The IT Nerd

Today, some execs from Facebook made a trip to Ottawa to be grilled in front of a House Of Commons committee hearing today. They got a rough ride according to the CBC. For example, when it came up that Facebook knew for two years that Cambridge Analytica swiped the data of tens of thousands of Canadians and the company did nothing, this happened:

Robert Sherman, deputy privacy officer for Facebook, conceded the company should have be more proactive in informing users that their raw data might have been used by Cambridge Analytica, a political consulting firm that helped the Leave campaign in the Brexit vote and the candidacy of U.S. President Donald Trump.

When asked why Facebook didn’t notify Canadians whose personal information was breached in 2016, Sherman said: “In retrospect, we should have done that.”

Kevin Chan, head of public policy for Facebook in Canada, offered an apology to Canadians whose profiles might have been compromised. Chan said Facebook was too idealistic — and “naive” — about how its technology is used, and didn’t focus enough on abuse.

“What is alleged to have occurred is a huge breach of trust to our users, and for that we are sorry,” Chan, ex-policy director for former Liberal leader Michael Ignatieff, told MPs on the House of Commons privacy committee.

Something else that came up is the fact that Facebook was taking steps to make sure that as many users as possible were not covered by GDPR which is something that I reported on this morning. As well as their feelings about GDPR. From there the grilling covered some veiled threats by Facebook to pull investments from Canada if there was too much regulation placed on the company:

Conservative MP Peter Kent questioned Facebook’s professed openness to tighter regulations or a strengthened Personal Information Protection and Electronic Documents Act (PIPEDA), saying Canadian MPs were recently warned by Facebook officials in Washington, D.C. that such a move could result in Facebook dialling back its investments in Canada — notably its $7 million financial commitment to the artificial intelligence (AI) research hub in Montreal.

“We were told, almost in passing, that any new Canadian regulations might well put at risk Facebook investments in Canada,” Kent said. “I’m wondering if that same caution would still be made?”

Chan strenuously denied investment decisions are being tied to a country’s regulatory burden. “That is not our view, that is not the representation we would have made. In fact, we’re quite proud to be supporters of AI in Canada.”

Reached for comment later, Kent stood by his description of the initial warning from Facebook officials.

That’s the first time I’ve heard of a threat like that. But I’m not surprised by that as any sort or regulation could potentially hurt Facebook’s ability to make money. Finally, they were apparently caught potentially violating lobbying rules:

Chan also was questioned by NDP MP Charlie Angus about why he hadn’t yet registered as a lobbyist, given the fact that he’s met with senior cabinet members, including Finance Minister Bill Morneau.

The former Liberal aide said it wasn’t necessary for him to register since the portion of his work that could be classified as lobbying falls short of the Lobbying Act’s 20 per cent minimum threshold.

He added that the meeting with Morneau was simply to show him how best to use the Facebook Live function of the platform after the release of the federal budget. That prompted Angus to ask if Chan thought that sort of activity was a good use of his time.

Duff Conacher, the co-founder of Democracy Watch, said Thursday he’d be filing an official complaint with the lobbying commissioner over Chan’s failure to register, asking that an investigation be launched into Facebook’s activities in Ottawa.

Oops. That may not end well for them.

Clearly this was not a good day for Facebook in the nation’s capital. And this may encourage Canadian Facebook users to #DeleteFacebook.

Here’s the latest negative thing to hit Facebook. Steven Englehardt in partnership with Gunes Acar and Arvind Narayanan have found that a Facebook users’ data, including names, email addresses, age range, gender, location and profile picture, could be acquired up by third-party JavaScript trackers on websites making use of the ‘Login with Facebook’ feature. The researchers couldn’t say for sure what the third-party trackers were doing with the data though. But the fact that this is possible at all is problematic given the events of the past few weeks with the data leakage scandal.

The researchers noted that Facebook was not to blame for this situation, nor was it a security hole, but it does highlight some privacy problems. Thus it would be nice if Facebook did say something about it. But having said that, there is a list of sites which have a third-party script which includes functionality to access Facebook data. That way you can steer clear of them.

Or you can use this as another reason to #DeleteFacebook.

Facebook really isn’t going to win hearts and minds with this latest move. Reuters has uncovered a move by the social media company to make changes so that 1.5 billion of the 1.9 billion users of Facebook will not covered by the new General Data Protection Regulation (GDPR) which comes into effect in the EU on May 25. How are going to do that? Here’s how:

Facebook members outside the United States and Canada, whether they know it or not, are currently governed by terms of service agreed with the company’s international headquarters in Ireland.

Next month, Facebook is planning to make that the case for only European users, meaning 1.5 billion members in Africa, Asia, Australia and Latin America will not fall under the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25.

The previously unreported move, which Facebook confirmed to Reuters on Tuesday, shows the world’s largest online social network is keen to reduce its exposure to GDPR, which allows European regulators to fine companies for collecting or using personal data without users’ consent.

That removes a huge potential liability for Facebook, as the new EU law allows for fines of up to 4 percent of global annual revenue for infractions, which in Facebook’s case could mean billions of dollars.

That’s pretty crafty if I may say so. It also proves that it’s back to business as usual for Facebook now that the Mark Zuckerberg apology tour has ended. Let’s face it, GDPR would negatively impact their business model so Facebook is doing everything possible to fight it. Which means that if this really bothers you, the choice is clear. Either live with the fact that you’re dealing with a company that doesn’t take your privacy seriously, or #DeleteFacebook.

