Site logo


Switch to full style
Did you read about scams in the papers, or see it on TV? Let us know.
Post a reply

Facebook embroiled in yet another privacy scandal

Wed Dec 19, 2018 4:39 pm ... cy-scandal

Facebook embroiled in yet another privacy scandal
By Olivia Tambini 5 hours ago World of tech

This is getting silly now

With barely two weeks left of 2018, Facebook has been indicted in yet another privacy and security scandal, following a comprehensive investigation by the New York Times. ... ivacy.html

According to the publication, the user data that Facebook shares with its corporate partners for advertising purposes is far more expansive than previously thought, including everything from contact lists to your private messages.

The NYT named Netflix, Spotify, and the Royal Bank of Canada as the companies that were given access to private messages, while other companies like Amazon, Sony, and Microsoft, were given access to information on users' Facebook friends.

Netflix, Spotify, and the Royal Bank of Canada all claim they didn't know how much private data they had been given access to by Facebook. Netflix has also released an official statement, saying: "Over the years we have tried various ways to make Netflix more social."

"One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook or ask for the ability to do so.”

The revelation has come about after the NYT obtained internal documents from Facebook, as well as interviewing former employees.

A bad year for Facebook
Tech giant Apple also had a special arrangement with Facebook according to the NYT report, which says: "Facebook empowered Apple to hide from Facebook users all indicators that its devices were asking for data."

"Apple devices also had access to the contact numbers and calendar entries of people who had changed their account settings to disable all sharing, the records show."

This latest report comes after a barrage of privacy scandals afflicted the social media giant this year, including the Cambridge Analytica scandal, which revealed the consulting firm that backed Donald Trump's 2016 election campaign gathered personal data from around 50 million users.

As well as that, a huge data breach earlier this year that compromised the security of 30 million Facebook users, ensured that public trust in the social network has remained in steady decline over 2018, even though user numbers haven't followed the same trend.

It remains to be seen whether this latest scandal will affect user numbers in a meaningful way, but we can be certain about one thing: Facebook has been playing hard and fast with our personal data for a long time, and the Cambridge Analytica scandal was only the tip of the iceberg.

Had enough? Here's how to delete Facebook for good
Via Gizmodo

As Facebook Raised a Privacy Wall, It Carved an Opening for

Wed Dec 19, 2018 4:42 pm ... ivacy.html

As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants
Internal documents show that the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed.

Mark Zuckerberg, Facebook’s chief executive, at a Senate hearing in April. Internal Facebook records describe data-sharing deals that benefited more than 150 companies.CreditCreditAaron P. Bernstein/Reuters

By Gabriel J.X. Dance, Michael LaForgia and Nicholas Confessore
Dec. 18, 2018

For years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules, according to internal records and interviews.

The special arrangements are detailed in hundreds of pages of Facebook documents obtained by The New York Times. The records, generated in 2017 by the company’s internal system for tracking partnerships, provide the most complete picture yet of the social network’s data-sharing practices. They also underscore how personal data has become the most prized commodity of the digital age, traded on a vast scale by some of the most powerful companies in Silicon Valley and beyond.

The exchange was intended to benefit everyone. Pushing for explosive growth, Facebook got more users, lifting its advertising revenue. Partner companies acquired features to make their products more attractive. Facebook users connected with friends across different devices and websites. But Facebook also assumed extraordinary power over the personal information of its 2.2 billion users — control it has wielded with little transparency or outside oversight.

Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.

The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.

Facebook has been reeling from a series of privacy scandals, set off by revelations in March that a political consulting firm, Cambridge Analytica, improperly used Facebook data to build tools that aided President Trump’s 2016 campaign. Acknowledging that it had breached users’ trust, Facebook insisted that it had instituted stricter privacy protections long ago. Mark Zuckerberg, the chief executive, assured lawmakers in April that people “have complete control” over everything they share on Facebook.

But the documents, as well as interviews with about 50 former employees of Facebook and its corporate partners, reveal that Facebook allowed certain companies access to data despite those protections. They also raise questions about whether Facebook ran afoul of a 2011 consent agreement with the Federal Trade Commission that barred the social network from sharing user data without explicit permission.

[Here are five takeaways from The Times’s investigation.]

In all, the deals described in the documents benefited more than 150 companies — most of them tech businesses, including online retailers and entertainment sites, but also automakers and media organizations. Their applications sought the data of hundreds of millions of people a month, the records show. The deals, the oldest of which date to 2010, were all active in 2017. Some were still in effect this year.

