Skip to content

Privacy

Facebook’s Data Deals Are Under Criminal Investigation

Throw the book at em, and wind down this house of despicable spies and greedy exploiters of their (arguably gullible) flock

Quote

Federal prosecutors are conducting a criminal investigation into data deals Facebook struck with some of the world’s largest technology companies, intensifying scrutiny of the social media giant’s business practices as it seeks to rebound from a year of scandal and setbacks.

A grand jury in New York has subpoenaed records from at least two prominent makers of smartphones and other devices, according to two people who were familiar with the requests and who insisted on anonymity to discuss confidential legal matters. Both companies had entered into partnerships with Facebook, gaining broad access to the personal information of hundreds of millions of its users.

The companies were among more than 150, including Amazon, Apple, Microsoft and Sony, that had cut sharing deals with the world’s dominant social media platform. The agreements, previously reported in The New York Times, let the companies see users’ friends, contact information and other data, sometimes without consent. Facebook has phased out most of the partnerships over the past two years.

A grand jury in New York has subpoenaed records from at least two prominent makers of smartphones and other devices, according to two people who were familiar with the requests and who insisted on anonymity to discuss confidential legal matters. Both companies had entered into partnerships with Facebook, gaining broad access to the personal information of hundreds of millions of its users.


Yep, no surprise here. The invasion of privacy extends much further including the oligopolist, and in many cases, outright monopolies in the mobile phone carriers, ISPs and beyond. When will the U.S. get serious about anti-trust enforcement in the tech industry?

“We are cooperating with investigators and take those probes seriously,” a Facebook spokesman said in a statement. “We’ve provided public testimony, answered questions and pledged that we will continue to do so.”

[Read Brian Chen’s story on what he found when he downloaded his Facebook data.]

It is not clear when the grand jury inquiry, overseen by prosecutors with the United States attorney’s office for the Eastern District of New York, began or exactly what it is focusing on. Facebook was already facing scrutiny by the Federal Trade Commission and the Securities and Exchange Commission. And the Justice Department’s securities fraud unit began investigating it after reports that Cambridge Analytica, a political consulting firm, had improperly obtained the Facebook data of 87 million people and used it to build tools that helped President Trump’s election campaign.

The Justice Department and the Eastern District declined to comment for this article.

The Cambridge investigation, still active, is being run by prosecutors from the Northern District of California. One former Cambridge employee said investigators questioned him as recently as late February. He and three other witnesses in the case, speaking on the condition of anonymity so they would not anger prosecutors, said a significant line of inquiry involved Facebook’s claims that it was misled by Cambridge.

In public statements, Facebook executives had said that Cambridge told the company it was gathering data only for academic purposes. But the fine print accompanying a quiz app that collected the information said it could also be used commercially. Selling user data would have violated Facebook’s rules at the time, yet the social network does not appear to have regularly checked that apps were complying. Facebook deleted the quiz app in December 2015.

The disclosures about Cambridge last year thrust Facebook into the worst crisis of its history. Then came news reports last June and December that Facebook had given business partners — including makers of smartphones, tablets and other devices — deep access to users’ personal information, letting some companies effectively override users’ privacy settings.

The sharing deals empowered Microsoft’s Bing search engine to map out the friends of virtually all Facebook users without their explicit consent, and allowed Amazon to obtain users’ names and contact information through their friends. Apple was able to hide from Facebook users all indicators that its devices were even asking for data.

Privacy advocates said the partnerships seemed to violate a 2011 consent agreement between Facebook and the F.T.C., stemming from allegations that the company had shared data in ways that deceived consumers. The deals also appeared to contradict statements by Mark Zuckerberg and other executives that Facebook had clamped down several years ago on sharing the data of users’ friends with outside developers.

F.T.C. officials, who spent the past year investigating whether Facebook violated the 2011 agreement, are now weighing the sharing deals as they negotiate a possible multibillion-dollar fine. That would be the largest such penalty ever imposed by the trade regulator.

Facebook has aggressively defended the partnerships, saying they were permitted under a provision in the F.T.C. agreement that covered service providers — companies that acted as extensions of the social network.

The company has taken steps in the past year to tackle data misuse and misinformation. Last week, Mr. Zuckerberg unveiled a plan that would begin to pivot Facebook away from being a platform for public sharing and put more emphasis on private communications.

No guns or lockpicks needed to nick modern cars if they’re fitted with hackable ‘smart’ alarms

Vulnerable kit can immobilise motors and even unlock doors

Quote

Researchers have discovered that “smart” alarms can allow thieves to remotely kill your engine at speed, unlock car doors and even tamper with cruise control speed.

British infosec biz Pen Test Partners found that the Viper Smart Start alarm and products from vendor Pandora were riddled with flaws, allowing an attacker to steal a car fitted with one of the affected devices.

“Before we contacted them, the manufacturers had inadvertently exposed around 3 million cars to theft and their users to hijack,” said PTP in a blog post about their findings. The firm was inspired to start looking at Pandora’s alarms after noticing that the company boasted their security was “unhackable”.

Thanks to an unauthenticated corner of the service’s API and a simple parameter manipulation (an indirect object request, IDOR), PTP said they were able to change a Viper Smart Start user account’s password and registered email address, giving them full control over the app and the car that the alarm system was installed on.

All they had to do was send a POST request to the API with the parameter “email” redefined to one of their choice in order to overwrite the legitimate owner’s email address, thus gaining access and control over the account.

