RSN Fundraising Banner
FB Share
Email This Page
add comment
Print

Timm writes: "Once again, Facebook is embroiled in a scandal where it was caught violating millions of people's privacy."

Mark Zuckerberg. (photo: Getty)
Mark Zuckerberg. (photo: Getty)


How Facebook Borrows From the NSA Playbook

By Trevor Timm, Medium

10 January 19


The social media giant misleads the American people using tactics ripped straight from the surveillance agency

nce again, Facebook is embroiled in a scandal where it was caught violating millions of people’s privacy. A blockbuster story published by the New York Times before the holidays revealed that Facebook had entered into secret “partnerships” with various technology companies — Amazon, Microsoft, Netflix, Spotify, and others — that gave hundreds of internet giants vast access to private information for years without Facebook users’ consent.

As the Atlantic’s Alexis Madrigal succinctly put it, “Facebook didn’t sell your data; it gave it away.”

With Congress now embroiled in a government shutdown, it’s still unclear how it will all play out. But Facebook’s tactics — both how it evades oversight from government regulators and how it has misled journalists and the American public — eerily resembles the culprit in this decade’s other major privacy scandal: the National Security Agency (NSA).

In hiding what it was doing from its users and in the underhanded ways it has justified its invasive actions after the fact, Facebook seems to have drawn directly from the NSA’s playbook.

Here’s exactly what that looks like.

Redefine Words Until They Hold No Meaning

For years, one of the NSA’s most effective methods for avoiding public accountability was to redefine common English without explicitly telling anyone. Words like “surveillance” would be defined so narrowly as to lose all meaning, and phrases like “relevant to an investigation” would be expanded so greatly as to encompass everything. (Read this compendium of the NSA’s dictionary put together by the ACLU for a full explanation.)

Facebook reportedly leaned on redefining one key phrase to escape scrutiny of the Federal Trade Commission (FTC) and the agency’s supposed regulatory powers: “service provider.”

As the Times explained, Facebook has been under a consent decree with the FTC since 2012, when the agency reprimanded the social media giant for violating users’ privacy. Facebook was at least supposed to follow strict rules about when and why it could not share users’ data with others. But as the Times reported, Facebook relied on quietly redefining “service provider” to get everything it wanted.

According to the Times, there was a service provider exception to the strict privacy rules set by the FTC, which was “intended to allow Facebook to perform the same everyday functions as other companies, such as sending and receiving information over the internet or processing credit card transactions, without violating the consent decree.”

But Facebook secretly interpreted service providers incredibly broadly, far past what many former FTC officials said was even close to reasonable. Service providers would soon encompass basically any company Facebook wanted to share data with — hundreds of giant corporations, from Netflix to Spotify, and even the Russian search engine Yandex.

“I don’t understand how this unconsented-to data harvesting can at all be justified under the consent decree,” is how David Vladeck, formerly the head of the FTC’s consumer protection bureau, put it.

Pretend There Was No “Abuse” When the Entire System Is the Abuse

Another tried-and-true method of the NSA in response to the Snowden revelations was to essentially claim, “Yes, we were secretly storing massive amounts of data on Americans, but the system was never ‘abused.’” This was President Obama’s initial defense of the program: “There continues not to be evidence that the [metadata surveillance] program had been abused,” he said at the time.

Put aside the fact that there actually was abuse. The existence of the program itself was the abuse. It was never debated or passed into law in Congress, and the American people did not know about it until it was leaked to journalists.

Facebook is now leaning on the same excuses: Yes, the massive data-sharing operation was happening in secret for years, but “Facebook has found no evidence of abuse by its partners,” a spokesman told the Times. Who cares if users were never informed or are outraged at learning of it after the fact?

Act as Your Own Referee, Then Give Yourself a Stamp of Approval

Speaking of declaring yourself as free of abuse: Acting as your own referee is another go-to move of the NSA. In the aftermath of the Snowden leaks, NSA director Keith Alexander gave the spy agency stellar grades in the self-regulating department. “This agency in every case reports on itself, tells you what we did wrong, and does everything we can to correct it,” Alexander told Congress.

Like Facebook, the NSA is supposed to be held accountable by other government entities. In the NSA’s case, it’s the Foreign Intelligence Surveillance Court (FISC). But even the FISC admitted they have a severely limited vision into exactly what the NSA is doing, and the judges rely on the NSA to self-report its own violations.

The chief FISC judge at the time, Reggie Watson, admitted as much to the Washington Post when he wrote, “The FISC is forced to rely upon the accuracy of the information that is provided to the Court” and “does not have the capacity to investigate issues of noncompliance.”

Facebook was able to evade regulators in a similar way, arguably with the FTC’s help. The Times described how “the FTC essentially outsources much of its day-to-day oversight to companies like PricewaterhouseCoopers” — which Facebook paid for “and largely dictated the scope of its assessments.”

Use Government Secrecy to Hide Information from the Public

Of course, the hallmark of the NSA is using the government’s secrecy system to hide its true controversial scope from the American public. Facebook doesn’t have direct access to the government’s classification system, but it has been able to use government redactions to its advantage.

