
Facebook’s Data Deals Are Under Criminal Investigation - tysone
https://www.nytimes.com/2019/03/13/technology/facebook-data-subpoenas.html
======
8bitsrule
IANAL. But this:

"reports last June and December that Facebook had given business partners —
including makers of smartphones, tablets and other devices — deep access to
users’ personal information, letting some companies effectively override
users’ privacy settings."

suggests breach-of-contract. Just by creating those privacy settings, the
company is 'saying' to (promising) the customer who elects to use them that it
will protect that information. That's an (implied) contract. Subsequently
allowing anyone else to access that information is a breach.

It'd be interesting to see FB argue in court that breaking promises was okay
as a form of restitution for the services they provide.

~~~
sixtram
If it's for one user then it's a breach of contract, if you do that for 10
million, that's a deliberate act of breaching all contracts and that is
usually criminal.

scale matters on these issues as well.

and if you are doing it as a big utility company (e.g. banks) then you are
free to go :)

~~~
8bitsrule
The bank I've long used is constantly reminding me that it shares data with
its 'affiliates'. So I give it very little data to share.

~~~
thefucnjosh
This sounds like an absurdity, hiding your information from your bank?

~~~
coding123
Fake address is a good start... Like a PO box you own. Banks are the worst
offenders in sharing data with... Data brokers.

~~~
mcv
Get a better bank. And better banking regulation. I'm pretty sure Dutch (and
probably European) banks aren't allowed to share their customers' data around
like that, and I'm horrified that there are banks that do this.

~~~
Vinnl
Well, the largest Dutch payment provider did intend to sell payment data:
[https://nos.nl/artikel/510009-banken-verkopen-pingedrag-
klan...](https://nos.nl/artikel/510009-banken-verkopen-pingedrag-klanten.html)

(They've since retracted that plan after the plan was met with widespread
disapproval. I don't think they've tried again since.)

------
_underfl0w_
Did anybody else catch this?

> Apple was able to hide from Facebook users all indicators that its devices
> were even asking for data.

I've seen a lot of discourse here seem to favor Apple over the big "G" but...
this seems pretty shady. Anyone else know anything about this practice or what
specifically they might've been referring to?

~~~
vesinisa
Apple fights the privacy battles on its users behalf only where it sees a PR
benefit, like the high publicity FBI's iPhone encryption dispute a few years
ago.

~~~
flattone
wprq: So which phone does a concerned person buy?

~~~
dwighttk
iOS device with iOS 11 or newer (current devices are on iOS 12)... or don't
log into Facebook on an older device.

This isn't Apple cynically hiding selling your data behind your back. Back
when they had Facebook integrated it was so that you could share stuff easier
with your friends. Yes it was a security risk because of how Facebook used the
information. That is part of the reason Apple removed the integration.

~~~
rhn_mk1
> This isn't Apple cynically hiding selling your data behind your back.

It's just both a grave security mistake and a breach of trust to treat
Facebook preferentially without letting the user know.

To me, it's indistinguishable from cynically handing over the user to
Facebook.

~~~
FussyZeus
> It's just both a grave security mistake and a breach of trust to treat
> Facebook preferentially without letting the user know.

The user knew. The user _asked_ for it. People were howling for Facebook
integrations. This was back before Facebook's privacy transgressions were as
widely known.

It's also worth noting that the integration was designed to allow posting to
Facebook from iOS. Facebook then took advantage of that opening to get
additional data from the device. That's why Apple slammed the door shut.

------
mic47
Ok, so those partnerships were basically allowing Samsung and others to build
Facebook app on their phones (i.e. allowing alternative client).

Would this means that it will be criminal to allow companies to create
alternative clients? That is really interesting development.

