Skip to content

Monthly Archives: March 2019

Facebook’s Data Deals Are Under Criminal Investigation

Throw the book at em, and wind down this house of despicable spies and greedy exploiters of their (arguably gullible) flock

Quote

Federal prosecutors are conducting a criminal investigation into data deals Facebook struck with some of the world’s largest technology companies, intensifying scrutiny of the social media giant’s business practices as it seeks to rebound from a year of scandal and setbacks.

A grand jury in New York has subpoenaed records from at least two prominent makers of smartphones and other devices, according to two people who were familiar with the requests and who insisted on anonymity to discuss confidential legal matters. Both companies had entered into partnerships with Facebook, gaining broad access to the personal information of hundreds of millions of its users.

The companies were among more than 150, including Amazon, Apple, Microsoft and Sony, that had cut sharing deals with the world’s dominant social media platform. The agreements, previously reported in The New York Times, let the companies see users’ friends, contact information and other data, sometimes without consent. Facebook has phased out most of the partnerships over the past two years.

A grand jury in New York has subpoenaed records from at least two prominent makers of smartphones and other devices, according to two people who were familiar with the requests and who insisted on anonymity to discuss confidential legal matters. Both companies had entered into partnerships with Facebook, gaining broad access to the personal information of hundreds of millions of its users.


Yep, no surprise here. The invasion of privacy extends much further including the oligopolist, and in many cases, outright monopolies in the mobile phone carriers, ISPs and beyond. When will the U.S. get serious about anti-trust enforcement in the tech industry?

“We are cooperating with investigators and take those probes seriously,” a Facebook spokesman said in a statement. “We’ve provided public testimony, answered questions and pledged that we will continue to do so.”

[Read Brian Chen’s story on what he found when he downloaded his Facebook data.]

It is not clear when the grand jury inquiry, overseen by prosecutors with the United States attorney’s office for the Eastern District of New York, began or exactly what it is focusing on. Facebook was already facing scrutiny by the Federal Trade Commission and the Securities and Exchange Commission. And the Justice Department’s securities fraud unit began investigating it after reports that Cambridge Analytica, a political consulting firm, had improperly obtained the Facebook data of 87 million people and used it to build tools that helped President Trump’s election campaign.

The Justice Department and the Eastern District declined to comment for this article.

The Cambridge investigation, still active, is being run by prosecutors from the Northern District of California. One former Cambridge employee said investigators questioned him as recently as late February. He and three other witnesses in the case, speaking on the condition of anonymity so they would not anger prosecutors, said a significant line of inquiry involved Facebook’s claims that it was misled by Cambridge.

In public statements, Facebook executives had said that Cambridge told the company it was gathering data only for academic purposes. But the fine print accompanying a quiz app that collected the information said it could also be used commercially. Selling user data would have violated Facebook’s rules at the time, yet the social network does not appear to have regularly checked that apps were complying. Facebook deleted the quiz app in December 2015.

The disclosures about Cambridge last year thrust Facebook into the worst crisis of its history. Then came news reports last June and December that Facebook had given business partners — including makers of smartphones, tablets and other devices — deep access to users’ personal information, letting some companies effectively override users’ privacy settings.

The sharing deals empowered Microsoft’s Bing search engine to map out the friends of virtually all Facebook users without their explicit consent, and allowed Amazon to obtain users’ names and contact information through their friends. Apple was able to hide from Facebook users all indicators that its devices were even asking for data.

Privacy advocates said the partnerships seemed to violate a 2011 consent agreement between Facebook and the F.T.C., stemming from allegations that the company had shared data in ways that deceived consumers. The deals also appeared to contradict statements by Mark Zuckerberg and other executives that Facebook had clamped down several years ago on sharing the data of users’ friends with outside developers.

F.T.C. officials, who spent the past year investigating whether Facebook violated the 2011 agreement, are now weighing the sharing deals as they negotiate a possible multibillion-dollar fine. That would be the largest such penalty ever imposed by the trade regulator.

Facebook has aggressively defended the partnerships, saying they were permitted under a provision in the F.T.C. agreement that covered service providers — companies that acted as extensions of the social network.

The company has taken steps in the past year to tackle data misuse and misinformation. Last week, Mr. Zuckerberg unveiled a plan that would begin to pivot Facebook away from being a platform for public sharing and put more emphasis on private communications.

No guns or lockpicks needed to nick modern cars if they’re fitted with hackable ‘smart’ alarms

Vulnerable kit can immobilise motors and even unlock doors

Quote

Researchers have discovered that “smart” alarms can allow thieves to remotely kill your engine at speed, unlock car doors and even tamper with cruise control speed.

