{"id":14885,"date":"2019-03-20T08:10:24","date_gmt":"2019-03-20T16:10:24","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/03\/20\/news-8634\/"},"modified":"2019-03-20T08:10:24","modified_gmt":"2019-03-20T16:10:24","slug":"news-8634","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/03\/20\/news-8634\/","title":{"rendered":"Facebook\u2019s history betrays its privacy pivot"},"content":{"rendered":"

Credit to Author: David Ruiz| Date: Wed, 20 Mar 2019 15:00:00 +0000<\/strong><\/p>\n

Facebook CEO Mark Zuckerberg proposed a radical pivot for his company this month<\/a>: it would start caring\u2014really\u2014about privacy, building out a new version of the platform that turns Facebook less into a public, open \u201ctown square\u201d and more into a private, intimate \u201cliving room.\u201d<\/p>\n

Zuckerberg promised end-to-end encryption across the company\u2019s messaging platforms, interoperability<\/a>, disappearing messages, posts, and photos for users, and a commitment to store less user data, while also refusing to put that data in countries with poor human rights records.<\/p>\n

If carried out, these promises could bring user privacy front and center.<\/p>\n

But Zuckerberg\u2019s promises have exhausted users, privacy advocates, technologists, and industry experts, including those of us at Malwarebytes. Respecting user privacy makes for a better Internet, period. And Zuckerberg\u2019s proposals are absolutely a step in the right direction. Unfortunately, there is a chasm between Zuckerberg\u2019s privacy proposal and Facebook\u2019s privacy success. Given Zuckerberg\u2019s past performance, we doubt that he will actually deliver, and we blame no user who feels the same way.<\/p>\n

The outside response to Zuckerberg\u2019s announcement was swift and critical.<\/p>\n

One early Facebook investor called the move a PR stunt<\/a>. Veteran tech journalist Kara Swisher jabbed Facebook for a \u201cshoplift\u201d of a competitor\u2019s better idea. Digital rights group Electronic Frontier Foundation said it would believe in a truly private Facebook when it sees it<\/a>, and Austrian online privacy rights activist (and thorn in Facebook\u2019s side<\/a>) Max Schrems laughed at what he saw as hypocrisy<\/a>: merging users\u2019 metadata across WhatsApp, Facebook, and Instagram, and telling users it was for their own, private good.<\/p>\n

The biggest obstacle to believing Zuckerberg\u2019s words? For many, it\u2019s Facebook\u2019s history.<\/p>\n

The very idea of a privacy-protective Facebook goes so against the public\u2019s understanding of the company that Zuckerberg\u2019s comments taste downright unpalatable. These promises are coming from a man whose crisis-management statements often lack the words \u201csorry\u201d or \u201capology.\u201d A man who, when his company was trying to contain its own understanding of a foreign intelligence disinformation campaign, played would-be president, touring America for a so-called \u201clistening tour<\/a>.\u201d<\/p>\n

Users, understandably, expect better. They expect companies to protect their privacy. But can Facebook actually live up to that?<\/p>\n

\u201cThe future of the Internet\u201d<\/strong><\/h3>\n

Zuckerberg opens his appeal with a shaky claim\u2014that he has focused his attention in recent years on \u201cunderstanding and addressing the biggest challenges facing Facebook.\u201d According to Zuckerberg, \u201cthis means taking positions on important issues concerning the future of the Internet.\u201d<\/p>\n

Facebook\u2019s vision of the future of the Internet has, at times, been largely positive. Facebook routinely supports net neutrality, and last year, the company opposed a dangerous, anti-encryption, anti-security law in Australia<\/a> that could force companies around the world to comply with secret government orders to spy on users.<\/p>\n

But Facebook\u2019s lobbying record also reveals a future of the Internet that is, for some, less secure.<\/p>\n

Last year, Facebook supported one half of a pair of sibling bills that eventually merged into one law. The law followed a convoluted, circuitous route, but its impact today is clear: Consensual sex workers have found their online communities wiped out, and are once again pushed into the streets<\/a>, away from guidance and support, and potentially back into the hands of predators<\/a>.<\/p>\n

\u201cThe bill is killing us,\u201d said one sex worker to The Huffington Post<\/a>.<\/p>\n

Though the law was ostensibly meant to protect sex trafficking victims, it has only made their lives worse<\/a>, according to some sex worker advocates.<\/p>\n

