It is the Columbian (at http://www.columbian.com/news/2018/apr/15/harrop-facebook-wont-alter-its-lucrative-practices-without-regulations/) that gives us a light to work with today. A light that some US congressman and US Senators have been pushing for, so it is fun to have a go at that point of view. Now, do not mistake my opposition to it as a way to invalidate the view. I do not agree with the point of view, but many have it. So I see it as a way to inform the readers on the things that they need to know. Froma Harrop starts with three events. We see:
- Mark Zuckerberg in 2006: “We really messed this one up. …We did a bad job of explaining what the new features were and an even worse job of giving you control of them.”
- Zuckerberg in 2010: “Sometimes we move too fast. … We will add privacy controls that are much simpler to use.”
- Zuckerberg early this year: “It was my mistake, and I’m sorry. … There’s more we can do here to limit the information developers can access and put more safeguards in place to prevent abuse.”
Now, they are valid events, but the dimensionality is missing. With the exception of certain Google products, Facebook has been the biggest evolving platform on a near daily basis, the integration with mobile apps, mobile reporting, stories, clips, annotated pictures, travelling, and so much more. Over a period of 10 years Facebook went from a dynamic page (for each user or group) to a collected omnibus of information available to all their friends. That is a level of growth that even Microsoft has not been able to compete with and in all this, there will always be mistakes. Some small and trivial and some will be bang up monsters of flaws. Compare this to Microsoft who did not push forward with its Xbox360, no it offered for sale a more powerful machine whilst trimming the functionality down by close to 20% (personal projected loss) with the shift from Xbox360 to Xbox One and Xbox One to Xbox One X. A data collecting machine of greed (whilst everyone is ignoring the data that Microsoft is uploading), pushing users like a bully, to do what they wanted the user to do or be left out. So when exactly did Facebook do that to that degree? Sony with its PlayStation at least pushed forward to some degree.
Froma makes a nice case with: “The law will require them to obtain consent for use of personal information in simple language. (Users shouldn’t have to take a night course to understand privacy and security settings.)“, this is nice in contrast to some consoles (like the Sony consoles) who suddenly made it illegal to use second hand games on their consoles in their terms of service, they quietly backed away when it blew up in the faces of Microsoft. In all this, yet with my sense of humour and realising where this article was, it was not without a giggle that I took a look at the Columbia Journal of European Law (at http://cjel.law.columbia.edu/preliminary-reference/2017/mind-the-gap-loopholes-in-the-eu-data-privacy-regime/) where we see “any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible“, which now leads to “This language of “specific information [that] is readily accessible” indeed was interpreted by the English courts in a manner conflicting with the Directive. In Durant v. Financial Services Authority, the English and Wales Court of Appeal formulated a two part test to evaluate whether a filing system is caught by the Directive:” and that now leaves us with “(i) [T]he files forming part of [the filing system] are structured or referenced in such a way as clearly to indicate at the outset of the search whether specific information capable of amounting to personal data  is held within the system and, if so, in which file or files it is held; (ii) [The filing system] has, as part of its own structure or referencing mechanism, a sufficiently sophisticated and detailed means of readily indicating whether and where in an individual file or files specific criteria or information about the applicant can be readily located.”
So in that case Froma is left with a piece of paper to be stationed where the sun does not shine and it merely took the case Durant v. Financial Services Authority to show its ‘lack‘ of complexity, or did it? She is right that ‘Users shouldn’t have to take a night course to understand privacy and security settings‘, it merely took law lord Sir Robin Ernest Auld (a former Lord Justice of Appeal in the Court of Appeal of England and Wales) a hell of a lot more than a night course, more like 25 years on the bench as a lawyer, an elected judge and his ascension to lord justice of the appellant court to get it all figured out.
