Showing posts with label ethics. Show all posts
Showing posts with label ethics. Show all posts

Monday, 30 July 2018

July 2018 was not a good month for Zuckerberg and Facebook Inc - Channel 4 undercover investigation, a lawsuit, falling user numbers, sudden 19% drop in company value & US$12 billion hit to personal fortune


As the fall-out from manipulated US presidential campaign and UK Brexit national referendum continues try at it might Facebook Inc just can't give a cursory apology for its part in these events and mover on - users and mainstream media won't cease scutiny of its business practices.

News.com.au, 27 July 2018:

Shares in Facebook plummeted 19 per cent to $US176.26 at the end of trading on Thursday, wiping out some $US120 billion ($A160 billion) — believed to be the worst single-day evaporation of market value for any company....

Founder Mark Zuckerberg, who has a 13 percent stake in Facebook, saw his fortune dropped by more than $US12 billion ($A16 billion) in less than 24 hours, to around $74 billion ($A100 billion).

The fall came after the social media giant revealed three million European users had closed their accounts since the Cambridge Analytica data scandal. The record decline pushed the tech-heavy Nasdaq more than one per cent lower.

CNet, 27 July 2018:

It began Wednesday with Facebook, which announced that daily active user counts had fallen in Europe, to 279 million from 282 million earlier this year. Facebook also indicated it was no longer growing in the US and Canada, two of the most lucrative advertising markets. Just as Facebook was working through its second year of nearly nonstop scandals over unchecked political meddling and data misuse, it was becoming clear that the days of consistent and relatively easy growth were fading.

Reuters, 28 July 2018:

NEW YORK (Reuters) - Facebook Inc (FB.O) and its chief executive Mark Zuckerberg were sued on Friday in what could be the first of many lawsuits over a disappointing earnings announcement by the social media company that wiped out about $120 billion of shareholder wealth.

The complaint filed by shareholder James Kacouris in Manhattan federal court accused Facebook, Zuckerberg and Chief Financial Officer David Wehner of making misleading statements about or failing to disclose slowing revenue growth, falling operating margins, and declines in active users.

Chanel4.com, news release, 17 July 2018:

Dispatches investigation reveals how Facebook moderates content

An undercover investigation by Firecrest Films for Channel 4 Dispatches has revealed for the first time how Facebook decides what users can and can’t see on the platform. (Inside Facebook: Secrets of the Social Network, Channel 4 Dispatches, 9pm, 17 July)
Dispatches’ investigation reveals:
       *Violent content such as graphic images and videos of assaults on children, remaining on the site, despite being flagged by users as inappropriate and requests to have it removed.

·         *Thousands of reported posts remained unmoderated and on the site while we were filming, beyond Facebook’s stated aim of a 24-hour turnaround, including potentially posts relating to suicide threats and self-harm.

·        * Moderators told not to take any action if content shows a child who is visibly below Facebook’s 13-year-old age limit, rather than report it as posted by underage users, even if the content includes self-harming.

·         *Allegations from an early Facebook investor and mentor to Mark Zuckerberg, that Facebook’s business model benefits from extreme content which engages viewers for longer, generating higher advertising revenue.

·         *Pages belonging to far-right groups, with large numbers of followers, allowed to exceed deletion threshold, and subject to different treatment in the same category as pages belonging to governments and news organisations.

·       *  Policies allowing hate speech towards ethnic and religious immigrants, and trainers instructing moderators to ignore racist content in accordance with Facebook’s policies.

      Dispatches sent an undercover reporter to work as a content moderator in Facebook’s largest centre for UK content moderation. The work is outsourced to a company called Cpl Resources plc in Dublin which has worked with Facebook since 2010. The investigation reveals the training given to content moderators to demonstrate how to decide whether content reported to them by users, such as graphic images and videos of child abuse, self-harming, and violence should be allowed to remain on the site or be deleted. Dispatches also films day-to-day moderation of content on the site, revealing:
      Violent content:
      One of the most sensitive areas of Facebook’s content rulebook is about graphic    violence. When dealing with graphic violence content, moderators have three options – ignore, delete, or mark as disturbing which places restrictions on who can see the content.
      Dispatches’ undercover reporter is seen moderating a video showing two teenage schoolgirls fighting. Both girls are clearly identifiable and the video has been shared more than a thousand times. He’s told that Facebook’s rules say that because the video has been posted with a caption condemning the violence and warning people to be careful about visiting the location where it was filmed, it should not be deleted and instead should be left on the site and marked as disturbing content. Dispatches speaks to the mother of the girl involved who tells the programme the distress and impact the video had on her daughter. She struggles to understand the decision to leave the video up on the site. “To wake up the next day and find out that literally the whole world is watching must have been horrifying. It was humiliating for her, it was devastating for her. You see the images and it’s horrible, it’s disgusting. That’s someone’s child fighting in the park. It’s not Facebook entertainment.”

      Facebook told Dispatches that the child or parent of a child featured in videos like this can ask them to be removed. Richard Allan, VP of Public Policy at Facebook said, “Where people are highlighting an issue and condemning the issue, even if the issue is painful, there are a lot of circumstances where people will say to us, look Facebook, you should not interfere with my ability to highlight a problem that’s occurred.

      Online anti-child abuse campaigner Nicci Astin tells Dispatches about another violent video which shows a man punching and stamping on a toddler. She says she reported the video to Facebook in 2012 and received a message back saying it didn’t violate its terms and conditions. The video is used during the undercover reporter’s training period as an example of what would be left up on the site, and marked as disturbing, unless posted with a celebratory caption. The video is still up on the site, without a graphic warning, nearly six years later. Facebook told Dispatches they do escalate these issues and contact law enforcement, and the video should have been removed.

