Quotes of the Week

"We've started off a little bit on the idealistic, and maybe naive, side ... what we've learned over time very clearly is that the most important thing always is making sure that people's data is locked down."  [Mark Zuckerberg, founder Facebook Inc, CNN interview, 22 March 2018]

"I don’t know why. They trust me — dumb fucks".  [Mark Zuckerberg, founder Facebook Inc, talking about Facebook users, 2004]

The large-scale personal data release Facebook Inc didn't tell the world about

“Back in 2004, when a 19-year-old Zuckerberg had just started building Facebook, he sent his Harvard friends a series of instant messages in which he marvelled at the fact that 4,000 people had volunteered their personal information to his nascent social network. “People just submitted it ... I don’t know why ... They ‘trust me’ ... dumb fucks.”  [The Guardian, 21 March 2018]

“Christopher Wylie, who worked for data firm Cambridge Analytica, reveals how personal information was taken without authorisation in early 2014 to build a system that could profile individual US voters in order to target them with personalised political advertisements. At the time the company was owned by the hedge fund billionaire Robert Mercer, and headed at the time by Donald Trump’s key adviser, Steve Bannon. Its CEO is Alexander Nix”  [The Guardian,18 March 2018]

Alexander James Ashburner Nix is listed by Companies House UK as the sole director and CEO of Cambridge Analytica (UK) Limited (formerly SCL USA Limited incorporated 6 January 2015). The majority of shares in the company are controlled by SCL Elections Limited (incorprated 17 October 2012) whose sole director and shareholder appears to be Alexander Nix. Mr. Nix in his own name is also a shareholder in Cambridge Analytica (UK) Limited.

Companies House lists ten companies with which Mr. Nix is associated.

NOTE: In July 2014 an Alastair Carmichael Macwillson incorporated Cambridge Analytica Limited, a company which is still active. Macwilliam styles himself as a management consultant and cyber security professional.

Nix's Cambridge Analytica was reported as indirectly financed by leading Republican donor Robert Mercer during the 2015 primaries and 2016 US presidential campaign.

On 15 December 2017 The Wall Street Journal reported that:

Special Counsel Robert Mueller has requested that Cambridge Analytica, a data firm that worked for President Donald Trump’s campaign, turn over documents as part of its investigation into Russian interference in the 2016 U.S. election, according to people familiar with the matter.

Concerns about Cambridge Analytica and its relationship with Facebook Inc. resurfaced this month.

The Guardian, 18 March 2018:

The data analytics firm that worked with Donald Trump’s election team and the winning Brexit campaign harvested millions of Facebook profiles of US voters, in one of the tech giant’s biggest ever data breaches, and used them to build a powerful software program to predict and influence choices at the ballot box….

Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals.

Recode, 17 March 2018:

Facebook is in another awkward situation. The company claims that it wasn’t breached, and that while it has suspended Cambridge Analytica from its service, the social giant is not at fault. Facebook contends that its technology worked exactly how Facebook built it to work, but that bad actors, like Cambridge Analytica, violated the company’s terms of service.

On the other hand, Facebook has since changed those terms of service to cut down on information third parties can collect, essentially admitting that its prior terms weren’t very good.

So how did Cambridge Analytica get Facebook data on some 50 million people?

Facebook’s Chief Security Officer, Alex Stamos, tweeted a lengthy defense of the company, which also included a helpful explanation for how this came about…..

Facebook offers a number of technology tools for software developers, and one of the most popular is Facebook Login, which lets people simply log in to a website or app using their Facebook account instead of creating new credentials. People use it because it’s easy — usually one or two taps — and eliminates the need for people to remember a bunch of unique username and password combinations.

When people use Facebook Login, though, they grant the app’s developer a range of information from their Facebook profile — things like their name, location, email or friends list. This is what happened in 2015, when a Cambridge University professor named Dr. Aleksandr Kogan created an app called “thisisyourdigitallife” that utilized Facebook’s login feature. Some 270,000 people used Facebook Login to create accounts, and thus opted in to share personal profile data with Kogan.

Back in 2015, though, Facebook also allowed developers to collect some information on the friend networks of people who used Facebook Login. That means that while a single user may have agreed to hand over their data, developers could also access some data about their friends. This was not a secret — Facebook says it was documented in their terms of service — but it has since been updated so that this is no longer possible, at least not at the same level of detail.