The new General Data Protection Regulation (GDPR) comes into effect in the EU on May 25. Facebook is one of many companies who need to comply with this law. And they’re claiming that they’re doing their best to do so. However, this little tidbit popped up today via Reuters. You see, one of the facets of GDPR is that people who use services like Facebook must opt into the use of those services. In other words, the concept of being forced to use something and having to opt out if you don’t isn’t allowed. Which makes this tidbit a bit eyebrow raising:

Facebook Deputy Chief Privacy Officer Rob Sherman said the social network would begin seeking Europeans’ permission this week for a variety of ways Facebook uses their data, but he said that opting out of targeted marketing altogether would not be possible.

Facebook users will be able to limit the kinds of data that advertisers use to target their pitches, he added, but “all ads on Facebook are targeted to some extent, and that’s true for offline advertising, as well.”

Facebook, the world’s largest social media network, will use what are known as “permission screens” – pages filled with text that require pressing a button to advance – to notify and obtain approval.

The screens will show up on the Facebook website and smartphone app in Europe this week and globally in the coming months, Sherman said.

The screens will not give Facebook users the option to hit “decline.” Instead, they will guide users to either “accept and continue” or “manage data setting,” according to copies the company showed reporters on Tuesday.

“People can choose to not be on Facebook if they want,” Sherman said.

So, basically EU users will have to consent to targeted ads or be forced to #DeleteFacebook. I’m pretty sure that this is a tactic to try and force the EU to allow their present business model to continue as there’s no technical reason why whey can’t allow people to opt into having targeted ads displayed to them.

Good luck with that.

I’m going to suggest that a healthy amount of privacy minded EU users will simply join team #DeleteFacebook rather than submit to this. And Facebook may be forced to rethink this and adjust their strategy accordingly. Thus it might be wise if Facebook rethinks this now to avoid their user base in the EU dropping rapidly.

The Facebook data leak scandal may have just got worse.

Cambridge Analytica and its partners used data from previously unknown “Facebook-connected questionnaires” to obtain user data from the social media service, according to testimony from a former Cambridge Analytica employee.

Brittany Kaiser provided evidence to the British Parliament today as part of a hearing on fake news. Kaiser, who worked on the business team at Cambridge Analytica’s parent company until January of this year, wrote in a statement that she was “aware in a general sense of a wide range of surveys” used by Cambridge Analytica or its partners, and she said she believes the number of people whose Facebook data may have been compromised is likely higher than the widely reported 87 million.

That’s bad. And we need answers to how far this goes. It’s also another reason why Mark Zuckerberg needs to go to the UK to answer questions in front of Parliament.

Having said that, how many non-users did Cambridge get information on? After all, Facebook has profiles for non-users as well as actual users. I’m told repeatedly that I am the only remaining person alive between the age of 8 and 80 who doesn’t have a profile on Facebook. Thus it would be really interesting to know if Cambridge got information on luddites like me as well.

Last week a common refrain from Facebook CEO Mark Zuckerberg while testifying in front of congress was “I’ll get back to you” or “I don’t know.” That led to this document being posted by Facebook with the things that Zuckerberg could not answer during his testimony. Now I will let you go through it for yourself to see the sort of stuff they’re up to. But the one that will get your attention is this one:

When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook.

That’s right, Facebook tracks non-users. That’s a wee bit creepy. It goes on to explain how it does that (sort of), and that others do that as well (True. But depending on the site it could be less or just as invasive). Keep in mind that Facebook has denied this in the past, then copped to it when they were forced to stop tracking Belgians earlier this year.

While I give points to Facebook for putting this document out publicly (as they could have just sent it to congress and left the rest of us out of the loop), it really doesn’t make me feel better about Facebook. It’s clear that they were off doing things that at best were questionable for some time, and that reinforces that people shouldn’t be using Facebook. Though, it’s also clear that even if you’re like me and you didn’t have a Facebook account, you were being tracked anyway.

Hopefully congress is paying attention.

A survey from TechPinions and reported by Boy Genius Report says that about 1 in 10 Americans have deleted their Facebook account because of the data leakage scandal:

With the outrage surrounding Facebook’s privacy policies reaching a fever pitch over the past few weeks, there has been something of an underground movement calling for users to delete their Facebook account altogether. To this point, you may have seen the DeleteFacebook hashtag pop up on any number of social media platforms in recent weeks, including, ironically enough, on Facebook itself. While Zuckerberg last week said that the company hasn’t seen a meaningful drop off in cumulative users, a new survey from Creative Strategies claims that 9% of Americans may have deleted their accounts.

The report reads in part: “Privacy matters to our panelists. Thirty-six percent said they are very concerned about it and another 41% saying they are somewhat concerned. Their behavior on Facebook has somewhat changed due to their privacy concerns. Seventeen percent deleted their Facebook app from their phone, 11% deleted from other devices, and 9% deleted their account altogether. These numbers might not worry Facebook too much, but there are less drastic steps users are taking that should be worrying as they directly impact Facebook’s business model.”

Facebook has about 2.2 billion users of which less than 220 million are American. So 9% of Americans would be about 0.9% of their users. Thus I am not sure if Zuckerberg and company have anything to worry about just yet. The real test will be in the weeks ahead. If this number does increase to say 3 in 10 or 4 in 10 Americans, then Facebook might have a problem. Hopefully the organization that took this survey does another one in a few weeks so that we can see if this is the beginning of a trend or not.