When PricewaterhouseCoopers reviewed some of Facebook’s data partnerships in 2013, it reportedly “found only ‘limited’ evidence that Facebook had monitored those partners’ use of data.” But as the Times reported, that finding “was redacted from a public copy of the assessment, which gave Facebook’s privacy program a passing grade overall.”

Two other lessons can be learned from the NSA privacy scandal. The first, as the Washington Post’s Andrea Peterson said in 2013, “It’s to pay very careful attention to what Sen. Ron Wyden (D-Ore.) says. So if he hints that there’s something worth reading… that should serve as a bat signal to privacy advocates.” (Wyden was the senator who famously caught Director of National Intelligence James Clapper in a lie about the NSA’s surveillance on Americans.)

Maybe the same can now be said about Facebook. In September, when Sheryl Sandberg was testifying before Congress, Senator Wyden provided Facebook a list of very detailed questions about its service provider data-sharing agreements. While Sandberg’s testimony made front-page headlines, Wyden’s questions and Facebook’s evasive answers, published a month later, were overlooked by almost everyone. It turns out that should have been a sign.

But if there is one overarching lesson from Facebook’s series of debacles in 2018, it is that the company has grown so big that it’s hard to see how it can ever be trusted. As the Times described, Facebook had entered into so many data-sharing partnerships that it couldn’t keep track of them all. The system was beyond anyone’s control.

Time and again, in other privacy controversies of the years, Facebook has explained features of its systems to journalists, only to have to backtrack or 180 in their explanations, leading one Gizmodo journalist to conclude, “People at Facebook don’t know how Facebook works.”

It’s the same underlying issue in the NSA’s massive surveillance programs — even if you think their intentions aren’t evil. In attempting to explain how the agency had been illegally collecting data on Americans for years, government lawyers actually admitted to the FISC that its systems were so enormous that “there was no single person who had a complete technical understanding” of how things worked.

Email This Page

e-max.it: your social media marketing partner
 

Comments   

A note of caution regarding our comment sections:

For months a stream of media reports have warned of coordinated propaganda efforts targeting political websites based in the U.S., particularly in the run-up to the 2016 presidential election.

We too were alarmed at the patterns we were, and still are, seeing. It is clear that the provocateurs are far more savvy, disciplined, and purposeful than anything we have ever experienced before.

It is also clear that we still have elements of the same activity in our article discussion forums at this time.

We have hosted and encouraged reader expression since the turn of the century. The comments of our readers are the most vibrant, best-used interactive feature at Reader Supported News. Accordingly, we are strongly resistant to interrupting those services.

It is, however, important to note that in all likelihood hardened operatives are attempting to shape the dialog our community seeks to engage in.

Adapt and overcome.

Marc Ash
Founder, Reader Supported News

 
+11 # tedrey 2019-01-10 19:44
Thank you, Trevor.

Now is your first paragraph a rather clear hint that we should also take a closer look at "Amazon, Microsoft, Netflix, Spotify, and others," . . . or perhaps ask Senator Wyden about them in private? Or would that spoil coming surprise revelations?

Just joking in the junkyard, Trevor. I truly thank and respect you.
 
 
+6 # dotlady 2019-01-10 21:03
We have outfoxed ourselves with this complex technology, and do not have the time or capacity to check out who is doing what to whom. Privacy is lost. The recorded info will always exist now, even if laws are changed later.
This is similar to the 5G Rollout being steamrolled over us by FCC fiat with no public input about the potentially grave health risks it will incur.
 
 
+8 # wrknight 2019-01-10 22:21
Well actually, facebook gives your information away AND sells your information.

On top of that, lacking any adult supervision on what gets posted, facebook has become the largest source of disinformation in the history of the world. And if that's not bad enough, managing your own account so that you can prevent unwanted crap showing up on your facebook pages is more hassle than the worth of any possible benefit you get from it.

I opened a facebook account years ago when it was still relatively new and was so disgusted with it I haven't looked at it in years. I tried to cancel the account and requested they delete all my information, but I can't seem to get rid of that goddam tar baby.

My answer to facebook is, f'k facebook AND Mark Zuckerberg.
 
 
+3 # elizabethblock 2019-01-12 09:59
When James Clapper was asked at a March Senate hearing whether the NSA was collecting information about millions of Americans, he answered, “No,” and then, after a pause, “not wittingly.” As Clapper has now conceded, the correct answer was simply “yes.”
Someone - I can't remember who - said we should use his name as a verb. "To clapper" = to lie to Congress under oath.
 
 
+2 # futhark 2019-01-12 12:32
Violation of privacy is fundamental to Facebook's existence. Facebook's income is derived from selling its members private details, a reason I stopped using it several years ago. The same can be said of all the other big operators on the Internet: Yahoo!, Google, Amazon, etc. I suppose I'm not creative enough to come up with a means for delivering the "services" these companies offer the public with some alternative way of generating income, but would be interested to see such a plan.
 

THE NEW STREAMLINED RSN LOGIN PROCESS: Register once, then login and you are ready to comment. All you need is a Username and a Password of your choosing and you are free to comment whenever you like! Welcome to the Reader Supported News community.

RSNRSN