OffbeatFacebook Failed to Police How Its Partners Handled User Data

05:45  13 november  2018
05:45  13 november  2018 Source:   nytimes.com

Facebook ends forced arbitration of sexual misconduct claims

Facebook ends forced arbitration of sexual misconduct claims Facebook is dropping a requirement for mandatory arbitration of sexual misconduct allegations, acceding to a demand recently pressed by other Silicon Valley tech workers. (AP Photo/Matt Rourke, File) Facebook is dropping a requirement for mandatory arbitration of sexual misconduct allegations, acceding to a demand recently pressed by othe Google made a similar change on Thursday, a week after thousands of employees briefly walked off their jobs to protest how the company handled sexual-misconduct allegations against prominent executives.

Facebook Failed to Police How Its Partners Handled User Data© Tom Brenner for The New York Times Sheryl Sandberg, Facebook’s chief operating officer, testified before the Senate Intelligence Committee in September. Ron Wyden, a committee member, has pressed the company on its data privacy protections.

Facebook failed to closely monitor device makers after granting them access to the personal data of hundreds of millions of people, according to a previously unreported disclosure to Congress last month.

Facebook’s loose oversight of the partnerships was detected by the company’s government-approved privacy monitor in 2013. But it was never revealed to Facebook users, most of whom had not explicitly given the company permission to share their information. Details of those oversight practices were revealed in a letter Facebook sent last month to Senator Ron Wyden, the Oregon Democrat, a privacy advocate and frequent critic of the social media giant.

Elephant found wandering in New York town gets escort from state police

Elephant found wandering in New York town gets escort from state police An elephant may never forget, but sometimes they need a little help with directions. New York State Police said Monday a wayward pachyderm was found wandering by state troopers in the town of Westtown, about 70 miles northwest of New York City. "Never a dull moment in Troop F," state police said in a Facebook post. The lost elephant needed to be escorted back home after wandering away from an animal sanctuary. Photos posted by the law enforcement agency show the elephant milling around in the dark on the road, which was illuminated by the headlights of a car.

In the letter, a copy of which Mr. Wyden provided to The New York Times, Facebook wrote that by early 2013 it had entered into data-sharing agreements with seven device makers to provide what it called the “Facebook experience” — custom-built software, typically, that gave those manufacturers’ customers access to Facebook on their phones. Those partnerships, some of which date to at least 2010, fall under a consent decree with the Federal Trade Commission drafted in 2011 and intended to oversee the company’s privacy practices.

Facebook ultimately entered into dozens of similar data-sharing partnerships, most of which the company began winding down this spring after revelations that it had allowed Cambridge Analytica, a political data firm, to acquire the personal information of tens of millions of people. The firm used some of that information in efforts to aid President Trump’s 2016 campaign.

Sears is finalizing a $350 million bankruptcy loan

Sears is finalizing a $350 million bankruptcy loan Exclusive: Sears finalizing $350 bankruptcy loan with Great American - sources

Sign Up For the Morning Briefing Newsletter

When a team from PricewaterhouseCoopers conducted the initial F.T.C.-mandated assessment in 2013, it tested Facebook’s partnerships with Microsoft and Research in Motion, maker of the BlackBerry handset. In both cases, PricewaterhouseCoopers found only “limited evidence” that Facebook had monitored or checked its partners’ compliance with its data use policies. That finding was redacted from a public version of PricewaterhouseCoopers’s report released by the F.T.C. in June.

“Facebook claimed that its data-sharing partnerships with smartphone manufacturers were on the up and up,” Mr. Wyden said. “But Facebook’s own, handpicked auditors said the company wasn’t monitoring what smartphone manufacturers did with Americans’ personal information, or making sure these manufacturers were following Facebook’s own policies.” He added, “It’s not good enough to just take the word of Facebook — or any major corporation — that they’re safeguarding our personal information.”

Facebook critics file FTC complaint over breach of 30 million accounts

Facebook critics file FTC complaint over breach of 30 million accounts A coalition of Facebook critics has filed a complaint against the company with the Federal Trade Commission, asking the agency to investigate this year’s breach of 30 million user accounts. In September, the company first announced that 50 million users had their accounts improperly accessed because of a flaw in a Facebook feature, but it later revised the figure down. The company said hackers accessed data ranging from basic contact information to more sensitive information, like demographics and recent searches. “Facebook, Inc. is a serial privacy violator.

In a statement, a Facebook spokeswoman said, “We take the F.T.C. consent order incredibly seriously and have for years submitted to extensive assessments of our systems.” She added, “We remain strongly committed to the consent order and to protecting people’s information.”

Facebook, like other companies under F.T.C. consent decree, largely dictates the scope of each assessment. In two subsequent assessments, Facebook’s October letter suggests, the company was graded on a seemingly less stringent policy with data partners. On those two, Facebook had to show that its partners had agreed to its data use policies.

A Wyden aide who reviewed the unredacted assessments said they contained no evidence that Facebook had ever addressed the original problem. The Facebook spokeswoman did not directly address the 2013 test failure, or the company’s apparent decision to change the test in question.

Because the United States has no general consumer privacy law, F.T.C. consent decrees have emerged as the federal government’s chief means of regulating privacy practices at Facebook, Google and other companies that amass huge amounts of personal data about people who use their products. In letters and congressional testimony, F.T.C. officials have pointed to the decrees as evidence of robust consumer privacy protection in the United States.

Raccoons Who Police Assumed Had Rabies Were Actually Just Drunk

Raccoons Who Police Assumed Had Rabies Were Actually Just Drunk If raccoons could talk, these ones would be slurring their words

A spokesman for PricewaterhouseCoopers acknowledged in a statement that Facebook defines the privacy procedures, known as “controls,” that are tested during the assessments.

“Changes to controls may occur as platforms evolve, such that a control tested in one period may not be identical in a subsequent period,” the spokesman said.

Facebook’s letter disclosing the assessors’ findings came in response to questions Mr. Wyden raised during an intelligence hearing in September. The hearing was held just weeks after The Times reported that Facebook had struck data-sharing deals with dozens of phone and tablet manufacturers, including Microsoft, BlackBerry and Amazon.

While the assessment reports were publicly released by the F.T.C. in June, they included significant redactions, which Facebook and PricewaterhouseCoopers said were necessary to protect trade secrets.

Mr. Wyden, whose staff had viewed the full assessments, said at the hearing that he found parts of the unredacted reports “very troubling” and pressed Sheryl Sandberg, Facebook’s chief operating officer, to release them in their entirety.

The Electronic Privacy Information Center, a Washington-based consumer rights group that helped obtain the 2011 consent decree, is currently suing the agency for release of the full assessments, arguing that the public cannot otherwise judge how effectively the F.T.C. is policing privacy violations.

“What is clear is that the F.T.C. has failed to enforce the consent order,” said Marc Rotenberg, the president of the privacy rights group. “And this has come at enormous cost to American consumers.”

The F.T.C. declined to comment.

Facebook’s compliance with the consent decree is the subject of a new F.T.C. investigation opened in the wake of the Cambridge Analytica scandal.

In the letter last month, Facebook’s vice president for United States public policy, Kevin Martin, noted that the assessors’ findings had not caused Facebook to fail PricewaterhouseCoopers’s overall evaluation: The assessors concluded that Facebook was operating “with sufficient effectiveness to provide reasonable assurance” that it was protecting its users’ privacy.

It remains unclear whether Facebook has ever scrutinized how its partner companies handled personal data. A spokeswoman declined to provide any examples of the company’s doing so.

A BlackBerry official, who declined to discuss details of the companies’ data-sharing agreement, said BlackBerry did not think that Facebook had ever audited its data use, but noted that BlackBerry’s business model relies on protecting users’ personal information.

Tim Cook explains why Apple accepts billions from Google despite privacy concerns.
Tim Cook says Apple accepts payments from Google because it's the best search engine, but Apple has built in safeguards to protect users's privacy.

—   Share news in the SOC. Networks

Topical videos:

usr: 1
This is interesting!