Through those 270,000 people who opted in, Kogan was able to get access to data from some 50 million Facebook users, according to the Times. That data trove could have included information about people’s locations and interests, and more granular stuff like photos, status updates and check-ins.

The Times found that Cambridge Analytica’s data for “roughly 30 million [people] contained enough information, including places of residence, that the company could match users to other records and build psychographic profiles.”

This all happened just as Facebook intended for it to happen. All of this data collection followed the company’s rules and guidelines.

Things became problematic when Kogan shared this data with Cambridge Analytica. Facebook contends this is against the company’s terms of service. According to those rules, developers are not allowed to “transfer any data that you receive from us (including anonymous, aggregate, or derived data) to any ad network, data broker or other advertising or monetization-related service.”

As Stamos tweeted out Saturday (before later deleting the tweet): “Kogan did not break into any systems, bypass any technical controls, our use a flaw in our software to gather more data than allowed. He did, however, misuse that data after he gathered it, but that does not retroactively make it a ‘breach.’”….

The problem here is that Facebook gives a lot of trust to the developers who use its software features. The company’s terms of service are an agreement in the same way any user agrees to use Facebook: The rules represent a contract that Facebook can use to punish someone, but not until after that someone has already broken the rules.

CNN tech, 19 March 2018:

Kogan's company provided data on millions of Americans to Cambridge Analytica beginning in 2014. The data was gathered through a personality test Facebook application built by Kogan. When Facebook users took the test they gave Kogan access to their data, including demographic information about them like names, locations, ages and genders, as well as their page "likes," and some of their Facebook friends' data.

There is some evidence that Cambridge Analytica is a bad actor according to a report by 4News on 19 March 2018:

Senior executives at Cambridge Analytica – the data company that credits itself with Donald Trump’s presidential victory – have been secretly filmed saying they could entrap politicians in compromising situations with bribes and Ukrainian sex workers.

In an undercover investigation by Channel 4 News, the company’s chief executive Alexander Nix said the British firm secretly campaigns in elections across the world. This includes operating through a web of shadowy front companies, or by using sub-contractors.

In one exchange, when asked about digging up material on political opponents, Mr Nix said they could “send some girls around to the candidate’s house”, adding that Ukrainian girls “are very beautiful, I find that works very well”.

In another he said: “We’ll offer a large amount of money to the candidate, to finance his campaign in exchange for land for instance, we’ll have the whole thing recorded, we’ll blank out the face of our guy and we post it on the Internet.”

Offering bribes to public officials is an offence under both the UK Bribery Act and the US Foreign Corrupt Practices Act. Cambridge Analytica operates in the UK and is registered in the United States.

The admissions were filmed at a series of meetings at London hotels over four months, between November 2017 and January 2018. An undercover reporter for Channel 4 News posed as a fixer for a wealthy client hoping to get candidates elected in Sri Lanka.

Mr Nix told our reporter: “…we’re used to operating through different vehicles, in the shadows, and I look forward to building a very long-term and secretive relationship with you.”

Along with Mr Nix, the meetings also included Mark Turnbull, the managing director of CA Political Global, and the company’s chief data officer, Dr Alex Tayler.

Mr Turnbull described how, having obtained damaging material on opponents, Cambridge Analytica can discreetly push it onto social media and the internet.

He said: “… we just put information into the bloodstream of the internet, and then, and then watch it grow, give it a little push every now and again… like a remote control. It has to happen without anyone thinking, ‘that’s propaganda’, because the moment you think ‘that’s propaganda’, the next question is, ‘who’s put that out?’.”

It should be noted that Cambridge Analytica has set up shop in Australia and the person named in the filing documents as the only shareholder was Allan Lorraine. Cambridge Analyitica is said to have met with representatives of the Federal Liberal Party in March 2017.

Despite denials to the contrary, It is possible that Cambridge Analytica has been consulted by state and federal Liberals since mid-2015 and, along with i360, was consulted by South Australian Liberals concerning targeted campaigning in relation to their 2018 election strategy.

Once the possibility of Australian connection became known, the Australian Information and Privacy Commissioner made preliminary inquiries.

News.com.au. 20 March 2018:

Facebook could be fined if Australians' personal information was given to controversial researchers Cambridge Analytica, the privacy watchdog says.