~~~
nradov
Samsung devices shipped with the same Facebook client app as on the Google
Play store, it wasn't an alternative. The back end data access was through
other means.

~~~
mic47
Not all samsung devices had android at that time.

------
sonnyblarney
I was personally involved in a leadership role in one of these key strategic
deals while at a major handset maker.

To be clear, we built the 'Facebook experience' for our device because only we
really could. During this era, APIs were a disaster of a mess, moreover, the
special API that made the device so special was not available to the public.
Ironically it was _our_ internal APIs that were making the special sauce!

For this purpose, Facebook provided users of the app we designed access to
their own profiles. Obviously, this is a fairly wide API and it had to be made
available specially for users of our app.

At no time did we ever have access to FB users private information. At no time
did anyone even remotely suggest anything inappropriate or nefarious. There
were simply no moral or legal discussions on this front because it was moot.

The situation, net, was akin to Facebook having hired a 3rd party to design an
app for them, giving that app the internal FB API necessary to function, and
then distributing the app.

This isn't an issue of 'times have changed' or 'looking back we'd have done
something different' rather - I can affirm that there was simply no bad
acting, no breach of individuals accounts, and no undue risk to individuals
accounts.

Obviously this situation is very specific, and that conditions will have
varied.

If FB was truly giving Bing special access without people's consent - this is
a big problem.

The Cambridge issue - well - this is a tricky one because Cambridge merely
took advantage of the API's the entire world had access to. There was little
if any discussion of the inherent problems with those APIs, and when it looked
like maybe they were being abused, Facebook did the right thing and closed
them. They even went ahead and investigated Cambridge to ensure the data was
gone, and Cambridge presented them with evidence that it had been deleted. I
think in this case Facebook was a responsible actor.

Clearly there are more situations to consider, but we should be thoughtful in
terms of how we approach newly released information and not get caught up with
the mob.

Personally, I loathe the koolaid mob that built Facebook up, but I'm equally
loathe the hate mob wanting to take them down.

~~~
corebit
I'm so glad you wrote this. It's mind-bogglingly stupid what people are saying
about the nefarious purposes this stuff was put to when that's obviously so
far from the case and EVERYBODY involved in working on this stuff 10 years ago
understands it.

~~~
sonnyblarney
I should add that it's possible there were some loose ends in some other
scenarios. I don't think we deeply considered our situation, to the point
wherein there might have been some loopholes with caches etc..

At the time, nobody considered the issue to be hugely problematic, it was
'info on a site' and we treated it responsibly, but not like top secret data.

Also, we had no reason to want user data. Today, companies may or may not be
able to use such data, but they all seem to be in the game of collecting user
information as a systematic impetus. I think this will evolve.

------
3xblah
"It is not clear when the grand jury inquiry, overseen by prosecutors with the
United States attorney's office for the Eastern District of New York, began or
exactly what it is focusing on."

What is NYT source for this story?

A leak about the existence of an investigation?

NYT journalist saw entries for grand jury subpoenas on PACER?

How do they know the crime has to do with data deals?

We must wait until complaint is filed before anyone can disclose the statute
allegedly violated, correct?

~~~
IfOnlyYouKnew
“according to two people who were familiar with the requests and who insisted
on anonymity to discuss confidential legal matters.”

Yes, there is a lot (more) we would like to know.

But this is as good a time as ever to do a little experiment regarding the
practice of anonymous sources: at some point, we are likely to learn more
about this investigation. Then, you can check if the information we have now
was correct. Or, as the common accusation goes, it was a wholesale fabrication
by the Times.

~~~
3xblah
Thank you. Sadly, I missed that line.

It sounds like a leak from within Facebook or another tech company on the
receiving end of one of these requests.

I always thought grand jury proceedings are supposed to be secret. Maybe this
explains the anonymity. I guess it is not unusual for the fact of the
existence of proceedings to leak and for media to speculate? Does this have
potential to negatively affect the outcome?

------
shhehebehdh
At this point it is just an investigation. Nobody has been charged with
anything. They have to find a law Facebook has broken first, and presumably
establish enough evidence that they expect to succeed at a trial.

