The electoral commission has a database of voters which includes information that is not published in the government gazette when the electoral roll is released. The database matches names, addresses and ID numbers, with ballot boxes and polling stations. It is used to administer elections and includes information you would call very sensitive if you have any regard for your own privacy.
The electoral commission shares this database with political parties. It does so because the effective management of elections requires quality control. We are talking about 370,000 entries in a country where elections decided with a gap of 1,800 are historical fact. Political parties have every incentive to ensure accurate data. Well, they have every incentive to ensure that data about people likely to vote for their opponents is accurate. That way, in our zero-sum game of two, someone is always checking.
That much is understandable, albeit problematic. The law regulating the protection of data seeks to mitigate that problem. It imposes limits on how the data can be used, and that is only for the express purpose it is collected, whether that purpose is determined in the law (as in this case) or for a purpose agreed by the individuals listed in the database.
To be clear then data cannot be used for any other purpose but that for which it is collected.
The law also says what you must do to keep the data safe, how to ensure it does not end up in the wrong hands and how to ensure the people responsible to protect the data from that risk are to be aware of their responsibilities and how they are to face consequences if they fail in their duties.
The law also says what to do with data that is no longer needed or that the time for which it was permitted to be used has expired: that it needs to be safely destroyed and not kept anywhere where it can then be misused.
It appears that the voting data given to the Labour Party before the 2013 elections has been misused and mismanaged. It does not take much sleuthing to follow the trail.
The company that was exposed yesterday, C-Planet IT solutions, is effectively owned by Joseph Zrinzo. It is run by his son in law and works for his son Stefan Zrinzo Azzopardi. Stefan Zrinzo Azzopardi is now a junior minister. At the time the database was handed over to the Labour Party, before the 2013 election, Stefan Zrinzo Azzopardi was president of the Labour Party and a frontline official in the party’s election management machine.
The database is nationwide and is therefore not likely to have been in possession of C-Planet for the personal electoral use of Stefan Zrinzo Azzopardi who is only a candidate in a portion of the country, not the whole of it.
C-Planet can reasonably by presumed to have serviced the needs of the Labour Party, and likely continues to do so even now.
I repeat: the principle in the law is that data can only be used for the purpose for which it was collected. However useful it may be, if the purpose changes the data needs to be collected again together with the consent of the persons listed or the authority of the law.
It is clear that from the point when the electoral commission collected this data to the point it found its way on the servers of C-Planet that purpose changed. That is illegal. What’s worse is the purpose was nefarious: the manipulation of voter intention, something which could never achieve an individual’s consent or the backing of a law.
The electoral commission’s database was used to merge information on individuals held by the electoral commission with information about the same individuals contained in other databases including, for example, the telephone numbers of voters. That is not part of the electoral commission’s database which means that once this data was added, the purpose for which the electoral commission’s database was originally collected has changed. The data was merged with other databases the PL had no reason to be in possession of.
On top of that they added their own data on how they expected the individuals listed to vote in the 2013 election marking some as Laburisti and some as Nazzjonalisti. That too is a change in the original purpose which is again out of order. But what is additionally relevant here is how was this specific data collected and how was it refined to ensure its accuracy.
Let’s not be naïve about this. The Labour Party did not have this data in its possession in order to put it in a frame and hang it in Joseph Muscat’s executive shower. They were using it. They used it.
Look back at this post on my blog from March 2018. The context was reports that prior to the 2013 elections Alexander Nix of Cambridge Analytica had met the Nationalist Party (from where he was sent packing) and likely worked for the Labour Party. Those two claims were verified by multiple sources.
In that report I argued that a “driving app” promoted by the Labour Party for use by Facebook users was an indication of the fact that the Labour Party was using the same methods of harvesting and refining data for ‘psyops’ operations to target their campaigning on the models that would later be used by Cambridge Analytica in the Donald Trump campaign.
What this means is that data about individuals is harvested from as many sources as possible in order to automatically profile individuals and drive the content of personalised communications on social media, particularly Facebook, in order to get them to support policies and politicians in a manner that the campaigning party wants them to.
You think you’re exercising free will in a free and fair election but instead you’re having your button pushed as an avatar of your Facebook newsfeed.
Of course, the Labour Party categorically denies ever having done this. But the evidence mounts against this denial and continues to pile up with the discovery of this data in possession of someone likely working for the Labour Party.
This is another component of evidence in the case against the Labour Party for illegally harvesting data to manipulate voters. The fact the data was still in their possession until they were found out last week suggests the Labour Party is still up to these illegal shenanigans.
C-Planet tried to dismiss the story as an irrelevance because the data was “old”. Them being in possession of “old data” is, incidentally, in and of itself a breach of law. When they retained the data in their possession as it still is now, 7 years after the general election for which it was drawn up, they broke the law.
Then they put this sensitive and personal data on line for anyone to access, with no security safeguards, no password protection and no attempt to comply with data protection rules that, since 2013, have become even more stringent. That is illegal but unlikely part of their scheme to use the data to manipulate voters. Putting the data online without any protection is pure amateurish stupidity which was the cause of their discovery: it is that hubris of the thief who got away with their crimes too often to care about getting caught.
It is right and proper that the data protection commissioner looks into this case as he said he would. He needs to use his powers to raid C-Planet’s office, raid their servers, and verify how this data came into their possession. There were lenient exceptions for political parties in the law as it used to be in 2013. But C-Planet, whoever owns it and whomever it advises, is most definitely not a political party.
Someone at the Labour Party broke the law and leaked the data to C-Planet. It is reasonable to suspect the culprit is now a junior minister in Robert Abela’s government.
Yesterday Robert Abela made much of the fact that under his administration the rule of law reigns supreme.