Showing posts with label data mining. Show all posts
Showing posts with label data mining. Show all posts

Tuesday, 10 March 2020

Australia finally gathers its courage and takes Facebook Inc to court over Cambridge Analytica privacy breaches


Office of the Australian Privacy Commissioner, media release, 9 March 2020:

The Australian Information Commissioner has lodged proceedings against Facebook in the Federal Court, alleging the social media platform has committed serious and/or repeated interferences with privacy in contravention of Australian privacy law. 

The Commissioner alleges that the personal information of Australian Facebook users was disclosed to the This is Your Digital Life app for a purpose other than the purpose for which the information was collected, in breach of the Privacy Act 1988. The information was exposed to the risk of being disclosed to Cambridge Analytica and used for political profiling purposes, and to other third parties. 

“All entities operating in Australia must be transparent and accountable in the way they handle personal information, in accordance with their obligations under Australian privacy law,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said. 

“We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed. 

“Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy. 

“We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users’ expectations.” 

The statement of claim lodged in the Federal Court today alleges that, from March 2014 to May 2015, Facebook disclosed the personal information of Australian Facebook users to This Is Your Digital Life, in breach of Australian Privacy Principle 6. Most of those users did not install the app themselves, and their personal information was disclosed via their friends’ use of the app. 

The statement of claim also alleges that Facebook did not take reasonable steps during this period to protect its users’ personal information from unauthorised disclosure, in breach of Australian Privacy Principle 11. 

Commissioner Falk considers that these were systemic failures to comply with Australian privacy laws by one of the world’s largest technology companies. 

Background 

The documents filed by the Office of the Australian Information Commissioner (OAIC) in the Federal Court are: 
  • Originating application 
The OAIC is an independent statutory agency established to promote and uphold privacy and information access rights. It has a range of regulatory responsibilities and powers under the Privacy Act 1988, Freedom of Information Act 1982 and Australian Information Commissioner Act 2010. 

The Privacy Act includes 13 legally binding Australian Privacy Principles (APPs) which apply to agencies and organisations covered by the Privacy Act (APP entities). 

APP 6 provides that ‘if an APP entity holds personal information about an individual that was collected for a particular purpose, the entity must not use or disclose the information for another purpose (the secondary purpose), unless the individual has consented to the use or disclosure’ (or another exception applies). 

APP 11 provides that ‘if an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances, to protect the information from misuse, interference and loss, and from unauthorised access, modification or disclosure.’ 

The Commissioner may apply to the Federal Court for a civil penalty order alleging that an APP entity has engaged in serious and/or repeated interferences with privacy in contravention of s 13G of the Privacy Act. 

The Federal Court can impose a civil penalty of up to $1,700,000 for each serious and/or repeated interference with privacy (as per the penalty rate applicable in 2014–15).

Wednesday, 1 May 2019

Facebook spends more than a decade expressing contrition for its actions and avowing its commitment to people’s privacy – but refuses constructive action



“It is untenable that organizations are allowed to reject my office’s legal findings as mere opinions. Facebook should not get to decide what Canadian privacy law does or does not require.[Canandian Privacy Commissioner  Daniel Therrien, 25 April 2019]

Facbook Inc. professes that it  has taken steps to ensure the intregrity of political discourse on its platform, but rather tellingly will not roll out transparency features in Australia that it has already rolled out in the US, UK, Eu, India, Israel and Ukraine.

The only measure it commits to taking during this federal election campaign is to temporarily ban people outside Australiabuying ads that Facebook determines are “political”.


So it should come as no surprise that Canada issued this three page news release…….

Office of the Privacy Commission of Canada, news release, 25 April 2019:

Facebook refuses to address serious privacy deficiencies despite public apologies for “breach of trust”

Joint investigation finds major shortcomings in the social media giant’s privacy practices, highlighting pressing need for legislative reform to adequately protect the rights of Canadians

OTTAWA, April 25, 2019 – Facebook committed serious contraventions of Canadian privacy laws and failed to take responsibility for protecting the personal information of Canadians, an investigation has found.

Despite its public acknowledgement of a “major breach of trust” in the Cambridge Analytica scandal, Facebook disputes the investigation findings of the Privacy Commissioner of Canada and the Information and Privacy Commissioner for British Columbia. The company also refuses to implement recommendations to address deficiencies.

