Tag Archives: Internet privacy

The Ladies of the Senate Scrape Facebook

The Zuckerberg Apology tour (Version 2018) continues today in Washington, DC. Yesterday, Nevada Senators Heller and Cortez-Masto had their opportunity to ask questons. Heller’s questions were well intentioned, but reduced in impact because his premise included the notion Facebook sells user information. It doesn’t. It sells advertising.(1)  [NVIndy] Understanding the questions from Cortez-Masto requires a bit of background.

Senator Cortez-Masto referred to the 2011 Consent Decree between the FTC and Facebook.

“I appreciate you being here, I appreciate the apology, but stop apologizing and make the change,” she said. “The skepticism that I have, and I’m hoping you can help me with this, is over the last seven years…I haven’t seen really much change in ensuring that the privacy is there and that individual users have control over their data.” [NVIndy]

She has reason for her skepticism, here’s what the FTC required as of November 29. 2011:

Specifically, under the proposed settlement, Facebook is:

  • barred from making misrepresentations about the privacy or security of consumers’ personal information;

  • required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;

  • required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;

  • required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and

  • required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.

It doesn’t require too much mental effort to comprehend that Facebook’s response to the provision that it is “required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information;” to see there’s been precious little progress made by Facebook in terms of a comprehensive privacy program. (2) Although Zuckerberg described his company’s response as “robust.” (3)  Robust is not a term I might apply to Facebook’s efforts since November 29, 2011, especially in regard to the implementation of comprehensive privacy policy development and subsequent audits.  Senator Cortez-Masto is correct in assuming we would not be discussing Cambridge Analytica had Facebook complied fully with the 2011 settlement terms.

There are deeper weeds to explore, a trail launched by Senator Maria Cantwell’s inquiry about Palantir. [BI]

“One of the oddest and most uncomfortable moments in the questioning of Facebook CEO Mark Zuckerberg by the Senate on Tuesday was when Senator Maria Cantwell (D-WA) started asking about Palantir.  “Do you think Palantir ever scraped data from Facebook?” She asked. Zuckerberg, looked nonplussed and answered. “Senator, I’m not aware of that.”  She asked, “Do you know who Palantir is?” Zuckerberg admitted that he did. And he should. Palantir is a company that was founded by his early investor and long-time board member Peter Thiel. [BI]

There was nothing “odd” about the moment, if one assumes Senators had done some homework.

A connection between Facebook, Cambridge Analytica, and Palantir is strongly suggested by this reporting in Business Insider:

“We learned today that an employee, in 2013-2014, engaged in an entirely personal capacity with people associated with Cambridge Analytica,” Palantir told The Times. “We are looking into this and will take the appropriate action.”

The employee was Alfredas Chmieliauskas, according to The Times. His LinkedIn shows that he is a business-development staffer at Palantir in London. He suggested that Cambridge Analytica create a personality-quiz app to harvest data from Facebook users, The Times said. Cambridge Analytica eventually used a similar method to obtain data from about 50 million Facebook users it could then sell.

Sure enough, Cambridge Analytica appropriated the idea, and the collections began.

“Cambridge ultimately took a similar approach. By early summer, the company found a university researcher to harvest data using a personality questionnaire and Facebook app. The researcher scraped private data from over 50 million Facebook users — and Cambridge Analytica went into business selling so-called psychometric profiles of American voters, setting itself on a collision course with regulators and lawmakers in the United States and Britain.”  [NYT]

That 50 million number keeps increasing. Given Facebook wants to sell advertising based on access to people, their friends, the friends of their friends, and the friends of the friends of their friends — it isn’t too difficult to assume the number of those affected will move upward.  It would have been helpful if Facebook user’s were advised before they took the little “quiz app” that the information from their account would be “scraped” for use by psychometric efforts.  Little wonder, then, that Mr. Zuckerberg was nonplussed by Senator Cantwell’s questions.