On March 21, 2018, the US Senate passed the Allow States and Victims to Fight Online Sex Trafficking (FOSTA) bill. The bill was the product of an earlier version of its own namesake, and a separate, related bill, called the Stop Enabling Sex Traffickers Act (SESTA). Despite clear warnings from digital rights groups and sex positive advocates<\/a>, Facebook supported SESTA in November 2017. According to the New York Times<\/a>, Facebook made this calculated move to curry favor amongst some of its fiercest critics in US politics.<\/p>\n

\u201c[The] sex trafficking bill was championed by Senator John Thune, a Republican of South Dakota who had pummeled Facebook over accusations that it censored conservative content, and Senator Richard Blumenthal, a Connecticut Democrat and senior commerce committee member who was a frequent critic of Facebook,\u201d the article said. \u201cFacebook broke ranks with other tech companies, hoping the move would help repair relations on both sides of the aisle, said two congressional staffers and three tech industry officials.\u201d<\/p>\n

Last October, the bill came back to haunt the social media giant: a Jane Doe plaintiff in Texas sued Facebook for failing to protect her from sex traffickers<\/a>.<\/p>\n

Further in Zuckerberg\u2019s essay, he promises that Facebook will continue to refuse to build data centers in countries with poor human rights records.<\/p>\n

Zuckerberg\u2019s concern is welcome and his cautions are well-placed. As the Internet has evolved, so has data storage. Users\u2019 online profiles, photos, videos, and messages can travel across various servers located in countries around the world, away from a company\u2019s headquarters. But this development poses a challenge. Placing people\u2019s data in countries with fewer privacy protections\u2014and potentially oppressive government regimes\u2014puts everyone\u2019s private, online lives at risk. As Zuckerberg said:<\/p>\n

\u201c[S]toring data in more countries also establishes a precedent that emboldens other governments to seek greater access to their citizen\u2019s data and therefore weakens privacy and security protections for people around the world,\u201d Zuckerberg said.<\/p>\n

But what Zuckerberg says and what Facebook supports are at odds.<\/p>\n

Last year, Facebook supported the CLOUD Act, a law that lowered privacy protections around the world by allowing foreign governments to directly request companies for their citizens\u2019 online data. It is a law that, according to Electronic Frontier Foundation<\/a>, could result in UK police inadvertently getting their hands on Slack messages written by an American, and then forwarding those messages to US police, who could then charge that American with a crime\u2014all without a warrant.<\/p>\n

The same day that the CLOUD Act was first introduced as a bill, it received immediate support<\/a> from Facebook, Google, Microsoft, Apple, and Oath (formerly Yahoo). Digital rights groups<\/a>, civil liberties advocates<\/a>, and human rights organizations directly opposed the bill<\/a> soon after. None of their efforts swayed the technology giants. The CLOUD Act became law just months after its introduction.<\/p>\n

While Zuckerberg\u2019s push to keep data out of human-rights-abusing countries is a step in the right direction for protecting global privacy, his company supported a law that could result in the opposite. The CLOUD Act does not meaningfully hinge on a country\u2019s human rights record. Instead, it hinges on backroom negotiations between governments, away from public view.<\/p>\n

The future of the Internet is already here, and Facebook is partially responsible for the way it looks.<\/p>\n

Skepticism over Facebook\u2019s origin story 2.0<\/strong><\/h3>\n

For years, Zuckerberg told anyone who would listen\u2014including US Senators hungry for answers<\/a>\u2014that he started Facebook in his Harvard dorm room. This innocent retelling involves a young, doe-eyed Zuckerberg who doesn\u2019t care about starting a business, but rather, about connecting people.<\/p>\n

Connection, Zuckerberg has repeated, was the ultimate mission. This singular vision was once employed by a company executive to hand-wave away human death for the \u201c*de facto* good\u201d of connecting people<\/a>.<\/p>\n

But Zuckerberg\u2019s latest statement adds a new purpose, or wrinkle, to the Facebook mission: privacy.<\/p>\n

\u201cPrivacy gives people the freedom to be themselves and connect more naturally, which is why we build social networks,\u201d Zuckerberg said.<\/p>\n