PTP said that in a live proof-of-concept demo they were able to geolocate a target car using the Viper Smart Start account’s inbuilt functionality, set off the alarm (causing the driver to stop and investigate), activated the car’s immobiliser once it was stationary and then remotely unlocked the car’s doors, using the app’s ability to clone the key fob and issue RF commands from a user’s mobile phone.

Even worse, after further API digging, PTP researchers discovered a function in the Viper API that remotely turned off the car’s engine. The Pandora API also allowed researchers to remotely enable the car’s microphone, allowing nefarious people to eavesdrop on the occupants.

They also said: “Mazda 6, Range Rover Sport, Kia Quoris, Toyota Fortuner, Mitsubishi Pajero, Toyota Prius 50 and RAV4 – these all appear to have undocumented functionality present in the alarm API to remotely adjust cruise control speed!”

Both Pandora and Viper had fixed the offending IDORs before PTP went public. The infosec firm noted that modern alarm systems tend to have direct access to the CANbus, the heart of a modern electronic vehicle.

A year ago infosec researchers wailed that car security in general is poor, while others discovered that electronic control units (ECUs), small modular computers used for controlling specific vehicle routines that were done mechanically years ago, were vulnerable to certain types of hack even with the engine off and the car stationary.

Over a Dozen Children’s and Consumer Advocacy Organizations Request Federal Trade Commission to Investigate Facebook for Deceptive Practices

It is not just me Tilting at Windmills as some have suggested. The Facebook and related social media threats are real – especially to our children.

Contact:
David Monahan, CCFC: david@commercialfreechildhood.org; (617) 896-9397
Lisa Cohen, Common Sense: lcohen@commonsense.org; (310) 395-2544

Over a Dozen Children’s and Consumer Advocacy Organizations Request Federal Trade Commission to Investigate Facebook for Deceptive Practices

SAN FRANCISCO, CA — February 21, 2019 — Earlier today, Common Sense Media, Campaign for a Commercial-Free Childhood, Center for Digital Democracy, and over a dozen organizations called upon the Federal Trade Commission (FTC) to investigate whether Facebook has engaged in unfair or deceptive practices in violation of Section 5 of the Federal Trade Commission Act and the Children’s Online Privacy Protection Act (COPPA).

“Facebook’s practice of ‘friendly fraud’ and referring to kids as ‘whales’ shows an ongoing pattern of the company putting profits over people. Kids, under any circumstances, should not be the target of irresponsible and unethical marketing tactics,” said Jim Steyer, CEO of Common Sense Media. “Facebook has a moral obligation to change its culture toward practices that foster the well-being of kids and families, and the FTC should ensure Facebook is acting responsibly.”

The FTC complaint is in response to unsealed documents from a 2012 class action lawsuit that Facebook settled in 2016. Upon a Freedom of Information Act request filed by the Center for Investigative Reporting, internal documents at Facebook revealed the company knowingly duped children into making in-game purchases and made refunds almost impossible to obtain. Facebook employees called the practice “friendly fraud” and referred to kids who spent large amounts of money as “whales,” a casino-industry term for super high rollers.

Advocates are concerned that Facebook employed unfair practices by charging children for purchases made without parental consent and often without parental awareness. According to Section 5 of the Federal Trade Commission Act, “unfair” practices are defined as those that “cause or [are] likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition” (15 U.S.C. Sec. 45(n)). Advocates point to court documents to demonstrate substantial injury to consumers, including one teenager who incurred $6,500 of charges in just a few weeks, and request rates for refunds were 20 times higher than the usual rate of refund requests.

“Facebook’s scamming of children is not only unethical and reprehensible – it’s likely a violation of consumer protection laws,” said Josh Golin, Executive Director of Campaign for Commercial-Free Childhood. “Time and time again, we see that Facebook plays by its own rules regardless of the cost to children, families and society. We urge the FTC to hold Facebook accountable.”

Additionally, the complaint asks the FTC to investigate whether Facebook violated COPPA. Unsealed documents show that Facebook was aware that many of the games it offered were popular with children under age 13 and were in fact being played by children under 13. COPPA makes it unlawful for an “operator of a Web site or online service directed to children, or any operator that has actual knowledge that it is collecting or maintaining personal information from a child, to collect personal information from a child” unless it has obtained verifiable parental consent and provided appropriate disclosures.

Advocates are calling for the Commission to recognize the particular vulnerability of young people and investigate whether Facebook is complying with Section 5 and COPPA.

Groups signing on to the complaint include Common Sense Media, Center for Digital Democracy, Campaign for a Commercial-Free Childhood, Consumer Action, Electronic Privacy Information Center, Consumer Federation of America, Children and Screens, Badass Teachers Association, Inc., Media Education Foundation, New Dream, Parents Television Council, Peace Educators Allied for Children Everywhere (P.E.A.C.E.), Parent Coalition for Student Privacy, Public Citizen, Story of Stuff, TRUCE, and Defending the Early Years.

The full complaint can be read here.

It’s time to hold Facebook accountable

From the Campaign for a Commercial-Free Childhood -CCFC educates the public about commercialism’s impact on kids’ well being and advocates for the end of child-targeted marketing.

Quote

In January, it was revealed that Facebook knowingly defrauded children and their families out of millions of dollars by intentionally misleading children into making in-app purchases. The company referred to children who unintentionally spent thousands of dollars as “whales,” a casino industry term for high-rollers, and refused to refund unauthorized purchases. Not only did the company not refund these unauthorized charges, they encouraged them.