In an interview, Steve Satterfield, Facebook’s director of privacy and public policy, said none of the partnerships violated users’ privacy or the F.T.C. agreement. Contracts required the companies to abide by Facebook policies, he added.

Still, Facebook executives have acknowledged missteps over the past year. “We know we’ve got work to do to regain people’s trust,” Mr. Satterfield said. “Protecting people’s information requires stronger teams, better technology and clearer policies, and that’s where we’ve been focused for most of 2018.” He said that the partnerships were “one area of focus” and that Facebook was in the process of winding many of them down.

Facebook has found no evidence of abuse by its partners, a spokeswoman said. Some of the largest partners, including Amazon, Microsoft and Yahoo, said they had used the data appropriately, but declined to discuss the sharing deals in detail. Facebook did say that it had mismanaged some of its partnerships, allowing certain companies’ access to continue long after they had shut down the features that required the data.

With most of the partnerships, Mr. Satterfield said, the F.T.C. agreement did not require the social network to secure users’ consent before sharing data because Facebook considered the partners extensions of itself — service providers that allowed users to interact with their Facebook friends. The partners were prohibited from using the personal information for other purposes, he said. “Facebook’s partners don’t get to ignore people’s privacy settings.”

Data privacy experts disputed Facebook’s assertion that most partnerships were exempted from the regulatory requirements, expressing skepticism that businesses as varied as device makers, retailers and search companies would be viewed alike by the agency. “The only common theme is that they are partnerships that would benefit the company in terms of development or growth into an area that they otherwise could not get access to,” said Ashkan Soltani, former chief technologist at the F.T.C.

Mr. Soltani and three former employees of the F.T.C.’s consumer protection division, which brought the case that led to the consent decree, said in interviews that its data-sharing deals had probably violated the agreement.

“This is just giving third parties permission to harvest data without you being informed of it or giving consent to it,” said David Vladeck, who formerly ran the F.T.C.’s consumer protection bureau. “I don’t understand how this unconsented-to data harvesting can at all be justified under the consent decree.”

Details of the agreements are emerging at a pivotal moment for the world’s largest social network. Facebook has been hammered with questions about its data sharing from lawmakers and regulators in the United States and Europe. The F.T.C. this spring opened a new inquiry into Facebook’s compliance with the consent order, while the Justice Department and Securities and Exchange Commission are also investigating the company.

Facebook’s stock price has fallen, and a group of shareholders has called for Mr. Zuckerberg to step aside as chairman. Shareholders also have filed a lawsuit alleging that executives failed to impose effective privacy safeguards. Angry users started a #DeleteFacebook movement.

This month, a British parliamentary committee investigating internet disinformation released internal Facebook emails, seized from the plaintiff in another lawsuit against Facebook. The messages disclosed some partnerships and depicted a company preoccupied with growth, whose leaders sought to undermine competitors and briefly considered selling access to user data.

Richard Allan, a Facebook vice president, testifying before Parliament last month next to Mr. Zuckerberg’s vacant seat. The company is under fire from both American and European lawmakers.

Richard Allan, a Facebook vice president, testifying before Parliament last month next to Mr. Zuckerberg’s vacant seat. The company is under fire from both American and European lawmakers.CreditAgence France-Presse — Getty Images
As Facebook has battled one crisis after another, the company’s critics, including some former advisers and employees, have singled out the data-sharing as cause for concern.

“I don’t believe it is legitimate to enter into data-sharing partnerships where there is not prior informed consent from the user,” said Roger McNamee, an early investor in Facebook. “No one should trust Facebook until they change their business model.”

An Engine for Growth
Personal data is the oil of the 21st century, a resource worth billions to those who can most effectively extract and refine it. American companies alone are expected to spend close to $20 billion by the end of 2018 to acquire and process consumer data, according to the Interactive Advertising Bureau.

Few companies have better data than Facebook and its rival, Google, whose popular products give them an intimate view into the daily lives of billions of people — and allow them to dominate the digital advertising market.

Facebook has never sold its user data, fearful of user backlash and wary of handing would-be competitors a way to duplicate its most prized asset. Instead, internal documents show, it did the next best thing: granting other companies access to parts of the social network in ways that advanced its own interests.

Facebook began forming data partnerships when it was still a relatively young company. Mr. Zuckerberg was determined to weave Facebook’s services into other sites and platforms, believing it would stave off obsolescence and insulate Facebook from competition. Every corporate partner that integrated Facebook data into its online products helped drive the platform’s expansion, bringing in new users, spurring them to spend more time on Facebook and driving up advertising revenue. At the same time, Facebook got critical data back from its partners.

The partnerships were so important that decisions about forming them were vetted at high levels, sometimes by Mr. Zuckerberg and Sheryl Sandberg, the chief operating officer, Facebook officials said. While many of the partnerships were announced publicly, the details of the sharing arrangements typically were confidential.

Sheryl Sandberg, Facebook’s second-in-command, at a Senate hearing in September. The data-sharing deals were vetted at senior levels, sometimes by her and Mr. Zuckerberg, Facebook officials said.
By 2013, Facebook had entered into more such partnerships than its midlevel employees could easily track, according to interviews with two former employees. (Like the more than 30 other former employees interviewed for this article, they spoke on the condition of anonymity because they had signed nondisclosure agreements or still maintained relationships with top Facebook officials.)

So they built a tool that did the technical work of turning special access on and off and also kept records on what are known internally as “capabilities” — the special privileges enabling companies to obtain data, in some cases without asking permission.

The Times reviewed more than 270 pages of reports generated by the system — records that reflect just a portion of Facebook’s wide-ranging deals. Among the revelations was that Facebook obtained data from multiple partners for a controversial friend-suggestion tool called “People You May Know.”

The feature, introduced in 2008, continues even though some Facebook users have objected to it, unsettled by its knowledge of their real-world relationships. Gizmodo and other news outlets have reported cases of the tool’s recommending friend connections between patients of the same psychiatrist, estranged family members, and a harasser and his victim.

Facebook, in turn, used contact lists from the partners, including Amazon, Yahoo and the Chinese company Huawei — which has been flagged as a security threat by American intelligence officials — to gain deeper insight into people’s relationships and suggest more connections, the records show.

Some of the access deals described in the documents were limited to sharing non-identifying information with research firms or enabling game makers to accommodate huge numbers of players. These raised no privacy concerns. But agreements with about a dozen companies did. Some enabled partners to see users’ contact information through their friends — even after the social network, responding to complaints, said in 2014 that it was stripping all applications of that power.

As of 2017, Sony, Microsoft, Amazon and others could obtain users’ email addresses through their friends.

One of Facebook’s device partners was Huawei, a Chinese company flagged as a security threat by United States intelligence
Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread — privileges that appeared to go beyond what the companies needed to integrate Facebook into their systems, the records show. Facebook acknowledged that it did not consider any of those three companies to be service providers. Spokespeople for Spotify and Netflix said those companies were unaware of the broad powers Facebook had granted them. A Royal Bank of Canada spokesman disputed that the bank had any such access.

Spotify, which could view messages of more than 70 million users a month, still offers the option to share music through Facebook Messenger. But Netflix and the Canadian bank no longer needed access to messages because they had deactivated features that incorporated it.

These were not the only companies that had special access longer than they needed it. Yahoo, The Times and others could still get Facebook users’ personal information in 2017.

Yahoo could view real-time feeds of friends’ posts for a feature that the company had ended in 2011. A Yahoo spokesman declined to discuss the partnership in detail but said the company did not use the information for advertising. The Times — one of nine media companies named in the documents — had access to users’ friend lists for an article-sharing application it also had discontinued in 2011. A spokeswoman for the news organization said it was not obtaining any data.

Facebook’s internal records also revealed more about the extent of sharing deals with over 60 makers of smartphones, tablets and other devices, agreements first reported by The Times in June.

Facebook empowered Apple to hide from Facebook users all indicators that its devices were asking for data. Apple devices also had access to the contact numbers and calendar entries of people who had changed their account settings to disable all sharing, the records show.

Apple officials said they were not aware that Facebook had granted its devices any special access. They added that any shared data remained on the devices and was not available to anyone other than the users.

Facebook enabled Apple devices to conceal that they were asking for data, making it impossible for users to disable sharing.

Facebook officials said the company had disclosed its sharing deals in its privacy policy since 2010. But the language in the policy about its service providers does not specify what data Facebook shares, and with which companies. Mr. Satterfield, Facebook’s privacy director, also said its partners were subject to “rigorous controls.”

Yet Facebook has an imperfect track record of policing what outside companies do with its user data. In the Cambridge Analytica case, a Cambridge University psychology professor created an application in 2014 to harvest the personal data of tens of millions of Facebook users for the consulting firm.