“Facebook’s refusal to act responsibly is deeply troubling given the vast amount of sensitive personal information users have entrusted to this company,” says Privacy Commissioner of Canada Daniel Therrien. “Their privacy framework was empty, and their vague terms were so elastic that they were not meaningful for privacy protection.

“The stark contradiction between Facebook’s public promises to mend its ways on privacy and its refusal to address the serious problems we’ve identified – or even acknowledge that it broke the law – is extremely concerning.”

“Facebook has spent more than a decade expressing contrition for its actions and avowing its commitment to people’s privacy,” B.C. Information and Privacy Commissioner Michael McEvoy says, “but when it comes to taking concrete actions needed to fix transgressions they demonstrate disregard.”

Commissioner McEvoy says Facebook’s actions point to the need for giving provincial and federal privacy regulators stronger sanctioning power in order to protect the public’s interests. “The ability to levy meaningful fines would be an important starting point,” he says.

The findings and Facebook’s rejection of the report’s recommendations highlight critical weaknesses within the current Canadian privacy protection framework and underscore an urgent need for stronger privacy laws, according to both Commissioners.

“It is untenable that organizations are allowed to reject my office’s legal findings as mere opinions,” says Commissioner Therrien.

In addition to the power to levy financial penalties on companies, both Commissioners say they should also be given broader authority to inspect the practices of organizations to independently confirm privacy laws are being respected. This measure would be in alignment with the powers that exist in the U.K. and several other countries.

Giving the federal Commissioner order-making powers would also ensure that his findings and remedial measures are binding on organizations that refuse to comply with the law. 

The complaint that initiated the investigation followed media reports that Facebook had allowed an organization to use an app to access users’ personal information and that some of the data was then shared with other organizations, including Cambridge Analytica, which was involved in U.S. political campaigns.

The app, at one point called “This is Your Digital Life,” encouraged users to complete a personality quiz. It collected information about users who installed the app as well as their Facebook “friends.” Some 300,000 Facebook users worldwide added the app, leading to the potential disclosure of the personal information of approximately 87 million others, including more than 600,000 Canadians.

The investigation revealed Facebook violated federal and B.C. privacy laws in a number of respects. The specific deficiencies include:

Unauthorized access

Facebook’s superficial and ineffective safeguards and consent mechanisms resulted in a third-party app’s unauthorized access to the information of millions of Facebook users. Some of that information was subsequently used for political purposes.

Lack of meaningful consent from “friends of friends”

Facebook failed to obtain meaningful consent from both the users who installed the app as well as those users’ “friends,” whose personal information Facebook also disclosed.

No proper oversight over privacy practices of apps

Facebook did not exercise proper oversight with respect to the privacy practices of apps on its platform.  It relied on contractual terms with apps to protect against unauthorized access to user information; however, its approach to monitoring compliance with those terms was wholly inadequate.

Overall lack of responsibility for personal information

A basic principle of privacy laws is that organizations are responsible for the personal information under their control. Instead, Facebook attempted to shift responsibility for protecting personal information to the apps on its platform, as well as to users themselves.

The failures identified in the investigation are particularly concerning given that a 2009 investigation of Facebook by the federal Commissioner’s office also found contraventions with respect to seeking overly broad, uninformed consent for disclosures of personal information to third-party apps, as well as inadequate monitoring to protect against unauthorized access by those apps.

If Facebook had implemented the 2009 investigation’s recommendations meaningfully, the risk of unauthorized access and use of Canadians’ personal information by third party apps could have been avoided or significantly mitigated.

Facebook’s refusal to accept the Commissioners’ recommendations means there is a high risk that the personal information of Canadians could be used in ways that they do not know or suspect, exposing them to potential harms.

Given the extent and severity of the issues identified, the Commissioners sought to implement measures to ensure the company respects its accountability and other privacy obligations in the future. However, Facebook refused to voluntarily submit to audits of its privacy policies and practices over the next five years.

The Office of the Privacy Commissioner of Canada plans to take the matter to Federal Court to seek an order to force the company to correct its privacy practices.

The Office of the Information and Privacy Commissioner for B.C. reserves its right under the Personal Information Protection Act to consider future actions against Facebook.  

Related documents:

* Note: my yellow highlighting

Nor should this alleged 'mistake' made by Facebook cause surprise.......

