As Facebook CEO Zuckerberg Testifies to US Congress, Senators Introduce Privacy Bill of Rights

Discussion in 'Site Security & Legal Issues' started by Alfa1, Apr 12, 2018.

  1. Alfa1

    Alfa1 Moderator

    3,461
    1,202
    +2,398
    Tuesday, April 10, 2018

    Washington (April 10, 2018) – With Facebook CEO Mark Zuckerberg testifying today in front of a joint hearing in the U.S. Senate, Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) today introduced a privacy bill of rights to protect the personal information of American consumers. In the wake of the revelation that more than 87 million Facebook users’ private information was used by the firm Cambridge Analytica, a data analytics firm that worked with the Trump campaign during the 2016 election, the Senators introduced the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act, legislation that would require the Federal Trade Commission (FTC) to establish privacy protections for customers of online edge providers like Facebook and Google. In the last few years, Americans have suffered countless data privacy breaches impacting hundreds of millions of consumers.

    “America deserves a privacy bill of rights that puts consumers, not corporations, in control of their personal, sensitive information,” said Senator Markey. “The avalanche of privacy violations by Facebook and other online companies has reached a critical threshold, and we need legislation that makes consent the law of the land. Voluntary standards are not enough; we need rules on the books that all online companies abide by that protect Americans and ensure accountability. I thank Senator Blumenthal for his partnership and look forward to working with my colleagues on a bipartisan basis to pass the long-overdue privacy bill of rights.”

    “The startling consumer abuses by Facebook and other tech giants necessitate swift legislative action rather than overdue apologies and hand-wringing,” said Senator Blumenthal. “Our privacy bill of rights is built on a simple philosophy that will return autonomy to consumers: affirmative informed consent. Consumers deserve the opportunity to opt in to services that might mine and sell their data – not to find out their personal information has been exploited years later.”

    A copy of the CONSENT Act can be found HERE.

    Specifically, the CONSENT Act:
    • Requires edge providers to obtain opt-in consent from users to use, share, or sell users’ personal information
    • Requires edge providers to develop reasonable data security practices
    • Requires edge providers to notify users about all collection, use, and sharing of users’ personal information
    • Requires edge providers to notify users in the event of a breach
    • Requirements are enforced by the FTC
    Last month, Senators Markey and Blumenthal sent a letter to Facebook asking a series of questions regarding Facebook’s involvement in the collection of its users’ personal data and requesting that he testify on the matter before the Senate Committee on Commerce, Science, and Transportation.

    https://www.markey.senate.gov/news/...d-blumenthal-introduce-privacy-bill-of-rights
     
    • Informative! Informative! x 1
    • List
  2. diadi

    diadi Enthusiast

    134
    43
    +77
    Pretty scary these clueless old farts are making laws for things they simply don't understand.

    ....and where was all this concern for the consumer when the net neutrality stuff was going on?
     
  3. Maddox

    Maddox Moderator

    1,137
    407
    +855
    The bit I disliked about the interviews was when he said that users would be charged to use FB if the wanted total control over their privacy; I doubt that will sit well with people, but then if people start cutting off avenues of revenue someone will have to pick up the tab.

    As for the Consent Act, it has been suggested that this is moving along similar lines as GDPR; welcome to the nightmare!

    ;)
     
  4. we_are_borg

    we_are_borg Moderator

    4,381
    807
    +1,684
    GDPR is not a nightmare its a law that force people to think privacy first including how you design software, privacy always comes first. What is a nightmare is companies that have not acted when they should have, 2 years have past and only now there acting.
     
    • Agree Agree x 2
    • Disagree Disagree x 1
    • List
  5. PoetJC

    PoetJC ♠ Jacquii: Black Kween of Hearts ♠

    21,056
    1,497
    +5,102
    As Zuckerberg testified to though: most (if not all) of the requirements listed above have been implemented into their platform.
    I mean - Even the forums I manage have implemented opt-in consent (upon registration) for basic data use, as well as having implemented reasonable data security practices, a list of all data collected and how it may be used... What it seems like the idiots in congress are trying to do is "act" as if they care, when really - the majority of them had no clue as to how FB and other social media platforms even work.