British infosec biz Pen Test Partners found that the Viper Smart Start alarm and products from vendor Pandora were riddled with flaws, allowing an attacker to steal a car fitted with one of the affected devices.

“Before we contacted them, the manufacturers had inadvertently exposed around 3 million cars to theft and their users to hijack,” said PTP in a blog post about their findings. The firm was inspired to start looking at Pandora’s alarms after noticing that the company boasted their security was “unhackable”.

Thanks to an unauthenticated corner of the service’s API and a simple parameter manipulation (an indirect object request, IDOR), PTP said they were able to change a Viper Smart Start user account’s password and registered email address, giving them full control over the app and the car that the alarm system was installed on.

All they had to do was send a POST request to the API with the parameter “email” redefined to one of their choice in order to overwrite the legitimate owner’s email address, thus gaining access and control over the account.

PTP said that in a live proof-of-concept demo they were able to geolocate a target car using the Viper Smart Start account’s inbuilt functionality, set off the alarm (causing the driver to stop and investigate), activated the car’s immobiliser once it was stationary and then remotely unlocked the car’s doors, using the app’s ability to clone the key fob and issue RF commands from a user’s mobile phone.

Even worse, after further API digging, PTP researchers discovered a function in the Viper API that remotely turned off the car’s engine. The Pandora API also allowed researchers to remotely enable the car’s microphone, allowing nefarious people to eavesdrop on the occupants.

They also said: “Mazda 6, Range Rover Sport, Kia Quoris, Toyota Fortuner, Mitsubishi Pajero, Toyota Prius 50 and RAV4 – these all appear to have undocumented functionality present in the alarm API to remotely adjust cruise control speed!”

Both Pandora and Viper had fixed the offending IDORs before PTP went public. The infosec firm noted that modern alarm systems tend to have direct access to the CANbus, the heart of a modern electronic vehicle.

A year ago infosec researchers wailed that car security in general is poor, while others discovered that electronic control units (ECUs), small modular computers used for controlling specific vehicle routines that were done mechanically years ago, were vulnerable to certain types of hack even with the engine off and the car stationary.

That marketing email database that exposed 809 million contact records? Maybe make that two-BILLION-plus

Quote

Updated An unprotected MongoDB database belonging to a marketing tech company exposed up to 809 million email addresses, phone numbers, business leads, and bits of personal information to the public internet, it emerged yesterday.

Today, however, it appears the scope of that security snafu may have been underestimated.

According to cyber security biz Dynarisk, there were four databases exposed to the internet – rather than just the one previously reported – bringing the total to potentially more than two billion records weighing in at 196GB rather than 150GB.

Anyone knowing where to look on the ‘net would have been able to spot and siphon off all that data, without any authentication.

“There was one server that was exposed to the web,” Andrew Martin, CEO and founder of DynaRisk, told The Register on Friday. “On this server were four databases. The original discovery analysed records from mainEmailDatabase. The additional three databases were hosted on the same server, which is no longer accessible.

“Our analysis was conducted over all four databases and extracted over two billion email addresses which is more than the 809 million first discussed.”

The databases were operated by Verifications.io, which provides enterprise email validation – a way for marketers to check that email addresses on their mailing lists are valid and active before firing off pitches. The Verifications.io website is currently inaccessible.

The database first reported included the following data fields, some of which, such as date of birth, qualify as personal information under various data laws:

Email Records (emailrecords): a JSON object with the keys id, zip, visit_date, phone, city, site_url, state, gender, email, user_ip, dob, firstname, lastname, done, and email_lower_sha265.
Email With Phone (emailWithPhone): No example provided but presumably a JSON object with the two named attributes.
Business Leads (businessLeads): a JSON object with the keys id, email, sic_code, naics_code, company_name, title, address, city, state, country, phone, fax, company_website, revenue, employees, industry, desc, sic_code_description, firstname, lastname, and email_lower_sha256.
…..

Over a Dozen Children’s and Consumer Advocacy Organizations Request Federal Trade Commission to Investigate Facebook for Deceptive Practices

It is not just me Tilting at Windmills as some have suggested. The Facebook and related social media threats are real – especially to our children.