The New York Times, 25 April 2019:

SAN FRANCISCO — The New York State attorney general’s office plans to open an investigation into Facebook’s unauthorized collection of more than 1.5 million users’ email address books, according to two people briefed on the matter.

The inquiry concerns a practice unearthed in April in which Facebook harvested the email contact lists of a portion of new users who signed up for the network after 2016, according to the two people, who spoke on condition of anonymity because the inquiry had not been officially announced.

Those lists were then used to improve Facebook’s ad-targeting algorithms and other friend connections across the network.

The investigation was confirmed late Thursday afternoon by the attorney general’s office.

“Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data,” said Letitia James, the attorney general of New York, in a statement. “It is time Facebook is held accountable for how it handles consumers’ personal information.”…

Users were not notified that their contact lists were being harvested at the time. Facebook shuttered the contact list collection mechanism shortly after the issue was discovered by the press…..

Facebook Inc's rapacious business practices has been the death of online privacy and now threatens the democratic process.

Wednesday, 12 December 2018

Do you know whose hands have harvested your medical information?



The Medical Republic, 7 December 2018:

An investigation by The Medical Republic has revealed state, territory and federal police forces have sent around 2,600 requests a year for this sensitive health data to the Department of Human Services over the past two years. The department can legally disclose private health records to the police without a court order.

The department would not reveal how many of these requests were granted, but said the number of disclosures per year had remained stable over the past decade.

Once linked, Pharmaceutical Benefits Scheme (PBS) and Medicare Benefits Schedule (MBS) data, can paint a very detailed picture about a person’s medical history.

PBS data includes every rebatable medication purchased at a chemist. MBS records show which Medicare item numbers were billed for during each consultation, and what tests were ordered.

This information is as sensitive as MHR data, although it lacks the granularity of laboratory test results or GP notes, which can be included in a MHR. In November, the federal parliament passed legislation requiring police to produce a court order to access MHR data.

“This begs the question as to why similar protections are not being enacted in the MBS and PBS legislation,” Malcolm Crompton, a former privacy commissioner of Australia and founder and lead privacy advisor of Information Integrity Solutions, told The Medical Republic.

The legislative inconsistency was an “undeniable oddity” especially because most of the content of a MHR would, at least initially, simply be MBS and PBS data, he said.
Data sharing between the Department of Human Services and the police is shrouded in secrecy, with decisions being made behind closed doors by unnamed officials using an undisclosed set of public interest guidelines, which were issued by the secretary of the Department of Health in 2003.

The human services department has refused to make its 18-page privacy guidelines public under FOI laws, citing concerns that agencies might use their knowledge of the guidelines to trick the department.

“Specifically, with the benefit of having reviewed the document, requestors may construct their requests in a manner that undermines the department’s procedures (e.g. by misleading the delegate) in order to secure the disclosure of the requested information,” an FOI decision maker said…..
The department eventually provided a single case study for police use of private health data, four months after initially being asked about the purpose of disclosing this data, and only after The Medical Republic’s investigation exposed the scale of police requests.
The case study describes a scenario where the police are making an enquiry about a missing person whose safety is in question, and are using MBS and PBS claims information to determine whether the missing person had seen a doctor, obtained medications or updated their contact details.

The Medical Republic contacted each state, territory and federal police force for this investigation, but only the NT Police confirmed how many times the department had provided patient information.

The NT Police, Fire and Emergency Services made an average of 26 requests per year for private health data, including current contact details, next of kin, MBS or PBS records.

All of these requests were successful, and all were made without a court order. “Requests are not made under court order but rather must satisfy certain criteria,” Detective Acting Superintendent Peter Kennon said.

“That is it must be for a missing person or in relation to an offence with a penalty of two years or more imprisonment or 44 penalty units (about $6,000), and be in the public interest.”

The department is obliged to report the number of times it has disclosed linked PBS and MBS data to law enforcement authorities on an annual basis to the Office of Australian Information Commissioner (OAIC).

The Medical Republic obtained a copy of the OAIC reports, which showed that the DHS gave linked MBS and PBS data to police five times in 2016-17, but did not disclose data given to police in the previous three years.

“Most of the public interest disclosures the department makes to law enforcement agencies do not need to be included in our annual reports to the Privacy Commissioner,” a department spokesperson said.