Australian Information and Privacy Commissioner Timothy Pilgrim says he is aware profile information was taken and used without authorisation.

"My office is making inquiries with Facebook to ascertain whether any personal information of Australians was involved," Mr Pilgrim said on Tuesday.

"I will consider Facebook's response and whether any further regulatory action is required.".

Cambridge Analytica is facing claims it used data from 50 million Facebook users to develop controversial political campaigns for Donald Trump and others.

The Privacy Act allows the commissioner to apply to the courts for a civil penalty order if it finds serious breaches of the law......

UK Information Commissioner Elizabeth Denham is also investigating the breach, promising it will be "far reaching" and any criminal or civil enforcement actions arising from it would be "pursued vigorously".

Facebook Inc's initial response to this issue was a denial of resonsibility which did not play well in financial markets

The Guardian, 21 March 2018:

It appears that while Facebook had been aware of what the Observer described as “unprecedented data harvesting” for two years, it did not notify the affected users.

What’s more, Facebook has displayed a remarkable lack of contrition in the immediate aftermath of the Observer’s revelations. Instead of accepting responsibility, its top executives argued on Twitter that the social network had done nothing wrong. “This was unequivocally not a data breach,” Facebook vice-president Andrew Bosworth tweeted on Saturday. “People chose to share their data with third party apps and if those third party apps did not follow the data agreements with us/users it is a violation. No systems were infiltrated, no passwords or information were stolen or hacked.”

In a sense, Facebook’s defence to the Cambridge Analytica story was more damning than the story itself. Tracy Chou, a software engineer who has interned at Facebook and worked at a number of prominent Silicon Valley companies, agrees that there wasn’t a hack or breach of Facebook’s security. Rather, she explains, “this is the way that Facebook works”. The company’s business model is to collect, share and exploit as much user data as possible; all without informed consent. Cambridge Analytica may have violated Facebook’s terms of service, but Facebook had no safeguards in place to stop them.

While some Facebook executives were busy defending their honour on Twitter over the weekend, it should be noted that Zuckerberg remained deafeningly silent. On Monday, Facebook’s shares dropped almost 7%, taking $36bn (£25.7bn) off the company’s valuation. Still, Zuckerberg remained silent. If you’re going to build a service that is influential and that a lot of people rely on, then you need to be mature, right? Apparently, silence is Zuck’s way of being mature.

Senior Liberal adviser trolled during Tasmanian election campaign and then went that step too far

This was senior advisor to Tasmania’s Liberal Premier Will Hodgman hiding behind a fake Facebook account during the recent Tasmanian state election campaign.

Images sourced from Google Images

And this is her now.

The Examiner, 6 March 2018:

A senior Liberal adviser who used a fake online account to email a woman’s employer after she spoke out about the lack of abortion services in Tasmania has been forced to resign.

Martine Haley used the alias Alice Wood-Jones to email the woman’s employer to have her reprimanded for her comments about abortion services in Tasmania.

In a statement late on Tuesday, Mr Hodgman said he had accepted Ms Haley’s resignation.

“I understand Martine deeply regrets her actions and has personally apologised to the person responsible.”

The woman, who spoke anonymously, said she was upset about the email to her boss.

“I'm still concerned about what might happen in retribution,” she said.

“It was a personal view and not linked with my role.

“I just wanted to challenge the claims that abortion is accessible and affordable in Tasmania.

“I don't believe I was the only one targeted and that others may be too afraid to speak up for fear of repercussions and even losing their jobs.”

Facebook Inc remains part of the problem

Tin-eared social media giant Facebook Inc demonstrates once again that it is part of the problem and not part of the solution, as it promotes toxic gun culture at the recent Conservative Political Action Conference and fails to come to grips with its part in spreading conspiracy theories and "fake news".

Gizmondo, 25 February 2018:

Facebook has pulled a demo of Oculus Rift's VR shooter Bullet Train from the Conservative Political Action Conference in Maryland amid concerns over gun violence, Variety reported earlier.

It doesn't appear to have been Bullet Train's violent content that prompted the withdrawal per se, but rather that CPAC draws lots of gun rights advocates right at the same time those same National Rifle Association types are drawing a massive wave of criticism in the wake of another school massacre in Parkland, Florida this month.

