
Facebook security analyst is fired for using private data to stalk women - worez
https://arstechnica.com/information-technology/2018/05/facebook-fires-security-analyst-accused-of-using-access-to-stalk-women/
======
forapurpose
Facebook:

> _we have strict policy controls and technical restrictions so employees only
> access the data they need to do their jobs—for example to fix bugs, manage
> customer support issues or respond to valid legal requests. We don 't just
> rely on policies; we also verify. Access to sensitive data is logged, and we
> have automated systems designed to detect and prevent abuse._

The journalist, Dan Goodin, seems to take it at face value:

> _Like many companies that handle large amounts of sensitive personal data,
> Facebook permits employees to access user records only when there is a
> legitimate business reason, such as investigating reports of abuse or
> troubleshooting performance problems. Only employees in certain roles have
> the ability to access those records, and even then, before authorized
> employees can open a record, they receive an on-screen reminder that the
> access isn 't permitted for personal reasons. All record access is logged,
> too, to make it easy for abuse to be detected._

But the truth is that Facebook does not have effective controls, or they would
have prevented this particular abuse, and when that failed, they would have
detected it. In this case, they found out via Twitter and Motherboard. To make
these claims and to accept them unquestioned completely begs the question: The
controls failed; why? Can we trust them?

