Both Facebook And Cambridge Analytica Threatened To Sue Journalists Over Stories On CA's Use Of Facebook Data
from the this-is-bad dept
I’m going to assume that you weren’t living in an internet-proof cave this weekend, and caught at least some of the stories about Cambridge Analytica and Facebook. The news first kicked off with the announcement of a data protection lawsuit filed against Cambridge Analytica in the UK on Friday evening (we’ll likely have more on that lawsuit soon), followed quickly by an attempt by Facebook to get out ahead of the coming tidal wave by announcing that it was suspending Cambridge Analytica and some associated parties from its platforms, claiming terms of service violations. This was quickly followed on Saturday with two explosive stories. The first, from Carole Cadwalladr at The Guardian, revealing a “whistleblower” from the very early days of Cambridge Analytica (who more or less set up how it works with data profiles) named Christopher Wylie. This was quickly followed up by another story at the NY Times, which was a bit more newsy, providing more details on how Cambridge Analytica got data on about 50 million people out of Facebook.
Admittedly — much of this isn’t actually new. The Intercept had reported something similar a year ago, though it only said it was 30 million Facebook users, rather than 50 million. And that story built on the work of a 2015 (yes, 2015) story in the Guardian discussing how Cambridge Analytica was using data from “tens of millions” of Facebook users “harvested without permission” in support of Ted Cruz’s presidential campaign.
There’s a lot of heat on this story right now, and a lot of accusations being thrown around, and I’ll admit that I’m not entirely sure where I come down on the details yet. I assume people on basically both sides of this issue will scream at me and call me names over this, but there’s too much going on to fully understand what happened here. I will note that, in that Guardian story in 2015, Cruz told the publication that this data collecting and targeting effort was “very much the Obama model.” And political consultant Patrick Ruffini has a well worth reading Twitter thread arguing that people are overreacting to much of this, and that the 2012 Obama campaign did the exact same thing, and was celebrated for its creative use of data and targeting on the internet. Ad tech guy Jay Pinho makes the same point as well. Here’s a Time article from 2012 excitedly talking up how the Obama campaign used Facebook in the same way:
That?s because the more than 1 million Obama backers who signed up for the app gave the campaign permission to look at their Facebook friend lists. In an instant, the campaign had a way to see the hidden young voters. Roughly 85% of those without a listed phone number could be found in the uploaded friend lists.
Of course, there is one major difference between the Obama one and the Cambridge Analytica one, which involves the level of transparency. With the Obama campaign, people knew they were giving their data (and friend’s data) to the cause of re-electing Obama. Cambridge Analytica got its data by having a Cambridge academic (who the new Guardian story revealed for the first time is also appointed to a position at St. Petersburg University) set up an app that was used to collect much of this data, and misled Facebook by telling them it was purely for academic purposes, when the reality is that it was setup and directly paid for by Cambridge Analytica with the intent of sucking up that data for Cambridge Analytica’s database. Is that enough to damn the whole thing? Perhaps.
As for the claims that this is just the same old Facebook model of selling everyone’s data… that was not true and still is not accurate. Facebook doesn’t sell your data. It sells access to its users via the data it has on you. That may not seem different, but it is different. But the lines do seem to get a bit blurry, as it appears that Cambridge Analytica, via its partnership with the professor Dr. Aleksander Kogan (who apparently briefly changed his name to — I kid you not — Dr. Spectre) and his “Global Science Research,” basically paid people via Amazon’s Mechanical Turk to do a “personality assessment” on Facebook that, as part of the process, exposed information about their entire social graph, which GSR apparently hoovered up and passed along to Cambridge Analytica.
At the very least, it can be said that Facebook should have recognized much earlier that this could and would be done, and to understand the potential privacy problems related to it. Facebook has a fairly long and painful history of not quite realizing how what it does impacts people’s privacy, and this is one more example.
But, it’s raising a bigger question, as well, and it’s one that caused Facebook to do something that I’ll definitively call as “incredibly stupid,” which is that it threatened to sue the Guardian over its story, mainly because the Guardian story refers to this whole mess as a “data breach” for Facebook’s data.
Facebook instructed external lawyers and warned us we were making 'false and defamatory' allegations. Today they said it was not correct to call this a data breach. We are calling it a data breach. https://t.co/Q8wrw0FDyr
— Carole Cadwalladr (@carolecadwalla) March 17, 2018
And, of course, Facebook wasn’t the only one who threatened to sue. Cambridge Analytica did too:
The Observer also received the first of three letters from Cambridge Analytica threatening to sue Guardian News and Media for defamation.