The department only has to report the disclosure of “linked” MBS and PBS data to police. The word “linked” is not defined in the legislative instrument, so in practice, the department appears able to apply a definition that minimises its reporting obligations.

MBS and PBS data was only “linked” if the information was “combined, joined or merged”, a department spokesperson said. “The mere extraction of an individual’s MBS and PBS claims information into separate documents does not constitute linking for the purposes of the guidelines, even if those documents are sent to the same email address,” the spokesperson said.

“The department seems to be playing with semantics in order to avoid complying with the intention of the guidelines,” Dr Robertson-Dunn said.


Friday, 20 July 2018

Slowly but surely Russian connections between the UK Brexit referendum campaign and the US presidential campaign are beginning to emerge


“We have concluded that there are risks in relation to the processing of personal data by many political parties. Particular concerns include: the purchasing of marketing lists and lifestyle information from data brokers without sufficient due diligence, a lack of fair processing, and use of third party data analytics companies with insufficient checks around consent….We have looked closely at the role of those who buy and sell personal data-sets in the UK. Our existing investigation of the privacy issues raised by their work has been expanded to include their activities in political processes….The investigation has identified a total of 172 organisations of interest that required engagement, of which around 30 organisations have formed the main focus of our enquiries, including political parties, data analytics companies and major social media platforms…..Similarly, we have identified a total of 285 individuals relating to our investigation.” [UK Information Commissioner’s Office, Investigation into the use of data analytics in political campaigns: Investigation update, July 2018]

Slowly but surely the Russian connections between the UK Brexit referendum campaign and the US presidential campaign are beginning to emerge.

The Guardian, 15 July 2018:

A source familiar with the FBI investigation revealed that the commissioner and her deputy spent last week with law enforcement agencies in the US including the FBI. And Denham’s deputy, James Dipple-Johnstone, confirmed to the Observer that “some of the systems linked to the investigation were accessed from IP addresses that resolve to Russia and other areas of the CIS [Commonwealth of Independent States]”.

It was also reported that Senator Mark Warner, vice chair of US Senate Intel Committee and Damian Collins MP, chair of the Digital, Culture, Media and Sport select committee inquiry into “fake news”, met in Washington on or about 16 July 2018 to discuss Russian interference in both British and American democratic processes during an Atlantic Council meeting.

UK Information Commissioner’s Office (ICO), media release, 10 July 2018:

Information Commissioner Elizabeth Denham has today published a detailed update of her office’s investigation into the use of data analytics in political campaigns.
In March 2017, the ICO began looking into whether personal data had been misused by campaigns on both sides of the referendum on membership of the EU.

In May it launched an investigation that included political parties, data analytics companies and major social media platforms.

Today’s progress report gives details of some of the organisations and individuals under investigation, as well as enforcement actions so far.

This includes the ICO’s intention to fine Facebook a maximum £500,000 for two breaches of the Data Protection Act 1998.

Facebook, with Cambridge Analytica, has been the focus of the investigation since February when evidence emerged that an app had been used to harvest the data of 50 million Facebook users across the world. This is now estimated at 87 million.
The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information. It also found that the company failed to be transparent about how people’s data was harvested by others.
Facebook has a chance to respond to the Commissioner’s Notice of Intent, after which a final decision will be made.

Other regulatory action set out in the report comprises:

warning letters to 11 political parties and notices compelling them to agree to audits of their data protection practices;

an Enforcement Notice for SCL Elections Ltd to compel it to deal properly with a subject access request from Professor David Carroll;

a criminal prosecution for SCL Elections Ltd for failing to properly deal with the ICO’s Enforcement Notice;

an Enforcement Notice for Aggregate IQ to stop processing retained data belonging to UK citizens;

a Notice of Intent to take regulatory action against data broker Emma’s Diary (Lifecycle Marketing (Mother and Baby) Ltd); and
audits of the main credit reference companies and Cambridge University Psychometric Centre.

Information Commissioner Elizabeth Denham said:
“We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law.

She added:
“Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system.”

A second, partner report, titled Democracy Disrupted? Personal information and political influence, sets out findings and recommendations arising out of the 14-month investigation.

Among the ten recommendations is a call for the Government to introduce a statutory Code of Practice for the use of personal data in political campaigns.

