Hacker News new | past | comments | ask | show | jobs | submit login

This presents an interesting opportunity for the FTC.

The amount of data being amassed by Facebook, Google and others has become exorbitant, and apparently has already been abused (some might even say weaponized) in a major election.

If Facebook indeed violated the 2011 consent decree, then the FTC can fine them up to "thousands of dollars a day per violation [per user]". This presents the FTC with the opportunity to send a message to these data hoarders: protect the data you collect, or else.

Fine them to the point where they have to start asking themselves whether it's even worth it to collect and store certain data, and with whom to share it.

It shouldn't be the government's job to ensure that the data gets protected, this should be in Facebook's own self interest.

To your second point, I argued this sort of data was weaponsized and not just in an election (http://www.armyupress.army.mil/Journals/NCO-Journal/Archives...).

To the third point, focusing on Facebook seems like that scene from Casa Blanca though: "There's gambling going on, I'm shocked, shocked" "Your winnings, sir" Not confident FTC fines would actually change any trends.

I was the technology lead at Myspace for the Games Platform during the 2011 crackdown by the FTC. We took the FTC filings seriously and spent large amounts of cash and resources to prevent our data from making it to databrokers. Fines are one thing. FTC can shutdown or cripple your business.

I bet if Facebook is found not to take reasonable steps to mitigate issues raised during the 2011 FTC investigation, they'll be forced to do yearly audits of every app on the platform and require KYC(know your customer) process for all app publishers. This will be very costly and we'll probably see the end of the FB graph API except for trusted and highly capitalized partners.

I have not been involved in FTC decisions but I have worked at companies subject to FTC consent decrees. I agree with adrr's comment. The initial fines are not that big a deal; the work required to demonstrate compliance is non-trivial.

Last I saw there were over 1 million accounts distributed by CA.

Even assuming they were only distributed 3 months (unlikely) and there were only 1 million accounts (also unlikely) the maximum fine is:

1000x1000000x90 = 90 billion dollars.

Imposing the maximum fine would be more than double their entire 4th quarter earnings last year.

That's a bite. That would hurt any company.

From this article:

> If the FTC finds Facebook violated terms of the consent decree, it has the power to fine the company more than $40,000 a day per violation.

> Facebook Inc. is under investigation by a U.S. privacy watchdog over the use of personal data of 50 million users

So I think the maximum (assuming this went on for 90 days) would be:

40,000 x 50,000,000 x 90 = 180,000,000,000,000

180 Trillion.

I think the world would be a better place if they just pulled the plug on the fb. Donald Trump is one really really bad outcome.

Hillary lost because she was the worst Democrat candidate in history. She had MSM, the entirety of liberal America, all major tech companies, most/all colleges, illegals voting en masse -- all of these organizations were united in their support for Hillary, and she still lost.

The Dems had the election on a silver platter and they still lost because Hillary was awful.

Hillary lost the election, if it wasn't her it would've been a win.

Calling Hillary the "worst Democratic candidate in history" is just a meme - she was perfectly qualified for the job, more so than Donald Trump, anyway. What she wasn't was photogenic, charismatic or capable of not coming across as "a politician" at a time when both parties were in a disgruntled, antiestablishment mood. I think she and the DNC felt it was finally "her time," and she didn't take Trump seriously, perhaps because she felt the winds of destiny were at her back.

Unfortunately for her, Julian Assange decided to make it his religion to ruin her and Donald Trump happens to be very good at channeling populist antipathy. So it goes.

>She had MSM, the entirety of liberal America, all major tech companies, most/all colleges, illegals voting en masse

Ok. Let's go through this one by one...

- The Democrats/leftists/DNC do not control the mainstream media. That's a conspiracy theory started by the right-wing fringe and Fox news, and of course, canonized by Trump and his supporters, in order to dismiss all criticism in the media as being manufactured.

- The entirety of liberal America does not think and act in unison, nor were they entirely behind Hillary. Both parties were fractured this last election, and many Democrats who couldn't get Bernie wound up voting for Trump or stayed home.

- All major tech companies are not liberal or leftist. There is a deep wellspring of right-wing, alt-right and libertarian ideology in tech and SV.

- "most/all colleges" are also not automatically leftist. Plenty of right-wing, alt-right and libertarian ideology there as well.

- "illegals voting en masse" is just a baseless conspiracy theory.

You are correct that the race was Hillary's to lose. Unfortunately you couldn't resist running through the typical Trumpist hyperbole. Sad.

"Hillary lost because she was the worst Democrat candidate in history"

Because she was a woman? I mean, in 1984 Walt Mondale got 13 electoral votes and just 37 million votes. I think this qualifies as much worse.