    The breach of data ... Sure ... Users should have been notified immediately. But can we actually "BLAME" the social media providers, forum owners, etc... for the intentionally malicious theft of users data via hackers, script-kiddies and the like? I think that's what congress has aimed to do - but I don't think that's right at all. You cannot blame the woman who had her purse snatched or pockets invaded - you blame the thief.

    IDK... Kinda confused as to what exactly congress is trying to do - other than to feign outrage as if they care. Meanwhile - no rush to implement common sense gun legislation? :confused: Yeah - kind of confused. And all I can think of is wow ==> Their priorities seem as messed up as mine were when I left highschool...

    J.
     
  6. Maddox

    Maddox Moderator

    1,137
    407
    +855
    YES! We can. In the instance of the current FB debacle it wasn't hackers or script kiddies, it was a legitimate (sic) company who scraped the data and the security employed (and scrutiny) of FB was left lacking. All SM have been running the internet as they saw fit with very little thought or effort to ensure that their users data was safe and their use of that data was legitimate. It's not JUST SM though, all big companies can be classed as useless when it comes to ensuring the safety of other people's data; we've had our fair share of this happening in the UK. But FB is global, it's bad enough when this happens in your own backyard, but globally it's a tragedy.

    So YES most definitely we can blame these companies and they need to be brought to heel. I can't speak for your Congress as I have no dealings with them, but if they are anything like our own Parliament, then they are so far apart from the real world that they do knee jerk reactions to something that should be left to those in the know and let them be the panel that asks the questions and then guides them as to what should be done. They may be briefed, but that's not the same as 'knowing'. But we voted them in to look after our interests (at least here in the UK we did, as I say I know little or nothing about American politics) so they are the ones that have to be seen to be doing right by us.

    Getting back to FB, I deleted my account long before this scandal occurred and would NEVER use SM again, because it's a fallacy to call it 'Social'.

    ;)
     
  7. Maddox

    Maddox Moderator

    1,137
    407
    +855
    I disagree with some of your first point - trying to work out how to comply with this new law is a 'nightmare', and not just for us forum owners. I have many clients who are spending time and money they can ill-afford attempting to work out what they 'have' to do and what they 'need' to do in order to comply. Just take a look at the questions being asked here on TAZ, on XF and IPS and there is still no clear answer to all those questions being asked, many suppositions and many contradictory answers, not to mention the various interpretations of what something actually means. Not only that, but as one question is, apparently answered, another pops up in reference to the one being answered and off we go again out in the not-so-happy-hunting-ground of legal jargon to see if the answer is there. Even clawing through the information on the ICO site is like a bad dream, only it's very real.

    The second part I wholeheartedly agree with, companies that hold large amounts of data on people have been (I'm being kind when I say) lax and lacking in making sure that the data they have been entrusted with hasn't been looked after correctly. It's inexcusable when they have a serious data breach and it's discovered that the security they had in place was worse than what we use to protect our own individual computers; shame on them. But then we have to look on them with some modicum of pity because really they're just in it for the money and beyond those sights their vision dims, especially if they have to spend it on silly little things like security.

    ;)
     
  8. PoetJC

    PoetJC ♠ Jacquii: Black Kween of Hearts ♠

    21,056
    1,497
    +5,102
    Hmmm. I can appreciate your sentiments. But I slightly disagree on principle:
    The misuse and really the scraping of data should be blamed on the person who found a loophole in which to abuse the system.
    Again, as Zuckerberg testified to: they have implemented quite a bit of security precautions. He also admitted that there could have been more due diligence as for protecting folks' data.

