From The Wall Street Journal:
Facebook Inc. confronted an intensifying crisis as political leaders in the U.S. and Europe called for aggressive inquiries into whether the technology giant failed to stop improper access and handling of user data, scrutiny that sent the company’s stock to its biggest decline in four years.
The uproar pushed Facebook’s stock down 6.8% to $172.56 Monday, wiping out about $36 billion in market value as the episode reignited concerns over how Facebook, Alphabet Inc.’s Google and other internet firms handle user data that is at the core of advertising businesses that have made them among the richest companies on Earth.
The backlash has raised anew the prospect of tighter regulation of the social-network company and other big internet firms that already are under scrutiny for how Russia manipulated their platforms before and after the 2016 presidential election. Internally, Facebook executives and employees have fiercely debated how to respond to the additional scrutiny.
The latest controversy centers on whether Cambridge Analytica, which helped the Trump campaign in 2016, collected and used without permission data from the accounts of millions of users obtained through a Facebook app developed by an academic at the University of Cambridge. Facebook on Friday said it suspended Cambridge Analytica—along with an associated firm, the academic and another individual—as it investigates reports that the firm kept user records for years after saying it had destroyed them. Cambridge Analytica has said it complied with Facebook’s rules.
. . . .
“Facebook, Google, and Twitter have amassed unprecedented amounts of personal data and use this data when selling advertising, including political advertisements,” said Sens. Amy Klobuchar (D., Minn.) and John Kennedy (R., La.) in a joint statement on Monday. “The lack of oversight on how data is stored and how political advertisements are sold raises concerns about the integrity of American elections as well as privacy rights.”
. . . .
Meanwhile, the European Parliament’s president, Antonio Tajani, on Monday said “allegations of misuse of Facebook user data is an unacceptable violation of our citizens’ privacy rights” and vowed that Parliament will investigate fully.
The EU’s justice chief, Věra Jourová, said she expected “companies to take more responsibility when handling our personal data.” She said she would seek clarifications from Facebook and would discuss the matter with U.S. government officials on her scheduled trip to the U.S. this week.
Facebook executives have struggled to find responses that didn’t fuel more recrimination—repeating a pattern that has played out over the company’s response to a string of crises over the past 18 months. Pivotal Research analyst Brian Wieser said the weekend’s episode was another sign of “systemic problems” within the company. Mr. Wieser has a “sell” rating on the stock.
. . . .
Facebook Chief Security Officer Alex Stamos on Saturday deleted several tweets arguing against the use of the “data breach” term, later saying his remarks were factually correct but he “should have done a better job weighing in.” Mr. Stamos said he thought it was important for Facebook executives to talk about these complex issues publicly, but “I don’t know how to do that in this media environment.”
Mr. Stamos has been at the center of Facebook’s response to the Russian manipulation efforts, and he and other security officials have argued internally that Facebook should publicly disclose more about that activity. Mr. Stamos has indicated that he plans to leave Facebook in August, people familiar with the situation said on Monday.
Link to the rest at The Wall Street Journal
PG says tech companies haven’t done well when subject to heavy government scrutiny. He’s thinking about Microsoft and antitrust, AT&T, the DOJ and Apple in the ebook price-fixing litigation.
For PG, when a large tech company starts growing by acquiring near-competitors – Facebook and Instagram, for example – he takes it as a sign that company management has concluded it can’t profitably use its money to grow its core business or any new ideas it develops internally. Therefore, it decides to buy its way into existing neighboring markets instead of paying dividends or spinning out independent child companies that will be more innovative.
UPDATE: The Wall Street Journal just reported that Cambridge Analytica fired its CEO.
Growth-by-acquisition is a strategy fed by several elements.
1) Your Venture Capital backers want a sure thing that can be added now, not an investment for future solid diversification. They’ll be gone by then.
2) Your company officers want to inflate their package of available service offerings so that the stock will grow in the short term and they can cash in for the short term.
3) Your competitors are headed into territory you aren’t defending very well, and it’s better to kill them (via acquisition) than up your own game.
None of these motives have much to do with organically growing a solid company that can weather good times & bad.
It’s a cliché that, what, 80-90% of acquisitions fail (as in, don’t add to the bottom line after a year or three). It’s a very ugly form of corporate entity sex, where someone gets screwed, and not uncommonly both parties.