As we wrote at the time, these policies and attitudes toward kids show that Facebook is unfit to make products for children. Now, we’re joining our allies at Common Sense Media, Center for Digital Democracy, and 14 other organizations, asking the FTC to investigate these clearly fraudulent and deceptive practices. Facebook has proven again and again that it will stop at nothing to increase profits, even at the expense of children.

Read our press release here, and the full text of our FTC complaint here.

Zuck’s asleep at the wheel (or ZZZZing in his wallet) – This time Brexit

Note to Zuckerberg, if you cannot identify and add accountability to your advertisers, then just no! You are the real zucker here.

Britain’s Future has spent £340,000 promoting hard exit – but no one knows who’s funding it

The single biggest known British political advertiser on Facebook is a mysterious pro-Brexit campaign group pushing for a no-deal exit from the EU. The revelation about Britain’s Future, which has never disclosed the source of its funding or organisational structure, has raised concerns about the influence of “dark money” in British politics.

Hmmmm…smells like a wind blowing from the east.

The little-known campaign group has spent more than £340,000 on Facebook adverts backing a hard Brexit since the social network began publishing lists of political advertisers last October, making it a bigger spender than every UK political party and the government combined.

However, there is no information available about who is ultimately paying for the adverts, highlighting a key flaw in Facebook’s new political transparency tools.

The sophisticated campaign includes thousands of individual pro-Brexit adverts, targeted at voters in the constituencies of selected MPs. The adverts urge voters to email their local representative and create the impression of a grassroots uprising for a no-deal Brexit. The MPs then receive emails, signed by a “concerned constituent”, demanding a hard Brexit. The emails do not mention the involvement of an organised campaign group.

Britain’s Future’s public presence contains links to just two individuals: an ex-BBC Three sitcom writer turned journalist, and, indirectly, a former BNP candidate who lives on a farm called Rorke’s Drift in the Yorkshire dales.

The site’s public face is Tim Dawson, who created the sitcom Coming of Age while still in his teens before going on to contribute to Two Pints of Lager and a Packet of Crisps. In recent years he has stood for election to Manchester city council as a Conservative candidate before last year taking control of Britain’s Future.

However, there is no information available about who is ultimately paying for the adverts, highlighting a key flaw in Facebook’s new political transparency tools.

..

Under Facebook’s transparency rules, a representative of Britain’s Future would have been required to provide a valid UK postal address before placing political adverts, but this information was not made public. There are no checks on the ultimate source of any funds.

Facebook said it was only thanks to its new political ad transparency tools, introduced after the EU referendum and soon to be rolled out across the UK, that it was possible to see the extent of political advertising placed by Britain’s Future. There is no equivalent database for Google, Twitter or other online advertisers.

(Good point Facebook, in all fairness, the same rules need to apply accross all social media!)

Dawson’s pro-Brexit campaign group has spent more than a third of a million pounds on targeted Facebook and Instagram adverts in just a few months, including more than £50,000 last week alone, urging voters to email their local MP and tell them to get Britain out of the EU. An further unknown sum has also been spent buying up adverts alongside Google search results related to Brexit, suggesting that the total amount spent by his organisation on online campaigning could be much higher.

Throughout all this, Dawson, who these days makes a living from writing occasional pieces for the Daily Telegraph and the Spiked website, has declined to comment on the source of his funds, other than to tell the BBC that he was “raising small donations from friends and fellow Brexiteers”. There was no answer at his flat in Manchester and he has repeatedly declined to answer questions on how he has access to levels of funding that dwarf many high-profile campaigns.

According to its Facebook page, there are at least five individuals involved in the administration of Britain’s Future, although there are few clues as to who they are. Its “About Us” page contains a map centred on a remote building in the Yorkshire Dales north of Harrogate. This is Rorke’s Drift farm, named after the 1879 battle in South Africa where a small group of British soldiers made a successful last stand against thousands of Zulu warriors, an incident later depicted in the Michael Caine film Zulu.

The farm is home to Colin Banner, a former British National Party candidate. When contacted by the Guardian, he insisted that he had no knowledge of Dawson, was not aware of Britain’s Future, and was not involved in placing the adverts.

In a rare statement, Dawson declined to answer questions on funding or who was behind Britain’s Future. He said it was pure coincidence that his website was pointing to the remote home of a one-time BNP candidate and thanked the Guardian for bringing it to his attention.

“Britain’s Future has never associated with, nor would it ever associate with Colin Banner, or any BNP member. I have never met with, spoken to, or associated with Colin Banner, or any BNP member, nor would I want to. To state otherwise would be untrue.

“Designing the website required selecting a point on the map of the UK. The coordinates were randomly selected so the map of the UK would display centrally on the webpage. It was solely a design decision.

“The purpose of Britain’s Future is to represent the views of 17.4 million people who voted to leave the European Union – regardless of background. This is about delivering on the result of the referendum.”

No law is being broken by Britain’s Future’s campaigning. Outside of an election period, it is legal for any individual or campaign group to pay to promote political material without declaring where the funds come from. Britain’s Future is not a political party and does not appear to have any intention of putting forward candidates in elections, so is not regulated by laws requiring large political donations to be publicly declared.

Even the anti-Brexit People’s Vote campaign for a second referendum, backed with financing from the billionaire George Soros, has spent less on Facebook than Britain’s Future. Its website is essentially a personal blog on arguments for Brexit, with a discreet PayPal button soliciting donations.

Under Facebook’s transparency rules, a representative of Britain’s Future would have been required to provide a valid UK postal address before placing political adverts, but this information was not made public. There are no checks on the ultimate source of any funds.

