Let me give
you brief idea about the analysis of this Marc Zuckerberg interaction with
Senators in U S Senate. On backdrop of Cambridge Analytica scandal every
digital citizen is concerned about the security of his data but in reality
unable to understand on whom to trust? U S Congress initiated a proactive move
and called founder of Facebook to explain about these data leak concerns and
many more related data ownership issues. We may be thinking that these issues
are concerning U S scenario and irrelevant in Indian context. So to make Indian
as well as global netizens aware about what was the take away of entire
proceedings in Indian as well as global context, this analysis is done by
advocate Mahendra Limaye, a renowned Cyber Legal Consultant and Faculty for
Cyber Laws. Let me be very candid and clear about the analysis. The majority of
the replies by Mr. Zuckerberg, to various pointed and well articulated
questions by 44 U S senators were answered very evasively and infertile manner.
Mr. Zuckerberg tried to be more like a politician than a Technocrat by
diverting the attention of entire questioning to some other non-relevant issue
or promising to get back with the answer with concerned person after some time.
A technocrat
was expected to provide more definite, conclusive and logical answers on the
backdrop of his opening remarks that, “We didn’t take a broad enough view of
our responsibility, and that was a big mistake. It was my mistake, and I’m
sorry. I started Facebook, I run it, and I’m responsible for what happens
here.” But in reality what I observed was that these were all tutored answers
by battery of legal luminaries at his discretion, who advised him not to commit
any more mistakes and provide any evidences against him to be sued.
Let’s start with analysis of the answers by
Mr. Zuckerberg to questions by the senators.
1) Senator NELSON: “Yes, you did
that, and you apologized for it. But you didn't notify them. And do you think
that you have an ethical obligation to notify 87 million Facebook users?”
ZUCKERBERG: “Senator, when we heard
back from Cambridge Analytica that they had told us that they weren't using the
data and had deleted it, we considered it a closed case. In retrospect, that
was clearly a mistake.”
Now
here question was specific about whether notification was given to 87 million
FB users whose Data was compromised and answer was not to the point. So by
admitting the mistake whether notifications to 87 million users were sent
remained unanswered and in my view it needs to be answered and if answer is
negative then strict action should be taken against FB.
NELSON: Well, the recent scandal is
obviously frustrating, not only because it affected 87 million, but because it
seems to be part of a pattern of lax data practices by the company, going back
years.So, back in 2011, it was a settlement with the FTC. And, now, we discover
yet another incidence where the data was failed to be protected. When you
discovered that Cambridge Analytica — that had fraudulently obtained all of
this information, why didn't you inform those 87 million?
ZUCKERBERG: No, senator, for the
same reason — that we'd considered it a closed — a closed case.
It is evident
that Facebook was guilty of non-protection of user’s data in 2011 and there was
settlement with FTC and this is not the first incidence wherein FB is accused
of data breaches. It means FB seems to be habitual offender or in mild words
bit casual as far as data security is concerned. And again Mr. Zuckerberg gives
evasive answer that we thought it to be closed case. So simple doubt which may come
in anyone’s mind is if a company like FB can be so casual in ascertaining
whether data is permanently deleted or not and also not concerned about
intimation to 87 million users about data compromise; is this company really resolute,
willing and capable of protecting data of 200 million users across the globe?
Whether people should rely on the capabilities of FB to protect their data? Is
FB really concerned about security?
2)
FEINSTEIN: “If you knew in 2015 that
Cambridge Analytica was using the information of Professor Kogan's, why didn't
Facebook ban Cambridge in 2015? Why'd you wait?”
ZUCKERBERG: “Senator, that's a — a great question.
Cambridge Analytica wasn't using our services in 2015, as far as we can tell.
So this is — this is clearly one of the questions that I asked our team, as
soon as I learned about this — is why — why did we wait until we found out
about the reports last month to — to ban them. It's because, as of the time
that we learned about their activity in 2015, they weren't an advertiser. They
weren't running pages. So we actually had nothing to ban.”