A number of companies have cut ties with the NRA, like software firm Symantec, which decided to pull discounts for the pro-gun group's members this week. A running New York Times tally of others to do so includes banks, airlines, automotive rentals and services, insurance companies, and a home security company.

As the Times noted on Friday, boycott campaigns tend to fade over time but this time the pressure has built quickly, buoyed by a number of Parkland survivors speaking out on social media and leaving some corporations with no middle ground to recede to.

Facebook is at CPAC and they have a VR shooting game pic.twitter.com/wmV23jezpN

— Sean Morrow (@snmrrw) February 23, 2018

A demo clip of Bullet Train hosted on the Oculus Rift website shows that at least one level in the game involves the player fighting through waves of "resistance forces" in a fairly generic rail station setting. It does not appear to be particularly bloody, though video of CPAC attendees using the game's motion-tracking controls in a vague pantomime of actual shooting probably did not help, either.

In a statement to Variety, Facebook virtual reality VP Hugo Barra said:

There is a standard set of experiences included in the Oculus demos we feature at public events. A few of the action games can include violence. In light of the recent events in Florida and out of respect for the victims and their families, we have removed them from this demo. We regret that we failed to do so in the first place.

Yet the optics of the Oculus Rift demo are probably not the most important issue Facebook should be worried about right now.

Facebook itself has also come under fire for the rapid spread of conspiracy theories about the Parkland shooting, which as CNN noted migrate from internet underbellies like 4chan onto mainstream social media sites via "conservative pages, alt-right personalities, nationalist blogs and far-right pundits." Posts on Facebook promoting the idiotic smear that survivors speaking out against guns were "crisis actors," i.e. some hazily defined variety of professional propagandists paid off to promote gun control, went far and wide; the social media giant repeatedly declined to discuss how it was enforcing violations of its community guidelines against offenders when asked by CNN.

Per the New York Times, it is still really, really easy to find hundreds of posts claiming the shooting was part of a "deep state" black flag operation or the like using Facebook's built-in search option, which kind of calls into question the company's sincerity:

On Facebook and Instagram, which is owned by Facebook, searches for the hashtag #crisisactor, which accused the Parkland survivors of being actors, turned up hundreds of posts perpetuating the falsehood (though some also criticised the conspiracy theory). Many of the posts had been tweaked ever so slightly -- for example, videos had been renamed #propaganda rather than #hoax -- to evade automated detection.

The spread of the theories on Facebook has also caused some in the tech media to question whether the long-maligned and ill-defined "trending" metric should be retired. Users who post conspiracy theories often rabidly engage with others promoting similar ideas, which in numerous instances means the posts are promoted right to the top of Facebook and other sites like YouTube.

Things you should know if you are logging on to a website using your Facebook account

Facebook for developers

The Daily Telegraph, 5 January 2018:

Ian Cox of Supremo.tv said: “If you’ve ever pressed ‘Login with Facebook’ on a website, you’re giving Facebook permission to share sensitive data with the site you are visiting.

“This includes, for example, your personal email address, where you live, where you work, details about your relationship, places you have recently been and who you’re friends with.

“In today’s digital age, people are sharing just about everything on social media sites like Facebook. But most are unaware of just how much can be seen by brands, businesses and, in some cases, criminals.

“The best way to stay protected online is to only share what you would be happy with the whole world seeing.

“As tempting as it may be to rejoice about the fact that the whole family is going on a weekend away, keep in mind that you may be inadvertently letting criminals know that your house is empty during this time.”

WHAT INFORMATION CAN FACEBOOK SHARE ABOUT YOU?

* Your public profile (name, age, gender, location, profile picture, timezone)

* All your likes

* Your friends

* Where you are now

* Your email address

* Your photos

* Your “about me” section

* All your posts

* Your birthday

* Your relationship details

* Your education history

* Your religion/politics

* Events you’ve been to

* Your work history

* Where you are from

* Your phone number

As more national governments veer towards fascism the level of danger Facebook presents rises

The Trump Regime is busy dismantling democratic checks and balances in the United States, the May Government in Britain is handing powers of arrest to certain multinational corporations and in Australia federal and state right-wing politicians slavishly ape Republican and Conservative policies.

Rabid nationalism, religious extremism, contrived xenophobia, authoritarianism, contempt for human rights and disdain for democratic processes appear to be the order of the day for too many political leaders in too many 'western' countries around the world.