So as we get that out of the way we also need to look at “The companies will have to notify users of a data break-in within 72 hours of its discovery. They’ll have to give up monopoly control of the personal information; people will have the right to obtain a copy of their data and share it with others“, it took Sony a hell of a lot longer to figure out that they were breached and notify people. So now consider the breaches of Equifax (143 million), eBay (145 million), Yahoo (3 billion) and Target stores (110 million). the implication of alerting that many people is not just weird, it is actually dangerous as people tend to overreact do something stupid and lock their accounts, these 4 events could set the stage for close to 4.5 billion locked accounts. The entire 72 hours, that whilst the discovery does not guarantee that the intrusion is stopped opens the entire system up for all kinds of hackers to have a go at that victim and truly make a much bigger mess of it all. Now the people should be informed, but the entire 72 hours was (as I personally see it) pulled out of a hat. In all this the latest Facebook issue was not done by hackers, it was done by corporations who intentionally abused the system, they set their profit knowingly at the expense of the users of that system and exactly who at Cambridge Analytica is currently under arrest and in prison? It seems to me that Facebook, clearly a victim here, has made mistakes, yet the transgressors are not held to vigorous account, yet the maker of the system is. Now, let’s be clear, Mark has clearly some explaining to do. Yet, when we see “Facebook failed in an attempt to get a handle on the Cambridge Analytica scandal Monday, after British authorities ordered its auditors to vacate the political consultancy’s offices” (source: Fortune), all this whilst the offices of Cambridge Analytica ended up being raided 5 days later, I have never seen authorities giving bank robbers that level of leeway, so why was this level of freedom given to Cambridge Analytica? When we consider that this data could be transplanted to writable objects (Blu-ray) in mere hours, it seems to me that giving them 5 days to wipe the evidence is a lot more questionable than merely thumping Facebook for the flaws.
The one part I truly disagree with is “Many of us have a need to connect and share. But expecting much privacy in a business model that relies on selling your information is highly unrealistic“, you see, here we see two levels of privacy, that what the person shares, free of will and that what is accessed. In one part the privacy from the outside is partially an easy thing, because Google with AdWords has shown that to be a clear option, their advertisers can create and address a population to the granularity available, yet the results of this marketing is done in a level of aggregation, individual records per person are not available. The fact that apps could capture it was a given, but the fact that all unique identifiers were optionally possible was kept in the shadows and that is where Cambridge Analytica worked. Now, this is a generalisation, but it fits the overall issues. Facebook could have done better, yet it was massively naive when it thought that the paying corporations would not try to get their fingers on EVERY part they could. In that I wonder what data the insurance companies in the end got a hold on.
So when I see “Tech investor Jason Calacanis has set up a contest — the Open Book Challenge — to create a Facebook replacement. Finalists will be given $100,000 and residence in a 12-week incubator“, when we see it in the light of “Facebook has delivered Zuckerberg a net worth of over $60 billion” must be the easiest pickings for Jason Calacanis that any entrepreneur has ever been a part of. It is like the pyramid games after 15 rounds whilst the top person stayed on top never having to pay more than 0.0001% of the total earning, not even Las Vegas in its wildest times offered such odds.
So I am very much against regulations, it is merely a way for governments to get a hold of that data. Now I am not against that if it truly serves national security, but the fact that actual criminals and terrorists use such systems to elude identification and strike form a distance merely makes it a waste of time and most analysts know this. Now, we also know that when we know where exactly to look, Facebook could reveal stuff, but to hold those billions of accounts to optionally find merely one person is an extremely bad application of time management.
In the end, the one additional part I liked was Zuckerberg stating “It was my mistake, and I’m sorry. I started Facebook. I run it. And I’m responsible for what happens here”. I like it because of the realisation that in all the bungles of IBM in the last 30 years, especially the PS/2 range, at what point did any of them stand up and tell their consumers that they screwed up? Especially in line of the setting that the average Model 80 (80386) computer was 400% more expensive at merely 28% of the power of a Taiwan clone, in addition the on board time clock battery has given the user more headaches than a hammer and the graphical underperformance offered should be forgotten at the drop of any hat.
So in this Zuckerberg kept his head high and in all this the entire setting of data abuse is still not addressed by either the US or UK government, in all this there is absolutely no indication that the abusers will be facing punishment or prison, so in all this the law failed the people a lot more than Facebook ever did, especially in the light of issues like this have been going on for years, but we do not get to read that part, do we?