Several experts see ulterior motives.<\/p>\n

Kara Swisher, the executive editor of Recode, said that Facebook\u2019s re-steering is probably an attempt <\/a>to remain relevant with younger users. Online privacy, data shows, is a top concern for that demographic<\/a>. But caring about privacy, Swisher said, \u201cwas never part of [Facebook\u2019s] DNA, except perhaps as a throwaway line in a news release.\u201d<\/p>\n

Ashkan Soltani, former chief technology officer of the Federal Trade Commission, said that Zuckerberg\u2019s ideas were obvious attempts to leverage privacy as a competitive edge.<\/p>\n

\u201cI strongly support consumer privacy when communicating online but this move is entirely a strategic play to use privacy as a competitive advantage and further lock-in Facebook as the dominant messaging platform,\u201d Soltani said on Twitter<\/a>.<\/p>\n

As to the commitment to staying out of countries that violate human rights, Riana Pfefferkorn, associate director of surveillance and cybersecurity at Stanford Law School\u2019s Center for Internet and Society, pressed harder.<\/p>\n

\u201cI don\u2019t know what standards they\u2019re using to determine who are human rights abusers,\u201d Pfefferkorn said in a phone interview. \u201cIf it\u2019s the list of countries that the US has sanctioned, where they won\u2019t allow exports, that\u2019s a short list. But if you have every country that\u2019s ever put dissidents in prison, then that starts some much harder questions.\u201d<\/p>\n

For instance, what will Facebook do if it wants to enter a country that, on paper, protects human rights, but in practice, utilizes oppressive laws against its citizens? Will Facebook preserve its new privacy model and forgo the market entirely? Or will it bend?<\/p>\n

\u201cWe’ll see about that,\u201d Pfefferkorn said in an earlier email. \u201c[Zuckerberg] is answerable to shareholders and to the tyranny of the #1 rule: growth, growth, growth.\u201d<\/p>\n

Asked whether Facebook\u2019s pivot will succeed, Pfefferkorn said the company has definitely made some important hires to help out. In the past year, Facebook brought aboard three critics and digital rights experts\u2014one from EFF, one from New American\u2019s Open Technology Institute, and another from AccessNow\u2014into lead policy roles. Further, Pfefferkorn said, Facebook has successfully pushed out enormous, privacy-forward projects before.<\/p>\n

\u201cThey rolled out end-to-end encryption and made it happen for a billion people in WhatsApp,\u201d Pfefferkorn said. \u201cIt\u2019s not necessarily impossible.\u201d<\/p>\n

WhatsApp\u2019s past is now Facebook\u2019s future<\/strong><\/h3>\n

In looking to the future, Zuckerberg first looks back.<\/p>\n

To lend some authenticity to this new-and-improved private Facebook, Zuckerberg repeatedly invokes a previously-acquired company\u2019s reputation to bolster Facebook\u2019s own.<\/p>\n

WhatsApp, Zuckerberg said, should be the model for the all new Facebook.<\/p>\n

\u201cWe plan to build this [privacy-focused platform] the way we’ve developed WhatsApp: focus on the most fundamental and private use case\u2014messaging\u2014make it as secure as possible, and then build more ways for people to interact on top of that,\u201d Zuckerberg said.<\/p>\n

The secure messenger, which Facebook purchased in 2014 for $19 billion, is a privacy exemplar. It developed default end-to-end encryption for users in 2016 (under Facebook\u2019s stead), refuses to store keys to grant access to users\u2019 messages, and tries to limit user data collection as much as possible.<\/p>\n

Still, several users believed that WhatsApp joining Facebook represented a death knell for user privacy. One month after the sale, WhatsApp\u2019s co-founder Jan Kaum tried to dispel any misinformation<\/a> about WhatsApp\u2019s compromised vision.<\/p>\n

\u201cIf partnering with Facebook meant that we had to change our values, we wouldn\u2019t have done it,\u201d Kaum wrote.<\/p>\n

Four years after the sale, something changed.<\/p>\n

Kaum left Facebook in March 2018, reportedly troubled<\/a> by Facebook\u2019s approach to privacy and data collection. Kaum\u2019s departure followed that of his co-founder Brian Acton the year before<\/a>.<\/p>\n

In an exclusive interview with Forbes<\/a>, Acton explained his decision to leave Facebook. It was, he said, very much about privacy.<\/p>\n

\u201cI sold my users\u2019 privacy to a larger benefit,\u201d Acton said. \u201cI made a choice and a compromise. And I live with that every day.\u201d<\/p>\n