Smack bang in the middle of this political miasma is a vast and powerful IT multinational which wouldn’t recognise an ethic if it fell over it.

How long before the aims of modern day fascism and Facebook Inc merge?

Public Integrity, 31 July 2017:

When Chicago resident Carlo Licata joined Facebook in 2009, he did what the 390 million other users of the world’s largest social network had already done: He posted photos of himself and friends, tagging the images with names.

But what Licata, now 34, didn’t know was that every time he was tagged, Facebook stored his digitized face in its growing database.

Angered this was done without his knowledge, Licata sued Facebook in 2015 as part of a class action lawsuit filed in Illinois state court accusing the company of violating a one-of-a-kind Illinois law that prohibits collection of biometric data without permission. The suit is ongoing.

Facebook denied the charges, arguing the law doesn’t apply to them. But behind the scenes, the social network giant is working feverishly to prevent other states from enacting a law like the one in Illinois.

Since the suit was filed, Facebook has stepped up its state lobbying, according to records and interviews with lawmakers. But rather than wading into policy fights itself, Facebook has turned to lower-profile trade groups such as the Internet Association, based in Washington, D.C., and the Illinois-based trade association CompTIA to head off bills that would give users more control over how their likenesses are used or whom they can be sold to. 

That effort is part of a wider agenda. Tech companies, whose business model is based on collecting data about its users and using it to sell ads, frequently oppose consumer privacy legislation. But privacy advocates say Facebook is uniquely aggressive in opposing all forms of regulation on its technology.

And the strategy has been working. Bills that would have created new consumer data protections for facial recognition were proposed in at least five states this year — Washington, Montana, New Hampshire, Connecticut and Alaska — but all failed, except the Washington bill, which passed only after its scope was limited.

No federal law regulates how companies use biometric privacy or facial recognition, and no lawmaker has ever introduced a bill to do so. That prompted the Government Accountability Office to conclude in 2015 that the “privacy issues that have been raised by facial recognition technology serve as yet another example of the need to adapt federal privacy law to reflect new technologies.” Congress did, however, roll back privacy protections in March by allowing Internet providers to sell browser data without the consumer’s permission.

Facebook says on its website it won’t ever sell users’ data, but the company is poised to cash in on facial recognition in other ways. The market for facial recognition is forecast to grow to $9.6 billion by 2022, according to analysts at Allied Market Research, as companies look for ways to authenticate and recognize repeat customers in stores, or offer specific ads based on a customer’s gender or age.

Facebook is working on advanced recognition technology that would put names to faces even if they are obscured and identify people by their clothing and posture. Facebook has filed patents for technology allowing Facebook to tailor ads based on users’ facial expressions……

Facial recognition’s use is increasing. Retailers employ it to identify shoplifters, and bankers want to use it to secure bank accounts at ATMs. The Internet of things — connecting thousands of everyday personal objects from light bulbs to cars — may use an individual’s face to allow access to household devices. Churches already use facial recognition to track attendance at services.

Government is relying on it as well. President Donald Trump staffed the U.S. Homeland Security Department transition team with at least four executives tied to facial recognition firms. Law enforcement agencies run facial recognition programs using mug shots and driver’s license photos to identify suspects. About half of adult Americans are included in a facial recognition database maintained by law enforcement, estimates the Center on Privacy & Technology at Georgetown University Law School.

To tap into this booming business, companies need something only Facebook has — a massive database of faces.

Facebook now has 2 billion monthly users who upload about 350 million photos every day — a “practically infinite” amount of data that Facebook can use to train its facial recognition software, according to a 2014 presentation by an engineer working on DeepFace, Facebook’s in-house facial-recognition project.

A NEW YEAR'S RESOLUTION FOR 2018

I resolve to never vote for a political party, sitting politician or political candidate who creates a Facebook page, posts on any Facebook page, links to a fake news site hosted by Facebook or pays for advertising on Facebook in the lead-up to and/or during an election campaign.

This resolution includes members of all political party executives and associated entities/groups.

Signed

Clarencegirl

Oh dear, is the Turnbull Government asking chickens to visit the digital fox's den?