A couple of efforts seem to be in order.  The first is an investigation into Facebook’s compliance with the terms of the November 2011 settlement with the FTC; the second is a thorough investigation into the links between Facebook, Cambridge Analytica, Palantir,  CubeYou, and similar data accumulation and analysis entities. (4)

In short, it’s time to have some follow up questions from the ladies in the Senate.

(1) See Sheryl Sandberg’s explanation and comments in this INC article.  (2) The original FTC complaint [PDF] can be found here. (3) To see the precise terms of the 2011 settlement with the FTC see this PDF document. (4) For additional information on CubeYou, see CNBC.

Comments Off on The Ladies of the Senate Scrape Facebook

Filed under Heller, Nevada politics, Politics, privacy

Follow the Money: The Internet No-Privacy Act in the 115th Congress

The Verge offers a public service for American voters, compiling the votes on the Internet No-Privacy Bill HJRes 43 and the money received from Big ISPs.  Thus we discover that Senator Dean Heller received $78,950 from industry sources, which doesn’t put him “up there” with the $251,110 given to Senator Mitch McConnell, and the $215,000 awarded to Senator John Thune, but nevertheless a nice contribution.

Representative Mark Amodei (R-NV2) received a tidy $22,000 contribution from the industry coffers.

What the resolution does is muddy the waters about enforcement of FCC rules, Verge explains:

“That brings us to the privacy rules. Through a rarely invoked law, Congress was able to take back the privacy rules set by Wheeler, effectively undoing his interpretation of what the Telecom Act says about customer data. That leaves a gap: we don’t know how Chairman Pai will interpret the law, or what rules he’ll set. He might replace them with looser rules that take after the FTC or wait to roll back the Title II interpretation overall. But until he acts, we can’t say for sure what carriers will be allowed to do.

At the same time, the absence of firm rules could be the whole point. Pai is a free-market conservative, and believes that companies will typically find the optimal solution without government interference. Holding off on setting new rules could be right in line with that philosophy, leaving companies to make their own judgments on customer data without fear that they’ll be punished for overstepping FCC guidelines. Unfortunately for privacy-minded consumers, that would leave few legal protections for private data shared with carriers.”

That last line is rather chilling.

What the advertisers want is a land amenable to “granular personalized targeting,” read advertising directed to specific consumers for specific products and services.  Those advertisers can just as easily be political groups and organizations.

The final irony is that Our information may be aggregated and sold to the highest bidders, but members of Congress are protected.  The ‘yes’ votes may be saying, in essence, “I’ve got my privacy, you try to get yours.”

Comments Off on Follow the Money: The Internet No-Privacy Act in the 115th Congress

Filed under Amodei, Heller, Internet, Politics, privacy

SJR 34 and Your Internet Privacy

The purpose of SJR 34 (and HJR 86) was simple: To allow Internet Service Providers to collect and sell your Internet browsing history.  Not only did Senator Dean Heller support this, he signed on as a co-sponsor of the bill on March 7, 2017, one of 23 sponsors to do so.  Who’s impacted by this? Anyone who links through Comcast (17 million customers), AT&T (another 17 million customers), Time Warner Cable (add another 14 million customers), Century Link (additional 6.4 million customers), Charter (another 5 million customers), and a host of smaller providers. [Ecom] (See also PEcom)

Nevada customers of AT&T, Verizon, Comcast, Time Warner, Charter, Cox and others, are also among those whose private browsing history can be tracked, collected, and sold off. [into link]

It seems bad enough to have the ISPs sell off information about browsing history to advertisers, who after browsing one day for sneakers, would want to be bombarded by advertising for the next year with sneaker ads?  Browsed for ‘best garden supplies?’ Expect ads for plant food, fertilizers, spades, and wheelbarrows for eternity? Then the scenarios become more pernicious.

Browse for information on asthma? Not only is the human browser now in line for a multitude of ads for medications, but there’s a hint here that some personal medical history may have been collected and sold.  The same issue might be raised about those looking up symptoms and treatments for everything from pediatric illnesses to Alzheimer’s Disease.  Thus far we’re only talking about the initial sales, and the use of the collections by commercial advertisers. However, there’s a question about what constitutes a buyer for the information?