But I get you.

How revolting, between nitwits who voted for Hillary purely because she was a woman and nitwits that dismiss votes against Hillary as purely a masculine act of defiance towards women in positions of power -- I don't know what's worse. Clearly some people are only capable of reducing others to arbitrary superficial qualities inferred from their own prejudices.

Is it really beyond your comprehension that someone would judge Hillary based on the quality of her character rather than her gender?

Sure you voted for Trump because you want a tax cut. I'll give you that.

But on the other hand, you brought up the "worst candidate in history" thing because of other reasons. Its just not mathematically true, man. So bringing up bias is fair game; you aren't using math as a judge. But I guess it could be a bias of recent events. Who knows - either way its not true.

I'm sorry I triggered you with the word "Trump" and I'm sorry you triggered me with just saying something that is mathematically false.

I also looked at your hacker news profile and it looks like you only only talk about politics here - this is a technology forum so I think you have the wrong audience. I'm sorry you are so angry but Jesus Christ, lets talk about computers here.

PS - If I could save your blood pressure; I'd down vote this response for you. I don't care about internet points here.

Your concern is touching but unnecessary, and, while you are correct that Mondale faired terribly, the basis of my reasoning is that a significant portion of those 62M votes that went to Trump could've easily went to the Democrats but didn't because of explicit and universal distaste for Hillary.

Mondale may have received only 40.6% of votes but Trump, as a general rule, shouldn't have had a chance. It was a Black Swan event of epic proportions and the Democrats made a mistake every step of the way, the statistical likelihood of that happening was so astronomically low but Hillary's involvement made it a guarantee.

Facebook didn’t elect trump. The us populace did.

The US populace that lives in key electoral college swing states... what a convoluted system.

Thanks for clearing this matter up.

I'm not sure I follow your math. Facebook had the following figures at the close of 2017 per https://investor.fb.com/investor-news/press-release-details/...:

Earnings (Q4 2017): $4B

Earnings (Y2017): $16B

Revenue (Q4 2017): $13B

Revenue (Y2017): $40B

So, maybe you're confusing revenue with earnings (net income) and a quarter (3 months) with the entire year (12 months). Because $90B is over 20x FB's Q4 2017 earnings and over 5x their entire 2017 earnings.

I messed up.

I saw their Q4 revenue statement and read the year end 40B as the Q4 revenue.

My bad.

i find it depressing that 90 billion dollars is only double the 4th quarter earnings.

> To the third point, focusing on Facebook seems like that scene from Casa Blanca though

It's mere coincidence, but your spelling "Casablanca" as two words (Casa Blanca) put into my mind that the literal translation of that place is "white house" (two words, natch). [0]

To your point, yes, Facebook knows user data trafficking (gambling) goes on as well as the stakes of such trafficking. Facebook is the gatherer and ostensible guardians of such data, but they directly profit from such trafficking. Very likely their "interest" in user data security is pretense.

[0] https://en.wikipedia.org/wiki/Casablanca#Etymology

EDIT: recast second paragraph to more clearly convey intended meaning.

I just went and read the linked article -- it's definitely worth a look. Personally I hadn't seen media coverage of the evolving relationship between Russia and DPRK, so I learned something new.

> and apparently has already been abused (some might even say weaponized) in a major election.

You mean major election_s_, right? I do seem to remember the Democrats crowing about how Obama's team had used social media to their advantage and Republicans were hopelessly outmatched in this arena.


Fun tidbits:

> But the Obama team had a solution in place: a Facebook application that will transform the way campaigns are conducted in the future. For supporters, the app appeared to be just another way to digitally connect to the campaign. But to the Windy City number crunchers, it was a game changer. “I think this will wind up being the most groundbreaking piece of technology developed for this campaign,” says Teddy Goff, the Obama campaign’s digital director.

> That’s because the more than 1 million Obama backers who signed up for the app gave the campaign permission to look at their Facebook friend lists. In an instant, the campaign had a way to see the hidden young voters. Roughly 85% of those without a listed phone number could be found in the uploaded friend lists.

Whoa, that sounds exactly like the "breach" we're talking about here!

And a former Obama staffer confirms this: https://www.theblaze.com/news/2018/03/20/ex-obama-staffer-cl... (yeah yeah "I don't trust your source", but it's just screenshots straight from the horse's mouth).

Money quotes:

> Facebook was surprised we were able to suck out the whole social graph, but they didn’t stop us once they realized that was what we were doing.

> They came to office in the days following election recruiting & were very candid that they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side.