Facebook said it was only thanks to its new political ad transparency tools, introduced after the EU referendum and soon to be rolled out across the UK, that it was possible to see the extent of political advertising placed by Britain’s Future. There is no equivalent database for Google, Twitter or other online advertisers.

Dawson previously stood as the Conservative council candidate in Manchester’s Hulme ward last year and finished a distant sixth. He gave an interview to Country Squire Magazine, explaining that he had recently embraced politics after becoming exasperated with the leftwing bias of the BBC: “There are lots and lots of Conservatives in this country and they deserve to be represented in our cultural landscape.”

Last month, a report from the Department for Digital, Culture, Media and Sport warned that electoral law was out of date and vulnerable to manipulation by hostile forces, and that the need to update it was urgent.

Mark Zuckerberg Says He’ll Shift Focus to Private Sharing

Bullshit!

Facebook’s business model is selling ads and massive sharing of data to profile user. When I go to Acuwaether, for one example, guess who they link to, you guessed it Facebook. Don’t believe this low life lying excuse for a person, ie. Zuckerberg. Just say no to Facebook, cure your addiction, and get on with your life.

Quote

SAN FRANCISCO — Social networking has long been predicated on people sharing their status updates, photos and messages with the world. Now Mark Zuckerberg, chief executive of Facebook, plans to start shifting people toward private conversations and away from public broadcasting.

Mr. Zuckerberg, who runs Facebook, Instagram, WhatsApp and Messenger, on Wednesday expressed his intentions to change the essential nature of social media. Instead of encouraging public posts, he said he would focus on private and encrypted communications, in which users message mostly smaller groups of people they know. Unlike publicly shared posts that are kept as users’ permanent records, the communications could also be deleted after a certain period of time.

He said Facebook would achieve the shift partly by integrating Instagram, WhatsApp and Messenger so that users worldwide could easily message one another across the networks. In effect, he said, Facebook would change from being a digital town square to creating a type of “digital living room,” where people could expect their discussions to be intimate, ephemeral and secure from outsiders.

“We’re building a foundation for social communication aligned with the direction people increasingly care about: messaging each other privately,” Mr. Zuckerberg said in an interview on Wednesday. In a blog post, he added that as he thought about the future of the internet, “I believe a privacy-focused communications platform will become even more important than today’s open platforms.”

Facebook’s plan — in which the company is playing catch-up to how people are already communicating digitally — raises new questions, not the least of which is whether it can realistically pull off a privacy-focused platform. The Silicon Valley giant, valued at $490 billion, depends on people openly sharing posts to be able to target advertising to them. While the company will not eradicate public sharing, a proliferation of private and secure communications could potentially hurt its business model.

Facebook also faces concerns about what the change means for people’s data and whether it was being anti-competitive by knitting together WhatsApp, Instagram and Messenger, which historically have been separate and operated autonomously.

Mr. Zuckerberg was vague on many details of the shift, including how long it would take to enact and whether that meant Instagram, WhatsApp and Messenger would share user information and other contact details with one another. He did not address how private, encrypted communications would affect Facebook’s bottom line.

But Mr. Zuckerberg did acknowledge the skepticism that Facebook would be able to change. “Frankly we don’t currently have a strong reputation for building privacy protective services, and we’ve historically focused on tools for more open sharing,” he wrote in his blog post. “But we’ve repeatedly shown that we can evolve to build the services that people really want, including in private messaging and stories.”

Facebook’s move is set to redefine how people use social media and how they will connect with one another. That has societal, political and national security implications given the grip that the company’s services have on more than 2.7 billion users around the world. In some countries, Facebook and its other apps are often considered as being the internet.
Editors’ Picks
Her Husband Did the Unthinkable. This Is a Play About Everything After.
She Helped Deliver Hundreds of Babies. Then She Was Arrested.
Bigger, Saltier, Heavier: Fast Food Since 1986 in 3 Simple Charts

Mr. Zuckerberg’s decision follows years of scandal for the social network, much of it originating from public sharing of posts. Foreign agents from countries like Russia have used Facebook to publish disinformation, in an attempt to sway elections. Some communities have used Facebook Groups to strengthen ideologies around issues such as anti-vaccination. And firms have harvested the material that people openly shared for all manner of purposes, including targeting advertising and creating voter profiles.

Even WhatsApp, which has long been encrypted, has grappled with the distribution of misinformation through its service, sometimes with deadly consequences.

All of that has put Facebook in the spotlight, which in turn has badly damaged the company’s reputation and created mistrust with users. Regulators have intensified scrutiny of Facebook’s privacy practices, with the Federal Trade Commission considering a multibillion-dollar fine against the company for violating a 2011 privacy consent decree. Last week, the agency said it would create a task force to monitor big tech companies and potential anti-competitive conduct.

Mr. Zuckerberg has repeatedly tried to rid Facebook of toxic content, disinformation and other problems. At one point, he emphasized prioritizing what friends and family shared on Facebook and de-emphasizing content from publishers and brands. He has also said that the company will hire more people to comb through and remove abusive or dangerous posts, and that it is working on artificial intelligence tools to do that job.

But none of those moves addressed the issue of public sharing. And in many ways, consumers were already moving en masse toward more private methods of digital communications.

Snap, the maker of the Snapchat app, has built a young, loyal audience by allowing people to share messages and stories for a finite period of time, for example. Other companies, like the local social networking company Nextdoor, focus on the power of group and community communications. And closed, private messaging services like Signal and Telegram have also become more prominent.