There are issues of terminology here. Facebook, in its post, is adamant that what happened is not a “breach”
The claim that this is a data breach is completely false. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.
There are legal reasons why Facebook is so concerned about whether or not this is a “breach” and, let’s face it, the company is about to face a million and a half lawsuits over this, not to mention government investigations (already Senator Amy Klobuchar has demanded Mark Zuckerberg’s head on a platter testimony before the Senate and Massachusetts’ Attorney General Maura Healey has announced the opening of an investigation, and there have also been rumblings out of the UK and the EU, as well as the FTC). But, there are also some fairly important legal obligations if this was a “breach” in the traditional sense, such as disclosing that to those impacted by the breach.
I’m not entirely sure where I come down on the breach question. It doesn’t feel like a traditional breach. It wasn’t that Facebook coughed up this info, it was its users coughed up the info… and Facebook just made it easy for this outside “academic” to hoover up all that info by paying a bunch of people to take dopey personality quizzes. However, as the Guardian’s Alex Hern points out, how do you distinguish what Kogan/GSR/Cambridge Analytica did from social engineering to get information.
If you're having trouble thinking of today's story as a "breach", try rephrasing it in your head as "Facebook fell prey to a social engineering attack in which it was convinced to hand over user data by an attacker who told it what it wanted to hear".
— you heard it here first: tweting is bad (@alexhern) March 17, 2018
Of course, there is something of a difference: it still wasn’t Facebook per se coughing up the info. It was Facebook’s own users. And, you might even argue that if you believe that Facebook doesn’t “own” all this data in the first place, that it was actually those Facebook users coughing up a bunch of their own data — including lots of data about their friends. Needless to say, this is a mess where a lot more transparency might help, and that transparency is going to be forced upon Facebook with a sledgehammer in the near near future.
But, regardless of where you come down on all of this, Facebook threatening defamation against the Guardian for calling this a data breach is ludicrous and Facebook should be ashamed and apologize. Even as it clearly disagrees with how the Guardian characterized much of the story, that’s no excuse to whip out defamation threats. Not only is it incredibly stupid from a Facebook PR perspective (and makes the company look like a giant bully), it suggests that the company still has absolutely no fucking clue how to communicate with the press and the public about how its own platform works.
It’s actually quite incredible to recognize just how big Facebook has gotten in the face of how little it seems to understand about what its own platform does.
Filed Under: aleksander kogan, christopher wylie, data, data breach, data sharing, elections, transparency
Companies: cambridge analytica, facebook, global science research
Comments on “Both Facebook And Cambridge Analytica Threatened To Sue Journalists Over Stories On CA's Use Of Facebook Data”
it must be really bad
It must be really bad when Facebook is already in full damage control mode. The agreement between the FTC and Facebook about data protection could be devastating for Facebook. A fine of US$ 40k per user times 50 million users equals US$ 2 trillion.
Re: Don't forget…
…that “too big to jail” American firms get deep, deep volume discounts. ;]
I did what? Oh my goodness!
Some would argue that Facebook isn’t quite as innocent as it pretends to be when it gets caught.
The way Facebook became “the place”, at least partially hinged on bad desgn: Nobody could get their profile deleted and since social media is all about gaining enough momentum they automatically got a buff to the baseline of users seeking other users, which accelerated the ball.
Suckerberg has always been a very bad ambasador for the company and he lacks the slick to avoid getting in trouble. He didn’t do anything about the “I See Dead Profiles”-situation before the lawsuits were nearing a resolution he didn’t like. He seems to have a policy of never acting for the users interest without significant legislative or political pressure. That is why Facebook will become quite a Facepalm as soon as the fines rain down on them.
The Duck Test
This isn’t a “data breach” for Facebook in the same way that David Cohen isn’t a “lobbyist”.
Re: Th Gullibility Test
The gullibility test is having information on Facebook for these social engineers to get information, you aren’t willing to part with.
A couple of early observations
1. “The Intercept had reported something similar a year ago, though it only said it was 30 million Facebook users, rather than 50 million.”
I think it’s probably prudent to think of 50M as a floor, not a ceiling. These incidents are ALWAYS worse. See: Experian. See: Yahoo. See: pretty much any dataloss/breach/security incident over the past couple of decades.