Contact:
David Monahan, CCFC: david@commercialfreechildhood.org; (617) 896-9397
Lisa Cohen, Common Sense: lcohen@commonsense.org; (310) 395-2544

Over a Dozen Children’s and Consumer Advocacy Organizations Request Federal Trade Commission to Investigate Facebook for Deceptive Practices

SAN FRANCISCO, CA — February 21, 2019 — Earlier today, Common Sense Media, Campaign for a Commercial-Free Childhood, Center for Digital Democracy, and over a dozen organizations called upon the Federal Trade Commission (FTC) to investigate whether Facebook has engaged in unfair or deceptive practices in violation of Section 5 of the Federal Trade Commission Act and the Children’s Online Privacy Protection Act (COPPA).

“Facebook’s practice of ‘friendly fraud’ and referring to kids as ‘whales’ shows an ongoing pattern of the company putting profits over people. Kids, under any circumstances, should not be the target of irresponsible and unethical marketing tactics,” said Jim Steyer, CEO of Common Sense Media. “Facebook has a moral obligation to change its culture toward practices that foster the well-being of kids and families, and the FTC should ensure Facebook is acting responsibly.”

The FTC complaint is in response to unsealed documents from a 2012 class action lawsuit that Facebook settled in 2016. Upon a Freedom of Information Act request filed by the Center for Investigative Reporting, internal documents at Facebook revealed the company knowingly duped children into making in-game purchases and made refunds almost impossible to obtain. Facebook employees called the practice “friendly fraud” and referred to kids who spent large amounts of money as “whales,” a casino-industry term for super high rollers.

Advocates are concerned that Facebook employed unfair practices by charging children for purchases made without parental consent and often without parental awareness. According to Section 5 of the Federal Trade Commission Act, “unfair” practices are defined as those that “cause or [are] likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition” (15 U.S.C. Sec. 45(n)). Advocates point to court documents to demonstrate substantial injury to consumers, including one teenager who incurred $6,500 of charges in just a few weeks, and request rates for refunds were 20 times higher than the usual rate of refund requests.

“Facebook’s scamming of children is not only unethical and reprehensible – it’s likely a violation of consumer protection laws,” said Josh Golin, Executive Director of Campaign for Commercial-Free Childhood. “Time and time again, we see that Facebook plays by its own rules regardless of the cost to children, families and society. We urge the FTC to hold Facebook accountable.”

Additionally, the complaint asks the FTC to investigate whether Facebook violated COPPA. Unsealed documents show that Facebook was aware that many of the games it offered were popular with children under age 13 and were in fact being played by children under 13. COPPA makes it unlawful for an “operator of a Web site or online service directed to children, or any operator that has actual knowledge that it is collecting or maintaining personal information from a child, to collect personal information from a child” unless it has obtained verifiable parental consent and provided appropriate disclosures.

Advocates are calling for the Commission to recognize the particular vulnerability of young people and investigate whether Facebook is complying with Section 5 and COPPA.

Groups signing on to the complaint include Common Sense Media, Center for Digital Democracy, Campaign for a Commercial-Free Childhood, Consumer Action, Electronic Privacy Information Center, Consumer Federation of America, Children and Screens, Badass Teachers Association, Inc., Media Education Foundation, New Dream, Parents Television Council, Peace Educators Allied for Children Everywhere (P.E.A.C.E.), Parent Coalition for Student Privacy, Public Citizen, Story of Stuff, TRUCE, and Defending the Early Years.

The full complaint can be read here.

It’s time to hold Facebook accountable

From the Campaign for a Commercial-Free Childhood -CCFC educates the public about commercialism’s impact on kids’ well being and advocates for the end of child-targeted marketing.

Quote

In January, it was revealed that Facebook knowingly defrauded children and their families out of millions of dollars by intentionally misleading children into making in-app purchases. The company referred to children who unintentionally spent thousands of dollars as “whales,” a casino industry term for high-rollers, and refused to refund unauthorized purchases. Not only did the company not refund these unauthorized charges, they encouraged them.

As we wrote at the time, these policies and attitudes toward kids show that Facebook is unfit to make products for children. Now, we’re joining our allies at Common Sense Media, Center for Digital Democracy, and 14 other organizations, asking the FTC to investigate these clearly fraudulent and deceptive practices. Facebook has proven again and again that it will stop at nothing to increase profits, even at the expense of children.

Read our press release here, and the full text of our FTC complaint here.

Zuck’s asleep at the wheel (or ZZZZing in his wallet) – This time Brexit

Note to Zuckerberg, if you cannot identify and add accountability to your advertisers, then just no! You are the real zucker here.

Britain’s Future has spent £340,000 promoting hard exit – but no one knows who’s funding it

The single biggest known British political advertiser on Facebook is a mysterious pro-Brexit campaign group pushing for a no-deal exit from the EU. The revelation about Britain’s Future, which has never disclosed the source of its funding or organisational structure, has raised concerns about the influence of “dark money” in British politics.