    It seems to me though, that other threads as regards this issue - that the entire blame is being put on the shoulders of Facebook and other social media sites, rather than the culprits who actually did the misdeeds! So I think there's an important distinction to be made. A piece I found particularly interesting:
    Clearly there should be additional precautions as for protecting data. But it's not like FB intentionally set out to sell your data. Well ... Persay anyway...
    IDK.. As a fan of Facebook - I have a hard time understanding why blame the SM platform(s) for the misdeeds of others, when the platform has protections in place that were basically ran over and misused by intentionally malicious 3rd parties.

    J.
     
  9. we_are_borg

    we_are_borg Moderator

    4,381
    807
    +1,684
    Granted the explanation of the law could have been simpler for normal people. But if they did that then bigger companies could have misused that by stating that it was written like that, laws are hard to read because a comma in the wrong place can alter the law. The GDPR was passed 2 years ago but companies like XF and IPS ‘never responded only to do so last moment. Now we get to a point that they need to implement design changes asap and we as customer have no idea if its correct what they’re doing. The biggest issue is that we the customer are responsible for our site if we do not comply with the law, you can’t say it’s their software and i am not to blame. This was done so that website owners could not shift blame. Developing from the standpoint of privacy first is easy the first rule is simple make sure you’re stuff is secure and everything is locked, multiple locked doors is good. Second do not collect data you do not need, so developers need to give us options. On my website for example what do i need to let people post and interact, well email address, name or allias and password, do i realy need country, date of birth and city. The less you collect the better the more you collect the higher the risk if something goes wrong.
     
  10. KimmiKat

    KimmiKat Enthusiast

    236
    88
    +78
    That's great you kicked it to the kerb. FB is not to be trusted, and it's sickening that some sites only allow logging in via FB, like Lyft and others. Or only using FB to book events.

     
  11. PoetJC

    PoetJC ♠ Jacquii: Black Kween of Hearts ♠

    21,056
    1,497
    +5,102
    I think if you have clear and concise privacy policy & terms of service in place, policies which unambiguously define the precise data that is collected, and the use of said data - that you should be okay. It should be an opt-in during membership and not only an opt-in, but a contract FOR membership.

    And yes - Although I agree that it would be nice to see developers implement such policies - it's really up to the site/forum owner, as each site would likely have a distinct policy tailored for their own webspace.

    For instance - I *think* it was Paul MPaul M who shared some sort of sample privacy policies with one of his vBulletin add-ons. Don't quote me on that... But I did in-part add/revise the following statement when even on the vBulletin platform, as a means of *trying* to comply with the brouhaha (erm) legislation that is currently making headlines:

    I think it's a piece of privacy policy that outlines your consent that your personal data might be used for advertising purposes, promotional purposes, and myriad of other purposes that inevitably are employed to better the community experience, as well as monetize a free space to share info.

    J.
     
  12. Maddox

    Maddox Moderator

    1,137
    407
    +855
    A privacy policy is only one part and in fact it's probably the easiest part to implement, with some caveats as to the section regarding cookies. As for collecting user data, I believe wholeheartedly in collecting the minimum needed in which to provide the service you offer. If you want age restrictions, then you need DOB; but even that's a load of crap because you have no way of checking if it's correct. The same goes for any other data, how can you check it's correct (other than when a monetary transaction takes place)?

    That isn't the full issue at all with regards to the GDPR - there are other more serious implications, such as what role do you play? Are you a data controller or data processor, or both? Whichever you are, you need to have in place mechanisms to ensure that the data you control and/or process is done so with due diligence. Even that is only part of the whole story; there's the more comprehensive issue of cookies. And this is where people are getting bogged down and finding answers are not easy to come by.

    PoetJCPoetJC I disagree with this in part. It's akin to the person who leaves their front door unlocked and goes shopping and someone goes in and steals their belongings. Whose to blame? The one who steals or the one who left the door unlocked? I would say both, though perhaps not equally! That's the same as FB, they left the door unlocked and open, so in walks the bad guys and they take what they want. The idea is that yes, the thief is the ultimate bad guy, but did you do enough to stop the thief from doing the dirty deed in the first place?

    we_are_borgwe_are_borg I agree with you that the developers need to get on the ball and give us more comprehensive tools in which to mitigate the coming GDPR. But this is a typical situation of we always wait until the last minute and then it's a rush job. And then there is the deplorable attitude of waiting for something bad to happen before anything is done about it - it's almost always after the event; likened to closing the stable door after the horse has bolted.

    ;)
     
  13. Yappi

    Yappi Enthusiast

    106
    43
    +65
    This couldn't be further from the truth. FB is ALL about selling your data. Why in the world would Facebook let a company have 300,000 downloads of an app which gave them access to 87 MILLION other accounts?

    New Zealand: 10 people downloaded the app which gave Cambridge Analytica access to 64,000 accounts.
    Australia: 53 downloads, 311,127 affected.

    FB's bottom line is about collecting and selling user data.
     
    • Agree Agree x 2
    • Like Like x 1
    • List
  14. Maddox

    Maddox Moderator

    1,137
    407
    +855
    And if you don't allow Facebook to scrape and use your data, you will have to pay to use FB as that will become an avenue of revenue recuperation for not allowing your data to be used for profit.

    ;)
     
    • Agree Agree x 1
    • Funny Funny x 1
    • List
  15. we_are_borg

    we_are_borg Moderator

    4,381
    807
    +1,684
    The moment people need to pay for facebook they will start thinking do i need this.
     
  16. PoetJC

    PoetJC ♠ Jacquii: Black Kween of Hearts ♠

    21,056
    1,497
    +5,102
    The goddamn thief is responsible. You have no business invading my private space whether my front door is unlocked or not.
    Such a thought process seems to me the epitome of .... ridiculousness, for I remember a time when the front doors weren't locked and friendly neighbors (sometimes knocked on the door) came in to borrow a couple eggs and a cup of sugar for their after church, Sunday cake.
    I cannot be responsible for a damn thief. To suggest such a thing is ridiculous.

    I said "persay" as a caveat of sorts.
    Again - it's a "free" platform for users to connect with friends and family and freaks at no cost. Of COURSE they're gonna need some way to monetize their efforts. That we're furious about that seems .... ridiculous.

    FAKE NEWS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    To spread such misinformation or even suggest it is ... ridiculous.
    I cannot believe the amount of ridiculous commentary I've read & responded to (in kind) in this thread.
    Scare tactics.... Why is everyone so goddamn afraid? WTH?! .... Anyway... I'm sure FB doesn't have any plans to make their platform a paid service. At least I hope not. Thanks for frightening me though.. And then there's this:

    IDK if I'd necessarily pay for Facebook.
    I pay for Netflix and Amazon Prime (which I hardly use) ... So ..... Yeah. People would definitely rethink their memberships if FB became a paid service.
    But that's just it ... You're using FB as a free service basically. They've obviously got to monetize in some way.
    I don't understand all the animus. Wow....

    J.
     
    • Appreciation Appreciation x 1
    • List
  17. Maddox

    Maddox Moderator

    1,137
    407
    +855
    We live in different times now and we have to take responsibility for our actions and whatever befalls us because of inactions. I agree completely that a thief has no business to invade your property and in a perfect world that would no doubt be the case, so we have to take responsibility to make it difficult (or impossible) for someone to invade your property. That's why insurance companies ask about your locks and other security measures - the more you have the less risk you are and so you save money and at the same time you make it really difficult for someone to steal from you. That's the way the world works now, gone are the days of leaving your doors open when communities were filled with decent, honest people who looked out for each other; it's dog eat dog now and it's a sad indictment to society that we have devolved in such a way. In this instance, about the thief entering your property, I believe most people would reply 'you brought it on yourself for not locking up', even though their sympathies may be with you. It's a two sided coin.