The buyer might not have to be, for example, the Interpublic Group of New York City, one of the nation’s largest advertising firms. Could the buyer be the WPP Group of London, UK? Or, the Dentsu Group, of Tokyo. Could the buyer be RMAA, the largest advertising firm in Russia? Is there any protection in the bill to prevent the secondary sale of browser histories from an advertising agency to a data management and analysis company? What we have herein is a bill to allow the transfer of massive amounts of valuable data collected from individuals in the United States to the highest bidder, with little or no consideration of the after effects.

Gee, let’s hypothesize that I’m a foreign power with some experience dabbling in US state and national elections.  Let’s also assume that the foreign power is familiar with inserting ‘bots’ to drive traffic to particular websites, or insert fake news, confirmation bias ‘news,’ and other practices into the research patterns of American Internet users. What do I want? I want data on where those people ‘go’ on the Internet; the better I know my ‘target’ the better I can hone my message. Do those who go to Senator Bilgewater’s site also tend to go to sites concerning wildlife preservation?  If I can put these two bits of information together I can more effectively insert advertising either for or against the Senator. I can more effectively insert phony information into my messaging for the supporters or opponents of Bilgewater.  In short, I can ‘dabble’ more efficiently. Even more bluntly, have we handed our adversaries more ammunition for their advertising and propaganda guns?

The Senate twin in the House (HJR 86)/SJR 34 passed on March 28, 2017, only Representative Mark Amodei (R-NV2) voted in favor of the bill; Representatives Kihuen, Titus, and Rosen voted against it. [RC 202]

At the risk of facetiousness  on a serious topic, when Jill, of downtown East Antelope Ear, NV, goes online to search for a bargain on bed sheets, does she find herself viewing a plethora of ads for sex toys, a result of Jack’s periodic perusal of pornography sites? Would a simple search for high thread count sheets yield the splitting of those sheets in the Jack and Jill household? At least Jack and Jill will know whom to call about the issue — Senator Dean Heller and Representative Mark Amodei, who thought selling browser histories to be a grand idea at the time.

Comments Off on SJR 34 and Your Internet Privacy

Filed under Amodei, Heller, Internet, media, Nevada politics, Politics, privacy, Republicans, Titus

Cub and Pup Slaughter Bill Passes Senate and Other Folks Are Stalking You

What human beings are capable of doing to one another can be supremely egregious, but what we’re capable of doing to the rest of the animal kingdom defies comprehension at times, and March 21, 2017 was one of those moments.  The Senate of the United States of America voted in favor of HJR 69, otherwise known as the Cub and Pup Slaughter Bill, or more exquisitely politely the “non-subsistence take of wildlife in Alaskan wildlife refuges.”  For the record, Senator Dean Heller (R-NV) voted in favor of the bill, Senator Catherine Cortez Masto voted against it. [Vote 92]  The bill makes it perfectly AOK to track down and slaughter bear cubs and wolf pups in a Wildlife REFUGE.

As if stalking cubs and pups isn’t bad enough, the self-same Senate voted in favor of Senator Jeff Flake’s bill to allow Internet Service Providers to sell your information to whomever. SJRes 34 “disapproves” a rule protecting our privacy as customers from whomever for whatever purposes.  Thus we may be stalked to our lairs by advertisers unknown for the purpose of targeted messages and other forms of commercial relations. However, it might not end there. Who knows?  Once more, Senator Dean Heller voted in favor of Customer Hunting (that would be US with targets on our backs) and Senator Catherine Cortez Masto voted against this form of hunting. [Vote  94]  Senator Bill Nelson commented:  “With today’s vote, Senate Republicans have just made it easier for American’s sensitive information about their health, finances and families to be used, shared, and sold to the highest bidder without their permission,” he continued.” [Hill]

At this rate it won’t be too long before we can empathize with bears and wolves?

Comments Off on Cub and Pup Slaughter Bill Passes Senate and Other Folks Are Stalking You

Filed under Congress, Heller, Interior Department, Internet, Nevada politics, Politics