The major differences:

1. The Democrats didn't harvest the data under false pretenses; the data came from people who signed up for a political app.

2. The Democratic campaign data wasn't illegally transferred from one company to another.

But I agree that the Obama campaign's actions should have been a flag and we should have worried harder about it, even if they weren't as bad as what Cambridge Analytica did.

> 1. The Democrats didn't harvest the data under false pretenses; the data came from people who signed up for a political app.

Were these people aware all their data and friend's data was going to be recursively sucked down? Somehow I doubt the app included a disclaimer to that effect. Doesn't really matter what your app does if the main goal of it is to, well, harvest data.

2. The Democratic campaign data wasn't illegally transferred from one company to another.

That you know of. It's data, it can get around. The staffer did mention that the Democrats still have the data, and they weren't supposed to be sucking down the whole graph in the first place, hence Facebook's initial freakout (but of course, it was OK because "we're on your side.")

Nope, not "that you know of." Cambridge Analytica got their data from a third party, violating their contract with Facebook. The Obama campaign got their data directly. That is an actual difference between the two actions.

It's possible to say "I think the Obama campaign also took undesirable actions" without saying "and they were just as bad." I agree with that position, as I said.

Here's another difference.

Obama campaign was US CITIZENS who are legally allowed to work on election programs.

CA was staffed almost entirely by BRITISH and CANADIAN citizens, and ALL of their Trump 2016 (and Cruz et all) actions are straight FEC violations of foreign actors working US elections.

Thanks and I agree in theory. It remains to be seen whether that statement was true, or just CA pumping up their own importance.

CA also has Russians playing key roles in its lifecycle, with early work done in Russia, and a link to a Russian government oil firm, Lukasoil, considered to be an overseas intelligence/influence agent of Putin's. I'm less concerned by the connection with Allied national citizons.

Looking at the last quotes, is it worse that Facebook did not protect the data from a violator vs giving it away explicit and intentionally?

"That you know of" is referring to the fact that you don't know where the data is _now_ (well, we know the Dems still have it) and what it's going to be used for in the future, much as in the CA case. Unless you believe that the Dems destroyed all the data harvested in 2012 and haven't used it again.

I believe in judging based on the facts in evidence rather than making assumptions about what happened.

CA acquired data from a third party which did not have permission to give CA the data. The Obama campaign did not do that.

Facebook required the third party (Dr. Kogan) to certify that the data had been destroyed. Dr. Kogan certified that the data had been destroyed, but did not do so. The Obama campaign did not do that.

These facts support the conclusion that nobody should have access to this kind of data, including the Obama campaign. They do not support the conclusion that the Obama campaign did the same thing as CA.

I also don't think you've provided evidence that the Obama campaign still has the data. If I've missed that please let me know.

I also noticed that you are conflating the Obama campaign with the Democratic Party. If you have evidence that the Obama campaign shared this data with the Democratic Party, you should also share that.

> I also don't think you've provided evidence that the Obama campaign still has the data. If I've missed that please let me know.

> “Where this gets complicated is, that freaked Facebook out, right? So they shut off the feature. Well, the Republicans never built an app to do that. So the data is out there, you can’t take it back, right? So Democrats have this information,” she said.

This is what Davidsen has said.

Also, as you said, they obtained the data legitimately. Why _wouldn't_ they keep the data around for future use?

> I also noticed that you are conflating the Obama campaign with the Democratic Party. If you have evidence that the Obama campaign shared this data with the Democratic Party, you should also share that.

Common freaking sense. It's a goldmine for future elections, they would be fools not to share it with the DNC.

Considering how much traction this story is getting, and considering that the Obama campaign used the same friend list "breach" to obtain data, they really should comment to the effect that they aren't keeping the data around. Otherwise, common sense says they are. That, coupled with Facebook's rather "it's OK" response to learning that they sucked down tons of data makes me think FB didn't make a big stink about deleting the data. If they did, they need to attest to that.

> Common freaking sense. It's a goldmine for future elections, they would be fools not to share it with the DNC.

Well, no. They'd be people who are violating their Facebook contract if they did.

When you live in the swamp, it's easy to assume everyone is dirty. The Obama campaign certainly used data in a way I personally find uncomfortable, which makes it even easier to leap to conclusions. However, there's no value in this conversation as long as you don't understand the difference between evidence and the things you want to be true.

We rarely get to deal in certainty; life is mainly degrees of probability.

It's very likely that the Obama campaign retained the data: I'd put it around 75%. Others have different assessments.

Lumping all uncertain things into one bundle of low probability is a massive category error.