This answer clearly establishes how much FB was concerned
about Data leak and tried to hide it from entire world. Had it not been
revealed by the WHISTLE-BLOWER Mr. Christopher Wylie, FB would
have tried to keep it under carpet and it proves the mindset of the people working
at top-management with FB. They knew well in 2015 that Data breach has happened
but tried to underplay entire incident in hope that it will never see a light and
will be buried under the time. But the people at the helm of affairs at FB seem
to have forgotten the golden rule that DATA NEVER SLEEPS. In my views FB also
attracts the penal provisions for wilfully hiding the facts and being a part of
criminal conspiracy. And though CA were not using services of FB, it was
established that Kogan’s app has provided the requisite data and he could have
been very well acted upon by FB. FB didn’t initiate the legal action against
Kogan and this act substantiates that FB must have received some monitory
penalties from Kogan and might have hushed up the matter.
3) SEN. ORRIN G. HATCH : Why
Facebook and Google don’t charge for access? Nothing in life is free.
Everything involves trade-offs. If you want something without having to pay
money for it, you're going to have to pay for it in some other way, it seems to
me. And that's where — what we're seeing here. And these great websites that
don't charge for access — they extract value in some other way. It’s consumer
choice. Do users understand what they're agreeing to — to when they access a
website or agree to terms of service? Are websites upfront about how they
extract value from users, or do they hide the ball? Do consumers have the
information they need to make an informed choice regarding whether or not to
visit a particular website? To my — to my mind, these are questions that we
should ask or be focusing on. Well, if so, how do you sustain a business model
in which users don't pay for your service?
ZUCKERBERG: Senator, we run ads.
The question by senator itself explains more than what was
answered by Mr. Zuckerberg. If you are getting something free then you have to
pay for it in some other form and in the case of FB, it’s your data which you
upload on FB. It’s also queried that whether users are aware about how value is
extracted from their posts, for which Mr. Zuckerberg preferred silence and
remained answerless. His only answer to entire direct question was we run ads.
He has never come up with the details about revenue received from ads and
targeted ads revenue. I need to explain what I mean by ads and targeted ads for
readers understanding. I presume that FB ad tariff is based on the number of
audience you want to cater and the time and geographical demography. The more precise
your target audience, the higher would be the ad rates as FB would be putting
more efforts in Data mining for targeted ads. So it can be certainly presumed
that the more data you put on FB, it’s more advantageous for FB to exploit you
for targeted advertisement. By running simple ads which can be open for all the
users of FB, FB is not earning much revenue but by providing facility of
targeted audience FB is making most of its money and it may be concluded that
by exploiting Data of the users FB is making money. If we understand
traditional advertising like newspapers, electronic or hoardings, the tariffs
vary mostly on circulation and page location in case of newspapers; viewership
and time slot in case of electronic media; location, size and number of
footfalls in case of hoardings. And these tariffs are same for all the
advertisers and the important data like circulation of newspaper or viewership
of electronic media are available for general public to access. All these
advertising media’s cannot assure the desired outcome of the advertising but
FB, having huge analysed Data of users at its discretion, can certainly assure
targeted audience by more precision and have monopoly over the data. Another
major difference is other ads are open to all the audience who happen to come
across the same whereas targeted ads by Facebook are displayed to pre-selected
set of people. So these running of ads by FB can’t be covered under category of
simple ads but needs to be redefined and regulated under certain different
category where innocent user’s personal information is commercially exploited.
In reality user’s innocence and ignorance about what happens to their data
after its put on social media platforms is cleverly exploited by Mr. Zuckerberg
on pretext of offering the services for free. This needs to be certainly
debated at length and regulated as FB has failed miserably to protect that Data
and thereby caused huge loss to the users.
4) WICKER- Is it true that — as was
recently publicized, that Facebook collects the call and text histories of its
users that use Android phones?
ZUCKERBERG: Senator, we have an app
called Messenger for sending messages to your Facebook friends. And that app
offers people an option to sync their — their text messages into the messaging
app, and to make it so that — so basically so you can have one app where it has
both your texts and — and your Facebook messages in one place. We also allow
people the option of ...
