Great, Now Facebook Is Investigating Potential Data Misuse by Something Called 'Crimson Hexagon'

Image for article titled Great, Now Facebook Is Investigating Potential Data Misuse by Something Called 'Crimson Hexagon'
Photo: AP

Facebook may have stumbled through its Cambridge Analytica user privacy scandal largely unscathed so far—the yet-to-be-determined outcome of four separate federal investigations notwithstanding—but its pivot to publicly talking a big game on cracking down on data misuse continues.


Now Facebook has suspended another data analysis firm that received user data, this time with a name that sounds suspiciously like an evil corporation from a 1980s-era Kurt Russell movie: Crimson Hexagon. According to the Wall Street Journal, the company has secured at least 22 separate federal contracts since 2014 worth more than $800,000, including for the State Department, the Federal Emergency Management Agency, and the Secret Service, as well as a separate contract with a Russian nonprofit called the Civil Society Development Foundation.

Crimson Hexagon aggregates large amounts of public posts from sites like Facebook and Twitter for purposes like measuring public sentiment around a range of issues, and according to the WSJ, claims to have assembled a trillion-post archive. For example, the paper reported it attempted (but failed) to procure a Defense Department contract monitoring the terror group ISIS online. Its Russian contract was to measure the popularity of Vladimir Putin; another contract in Turkey informed the Recep Tayyip Erdogan-led government’s “decision in 2014 to briefly shut down Twitter amid public dissent,” the WSJ wrote, citing sources familiar with the company.

While the WSJ wrote Facebook is suspending the Boston-based company while it determines whether the government contracts violated its terms, it is not currently believed the firm gained access to private data like Cambridge Analytica:

Crimson Hexagon operates with little oversight from Facebook once it pulls public data from the social-media platform, according to more than a dozen people familiar with the business. The government contracts weren’t approved by Facebook in advance, for example, the people said.

Facebook, in response to questions from The Wall Street Journal this week about its oversight of Crimson Hexagon’s government contracts and storing of user data, said Friday it wasn’t aware of some of the contracts. On Friday, it said it was suspending Crimson Hexagon’s apps from Facebook and its Instagram unit, and launching a broad inquiry into how Crimson Hexagon collects, shares and stores user data.

Also concerning is a 2016 incident in which Crimson Hexagon suddenly began receiving private Instagram posts while downloading public Facebook ones “because of what Crimson Hexagon employees assumed was a software glitch on Facebook’s part”—something that certainly sounds like a major screwup.

Twitter also worked with Crimson Hexagon, the paper wrote. Unlike with Facebook, where data is freely provided to developers, the company paid Twitter for direct access to its “fire hose,” a premium version of its API that guarantees access to all tweets matching specific criteria. That means Crimson Hexagon gets more useful data from Twitter than Facebook, the WSJ added, but Twitter reportedly killed a potential contract with Immigration and Customs Enforcement over concerns on how the data might be used.


Facebook banned the use of its data for government surveillance in March 2017, per the BBC, though Crimson Hexagon’s other deals have included work with Adidas, Samsung, and the BBC itself.

“We don’t allow developers to build surveillance tools using information from Facebook or Instagram,” a Facebook spokesperson told CNN Money. “We take these allegations seriously, and we have suspended these apps while we investigate.”


In a blog post, Crimson Hexagon’s Chris Bingham emphasized that the company only pulls public posts, that government contracts are a minority of its work, that it only uses the data for purposes allowed by platforms, and “under no circumstances is surveillance a permitted use case.”

As noted by TechCrunch, unlike Cambridge Analytica, which worked to obfuscate its connection to a shady network of other companies and allegedly hired foreign contractors to work on US elections in what was possibly an illegal scheme, “Crimson Hexagon is more above the board, with ordinary venture investment and partnerships.”


[Wall Street Journal]



So... I’ll place two digital donuts on Crimson Hexagon being a front for agencies that were denied access to certain data streams over privacy and security concerns, that (at least in twitter’s case) FB and Twitter were wink-wink nudge-nudging these kinds of false-fronts so that they could easily deny direct links to them. In essence, a data laundering scheme ala the mafia.