      One moderator tells the Dispatches undercover reporter that “if you start censoring too much then people lose interest in the platform…. It’s all about making money at the end of the day.”
      Venture Capitalist Roger McNamee was one of Facebook’s earliest investors, a mentor to CEO Mark Zuckerberg, and the man who brought Sheryl Sandberg to the company. He tells Dispatches that Facebook’s business model relies on extreme content:
      “From Facebook’s point of view this is, this is just essentially, you know, the crack cocaine of their product right. It’s the really extreme, really dangerous form of content that attracts the most highly engaged people on the platform. Facebook understood that it was desirable to have people spend more time on site if you’re going to have an advertising based business, you need them to see the ads so you want them to spend more time on the site. Facebook has learned that the people on the extremes are the really valuable ones because one person on either extreme can often provoke 50 or 100 other people and so they want as much extreme content as they can get.”

      Richard Allan told Dispatches: Shocking content does not make us more money, that’s just a misunderstanding of how the system works …. People come to Facebook for a safe secure experience to share content with their family and friends. The vast majority of those 2 billion people would never dream of sharing content that, like that, to shock and offend people. And the vast majority of people don’t want to see it. There is a minority who are prepared to abuse our systems and other internet platforms to share the most offensive kind of material. But I just don’t agree that that is the experience that most people want and that’s not the experience we’re trying to deliver.

      Underage users:
      No child under 13 can have a Facebook account. However, a trainer tells the undercover reporter not to proactively take any action regarding their age if the report contains an image of a user who is visibly underage, unless the user admits to being underage: “We have to have an admission that the person is underage. If not, we just like pretend that we are blind and we don’t know what underage looks like.” Even if the content contains images for self-harm for example, and the image is of someone who looks underage the user is treated like an adult and sent information about organisations which help with self-harming issues, rather than being reported for being underage: “If this person was a kid, like a 10-year-old kid we don’t care, we still action the ticket as if they were an adult.” Facebook confirmed to Dispatches that its policy is not to take action about content posted by users who appear to be underage, unless the user admits to being underage.

Hate speech:
       Dispatches’ undercover reporter is told that, while content which racially abuses protected ethnic or religious groups violates Facebook’s guidelines, if the posts racially abuse immigrants from these groups, then the content is permitted. Facebook’s training for moderators also includes a post including a cartoon comment which describes drowning a girl if her first boyfriend is a negro, as content which is permitted. Facebook confirmed to Dispatches that the picture violates their hate speech standards and they are reviewing what went wrong to prevent it from happening again.

     “Shielded Review” – Popular pages kept up despite violations:
Our undercover reporter is told that if any page is found to have five or more pieces of content that violate Facebook’s rules, then the entire page should be taken down, in accordance with the company’s policies. But we have discovered that posts on Facebook’s most popular pages, with the highest numbers of followers, cannot be deleted by ordinary content moderators at Cpl. Instead, they are referred to the Shielded Review Queue where they can be directly assessed by Facebook rather than Cpl staff. These pages include those belonging to jailed former English Defence League leader Tommy Robinson, who has over 900,000 followers, and who has been given the same protected status as Governments and news organisations. A moderator tells the undercover reporter that the far-right group Britain First’s pages were left up despite repeatedly featuring content that breached Facebook’s guidelines because, “they have a lot of followers so they’re generating a lot of revenue for Facebook. The Britain First Facebook page was finally deleted in March 2018 following the arrest of deputy leader Jayda Fransen.
      Facebook confirmed to Dispatches that they do have special procedures for popular and high profile pages, which includes Tommy Robinson and included Britain First.
      They say Shielded Review has been renamed ‘Cross Check’. Lord Allen told Dispatches: “if the content is indeed violating it will go….I want to be clear this is not a discussion about money, this is a discussion about political speech. People are debating very sensitive issues on Facebook, including issues like immigration. And that political debate can be entirely legitimate. I do think having extra reviewers on that when the debate is taking place absolutely makes sense and I think people would expect us to be careful and cautious before we take down their political speech.”
      Delays in moderating content:
      Facebook’s publicly stated aim is to assess all reported content within 24 hours. However, during the period of the undercover filming, Dispatches found a significant backlog. Moderators told the undercover reporter that due to the volume of reports, or tickets, they are supposed to moderate, they are unable to check up to 7,000 reported comments on a daily basis. At one point there is a backlog of 15,000 reports which have not been assessed, with some tickets are still waiting for moderation up to five days after being reported. Facebook told Dispatches that the backlog filmed in the programme was cleared by 6 April.
…/ends
[my yellow highlighting]

Wednesday, 25 April 2018

Did the Australian Bureau of Statistics spy on Telstra customers at one remove in 2016?


“…with its near-complete coverage of the population, mobile device data is now seen as a feasible way to estimate temporary populations” [Australian Bureau of Statistics Demographer Andrew Howe, quoted in The Australian Bureau of Statistics Tracked People By Their Mobile Device Data at Medium, 23 April 2018]

Cryptoparty founder. Amnesty Australia 'Humanitarian Media Award' recipient 2014 and activist Asher Wolf recently reported that in 2016 the Australian Bureau of Statistics (ABS) without informing or seeking permission from mobile phone users ran a secretive, publicly-funded tracking program via signals emitted by the mobile phones of an unspecified number of people, in order to find out where they travelled over the course of an unspecified number of days and how long they stayed at each location.

A presentation of the basic details of this pilot study was made by the ABS researcher leading the pilot at a Spatial Information Day in Adelaide on 11 August 2017.

second ABS researcher also made a presentation on the day.