> Well, no. They'd be people who are violating their Facebook contract if they did.

Again, who’s actually asking any questions whatsoever about their use of harvested social media data? You’re only in breach of your “Facebook contract” if someone cares to look into it in the first place. You still haven’t addressed the staffer’s claim that Facebook was freaked out about the campaign’s harvesting of data but then said they were “OK” with it. You trust FB to make a stink if the Obama campaign misused data? Seems to me like they were perfectly content to look the other way.

You are very naive if you don't know that many, if not most campaign consulting agencies are entirely apolitical about collecting and shopping around their data to various candidates. It's simply about expanding their market. Do yourself a favor and volunteer on a single campaign for a state or federal level committee-favored candidate to see for yourself.

Sure, the Obama campaign itself did not do the above, but liberal-leaning SuperPACs did

No, the only truth here has been

1. It was not Democrats, therefor it was wrong if not illegal.

If Hillary had won none of this would have come about and even if it did no one in Congress would be up in arms. We have had nearly two years of people trying to delegitimize Trump's win. This is a standard political tactic by the losing side but this time Trump beat both sides at the game.

These politicians and activist refuse to acknowledge that their message is either not acceptable or delivered wrong or even worse, that a large number of people were just tired of them.

There wasn't simply enough money spent by Russia to change the outcome and this is completely ignoring the fact they have been doing similar in nearly every election they could if not within political parties and the media.

> illegally transferred

I'd question illegality. In violation of agreements, perhaps. If there were any, and there wasn't a wink, wink type of understanding on what would be done.

In violation of agreements, definitely, if you believe Facebook's public statement. I think it would be risky for Facebook to lie about their developer policies but that doesn't mean it's impossible. I don't have time right now to dig through archive.org to find an old copy of those, unfortunately.

For a much better examination of legal aspects than I can provide, see https://www.lawfareblog.com/cambridge-analytica-facebook-deb.... Please keep in mind the sentence "I am leaving aside for now the potential claims under British and European law, but those add to this list considerably," which is rather important given the EU's more aggressive privacy regulations.

It's like SuperPAC coordination. Every election cycle there are countless obvious violations of SuperPAC coordination at all levels and parties but these are hardly ever investigated much less prosecuted.


I sort of don't care why the media firestorm is so bad, even if it's unfair, because it means we might see some action which will limit bad actors on all sides of the political spectrum.

IMO the point is the origin application. A Campaign App used for that purpose vs. an app that shows you what your face would look like when you were older to swing distorted news.

> A Campaign App used for that purpose

But how long does the harvested data remain "valid" for that purpose? The Dems still have the harvested data from 2012, is it OK to use it for 2016, which they most likely did?


You can see that already with the Obama staffer. Direct quotes from someone who was there yet the mainstream media simply isn't reporting on it. Just another right wing conspiracy, otherwise CNN would be talking about it, right?

You do sometimes get bits and pieces like the Time article from 2012 that haven't been memory-holed yet, but again, the media won't bring up something like that because the intent to paint this chilling use of social media as something unique to the Trump campaign.

There is a new Washington Post article that covers the Obama campaign story - it's not being entirely silenced: https://www.washingtonpost.com/business/economy/facebooks-ru...

I agree that there is a pattern of bias to all large media outlets on both sides. They may put a piece out like this one to appear impartial but only post-facto and if it supports the rancor of a news cycle that currently leans in their side's favor.

Anyways, there is bipartisan benefit to people becoming more aware of their online presence. Maybe people will use social media less and become less fervently partisan?

They squeezed it in right at the very end, but it was actually rather surprising how little they minced words:

“We ingested the entire U.S. social graph,” Davidsen said in an interview. “We would ask permission to basically scrape your profile, and also scrape your friends, basically anything that was available to scrape. We scraped it all.”

So obviously a fair amount of strategic writing going on but all things considered, pretty respectable.


Bloomberg has also admitted Obama took advantage of it as well:


"The scandal follows the revelation (to most Facebook users who read about it) that, until 2015, application developers on the social network's platform were able to get information about a user's Facebook friends after asking permission in the most perfunctory way. The 2012 Obama campaign used this functionality. So -- though in a more underhanded way -- did Cambridge Analytica, which may or may not have used the data to help elect President Donald Trump."

To me, the interesting part going forward is: will Democrats and the mainstream media continue to frame this as if it was Donald Trump who committed the wrongdoing? I'm not really sensing any widespread public outrage so I would suspect not, but time will tell.