~~~
solomatov
Do you have any idea what charges these may be? IFAIU, there're no laws which
make it criminal to share information.

~~~
dmitrygr
If even a single byte leaked, I guess the charges can include being accessory
to identity fraud?

~~~
solomatov
Criminal charges assume intent, and it's very hard to think that facebook as a
company had intent of committing identity fraud.

~~~
dlegal
Crimes do not always require intent. It depends on what the statute says
specifically.

~~~
solomatov
Yes, there're such crimes, but there aren't so many of them.

~~~
dragonwriter
There are _lots_ of crimes that require a mental state less than intent
(either recklessness or criminal negligence, mostly, though there are some
strict liability crimes, and the weird case of “malice aforethought” for
common law murder which is narrower than recklessness but just slightly
broader than only intent.)

~~~
solomatov
Recklessness and negligence require some understanding of what you are doing
and that it's wrong. So, it's really hard to commit them by mistake.

~~~
dragonwriter
> Recklessness and negligence require some understanding of what you are doing
> and that it's wrong.

Negligence specifically does not, it only requires the existence of a duty of
care (except not in specialized cases, that of reasonable care, which doesn't
mean _you_ are aware of risk, but that a reasonable person in your place would
be.) Recklessness requires conscious awareness and disregard of _risk_ , but
not awareness of _wrongness_.

Harms from recklessness are mistakes, while recklessness itself is not, but
negligence is quite normally a mistake.

------
dustinmoris
> F.T.C. officials, who spent the past year investigating whether Facebook
> violated the 2011 agreement, are now weighing the sharing deals as they
> negotiate a possible multibillion-dollar fine. That would be the largest
> such penalty ever imposed by the trade regulator.

A multibillion dollar fine? That's great, but even greater would be to put
Facebook's exces behind bars. A CEO shouldn't walk away with a stuffed bank
account after years of criminal offences, violating the privacy of millions of
people all around the world and then not take any personal responsibility for
it in front of our jurisdiction. The fine is attributed to Facebook, but there
also needs to be a heft penalty for the people who ran Facebook and that is
the executive team. Jail terms must be given. In the long term this will set
an important precedent and detract possible future offenders!

~~~
navigatesol
> _but even greater would be to put Facebook 's exces behind bars._

What is with this place wanting to throw everyone in prison? Is there some
thrill you get from seeing executives in an orange jumper?

Fines can be _far_ more beneficial to society. Make them pay in a way that
actually helps other people.

~~~
hackinthebochs
Moral indignation is the new chic

~~~
ionised
Better to just let people get away with whatever they want, right?

I mean, as long as the crime made a lot of money, it can't really be a crime,
surely?

~~~
hackinthebochs
It's better to be rational about creating the right incentives to prevent
socially damaging behavior rather than stoking moral indignation disconnected
from any semblance of benefit to society. How the left became the torch-
bearers for unreflective moral indignation and retributivism is beyond me.

~~~
AlexandrB
> It's better to be rational about creating the right incentives to prevent
> socially damaging behavior rather than stoking moral indignation
> disconnected from any semblance of benefit to society.

I hope you apply the same rubric to shoplifting, drug posession, and the
dozens of other non-violent crimes that get people put in jail regularly.
Otherwise this is just a justification for keeping power unaccountable.

~~~
hackinthebochs
Absolutely. I think free will is a terrible concept that only serves to
justify our retributive tendencies. Our entire approach to criminal justice
needs an overhaul.

------
badfrog
No indication of what the charges are? The closest thing in the article is:

> _the partnerships seemed to violate a 2011 consent agreement between
> Facebook and the F.T.C_

which doesn't seem like it would be criminal?

Does the US actually have criminal laws regarding selling data? Any educated
guesses on what's actually going on?

~~~
otterley
Attorney here!