2. “Cambridge Analytica got its data by having a Cambridge academic (who the new Guardian story revealed for the first time is also appointed to a position at St. Petersburg University) set up an app that was used to collect much of this data, and misled Facebook by telling them it was purely for academic purposes[…]”
This is blatant academic misconduct. In the US (can’t speak to UK law) all research involving human subjects – which includes their data – has to go through a vetting process which includes details on what data will be involved, what will be done with it, what the research objectives are, how the data will be protected, how the data will be retained/destroyed, etc. This includes an IRB (Institutional Review Board) which includes insiders (such as people at the same institution) and outsiders (people who aren’t) and has veto authority. If you tell the IRB “we’re going to study there/they’re/their conflation among millenials” and you instead use the data to study their choices in smartphones, it’s not going to go well for you when the IRB finds out. And this present case is clearly much, much worse.
3. “Facebook doesn’t sell your data. It sells access to its users via the data it has on you.”
And it has gone to enormous lengths to acquire, store, and analyze that data. That’s why its market valuation is upstairs of $200B. Facebook acquires every scrap of data that it can about everyone and everything, and subjects it to excruciating analysis: that’s its entire reason for existing, the “social” features are just wallpaper over the important machinery.
Given that singular focus, I find it VERY hard to believe that anyone or anything accessed data on 50M people and wasn’t noticed. That should have left a trail a mile wide in the logs, easily noticed with even perfunctory analysis.
So either they weren’t monitoring what their own operation was doing — which would be a stunning level of incompetence and negligence — or they knew about this all along.
Re: A couple of early observations
your last six words.
In order to determine if this was a breach or not I think we just need to ask two questions. 1. Does Cambridge Analytica have a copy of the data? 2. Did Facebook intend for Cambridge Analytica to have a copy of the data.
If the answer to 1 is no or the answer to 2 is yes then no breach. However we are pretty sure the answer to 1 is yes and the answer to 2 is no, so the protections on the data were breached.
Re: Re:
Who could <i>possibly</i> have suspected that Russian meddling went so deep into social media?
OH, wait, it was predicted ten years ago.
Re: Re:
But Facebook did intend for them to have the data. They even provide an API for it.
Re: Re: Re:
Exactly, Facebook thinks that Cambridge Analytica did nothing wrong.
Seems to me
Either it is a data breach or Facebook is complicit in the misuse of the data.
I’m sure facebook lawyers are making new definitions for the term “Data Breach” as we speak. If you or I did what Cambridge Analytica did, we would be facing years in jail for violation of the CFAA.
FACEBOOK USER = BRAIN DEAD IDIOT
The internet already told you everything you need to know about Facebook:
"They trust me… dumb fucks." — Mark Zuckerberg
https://duckduckgo.com/?q=they+trust+me+dumb+fucks
Re: Re:
“The internet already told you everything you need to know about Facebook:”
It also told me everything I need to know about Chuck Norris. That doesn’t make any of it true, though.
While it’s notable that you chose a search engine that will probably show the same results to people regardless of their search history, it’s interesting that you link to search results rather than whatever sources are shown. There must be a reason why you haven’t chosen a reliable source, but keep linking to random search result pages.
My guess is that there’s a reason why those ellipses are present in the quote, that the sources who do reflect what you’re claiming are known to have strong biases, or that you just want plausible deniability. That is, if someone questions you claim, they just read the “wrong” search result. Not a particularly common tactic, but one that’s transparent enough to recognise.
Re: Re:
What the fuck, dude. You think the quote is not accurate? I linked to a search engine to point out multiple sources. If I had not embarrassed you in that other thread, you would not be following me around posting stupid shit like this. Crazy narcissist.
Re: Re: Re: Re:
“I linked to a search engine to point out multiple sources”
Yes, you did. I’m not doing your research for you. I know this pathetic tactic, and I’m not wasting my time running around.
I mean, the quote is fairly meaningless anyway, since I’ll bet that most CEOs of major corporations have similarly low opinions of their customers (Trump is verified as stating as such about his fans as well, for example). But, a damning quote filled with ellipses and no reliable sources is normally a red flag that there’s a reason why there’s not a full quote.
“If I had not embarrassed you in that other thread”
When was that? I can only see one thread you have participated with me in. and you haven’t replied to my answers there. Are you so narcissistic that you think that making a few statements, and then running before someone replies, counts as a “win”? Or, are you thinking of another alt you were using so that people can’t tie your answers there with this 6 comment (so far) account?
Re: Re: Re:2 Re:
Your portfolio holds a significant position in Facebook, doesn’t it?