EU law is about to get a lot stricter when the GDPR comes in on May 25th, and it includes a right to data erasure. I’m not certain how the ICO is going to put that into practice, but it seems a lot of people are dumping their FaceBook accounts right now, and FB’s data retention is going to bite them. It’s not just that they make it hard to delete your account, it’s also the fact that other people can reveal your data through FB whether you consent to it or not, whether it’s images you’re tagged in or email addresses uploaded through the friend finder service. Both come under “personal data” covered by the act.
This is my day job, the GDPR is not going to have any real effect in protecting people, it will drive up costs of doing business, and give ambulance chasers yet another way to extort money from companies, but not actually do much good. The GDPR is all around notification requirements, not prevention, and so you will just start seeing more notifications taking place (and notifications are required for things like loosing access to your data, not just getting hacked)
point out any company that has actually suffered from having to announce that they were hacked? Exuifax should have been driven out of business as a result of their problems.
As for facebook, their only problem is that the wrong party benefited from their data.
A former professor at my day job who’s an expert in crisis and reputation management could’ve told Mr. Stamos not to try that argument. One of the case studies he used in class was Toyota’s reaction to its unintended-acceleration scandal. The company’s response was to trot out engineers who explained why those attributing the deaths to some flaw in the car were wrong. And as it turned out, they had a point: those people were incorrect.
But the company ended up making matters worse for themselves because it looked like they were callous, focusing only on technical matters and not caring much that people had died driving their product.
Being right wasn’t enough. In fact, in isolation, it was harmful.
Also, as a commenter I saw elsewhere pointed out, it’s kind of funny that Facebook’s execs had to take to Twitter in order to be heard.
The fun stuff begins now.
Cambridge Analytics wasn’t the only outfit to mine Facebook data nor were they the first.
Not even the first to use it for political ends.
From the WP:
https://www.washingtonpost.com/business/economy/facebooks-rules-for-accessing-user-data-lured-more-than-just-cambridge-analytica/2018/03/19/31f6979c-658e-43d6-a71f-afdd8bf1308b_story.html?utm_term=.9160a4c5c5a9&wpisrc=nl_rainbow&wpmm=1
—–
— Facebook last week suspended the Trump campaign’s data consultant, Cambridge Analytica, for scraping the data of potentially millions of users without their consent. But thousands of other developers, including the makers of games such as FarmVille and the dating app Tinder, as well as political consultants from President Barack Obama’s 2012 presidential campaign, also siphoned huge amounts of data about users and their friends, developing deep understandings of people’s relationships and preferences.
—-
Is anybody here really surprised?
One. More. Time:
“If you’re not the paying cu$tomer, you’re the product.”
TANSTAAFL!!
Yeah, but we pay for Windows and other programs, and they spy on us, too.
Doesn’t even have to be a program. I have a 2001 Jeep Wrangler that’s closing in on a quarter-million miles. I love it. It’s still in great shape. I got a card from Carmax in the mail this week telling me they want to buy my 2001 Jeep Wrangler.
Nuh-uh. My nephew called dibs if I ever get rid of it.
Carmax got that data from your local department of motor vehicles. If you’re still renewing its license, it’s still running. And they probably gotthat data for free.
There is no privacy.
Never has been, really.
“I got a card from Carmax in the mail this week telling me they want to buy my 2001 Jeep Wrangler.”
They just want to buy it so they can sell you something else. (I’m getting the same thing with the dealership wanting to ‘upgrade’ our ‘old’ car. 😉 )
Yeah, that part I knew. My Jeep runs fine and I’m keeping it as long as I can. I ordered it from the dealership 18 years ago this fall. I still have the little paper that said it was built especially for me. Plus, well, I love that car. I don’t want a new one.
Not surprised, especially when the data goes to the “bad” people. For the “good” people the doors are wide open.
Maybe the governments need to start reading those ToS and pointing out where the companies are running counter to laws ‘before’ the company gets to use its ToS in a way against those laws.
Me, I’m waiting for MS’ Windows 10’s ‘We are spying and key-logging every single thing you do’ features (it’s in the ToS as a ‘quality’ thing and can’t be shut off) to come back and bite them on the backside.
My first thought to your suggestion was, “But that would take so much government employee time and therefore taxpayer money to do.” And then I thought of something much simpler. Require that any TOS for these sorts of thing be no more than, say, 1,000 words long. That would also get past the whole, “No one reads them nor should they be expected to, so holding them to these TOS is unreasonable” thing. At 1k words, anyone who has any interest at all could easily read them, especially if there were also a requirement that they be written on, say, an 8th grade level (or lower) so that pretty much everyone could not only read but also understand them.