Violation of a consent decree can result in criminal contempt-of-court
charges. See 18 U.S.C. section 401
([https://www.law.cornell.edu/uscode/text/18/401](https://www.law.cornell.edu/uscode/text/18/401)).
See also United States v. Schine, 125 F. Supp. 734 (W.D.N.Y. 1954).

~~~
badfrog
Interesting, thanks! Who at the company could reasonably be jailed for such a
thing?

------
kevin_thibedeau
Facebook isn't doing anything worse than what Acxiom and other data brokers
have been doing for decades. None of it is criminal without any general
purpose data protection laws. This is just pitchfork populism.

~~~
reaperducer
_Facebook isn 't doing anything worse than what Acxiom and other data brokers
have been doing for decades_

Because other people are doing bad things, it's OK for Facebook to do bad
things.

I'm not sure that's how the law works.

~~~
LMYahooTFY
What?

That's literally how the law works. What "bad things" we prohibit people from
doing is determined by law.

We don't have laws regulating the gathering and trade of data on populations
or individuals.

~~~
EB66
Did you read the article?

> Privacy advocates said the partnerships seemed to violate a 2011 consent
> agreement between Facebook and the F.T.C., stemming from allegations that
> the company had shared data in ways that deceived consumers.

That (among other things) is what's landing Facebook in legal trouble.

The 2011 FTC consent agreement itself does carry the force of law, which means
that if Facebook breaks the terms, it's breaking the law and penalties can be
assessed.

~~~
LMYahooTFY
I failed to add a qualifier (as in "good" laws, "robust" laws, etc.), but the
comment I was responding to was a broad generalization and not specific to
this case.

I was aiming at the notion that "this isn't how the law works".

------
JumpCrisscross
There has been a tremendous amount of grassroots lobbying, fundraising, and
private investigation in New York over the past two years with respect to
Facebook. It’s a serious area I feel Silicon Valley has abdicated its moral
obligation to stand up to its own. Hoping we can develop the evidence that
comes out of this case into criminal charges for individual engineers and
senior officers.

~~~
elorant
So let's incriminate engineers for building a faulty airplane too.

~~~
gotocake
When you hold yourself to the same legal and social standards as actual
accredited engineers, of the type who build things like airplanes, you’ll be
in a better position. Right now the software works wants the benefits of the
unregulated Wild West, without the consequences. Such a scenario simply cannot
last, and in the absence of self regulation and setting of standards, the
legal system will step in. It’s slow, it’s clumsy, and it’s inevitable.

~~~
artificial
Quality software exists and is written by talented engineers. Its written in
specific languages and is tested on specific hardware configurations and
verifiable. These things cost a bit more. I’m sure if the mass market were
willing to bear an enormous cost this would already be solved. Unfortunately I
doubt you or your cohorts are willing to pony up $2,999,999 USD a seat
(Minimum order 500).

~~~
gotocake
In your fantasy, why does a “seat” cost orders of magnitude more than a first
class round trip to Australia in an actual seat? On that note, in the same way
that I prefer a more expensive seat on a plane that was designed in accordance
with professional and legal standards, yes I’d do the same for software.

Maybe there would even be less cruft and bloatware when externalities were
accounted for.

~~~
artificial
The seat is a reference to a software license. Airlines are economies of
scale, this is a small run of software that would meet your expectations to
run and be verified to do so. Are you aware how much it costs to develop an
airplane? It's more than the cost of a single ticket.

~~~
gotocake
Make your software to the same fine degree as one makes an airplane and maybe
you’d even deserve the prices you quoted.

------
minimaxir
FB Response:
[https://twitter.com/fbnewsroom/status/1105993038671691776?s=...](https://twitter.com/fbnewsroom/status/1105993038671691776?s=21)

> It's already been reported that there are ongoing federal investigations,
> incl. by the Dept of Justice. As we’ve said, we're cooperating w/
> investigators and take those probes seriously. We've provided public
> testimony, answered questions, and pledged that we'll continue to do so

~~~
mehrdadn
Does anyone ever say they're not cooperating with investigators?

~~~
ceejayoz
Roger Stone?