“The Turnbull Government has welcomed the eSafety Commissioner’s announcement today about the delivery of the pilot for a new national portal for reporting instances of non-consensual sharing of intimate images (colloquially known as image-based abuse or revenge pornography).”  [Senator Mitch Fifield, media release,15 October 2017]

Given the dubious reputation Facebook Inc has managed to garner in relation to business ethics, transparency, consumer privacy, e-safety, data mining and data breach history, one wonders what the Minister for Communications and Liberal Senator for Victoria Mitch Fifield was thinking.

Facebook Newsroom, 9 November 2017:

Image Pilot

By Antigone Davis, Global Head of Safety

We don’t want Facebook to be a place where people fear their intimate images will be shared without their consent. We’re constantly working to prevent this kind of abuse and keep this content out of our community. We recently announced a test that’s a little different from things we’ve tried in the past. Even though this is a small pilot, we want to be clear about how it works.

This past week, in partnership with the Australian eSafety Commissioner’s Office and an international working group of survivors, victim advocates and other experts, Facebook launched a limited pilot in Australia that will help prevent non-consensual intimate images from being posted and shared anywhere on Facebook, Messenger and Instagram. Specifically, Australians who fear their intimate image may be shared without their consent can work with the eSafety Commissioner to provide that image in a safe and secure way to Facebook so that we can help prevent it from being shared on our platforms.

To be clear, people can already report if their intimate images have been shared on our platform without their consent, and we will remove and hash them to help prevent further sharing on our platform. With this new small pilot, we want to test an emergency option for people to provide a photo proactively to Facebook, so it never gets shared in the first place. This program is completely voluntary. It’s a protective measure that can help prevent a much worse scenario where an image is shared more widely. We look forward to getting feedback and learning.

Here’s how it works:

* Australians can complete an online form on the eSafety Commissioner’s official website.

* To establish which image is of concern, people will be asked to send the image to themselves on Messenger.

* The eSafety Commissioner’s office notifies us of the submission (via their form). However, they do not have access to the actual image.

* Once we receive this notification, a specially trained representative from our Community Operations team reviews and hashes the image, which creates a human-unreadable, numerical fingerprint of it.

* We store the photo hash—not the photo—to prevent someone from uploading the photo in the future. If someone tries to upload the image to our platform, like all photos on Facebook, it is run through a database of these hashes and if it matches we do not allow it to be posted or shared.

* Once we hash the photo, we notify the person who submitted the report via the secure email they provided to the eSafety Commissioner’s office and ask them to delete the photo from the Messenger thread on their device. Once they delete the image from the thread, we will delete the image from our servers……..

Facebook Inc continues to test the world's patience when it comes to privacy issues and US patience in relation to taxation matters

Worldwide Facebook Inc is estimated to have 2.01 billion monthly active users, with est. 1.7 billion of these users living outside of the USA and Canada.

Australian users comprised 17 million of these account holders in August 2017 - 12 million logging in daily.

In pursuit of profit this social media company is a ruthless data miner – collecting and collating information about every available aspect of the lives of all holders of Facebook accounts.

A fact that makes this company’s users a target of US federal government mass surveillance.

Given that Facebook Inc created a holding company Facebook Ireland Ltd in the low-taxing Republic of Ireland and it is this company which appears to legally possess the data of those est.1.7 billion users, it now finds itself before European Union courts.

Privacy activist @maxschrems, 3 October 2017:

Facebook operates its international business outside of the United States and Canada via a separate company in Ireland called “Facebook Ireland Ltd”. 85.9% of all worldwide Facebook users (everyone except USA and Canada) are managed in Dublin (Link), which is understood to be part of Facebook’s tax avoidance scheme.

Facebook currently sends all user data to its parent company, “Facebook Inc.” in the United States for processing. European law (Articles 25 and 26 of Directive 95/46/EC) requires that data can only be transferred outside of the EU if the personal data is “adequately protected”. This is in conflict with US mass surveillance laws, which “Facebook Inc.” in the USA is subject to.

Max Schrems: “In simple terms, US law requires Facebook to help the NSA with mass surveillance and EU law prohibits just that. As Facebook is subject to both jurisdictions, they got themselves in a legal dilemma that they cannot possibly solve in the long run.”