WICKER: You can opt in or out of
that?
ZUCKERBERG: It is opt-in. You — you
have to affirmatively say that you want to sync that information before we get
access to it.
This revelation shows that the default settings of most of
the features of FB are public and unless you allow FB for ownership and use of
the basic information shared on platform, FB doesn’t permit to use those
features. It is expected that all the users must select the audience to whom
they like to share their information but default settings are such that all the
information is made public. It also highlights that FB collects the call as
well as text histories of its users when accessed by android phones. It may be
possible for FB to gain access to your android phone’s phone book, photos and
other audio as well as video files.
WICKER: One other thing: There have
been reports that Facebook can track a user's Internet browsing activity, even
after that user has logged off of the Facebook platform. Can you confirm
whether or not this is true?
ZUCKERBERG: Senator — I — I want to
make sure I get this accurate, so it would probably be better to have my team
follow up afterwards.
WICKER: You don't know?
ZUCKERBERG: I know that the — people
use cookies on the Internet, and that you can probably correlate activity
between — between sessions. We do that for a number of reasons, including
security, and including measuring ads to make sure that the ad experiences are
the most effective, which, of course, people can opt out of. But I want to make
sure that I'm precise in my answer, so let me...
Now here Mr. Zuckerberg has clearly ducked the straight
forward question about cookies and replies that my team will follow up the
same. But after being asked whether he don’t know the answer he acknowledges
that FB utilises cookies for assessing the ad experiences, and this affirms my
previous assessment that FB’s ad’s can’t be termed as simple ad’s but those are targeted ad’s after
commercially exploiting the free information shared through FB platform by the
users. So this again reaffirms that FB is not offering anything free to users
but rather making fool of the people by commercially exploiting them.
5) GRAHAM: Do you think the average
consumer understands what they're signing up for?
ZUCKERBERG: I don't think that the
average person likely reads that whole document.
Now this open acknowledgment that average person does not
understand what they are signing up for poses very serious issues about Data
privacy and Data security. If people world over don’t understand what they are
committing is right or wrong then its respective State’s responsibility and
duty to educate people and make them aware about traps and pitfalls laid
through social media, as most of the governments are making use of social media
in promoting its welfare schemes. It must be considered as primary duty of
State to make its citizen digital literate and educated in this era of
digitalisation. The social media platforms should not be given free licence to
exploit digital illiteracy of the citizen across globe and thereby making
people’s data more vulnerable.
6) BLUNT: Do you track devices
connected to the device used by individual for their Facebook connection, but
(those devices) not necessarily connected to Facebook?
ZUCKERBERG: Yes. There — there may
be some data that is necessary to provide the service that we do. But I don't —
I don't have that on — sitting here today. So that's something that I would
want to follow up on.
This answer is more than an admission that the connected or
networked devices are also not safe as far as Data safety and security is
concerned. In other words it may be possible that someone may be using mobile
phone for accessing FB but the connectivity of that mobile phone is through
some hotspot to which more than one device is connected and then FB is capable
of extracting some data from all those connected devices or FB may be used on
mobile on which other banking apps may be operated and it may be possible for
FB to get hold of your banking transactions information. If this understanding
is true then just imagine the fate of information residing on all the devices
which are in network with the computer or laptop or mobile being used to access
FB. The more significant issue is how many users understand these complexities
in technologies? There mere understanding is I can access the whole world in
privacy. BUT IS THIS UNDERSTANDING TRUE? We certainly have collective responsibility
to educate such digital illiterates and make them aware that their privacy is
like a glass room where whole world with the help of connected devices can get
hold of all his activities done in presumed privacy. And I think this could be
greatest service we can offer to mankind in digital era.
7) BLUMENTHAL: I want to show you
the terms of service that Alexander Kogan provided to Facebook and note for you
that; in fact, Facebook was on notice that he could sell that user information.
Have you seen these terms of service before?
ZUCKERBERG: I have not.