Re: Re: Re:3 Re:
It’s funny, isn’t it? A person can’t have an actual independent opinion, if a person counters any of the stupid conspiracy crap they must be ONE OF THEM!!!!! I know such fantasies help you people sleep at night, but if you’d actually talk to people in a mature and civil manner you’d be surprised at how many people you think are your enemy are just the same as you. Or, just having fun with lunatics at a safe distance..
Re: Re: Re: Re:
You literally cited "the internet" as your source.
That a phrase has multiple results in a search engine does not prove that those sources are accurate. If you like, I could link to some searches that produce multiple sources claiming that Mr. Rogers was a heavily-tattooed Navy veteran, Stanley Kubrick faked the moon landing, and both Einstein and Churchill said that the definition of insanity is repeating the same thing over and over and expecting different results.
Maybe Zuckerberg said that and maybe he didn’t. All your DDG link proves is that some people think he said it. It’s the equivalent of "a lot of people are saying…"
Wow, dude. I don’t know who you are and I can’t recall ever seeing you before. But the first impression you’ve just made? It’s not good. I’m pretty close to adding you to my blocklist and making sure it’s also the last impression.
Re: Re: Re:2 " I'm pretty close to adding you to my blocklist"!!!
OMG, “Thad” has again threatened to block an account name with script! HA, HA! What a sensitive little snowflake you are. Already used your only weapon of blinding yourself: WHAT NOW?
Re: Re: Re:3 " I'm pretty close to adding you to my blocklist"!!!
Hey blue you sound triggered.
Re: Re: Re:3 " I'm pretty close to adding you to my blocklist"!!!
Everyone blocks you by clicking a flag.
Re: Re: Re:2 Re:
“You literally cited “the internet” as your source.”
Hey now, I’ve also got lots of results:
https://duckduckgo.com/?q=td+is+a+secret+communist&t=hb&ia=products
It must be true!
Re: Re: Re: "TD", you will not last long here. This is a WEIRD site,
like no other. You expect ordinary reason and civility, and will get neither.
You see it already. No matter how well known the quote is, it’s just flatly contradicted. The "PaulT" account is one of the most prolific fanboys-trolls.
Simply put — though I try to warn reasonable people, none believe this for a while — if you don’t agree 100% with The Masnick, you will be contradicted and ad hommed; then your comments will be censored, I mean "hidden" as they euphemize, though those of fanboys NEVER are, no matter how vile and off-topic; and you’ll soon be typing all upper-case just trying to get the fanboys to admit water is wet. Standard tactic against ALL dissenters here. Intent is to run you off: Masnick doesn’t care about numbers of readers, only about pushing corporatist agenda.
Take a look at this, tells all need to know:
https://copia.is/wp-content/uploads/2015/06/sponsors.png
Re: Re: Re:2 "TD", you will not last long here. This is a WEIRD site,
Oh my god.
11:06 AM: “though I try to warn reasonable people, none believe this for a while — if you don’t agree 100% with The Masnick, you will be contradicted and ad hommed”
11:07 AM: “OMG, “Thad” has again threatened to block an account name with script! HA, HA! What a sensitive little snowflake you are. Already used your only weapon of blinding yourself: WHAT NOW?”
Congratulations. Thou hast undone thyself more effectively than any foe of thine would dare dream.
Re: Re: Re:2 "TD", you will not last long here. This is a WEIRD site,
“if you don’t agree 100% with The Masnick, you will be contradicted and ad hommed”
I have had disagreements in the past as an AC. Unfortunately I can’t link them as I don’t remember everything I have posted as an AC. I don’t believe any of my posts have been blocked and had meaningful discussions. But even if I would agree with you view, I would still report you for the toxicity of your post. The people that keep getting blocked always seem toxic out of the gate and don’t even try to have a civil conversation. PaulT’s first response seems quite reasonable and TD’s response to PaulT is “What the fuck dude?”. And then starts ranting instead of actually countering the argument.
Re: Re: Re:2 "TD", you will not last long here. This is a WEIRD site,
“No matter how well known the quote is, it’s just flatly contradicted”
I’ve never seen it before, thoug I tend to ignore such things, especially when it contains ellipses while being used to smear someone. Why are you people afraid to provide a verifiable source for it, let alone furnish us with a reason why it matters. CEOs of large corporations think the public are stupid. Well… durr. But, so do people like Alex Jones and Rupert Murdoch, which is why they are taking you guys for such a ride.