Evan Spiegel, chief executive of Snap, hinted at the problems that Facebook’s News Feed had created last week at a New York Times conference. Because of the way social networks had been constructed for people to publicly share content, he said, “things that are negative actually spread faster and further than things that are positive.” He later added, “You know, I certainly think there’s a lot of opportunity to sort of course-correct here.”
Interested in All Things Tech?

The Bits newsletter will keep you updated on the latest from Silicon Valley and the technology industry.

In many ways, Mr. Zuckerberg is now emulating a strategy popularized by Tencent, the Chinese internet company that makes the messaging app WeChat. WeChat has become the de facto portal to the rest of the internet for Chinese citizens because through the app, users can perform a multitude of tasks, like pay for items, communicate with friends and order takeout.

“Facebook is focused on mobile and messaging as the key conduit for people to communicate online, and thereby to communicate with Facebook,” said Ashkan Soltani, an independent privacy and security researcher who was a former chief technologist at the F.T.C. “The chat app essentially becomes your browser.”

Mr. Zuckerberg said that even though he would focus on private and secure conversations, the public forums for communication popularized by Facebook would continue. In addition, WhatsApp, Instagram and Messenger will remain stand-alone apps, even as their underlying messaging infrastructures are woven together, The Times previously reported. The work, which will include adding end-to-end encryption across all the apps, is in the early stages.

Mr. Zuckerberg said this overall shift would ultimately create new opportunities for Facebook.

“We’re thinking about private messaging in a way that we can build the tools to make that better,” he said in the interview. “There’s all kinds of different commerce opportunities, especially in developing countries. There’s more private tools to be built around peoples’ location. There’s just a whole set of broader utilities we can build that fit this more intimate mode of sharing.”

Public Enemy #1: Facebook

What a disgusting despicable bunch of excuses for human beings: Zuckerberg, Sandberg and their ilk. They rape you of your privacy and hire lowly lobbyists to corrupt politicians to protect their business model. What scum of the earth.

If you work for Facebook, I would think about looking for a new job. Their days are (hopefully) numbered.

Quote

Revealed: Facebook’s global lobbying against data privacy laws

Facebook has targeted politicians around the world – including the former UK chancellor, George Osborne – promising investments and incentives while seeking to pressure them into lobbying on Facebook’s behalf against data privacy legislation, an explosive new leak of internal Facebook documents has revealed.

The documents, which have been seen by the Observer and Computer Weekly, reveal a secretive global lobbying operation targeting hundreds of legislators and regulators in an attempt to procure influence across the world, including in the UK, US, Canada, India, Vietnam, Argentina, Brazil, Malaysia and all 28 states of the EU. The documents include details of how Facebook:

• Lobbied politicians across Europe in a strategic operation to head off “overly restrictive” GDPR legislation. They include extraordinary claims that the Irish prime minister said his country could exercise significant influence as president of the EU, promoting Facebook’s interests even though technically it was supposed to remain neutral.

• Used chief operating officer Sheryl Sandberg’s feminist memoir Lean In to “bond” with female European commissioners it viewed as hostile.

• Threatened to withhold investment from countries unless they supported or passed Facebook-friendly laws.

He noted it was “not a secret” that he had helped launch Sandberg’s book at 11 Downing Street and added: “The book’s message about female empowerment was widely praised, not least in the Guardian and the Observer.”

In fact, the memo reveals that Sandberg’s feminist memoir was perceived as a lobbying tool by the Facebook team and a means of winning support from female legislators for Facebook’s wider agend

The documents appear to emanate from a court case against Facebook by the app developer Six4Three in California, and reveal that Sandberg considered European data protection legislation a “critical” threat to the company. A memo written after the Davos economic summit in 2013 quotes Sandberg describing the “uphill battle” the company faced in Europe on the “data and privacy front” and its “critical” efforts to head off “overly prescriptive new laws”.

Most revealingly, it includes details of the company’s “great relationship” with Enda Kenny, the Irish prime minister at the time, one of a number of people it describes as “friends of Facebook”. Ireland plays a key role in regulating technology companies in Europe because its data protection commissioner acts for all 28 member states. The memo has inflamed data protection advocates, who have long complained about the company’s “cosy” relationship with the Irish government.

The memo notes Kenny’s “appreciation” for Facebook’s decision to locate its headquarters in Dublin and points out that the new proposed data protection legislation was a “threat to jobs, innovation and economic growth in Europe”. It then goes on to say that Ireland is poised to take on the presidency of the EU and therefore has the “opportunity to influence the European Data Directive decisions”. It makes the extraordinary claim that Kenny offered to use the “significant influence” of the EU presidency as a means of influencing other EU member states “even though technically Ireland is supposed to remain neutral in this role”.

It goes on: “The prime minister committed to using their EU presidency to achieve a positive outcome on the directive.” Kenny, who resigned from office in 2017, did not respond to the Observer’s request for comment.

John Naughton, a Cambridge academic and Observer writer who studies the democratic implications of digital technology, said the leak was “explosive” in the way it revealed the “vassalage” of the Irish state to the big tech companies. Ireland had welcomed the companies, he noted, but became “caught between a rock and a hard place”. “Its leading politicians apparently saw themselves as covert lobbyists for a data monster.”

A spokesperson for Facebook said the documents were still under seal in a Californian court and it could not respond to them in any detail: “Like the other documents that were cherrypicked and released in violation of a court order last year, these by design tell one side of a story and omit important context.”

The 2013 memo, written by Marne Levine, who is now a Facebook senior executive, was cc-ed to Elliot Schrage, Facebook’s then head of policy and global communications, the role now occupied by Nick Clegg. As well as Kenny, dozens of other politicians, US senators and European commissioners are mentioned by name, including then Indian president Pranab Mukherjee, Michel Barnier, now the EU’s Brexit negotiator, and Osborne.