Spatial Information Day (which has the ABS as one of its sponsors) is characterised by the organisers as an annual educational and promotional event and was first held just on 18 years ago.

The Australian Bureau of Statistics was swift to reply to Asher Wolf's Medium article, stating that it has only been supplied with hourly agregate data by the telco (Telstra) which did not identify individuals.

However, the aggregated data supplied to the ABS was at the second lowest SA2 Level and some of these statistcal areas have populations of well under 3,000 residents according to 2016 Census data. Which makes the task of matching names to some of the tracked population movements just that much easier for a demographer or determined hacker.

Given recent less than transparent disclosures by data mining corporations concerning data collection/retention practices, readers might forgive me for waiting to see if the other shoe drops in this ABS-Telsta data mining and privacy matter.

One might say that thanks to Ms. Wolf we are all being educated further about big data and the ethics of data collection.

This is the response Ms. Wolf received when she contacted privacy experts concerning the pilot study:

“I find this tracking of people using their telephone location data without their knowledge and consent extremely concerning. The fact that the telecoms company allowed this data to be handed to a third party, and then for that third party to be a government agency compounds the breach of trust for the people whose data was involved,” said Angela Daly, Vice Chancellor’s Senior Research Fellow and Senior Lecturer in Queensland University of Technology’s Faculty of Law, research associate in the Tilburg Institute for Law, Technology and Society and Digital Rights Watch board member.

“After the Cambridge Analytica/Facebook scandal this is yet another example of why we need much tougher restrictions on what companies and the government can do with our data.”

Electronic Frontiers Australia board member Justin Warren also pointed out that while there are beneficial uses for this kind of information, “…the ABS should be treading much more carefully than it is. The ABS damaged its reputation with its bungled management of the 2016 Census, and with its failure to properly consult with civil society about its decision to retain names and addresses. Now we discover that the ABS is running secret tracking experiments on the population?”

“Even if the ABS’ motives are benign, this behaviour — making ethically dubious decisions without consulting the public it is experimenting on — continues to damage the once stellar reputation of the ABS.”

“This kind of population tracking has a dark history. During World War II, the US Census Bureau used this kind of tracking information to round up Japanese-Americans for internment. Census data was used extensively by Nazi Germany to target specific groups of people. The ABS should be acutely aware of these historical abuses, and the current tensions within society that mirror those earlier, dark days all too closely.”

“The ABS must work much harder to ensure that it is conducting itself with the broad support of the Australian populace. Sadly, it appears that the ABS increasingly considers itself above the mundane concerns of those outside its ivory tower. This arrogance must end.”

“For us to continue to trust the ABS with our most intimate details, the ABS must maintain society’s trust. Conducting experiments on citizens without seeming to care about our approval or consent undermines that trust.”

International privacy advocates also raised concerns about the study.

“Data the companies, like telcos, collect inevitably becomes very attractive to government agencies looking to track, monitor, and survey people. Like here, users are rarely informed, let alone consent to these uses. The impact on privacy rights is severe: location information (especially combined with other sensitive data) can reveal startlingly detailed information about your life (where you live, work), connections (who you talk to or visit), preferences (what you buy and when), and health (doctors and pharmacies frequented),” stated Amie Stepanovich, U.S. Policy Manager for digital rights organisation Access Now.


Wednesday, 28 March 2018

Turns out that Facebook Inc is the biggest baddie of all on the Internet


“The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act. Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices.”  [US Federal Trade Commission (FTC), Statement, 26 March 2018]

It may have been the Cambridge Analytica-Facebook situation as first set out by Carole Cadwalladr at The Guardian & The Observer (UK) that recently alerted the average Internet user to the issue of digital privacy on social media and, it was certainly the situation which caught the eye of the US Federal Trade Commission which is now investigating.

The story of that data harvest so far.....

The Guardian UK, 25 March 2018:

The story of how those data made the journey from Facebook’s servers to Cambridge Analytica’s is now widely known. But it is also widely misunderstood. (Many people were puzzled, for example, by Facebook’s vehement insistence that the exfiltration of a huge trove of users’ data was not a “breach”.) The shorthand version of what happened – that “a slug of Facebook data on 50 million Americans was sucked down by a UK academic named Aleksandr Kogan, and wrongly sold to Cambridge Analytica” – misses an important point, which is that in acquiring the data in the first place Kogan was acting with Facebook’s full knowledge and approval.

In 2013, he wrote an app called “Thisisyourdigitallife” which offered users an online personality test, describing itself as “a research app used by psychologists”
Approximately 270,000 people downloaded it and in doing so gave their consent for Kogan to access information such as the city they set on their profile, or content they had liked, as well as more limited information about friends who had their privacy settings set to allow it. This drew more than 50 million unsuspecting Facebook users into Kogan’s net.

The key point is that all of this was allowed by the terms and conditions under which he was operating. Thousands of other Facebook apps were also operating under similar T&Cs – and had been since 2007, when the company turned its social networking service into an application platform.

So Kogan was only a bit player in the data-hoovering game: apps such as the insanely popular Candy Crush, for example, were also able to collect players’ public profiles, friends lists and email addresses. And Facebook seemed blissfully indifferent to this open door because it was central to its commercial strategy: the more apps there were on its platform the more powerful the network effects would be and the more personal data there would be to monetise.

That’s why the bigger story behind the current controversy is the fact that what Cambridge Analytica claimed to have accomplished would not have been possible without Facebook. Which means that, in the end, Facebook poses the problem that democracies will have to solve. [my yellow highlighting]

However, it is not the only way Facebook is collecting personal information to enrich Zuckerberg and his shareholders.

Now we find out that Facebook Inc is scraping information from Android devices such as mobile phones and adding phone logs to its Big Brother database.

Global News, 25 March 2018:

In the same week Facebook found itself in the middle of a massive data scandal, recent reports indicate that the social media giant has also scraped records of phone calls and SMS data from its users with Android devices without explicit permission.

New Zealand-based software developer Dylan McKay tweeted earlier this week that upon downloading his Facebook data in zip file (which is an option for all users) he claims to have discovered records of phone calls and a historical data of every contact on his phone., including contacts he no longer had, from a period between 2016 and 2017.
After he made the discovery, McKay set up a Google poll to gather evidence from other users who’ve been affected.

So far, just under 900 people have responded to the poll, and more than 20 per cent confirmed they found call records and/or text metadata in their Facebook data archive. Another 74 people responded to the poll saying that MMS data was collected, 106 people responded saying that SMS data was collected, and 104 responded saying that cellular calls were collected.

The story was first published by the tech news website Ars Technica on Saturday, who interviewed several Facebook users, and had a member of its staff download their Facebook data archive. Following, this, the site could confirm that the data file downloaded by the staff member contained call logs from a device that individual used between 2015 and 2016, as well as SMS and MMS message data.

Several Global News staff members also requested their data archives as well in the preparation of this story and some found that the contact lists from their mobile devices were recorded in the file. No one noted any text message or call logs in the data files they downloaded.

Ars Technica reached out to Facebook for comment before the publication of its story, who said that the practice was a common one among social networking and messaging apps.
“The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.”

Following McKay’s tweets, other users came out on social media expressing similar concerns about what they discovered after downloading their data archives.

In recent years, the company has updated this process to clarify that when requesting access to your contact list, it intends to access all call logs and SMS text messages as well, but Android users in the past may have unknowingly given Facebook access to this data. [my yellow highlighting]

It is also wise to remember that even Internet users who do not have a Facebook account have their PC or other digital device scanned for information each time they click on a link to Facebook



Facebook image via ZDNet, 3 January 2014

ZDNet on 3 January 2014: By "content" Facebook means “anything you or other users post on Facebook”. By "information" Facebook means “facts and other information about you, including actions taken by users and non-users who interact with Facebook”. [my yellow highlighting]

Nor should we ignore this report about Facebook's surreptitious activities.......

Law360 (March 2, 2018, 7:02 PM EST) -- A California federal judge held Friday that Facebook can’t shake a proposed class action over its allegedly unlawful collection and storage of non-users’ facial scans, declining to toss the matter for lack of standing, just as he recently did in a related suit involving users of the site.

U.S. District Judge James Donato rejected Facebook Inc.’s renewed motion to dismiss litigation led by Frederick William Gullen for lack of subject-matter jurisdiction, pointing to his Feb. 26 decision in a related proposed class action accusing the social media... 
[my yellow highlighting]

Then there is the lobbying to discourage federal regulation of Facebook.......

According to SOCIAL MEDIA CASEROUNDUP (selected cases) in April 2015, by 2013 Facebook Inc had spent more than US$1 million on lobbying efforts to water down the US Children's Online Privacy Protection Act (COPPA). It was particularly concerned about any change of status of third party "add ons"/"plug-ins" which might by default make platforms like Facebook legally liable for any harm to a minor/s which occurred, as well asbeing resistant to any increase in general protections for minors or any expanded definition of protected "personal information" being included in the Act.

Quartz, 22 March 2018:

Facebook CEO Mark Zuckerberg said yesterday that the company welcomes more regulation, particularly to bring transparency to political advertising online. But in recent months, Facebook has been quietly fighting lawmakers to keep them from passing an act that does exactly that, campaign transparency advocates and Congressional staff tell Quartz.

The Honest Ads Act was introduced last October to close a loophole that has existed since politicians started advertising on the internet, and was expected by many to sail through Congress. Coming as Congress investigated how Russia used tech companies to influence the 2016 election, it was considered by many in Washington DC to be the bare minimum lawmakers could do to address the problem.

The act introduces disclosure and disclaimer rules to online political advertising. Tech companies would have to keep copies of election ads, and make them available to the public. The ads would also have to contain disclaimers similar to those included in TV or print political ads, informing voters who paid for the ad, how much, and whom they targeted.

“The benefit of having disclaimers on all political ads [is] the more suspicious ads would be more identifiable,” said Brendan Fischer, the director of federal and Federal Election Commission reform at theCampaign Legal Center (CLC) in Washington.

In a vote of confidence from bitterly-divided Washington, the act was rolled out by a bipartisan group of senators—John McCain, the Republican from Arizona, and Democrats Amy Klobuchar from Minnesota and Mark Warner of Virginia—and it currently has the support of 18 senators. But it hasn’t moved from the committee on “Rules and Administration” since was first introduced, thanks in part to Facebook’s lobbying efforts.

Fischer, who is a co-author of a CLC report on US vulnerabilities online after the 2016 election, accuses Facebook of “working behind the scenes using the levers of power to stop any legislation from moving forward.”

Facebook’s lobbying clout

Lobbyists for the company have been trying to dissuade senators from moving the Honest Ads Act forward, some Congressional aides say

Facebook’s argument to Congress behind the scenes has been that they are “voluntarily complying” with most of what the Honest Ads Act asks, so why pass a law, said one Congressional staffer working on the bill. Facebook also doesn’t want to be responsible for maintaining the publicly accessible repository of political advertising, including funding information, that the act demands, the staffer said.

Facebook spent nearly $3.1 million lobbying Congress and other US federal government agencies in the last quarter of 2017, on issues including the Honest Ads Act according to its latest federal disclosure form. It also signed on Blue Mountain Strategies, a lobbying firm founded by Warner’s former chief of staff, an Oct. 30, 2017 filing shows.