Ms Denham has also called for an ethical pause to allow Government, Parliament, regulators, political parties, online platforms and the public to reflect on their responsibilities in the era of big data before there is a greater expansion in the use of new technologies.

She said:
“People cannot have control over their own data if they don’t know or understand how it is being used. That’s why greater and genuine transparency about the use of data analytics is vital.”

In addition, the ICO commissioned research from the Centre for the Analysis of Social Media at the independent thinktank DEMOS. Its report, also published today, examines current and emerging trends in how data is used in political campaigns, how use of technology is changing and how it may evolve in the next two to five years. 

The investigation, one of the largest of its kind by a Data Protection Authority, remains ongoing. The 40-strong investigation team is pursuing active lines of enquiry and reviewing a considerable amount of material retrieved from servers and equipment.

The interim progress report has been produced to inform the work of the DCMS’s Select Committee into Fake News.

The next phase of the ICO’s work is expected to be concluded by the end of October 2018.

The Washington Post, 28 June 2018:

BRISTOL, England — On Aug. 19, 2016, Arron Banks, a wealthy British businessman, sat down at the palatial residence of the Russian ambassador to London for a lunch of wild halibut and Belevskaya pastila apple sweets accompanied by Russian white wine.

Banks had just scored a huge win. From relative obscurity, he had become the largest political donor in British history by pouring millions into Brexit, the campaign to disentangle the United Kingdom from the European Union that had earned a jaw-dropping victory at the polls two months earlier.

Now he had something else that bolstered his standing as he sat down with his new Russian friend, Ambassador Alexander Yakovenko: his team’s deepening ties to Donald Trump’s insurgent presidential bid in the United States. A major Brexit supporter, Stephen K. Bannon, had just been installed as chief executive of Trump’s campaign. And Banks and his fellow Brexiteers had been invited to attend a fundraiser with Trump in Mississippi.

Less than a week after the meeting with the Russian envoy, Banks and firebrand Brexit politician Nigel Farage — by then a cult hero among some anti-establishment Trump supporters — were huddling privately with the Republican nominee in Jackson, Miss., where Farage wowed a foot-stomping crowd at a Trump rally.
Banks’s journey from a lavish meal with a Russian diplomat in London to the raucous heart of Trump country was part of an unusual intercontinental charm offensive by the wealthy British donor and his associates, a hard-partying lot who dubbed themselves the “Bad Boys of Brexit.” Their efforts to simultaneously cultivate ties to Russian officials and Trump’s campaign have captured the interest of investigators in the United Kingdom and the United States, including special counsel Robert S. Mueller III.

Vice News, 11 June 2018:

Yakovenko is already on the radar of special counsel Robert Mueller, who is investigating Russian interference in the U.S. presidential election, after he was named in the indictment of ex-Trump campaign aide George Papadopoulos….

Banks, along with close friend and former Ukip leader Nigel Farage, was among the very first overseas political figures to meet Trump after his surprise victory in November 2016.

It also emerged over the weekend that Banks passed contact information for Trump’s transition team to the Russians.

Sunday, 1 July 2018

Oi! Malcolm Bligh Turnbull and every dumb-witted member of his federal government as well as every premier and member of a state or territory government – when are you all going to wake up to the fact that digital is bloody dangerous?


For literally hundreds of years now, first in colonial, then in dominion and later in federation periods, Australia has relied on a 'paper and ink' processes to decide major political votes by its eligible citizens.

By and large this system has produced reliable results with regards to the people's will.

However, in the 21st Century government's blind infatuation with digital 'innovation' is now dangerously out-of-control.

This is evidence of just the latest red flag that Australian governments have ignored ……

The Mercury online, 30 June 2018:

The personal information of about 4000 Tasmanian voters has been leaked after a data breach on a third-party website linked to express votes, the state’s Electoral Commission has revealed.

Tasmanian Electoral Commissioner Andrew Hawkey said hackers had access to the names, dates of birth, emails and postal addresses of those who applied for an express vote at the recent state and Legislative Council elections.

“Early today, the Tasmanian Electoral Commission was informed by the Barcelona-based company Typeform, that an unknown third party had gained access to one of their servers and downloaded certain information,” he said.

“Typeform online forms have been used on the TEC website since 2015 for some of its election services. The breach involved an unknown attacker downloading a backup file.