Hmmmm…smells like a wind blowing from the east.

The little-known campaign group has spent more than £340,000 on Facebook adverts backing a hard Brexit since the social network began publishing lists of political advertisers last October, making it a bigger spender than every UK political party and the government combined.

However, there is no information available about who is ultimately paying for the adverts, highlighting a key flaw in Facebook’s new political transparency tools.

The sophisticated campaign includes thousands of individual pro-Brexit adverts, targeted at voters in the constituencies of selected MPs. The adverts urge voters to email their local representative and create the impression of a grassroots uprising for a no-deal Brexit. The MPs then receive emails, signed by a “concerned constituent”, demanding a hard Brexit. The emails do not mention the involvement of an organised campaign group.

Britain’s Future’s public presence contains links to just two individuals: an ex-BBC Three sitcom writer turned journalist, and, indirectly, a former BNP candidate who lives on a farm called Rorke’s Drift in the Yorkshire dales.

The site’s public face is Tim Dawson, who created the sitcom Coming of Age while still in his teens before going on to contribute to Two Pints of Lager and a Packet of Crisps. In recent years he has stood for election to Manchester city council as a Conservative candidate before last year taking control of Britain’s Future.

However, there is no information available about who is ultimately paying for the adverts, highlighting a key flaw in Facebook’s new political transparency tools.

..

Under Facebook’s transparency rules, a representative of Britain’s Future would have been required to provide a valid UK postal address before placing political adverts, but this information was not made public. There are no checks on the ultimate source of any funds.

Facebook said it was only thanks to its new political ad transparency tools, introduced after the EU referendum and soon to be rolled out across the UK, that it was possible to see the extent of political advertising placed by Britain’s Future. There is no equivalent database for Google, Twitter or other online advertisers.

(Good point Facebook, in all fairness, the same rules need to apply accross all social media!)

Dawson’s pro-Brexit campaign group has spent more than a third of a million pounds on targeted Facebook and Instagram adverts in just a few months, including more than £50,000 last week alone, urging voters to email their local MP and tell them to get Britain out of the EU. An further unknown sum has also been spent buying up adverts alongside Google search results related to Brexit, suggesting that the total amount spent by his organisation on online campaigning could be much higher.

Throughout all this, Dawson, who these days makes a living from writing occasional pieces for the Daily Telegraph and the Spiked website, has declined to comment on the source of his funds, other than to tell the BBC that he was “raising small donations from friends and fellow Brexiteers”. There was no answer at his flat in Manchester and he has repeatedly declined to answer questions on how he has access to levels of funding that dwarf many high-profile campaigns.

According to its Facebook page, there are at least five individuals involved in the administration of Britain’s Future, although there are few clues as to who they are. Its “About Us” page contains a map centred on a remote building in the Yorkshire Dales north of Harrogate. This is Rorke’s Drift farm, named after the 1879 battle in South Africa where a small group of British soldiers made a successful last stand against thousands of Zulu warriors, an incident later depicted in the Michael Caine film Zulu.

The farm is home to Colin Banner, a former British National Party candidate. When contacted by the Guardian, he insisted that he had no knowledge of Dawson, was not aware of Britain’s Future, and was not involved in placing the adverts.

In a rare statement, Dawson declined to answer questions on funding or who was behind Britain’s Future. He said it was pure coincidence that his website was pointing to the remote home of a one-time BNP candidate and thanked the Guardian for bringing it to his attention.

“Britain’s Future has never associated with, nor would it ever associate with Colin Banner, or any BNP member. I have never met with, spoken to, or associated with Colin Banner, or any BNP member, nor would I want to. To state otherwise would be untrue.

“Designing the website required selecting a point on the map of the UK. The coordinates were randomly selected so the map of the UK would display centrally on the webpage. It was solely a design decision.

“The purpose of Britain’s Future is to represent the views of 17.4 million people who voted to leave the European Union – regardless of background. This is about delivering on the result of the referendum.”

No law is being broken by Britain’s Future’s campaigning. Outside of an election period, it is legal for any individual or campaign group to pay to promote political material without declaring where the funds come from. Britain’s Future is not a political party and does not appear to have any intention of putting forward candidates in elections, so is not regulated by laws requiring large political donations to be publicly declared.

Even the anti-Brexit People’s Vote campaign for a second referendum, backed with financing from the billionaire George Soros, has spent less on Facebook than Britain’s Future. Its website is essentially a personal blog on arguments for Brexit, with a discreet PayPal button soliciting donations.