“Take a look at this, tells all need to know”
That you copied an image from a website that was voluntarily posted there by the site’s author, and you have been whining ever since about it being proof of some grand conspiracy because one of the names on the list is the one you have a hard on for? I’m still waiting to hear where Namecheap and Automattic fit into the conspiracy here?
Yes, we are well aware of your lack of logical thinking ability, but yet here we are still trying to educate you. But, conspiracies are easier than accepting facts, aren’t they?
Re: Re: Re:
Note according to here https://en.wikiquote.org/wiki/Mark_Zuckerberg
that quote was done in 2004, the say year facebook was founded.
Full exchange:
Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend’s Name]: What? How’d you manage that one?
Zuck: People just submitted it.
Zuck: I don’t know why.
Zuck: They “trust me”
Zuck: Dumb fucks
Re: Re: Re: Re:
Thanks for the link and source.
Re: Re: Re:2 Re:
Yep, nice to have thing confirmed. But, really? That’s what these guys are basing things on? Founder of a highly successful company was a bit of a dick in college and had a low opinion of what he’d say were his lesser peers. Well… no shit. You’d have thought they’d have better material.
Re: Re: Re:
http://www.businessinsider.com/well-these-new-zuckerberg-ims-wont-help-facebooks-privacy-problems-2010-5
Happy?
Re: Re: Re: Re:
Well, what do you know. An actual link, not some raving lunatic’s blog and evidence that can be discussed without some idiot going “you clicked on the wrong link”. Not a random web search but an actual citation.
Thanks. If one the other guy was that honest, but judging by his silence here and the other thread he was attacking me in he’s long since departed. Presumably to pretend to his friends at Infowars that he “won” something here.
For what it’s worth, the link says what I thought it would. The comments were taken out of context (he’s talking about fellow students, not Facebook’s customers), refer to his time at Harvard long before the Facebook we know now and have very little to do with the modern corporation. Sure, you can spin it into saying that this somehow reflects the way Facebook is designed today, but you can equally say that it reflects the thoughts of an immature college kid who believed he was having a private conversation not related to any kind of business. Which – guess what! – is exactly what he was at the time the comments were made.
That will be why it never stuck in my mind previously – it’s such a trivial piece of nonsense that only the kind of person who is already geared to look for conspiracy will find one. Guys, if you need to spin a story, link to the facts first and don’t be surprised if people notice the spin and omissions if they are there. But, you have to come up with something better than “Zuckerberg made some comments at college” to tie into modern conspiracies.
Re: Re: Re:2 Re:
I don’t think it requires any kind of conspiracy theorizing to believe that Zuckerberg has cavalier opinions about his customers’ privacy and does not take securing their data seriously.
He’s expressed opinions like "privacy is over" a lot more recently than his college days. And there’s quite a lot of evidence coming out that he was aware of risks like the current Cambridge Analytica situation and deliberately ignored warnings as he made money hand-over-fist.
The "dumb fucks" quote is, perhaps, not evidence in and of itself of Zuckerberg’s current operating philosophy. But it’s one piece of evidence, alongside many others.
He doesn’t seem to me like he’s gotten any less arrogant since college. And he’s only ever shown humility and a commitment to doing better when he’s gotten caught and his stock price has suffered.
He was warned about Cambridge Analytica in 2015. There’s a reason he’s calling for an investigation now and didn’t then: because now he’s been caught, Facebook stock has taken a tumble, and he’s got government regulators breathing down his neck (the FTC, for starters, with more sure to come, and not just in the US).
Re: Re: Re:3 Re:
I agree that Zuckerberg’s personal opinions may be driving the overall company’s privacy tactics and may not be tempered by the many other people running the company. But, private comments he made before the thing even became a company are not evidence of current corporate policy. Him being a dick at Harvard does not represent current corporate strategy. It’s also most likely no different to what any current CEO of any major corporation will have been saying if you could get their college conversations as well.
It’s extraordinarily weak criticism, whichever way you spin it.
Re: FACEBOOK USER = BRAIN DEAD IDIOT
Except that you won’t be able to avoid having a Facebook account, thanks to websites using oAuth to rely on Facebook and Twitter to authenticate users. It’s already common to see….
“To read this article, log in using Facebook or Twitter.”
“To download the firmware update for your camera, log in using Facebook or Twitter.”
I wouldn’t be surprised if in five years you can’t pay your water bill without a Facebook or Twitter account.
