Hacker News new | past | comments | ask | show | jobs | submit login

>> ...but that protected data was accessed by folks who shouldn't have had it.

Facebook handed over the data. They need to understand that they don't have control over it once it leaves Facebook. Is a violation of ToS a data breach? Do we really want to conflate those things?

I understand why Facebook doesn't want to call it a breach. But it seems equally reasonable to me that users see it as one. From the user perspective, private data is suddenly in the hands of unknown, suspicious actors who may use it against them.

That Facebook would rather not call that a breach so much as "business as usual" is all the more reason legislators may be inclined to define "breach" the way that voters do.

My intention was to contrast the mundane connotation of "business as usual" with the visceral negative reaction most of us seem to have with our data being used this way.

The point I'm trying to make is that there's a difference between an isolated attack (e.g. Equifax) and what Facebook has going on here. To the person who reads about a "data breach at Facebook", it does sound like this was an abberant event that happened suddenly — rather than systemically, by a machine built on doing this every day.

Cambridge Analytica's actions may illuminate how far this can go, but we should treat it as the norm — and regulate accordingly.

Facebook DO want to frame it as a breach. Because then it's a f*-up, not expected behaviour.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact