Once again, I'm here to give you the facts about AggregateIQ's work. There are a few points that I would like to state again.
We are co-operating with the investigations of the Office of the Information and Privacy Commissioner of British Columbia, the Privacy Commissioner of Canada, and the U.K.'s Information Commissioner's Office or ICO. In fact, I met with the ICO, after my meeting with the Digital, Culture, Media and Sport Committee in the U.K. I just spoke to the ICO's investigators again last week. We're in touch on an ongoing basis. I hope that the information we have provided and will continue to provide to them will be useful in their investigation.
To be totally transparent, we provided your clerk with our correspondence with the ICO. To the extent that there may have been a misunderstanding between us and the ICO, I'm confident that any misunderstanding has been cleared up.
With regard to our work on the EU referendum, some of you expressed concern last time about our receiving a donation from Vote Leave, for the work we did with BeLeave. This donation was always public. The Electoral Commission in the U.K. found that, in March of 2017, no further investigation was required into the donation by Vote Leave-BeLeave. On March 15 of this year, the U.K. High Court confirmed again that a donation, whether of cash or in kind, was entirely allowed under electoral law in the U.K.
With regard to the allegation during Brexit that AggregateIQ used the Facebook data that was allegedly improperly obtained by Dr. Kogan of Cambridge Analytica, Facebook has confirmed in their testimony and in writing to the U.K. DCMS committee that this was not the case. We have never had access or even seen the allegedly improperly obtained data, nor would we have any interest in doing so.
With respect to the allegation that BeLeave used three of the same audiences as Vote Leave during the referendum, Facebook confirmed in their letter that those groups were never used by BeLeave. When this came up before the U.K. DCMS committee, I told the committee that I would look into it right away. I immediately investigated the circumstances and provided a very clear and detailed explanation to the committee later that night, along with evidence that these audiences were not shared with anyone at BeLeave. Indeed, they were never used. I'll be happy to provide that information to this committee, when I return to my office.
There are so many other areas where AggregateIQ has been misrepresented, and I'll expect that I'll have the opportunity to discuss many of those here today with you, but I thought I'd provide a couple of examples.
When he was here under oath, Mr. Wylie stated that it was “true that AggregateIQ was not part of SCL. It was a separately registered company in a separate country.” While his statements seem to have changed over time, we have consistently stated the facts. We are 100% Canadian owned and operated, and we are not a part of any other company. AggregateIQ does not become part of SCL simply because we've done work for them. AggregateIQ does not become part of SCL, simply because some unknown person with SCL created a phone list or put our name on a website. AggregateIQ does not become part of Cambridge Analytica because someone makes a draft document with Cambridge Analytica in the header. Even The Guardian has had to admit that they did not intend to assert that AggregateIQ was part of SCL or Cambridge Analytica.
Mr. Vickery has appeared before this committee and the U.K. DCMS committee to float various speculative theories, based on what he's seen or what he think he's seen. Mr. Vickery's comments and tweets have made it clear that he is not an expert in the work that we do. Mr. Vickery has gained unauthorized access to our code repository. Were he simply to have made note of what he saw and let us know about the issue, that would have been fine, but he broke his own practice and downloaded the information he found there. In doing so, he may have broken the law.
As part of our investigation, we found a number of instances where Mr. Vickery's actions do not align with what he said publicly, and we'll be passing that along to the appropriate authorities.
I look forward to your questions in continuing our discussion. The work you're doing here is very important. I hope we can be of assistance.
Thank you very much for being here again today.
I want to address some of the things that we have heard from other witnesses. When you came before the committee before, I asked you about the psychosocial profiles that were used on Facebook to target certain audiences. I asked if you still had any of these scores in your database. Your answer to me was, “We're not a data company so we have no interest in any of that.”
When I asked Mr. Vickery about that, he said that you have a great deal of interest in data. He said that there is data within that hard drive that he provided to us that proves that many of your statements were incorrect, and he said he was really surprised that you would state those things.
Given that the committee is now in possession of the hard drive, did you want to revise that statement?
Again, Mr. Wylie says in this pitch document—it's effectively a pitch document—“People think they know their opinions better than they do and can often be lying to themselves.”
Essentially, he's saying that he has ways of using deep data points, very large numbers of individual data points, put into various demographic blocks to change their minds.
Do you believe that there's a line that should be drawn in terms of where political parties collect data, how far they can go in the sort of data they collect, how they can manipulate it, and how they can use it?
Yes, and there are two questions there. To the first point, with respect to the psychographics and all of that sort of stuff—again, I'm not an expert on that—the work that Mr. Wylie did with SCL before he left ended up not working. The campaigns that used it reported in the press and other places that it didn't work. So insofar as, if he was doing the same thing as he did that time....