BLUMENTHAL: Doesn't that term of
service conflict with the FTC order that Facebook was under at that very time
that this term of service was, in fact, provided to Facebook. And you'll note
that— the FTC order specifically requires Facebook to protect privacy. Isn't
there a conflict there?
ZUCKERBERG: Senator, it certainly
appears that we should have been aware that this app developer submitted a term
that was in conflict with the rules of the platform.
BLUMENTHAL: Well, what happened here
was, in effect, wilful blindness. It was heedless and reckless, which, in fact,
amounted to a violation of the FTC consent decree. Would you agree? Your
business model is to monetize user information to maximize profit over privacy.
And unless there are specific rules and requirements enforced by an outside
agency, I have no assurance that these kinds of vague commitments are going to
produce action.
ZUCKERBERG: Senator, we have already
a “download your information” tool that allows people to see and to take out
all of the information that Facebook — that they've put into Facebook or that
Facebook knows about them. So, yes, I agree with that. We already have that.
Cambridge Analytica actually did start as an advertiser later in 2015. So we
could have in theory banned them then.
The Facebook again stands exposed by the pointed questions
by senator and affirmative answers from Marc Zuckerberg. As per terms of
service provided by Kogan, it was known to FB that the App developed by Kogan
is going to extract data from FB and which could be sold further. And these
terms of app of Kogan were accepted by FB prior to issuing installation to
Kogan’s app on FB platform. But in spite of knowing the terms of Kogan’s app,
FB preferred to remain silent and thereby is partner in crime of Data breach of
87 million FB users. The fact that you are aware about violation of privacy
terms by another app developer on your platform and you maintaining silence and
in a way consenting for such violation makes FB equally liable for penalties of
Data breach. When FB was under obligation of FTC order for maintaining Data
privacy of FB users, all this happened and thus makes FB wilful and consenting partner
in crime and should be penalised according to the due process of law. FB has
clearly displayed its scant respect for rule of law and should be held liable
for Data privacy breach.
8) SEN. JOHN CORNYN (R-TEX): Thank
you, Mr. Zuckerberg, for being here. I know in — up until 2014, a mantra or
motto of Facebook was move fast and break things. Is that correct? Do you think
some of the misjudgements, perhaps mistakes that you've admitted to here, were
as a result of that culture or that attitude, particularly as it regards to
personal privacy of the information of your subscribers?
ZUCKERBERG: Senator, I do think that
we made mistakes because of that. But the broadest mistakes that we made here
are not taking a broad enough view of our responsibility. And while that wasn't
a matter — the “move fast” cultural value is more tactical around whether
engineers can ship things and — and different ways that we operate. But I think
the big mistake that we've made looking back on this is viewing our
responsibility as just building tools, rather than viewing our whole
responsibility as making sure that those tools are used for good.
This question by Senator Cornyn about the attitude of FB to
move fast and in process break the things and thereby lot of mistakes or
misjudgements on part of FB and being acknowledged by Marc Zuckerberg is really
an eye-opener for one and all, who are blindly relying on available
technologies only on the pretext that these technologies are used in US and
hence most authenticate and reliable one. The ardent supporters of these
technologies never ever doubted the intentions or pitfall behind creation of
these technologies and in process defended these technologies very passionately
and vehemently. But these admissions that , “big mistake that we've made
looking back on this is viewing our responsibility as just building tools,
rather than viewing our whole responsibility as making sure that those tools are
used for good” should come as a rude shock to these supporters. By only
focusing on building the tools without understanding the capabilities of the
hands holding and exploiting these tools is proving to be disastrous and
catastrophic now. This ignorance towards the responsibilities of educating and
making the society mature and aware before handing over the tools to them and
changed moral values of the generation which has created these technology based tools can not be simply
pardoned by mere apology. The repercussion of these mistakes will be witnessed
by the world in coming years and which will be more devastating and shattering.
Unfortunately many of us are still not ready to believe on these shocking
effects which we are about to witness in near future and are ready to forgive
and Forget Mr. Marc Zuckerberg. But that will be a huge mistake for mankind.
