Facebook and its founder Mark Zuckerberg are facing legal problems on multiple fronts these days. There’s the class-action complaint alleging lax security measures increased users’ risk of identity theft, following the 2018 hack of 50 million user accounts.1,2
Then there’s the U.S. Federal Trade Commission (FTC) probe into Facebook’s compliance with a 2011 consent agreement to safeguard users’ personal information, which has been ongoing for the past year.
According to Fortune Magazine,3 if the company is found to have violated the agreement, fines amounting to hundreds of millions of dollars may be levied. According to a March 4, 2019, report by Wired,4 the U.S. House Judiciary Committee is also conducting an investigation looking for links between Cambridge Analytica, Russia, President Trump and WikiLeaks.
In addition to that, the FTC recently launched a second criminal investigation into the company’s controversial data sharing practices. Top executives are also leaving the company — a sign that the rats are fleeing from Facebook’s sinking ship.
Among them are Facebook’s chief product officer, Chris Fox, who has been with the company for 13 years, and Chris Daniels, vice president of WhatsApp, a position he’s held only since May.5,6
FTC Probe No. 1
The first, still ongoing, FTC investigation revolves around the Cambridge Analytica scandal, where it was discovered Facebook allowed a British political consulting firm access to some 87 million Facebook users’ data, which was allegedly used in an effort to sway public opinion in the U.S. presidential election. As reported by Fortune last year:7
“In the 2011 case, the agency [FTC] alleged in an eight-count draft complaint that Facebook had broken its promise that users could keep their information on Facebook private.
Facebook had assured users that third-party applications only had access to data required for them to function, while, in fact, the applications had access to almost all of a user’s personal information.
Under the settlement, Facebook agreed to get consent from users before sharing their data with third parties. It also required Facebook to establish a ‘comprehensive privacy program,’ block access to a user’s account within 30 days of it being deleted and barred it from making any deceptive claims about its privacy practices.”
Facebook insists it did not violate the consent agreement, and that Cambridge Analytica obtained user data through an app developer who violated Facebook’s policies.8 According to Facebook, Cambridge Analytica told them the data would be used for academic purposes only.
However, according to a recent The New York Times report,9 “the fine print accompanying a quiz app that collected the information said it could also be used commercially.” Facebook also does not appear to have had a verification protocol in place to make sure app developers were complying with Facebook’s data sharing rules.
New Criminal Probe Underway
All of that is now coming to a head as yet another criminal investigation into Facebook’s data sharing deals gets underway.10 According to The New York Times,11 a federal grand jury is looking at partnerships that gave tech companies and device makers broad access to Facebook users’ information,” and Facebook may now be facing FTC fines in the billions rather than hundreds of millions.12
Facebook stands accused of providing “deep access to users’ personal information” to a wide variety of business partners, allowing these companies to override privacy settings set by the user to access their data. This, despite Facebook claiming it discontinued this practice in 2015. According to The New York Times:13
“The sharing deals empowered Microsoft’s Bing search engine to map out the friends of virtually all Facebook users without their explicit consent, and allowed Amazon to obtain users’ names and contact information through their friends.
Apple was able to hide from Facebook users all indicators that its devices were even asking for data … Facebook has aggressively defended the partnerships, saying they were permitted under a provision in the FTC agreement that covered service providers — companies that acted as extensions of the social network.”
Zuckerberg Reveals Plan to Morph Facebook Into Encrypted Messaging Platform
Despite a clear history of rampant privacy violations, Zuckerberg has now unveiled his latest plan for Facebook, saying the company will be shifting away from being a platform for public sharing, toward “encrypted, ephemeral communications,”14 meaning messages would not only be encrypted, but they would also be automatically deleted after a certain amount of time (unless the user opted to store it longer).
As explained in the video commentary by Verge,15 above, there are benefits and drawbacks to the plan — if anything actually comes from it — and governments and law enforcement are likely to resist its implementation. Zuckerberg’s plan was detailed in a March 6, 2019, blog post.16
“In this note, I’ll outline our vision and principles around building a privacy-focused messaging and social networking platform,” Zuckerberg writes.
“Over the last 15 years, Facebook and Instagram have helped people connect with friends, communities and interests in the digital equivalent of a town square. But people increasingly also want to connect privately in the digital equivalent of the living room …
I believe a privacy-focused communications platform will become even more important than today’s open platforms. Privacy gives people the freedom to be themselves and connect more naturally …
I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever. This is the future I hope we will help bring about.
We plan to build this the way we’ve developed WhatsApp: Focus on the most fundamental and private use case — messaging — make it as secure as possible and then build more ways for people to interact on top of that, including calls, video chats, groups, stories, businesses, payments, commerce and ultimately a platform for many other kinds of private services.“
Ironically, it was recently discovered that Facebook was storing millions of user passwords in readable plaintext format (opposed to hashed) on an internal data storage system — a truly basic security mistake. To protect your account, you may want to update your password, just in case. Wired writes:17
“… [F]ollowing a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite and Instagram to be stored as plaintext in an internal platform.
This means that thousands of Facebook employees could have searched for and found them. Krebs reports that the passwords stretched back to those created in 2012 …
[A Facebook vice president said] Facebook has now corrected the password logging bug, and that the company will notify hundreds of millions of Facebook Lite users, tens of millions of Facebook users, and tens of thousands of Instagram users that their passwords may have been exposed. Facebook does not plan to reset those users’ passwords.”
Zuckerberg’s Views on Privacy Shift With the Wind
While that sounds all good and well, one has to seriously question the validity of what Zuckerberg is saying, as he has repeatedly demonstrated a complete lack of integrity when it comes to fulfilling promises of privacy. He doesn’t even seem to understand the bare basics of privacy, and has been caught speaking out of both sides of his mouth on more than one occasion.
For example, in a 2010 talk given at the Crunchie awards, he stated that “privacy is no longer a social norm,”18 implying that social networking online automatically meant you could no longer have an expectation of privacy, and that the company decided to change the privacy settings of its then 350 million users because “we decided that these would be the social norms now and we just went for it.”19