“Typeform’s full investigation of the breach identified that data collected through five forms on the TEC website had been stolen.”


The breach was identified by Typeform on June 27 and shut down within half an hour of detection, Mr Hawkey said.

“The Electoral Commission will be contacting electors that used these services in the coming days to inform them of the breach,” Mr Hawkey said.

“The Electoral Commission apologises for the breach and will re-evaluate its collection procedures and internal security elements around its storage of electoral information for future events. The breach has no connection to the national or state electoral roll.”

Mr Hawkey said some of the stolen information had previously been made public, such as candidate statements for local government by-elections.

Typeform said it had responded immediately and had fixed the source of the breach to prevent further hacks.

“We have since been performing a full forensic investigation of the incident to be certain that this cannot happen again,” a statement on the Typeform website read.

“The results that were accessed are from a partial backup dated May 3, 2018. Results collected since May 3 are therefore safe and not compromised.’

Typeform reportedly provides services for some pretty big names, including Apple, Uber, Airbnb and Forbes.

The hack comes after up to 120,000 Tasmanian job seekers may have had their personal information compromised following a data breach reported by human resources company PageUp in early June.

That site was linked to the Tasmanian Government and the University of Tasmania.
The State Government is still waiting for a further response from PageUp but it is believed the breach was limited to names, addresses, emails and phone numbers.

So what has Facebook Inc been up to lately?


Everything from admitting to further data breaches, to altering images, to supressing legitimate content, to considering payment for access, to shareholder revolt, it seems......

The Herald Sun reported on 9 June 2018 at p.59:

Facebook is ­embroiled in another data privacy scandal, confirming a software bug led to the private posts of 14 million users being made public.

According to Facebook, the bug was active from May 18 to May 27 and changed the privacy settings of some users without telling them.

“Today we started letting the 14 million people affected know — and asking them to review any posts they made during that time,” Facebook chief privacy officer Erin Egan said.

“To be clear, this bug did not impact anything people had posted before, and they could still choose their audience just as they always have.” It was unclear yesterday how many Australian users were affected. Facebook said the bug occ­urred during the development of a new share function that ­allowed users to share featured items on their profile page, such as a photo.

“The problem has been fixed, and for anyone affected, we changed the audience back to what they’d been using before,” Ms Egan said.

Facebook has urged affected customers to review posts made between May 18 and May 27 to see if any private posts had been automatically made public.

The latest issue comes as Facebook chief Mark Zuckerberg faces the prospect of a public grilling before the Aus­tralian parliament’s intelligence and security committee.
Facebook admitted this week it had struck data partnerships — where it shares the personal data of people on the social media platform — with at least four Chinese electronics companies, including Huawei Technologies.

Huawei has been barred from a series of major projects in Australia over concerns about its close links to the Chinese government.

Members of the parliamentary intelligence and security committee want Mr Zuckerberg to come to Australia and answer questions about the data-sharing pact.

On 18 June 2018 The Sun reported that Facebook Inc had begun to manipulate images – effectively producing ‘fake images’ that were being passed off a real.

Then on 20 June 2018 Facebook Inc. declared its intention to charge certain private group users for participation on its platforms:

Today, we’re piloting subscriptions with a small number of groups to continue to support group admins who lead these communities.

This world-wide social platform apparently expects that if it formally launches this access fee (reportedly up to $360 a year) then these costs to be passed on as subscription fees – with Facebook  letting administrators charge subscription fees from $4.99 to $29.99 each month to join premium subgroups containing exclusive posts.

Presumably, if the market responds in sufficient numbers then Facebook will change the rules and demand that private groups hand over a percentage of subscription fees collected.

The Guardian, 24 June 2018:

George Orwell wrote in his essay Politics and the English Language: “In our age there is no such thing as ‘keeping out of politics’. All issues are political issues.” 

When Facebook constructed a new archive of political advertising, had it thought a little more about this concept of what is “political”, it might have more accurately anticipated the subsequent Orwellian headache. As it is, journalists are finding their articles restricted from promotion because they are lumped in with campaigning materials from politicians, lobby groups and advocacy organisations.