Under Facebook’s transparency rules, a representative of Britain’s Future would have been required to provide a valid UK postal address before placing political adverts, but this information was not made public. There are no checks on the ultimate source of any funds.

Facebook said it was only thanks to its new political ad transparency tools, introduced after the EU referendum and soon to be rolled out across the UK, that it was possible to see the extent of political advertising placed by Britain’s Future. There is no equivalent database for Google, Twitter or other online advertisers.

Dawson previously stood as the Conservative council candidate in Manchester’s Hulme ward last year and finished a distant sixth. He gave an interview to Country Squire Magazine, explaining that he had recently embraced politics after becoming exasperated with the leftwing bias of the BBC: “There are lots and lots of Conservatives in this country and they deserve to be represented in our cultural landscape.”

Last month, a report from the Department for Digital, Culture, Media and Sport warned that electoral law was out of date and vulnerable to manipulation by hostile forces, and that the need to update it was urgent.

Mark Zuckerberg Says He’ll Shift Focus to Private Sharing

Bullshit!

Facebook’s business model is selling ads and massive sharing of data to profile user. When I go to Acuwaether, for one example, guess who they link to, you guessed it Facebook. Don’t believe this low life lying excuse for a person, ie. Zuckerberg. Just say no to Facebook, cure your addiction, and get on with your life.

Quote

SAN FRANCISCO — Social networking has long been predicated on people sharing their status updates, photos and messages with the world. Now Mark Zuckerberg, chief executive of Facebook, plans to start shifting people toward private conversations and away from public broadcasting.

Mr. Zuckerberg, who runs Facebook, Instagram, WhatsApp and Messenger, on Wednesday expressed his intentions to change the essential nature of social media. Instead of encouraging public posts, he said he would focus on private and encrypted communications, in which users message mostly smaller groups of people they know. Unlike publicly shared posts that are kept as users’ permanent records, the communications could also be deleted after a certain period of time.

He said Facebook would achieve the shift partly by integrating Instagram, WhatsApp and Messenger so that users worldwide could easily message one another across the networks. In effect, he said, Facebook would change from being a digital town square to creating a type of “digital living room,” where people could expect their discussions to be intimate, ephemeral and secure from outsiders.

“We’re building a foundation for social communication aligned with the direction people increasingly care about: messaging each other privately,” Mr. Zuckerberg said in an interview on Wednesday. In a blog post, he added that as he thought about the future of the internet, “I believe a privacy-focused communications platform will become even more important than today’s open platforms.”

Facebook’s plan — in which the company is playing catch-up to how people are already communicating digitally — raises new questions, not the least of which is whether it can realistically pull off a privacy-focused platform. The Silicon Valley giant, valued at $490 billion, depends on people openly sharing posts to be able to target advertising to them. While the company will not eradicate public sharing, a proliferation of private and secure communications could potentially hurt its business model.

Facebook also faces concerns about what the change means for people’s data and whether it was being anti-competitive by knitting together WhatsApp, Instagram and Messenger, which historically have been separate and operated autonomously.

Mr. Zuckerberg was vague on many details of the shift, including how long it would take to enact and whether that meant Instagram, WhatsApp and Messenger would share user information and other contact details with one another. He did not address how private, encrypted communications would affect Facebook’s bottom line.

But Mr. Zuckerberg did acknowledge the skepticism that Facebook would be able to change. “Frankly we don’t currently have a strong reputation for building privacy protective services, and we’ve historically focused on tools for more open sharing,” he wrote in his blog post. “But we’ve repeatedly shown that we can evolve to build the services that people really want, including in private messaging and stories.”

Facebook’s move is set to redefine how people use social media and how they will connect with one another. That has societal, political and national security implications given the grip that the company’s services have on more than 2.7 billion users around the world. In some countries, Facebook and its other apps are often considered as being the internet.
Editors’ Picks
Her Husband Did the Unthinkable. This Is a Play About Everything After.
She Helped Deliver Hundreds of Babies. Then She Was Arrested.
Bigger, Saltier, Heavier: Fast Food Since 1986 in 3 Simple Charts

Mr. Zuckerberg’s decision follows years of scandal for the social network, much of it originating from public sharing of posts. Foreign agents from countries like Russia have used Facebook to publish disinformation, in an attempt to sway elections. Some communities have used Facebook Groups to strengthen ideologies around issues such as anti-vaccination. And firms have harvested the material that people openly shared for all manner of purposes, including targeting advertising and creating voter profiles.

Even WhatsApp, which has long been encrypted, has grappled with the distribution of misinformation through its service, sometimes with deadly consequences.