In fact, actually, at the DCMS committee, Mr. Kogan reported that, again, the testing on those results that he provided to SCL weren't accurate. If he was doing the exact same thing as he did before, then it didn't work. I know there are theoretical journals and papers that get into that, about how it's theoretically possible, but I'm not aware of any political organization that's done that successfully or any corporate organization that's done that successfully.
To your second point, though, is that something that political parties and indeed Parliament should be looking at? Yes. When you provide information to an organization, then you should know, when you're providing it, why you're providing it, what they're going to do with it, and what you can do to get that information back if you need to. Right now in Canada, and indeed on all of your websites, you collect information, but you....
Well, your website, Mr. Kent, does have a privacy statement, but typically we don't tell people on political sites what is going to happen with that information or how they can get it back.
One thing that I think would be really important for the committee to do, which I think Mr. Erskine-Smith talked about before, is to have very clear and easy-to-read statements on everyone's website, if they're collecting information, about what that information is being collected for, how it's going to be used, what it can be used for in the future, and how they can get it back.
I think that's an area where there is opportunity for change, because right now that's not the case. You can use implied consent, but it's certainly something that politicians, companies, organizations, or anyone, really, should have.
Thank you, Mr. Silvester. I want to say at the outset that what we're trying to do here is get at the facts. We have no axe to grind with AggregateIQ. Your evidence is as valuable to us as anyone else's.
I would say that we're very frustrated, because we felt last time that your colleague Mr. Massingham was not forthcoming at all. We have a number of questions. To me, the fact that he's not here raises serious concerns, because there are questions that I don't believe you can answer, based on the Slack messages we have from him.
Having said that, we will carry on. I want to go back to the conversation you and Chris Wylie had about the siloing of information between the Vote Leave and BeLeave campaigns. He asked you if you siloed the information, and he said that you said you did not. Did you silo and keep those two campaigns separate?
He said he never got it. You might just have sent it to the wrong number. I mean, for tech people, you guys should be more on top of this, I would think, especially since your reputation is at stake.
I'm running out of time here, so I'm going to move on. I have a number of questions for your colleague who's not here, Mr. Massingham, based on the potential illegalities of your using the BeLeave campaign as a money laundering vehicle for Vote Leave. I want to look through some conversations. Maybe you can help us since he's not here.
Ten days before the campaign ended, Darren Grimes, a 22-year-old fashion student, wrote to your colleague and said they wanted him take on this campaign for them, and the next day, he sent a £400,000 order. That's a lot of money for a 22-year-old fashion student. Then Mr. Massingham responded to it at one point and said, “you're on track to spend 300k USD today.... ddi you need me to grab some money for you?”
Where would you guys be grabbing money from for your clients?
That's something you and I spoke about just briefly before the meeting. I actually addressed it during my opening statement.
When we created the account for BeLeave, initially one of our junior staff just copied one of the other campaign accounts that we created for Vote Leave, thinking it was the same campaign. They were quickly told that was not the case.
Those audiences were deleted. All of that stuff was deleted. They started again, but they used the same account.
That information was created, but it was never used, never shared. No one from BeLeave ever saw it. We provided all of that information, and a very detailed description to the DCMS committee.
As I've said, when I get back to the office, I'll provide it to you as well.
When Mr. Wylie was with us by video link, we discussed GitLab, and Mr. Vickery's visit to the Ephemeral project—the GitLab-AIQ Ephemeral project—and discussed the database of truth, the project Saga, the project Monarch.
Recognizing that there is good humour among those who work in the digital world in your business, and the subtitle of the Ephemeral project on the website, which said, “Because there is no truth”, I asked if that was just humour, or more of an underlying reflection of the mentality at AIQ.
Mr. Wylie answered that he couldn't speak to any of “the specific intentions of AIQ and why they put certain things there”, but he said, “there was a systemic culture in the group of companies that we've been speaking about that completely disregarded the importance of truth in an election.” He said, “SCL and Cambridge Analytica regularly advertised disinformation as a service offering.”
Are you saying you weren't aware of that: offering a disinformation service?
Yes. Certainly there's an opportunity to provide clarity to people about what information they're providing and what it's going to be used for, either right away or in the future.
One of the challenges with Facebook, for example, is that when I signed up a long time ago—and I'm not on there now—its privacy statement may have said one thing and then 10 years later it's had a number of different updates. Now it's doing all of this different advertising; it wasn't advertising when I started. In that respect, there do need to be clear statements and clear guidelines. I think there's a role for government to provide that legislation and those regulations so that companies know what they need to provide to consumers, voters, political parties, and whomever to let them know what's going to happen, what they can do get their information back if they don't want it to be used, and what type of notification requirements there are. All of that stuff should really be included.