Pam Dixon, executive director of the World Privacy Forum, a nonprofit privacy research group, said that Facebook would have little power over what happens to users’ information after sharing it broadly. “It travels,” Ms. Dixon said. “It could be customized. It could be fed into an algorithm and decisions could be made about you based on that data.”

400 Million Exposed
Unlike Europe, where social media companies have had to adapt to stricter regulation, the United States has no general consumer privacy law, leaving tech companies free to monetize most kinds of personal information as long as they don’t mislead their users. The F.T.C., which regulates trade, can bring enforcement actions against companies that deceive their customers.

Besides Facebook, the F.T.C. has consent agreements with Google and Twitter stemming from alleged privacy violations.

Facebook’s agreement with regulators is a result of the company’s early experiments with data sharing. In late 2009, it changed the privacy settings of the 400 million people then using the service, making some of their information accessible to all of the internet. Then it shared that information, including users’ locations and religious and political leanings, with Microsoft and other partners.

Facebook called this “instant personalization” and promoted it as a step toward a better internet, where other companies would use the information to customize what people saw on sites like Bing. But the feature drew complaints from privacy advocates and many Facebook users that the social network had shared the information without permission.

The F.T.C. investigated and in 2011 cited the privacy changes as a deceptive practice. Caught off guard, Facebook officials stopped mentioning instant personalization in public and entered into the consent agreement.

Under the decree, the social network introduced a “comprehensive privacy program” charged with reviewing new products and features. It was initially overseen by two chief privacy officers, their lofty title an apparent sign of Facebook’s commitment. The company also hired PricewaterhouseCoopers to assess its privacy practices every two years.

But the privacy program faced some internal resistance from the start, according to four former Facebook employees with direct knowledge of the company’s efforts. Some engineers and executives, they said, considered the privacy reviews an impediment to quick innovation and growth. And the core team responsible for coordinating the reviews — numbering about a dozen people by 2016 — was moved around within Facebook’s sprawling organization, sending mixed signals about how seriously the company took it, the ex-employees said.

Critically, many of Facebook’s special sharing partnerships were not subject to extensive privacy program reviews, two of the former employees said. Executives believed that because the partnerships were governed by business contracts requiring them to follow Facebook data policies, they did not require the same level of scrutiny. The privacy team had limited ability to review or suggest changes to some of those data-sharing agreements, which had been negotiated by more senior officials at the company.

Facebook officials said that members of the privacy team had been consulted on the sharing agreements, but that the level of review “depended on the specific partnership and the time it was created.”

In 2014, Facebook ended instant personalization and walled off access to friends’ information. But in a previously unreported agreement, the social network’s engineers continued allowing Bing; Pandora, the music streaming service; and Rotten Tomatoes, the movie and television review site, access to much of the data they had gotten for the discontinued feature. Bing had access to the information through last year, the records show, and the two other companies did as of late summer, according to tests by The Times.

Facebook continued the access for Pandora, the music-streaming service, and other companies even after an F.T.C. agreement led to an official change in policy.
Facebook officials said the data sharing did not violate users’ privacy because it allowed access only to public data — though that included data that the social network had made public in 2009. They added that the social network made a mistake in allowing the access to continue for the three companies, but declined to elaborate. Spokeswomen for Pandora and Rotten Tomatoes said the businesses were not aware of any special access.

Facebook also declined to discuss the other capabilities Bing was given, including the ability to see all users’ friends.

Microsoft officials said that Bing was using the data to build profiles of Facebook users on Microsoft servers. They declined to provide details, other than to say the information was used in “feature development” and not for advertising. Microsoft has since deleted the data, the officials said.

Compliance Questions
For some advocates, the torrent of user data flowing out of Facebook has called into question not only Facebook’s compliance with the F.T.C. agreement, but also the agency’s approach to privacy regulation.

“There has been an endless barrage of how Facebook has ignored users’ privacy settings, and we truly believed that in 2011 we had solved this problem,” said Marc Rotenberg, head of the Electronic Privacy Information Center, an online privacy group that filed one of the first complaints about Facebook with federal regulators. “We brought Facebook under the regulatory authority of the F.T.C. after a tremendous amount of work. The F.T.C. has failed to act.”

According to Facebook, most of its data partnerships fall under an exemption to the F.T.C. agreement. The company argues that the partner companies are service providers — companies that use the data only “for and at the direction of” Facebook and function as an extension of the social network.