All of that has put Facebook in the spotlight, which in turn has badly damaged the company’s reputation and created mistrust with users. Regulators have intensified scrutiny of Facebook’s privacy practices, with the Federal Trade Commission considering a multibillion-dollar fine against the company for violating a 2011 privacy consent decree. Last week, the agency said it would create a task force to monitor big tech companies and potential anti-competitive conduct.

Mr. Zuckerberg has repeatedly tried to rid Facebook of toxic content, disinformation and other problems. At one point, he emphasized prioritizing what friends and family shared on Facebook and de-emphasizing content from publishers and brands. He has also said that the company will hire more people to comb through and remove abusive or dangerous posts, and that it is working on artificial intelligence tools to do that job.

But none of those moves addressed the issue of public sharing. And in many ways, consumers were already moving en masse toward more private methods of digital communications.

Snap, the maker of the Snapchat app, has built a young, loyal audience by allowing people to share messages and stories for a finite period of time, for example. Other companies, like the local social networking company Nextdoor, focus on the power of group and community communications. And closed, private messaging services like Signal and Telegram have also become more prominent.

Evan Spiegel, chief executive of Snap, hinted at the problems that Facebook’s News Feed had created last week at a New York Times conference. Because of the way social networks had been constructed for people to publicly share content, he said, “things that are negative actually spread faster and further than things that are positive.” He later added, “You know, I certainly think there’s a lot of opportunity to sort of course-correct here.”
Interested in All Things Tech?

The Bits newsletter will keep you updated on the latest from Silicon Valley and the technology industry.

In many ways, Mr. Zuckerberg is now emulating a strategy popularized by Tencent, the Chinese internet company that makes the messaging app WeChat. WeChat has become the de facto portal to the rest of the internet for Chinese citizens because through the app, users can perform a multitude of tasks, like pay for items, communicate with friends and order takeout.

“Facebook is focused on mobile and messaging as the key conduit for people to communicate online, and thereby to communicate with Facebook,” said Ashkan Soltani, an independent privacy and security researcher who was a former chief technologist at the F.T.C. “The chat app essentially becomes your browser.”

Mr. Zuckerberg said that even though he would focus on private and secure conversations, the public forums for communication popularized by Facebook would continue. In addition, WhatsApp, Instagram and Messenger will remain stand-alone apps, even as their underlying messaging infrastructures are woven together, The Times previously reported. The work, which will include adding end-to-end encryption across all the apps, is in the early stages.

Mr. Zuckerberg said this overall shift would ultimately create new opportunities for Facebook.

“We’re thinking about private messaging in a way that we can build the tools to make that better,” he said in the interview. “There’s all kinds of different commerce opportunities, especially in developing countries. There’s more private tools to be built around peoples’ location. There’s just a whole set of broader utilities we can build that fit this more intimate mode of sharing.”

Public Enemy #1: Facebook

What a disgusting despicable bunch of excuses for human beings: Zuckerberg, Sandberg and their ilk. They rape you of your privacy and hire lowly lobbyists to corrupt politicians to protect their business model. What scum of the earth.

If you work for Facebook, I would think about looking for a new job. Their days are (hopefully) numbered.

Quote

Revealed: Facebook’s global lobbying against data privacy laws

Facebook has targeted politicians around the world – including the former UK chancellor, George Osborne – promising investments and incentives while seeking to pressure them into lobbying on Facebook’s behalf against data privacy legislation, an explosive new leak of internal Facebook documents has revealed.

The documents, which have been seen by the Observer and Computer Weekly, reveal a secretive global lobbying operation targeting hundreds of legislators and regulators in an attempt to procure influence across the world, including in the UK, US, Canada, India, Vietnam, Argentina, Brazil, Malaysia and all 28 states of the EU. The documents include details of how Facebook:

• Lobbied politicians across Europe in a strategic operation to head off “overly restrictive” GDPR legislation. They include extraordinary claims that the Irish prime minister said his country could exercise significant influence as president of the EU, promoting Facebook’s interests even though technically it was supposed to remain neutral.

• Used chief operating officer Sheryl Sandberg’s feminist memoir Lean In to “bond” with female European commissioners it viewed as hostile.

• Threatened to withhold investment from countries unless they supported or passed Facebook-friendly laws.

He noted it was “not a secret” that he had helped launch Sandberg’s book at 11 Downing Street and added: “The book’s message about female empowerment was widely praised, not least in the Guardian and the Observer.”