The then chancellor used the meeting with Sandberg to ask Facebook to invest in the government’s Tech City venture, the memo claims, and Sandberg said she would “review” any proposal. In exchange, she asked him to become “even more active and vocal in the European Data Directive debate and really help shape the proposals”. The memo claims Osborne asked for a detailed briefing and said he would “figure out how to get more involved”. He offered to host a launch for Sandberg’s book in Downing Street, an event that went ahead in spring 2013.

Osborne told the Observer: “I don’t think it’s a surprise that the UK chancellor would meet the chief operating officer of one of the world’s largest companies … Facebook and other US tech firms, in private, as in public, raised concerns about the proposed European Data Directive. To your specific inquiry, I didn’t follow up on those concerns, or lobby the EU, because I didn’t agree with them.”

He noted it was “not a secret” that he had helped launch Sandberg’s book at 11 Downing Street and added: “The book’s message about female empowerment was widely praised, not least in the Guardian and the Observer.”

In fact, the memo reveals that Sandberg’s feminist memoir was perceived as a lobbying tool by the Facebook team and a means of winning support from female legislators for Facebook’s wider agenda.

In a particularly revealing account of a meeting with Viviane Reding, the influential European commissioner for justice, fundamental rights and citizenship, the memo notes her key role as “the architect of the European Data Directive” and describes the company’s “difficult” relationship with her owing to her being, it claims, “not a fan” of American companies.

“She attended Sheryl’s Lean In dinner and we met with her right afterwards,” the memo says, but notes that she felt it was a “very ‘American’ discussion”, a comment the team regarded as a setback since “getting more women into C-level jobs and on boards was supposed to be how they bonded, and it backfired a bit”.

The Davos meetings are just the tip of the iceberg in terms of Facebook’s global efforts to win influence. The documents reveals how in Canada and Malaysia it used the promise of siting a new data centre with the prospect of job creation to win legislative guarantees. When the Canadians hesitated over granting the concession Facebook wanted, the memo notes: “Sheryl took a firm approach and outlined that a decision on the data center was imminent. She emphasized that if we could not get comfort from the Canadian government on the jurisdiction issue, we had other options.” The minister supplied the agreement Facebook required by the end of the day, it notes.

Apps Give Private Data To Facebook Without User’s Knowledge or Permission

Why does this surprise anyone? And it is not just data going to Facebook. Most of the apps we see on Android have such wide open permissions and no or awful privacy policies, that it astounds me anyone would use them. Why does a “torch” (flashlight) app need to be able read my contacts or have full internet access? That is just one example. Running a PC with out a strict application firewall these days is plainly crazy. But how many users run application firewalls on their mobile devices? They should.

Facebook needs to wound down. The best way to do that is to simply boycott any and all of their properties. Just say no to Facebook and all their properties like Messenger, Whatsapp, Instagram, Masquerade (MSQRD), Moves App, …

Well back to the news

Quote

NPR’s Mary Louise speaks with The Wall Street Journal’s Sam Schechner about how several apps they tested sent sensitive personal data to Facebook without users’ permission or knowledge.

MARY LOUISE KELLY, HOST:

Let’s dig deeper now into how some of these apps are sharing users’ data without their knowledge. Laura mentioned The Wall Street Journal just there. It recently published another story headlined “You Give Apps Sensitive Personal Information. Then They Tell Facebook.” Sam Schechner is one of the reporters on the story, and I asked him what sensitive personal information we’re talking about here.

Facebook says that they offer services to the developers that send it. They offer analytic services so you can see how users are interacting with that app. And they allow the app developer to then target users of the app on Facebook properties with ads. It’s worth noting, however, that Facebook’s terms of service give it wide latitude to use that information for other purposes, such as targeting ads more generally, for personalizing their service, including the news feed, and for research and development.

SAM SCHECHNER: Well, it could be your weight, if you’re having your period, your height, your blood pressure. We saw all of that kind of information being transferred from apps directly to Facebook servers in testing that we ran over the last few months.

KELLY: Yeah, you give an example of an app that allows women to track when they’re getting their period and ovulation. They enter that in, and then it immediately gets fed straight over to Facebook.

SCHECHNER: Yeah. What we saw – and this was actually part of what set off the investigation. While we were doing the testing, I was entering information to the app, and I saw that it was immediately sending a notification that I had altered the dates of my period to Facebook.

KELLY: Your virtual period. I assume – (laughter) I’ll make a wild leap and assume here.

SCHECHNER: Sending the dates of my virtual period. I was using the app even though I don’t get one. And in addition, it would send a notification to Facebook when you entered pregnancy mode. The app would show kind of confetti on the screen. But behind the scenes, the app was informing Facebook that it was now in pregnancy status.

KELLY: Here’s the sentence from your article that stopped me cold. I’m just going to read it. (Reading) The social media giant collects intensely personal information from many popular smartphone apps just seconds after users enter it even if the user has no connection to Facebook. Really? I mean, even if I don’t have a Facebook account, this is happening.

SCHECHNER: Yes, that is correct. And the reason is ’cause apps build in software from Facebook in order to do all kinds of things, including to track their users’ behavior. And that software sends the data back to Facebook regardless of whether or not you’re a user. In fact, the app doesn’t have any way of knowing whether you’re a user when it sends the data.

KELLY: And what does Facebook say they are doing with this data?