The new archive of ads with political content, which Facebook made public last month, has become the latest contested piece of territory between platforms and publishers. The complaint from publishers is that Facebook is categorising posts in which they are promoting their own journalism (paying money to target particular groups of the audience) as “political ads”. Publishers have reacted furiously to what they see as toxic taxonomy.

Mark Thompson, the chief executive of the New York Times, has been the most vocal critic, describing Facebook’s practices as “a threat to democracy” and criticising the platform in a recent speech to the Open Markets Initiative in Washington DC. “When it comes to news, Facebook still doesn’t get it,” said Thompson. “In its effort to clear up one bad mess, it seems to be joining those who want to blur the line between reality-based journalism and propaganda.”

At a separate event at Columbia University, Thompson and Facebook’s head of news partnerships, Campbell Brown, fought openly about the initiative. Thompson showed examples of where New York Times articles, including recipes, had been wrongly flagged as political. Brown emphasised that the archive was being refined, but stood firm on the principle that promoted journalism ought to be flagged as “paid-for” political posts. “On this you are just wrong,” she told Thompson.

Publishers took to social platforms to question the labelling and representation of their work. One of the most egregious examples came from investigative journalism organisation Reveal. Last week, at the height of the scandal around the separation of undocumented migrant families crossing the US border, it published an exclusive story involving the alleged drugging of children at a centre housing immigrant minors. It was flagged in the Facebook system as containing political content, and as Reveal had not registered its promotion of the story, the promoted posts were stifled. Facebook did not remove the article, but rather stopped its paid circulation. Given the importance of paid promotion, it is not surprising that publishers see this as amounting to the same thing.

And trust issues can be found both inside and outside Facebook's castle walls.....

Business Insider, 24 June 2018:

A Survata study, seen exclusively by Business Insider, asked US consumers to rate big tech companies from one (most trusted) to five (least trusted). Survata surveyed more than 2,600 people in April and May. It’s the first time Survata has carried out the survey.

The results show that Facebook is nowhere near as trusted as Amazon, PayPal, or Microsoft – but that people do trust it more than Instagram. Instagram, of course, is owned by Facebook.

Here’s the top 15 in order of most to least trusted:
1 .Amazon
2. PayPal
3. Microsoft
4. Apple
5. IBM
6. Yahoo
7. Google
8. YouTube
9. eBay
10. Pandora
11. Facebook
12. LinkedIn
13. Spotify
14. AOL
15. Instagram

Business Insider, 26 June 2018:

Shareholders with nearly $US3 billion invested Facebook are trying to topple Mark Zuckerberg as chairman and tear up the company’s governance structure.

Business Insider has spoken with six prominent shareholders who said there was an unprecedented level of unrest among Facebook’s backers following a series of scandals.

They are in open revolt about Zuckerberg’s power base, which gives him the ability to swat away any shareholder proposal he disagrees with.

 One investor compared him to a robber baron, a derogatory term for 19th-century US tycoons who accumulated enormous wealth.

Facebook says its governance structure is “sound and effective” and splitting Zuckerberg’s duties as chairman and CEO would cause “uncertainty, confusion, and inefficiency.”

Finally, it was reported on 29 June 2018 by IT News that, you guessed it, yet another Facebook sponsored personality test was allowing data to be extracted without the users knowledge or informed consent:

A security researcher has found that a popular personality test app running on Facebook contained an easily exploitable flaw that could be used to expose sensitive information on tens of millions of users.

Belgian security researcher Inti De Ceukelaire joined Facebook's bug bounty program, set up by the giant social network after the Cambridge Analytica data leak scandal and tried out the NameTests.com's personality test app developed by Social Sweethearts.

De Ceukelaire discovered that when he loaded a personality test, NameTests.com fetched his personal data from Facebook and displayed it on a webpage.

He was shocked to see that users' personal data was wrapped in a Javascript file by NameTests.com, which could be accessed via a weblink over the plain text HTTP protocol.

This meant that any website that requested the file could access the personal information retrieved from users' Facebook accounts.

The security researcher tested this by setting up a website that connected to NameTests.com and was able to access Facebook posts, photos and friend lists belonging to visitors.

Information leaked included people's Facebook IDs, first and last names, languages used, gender, date of birth, profile pictures, cover photo, currency, devices used, and much more.

Worse, De Ceukelaire found that NameTests.com doesn't log off users which means the site would continue to leak user data even after the app was deleted.