It’s part of a massive uptick in lobbying spending in recent years. [my yellow highlighting]

Despite all its lobbying Facebook Inc is not immune from official censure for its deceptive business practices.

Take this analysis of a 2011 binding agreement between the US Federal Trade Commission and Facebook Inc.....


FEDERAL TRADE COMMISSION [File No. 092 3184], 2 December 2011:

The Federal Trade Commission has accepted, subject to final approval, a consent agreement from Facebook, Inc. (‘‘Facebook’’)……

The Commission’s complaint alleges eight violations of Section 5(a) of the FTC Act, which prohibits deceptive and unfair acts or practices in or affecting commerce, by Facebook:

* Facebook’s Deceptive Privacy Settings: Facebook communicated to users that they could restrict certain information they provided on the site to a limited audience, such as ‘‘Friends Only.’’ In fact, selecting these categories did not prevent users’ information from being shared with Apps that their Friends used.

* Facebook’s Deceptive and Unfair December 2009 Privacy Changes: In December 2009, Facebook changed its site so that certain information that users may have designated as private— such as a user’s Friend List —was made public, without adequate disclosure to users. This conduct was also unfair to users.

* Facebook’s Deception Regarding App Access: Facebook represented to users that whenever they authorized an App, the App would only access the information of the user that it needed to operate. In fact, the App could access nearly all of the user’s information, even if unrelated to the App’s operations. For example, an App that provided horoscopes for users could access the user’s photos or employment information, even though there is no need for a horoscope App to access such information. 

* Facebook’s Deception Regarding Sharing with Advertisers: Facebook promised users that it would not share their personal information with advertisers; in fact, Facebook did share this information with advertisers when a user clicked on a Facebook ad.

* Facebook’s Deception Regarding Its Verified Apps Program: Facebook had a ‘‘Verified Apps’’ program through which it represented that it had certified the security of certain Apps when, in fact, it had not. 

* Facebook’s Deception Regarding Photo and Video Deletion: Facebook stated to users that, when they deactivate or delete their accounts, their photos and videos would be inaccessible. In fact, Facebook continued to allow access to this content even after a user deactivated or deleted his or her account.

* Safe Harbor: Facebook deceptively stated that it complied with the U.S.-EU Safe Harbor Framework, a mechanism by which U.S. companies may transfer data from the European Union to the United States consistent with European law.
The proposed order contains provisions designed to prevent Facebook from engaging in practices in the future that are the same or similar to those alleged in the complaint.

Part I of the proposed order prohibits Facebook from misrepresenting the privacy or security of ‘‘covered information,’’ as well as the company’s compliance with any privacy, security, or other compliance program, including but not limited to the U.S.-EU Safe Harbor Framework. ‘‘Covered information’’ is defined broadly as ‘‘information from or about an individual consumer, including but not limited to: 
(a) A first or last name; 
(b) a home or other physical address, including street name and name of city or town; (c) an email address or other online contact information, such as an instant messaging user identifier or a screen name; 
(d) a mobile or other telephone number; 
(e) photos and videos; (f) Internet Protocol (‘‘IP’’) address, User ID, or other persistent identifier; (g) physical location; or 
(h) any information combined with any of (a) through (g) above.’’

Part II of the proposed order requires Facebook to give its users a clear and prominent notice and obtain their affirmative express consent before sharing their previously-collected information with third parties in any (a) through (g) above.’’ Part II of the proposed order requires Facebook to give its users a clear and prominent notice and obtain their affirmative express consent before sharing their previously-collected information with third parties in any way that materially exceeds the restrictions imposed by their privacy settings. A ‘‘material . . . practice is one which is likely to affect a consumer’s choice of or conduct regarding a product.’’ FTC Policy Statement on Deception, Appended to Cliffdale Associates, Inc., 103 F.T.C. 110, 174 (1984).

Part III of the proposed order requires Facebook to implement procedures reasonably designed to ensure that a user’s covered information cannot be accessed from Facebook’s servers after a reasonable period of time, not to exceed thirty (30) days, following a user’s deletion of his or her account.

Part IV of the proposed order requires Facebook to establish and maintain a comprehensive privacy program that is reasonably designed to: 
(1) Address privacy risks related to the development and management of new and existing products and services, and 
(2) protect the privacy and confidentiality of covered information. The privacy program must be documented in writing and must contain controls and procedures appropriate to Facebook’s size and complexity, the nature and scope of its activities, and the sensitivity of covered information. Specifically, the order requires Facebook to:
* Designate an employee or employees to coordinate and be responsible for the privacy program;
* Identify reasonably-foreseeable, material risks, both internal and external, that could result in the unauthorized collection, use, or disclosure of covered information and assess the sufficiency of any safeguards in place to control these risks;
* Design and implement reasonable controls and procedures to address the risks identified through the privacy risk assessment and regularly test or monitor the effectiveness of these controls and procedures;
* Develop and use reasonable steps to select and retain service providers capable of appropriately protecting the privacy of covered information they receive from respondent, and require service providers by contract to implement and maintain appropriate privacy protections; and
* Evaluate and adjust its privacy program in light of the results of the testing and monitoring, any material changes to its operations or business arrangements, or any other circumstances that it knows or has reason to know may have a material impact on the effectiveness of its privacy program.

Part V of the proposed order requires that Facebook obtain within 180 days, and every other year thereafter for twenty (20) years, an assessment and report from a qualified, objective, independent third-party professional, certifying, among other things, that it has in place a privacy program that provides protections that meet or exceed the protections required by Part IV of the proposed order; and its privacy controls are operating with sufficient effectiveness to provide reasonable assurance that the privacy of covered information is protected. Parts VI through X of the proposed order are reporting and compliance provisions. Part VI requires that Facebook retain all ‘‘widely disseminated statements’’ that describe the extent to which respondent maintains and protects the privacy, security, and confidentiality of any covered information, along with all materials relied upon in making such statements, for a period of three (3) years. Part VI further requires Facebook to retain, for a period of six (6) months from the date received, all consumer complaints directed at Facebook, or forwarded to Facebook by a third party, that relate to the conduct prohibited by the proposed order, and any responses to such complaints. Part VI also requires Facebook to retain for a period of five (5) years from the date received, documents, prepared by or on behalf of Facebook, that contradict, qualify, or call into question its compliance with the proposed order. Part VI additionally requires Facebook to retain for a period of three (3) years, each materially different document relating to its attempt to obtain the affirmative express consent of users referred to in Part II, along with documents and information sufficient to show each user’s consent and documents sufficient to demonstrate, on an aggregate basis, the number of users for whom each such privacy setting was in effect at any time Facebook has attempted to obtain such consent. Finally, Part VI requires that Facebook retain all materials relied upon to prepare the third-party assessments for a period of three (3) years after the date that each assessment is prepared. 

Part VII requires dissemination of the order now and in the future to principals, officers, directors, and managers, and to all current and future employees, agents, and representatives having supervisory responsibilities relating to the subject matter of the order. Part VIII ensures notification to the FTC of changes in corporate status. Part IX mandates that Facebook submit an initial compliance report to the FTC and make available to the FTC subsequent reports. Part X is a provision ‘‘sunsetting’’ the order after twenty (20) years, with certain exceptions.

The purpose of the analysis is to aid public comment on the proposed order. It is not intended to constitute an official interpretation of the complaint or proposed order, or to modify the proposed order’s terms in any way. 

By direction of the Commission. 
Donald S. Clark, Secretary. [FR Doc. 2011–31158 Filed 12–2–11; 8:45 am [my yellow highlighting]

Monday, 26 March 2018

A brief scrutiny of the byzantium maze that is Cambridge Analytica


Attempting to make sense of a group of corporate actors who obviously delighted in establishing a veritable labyrinth of companies and to create a reference to follow any future revelations.........

So what does the British-US company Cambridge Analytica which; 
(i) has been accused of rat f**king the 2015 Nigerian presidential election and the 2013 & 2017 Kenyan elections
(ii) allegedly influenced the 2016 UK Brexit referendum vote by assisting the Leave.EU campaign
(iii) was known to have purchased data from Global Science Research Ltd who harvested personal details from an est. 50 million Facebook user accounts and, 
(iv) later sold a breakdown of user data first to a number of GOP candidates during 2014 midterms, as well as to Ted Cruz during the US primaries and then to Donald Trump during the 2016 US presidential campaign,
actually look like on paper?

This appears to be the company whose business name is included in so many media reports at the moment:

Cambridge Analytica LLC incorporated in Delaware USA on 31 December 2013 offering data mining, analysis, and behavioral communication solutions according to Bloomberg.com and, now considered a subsidiary of SCL Group Limited.

“The genesis of Cambridge Analytica was to address the vacuum in the US Republican political market that became evident after [Mitt] Romney’s defeat in 2012” [Alexander Nix, CEO Cambridge Analytics].

Executives

Alexander James Ashburner Nix  Chief Executive Officer
Julian David Wheatland Chief Financial Officer
Mark Turnbull Managing Director of CA Political Global
Thomas Finkle Global Head of Client Services

It shares its name with a UK Company CAMBRIDGE ANALYTICA (UK) LIMITED - formerly SCL USA Limited incorporated 6 January 2015. 

Directors

NIX, Alexander James Ashburner Appointed founding sole director 6 January 2015. Only shareholder - in his own name and through another company solely owned by him,  SCL Elections Limited (incorporated 17 October 2012). 

SCL Elections Limited is described by Cambridge Analylitica as "an affiliate of Cambridge Analytica" and also the "genisis" of Cambridge Analytica. It is now being blamed for receiving harvested Facebook data and Cambridge Analytica is hypocritically trying to distance itself in a company media release on 23 March 2018.

The Cambridge Analytica website states it has offices in London, New York, Washington DC, Brazil and Malaysia. Until 20 March 2018 Alexander Nix was listed as its CEO. Acting CEO is now Chief Data Scientist at SCL Group Limited Dr. Alexander Tayler.

How do two firms on opposite sides of the world - one of which has only one director/owner and no indentifiable board members - suddenly become this company with reputed influence and tentacles everywhere?

Perhaps the answer lies in the est. US$15 million in indirect funding Cambridge Analytica has allegedly received from right-wing American billionaire Robert Mercer & his daughter Rebekah through one or all five affiliated US 'front' companies including Cambridge Analytica LLC and in its relationship with another UK corporation with which it shares information/data/personnel.

The remaining US 'front' companies are:

Cambridge Analytica Holdings LLC (Delaware (US), 9 May 2014- )
Cambridge Analytica Commercial LLC (Delaware (US), 21 Jan 2015- )
Cambridge Analytica Political LLC (Delaware (US), 21 Jan 2015- )

That other UK company is SCL Group Limited formerly Strategic Communication Laboratories Limited incorporated on 20 July 2005 by STG Secretaries Limited on behalf of an unidentified person/s, with an opening share capital of £100,000.

Directors

NIX, Alexander James Ashburner Appointed co-founding director along with Alexander Waddinton Oakes on 20 July 2005, resigned on 7 December 2012 and reappointed on 28 January 2016. Shareholder. Owner of Cambridge Analytica (UK) Limited.
OAKES, Nigel John Appointed on 3 October 2005. Shareholder.
GABB, Roger Michael Appointed on 10 November 2005. Shareholder. Ownership of shares – more than 25% but not more than 50%. Ownership of voting rights - more than 25% but not more than 50%
WHEATLAND, Julian David Appointed on 20 December 2007. Shareholder.

Barclays Bank PLC current lender to the company It seems this bank assisted in restructuring SCL Group Limited's finances.

Company Positions Identified by LinkedIn

United Kingdom
Web / Software Developer at Cambridge Analytica / SCL Group
Twickenham, United Kingdom
Current: Web Developer at SCL Group
Data Engineer presso Cambridge Analytica
London, United Kingdom
Current: Data Engineer at Cambridge Analytica & SCL Group
Account Director at Cambridge Analytica
London, United Kingdom
Current: Senior Project Manager at SCL Group
Chairman at SCL Group Chief Executive at Hatton International
London, United Kingdom
Current: Chairman at SCL Group
CEO, SCL Group - Behavioural Influence
London, United Kingdom
Current: CEO at SCL Group - Strategic Communication Laboratories
Financial Crime Investigations & Security Intelligence
London, United Kingdom
Current: Head - Fraud Surveillance, Corruption, Investigations at SCL Group
Head of Elections
London, United Kingdom
Current: Head of Elections at SCL Group
Lead Data Scientist at SCL Group
London, United Kingdom
Director of Operations (SCL) / Consultant (BDI)
London, United Kingdom
Current: Director of Operations (from 2011), Head of Infrastructures (2009-2011) at The SCL Group
DevOps Engineer at SCL Group
London, United Kingdom
Current: Development Operations Engineer at SCL Group
Senior Planning Engineer at SCL Group
Birmingham, United Kingdom
Community manager chez SCL Group
London, United Kingdom
Current: Community manager at SCL Group
Financial Controller at SCL Group
London, United Kingdom
Management Accountant at SCL Group
London, United Kingdom
Account Coordinator at SCL Group
United Kingdom
Paralegal
London, United Kingdom
Current: Paralegal at SCL Group
IT Support Analyst at SCL Group
Slough, United Kingdom

United States
Director, Business Development at SCL Group
Washington D.C. Metro Area
Senior Data Scientist at SCL Group
Washington D.C. Metro Area

Canada
Technical Manager at SCL Group
Alberta, Canada

Russia
Менеджер по закупкам - SCL Group [purchasing manager]
Russian Federation
Current: Менеджер по закупкам at SCL Group

Macedonia
Head of SCL Balkans at SCL Group
Macedonia

Germany
Project Manager bei SCL Group
Hannover Area, Germany
Current: Project Manager at SCL Group

Netherlands
Behavioural & Legal Research Scientist // BDI Consultant
Breda Area, Netherlands

Australia
Project Portfolio Manager at SCL Group Australia
Sydney, Australia
Current: Project Portfolio Manager at SCL Group

New Zealand
SCL Products Manager at SCL Group
Auckland, New Zealand

Malaysia
Head, CA Political/Commercial Southeast Asia
Putra Jaya, Malaysia
Current: Director of SCL Southeast Asia at SCL Group

India
Research Analyst at SCL Group
New Delhi Area, India
Director Business Development at SCL Group
New Delhi Area, India

China
CUSTOMER SERVICE at SCL Group
China

Open Corporates' Company Grouping for Cambridge Analytica

 SCL GROUP LIMITED (United Kingdom, 20 Jul 2005- ) directors
 SCL INSIGHT LIMITED (United Kingdom, 13 Sep 2016- ) directors
 SCL ELECTIONS LIMITED (United Kingdom, 17 Oct 2012- ) director
 SCL ANALYTICS LIMITED (United Kingdom, 23 Oct 2015- ) directors
 CAMBRIDGE ANALYTICA(UK) LIMITED (United Kingdom, 6 Jan 2015- ) director
 SCL COMMERCIAL LIMITED (United Kingdom, 10 Jan 2014- ) director
SCL SOCIAL LIMITED (United Kingdom, 19 Feb 2013- ) director
 inactive SCL SOVEREIGN LIMITED (United Kingdom, 6 Jan 2015-28 Jun 2016) director Voluntarily dissolved June 2016
 inactive BOLDNOTE LIMITED (United Kingdom, 27 Oct 2004- 8 Jan 2013) directors Voluntarily dissolved January 2013
inactive SCL DIGITAL LIMITED (United Kingdom, 6 Jan 2015-28 Jun 2016) director Voluntarily dissolved January 2015
CAMBRIDGE ANALYTICA LLC (Delaware (US), 31 Dec 2013- ) 
 inactive branch SCL USA INC. (Virginia (US), 25 May 2016-31 Jul 2017) 
 SCL USA INC. (Delaware (US), 22 Apr 2014- ) details
 branch SCL USA INC. (New York (US), 10 May 2016- )
 branch SCL USA Inc. (District of Columbia (US), 22 Apr 2014- ) 
 inactive Strategic Communication Laboratories LLC (Virginia (US), 7 Mar 2011-30 Jun 2013) 
 STRATEGIC COMMUNICATION LABORATORIES, INC. (Delaware (US), 23 Aug 2006- )
 CAMBRIDGE ANALYTICA COMMERCIAL LLC (Delaware (US), 21 Jan 2015- ) 
 CAMBRIDGE ANALYTICA POLITICAL LLC (Delaware (US), 21 Jan 2015- ) 


BACKGROUND

The Sydney Morning Herald, 23 March 2018:

Wylie, a Canadian citizen, moved to London in 2010 and started to work in 2013 for SCL Group, which he said conducted "information operations" around the world and also worked in campaigns, especially in African nations.