In fact, the memo reveals that Sandberg’s feminist memoir was perceived as a lobbying tool by the Facebook team and a means of winning support from female legislators for Facebook’s wider agend

The documents appear to emanate from a court case against Facebook by the app developer Six4Three in California, and reveal that Sandberg considered European data protection legislation a “critical” threat to the company. A memo written after the Davos economic summit in 2013 quotes Sandberg describing the “uphill battle” the company faced in Europe on the “data and privacy front” and its “critical” efforts to head off “overly prescriptive new laws”.

Most revealingly, it includes details of the company’s “great relationship” with Enda Kenny, the Irish prime minister at the time, one of a number of people it describes as “friends of Facebook”. Ireland plays a key role in regulating technology companies in Europe because its data protection commissioner acts for all 28 member states. The memo has inflamed data protection advocates, who have long complained about the company’s “cosy” relationship with the Irish government.

The memo notes Kenny’s “appreciation” for Facebook’s decision to locate its headquarters in Dublin and points out that the new proposed data protection legislation was a “threat to jobs, innovation and economic growth in Europe”. It then goes on to say that Ireland is poised to take on the presidency of the EU and therefore has the “opportunity to influence the European Data Directive decisions”. It makes the extraordinary claim that Kenny offered to use the “significant influence” of the EU presidency as a means of influencing other EU member states “even though technically Ireland is supposed to remain neutral in this role”.

It goes on: “The prime minister committed to using their EU presidency to achieve a positive outcome on the directive.” Kenny, who resigned from office in 2017, did not respond to the Observer’s request for comment.

John Naughton, a Cambridge academic and Observer writer who studies the democratic implications of digital technology, said the leak was “explosive” in the way it revealed the “vassalage” of the Irish state to the big tech companies. Ireland had welcomed the companies, he noted, but became “caught between a rock and a hard place”. “Its leading politicians apparently saw themselves as covert lobbyists for a data monster.”

A spokesperson for Facebook said the documents were still under seal in a Californian court and it could not respond to them in any detail: “Like the other documents that were cherrypicked and released in violation of a court order last year, these by design tell one side of a story and omit important context.”

The 2013 memo, written by Marne Levine, who is now a Facebook senior executive, was cc-ed to Elliot Schrage, Facebook’s then head of policy and global communications, the role now occupied by Nick Clegg. As well as Kenny, dozens of other politicians, US senators and European commissioners are mentioned by name, including then Indian president Pranab Mukherjee, Michel Barnier, now the EU’s Brexit negotiator, and Osborne.

The then chancellor used the meeting with Sandberg to ask Facebook to invest in the government’s Tech City venture, the memo claims, and Sandberg said she would “review” any proposal. In exchange, she asked him to become “even more active and vocal in the European Data Directive debate and really help shape the proposals”. The memo claims Osborne asked for a detailed briefing and said he would “figure out how to get more involved”. He offered to host a launch for Sandberg’s book in Downing Street, an event that went ahead in spring 2013.

Osborne told the Observer: “I don’t think it’s a surprise that the UK chancellor would meet the chief operating officer of one of the world’s largest companies … Facebook and other US tech firms, in private, as in public, raised concerns about the proposed European Data Directive. To your specific inquiry, I didn’t follow up on those concerns, or lobby the EU, because I didn’t agree with them.”

He noted it was “not a secret” that he had helped launch Sandberg’s book at 11 Downing Street and added: “The book’s message about female empowerment was widely praised, not least in the Guardian and the Observer.”

In fact, the memo reveals that Sandberg’s feminist memoir was perceived as a lobbying tool by the Facebook team and a means of winning support from female legislators for Facebook’s wider agenda.

In a particularly revealing account of a meeting with Viviane Reding, the influential European commissioner for justice, fundamental rights and citizenship, the memo notes her key role as “the architect of the European Data Directive” and describes the company’s “difficult” relationship with her owing to her being, it claims, “not a fan” of American companies.

“She attended Sheryl’s Lean In dinner and we met with her right afterwards,” the memo says, but notes that she felt it was a “very ‘American’ discussion”, a comment the team regarded as a setback since “getting more women into C-level jobs and on boards was supposed to be how they bonded, and it backfired a bit”.

The Davos meetings are just the tip of the iceberg in terms of Facebook’s global efforts to win influence. The documents reveals how in Canada and Malaysia it used the promise of siting a new data centre with the prospect of job creation to win legislative guarantees. When the Canadians hesitated over granting the concession Facebook wanted, the memo notes: “Sheryl took a firm approach and outlined that a decision on the data center was imminent. She emphasized that if we could not get comfort from the Canadian government on the jurisdiction issue, we had other options.” The minister supplied the agreement Facebook required by the end of the day, it notes.