Strangely, in defending Facebook\u2019s privacy record, Zuckerberg avoids a recent pro-encryption episode. Last year, Facebook fought\u2014and prevailed\u2014against a US government request to reportedly \u201cbreak the encryption\u201d in its Facebook Messenger app<\/a>. Zuckerberg also neglects to mention Facebook\u2019s successful roll-out of optional end-to-end encryption in its Messenger app.<\/p>\n

Further, relying so heavily on WhatsApp as a symbol of privacy is tricky. After all, Facebook didn\u2019t purchase the company because of its philosophy. Facebook purchased WhatsApp because it was a threat<\/a>.\u00a0<\/strong><\/p>\n

Facebook\u2019s history of missed promises<\/strong><\/h3>\n

Zuckerberg\u2019s statement promises users an entirely new Facebook, complete with end-to-end encryption, ephemeral messages and posts, less intrusive, permanent data collection, and no data storage in countries that have abused human rights.<\/p>\n

These are strong ideas. End-to-end encryption is a crucial security measure for protecting people\u2019s private lives, and Facebook\u2019s promise to refuse to store encryption keys only further buttresses that security. Ephemeral messages, posts, photos, and videos give users the opportunity to share their lives on their own terms. Refusing to put data in known human-rights-abusing regimes could represent a potentially significant market share sacrifice, giving Facebook a chance to prove its commitment to user privacy.<\/p>\n

But Facebook\u2019s promise-keeping record is far lighter than its promise-making record. In the past, whether Facebook promised a new product feature or better responsibility to its users, the company has repeatedly missed its own mark.<\/p>\n

In April 2018, TechCrunch revealed that, as far back as 2010, Facebook deleted some of Zuckerberg\u2019s private conversations and any record of his participation<\/a>\u2014retracting his sent messages from both his inbox and from the inboxes of his friends. The company also performed this deletion, which is unavailable to users, for other executives.<\/p>\n

Following the news, Facebook announced a plan<\/a> to give its users an \u201cunsend\u201d feature.<\/p>\n

But nearly six months later, the company had failed to deliver its promise<\/a>. It wasn\u2019t until February of this year that Facebook produced a half-measure: instead of giving users the ability to actually delete sent messages, like Facebook did for Zuckerberg, users could \u201cunsend\u201d an accidental message on the Messenger app within 10 minutes of the initial sending time.<\/p>\n

Gizmodo labeled it a \u201cbait-and-switch.\u201d<\/a><\/p>\n

In October 2016, ProPublica purchased an advertisement in Facebook\u2019s \u201chousing categories<\/a>\u201d that excluded groups of users who were potentially African-American, Asian American, or Hispanic. One civil rights lawyer called this exclusionary function \u201chorrifying.\u201d<\/p>\n

Facebook quickly promised to improve its advertising platform<\/a> by removing exclusionary options for housing, credit, and employment ads, and by rolling out better auto-detection technology to stop potentially discriminatory ads before they published.<\/p>\n

One year later, in November 2017, ProPublica ran its experiment again. Discrimination, again, proved possible<\/a>. The anti-discriminatory tools Facebook announced the year earlier caught nothing.<\/p>\n

\u201cEvery single ad was approved within minutes,\u201d the article said.<\/p>\n

This time, Facebook shut the entire functionality down, according to a letter<\/a> from Chief Operating Officer Sheryl Sandberg to the Congressional Black Caucus. (Facebook also announced the changes on its website<\/a>.)<\/p>\n

More recently, Facebook failed to deliver on a promise that users\u2019 phone numbers would be protected from search<\/a>. Today, through a strange workaround, users can still be \u201cfound\u201d<\/a> through the phone number that Facebook asked them to provide specifically for two-factor authentication.<\/p>\n

Away from product changes, Facebook has repeatedly told users that it would commit itself to user safety, security, and privacy. The actual track record following those statements tells a different story, though.<\/p>\n

In 2013, an Australian documentary filmmaker met with Facebook\u2019s public policy and communications lead and warned him of the rising hate speech problem on Facebook\u2019s platform in Myanmar. The country\u2019s ultranationalist Buddhists were making false, inflammatory posts about the local Rohingya Muslim population, sometimes demanding violence against them. Riots had taken 80 people\u2019s lives the year before, and thousands of Rohingya were forced into internment camps.<\/p>\n