    I don't see anyone going off the rails about having to pay at the moment, but should that come then I imagine it would be a choice; you don't want me using your data or allowing others to scrape it and pay me for letting them do so, it's gonna cost you X to maintain absolute privacy. Such a business model and the size of FB cannot operate for free. So it will come down to a choice. Of course many people will be irked by the fact that they may have to pay for a service that was, to all intents and purposes, free but that's life.

    That's not fake news at all - Zuckerberg said it would be so when he was being quizzed.

    This is a direct quote from CNBC website:

    There will always be a version of Facebook that users can access without paying, Facebook CEO Mark Zuckerberg said in congressional testimony on Tuesday. But his phrasing suggests the company has at least considered a paid version.

    "Yes, there will always be a version of Facebook that is free," Zuckerberg said during a joint hearing of the U.S. Senate Judiciary and Commerce committees.


    https://www.cnbc.com/2018/04/10/mar...ys-be-a-version-of-facebook-that-is-free.html

    Watch the video!

    I think you need to take a chill pill before going off on one you give the impression that you're going to explode lol - read between the lines and check facts before screaming FAKE NEWS!! and the like.

    ;)
     
  18. Alfa1

    Alfa1 Moderator

    3,461
    1,202
    +2,398
    Here's a study on Facebook data authored by Alexander Kogan AKA Alexander Spectre (FFS) and 2 Facebook employees:
    https://www.sciencedirect.com/science/article/pii/S0191886915004973?via=ihub
    Flemming & Gronin are Facebook employees.

    It seems that Facebook is up to its neck into this. It just hasn't come out yet. Probably because the old farts in congress have difficulty with the subject.

    And what to think about billionaire Peter Thiel, who invested 1.25 million in trump, when he was Facebook board member and also chairman of Palantir? Palantir is a UK data analysis company serving governments and companies and has many links/interactions with Cambridge Analytica. Right after the election Thiel sold his Facebook stock and was named executive committee of Trumps transition team. I'm not sure what to think of that, and it may well be smoke without fire, but it seems to me that there is a lot that needs to be looked into.
    Zuck dodged the question about Palantir: http://www.businessinsider.com/zuck...-palantirs-link-to-facebook-ca-scandal-2018-4
    "Do you think Palantir ever scraped data from Facebook?" She asked. Zuckerberg, looked nonplussed and answered. "Senator, I'm not aware of that."
     
    • Informative! Informative! x 1
    • List
  19. Alfa1

    Alfa1 Moderator

    3,461
    1,202
    +2,398
    Better explanation here:
    https://www.dailyo.in/technology/fa...ir-russian-ads-hate-speech/story/1/23415.html
     
  20. mysiteguy

    mysiteguy Devotee

    2,397
    887
    +1,648
    Back when the press was praising the Democrats for gathering far more data from Facebook than Cambridge Analytica did, Facebook was a party to it. It never became a big concern... until the other side of the aisle did the same.

    https://www.nytimes.com/2013/06/23/magazine/the-obama-campaigns-digital-masterminds-cash-in.html

    "Grisolano told me that the campaign literally knew every single wavering voter in the country that it needed to persuade to vote for Obama, by name, address, race, sex and income."

    "Why not try sifting through self-described supporters’ Facebook pages in search of friends who might be on the campaign’s list of the most persuadable voters?"

    "We ingested the entire U.S. social graph," Carol Davidsen, director of data integration and media analytics for Obama for America.

    FB was complicit:
    "The campaign’s exhaustive use of Facebook triggered the site’s internal safeguards. “It was more like we blew through an alarm that their engineers hadn’t planned for or knew about,” said St. Clair, who had been working at a small firm in Chicago and joined the campaign at the suggestion of a friend. “They’d sigh and say, ‘You can do this as long as you stop doing it on Nov. 7.’ ”

    “They came to office in the days following election recruiting & were very candid that they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side,” Davidsen tweeted ( )

    Such as the Democratic Party?

    They intentionally let one party break their own rules.

    Yup, they were malicious.
     
    Last edited: Apr 13, 2018
Verification:
Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.