A brief history of Facebook's privacy hostility ahead of Zuckerberg's testimony

A brief history of Facebook's privacy hostility ahead of Zuckerberg's testimony
From TechCrunch - April 10, 2018

The Facebookfounder will be questioned by the Senate Judiciary and Senate Commerce Committees later todayin a session entitled Facebook, Social Media Privacy, and the Use and Abuse of Data.

Mark Zuckerbergis also due to testify before Congress on Wednesdayto be asked about the companys use and protection of user data.

As wevepointed outalready, hiswritten testimonyis pretty selective and self-serving in terms of what he does and doesnt include in his version of events.

Indeed, in the face of the snowballing Cambridge Analytica data misuse scandal, the companys leadership (see also:Sheryl Sandberg) has been quick to try to spin an idea that it was simply too idealistic and optimisticand that bad actors exploited its surfeit of goodwill.

This of course is pure fiction.

Facebooks long history of privacyhostility should make that plain to any thinking person.As former FTC directorDavid Vladeckwrote earlier this month: Facebook cant claim to be clueless about how this happened. The FTC consent decree put Facebook on notice.

To be clear, thats the2011 FTC consent decreeergo, a major regulatory privacy sanction that Facebook incurred well over six years ago.

Every Facebook privacy screw up since is either carelessness or intention.

Vladecks view is that Facebooks actions were indeed calculated.All of Facebooks actions were calculated and deliberate, integral to the companys business model, and at odds with the companys claims about privacy and its corporate values,he argues.

So we thought it would be helpful to compile an alternative timeline ahead of Zuckerbergs verbal testimony, highlighting some curious details related to the Cambridge Analyticadata misuse scandalsuch as why Facebook hired (and apparently still employs) the co-director of the company that built the personality quiz app that improperly shared so much Facebook data with the controversial companyas well as detailing some of its other major privacy missteps over the years.

There are A LOT of these so forgive us if weve missed anythingand feel free to put any additions in the comments.

Facebook: An alternative timeline

February 2004Facebook is launched byHarvard College student Mark Zuckerberg

September 2006Facebook launches News Feed, broadcasting the personal details of Facebook usersincluding relationship changeswithout their knowledge or consent. Scores of users protest at the sudden privacy intrusion. Facebook goes on to concede: We really messed this one up we did a bad job of explaining what the new features were and an even worse job of giving you control of them.

November 2007Facebook launches a program called Beacon, injecting personal information such as users online purchases and video rentals on third party sites into the News Feed without their knowledge or consent. Theres another massive outcryand a class action lawsuit is filed. Facebook eventually pays $9.5M to settle the lawsuit. It finally shutters the controversial program in 2009

May 2008a complaint is filed with the Privacy Commissioner of Canada concerning the unnecessary and non-consensual collection and use of personal information by Facebook. The following year the company is found to be in contravention of the countrys Personal Information Protection and Electronic Documents Act. Facebook is told to make changes to its privacy policy and toolsbut the Commissioneris still expressing concerns at the end of 2009

February 2009Facebook revises its terms of service to state thatusers cant delete their data when they leave the service and theres another outcry. Backpeddling furiously in a subsequent conference call, Zuckerberg says: We do not own user data, they own their data. We never intended to give that impression and we feel bad that we did

November & December 2009Facebook again revises its privacy policy and the privacy settings for users and now, in a fell swoop, it makes a range of personal information public by defaultavailable for indexing on the public web. We describe this as aprivacy fiasco. Blogging critically about the companys actions, the EFFalso warns: Major privacy settings are now set to share with everyone by default, in some cases without any user choice

December 2009 a complaint(and supplementary complaint) is filed by EPIC with the FTC about Facebooks privacy settings and privacy policy, with the coalition of privacy groups asserting these are inconsistent with the sites information sharing practices, and that Facebook is misleading users into believing they can still maintain control over their personal information. The FTC later writes a letter saying the complaint raises issues of particular interest for us at this time

April 2010four senators call on Facebook to change its policies after it announces a product calledInstant Personalizationwhich automatically hands over some user data to certain third-party sites as soon as a person visits them. The feature has an opt-out but Facebook users are default opted in. [T]his class of information now includes significant and personal data points that should be kept private unless the user chooses to share them, the senators warn

May 2010following another user backlash against settings changes Facebook makes changes to its privacy controls yet again. Were really going to try not to have another backlash, says Facebooks VP of product Chris Cox. If people say they want their stuff to be visible to friends only, it will apply to that stuff going forward

May 2010EPIC complains again to the FTC, requesting an investigation. The watchdog quietly begins an investigation the following year

May 2010Facebook along with games developer Zynga is reported to the Norwegian data protectionagency. The complaint focuses on app permissions, with the Consumer Council warning about unreasonable and unbalanced terms and conditions, and how Facebook users are unwittingly granting permission for personal data and content to be sold on

June 2011EPIC files another complaint to the FTC, focused on Facebooks use of facial recognition technology to automatically tag users in photos uploaded to its platform

August 2011lawyer and privacy campaigner Max Schrems files a complaintagainst Facebook Ireland flagging its app permissions data sinkhole. Facebook Ireland could not answer me which applications have accessed my personal data and which of my friends have allowed them to do so, he writes. Therefore there is practically no way how I could ever find out if a developer of an application has misused data it got from Facebook Ireland in some way

November 2011Facebook settles an eight-count FTC complaint over deceptive privacy practices, agreeing to make changes opt-ingoing forward and to gain express consent from users to any future changes. It must also submit to privacy audits every two years for the next 20 years; bar access to content on deactivated accounts; and avoid misrepresenting the privacy or security of user data. The settlement with the FTC is finalized the following year. Facebook is not fined

December 2011Facebook agrees to make some changes to how it operates internationally following Schrems complaint leading to an audit of its operations by the Irish Data Protection Commission

September 2012Facebook turns off an automatic facial recognition feature in Europe following another audit by Irelands Data Protection Commission. The privacy watchdog also recommends Facebook tightens app permissions on its platform, including to close down developers access to friends data


Continue reading at TechCrunch »