
Facebook to Pay $550M to Settle Facial Recognition Suit - i_am_not_elon
https://www.nytimes.com/2020/01/29/technology/facebook-privacy-lawsuit-earnings.html
======
djannzjkzxn
I find it weird how people compare a fine for some specific conduct to the
revenue or profit of an entire company. In this case, the illegal use of
facial recognition probably slightly increased engagement for photo sharing
features. That’s worth something but it obviously only accounts for a very
small portion of the company’s revenues.

If the story was “judge declares entirety of Facebook enterprise illegal,
punishment is $550M fine” I would get the outrage.

~~~
Traster
You need to view this in the context of all the things facebook is doing. They
might get fined $550m for this one thing, but how many projects is Facebook
engaged in that skirt regulations or outright breach them? Dozens of projects?
Hundreds? So you can't compare the $550m against only the facial recognition,
you've got to compare it against the entire suite of questionable things
they're doing. THe point is that the corporate strategy is to skirt these
lines and the success of that strategy is the cumulative success of all the
projects along with the handful of fines they hit. So you've got to have
disproportionate fines because you _know_ enforcement is patchy.

~~~
djannzjkzxn
When Facebook gets sued for all that other wrongdoing, they can pay out for
it. Maybe you boost the fines by weighing the probability of getting caught.
Facebook has been fined before and many other legal conflicts are ongoing, so
it’s not as though they are getting a pass.

If Facebook gets a company-destroying fine for each act of wrongdoing, then
it’s just a race where the first victims to prosecute get compensated. The
slowpokes are screwed because the company has nothing left to pay out. This
seems like a less fair system than one where fines are proportional to the
value extracted or damages caused by the illegal conduct.

~~~
disiplus
while i understand what you are saying, i don't think the law should be like
that, especially for companies, where in the end nobody is going to jail.

if we see it just like that then the breaking a law is just a calculated risk.
And companies take calculated risks all the time, they will take it. There is
my mind no way that facebook did not know that they are breaking the law.

if we allow that the law is just one parameter in the strategy, then the law
is just a tax that you have to pay if you get caught.

------
vanadium
Your move, Clearview AI.

They’ve been sued in IL as well under the same auspices, and Clearview’s
defense that they aren’t a private entity because they "only" do business with
public entities (e.g., law enforcement) is definitely not going to fly here.
This settlement establishes how seriously the state of Illinois is taking non-
consensual biometric information gathering, especially facial recognition.

~~~
oh_sigh
If I put information about myself out there on a public site, I still have a
right to say that people can't download and use that information?

~~~
mortenjorck
This is a reductive argument and does not hold up to both social and legal
norms.

Making data publicly accessible does not grant users of it carte blanche to
use it however they wish. The data may be copyrighted: Viewing it does not
grant the viewer rights to republish it or claim it as their own work. An
image may contain a likeness: Viewing it does not grant the viewer rights to
claim endorsement by that individual, or to use their likeness in ways of
which the individual does not approve.

Beyond copyright and likeness rights, a likeness contains biometric
information. Having access to that likeness, at least by the laws of the State
of Illinois, does not grant the user rights to biometrics derived from that
image.

~~~
paulddraper
> Viewing it does not grant the viewer rights to republish it or claim it as
> their own work.

But that's not the question here, right?

The question is whether I can use my high school yearbook pictures to look for
information about my classmates.

~~~
bilbo0s
To be fair here, it kind of is the question right?

I mean, say you and I are at a neighborhood kid's birthday party with our own
kids. Suppose further that you take some pictures, and then post them
publicly. Maybe to your FB?

Well, I never really gave you permission to use my image on your FB. Let alone
publicly. I know that I certainly would never consent to publishing images of
my children publicly. Further, I suspect the birthday party's host wouldn't
give you permission to post his/her family's images on FB either.

So here we are, with all of these people on your public FB. None having signed
or even given verbal authorization for any sort of release. And now FB starts
running FaceRec on all the information you just gave them. To top it all off,
my family and I don't even use FB. Never have. So it really can't even be
claimed that we consented to facial recognition via the terms and conditions
of service.

I only outlined all of that to outline this, just because a person's image is
in public doesn't mean that the person consented to the image being public.
Especially images taken from private spaces, (like bday parties at some kid's
house).

~~~
thaumasiotes
> So here we are, with all of these people on your public FB. None having
> signed or even given verbal authorization for any sort of release. And now
> FB starts running FaceRec on all the information you just gave them. To top
> it all off, my family and I don't even use FB. Never have. So it really
> can't even be claimed that we consented to facial recognition via the terms
> and conditions of service.

> I only outlined all of that to outline this, just because a person's image
> is in public doesn't mean that the person consented to the image being
> public.

But what part of this would, even hypothetically, give you a cause of action
against Facebook? What's Facebook supposed to have done wrong? You have a
cause of action against your friend who illegitimately provided your photos to
Facebook, not against Facebook who relied on the legal assurance your friend
provided that he had the right to post those photos.

~~~
ehnto
They ran the facial recognition software without knowing if they had all
applicants consent. Ignorance isn't an excuse for breaking the law, the onus
is on FB to make sure all people have consented. I would not say that they
have done all that they can to check, by just having it in the T&Cs that its'
the user's responsibility. They are hiding behind their T&Cs, knowing full
well that they could be scanning people they have no consent for.

Comically, once they run the scans, they should be able to certain that they
don't have consent because it doesn't match one of their users, and should
throw the data away.

~~~
jklein11
I think you are expecting too much from FB here.

FB offers a service that allows you to share your pictures with your friends
among other things. Before you upload a picture Facebook asks you if you have
all of the rights to the pictures you are uploading (albeit they ask that in
the fine print of their TOS.) FB offers ancillary services based on those
images you shared. If you are uploading images you don’t have the rights to
how is this FB’s problem?

~~~
ehnto
It doesn't mean they did their due diligence to confirm their data was clean
of non-consenting individuals. They are clearly abusing their users ignorance.
Signed T&Cs of one person shouldn't be enough when you're dealing with PII of
multiple people in my opinion. You need everyone's explicit consent.

There is a disparity here between real world and software services I think.
When my real estate agent's software asked me to put in my room mates details,
I just had to check a checkbox that said he consented. Yet when it came to the
paper contracts, we all had to sign individually. We need the latter for
software, else PII is going to keep spilling all over the place and we'll
forget we ever had privacy.

I don't think it's unfair to scrutinize a company in such a powerful position
as FB either. They know they have unconsenting people in their photo database,
it's just inevitable, and they are hiding behind their T&Cs hoping it's enough
in the court of law. Ethically, they've failed already, and clearly in some
states they're breaking the law too.

------
ConsiderCrying
While it's very sad to hear this staggering sum called a 'rounding error' and
a blip on Facebook's radar, I'm still happy about this news. It shows that
fighting back legally is possible so the day we all have to wear recognition-
scrambling patches is not as nigh as it could be. Just wish other places would
amp up their privacy laws so Facebook would get more than occasional slaps on
the wrist.

~~~
gowld
It's not a blip. It's part of a pattern including GDPR fines that has a
certain weight. At the end of the day any fine hurts shareholders at least a
little but even if fines get so high that profit is decimated and stock
plunges, as long as incurring fines is more profitable than other business
tactics, and there is enough free cash flow to make liquidation unprofitable
to private equity / corporate raiders Facebook will continue operating as it
does.

Same as for any business.

------
kissickas
Opt-out link:

[https://www.facebook.com/settings?tab=facerec](https://www.facebook.com/settings?tab=facerec)

~~~
mikro2nd
How would that work for people who do not have a FB account?

~~~
Jolter
I don't think someone without an account can be tagged in a photo. More
importantly, the recognition engine will not find them, afaik.

~~~
swarnie_
Isn't Facebook known for building shadow profiles on non-users?

------
mehrdadn
> David Wehner, Facebook’s chief financial officer, noted in an earnings call
> with investors that the settlement added to the social network’s rising
> general and administrative costs, which increased 87 percent from a year
> ago.

So he literally just framed this as a 'cost of doing business'?

~~~
joez
There’s 4 broad buckets of costs for most companies - g&a (general and
administrative), s&m (sales and marketing), r&d, and cost of revenue.

The cost has to be classified into one of these buckets and so the CFO was
probably just clarifying into which bucket they lumped it.

This is part of the point of generalized accounting is so everyone gets a
similar basis compare companies.

~~~
monadic2
> The cost has to be classified into one of these buckets

Either PR was not consulted or they don’t understand how this comes off.

~~~
pottertheotter
I'm not fan of Facebook, but here it is in context:

> Total expenses were $12.2 billion in Q4, up 34%.

> Cost of revenue increased 25% and the growth was driven primarily by
> depreciation related to our infrastructure spend.

> R&D grew 36% and was driven primarily by increased investments in core
> product as well as our innovation efforts, particularly in AR/VR.

> Marketing and Sales grew 23% and was driven primarily by consumer and growth
> marketing.

> Finally, G&A grew 87%, largely driven by higher legal fees & settlements.
> This includes charges related to a $550M settlement in principle we reached
> this month in connection with the Illinois Biometric Information Privacy Act
> litigation.

This is standard for earnings calls. The point is for the CFO to add detail to
the generally accepted accounting principles (GAAP) financial numbers so that
investors understand why they changed. As @joez mentioned, companies have to
report financial numbers according to GAAP, which mandates that companies
disaggregate costs into specific areas. Both good and bad companies face
lawsuits all the time, and the legal fees and settlements will show up in G&A.
If G&A expenses change in an unexpected way, it is expected that the company
will communicate why.

There's definitely a lot that goes into crafting these calls, but having
listened to and read more than a thousand of them, I don't think there was
anything poorly done in this specific example.

------
pubacct71
7% of yearly profit doesn't sound like a rounding error to me.

~~~
bekman
Last year FB’s profit was 22 billion so that’s less than 3%

------
33MHz-i486
biometrics of the face, body or eye are mostly simple algorithmic
transformations of photographic images. I find it hard to believe that
"biometric data gathering" of Illinois residents can have massive civil
liability without effecting all public photography and publishing thereof.

there's also the catch-22, that if an entity is pursuing legal collection
outside of Illinois (for example of the Flickr dataset from the IBM case) it
has no way of knowingly excluding Illinois residents without identifying them
by using an (illegal) facial recognition dataset in the first place.

------
alex_young
Archive link:
[https://web.archive.org/web/20200129235635/https://www.nytim...](https://web.archive.org/web/20200129235635/https://www.nytimes.com/2020/01/29/technology/facebook-
privacy-lawsuit-earnings.html)

------
lalos
To put in perspective that's like paying 10k per FB employee of fine in a
single year.

~~~
symplee
And to put that into perspective, their total spending is over 1,000k a year
per employee.

~~~
sillysaurusx
Neither of these helped put anything into perspective for me. I don't know how
many FB employees there are. Even if I did, I don't know how much they're
being paid. And even if I knew that, I don't know how much FB makes per year.

~~~
symplee
Discussed earlier:
[https://news.ycombinator.com/item?id=22186790](https://news.ycombinator.com/item?id=22186790)

In any event, the main point was that the fine is 1/100 of yearly spending.

------
jaimex2
FB: Lets face it, were here to make money. It was cost effective to settle and
move on.

~~~
creddit
Did you expect them to fall on a sword and commit seppuku? Obviously they did
the most cost effective measure. Why try to snidely vilify them for acting
according to the law in payment for their illegal acts? Vilify them for the
illegal and unethical acts. Settling a lawsuit is neither of those and is a
core part of our legal process.

~~~
jessaustin
Parent comment contained no snide vilification.