The Data Protection Commissioner in Ireland is investigating a complaint made by Max Schrems, an Austrian student with a Facebook account. This complaint relates to the transfer of his data by Facebook Ireland to Facebook Inc. in the United States for processing - an act which is alleged to violate European fundamental rights under Articles 7, 8 and 47 of the European Charter of Fundamental Rights.

The Data Protection Commissioner had been previously taken to the Court of Justice of the European Union in relation to refusal to investigate a complaint made by Mr Schrems regarding the fact that Facebook Ireland Ltd (‘Facebook Ireland’) transfers the personal data of its users to the United States of America and keeps it on servers located in that country. 

The subsequent investigation by the Data Protection Commissioner has given rise to a High Court case in Ireland (3 October 2017 judgement). The Court has now referred the issue of the validity of the European Commission’s Standard Contractual Clause decisions to the Court of Justice of the European Union for a preliminary ruling.

History of the Case according to Max Schrems:

The case is based on a complaint, filed by Mr Schrems against Facebook in 2013:

* The case is based on a complaint [PDF] brought by Mr Schrems against Facebook Ireland Ltd. before the Irish Data Protection Commissioner (“DPC”) in 2013 (4 years ago).

* The DPC first refused to investigate the complaint, calling it “frivolous”, but Mr Schrems subsequently succeeded before the CJEU, which overturned the “Safe Harbor” (a EU-US data sharing system) in 2015 [case C-362/14] and ruled that the DPC must investigate the complaint.

* After the invalidation of “Safe Harbor”, Facebook used another legal tool to transfer data outside of the EU, called “Standard Contractual Clauses” (SCCs) [Facebook’s SCCs - PDF].

* SCCs are a contract between Facebook Ireland and Facebook USA, where Facebook USA pledges to follow EU privacy principles [official EU Info Page].

* The case subsequently continued with an updated complaint [PDF] in 2015. The Irish DPC joined Mr Schrems view that the SCCs cannot overcome fundamental problems under US surveillance laws, and specifically agreed that there is no proper legal redress in the United States in such cases. Other issues raised in Mr Schrems complaint have not been investigated yet.

* The DPC refused to use its power to suspend data flows of Facebook as asked by Mr Schrems.

* Instead of only prohibiting Facebook’s EU-US data transfers under Article 4 of the SCCs, the DPC took the unusual move of issuing proceedings against Facebook Ireland Ltd. and Mr Schrems before the Irish High Court. In the procedure the DPC aims to invalidate the SCCs entirely by referring the case to the European Court of Justice (CJEU) in Luxembourg.

*The case was heard for five Weeks in February 2017. The United States Government was joined as an “amicus” to the case, along two industry lobby groups and the US privacy non-profit “EPIC”.

Facebook Inc’s "Double Irish" tax avoidance scheme and other matters also saw it before a US court in 2016, having refused to comply with a number of IRS tax summons. The court case continues to date.

The IRS 2008-2010 audit of Facbook Inc resulted in an assessment of the intangible assets transferred in those years having a value of US $13.8 billion, increasing Facebook's 2010 income by US $84.9 million and causing an income tax deficiency for the parent company.

Excerpt from United States Securities And Exchange Commission filing by Facebook Inc for the quarterly period ended June 30, 2016:

We are subject to taxation in the United States and various other state and foreign jurisdictions. The material jurisdictions in which we are subject to potential examination include the United States and Ireland. We are under examination by the Internal Revenue Service (IRS) for our 2008 through 2013 tax years. Our 2014 and subsequent years remain open to examination by the IRS. Our 2011 and subsequent years remain open to examination in Ireland. We do not anticipate a significant impact to our gross unrecognized tax benefits within the next 12 months related to these years. On July 27, 2016, we received a Statutory Notice of Deficiency (Notice) from the IRS relating to transfer pricing with our foreign subsidiaries in conjunction with the examination of the 2010 tax year. While the Notice applies only to the 2010 tax year, the IRS states that it will also apply its position for tax years subsequent to 2010, which, if the IRS prevails in its position, could result in an additional federal tax liability of an estimated aggregate amount of approximately $3.0 - $5.0 billion, plus interest and any penalties asserted. We do not agree with the position of the IRS and will file a petition in the United States Tax Court challenging the Notice. If the IRS prevails in the assessment of additional tax due based on its position, the assessed tax, interest and penalties, if any, could have a material adverse impact on our financial position, results of operations or cash flows. [my yellow bolding]