Re: Re: FACEBOOK USER = BRAIN DEAD IDIOT
ALT+F4
While I know that regardless, my data is still out there, I am not handing it to them on a plate.
Re: Re: FACEBOOK USER = BRAIN DEAD IDIOT
You don’t have to visit sites that require Facebook logins to read (and/or comment on), just move on if they do.
Also, some sites at least, have had bad experiences with requiring Facebook logins, see Techcrunch’s post on giving up Facebook comments.
Re: Re: Re: FACEBOOK USER = BRAIN DEAD IDIOT
That’s not always an option. I have two devices – including a new camera – where there was no mention that a Facebook account was required to use them, get firmware updates, etc.. Not even in third-party reviews. You only find out after you’ve opened the package.
Re: Re: Re:2 FACEBOOK USER = BRAIN DEAD IDIOT
You may want to just get a proper camera, like a 35mm. I know, it’s old school, but you’ll really learn a lot about the scientific and practical principles of photography by getting hands on with film. If you develop your own film (not too hard, just practice with it,) no privacy issues there. Plus, it’s fun.
Re: Re: Re:3 FACEBOOK USER = BRAIN DEAD IDIOT
It a spherical image camera, a Ricoh Theta V. 360° 4K Videos and 360° 12MP Photos.
There’s probably a lens for that, but the Oculus Rift doesn’t support playback from 35mm.
at least we can be reasonably sure this is the end of Zuckerberg for President.
Re: Re:
Really? Have you seen the current one? He’s got a long way to catch up.
Re: Re: Re:
Yeah, but Zuckerberg wouldn’t be running as a Republican.
Re: Re: Re: Re:
What makes you say that?
Re: Re: Re:2 Re:
Well, for starters, the Republicans already have a guy.
Re: Re: Re:3 Re:
Zuckerberg is only 33, he’s got plenty of time to age and let the pre-requisite old-age dementia set in before he can become president.
Re: Re: Re:4 Re:
But people were pulling out "he’s going to run for President" theories because he appeared to be gearing up to run now — listening tours in early primary states, that sort of thing.
Re: Re: Re:5 Re:
Unless he has early onset dementia he wouldn’t be eligible to run yet 😉
Re: Re:
Based on the current Incompetent-in-chief, I fail to see how.
Re: Re:
Considering he’ll only be 36 for the elections in 2020 (and the minimum age to run is 35) I’d say he’s got a few more decades to recover from this if he really wants to get involved in politics.
Regulate Them
If a bank has to know everything about the customers they do business with, why doesnt Facebook? Facebook shouldnt be allowed to do business with countries or entities under US sanction. You should be able to get a full copy of the profile FB has built on you, and have it deleted if you request it. This should also be verifiable, and include steep fines if they dont comply.
Re: Regulate Them
“If a bank has to know everything about the customers they do business with, why doesnt Facebook?”
There’s plenty of reasons. Some are very obvious when you actually think about them instead of having an immediate kneejerk reaction.
Re: Re: Regulate Them
If there are so many…why not give an example. The Russians even paid in RUBLES. Were they from entities that are under sanctions? Was it via a bank under sanction? If they were asked would they know? They get by with little or no regulation. That needs to change since they dont even seem capable of fixing the problem on their own
Re: Regulate Them
If .. the operative word here.
Re: Re: Regulate Them
Actually…if doesn’t apply. They do, by law, have to know.
See For Yourself
If you havent seen this interview with the whistle-blower…its worth your time
https://www.youtube.com/watch?v=FXdYSQ6nu-M
Intelligence is knowing Facebook wasn’t hacked.
Wisdom is knowing Facebook was hacked.
When you have millions of users throwing data at you, you have a responsibility to protect it from abuse/misuse.
Re: Re:
Except that it’s not their only responsibility.
Those with a responsibility to shareholders tend not to define monetizing you as abuse/misuse.
Friend data
If my data is provided without my consent (by Facebook or by my "friends"), that’s just a minor difference. I would never willingly authorize anyone to give my personal information to either group.
A very important point to make here is that Facebook fully authorized the transmission of data. Full permission was granted for certain circumstances — academic research.
These circumstances were then ignored and broken.
The only leak that occurred was from the professor, at the behest of Cambridge Analytica, who "leaked" it from their legitimately-agreed-to "academic research" database, into Cambridge Analytica’s primary database.
It was a leak of Facebook data, but the leak was not through any level of Facebook’s security.