With respect to going as far as the GDPR does in all of the ways, I know there are a number of services in the U.K. and Europe that have had to shut down, not because they're doing anything wrong, but simply because of the IP restrictions and limitations. They're working on ways to work within the rules to still provide those services. We have to be cautious about how that's done, but there's certainly a lot of room for opportunity there.
So you would have us believe....
Here you have comments on one of your files that, well, this might violate U.K. laws. You have another file called the “database of truth” that includes huge repositories of Republican voter data, which should not leave U.S. jurisdiction. You're set up in Canada. You tell the U.K. Information Commissioner that they have no jurisdiction over you.
So we're to believe that you're here in Canada; that you are outside the jurisdiction of the U.S. and the U.K., so you conveniently don't have to apply those laws; that you were given £600,000 for a single...just go onto Facebook and click, and pick some demographics; and that you had no idea that this might be something fishy or that there might actually be some sort of collusion. You just sat there and took these very similar datasets to different clients, took huge amounts of money for it, happened to be outside their jurisdiction, and it had nothing to do with trying to get around laws within the U.S. or U.K. for privacy. That's what you're actually telling us today.
There are three points there that I think you've made.
With respect to the work in the U.S., that particular project is a project for a client. They use it; it's their servers. We help them set it all up, sure, but we don't use that data for anything. It's theirs. They use it with their client. That's the ephemeral project. It is for a client.
The database of truth is not even built yet. That's not what it's called; it's a comment about it. That particular thing is not even built. There are other components of that project that are finished, but that one isn't.
With respect to Brexit, we didn't use any information from anyone in the U.S., or anywhere else for that, other than what was provided to us by the clients. That's the only information we used there.
Thank you very much, Mr. Gourde.
If nobody minds, I'll take the next five minutes from here. I want to start with a bit of a summary of what I understand, just so I've got it all clear in my mind.
Mr. Massingham testified previously that he was aware that if any additional expenditures had gone through the Vote Leave account, they would have been over their limit. Enter 22 year-old Darren Grimes, who starts the BeLeave campaign just weeks before the referendum with no resources and no data. They get in touch with you somehow. We don't know exactly how they became aware of you, but they did presumably through Vote Leave. Mr. Massingham has added to a Google drive. He testified before us that he had no idea what was on the drive, even though this was one of the largest campaigns you've ever run. Mr. Grimes makes purchase orders in large sums mere days in-between, or close together to his receiving the same large amounts from Vote Leave that weren't the exact right numbers of the purchase orders he made. We learn that 1,400 ads were placed by AIQ between the two campaigns. Almost £700,000 was spent in total. We're directed to Slack messages, and on those Slack messages we see statements from Mr. Massingham to the effect of “your soft stuff will play better here versus the hard stuff”. Presumably that's Mr. Massingham speaking to the Vote Leave materials and to differentiate between the two. But nowhere in those Slack messages is there an indication of how many ads to run, which content to use exactly for those large number of ads, or how much money to put behind the ads. That was all done verbally from what we know.
Oh, I forgot to add, but there was absolutely no collaboration or coordination whatsoever. Is that right?
So moving to a different country, we've got the Ripon tool that was developed. You've indicated to the U.K. committee that, “I want to be completely clear, the Ripon tool, the political customer relationship management tool, did have some of SCL's personality scoring in it, but we do not know the datasets they used in order to arrive at that.” And you've said similar things today.
You are under oath, so looking back at the tool that you created, the psychographic scoring as it were, and knowing what you know now about how SCL obtained information through Cambridge Analytica improperly through Facebook, is it your belief that that information did feed into that psychographic scoring?
In terms of additional data, you've got the psychographic scoring, and you say that you know this number, but you don't know what it's based on. Then Mr. Vickery comes along and somehow stumbles into this hub database, and he's testified before us that it's pulled from a master dataset of.... He sees some RNC Trust information, some election list information, some information from the Koch brothers, and more. There are many data points for different individuals, including data points, such as that they lead a biblical life. However, you've indicated here that you don't keep data, that you destroy data, and that you don't share data across campaigns.
How do we reconcile this information that we have? Why is all of this information in a database from AIQ that is pulling it in from so many different sources?
You get 600K in the final 10 days. Mr. Massingham, who is not here to answer this, is talking about where to get the money from, and it's going to come from Vote Leave.
I don't want to keep circling around and around, because Mr. Massingham could probably give us a nice clear explanation, but don't you think the question of its being illegal became very obvious to many people—everyone, it seems, except AggregateIQ?
Then we go back to Mr. Wylie, who said that you laughed and said that yes, of course it was totally illegal.
You're protected by parliamentary privilege here, Mr. Silvester. Why don't you just tell us: given all you've seen, don't you think there's an obvious impression that this could have been illegal and that AggregateIQ could have been the connecting link?