Wednesday, December 19th 2018
WASHINGTON (Sinclair Broadcast Group) — It has been a bad week for Facebook and even worse for social media users who are worried about privacy.
According to an investigation by The New York Times, Facebook provided scores of companies with access to users’ posts, photos, messages, email addresses and other data. The company never sought the consent of users and never informed the public of what it was doing.
The report, based on hundreds of pages of documents and interviews with 60 current and former Facebook employees, revealed:
- Amazon, Microsoft and Sony were able to access users’ email addresses through their Facebook friends through 2017.
- Netflix, Spotify and the Royal Bank of Canada were reportedly allowed to read, write and delete private messages.
- Apple devices could access users’ contacts and calendar entries even if they opted out of sharing this information.
- Yahoo had access to a real-time feed of friends’ posts until 2011.
- And at least through 2017, Microsoft’s Bing search engine was able to see the names of virtually all Facebook users’ friends.
Facebook responded to the report in a blog post arguing that “none of these partnerships or features gave companies access to information without people’s permission.” Many of the partnerships described in the report have since ended, Facebook said. Others are still active, specifically the arrangements with Amazon and Apple.The existence of the agreements at any time would apparently give the lie to CEO Mark Zuckerberg’s public claims that “people have control over how their information is used.”
Facebook executives appeared before Congress multiple times this year to apologize for data breaches, for spreading fake news and numerous privacy violations. They assured lawmakers and consumers that they respect online privacy and do not sell user data or information “to anyone.”
“Clearly Mark Zuckerberg lied to Congress,” said Brad Shear, an attorney and digital privacy advocate. “Any time Facebook comes out and defends the company’s practices, you know they’re not being truthful.”
In April, Zuckerberg testified before the Senate claiming that users can effectively manage the information Facebook collects and shares about them. “The first line of our Terms of Service say that you control and own the information and content that you put on Facebook,” he said.
It’s not the first line but Facebook acknowledges it collects user data and shares it with other Facebook companies, such as WhatsApp, Instagram or CrowdTangle. The data is used to “personalize” the experience and connect users to content and people, because “stronger ties make for better communities.”
What is not in the Terms of Service is any reference to the partnerships formed with other companies who were given access to your information. Facebook only acknowledged these Wednesday in a blog post defending the practicality and legality of the arrangements.
By 2010, Facebook started developing transactional partnerships with more than 150 companies, including tech giants, online retailers, entertainment sites, financial institutions and others. The company saw no problem with the partnerships or not telling its billions of users. Facebook “considered the partners extensions of itself,” The Times reported.
The arrangements were mutually beneficial. Facebook offered partners a virtual goldmine of data. In exchange, the companies integrated the social media platform into its products, driving more users to spend more time on Facebook, which in turn created an even greater volume of user data for Facebook and its partners.
The partners were allegedly prohibited from misusing the information. On Wednesday the company said it had “no evidence” of data misuse or companies using information for their own purposes. Steve Satterfield, Facebook’s director of privacy and public policy, told The Times, “Facebook’s partners don’t get to ignore people’s privacy settings.”
Despite the denials, a growing body of evidence suggests Facebook is selling access to user data. A set of internal Facebook documents seized by the British Parliament last month shows the company provided certain”whitelisted” companies, like Netflix, Lyft and Airbnb, with extensive access to user data without user consent. Such activities would contradict Facebook’s public statements as well as the typical user’s understanding of the platform’s privacy policy.
“Whether they’re getting money in return, they’re getting something of economic value,” Shear said. “They can trot out lawyers and PR people, but Facebook is clearly selling user information and any claim otherwise is false or misleading.”
Facebook has taken one public relations hit after another and faces mounting concerns about its apparent disregard for privacy.
Last Friday (Dec. 14), Facebook reported a “bug” that exposed about 6.8 million users private photos. The issue has since been fixed, according to Facebook, but for 12 days in September, apps were able to access private photos and content users had not even shared.
On Monday, the social media giant was in the crosshairs after the Senate Intelligence Committee released a pair of reports showing how Facebook and its subsidiary Instagram failed to respond to Russia’s election interference. Their inaction reportedly allowed Russian actors to engage in voter suppression activities that successfully targeted black voters. These reports, in turn, prompted a sharp reaction from the NAACP which launched a Boycott Facebook campaign.
The New York Times published its investigation of Facebook’s data-sharing partnerships Tuesday night. And on Wednesday, the Washington, D.C. attorney general sued Facebook for jeopardizing millions of users privacy. The lawsuit stems from the Cambridge Analytica scandal, in which a political data research firm was able to inappropriately access roughly 87 million users data.
All of that came to the fore in less than a week. Aside from losing about a third of its stock value over the last five months, the company has not had to pay a price.
Lawmakers on Capitol Hill said that has to change.
“I don’t want to regulate Facebook, but by God, he [Zuckerberg] is going to leave us no choice,” Sen. John Kennedy, R-La., told Sinclair Broadcast Group. Kennedy has been working on bipartisan legislation to rein in social media companies and expects to introduce it early next year.
On top of alleged consumer privacy violations, the Republican senator noted that the partnership agreements were tantamount to selling user data “for bucketloads of money.” Facebook has repeatedly claimed it does not sell user data.
Sen. Ron Wyden, D-Ore., accused Facebook executives of “repeatedly” lying to Congress and called for harsh penalties for companies that fail to protect consumer privacy, including putting CEOs in jail. “Clearly these people need some skin in the game before they will take Americans’ privacy seriously,” he wrote in a statement.
Sen. Brian Schatz, D-Hawaii, noted a growing bipartisan consensus in Congress that the large social media companies “can’t be trusted to regulate themselves.” He noted that The Times report is another piece of bad news for consumers, “it augers well for the potential to do something big and bipartisan in the coming Congress.”
Facebook has been threatened with penalties for previous violations of user privacy but the regulations have never been enforced.
In 2011, the Federal Trade Commission (FTC) voted unanimously to enforce a consent agreement with Facebook and dinged the social media company for deceptive consumer practices. Specifically, Facebook claimed they could keep users’ information private and repeatedly allowed it to be shared with third parties without user consent. The consent decree was finalized in 2012.
Under threat of penalty, Facebook was required to obtain consumers’ express consent before overriding their privacy preferences. The company was also forced to establish a “comprehensive privacy program” subject to periodic review by an independent third party.
According to The Times, “many of Facebook’s special sharing partnerships were not subject to extensive privacy program reviews.”
Under the consent agreement, each violation carries a civil penalty of up to $16,000. It is not clear how many users’ experienced privacy violations. The Times suggested that Microsoft’s Bing was able to see the names of “virtually all” Facebook users’ friends without consent through 2017. With about 214 million active users, Facebook could theoretically see charges topping $3.4 trillion.
Sen. Richard Blumenthal, D-Conn., argued there is “no excuse” for the FTC’s slow response to Facebook. “There has to be action because of this apparent violation of the consent decree. And it should be action now, not at some point in the indefinite future,” he told reporters.
Despite Facebook’s assurances that users control their information through privacy settings, a growing mountain of evidence suggests that is not the case.
Earlier this year, Facebook introduced Ads Preferences, a tool to let users limit the information sent to third party advertisers. A new report by privacy researchers Aleksandra Korolova and Irfan Faizullabhoy found that Facebook continued to send location-sensitive ads even when users used the most restrictive privacy setting.
Ultimately, individual users who want to continue using Facebook have few, if any, ways to protect their privacy. Facebook users can update privacy settings here. It is also possible to delete or deactivate your account by going to account settings.