The most Facebook that did wrong was not monitoring the professor close enough to make sure he was abiding by the terms of the agreement. Thus, Facebook is basically the victim of a phishing attack and giving data to false pretenses, not the victim of a leak.
However, I think it’s pretty weak to threaten to sue journalists over reporting it as a leak. The difference is of a technical nature that the general public might not understand, nor care about — Facebook still allowed their data to get stolen, and it doesn’t matter much to them whether it was willingly handed over and misused, or unwillingly stolen.
Re: Re:
…and giving them the data in the first place, without the informed consent of the users.
Re: Re: Re:
And also giving their data to a government that tortures people.
Not a data breach in the legal term
The article sort-of answers it’s own question:
“But, regardless of where you come down on all of this, Facebook threatening defamation against the Guardian for calling this a data breach is ludicrous… “
The answer:
“There are legal reasons why Facebook is so concerned about whether or not this is a “breach”…”
So the point is that Facebook is suing to prevent the legal term “data breach” from spreading too much further because the word “breach” means (or implies) data was stolen or server were hacked. But in this case, the data was freely given… sure, the data was misused, but it wasn’t stolen.
Accountability and canaries
“The most Facebook that did wrong was not monitoring the professor close enough to make sure he was abiding by the terms of the agreement.”
1. It’s not clear — as least not yet — that they monitored him AT ALL, which is incredibly irresponsible. Referring back to what I said upthread about academic research (and once again, I’m not familiar with UK law) entities providing data to academic researchers are expected to keep an eye on what they’re doing. That might mean asking for reports, or conducting audits, or other things, but the gist is that you can’t just hand over the data and wash your hands of responsibility.
2. What Facebook should have done is put canaries in place: synthetic profiles that are positioned so that they’ll be picked up by this researcher and ONLY by this researcher. If that data turns up elsewhere, or if there are indications that the data is being used elsewhere, that proves there’s a data path from Facebook through this particular researcher to someone else — at which point some serious questions need to be asked.
Aggregate it and it will be stolen
There’s this stupid food fight about what to call Facebook data falling into nefarious hands for “psy ops”.
The problem is, these aggregations exist, and we can *expect* them to be misused — think Experian! Cell Site Info and drug prosecutions! Random, warrantless police searches for drugs!
So, tell us about those “psy ops”, so we can all start resisting them…instead of just putting on our tin-foil hats!
Big Time Trending #deleteFacebook
Friends don’t let friends use Facebook.
Even Edward Snowden says deleteFacebook.
"Consent"
There is no consent if the company lied about the purpose of collecting the data and lied about what would be done with it.
Fraudulent consent == no consent.
I expect that there will be a class action regarding this, if there isn’t one already.
The sequel to the Social Network is going to be a much better movie.
Facebook "data-breach" or
“Facebook-data” breach.
Either way it’s a breach of the users’ trust.
Silicon valley has a long history of curious business practices.
In some cases large companies appear to be enabling competitors. They let key people depart to form start-ups with their proprietary information. They provide data and assistance to other start-ups.
They then buy the successful start-ups for a significant multiple of what those start-ups spent developing a proto-product or a market.
What is really happening is that they are externalizing R&D. It mitigates risk and has tax advantages.
Facebook is likely more upset that this situation has screwed over their attempt to skirt data protection laws than that a small company has mis-used Facebook’s data and has been competing with them. (Read that as “testing the revenue potential of this market”.)
Re: You have NO idea who controls those corporations: could be
all one, started by CIA or any other multi-national entity. Since the corporate take-over, there’s VERY little anti-trust enforcement, and almost none against the major corporations, Facebook and Google among them, which Snowden said give NSA “direct access”.
It’s proven that about 90% of media outlets are controlled by (as I recall) just SIX corporations. You just don’t suspect how far down the “Deep State” goes, and that NOT suspecting enables Them to go on pretending to be multiple voices / competing.
“…Facebook should be ashamed and apologize.”
I don’t think that you are appreciating the gravity of the situation, Mike.
Once data are out there they can be re-purposed for anything.
There is a serious possibility that microtargetted political advertising, based on machine learning/optimization models, trained with the person-level data being harvested by – basically everyone – is deciding election outcomes.
And these data could be used for much worse than this. Read “IBM and the Holocaust” to see the role of data and technology back then. Nowadays surveys are not necessary to get a list of Jews or homosexuals or dissidents. Google could put together such lists in a couple of days. For governments it would be even easier. This is what Snowden was trying to warn us about.