Apps Give Private Data To Facebook Without User’s Knowledge or Permission

Why does this surprise anyone? And it is not just data going to Facebook. Most of the apps we see on Android have such wide open permissions and no or awful privacy policies, that it astounds me anyone would use them. Why does a “torch” (flashlight) app need to be able read my contacts or have full internet access? That is just one example. Running a PC with out a strict application firewall these days is plainly crazy. But how many users run application firewalls on their mobile devices? They should.

Facebook needs to wound down. The best way to do that is to simply boycott any and all of their properties. Just say no to Facebook and all their properties like Messenger, Whatsapp, Instagram, Masquerade (MSQRD), Moves App, …

Well back to the news

Quote

NPR’s Mary Louise speaks with The Wall Street Journal’s Sam Schechner about how several apps they tested sent sensitive personal data to Facebook without users’ permission or knowledge.

MARY LOUISE KELLY, HOST:

Let’s dig deeper now into how some of these apps are sharing users’ data without their knowledge. Laura mentioned The Wall Street Journal just there. It recently published another story headlined “You Give Apps Sensitive Personal Information. Then They Tell Facebook.” Sam Schechner is one of the reporters on the story, and I asked him what sensitive personal information we’re talking about here.

Facebook says that they offer services to the developers that send it. They offer analytic services so you can see how users are interacting with that app. And they allow the app developer to then target users of the app on Facebook properties with ads. It’s worth noting, however, that Facebook’s terms of service give it wide latitude to use that information for other purposes, such as targeting ads more generally, for personalizing their service, including the news feed, and for research and development.

SAM SCHECHNER: Well, it could be your weight, if you’re having your period, your height, your blood pressure. We saw all of that kind of information being transferred from apps directly to Facebook servers in testing that we ran over the last few months.

KELLY: Yeah, you give an example of an app that allows women to track when they’re getting their period and ovulation. They enter that in, and then it immediately gets fed straight over to Facebook.

SCHECHNER: Yeah. What we saw – and this was actually part of what set off the investigation. While we were doing the testing, I was entering information to the app, and I saw that it was immediately sending a notification that I had altered the dates of my period to Facebook.

KELLY: Your virtual period. I assume – (laughter) I’ll make a wild leap and assume here.

SCHECHNER: Sending the dates of my virtual period. I was using the app even though I don’t get one. And in addition, it would send a notification to Facebook when you entered pregnancy mode. The app would show kind of confetti on the screen. But behind the scenes, the app was informing Facebook that it was now in pregnancy status.

KELLY: Here’s the sentence from your article that stopped me cold. I’m just going to read it. (Reading) The social media giant collects intensely personal information from many popular smartphone apps just seconds after users enter it even if the user has no connection to Facebook. Really? I mean, even if I don’t have a Facebook account, this is happening.

SCHECHNER: Yes, that is correct. And the reason is ’cause apps build in software from Facebook in order to do all kinds of things, including to track their users’ behavior. And that software sends the data back to Facebook regardless of whether or not you’re a user. In fact, the app doesn’t have any way of knowing whether you’re a user when it sends the data.

KELLY: And what does Facebook say they are doing with this data?

SCHECHNER: Facebook says that they offer services to the developers that send it. They offer analytic services so you can see how users are interacting with that app. And they allow the app developer to then target users of the app on Facebook properties with ads. It’s worth noting, however, that Facebook’s terms of service give it wide latitude to use that information for other purposes, such as targeting ads more generally, for personalizing their service, including the news feed, and for research and development.

KELLY: Does it appear based on your reporting that regulators are sitting up and paying attention?

SCHECHNER: Well, already New York Governor Andrew Cuomo has directed state agencies to look into the matter. And already since our report, at least five of the apps that we highlighted have stopped sending the information that we highlighted to Facebook. And Facebook has sent out letters to those apps and other major app developers telling them to stop sending any health-related information or other potentially sensitive information.

KELLY: Did you find yourself changing settings or deleting apps as you reported this out?

SCHECHNER: I definitely did. I advised my wife to use a different app to track her own cycle, and I certainly made sure that, you know, when I exercise, I’m using apps that didn’t in my testing turn up to be sending this specific data. Of course I am a tech reporter, not a, you know, software engineer, so the likelihood is that I’m still being tracked. And in fact when I go on my phone, I see plenty of ads for exercise apps probably from the fact that I just went running.

KELLY: Wall Street Journal reporter Sam Schechner, thanks so much.

SCHECHNER: Thanks for having me.