Facebook\u2019s public policy and communications lead, Elliot Schrage, sent the Australian filmmaker, Aela Callan, down a dead end.<\/p>\n

\u201cHe didn\u2019t connect me to anyone inside Facebook who could deal with the actual problem,\u201d Callan told Reuters<\/a>.<\/p>\n

By November 2017, the problem had exploded, with Myanmar torn and its government engaging in what the United States called \u201cethnic cleansing\u201d against the Rohingya<\/a>. In 2018, investigators from the United Nations placed blame on Facebook.<\/p>\n

\u201cI\u2019m afraid that Facebook has now turned into a beast,\u201d said one investigator.<\/p>\n

During the years before, Facebook made no visible effort to fix the problem. By 2015, the company employed just two content moderators who spoke Burmese\u2014the primary language in Myanmar. By mid-2018, the company\u2019s content reporting tools were still not translated into Burmese, handicapping the population\u2019s ability to protect itself online. Facebook had also not hired a single employee in Myanmar at that time.<\/p>\n

In April 2018, Zuckerberg promised to do better. Four months later, Reuters discovered that hate speech still ran rampant on the platform<\/a> and that hateful posts as far back as six years had not been removed.<\/p>\n

The international crises continued.<\/p>\n

In March 2018, The Guardian revealed that a European data analytics company had harvested the Facebook profiles of tens of millions of users<\/a>. This was the Cambridge Analytica scandal, and, for the first time, it directly implicated Facebook in an international campaign to sway the US presidential election.<\/p>\n

Buffeted on all sides, Facebook released \u2026 an ad campaign<\/a>. Drenched in sentimentality and barren of culpability, a campaign commercial vaguely said that \u201csomething happened\u201d on Facebook: \u201cspam, clickbait, fake news, and data misuse.\u201d<\/p>\n

\u201cThat\u2019s going to change,\u201d the commercial promised. \u201cFrom now on, Facebook will do more to keep you safe and protect your privacy.\u201d<\/p>\n

Here\u2019s what happened since that ad aired in April 2018.<\/p>\n

The New York Times revealed that, throughout the past 10 years, Facebook shared data with at least 60 device makers<\/a>, including Apple, Samsung, Amazon, Microsoft, and Blackberry. The New York Times also published an investigatory bombshell into Facebook\u2019s corporate culture, showing that, time and again, Zuckerberg and Sandberg responded to corporate crises<\/a> with obfuscation, deflection, and, in the case of one transparency-focused project, outright anger.<\/p>\n

A\u00a0British parliamentary committee released documents<\/a>\u00a0that showed how Facebook gave some companies, including Airbnb and Netflix, access to its platform in exchange for favors. (More documents released this year showed prior attempts by Facebook to sell user data<\/a>.) Facebook\u2019s Onava app got kicked off the Apple app store<\/a> for gathering user data. Facebook also reportedly paid users as young as 13-years-old<\/a> to install the \u201cFacebook Research\u201d app on their own devices, an app intended strictly for Facebook employee use.<\/p>\n

Oh, and Facebook suffered a data breach<\/a> that potentially affected up to 50 million users.<\/p>\n

While the substance of Zuckerberg\u2019s promises could protect user privacy, the execution of those promises is still up in the air. It\u2019s not that users don\u2019t want what Zuckerberg is describing\u2014it\u2019s that they\u2019re burnt out on him. How many times will they be forced to hear about another change of heart before Facebook actually changes for good?<\/p>\n

Tomorrow\u2019s Facebook<\/strong><\/h3>\n

Changing the direction of a multibillion-dollar, international company is tough work, though several experts sound optimistic about Zuckerberg\u2019s privacy roadmap. But just as many experts have depleted their faith in the company. If anything, Facebook\u2019s public pressures might be at their lowest\u2014detractors have removed themselves from the platform entirely, and supporters will continue to dig deep into their own good will.<\/p>\n

What Facebook does with this opportunity is entirely under its own control. Users around the world will be better off if the company decides that, this time, it\u2019s serious about change. User privacy is worth the effort.<\/p>\n

The post Facebook\u2019s history betrays its privacy pivot<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: David Ruiz| Date: Wed, 20 Mar 2019 15:00:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
Facebook’s self-proclaimed pivot to privacy faces a fierce opponent\u2014Facebook’s own history.<\/p>\n

Categories: <\/p>\n