SCHECHNER: Facebook says that they offer services to the developers that send it. They offer analytic services so you can see how users are interacting with that app. And they allow the app developer to then target users of the app on Facebook properties with ads. It’s worth noting, however, that Facebook’s terms of service give it wide latitude to use that information for other purposes, such as targeting ads more generally, for personalizing their service, including the news feed, and for research and development.

KELLY: Does it appear based on your reporting that regulators are sitting up and paying attention?

SCHECHNER: Well, already New York Governor Andrew Cuomo has directed state agencies to look into the matter. And already since our report, at least five of the apps that we highlighted have stopped sending the information that we highlighted to Facebook. And Facebook has sent out letters to those apps and other major app developers telling them to stop sending any health-related information or other potentially sensitive information.

KELLY: Did you find yourself changing settings or deleting apps as you reported this out?

SCHECHNER: I definitely did. I advised my wife to use a different app to track her own cycle, and I certainly made sure that, you know, when I exercise, I’m using apps that didn’t in my testing turn up to be sending this specific data. Of course I am a tech reporter, not a, you know, software engineer, so the likelihood is that I’m still being tracked. And in fact when I go on my phone, I see plenty of ads for exercise apps probably from the fact that I just went running.

KELLY: Wall Street Journal reporter Sam Schechner, thanks so much.

SCHECHNER: Thanks for having me.

Unearthed emails could be smoking gun in epic GDPR battle against Google, adtech giants

If online ads were simply outlawed, the problem would be fixed. That will not happen soon, so use the best ad-blocker you can, set your browser to dump cookies and other data upon exit (not available in Google Chrome –hhmmm now I wonder why..), and when done on one site, close browser and restart before going to new site.

Quote

Privacy warriors have filed fresh evidence in their ongoing battle against real-time web ad exchange systems, which campaigners claim trample over Europe’s data protection laws.

The new filings – submitted today to regulators in the UK, Ireland, and Poland – allege that Google and industry body the Interactive Advertising Bureau (IAB) are well aware that their advertising networks’ business models flout the EU’s privacy-safeguarding GDPR, and yet are doing nothing about it. The IAB, Google – which is an IAB member – and others in the ad-slinging world insist they aren’t doing anything wrong.

The fresh submissions come soon after the UK Information Commissioner’s Office (ICO) revealed plans to probe programmatic ads. These are adverts that are selected and served on-the-fly as you visit a webpage, using whatever personal information has been scraped together about you to pick an ad most relevant to your interests.

Typically, advertisers bid for space on a webpage in real-time given the type of visitor: the page is fetched from a website, it brings in ad network code, which triggers an auction between advertisers that completes in a fraction of a second, and the winning ad is served and displayed (assuming the advert isn’t blocked.) This transaction, dubbed real-time bidding or RTB, happens automatically and immediately when an ad is required, and it can be fairly convoluted: ad slots may be passed through a tangle of publishers and exchanges before they arrive in a browser.

Netizens known to be wealthy and with a lot of disposable income, or IT buyers with big spending budgets, for example, will command higher ad rates than those unlikely to buy anything through an ad. This is why ad networks and exchanges, like Google, love to know everything about you, all that lovely private data, so they can tout you to advertising buyers and target ads at you for stuff you’re previously shown an interest in.

The ICO’s investigation will focus on how well informed people are about how their personal information is used for this kind of online advertising, which laws ad-technology firms rely on for processing said private data, and whether users’ data is secure as it is shared on these platforms.

Meanwhile, these latest filings follow on from gripes lodged by the same online rights campaigners late last month and in 2018.

The privacy warriors allege the aforementioned auction systems fall foul of Europe’s General Data Protection Regulation (GDPR) because netizens do not have much or any real control over the massive amounts of ad-related data lobbed between sites and services. Moreover, this information can be highly personal – sometimes including location coordinates along with pseudonymous identifiers, personal interests, and the site they are browsing.

The complaints, which point the finger of blame at the IAB’s openRTB and Google’s Authorized Buyers systems, were filed to watchdogs in the UK by Open Rights Group executive director Jim Killock and privacy research Michael Veale; in Ireland by Johnny Ryan of browser biz Brave; and in Poland by the Panoptykon Foundation.

The IAB has consistently stressed that the complaints should not be directed at RTB technology makers, such as itself – and that doing so is like holding road builders accountable for people who break the speed limit. In other words, the tech can be abused, but apparently not by its developers. And the industry body claimed the complainants have only proven it is possible to break the law, not that it has been broken.

As such, the privacy warriors hope to add more weight to their arguments, and today submitted a fresh set of documents to regulators in the aforementioned trio of nations. This cache includes examples of the data passed through RTB systems, and the number of daily bid requests ad exchanges make, which reach 131 billion for AppNexus and 90 billion for Oath/AOL.
Programmatic trading, or is that problematic trading?

The complainants have also filed documents they claim prove the IAB has long been aware that there is a potential problem with RTB systems and their compliance with GDPR.

Among the latest cache is an email from 2017 – obtained under a Freedom-of-Information request – sent from the CEO of IAB Europe, Townsend Feehan, to senior staff in the European Commission Directorate General for Communications Networks, Content, and Technology.

The email reveals Feehan lobbying commission staffers against proposals for a new ePrivacy Regulation – which was meant to come into force with GDPR but has been stuck in negotiations – saying it could “mean the end of the online advertising model.”