As research director, Wylie helped that company give birth to Cambridge Analytica as "an American brand" that would focus on US politics with at least $US10 million from billionaire hedge fund manager Robert Mercer. The Cambridge Analytica office was in the posh Mayfair neighbourhood of London, and the dozens of young workers - many of them contractors, a number of whom were from Eastern Europe - buzzed about with Apple laptops.

At the helm, said Wylie, was Mercer's daughter Rebekah, who was president, and conservative strategist Steve Bannon, who was vice president. Running day-to-day operations was a smooth-talking upper-crust Briton, Alexander Nix……

Wylie said that it was under Nix's direction - but with the knowledge of Bannon and Rebekah Mercer - that Cambridge Analytica began an ambitious data-gathering program that included tapping into the Facebook profiles of 50 million users through the use of a personality-testing app. The company did that with the help of a Russian American psychologist at Cambridge University, Aleksandr Kogan, who also made regular visits back to Russia, according to Wylie.

Wylie said he and others at Cambridge Analytica were initially skeptical of the power of this tactic for gathering data. But when the company approved $US1000 for Kogan to experiment with his app, he produced data on 1000 people who downloaded it and roughly 160,000 of their friends - all in a matter of hours.

Cambridge Analytica next approved $US10,000 for a second round of testing and was rewarded with nearly a million records, including names, home towns, dates of birth, religious affiliations, work and educational histories, and preferences, as expressed using the popular Facebook "like" button on many social media updates, news stories and other online posts.

They soon married that data with voter lists and commercial data broker information and discovered they had a remarkably precise portrait of a large swath of the American electorate.

Kogan's app, called "thisisyourdigitallife" and portrayed as being for research purposes, gathered data on the 270,000 people who downloaded it and tens of millions of their Facebook friends. It was this data and others that Wylie later worried might have ended up in Russian hands.

"I'm not saying that we put it on a drive and posted it to Vladimir Putin on Number 1 Red Square," Wylie said, referring to the Russian president's official residence. But he said that he and others affiliated with Cambridge Analytica briefed Lukoil, a Russian oil company, on its research into American voters. 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The Guardian, 14 May 2017:

What was not known, until February, was the relationship between all these figures and the Leave campaign. That was when Andy Wigmore, Leave.EU’s communications director, revealed to this paper that Farage was a close friend of both Bannon and Mercer. He said that the Leave campaign was a “petri dish” for the Trump campaign. “We shared a lot of information because what they were trying to do and what we were trying to do had massive parallels.”

Wigmore also said that Mercer had been “happy to help” and Cambridge Analytica had given its services to the campaign for free. It was the general secretary of Ukip, a British lawyer called Matthew Richardson, who effected Leave.eu’s introduction to Cambridge Analytica, Wigmore said. “We had a guy called Matthew Richardson who’d known Nigel for a long time and he’s always looked after the Mercers. The Mercers hadsaid that here’s this company that we think might be useful.”

He said that Mercer, Farage and co had all met at a conference in Washington. “The best dinner we ever went to. Around that table were all the rejects of the political world. And the rejects of the political world are now effectively in the White House. It’s extraordinary. Jeff Sessions. [Former national security adviser Michael] Flynn, the whole lot of them. They were all there.”

When the Observer revealed Mercer’s “help” in February, a “gift” of services, it triggered two investigations. One by the Information Commissioner’s Office about possible illegal use of data. And another by the Electoral Commission. Cambridge Analytica is a US company and Mercer is a US citizen and British law, designed to protect its electoral system from outside influence, expressly forbids donations from foreign – or impermissible – donors. The commission is also looking into the “help” that Gunster gave the campaign. It was not declared in Leave.EU’s spending returns and if donated, it would also be impermissible. Gavin Millar QC, an expert in electoral law, says it raises questions of the utmost importance about the influence of an American citizen in a UK election.

But the contents of this document raise even more significant and urgent questions. Coordination between campaigns destroys the “level playing field” on which UK electoral law is based. It creates an unfair advantage.

Millar said that one of the significant and revealing aspects of the arrangement was that it was hidden. “It’s the covert nature of the relationship between these two companies and campaigns that I find particularly revealing and alarming. If there is covert cooperation via offshore entities, [it] is about as serious a breach of the funding rules as one can imagine in the 21st century.”

Millar said that this case was without precedent. “To have a billionaire so directly buying influence in a British election is absolutely unheard of. This is completely out of the ordinary. And what’s clear is that our electoral laws are hopelessly inadequate. The only way we would be able to find the truth of what happened is through a public inquiry.”

The link between Cambridge Analytica and AggregateIQ was never supposed to come to light. And it is still uncertain how Vote Leave came to work with AggregateIQ.
There are several major Tory donors and pro-Brexit figures associated with Cambridge Analytica and SCL Elections, including Lord Marland, former treasurer of the Conservative party and head of the Commonwealth Enterprise and Investment Council. The pro-Brexit Tory donor Roger Gabb, the owner of South African wine company Kumala, is also a shareholder and was involved in one of the Leave campaigns. In a separate incident he was fined £1,000 by the Electoral Commission for failing to include “imprints” – or campaign branding – on newspaper ads.

The Observer revealed last week that two core members of the Vote Leave team used to work with both Cambridge Analytica and AggregateIQ. Cummings said that he found the company – on which he spent by far the biggest chunk of his campaign budget – “on the internet”.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Digital, Culture, Media and Sport CommitteeOral evidence: Fake News, HC 363, Tuesday 27 February 2018, Ordered by the House of Commons to be published on 27 February 2018.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cambridge Analytica is currently under investigation in the UK with the Information Commissioner's Office entering the company's London office under search warrant on 23 March 2018.