But Mr. Vladeck and other former F.T.C. officials said that Facebook was interpreting the exemption too broadly. They said the provision was intended to allow Facebook to perform the same everyday functions as other companies, such as sending and receiving information over the internet or processing credit card transactions, without violating the consent decree.

When The Times reported last summer on the partnerships with device makers, Facebook used the term “integration partners” to describe BlackBerry, Huawei and other manufacturers that pulled Facebook data to provide social-media-style features on smartphones. All such integration partners, Facebook asserted, were covered by the service provider exemption.

Since then, as the social network has disclosed its data sharing deals with other kinds of businesses — including internet companies such as Yahoo — Facebook has labeled them integration partners, too.

Facebook even recategorized one company, the Russian search giant Yandex, as an integration partner.

Facebook records show Yandex had access in 2017 to Facebook’s unique user IDs even after the social network stopped sharing them with other applications, citing privacy risks. A spokeswoman for Yandex, which was accused last year by Ukraine’s security service of funneling its user data to the Kremlin, said the company was unaware of the access and did not know why Facebook had allowed it to continue. She added that the Ukrainian allegations “have no merit.”

The Russian company Yandex, which has been accused of funneling information to the Kremlin, had access to Facebook data as recently as last year.CreditMikhail Metzel/TASS, via Getty Images
In October, Facebook said Yandex was not an integration partner. But in early December, as The Times was preparing to publish this article, Facebook told congressional lawmakers that it was.

An F.T.C. spokeswoman declined to comment on whether the commission agreed with Facebook’s interpretation of the service provider exception, which is likely to figure in the F.T.C.’s ongoing Facebook investigation. She also declined to say whether the commission had ever received a complete list of partners that Facebook considered service providers.

But federal regulators had reason to know about the partnerships — and to question whether Facebook was adequately safeguarding users’ privacy. According to a letter that Facebook sent this fall to Senator Ron Wyden, the Oregon Democrat, PricewaterhouseCoopers reviewed at least some of Facebook’s data partnerships.

The first assessment, sent to the F.T.C. in 2013, found only “limited” evidence that Facebook had monitored those partners’ use of data. The finding was redacted from a public copy of the assessment, which gave Facebook’s privacy program a passing grade over all.

Mr. Wyden and other critics have questioned whether the assessments — in which the F.T.C. essentially outsources much of its day-to-day oversight to companies like PricewaterhouseCoopers — are effective. As with other businesses under consent agreements with the F.T.C., Facebook pays for and largely dictated the scope of its assessments, which are limited mostly to documenting that Facebook has conducted the internal privacy reviews it claims it had.

How closely Facebook monitored its data partners is uncertain. Most of Facebook’s partners declined to discuss what kind of reviews or audits Facebook subjected them to. Two former Facebook partners, whose deals with the social network dated to 2010, said they could find no evidence that Facebook had ever audited them. One was BlackBerry. The other was Yandex.

Steve Satterfield, Facebook’s director of privacy and public policy, said the sharing deals did not violate privacy rules because the partners functioned as extensions of the social network.CreditIsopix/REX/Shutterstock
Facebook officials said that while the social network audited partners only rarely, it managed them closely.

“These were high-touch relationships,” Mr. Satterfield said.

Matthew Rosenberg contributed reporting. Research was contributed by Grace Ashford, Susan C. Beachy, Doris Burke and Alain Delaquérière.

A version of this article appears in print on Dec. 19, 2018, on Page A1 of the New York edition with the headline: Facebook Offered Users Privacy Wall, Then Let Tech Giants Around It. Order Reprints | Today’s Paper | Subscribe

Netlfix Busted For Lying In Viral Tweet

Thu Dec 20, 2018 6:11 pm ... ral-tweet/

Netlfix Busted For Lying In Viral Tweet
December 20, 2018
Hannah Bleau
Subscribe to the Chicks!
There was a ton of Facebook drama Wednesday. The social media giant was accused of sharing users’ private information with other tech companies without explicit permission. We’re even talking about a users’ private DMs. That’s right. Netflix and Spotify got access to users’ private messages.

Facebook kinda sorta denied the claims. You can read the full explanation here.

Neflix responded to the report, and it went viral.

Netflix never asked for, or accessed, anyone's private messages. We're not the type to slide into your DMs.

— Netflix US (@netflix) December 19, 2018

Except…not really.

Netflix said it didn’t have access to Facebook messages, but Facebook documents show Netflix had the ability to do just that. Netflix then acknowledged that it did access personal messages, but only for sending and receiving movie and TV recommendations.