Ubiquitous, unregulated, industrial-scale theft of personal data is not a sustainable business model. It is a disaster waiting to happen. Ownership of person-level data must sit with the person it is about. Breaches and abuse must carry serious consequences. Google and Facebook will still be able to function – they will just need to stop being shady data thieves and be transparent about exactly how they are using OUR data.
What the hell is the fuss? Information wants to be free!
For keeping and collating in UN-necessary detail, far beyond any actual "targeting" could increase the value of advertising, Facebook and Google and many other globalist corporations need to be regulated out of existence.
Snowden is hot on this too, now, after what, five years?
By the way: it’s now clear that Snowden AND Kim Dotcom AND the EU court just last week ruling against "Investor-State Dispute" arbitration agree with me on the danger of corporatists and masnicks. Odd, ain’t it, that so diverse a bunch agree? Yet Masnick is still for total surveillance.
I really do have to wonder about the legality and ethics of allowing a person to give consent to harvesting their friends’ contact details (without the friends’ permission).
Not that is new – malware and “data analytic” companies have been harvesting contacts and phone books for years.
It’s still a disgusting invasion of privacy. Are we to just have no friends? Provide your own details if you want, but don’t try dragging your friends / contacts in with you.
Facebook’s extended reputation management team at TD must be stressed this week. I feel for you guys, Mike.
Re: Re:
Don’t worry though, I believe in you. I’m sure you’ll figure out how to spin this to make Facebook look like a victim.
Facebook Privacy Settings
It has been documented many times over the years how Facebook kept altering privacy settings / make it difficult for people to alter their privacy settings to a less permissive level.
When it is (arguably deliberately) made difficult for peoples (and their contacts) information *NOT* to be shared as a matter of course, then Facebook are partially complicit
If it is Not a Simple Breach, it is Worse
It used to be that only clueless individuals and small companies threatened journalists for reporting news, but it is disturbing that the giants thing that this is a useful thing to do. I hope Facebook can be SLAPped down.
Beyond that, by pointing out that this is not a simple breach, I hope this will bring attention to something worse, that Facebook’s ‘business as usual’ is hardly distinguishable from a breach.
So Cambridge Analytica did a survey with 270,000 users, and collected information about 50 million users. They claimed that the information would be used for academic purposes, but was used for political purposes.
And Facebook claims that it wasn’t a data breach. On the contrary, they consider that the actions by Cambridge Analytica were completely normal.
Wow, that’s seriously shameless.
Re: Re:
It is called election tampering.
Re: Re:
There’s a distinction between “completely normal” and “not a data breach”.
Based on what I’ve heard about the events so far, I can see room for them to argue that “nobody broke our security, so it’s not a data breach; someone violated their agreement governing how they could use what we permitted them to access, and that’s a problem, but it’s not a data breach”. (Although I don’t know whether they’re actually making that argument.)
Whether that distinction is important enough to be worth maintaining separate terms for the two things is another question.
Re: Re: Re:
In their description, I believe they consider “breach” to mean their security was broken, whereas this was more a violation of T&Cs. It’s an important distinction to make, even if some won’t see the difference in the end result.
What kind of data has been taken?
I feel like kind of a dope because I can’t seem to figure out what sort of data has been taken. Does this group now have access to user phone numbers, addresses, date of birth, email address? Or do they know that I have liked/commented on memes representative of my political or ideological beliefs, that I like local thrift stores, an art product called Unicorn Spit, Cyanogen Mod, the Innocence Project, the White Stripes, and MPP?
I mean, if this group is using any of my personal contact information to reach out to me, that could be annoying, but easily ignored. Now if they sold this data to Lexus Nexus (which probably mines this data from FB from other sources) and it gets in the hands of bill collectors, then I am angry and I want blood.
On the other hand, if this company wants to analyze my likes and try to figure out who I am, whether and how to target me for political ads, and how they think they can “influence” me, then I really couldn’t care less. I’m not bothered by seeing ads for products that I am actually shopping for online- beats erectile dysfunction treatment, magic weight loss tea, and schemes to make money without doing anything that I have zero interest in. I am not a Democrat nor a Republican so I doubt I fit anyone’s key demographic for politics anyway. I read from sources that lean far left, right and everything in between, to understand issues from everyone’s perspective, so I doubt the few minutes I spend on FB is going to effectively influence me. But then again, maybe I am just willfully blind to being a tool….
out_of_the_blue just hates it when due process is enforced.