~~~
mehrdadn
Okay let me amend that, does anyone except Roger Stone do that? :-) Like I
obviously don't mean this 100% literally (obviously someone does this
somewhere), but I'm trying to ask whether the statement really carries any
weight not.

~~~
ceejayoz
Nah, snark aside, you're right. "We're cooperating with the investigation" is
largely PR speak for "we're doing the absolute minimum that's legally required
of us, and we're doing _that_ as slowly as possible".

------
bitxbit
When are all the revelations going to end? It's been every few months for the
past five years.

~~~
dd36
They’re a regular Wells Fargo.

~~~
lotsofpulp
Then they'll be perfectly fine in the long run. Maybe Warren Buffett can even
get in on some shares at a discount.

~~~
dd36
Seems likely. Probably a large, meaningless fine.

------
3327
Facebook is a criminal corp. And indeed when you are selling data to clients
that resell or do with the data as they please (including mining them) they
should be under criminal investigation. Thank God the FBI exists and counting
for the day that criminal charges are brought against executives who broke the
law.

~~~
evolvedcleaning
Considering they are accused of broad criminal activity, your statement should
be considered a valid expression of public opinion on the matter, and should
not be downvoted.

~~~
vonmoltke
First, the post is sensationalist populism that only serves to pull the
conversation down and cause shouting matches.

Second, Facebook is not currently "accused of broad criminal activity". They
are being investigated for breach of a consent decree, which _may_ lead to
criminal charges, which in turn _may_ be broad.

~~~
evolvedcleaning
Excuse me for being short, but common sense analysis by a technically inclined
person results in the nearly undeniable conclusion that fb exceeded reasonable
monopolistic boundaries long ago, and presumed itself to be, under Zuck’s
leadership, to be so important as to be responsible, e.g. for “maintaining
integrity of elections”. It’s no exaggeration that he fancies himself the
leader of a sovereign nation, backed by an army of lawyers and special
interest connections private and government.

In public testimony, imo Zuck came across as a smug mob boss intent on
accumulating power without bound. The recent pivoting, conspiracy theory
rumors that shall remain nameless accusing Zuck of rogue cia cooperation, news
releases about criminal shenanigans surrounding data sharing coinciding with
the excessive global downtime yesterday, and now his consligere departing, all
look suspicious.

At the least, it’s an obvious monopoly controlling a significant cultural
aspect of a global social graph. Now they are moving to undo the messaging
unification. Last week they wanted gossipers to have more privacy so they can
gossip and get away with it better.

I admit to being biased, but given my direct research on how data moves around
the Facebook world whether a member or not, whether you have blacklisted any
fb domains using little snitch etc, disable all remote js, doesn’t matter,
they keep tabs on you somehow. they are essentially their own intelligence
community with unchecked power and reach

The accusation from Voldemort is they had or have secret deals with telcom etc
which if true is beyond insidious. Ianal but common sense wise if that’s true,
they should be broken up and not simply by undoing messaging unification.

------
mtgx
The fact that FB and all of its services were down at the same time can't
really be a coincidence, can it?

Is Facebook trying to delete incriminating evidence? It wouldn't surprise me
one bit if they did that. I hope the prosecutors are smart enough to look for
evidence of this, even though I'm sure FB's experts will try to leave as few
traces as possible.

------
subfay
OT: While I like how FB is recently struggling, I have to say that their open
source contributions and the teams working on those are by far the best in
this industry. I hope they keep up doing this great work despite all their
problems.

~~~
cat199
by far?

redhat, ibm, (linux, java, etc) for starters...

~~~
dralley
Intel (Linux, Mesa), Microsoft (VS Code, .Net core, Python, Language Server
Protocol)

------
thinkcomp
See also, for the next likely criminal investigation:

[http://www.plainsite.org/realitycheck/facebook.html](http://www.plainsite.org/realitycheck/facebook.html)

~~~
rhizome
That page reads like a mishmash. Fake sites is it? "Plainsite not so plain,"
it would be helpful to provide some kind of flashlight.

------
poormystic
I suppose we’ll someday hear that many of the companies who got people’s data
have themselves been hacked, and that privacy is ended for many people. Surely
Facebook must have some responsibility in such cases. It can never be too late
to benefit from proactive protection of one’s own data; isn’t that why people
have been leaving Facebook?

------
Despegar
It's going to be great seeing all the years of HN commenters complaining that
no bankers went to jail, insist that it's bad policy for software engineers to
be held criminally liable.

~~~
dvtrn
Meanwhile I hope this thread stays at the top of HN for the day to see how the
thread summary reads over at n-gate

~~~
Trill-I-Am
n-gate?

~~~
rrdharan
[http://n-gate.com/hackernews/](http://n-gate.com/hackernews/)

Enjoy!

~~~
gotocake
That’s quite the hate-on someone has at that site. There’s some funny to be
had, but it’s mostly _very_ tryhard. The “coverage” of the Vitamin D thing was
great, but when there isn’t low hanging fruit it just sort of defaults to
generic noise. Without the anger and repetition it could be worth reading, but
as it is there’s a lot of predictable 4channery.

~~~
dvtrn
Have you considered the possibility that you might not be the target
demographic?

~~~
gotocake
What’s the target demographic, and what demographic do I represent?

~~~
pferde
I'm pretty sure I'm at least partially it. I like to check the site out every
now and then to get a point of view from the other side. HN, although having a
lot of high quality discussions, can sometimes be a deafeningly loud echo
chamber, and getting a different perspective helps to, well, put things into
perspective.

------
mudil
Wholesale surveillance of individuals by internet companies has to stop. And
that includes Google.

~~~
luckycharms810
It has always been the advertisers that are asking for the sort of tooling
that can be taken advantage of during the election cycle. If you don’t think
Russia should be able to manipulate the black voting populace then maybe it’s
worth thinking about whether Unilever should be able to specifically target
and market axe body spray in the same fashion. The tools only exist because
advertisers are paying for them. Blaming Facebook is akin to being mad at a
Martin Shkreli, both are playing within the rules of a bad system.

~~~
nradov
Martin Shkreli didn't play within the rules, which is why he's in prison
today.

~~~
vonmoltke
What he is in prison for is not related to what most people are mad at him
for.

------
xtat
prediction: record fines coming

------
BucketSort
Create a culture that is so fixated on wealth above all else and this is what
happens. When everyone around you is judging you based on what you have and on
the successes you've achieved, what motivation does one have to behave
morally? God died and the dollar took its place. I know we will one day look
back on this in complete confusion as to how we just watched things so clearly
destructive destabilize the country. It's always hard to understand how these
things happen when looking at history without being in the contemporary
madness of the times.

~~~
tabs_masterrace
> destructive destabilize the country

I don't think Facebook is destabilizing the country. In fact I don't think
anything bad at all is happening. Like please explain to me your negative
repercussions from Facebook sharing some of their data with Amazon. How did
that undermine the country? People have gotten so hysterical about this topic,
it's a madness, and that is what's destabilizing the country IMHO.

Like OP is calling to put some of the most brilliant minds in Silicon Valley
in jail, which is ridiculous! But if anything like this should happen, I think
you gonna see FAANG & Co seriously consider rebasing outside U.S. (well maybe
not G)

~~~
cat199
> I don't think Facebook is destabilizing the country.

umm.. massive and hugely polarizing public influence campaigns, if extant,
aren't destabilizing?

> Like OP is calling to put some of the most brilliant minds in Silicon Valley
> in jail, which is ridiculous!

plenty of brilliant sociopaths out there.. brilliant != good.

------
n8henry
Oh wow, this is going to be huge.