Programmatic trading would seem, at least prima facie, to be incompatible with consent under GDPR

The exec attached an 18-page document to the email detailing IAB Europe’s reasoning, which discussed the impact of proposals to tighten rules on the use of people’s private data to the same level as that of GDPR, particularly the requirement of someone’s consent to share their information. Crucially, consent under GDPR requires that people are told clearly what’s going on with their sensitive info, which means website visitors must be told the identity of the data controller(s) processing their data and the purposes of processing. Given the instantaneous and convoluted nature of ad bidding, it is seemingly impossible to alert netizens prior to the real-time auctions, it is claimed.

This, essentially, is the rub between GDPR and today’s on-the-fly web advertising, it would seem.

“As it is technically impossible for the user to have prior information about every data controller involved in a real-time bidding (RTB) scenario, programmatic trading, the area of fastest growth in digital advertising spend, would seem, at least prima facie, to be incompatible with consent under GDPR,” the IAB said.

Brave’s Johnny Ryan said this acknowledges the issue at the core of the campaigners’ complaint – and suggests the IAB doesn’t think adtech’s operating model can work with GDPR.

The IAB has since launched a “Consent and Transparency Framework” to help companies involved in RTB systems meet their legal requirements – but opponents argue that this doesn’t change the facts at the heart of the matter.

Similarly, a document from May 2018 produced by the IAB Tech Lab – a group that produces standards, software, and services for digital publishers, marketers, media, and adtech firms – acknowledged concerns about GDPR compliance. In it, the lab said publishers were concerned “there is no technical way to limit the way data is used after the data is received by a vendor for decisioning/bidding on/after delivery of an ad but need a way to clearly signal the restriction for permitted uses in an auditable way.”

It also said that “surfacing thousands of vendors with broad rights to use data w/out tailoring those rights may be too many vendors/permissions.” And elsewhere in the 2017 document, the IAB said that, since third parties in adtech have “no link to the end-user [they] will be unable to collect consent.”
All your basis are belong to…?

It is question-marks like these, from the industry itself, that the privacy campaigners hope will bolster their case. These concerns were also highlighted by the ICO’s tech policy lead Simon McDougall in a blog post earlier this month outlining the body’s plan to look into adtech.

“The lawful basis for processing personal data that different organisations operating in the adtech ecosystem currently rely upon are apparently inconsistent,” he said. “There seem to be several schools of thought around the suitability of various basis for processing personal data – we would like to understand why the differences exist.”

He added that the ICO was interested in how and what people are told about how their personal data is used for online advertising, and how accurate these disclosures are.

A third prong of the ICO probe will consider the security of the data that is widely and rapidly shared during the auctions. “We are interested in how organisations can have confidence and provide assurances that any onward transfers of data will be secure,” said McDougall.

The ICO stressed that it was in the fact-finding stages of its work, and that it wanted to listen to all the “diverging views” on adtech.

And, for their part, the complainants in the case against IAB Europe and Google have said that they aren’t, necessarily, seeking an end to online advertising. Rather, they want to see adtech firms operate without sharing the highly personal information they do at the moment. For instance, Ryan said that the IAB RTB system allows 595 different kinds of data to be included in a bid request. Scrapping the use of just four per cent would be an “easy, long overdue, fix

What would happen if Facebook was turned off?

Quote

Imagine a world without the social network

THERE HAS never been such an agglomeration of humanity as Facebook. Some 2.3bn people, 30% of the world’s population, engage with the network each month. Economists reckon it may yield trillions of dollars’ worth of value for its users. But Facebook is also blamed for all sorts of social horrors: from addiction and bullying to the erosion of fact-based political discourse and the enabling of genocide. New research—and there is more all the time—suggests such accusations are not entirely without merit. It may be time to consider what life without Facebook would be like.

To begin to imagine such a world, suppose that researchers could kick a sample of people off Facebook and observe the results. In fact, several teams of scholars have done just that. In January Hunt Allcott, of New York University, and Luca Braghieri, Sarah Eichmeyer and Matthew Gentzkow, of Stanford University, published results of the largest such experiment yet. They recruited several thousand Facebookers and sorted them into control and treatment groups. Members of the treatment group were asked to deactivate their Facebook profiles for four weeks in late 2018. The researchers checked up on their volunteers to make sure they stayed off the social network, and then studied what happened to people cast into the digital wilderness.

Facebook is also blamed for all sorts of social horrors: from addiction and bullying to the erosion of fact-based political discourse and the enabling of genocide. New research—and there is more all the time—suggests such accusations are not entirely without merit. It may be time to consider what life without Facebook would be like.

 

THERE HAS never been such an agglomeration of humanity as Facebook. Some 2.3bn people, 30% of the world’s population, engage with the network each month. Economists reckon it may yield trillions of dollars’ worth of value for its users. But Facebook is also blamed for all sorts of social horrors: from addiction and bullying to the erosion of fact-based political discourse and the enabling of genocide. New research—and there is more all the time—suggests such accusations are not entirely without merit. It may be time to consider what life without Facebook would be like.

To begin to imagine such a world, suppose that researchers could kick a sample of people off Facebook and observe the results. In fact, several teams of scholars have done just that. In January Hunt Allcott, of New York University, and Luca Braghieri, Sarah Eichmeyer and Matthew Gentzkow, of Stanford University, published results of the largest such experiment yet. They recruited several thousand Facebookers and sorted them into control and treatment groups. Members of the treatment group were asked to deactivate their Facebook profiles for four weeks in late 2018. The researchers checked up on their volunteers to make sure they stayed off the social network, and then studied what happened to people cast into the digital wilderness.

Meanwhile back at the ranch – Alexa,Google Home, etc. are flying off the shelves.