— The New York Times (@nytimes) December 20, 2018

These were not the only companies that had special access longer than they needed it. Yahoo, The New York Times and others could still get Facebook users’ personal information in 2017.

— The New York Times (@nytimes) December 20, 2018

Facebook empowered Apple to hide from Facebook users all indicators that its devices were asking for data. Apple devices had access to the numbers and calendar entries of people who changed their account settings to disable all sharing, the records show.

— The New York Times (@nytimes) December 20, 2018

Here's a closer look at 5 ways Facebook shared your personal data with partner companies including Yahoo, Netflix and Spotify

— The New York Times (@nytimes) December 20, 2018

In other words…

"We didn't slide into your DMs, except for when we did"

— let Polly do the printing (@ajaromano) December 20, 2018


Caught. #PRFail.

— Peter Himler (@PeterHimler) December 20, 2018

Normally your friendly social responses are adequate, but this is time for a formal press release and disclosure of your agreements with Facebook.

— Lesley Carhart (@hacks4pancakes) December 19, 2018

Facebook: come over

Netflix: can’t I’m busy

Facebook: I’ll give you full access


— Lobes (@Lobes) December 19, 2018

Yo Dude, what exactly did you slide into and maybe a discussion of invasion of privacy is not the time to talk like a teenager?

— Unsocial Medium (@StillUnsocial) December 19, 2018

Glad you are taking this seriously.

— Michael Ruminer (@michaelruminer) December 19, 2018

Nobody's coming out of this clean

— Mark Berman (@markberman) December 20, 2018

To be continued…

Facebook blasted by privacy advocates, lawmakers

Fri Dec 21, 2018 7:48 pm ... agreements

Published 1 day ago

Facebook blasted by privacy advocates, lawmakers over data-sharing agreements
Christopher Carbone By Christopher Carbone | Fox News

Facebook gave companies 'intrusive' access to private messages and personal data
Senator-elect Josh Hawley discusses Facebook's misuse of user data.

Facebook drew widespread, scathing criticism from privacy advocates and lawmakers on both sides of the Atlantic on Thursday for not disclosing the extent of its wide-ranging data-sharing deals that gave other tech firms access to private user data and information.

The world's largest social network is reeling from a massive New York Times investigation that examined more than 150 agreements Facebook had with partners including Apple, Netflix, Spotify and Amazon, to allow the companies to access users' names, contact information and private messages. In a second blog post responding to the outcry, Facebook said these agreements were publicly discussed and available when users logged into the other services with Facebook. Some of the agreements date back to the platform's early years.

The company's mea culpa and bullet-pointed explanations have not stopped the growing calls for federal privacy regulation or penalties via the ongoing Federal Trade Commission (FTC) investigation.

"It's time that Congress got serious about protecting the privacy, the data, the personal confidential information of hundreds of millions of Americans," said Josh Hawley, U.S. Senator-elect from Missouri, on Fox News' Tucker Carlson Tonight. "[Facebook] said they would not share personal, private confidential data of users without the users' consent. It looks like that's exactly what Facebook is doing, though, that they are sharing that data in order to make a profit without users' consent."

Hawley, a Republican and constitutional lawyer, also called on the FTC to examine whether the latest revelations put the tech giant in violation of the consent decree that the tech giant signed in 2011. Facebook has denied that the data-sharing arrangements violate the 2011 consent decree, but privacy advocates have said the Menlo Park, Calif., company is likely in violation of its terms.

Privacy advocates said Facebook no longer deserves the trust of its 2.2 billion users, whose constant sharing on the platform fueled the company's $13.7 billion third-quarter revenue.

Sen. Richard Blumenthal, D-Conn., said the FTC's probe is moving at a "snail's pace" and "becoming a bad joke."

"Congress must act promptly & powerfully next session with a strong privacy protection law that will protect against such intrusive, abusive misuse of consumer information," Blumenthal said in a statement on Twitter. "Hoping for renewed Commerce Committee hearings in early January!"

Privacy advocates said Facebook no longer deserves the trust of its 2.2 billion users, whose constant sharing on the platform fueled the company's $13.7 billion third-quarter revenue.

"We are particularly troubled the Times' new report that Facebook is undermining user privacy by misinterpreting the term "service provider," which is an exception to the privacy rules in the FTC's 2011 consent order," the Electronic Frontier Foundation (EFF), a nonprofit digital rights organization, said in a blog post.

According to the EFF, many data privacy rules limit the transfer of personal data from one company to another because such arrangements can increase the risk of theft by hackers or misuse by employees, and other uses that consumers could not anticipate. But the privacy rules often exempt so-called service providers. "A company might not be required to get consent before storing consumers' data with a third-party data storage service, provided the storage service does nothing with the data except store it," the nonprofit said.

The EFF said it is "alarmed" by how Facebook's privacy director, Stephen Satterfield, interprets the "service provider" exception, as detailed in the Times story:

With most of the partnerships, Mr. Satterfield said, the F.T.C. agreement did not require the social network to secure users’ consent before sharing data because Facebook considered the partners extensions of itself — service providers that allowed users to interact with their Facebook friends. The partners were prohibited from using the personal information for other purposes, he said.

"To the contrary, the kinds of company-to-company data sharing described in the new Times article do not fall within any reasonable definition of 'service provider,'" the EFF said.

“Every single time that you share something on Facebook or one of our services, right there is a control in line where you control who you want to share with,” Zuckerberg told the US Congress earlier this year. This is a lie," wrote Siva Vaidhyanathan, professor of media studies at the University of Virginia, in a Guardian op-ed.
Howard Kurtz: Why Facebook has finally gone too farVideo

Kate Crawford, the co-founder of the AI Now Institute at New York University, said the New York Times investigation exposes that user control of data online is a myth.

"The total lack of respect for user wishes is the infinitely repeating scandal of 2018," Crawford added.

David Cicilline, D-R.I., tweeted: "Zuckerberg told Congress that Facebook users had “complete control” over their data. Sure looks like he lied."

Amid the data-sharing fallout, Facebook's shares dropped over 7 percent and are down about 24 percent for the year. In addition, the Association of National Advertisers on Tuesday said the FTC should advocate for a new federal law governing how all advertisers collect and use consumer data, as a way to pre-empt regulation by individual states.

"Based on these revelations, I’m concerned that Facebook may have provided @EnergyCommerce with inaccurate, incomplete, or misleading responses to our questions, and we’ll be following up," said New Jersey Rep. Frank Pallone, a Democrat, on Twitter.

Facebook, which previously provided an explanation of the data-sharing agreements in a blog post, is still grappling with fallout from Cambridge Analytica, in which a data-mining firm was allowed to access the information of up to 87 million users. On Wednesday, D.C. Attorney General Karl Racine filed a lawsuit, which could potentially be joined by other states' attorneys general, alleging that Mark Zuckerberg's company told users that it would protect their personal information, but allowed the developer of a personality quiz app to collect and sell the data of users who hadn't downloaded or used the app.

Damian Collins, chair of the United Kingdom's powerful Digital, Culture, Media and Sport Committee, which has been probing Facebook's actions in relation to the spread of disinformation, said that Facebook should appear before the committee to explain its data policies.

"We have to seriously challenge the claim by Facebook that they are not selling user data. They may not be letting people take it away by the bucket load, but they do reward companies with access to data that others are denied, if they place a high value on the business they do together," Collins said in a statement. "I feel that we have been given misleading responses by the company when we have asked these questions during previous evidence sessions."

In his appearance on Tucker Carlson Tonight, Sen. Hawley suggested a broader inquiry into Big Tech might be needed.

"I think it's time we looked at the effect big tech is having on our personal lives, on our families, on our schools, on our society. These are major companies. Many of them monopolies. They make billions of dollars a year. There've never been more powerful companies in the history of the world, and they need to be held accountable," the Missouri senator said.

New York Attorney General Barbara Underwood told the Times through a spokesperson that her office, which is already investigating Facebook, would also examine the newly revealed data-sharing partnerships as part of that probe.

FTC is considering a 'record-setting fine' against Facebook

Sat Jan 19, 2019 3:45 pm ... ebook.html

FTC is reportedly considering a 'record-setting fine' against Facebook

The Federal Trade Commission is considering imposing a "record-setting fine" against Facebook for allegedly failing to protect users' data, The Washington Post reported Friday.
The fine is expected to be in excess of the $22.5 million fine imposed on Google in 2012.
The FTC announced it was investigating Facebook in March following the reports about Cambridge Analytica.

Lauren Feiner | @lauren_feiner
Published 18 Hours Ago Updated 18 Hours Ago

Facebook founder and CEO Mark Zuckerberg arrives to testify following a break during a Senate Commerce, Science and Transportation Committee and Senate Judiciary Committee joint hearing about Facebook on Capitol Hill in Washington, DC.
The Federal Trade Commission is considering imposing a "record-setting fine" against Facebook for allegedly failing to protect users' data, The Washington Post reported Friday. Three people familiar with the discussions but unauthorized to speak on the record reportedly told the Post about the fine.

Facebook's stock slid slightly after the Post's report was published, but shares remained positive for the day.

Facebook was accused of misusing personal information of its users when reports last year found political consultant agency Cambridge Analytica used personal information from millions of Facebook users without their explicit consent. Following the reports in March, the FTC launched an investigation into the company's data practices.

The fine is expected to be in excess of the $22.5 million fine the FTC imposed on Google in 2012 for allegedly violating an agreement to improve privacy practices, the Post reported. Sources told the Post Facebook has talked with FTC staffers about the investigation.

Facebook signed a consent decree with the FTC in 2011 that required the company to receive explicit permission from users before sharing their personal data. In March, Bloomberg reported that the FTC's probe would look into whether Facebook violated the agreement.

Since the details of Cambridge Analytica came to light, a number of other data privacy scandals have come up as well. Last month, the company admitted it allowed other major tech firms to read users' private messages, though it denies that this was done without users' consent. The company also disclosed a security breach in September that impacted as many as 50 million users. It later said only 30 million had been affected.

Facebook declined to comment. FTC employees are furloughed during the government shutdown and could not be reached for comment.

--Julia Boorstin contributed to this report.

Facebook fears no FTC fine

Sat Jan 19, 2019 3:51 pm ... ccounter=1

Facebook fears no FTC fine
Devin Coldewey @techcrunch / 24 hours

Reports emerged today that the FTC is considering a fine against Facebook that would be the largest ever from the agency. Even if it were 10 times the size of the largest, a $22.5 million bill sent to Google in 2012, the company would basically laugh it off. Facebook is made of money. But the FTC may make it provide something it has precious little of these days: accountability.

A Washington Post report cites sources inside the agency (currently on hiatus due to the shutdown) saying that regulators have “met to discuss imposing a record-setting fine.” We may as well say here that this must be taken with a grain of salt at the outset; that Facebook is non-compliant with terms set previously by the FTC is an established fact, so how much they should be made to pay is the natural next topic of discussion.

But how much would it be? The scale of the violation is hugely negotiable. Our summary of the FTC’s settlement requirements for Facebook indicate that it was:

barred from making misrepresentations about the privacy or security of consumers’ personal information;
required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;
required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;
required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and
required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.
How many of those did it break, and how many times? Is it per user? Per account? Per post? Per offense? What is “accessing” under such and such a circumstance? The FTC is no doubt deliberating these things.

Yet it is hard to imagine them coming up with a number that really scares Facebook. A hundred million dollars is a lot of money, for instance. But Facebook took in more than $13 billion in revenue last quarter. Double that fine, triple it, and Facebook bounces back.

If even a fine 10 times the size of the largest it ever threw can’t faze the target, what can the FTC do to scare Facebook into playing by the book? Make it do what it’s already supposed to be doing, but publicly.

How many ad campaigns is a user’s data being used for? How many internal and external research projects? How many copies are there? What data specifically and exactly is it collecting on any given user, how is that data stored, who has access to it, to whom is it sold or for whom is it aggregated or summarized? What is the exact nature of the privacy program it has in place, who works for it, who do they report to and what are their monthly findings?

These and dozens of other questions come immediately to mind as things Facebook should be disclosing publicly in some way or another, either directly to users in the case of how one’s data is being used, or in a more general report, such as what concrete measures are being taken to prevent exfiltration of profile data by bad actors, or how user behavior and psychology is being estimated and tracked.

Not easy or convenient questions to answer at all, let alone publicly and regularly. But if the FTC wants the company to behave, it has to impose this level of responsibility and disclosure. Because, as Facebook has already shown, it cannot be trusted to disclose it otherwise. Light touch regulation is all well and good… until it isn’t.

This may in fact be such a major threat to Facebook’s business — imagine having to publicly state metrics that are clearly at odds with what you tell advertisers and users — that it might attempt to negotiate a larger initial fine in order to avoid punitive measures such as those outlined here. Volkswagen spent billions not on fines, but in sort of punitive community service to mitigate the effects of its emissions cheating. Facebook too could be made to shell out in this indirect way.

What the FTC is capable of requiring from Facebook is an open question, since the scale and nature of these violations are unprecedented. But whatever they come up with, the part with a dollar sign in front of it — however many places it goes to — will be the least of Facebook’s worries.
Post a reply