The role of social media in destabilising regimes in Middle East is witnessed
by us. Though there is no concrete evidence, still the role played by CA in US
elections remains undisputed. There are many State’s elections across the world
which will be held in coming months and these tools can be certainly (mis)used
by the politicians/multi-national companies for their betterment though
detrimental in collective national interest. So for a small mistake on part of
FB , how much price world will be required to pay, collectively, will be
assessed in coming years and I only hope that It could be affordable to
collective population of the world.
9) HELLER: How long do you keep a user's data,
once they — after — after they've left? If they — if they choose to delete
their account, how long do you keep their data?
ZUCKERBERG: I don't know the answer
to that off the top of my head. I know we try to delete it as quickly as is
reasonable. We have a lot of complex systems, and it work — takes awhile to
work through all that. But I think we try to move as quickly as possible, and I
can follow up or have my team follow up.
This is what I say an evasive answer. Can anyone believe
that a person who developed the entire app and is at the helm of affairs of the
company doesn’t know the answer of the question asked by Senator Heller?
Everyone knows that FB never deletes the entire data because that Data is the
lifeline of FB business module. Still Mr. Zuckerberg can’t recollect data
retention policy of his company after the user has left FB.
10) HARRIS--During the course of
this hearing, these last four hours, you have been asked several critical
questions for which you don't have answers. And those questions have included
whether Facebook can track user's browsing activity even after the user has
logged off of Facebook, whether Facebook can track your activity across devices
even when you are not logged into Facebook. Who is Face book’s biggest
competition? Whether Facebook may store up to 96 categories of user's
information? Whether you knew whether Kogan's terms of service and whether you
knew if that Kogan could sell or transfer data.
So my question is, did anyone at Facebook
have a conversation at the time that you became aware of this breach, and have
a conversation where in the decision was made not to contact the users?
ZUCKERBERG: Senator, I don't know if
there were any conversations at Facebook overall because I wasn't in a lot of
them. But ...
Here again it was reiterated by the Senator Harris that Mr.
Marc Zuckerberg was asked critical questions to which he don’t have answers or
he preferred to remain silent. So these observations must compel the readers to
draw their own conclusions about the manner in which FB conducted itself in US senate.
Why Mr. Zuckerberg was so evasive to answer critical and very significant
questions asked in senate? Answering to direct question by Senator Harris, he
says there were no discussions regarding Kogan’s confession about Data sale. So
it’s really shocking to know that a CEO of company doesn’t think it important
to discuss issue like Data breach through his platform and tries to undermine
importance of the act. The more basic question is should the world trust such
organisations who are so casual about the Data Security issue? Should there be
more stringent punishments for such civil and criminal wrongs?
11) KENNEDY: Do you have the right
to put my data, a name on my data and share it with somebody?
ZUCKERBERG: I do not believe we have
the right to do that.
KENNEDY: Do you have the ability?
ZUCKERBERG: Senator, the data is in
the system. So ...
KENNEDY: Do you have the ability?
ZUCKERBERG: Technically, I think
someone could do that. But that would be a massive breach. So we would never do
that.
This is clear admission that the system owner where data
resides has the ability to share that data to anybody and use it the way he
likes.
12)
JOHNSON --Do you have any idea how many of your users actually read the
terms of service, the privacy policy, the statement of rights and
responsibilities? I mean, actually read it?
ZUCKERBERG: Senator, I do not.
JOHNSON: Would you imagine it's a
very small percentage?
ZUCKERBERG: Senator, who read the whole
thing? I would imagine that probably most people do not read the whole thing.
But everyone has the opportunity to and consents to it.
The arrogant answer from Mr. Marc Zuckerberg that, “who read
the whole thing” is self explanatory. How the trap is laid by such social media
apps gathering information and how much they are confident about digital
illiteracy of the social media users is evident from these answers. He says
everyone has opportunity to read the same but is convinced that most people
don’t read the same.
This is work of Advocate Mahendra
Limaye. You may contact the author by calling 09422109619 or mail
mahendralimaye@yahoo.com.