(Yeah yeah "I don't trust your source", but my methamphetamine-enthusiast uncle assures me that Safeway supermarket lets the Jews decide how much salt your food is allowed to have, and Gwyneth Paltrow's magnet stickers can totally cure hemorrhoids...)

Quality whataboutism that doesn't change the overall debate about these practices. You do realize they talked about exactly this in the linked article right?

This is already how HIPAA forces data decisions in the health care industry. We ask ourselves: "Is it worth the time and effort to store patient PII?"

If the answer is no, we don't store it.

>If Facebook indeed violated the 2011 consent decree, then the FTC can fine them up to "thousands of dollars a day per violation [per user]". This presents the FTC with the opportunity to send a message to these data hoarders: protect the data you collect, or else.

No one ever seems to get the maximum fine in America, often because it would "destroy the company".

But we're willing to execute living people.

As the old adage says: I'll believe corporations are people when they execute one in Texas.

The problem for these companies is that hoarding and monetising data _is_ their business model. If they can't do that anymore, they are going to struggle in a serious way.

That seems like a feature, not a problem.

They aren't going to struggle, their currently spectacular profits are just going to get somewhat more modest.

This is what happened to the banking industry after the 2008 financial crisis.

I've been wondering what kind of collapse would happen when something like this happened to a business where the majority of their revenue comes from monetizing their consumers. Of course, a collapse would only be possible if:

* The FTC actually does something about this in a way that companies in a similar manner are also affected (directly or indirectly) * These companies don't find a way to get around the issues.

I'm not convinced anything will significantly damage tech companies whose primary profit driver is their users' data anyway. The general public has been using them for years now and despite any outrage, it's become too integrated in society for people to suddenly stop (unless someone comes up with a better alternative).

I'll have two, please.

Acxiom and others of the old guard have been doing exactly the same for 40+ years. Why should Facebook be singled out for voluntary disclosures when the data mining industry has far more aggregious transgressions.

"...and apparently has already been abused (some might even say weaponized) in a major election."

While it's clear that CA/Russians/whoever tried to influence the election through these techniques, is anyone aware of any studies or evidence that they actually affected anything at all? Has anyone even done a survey asking people if they either did not turn out to vote, or changed the candidate they were going to vote for, based on paid advertising they saw on Facebook?

I'm genuinely curious about this, I'm not trying to be argumentative. After this erupted yesterday, I went looking and found nothing. This whole thing may be much ado about nothing.

I think this ultimately comes down to the problem of attribution in marketing -- how do you determine if an ad or story is effective in actually influencing somebody to buy a product or vote for a candidate? We know millions of people engaged with content from Russian trolls masquerading as Americans, but (like any marketing campaign with an offline action) it's difficult to quantitatively measure the ultimate impact they had.


Yeah, but even a simple survey would at least start to unravel this. "Did you either fail to vote or change your vote based upon paid advertising you saw on Facebook?" would at least be a good start. Even anecdotal stories of people being swayed by a paid Facebook ad would be a start. I haven't seen a single one, and I've looked.

The whole point of using the data like this is to change people's opinion without them knowing why, so I doubt anyone can answer a survey like this accurately.

Perhaps if there were two similar candidates, this would be true. However, that wasn't the case here. These candidates and their supporters were polar opposites. If they were swayed at all, it wouldn't have been through subtlety. The stories would be "I was going to vote for Hillary, but then I saw [X] on Facebook and was so horrified that I decided to [not vote at all or vote for Trump]".

I'm pretty sure that polls like that are ineffective for discerning the impact of any type of marketing. The best evidence I can think of for whether somebody found something influential is whether they liked or re-shared a post, and there's plenty of evidence for that. Those are, after all, the sorts of metrics typically used for measuring the success of a social media campaign: https://www.socialmediaexaminer.com/10-metrics-to-track-for-...

When broadband got reclassified by the FCC under the "huge loss" for Net Neutrality, a little noticed M.O.U. was published as part of that decision that explicitly stated the FTC would be now be beefing up its presence to protect the consumer. It's only in Facebook's interest if they believe they'll get caught. If they think they can sell this data for profit and escape scrutiny, they will. Here's hoping this is a sign of more work to come from the FTC.

Isn't the FCC being run by a Trump shill at the moment? I mean, they just repealed net neutrality, I doubt they're going to go around imposing fines on Trump buddies now are they...

FTC, not FCC in this case. And what was repealed was a huge blob of legislation called Title 2, not “net neutrality”.

Well net neutrality was repealed. Without title 2 there is really no net neutrality until some other law or regulation puts it back into place.

The reason I make this distinction is because the limited neutrality is the least of what the legislation does.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact