Facebook Fury: Why Yelling at Zuckerberg Isn’t Enough

Mark Zuckerberg
Facebook CEO Mark Zuckerberg. Photo credit: TechCrunch / Flickr (CC BY 2.0)

Facebook CEO Mark Zuckerberg will be grilled this week by members of Congress about his company’s failure to ensure the privacy of Facebook users. While experts debate the details, people who log onto Facebook want to know what can be done to keep their personal information secure.

The purloined data that Zuckerberg will be quizzed about ended up in the hands of Cambridge Analytica, a political consulting firm bankrolled by supporters of President Donald Trump and masterminded by former White House strategist Steve Bannon.

A former Cambridge Analytica employee-turned-whistleblower has warned that the data may have been used to to target and manipulate voters in the 2016 US election.

Facebook recently upped its original estimate of users whose privacy had been violated in this one case to 87 million. This includes not only users who clicked on the personality-test app developed by Cambridge University academic researcher Aleksandr Kogan, but also friends of users — even those who never touched the app. (Kogan has claimed he did nothing wrong, and Cambridge Analytica denies using the Facebook data.)

Even worse, Facebook has acknowledged that its granting of liberal access to other app developers may have further compromised Facebook users’ information.

Facebook now is under investigation by the Federal Trade Commission (FTC), which is assessing whether the social media company’s practices deceived consumers and caused them harm.

Many expect the Congressional hearings to shed more light on the controversy and on how to ensure that such a breach of privacy never happens again. But given the fact that many members of Congress lack even a rudimentary understanding of the online world, we present this backgrounder, based on the comments of online privacy experts and reformers who discussed this issue last week at the DC think tank, New America.

How Could This Have Happened?

.

Kevin Bankston, director of New America’s Open Technology Institute, traced the trouble back to 2010, when Facebook, aspiring to “grow even faster,” essentially opened its doors to app developers. The developers could “access and use data from Facebook users who were using the apps,” Bankston explained. “But there was a big privacy catch. Not only could app developers obtain data from their users but also from all the friends of those users.” (Facebook ultimately took some steps to strengthen consumer privacy, but not for several years.)

Most users were in the dark about this change, unless they read the fine print of Facebook privacy policies or were able to access “a not particularly easy-to-find privacy setting for adjusting what data your friends could share about you,” Bankston said.

In 2014, Kogan’s survey app — This Is Your Digital Life — attracted 270,000 Facebook users, Bankston said. And apparently, Bankston speculated, Kogan had no trouble ignoring Facebook’s terms of service and providing that data — which grew exponentially when it included Facebook friends — to a “spooky political consulting company that wanted to build psychographic profiles of voters in order to better manipulate them.”

When Did Facebook Know About the Breach?

.

By late 2015, Facebook knew that Cambridge Analytica had users’ data. It deleted Kogan’s app. But Facebook “did little to confirm that the misappropriated data had been deleted, other than to [ask Cambridge] to certify that it had done so,” Bankston charged, adding that Facebook continued to “allow Cambridge Analytica to advertise on its platform” until March 2018, just before the controversy made the headlines.

The FTC, worried about the very abuses that Facebook now has apologized for, raised concerns about Facebook’s practices nearly a decade ago, said David Vladeck, a former FTC official and Georgetown University law professor.

“I’ve seen this movie before,” he stated. “The FTC’s consent decree [with Facebook] was designed to avoid exactly the Cambridge Analytica problem.”

The FTC charged that Facebook had deceived consumers when it promised to not share their information without their consent. “FTC said that part of the deception was allowing third parties to get access to how people exercise their political views without their consent,” Vladeck added.

But Vladeck argued that the company “has violated many provisions” of the FTC’s order.

Vladeck said that the consent decree Facebook agreed to in 2011 also attempted to “rein in” the collection of information by third parties. “If you look at the consent decree it draws a bright line between users, who are people who actually post things, and third parties who actually harvest” information about users, he said. “And the goal was to limit third party access unless there’s clear notice and clear consent.”

Facebook executives have claimed that they complied with the FTC’s order because they gave consumers the option to change their privacy settings to prevent the sharing of their personal information.

But Vladeck said he doubted that many Facebook users understood that giving permission to share their information with “friends of friends” would place it in the hands of Cambridge Analytica.

The FTC also required Facebook “to look at vulnerabilities where consumer privacy is at jeopardy, and plug those holes,” Vladeck said. “Facebook didn’t pay any attention to that,” he charged.

Vladeck said that if the FTC imposes a fine on Facebook, it could be “astronomical” since the agency considers one violation to be harming one consumer. In theory that could total $40,000 (the penalty for one violation) times 87 million consumers, he said. But Vladeck acknowledged that this would not be the number the FTC would actually use in negotiations with the company.

Are Facebook’s Changes Sufficient?

.

Facebook has announced a lot of reforms to build back consumer confidence. The company promises to better monitor third-party app developers and to give users more information about third-party apps and websites. It also has pledged to make it easier for consumers to access, understand, and use the site’s privacy settings. And it has promised much more transparency for all the political and issue ads on its platform.

Experts welcomed the changes but called for more reforms to ensure that Facebook and other companies keep the promises they make and better serve the public.

Facebook should:

  • Exert more oversight over third-party app developers. Vladeck suggests that Facebook should should audit developers, so that the company could better monitor them, with clear consequences if they break the rules.
  • Make it far easier for researchers to evaluate the company, to assess, for example, how certain ads are targeted to certain demographics — said Harlan Yu, executive director of Upturn, a DC-based nonprofit focused on technology and civil rights. More transparency and accessibility would help identify advertisers that discriminate against people of color or prey on vulnerable consumers, Yu said.

Congress should:

  • Strengthen the FTC.

The 104-year-old agency “is doing an incredible job with antiquated authority,” said FTC Commissioner Terrell McSweeny. “It is using its authority to protect consumers from unfair deceptive acts and practices,” she said. But that limited authority makes it difficult for the agency to protect consumer privacy as well.

“It is not strong enough as currently configured with its current authorities and resources” to offer consumers the protection they need “at a moment when we are connecting every part of our lives to the internet and to each other.”

Additional funding would also allow the agency to increase its technical staff and hire outside experts “to evaluate what it’s being told” by companies, she added.

  • Hold CEOs feet to the fire. One reform suggestion: Congress should require CEOs to quarterly certify that their companies are keeping their promises to their customers.
  • Rethink the concept of consent.

Experts stressed that consent does not mean much if a consumer does not understand what the consent implies.

“You don’t see the hundreds of eyes that are looking at you when you post something on Facebook, and all of this is by design,” charged Michelle De Mooy, director of privacy and data at the Center for Democracy and Technology. While conceding it would be difficult to achieve, she said Congress ought to pass a law requiring that internet platforms be designed to ensure that consumers actually know how their information is being shared. This would allow a company to be held accountable when consumers’ privacy is violated.

“Yelling at Mark Zuckerberg is a start,” she added. “But it isn’t necessarily going to make change.”


Related front page panorama photo credit: Adapted by WhoWhatWhy from Mark Zuckerberg (simosmme / Flickr – CC BY 2.0) and hearing room (U.S. Customs and Border Protection / Flickr).

Where else do you see journalism of this quality and value?

Please help us do more. Make a tax-deductible contribution now.

Our Comment Policy

Keep it civilized, keep it relevant, keep it clear, keep it short. Please do not post links or promotional material. We reserve the right to edit and to delete comments where necessary.

print

8 responses to “Facebook Fury: Why Yelling at Zuckerberg Isn’t Enough”

  1. seco says:

    Imagine if when the TV or Telephone were first commercialized, you were told that every time you turned on the TV or used the phone, a person would be listening and recording everything you talked about, between you and the person you called or monitoring (digital tv already does this now) what you watch; would you accept this?

    The current surveillance comes in the form of fast, “new”, “technology”, where the same product constantly changes marginally (iCrap, internet chat telephony) and when the Randian World Beaters of Wall Street and Silicon Valley roll out another publicly subsidized Beta test and externalize the costs (see Uber or Theranos or Juicero among others), people jump all over it like furry little Pavlovian mammals.

    Living in the time of late-stage, neoliberal so called “capitalism” (cybernetic neofeudalism), the hyper-reality and spectacle of the “market” is so ubiquitous, precarious and ultimately empty that people stuff themselves with the hollow fluff of “social” media.

    Our efforts to fight the alienation brought about by elite politics beg the question visavis “social media”:

    Which part of it is the “social” part again? which part, as Mark Zuckerberg meaninglessly repeats ad nauseam, “connects” us?

    Is it the voluntary cybernetic control or psycho-sexual consumerism which for mere fleeting moments fills the hole at the center?

    FaceCrack and Twatter or SnapCrap et al; these so called “platforms” are just commercialized man-in-the-middle attacks, couched as “free” services.

    Everything is marketing.

    “if anyone here is in advertising or marketing…kill yourself.” – Bill Hicks

  2. Paul Benjou says:

    Thank you, Celia, for shining a brighter light on this invasion of privacy.
    As Mark Zuckerberg apologizes (again) before our legislators, what lingers in the back of my mind is how we are watching the same movie play out over and over again.
    But, at least in this viewing, Facebook’s audience has grown to include what will become a congressional oversight committee. Unfortunately, it will be comprised of a myopic group of clue-ridden boomers who are so blinded by technology that Mark’s techno-shuffle will stifle them.
    As Facebook scrambles to “make things right” what needs to be known is that there are hundreds if not thousands, of data firms out there acquiring your habits and parsing it with yet other data firms.
    Facebook is the tip of a data iceberg that will claim the data aggregators that rely upon it and then it should slowly break apart or dissolve away.

  3. seco says:

    Facebook stated in its IPO prospectus, that the company may “adopt policies or procedures related to areas such as sharing or user data that are perceived negatively by our users or the general public.”

    6 months before it went public Facebook was sanctioned by the Federal Trade Commission for multiple instances of lying to its users regarding its privacy policy and was forced to sign a consent decree and agreed to make changes for up to 20 years.

    It never made those changes and it instead grossly violated its 2012 consent agreement with the FTC and continued to lie and to compromise and monetize its users data and privacy, leading directly to quarterly earnings per share and quarterly bonuses tied to the price of Facebook shares traded on the NASDAQ.

    Goldman Sachs, JPMorgan Chase, Morgan Stanley were 3 of the lead underwriters which took Zuckerbberg’s company public and made him a billionaire.

    The history of these firms shows that their business model is fraud and so it is no surprise they supported and funded Facebook and Zuckerberg who waxes about “connecting” people but is really more interested in harvesting and monetizing the life data of Facebook users into Wall Street Quarterly earnings and bonuses.

    In 1Q18, according to FINRA, the same 3 Wall Street banks that took Facebook public are trading millions of shares each month in Facebook in their respective trade portfolios.

    Zuckerberg’s business model is essentially based on securitization of data profiles and regulatory capture.

    The same as Wall Street.

  4. seco says:

    Zuckerberg has already stated that “most” of Facebook’s 2 billion+ users have had their profiles scraped by outside 3rd party apps.

    Zuckerberg and FB’s business model is securitization of user data and profiles which is the same model Wall Street uses to sell derivatives based on mortgage payment profiles, credit card payments, car payment profiles, rents and insurance payments etc.

    Wall Street banks lead by – GS, JPM, MS – funded and took FB public and made Zuckerberg a billionaire because they recognized their own business model.

  5. seco says:

    Palantir.

  6. MarkInBoston says:

    On March 18, 2018, an Obama campaign media director, Carol Davidsen, tweeted: “They (Facebook executives) came to the office in the days following election recruiting & were very candid that they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side.”

    In no uncertain terms that’s collusion to sway the outcome of a presidential election.

    From the National Review: “Carol Davidsen, the former director of Obama for America’s Integration and Media Analytics shop, explained how political bias within Facebook allowed her team to continue the practice after Facebook realized how far-reaching their capabilities were.”

    In a readily available TED Talk, Davidsen states that the Democrats scraped “the entire social network of the US” and are still, to this day, in possession of that data.

    Wexler’s (and by default WWW’s) political bias is terribly transparent. To ignore the Facebook/Obama collusion in an analysis of political cyber data mining is equally disingenuous.

    “Yelling” may not be enough, but neither is examining only half the story. It’s kinda pointless, actually.

    • Bruce Lulla says:

      Exactly – and Obama used Facebook to the tune of appropriating nearly 200 million users’ data, 100 million more than Cambridge Analytica, and since it was Obama, they were declared brilliant for having an internet-savvy team but only since it was Trump who won, is there a problem with all of this.

      If Hillary had won, none of this would have mattered. Talk about hypocrites.

  7. Jennifer says:

    The situation with Facebook is certainly a cause for concern. We are at a place in time where people are following the technological imperative, but our regulators are not keeping up. “Little thought is given to the purposes the new technology ought to serve or to the means that ought to be used to achieve those purposes” (Johannesen, Valde, and Whedbee, 2008). The Cambridge Analytica data calls our personal privacy into question and sets a standard for how we need to protect our personal information from being shared without our knowledge.
    I agree with Vladeck that Facebook’s claims of informing users and allowing them the option to change who their information is shared with are weak. Who would think that giving permission to share information with “friends of friends” means an organization that is going to use your data to manipulate you? Facebook has made some changes, but they are generally too little too late and yet we sill continue to give them the business that we want. I feel that there are many individuals that use the social media platform that don’t understand the full seriousness of the breach.
    If Facebook is imposed with a fine, it will be very interesting to see to what extent they are punished. 87 million x $40,000 is an insane amount of money.

    Johannesen, R. L., Valde, K. S., & Whedbee, K. E. (2008). Ethics in Human Communication (6th ed.). Long Grove, IL: Waveland Press.