Wednesday, May 2, 2018

Mark Zuckerberg answers before U S Congress and some food for thought by Adv. Mahendra Limaye.


Let me give you brief idea about the analysis of this Marc Zuckerberg interaction with Senators in U S Senate. On backdrop of Cambridge Analytica scandal every digital citizen is concerned about the security of his data but in reality unable to understand on whom to trust? U S Congress initiated a proactive move and called founder of Facebook to explain about these data leak concerns and many more related data ownership issues. We may be thinking that these issues are concerning U S scenario and irrelevant in Indian context. So to make Indian as well as global netizens aware about what was the take away of entire proceedings in Indian as well as global context, this analysis is done by advocate Mahendra Limaye, a renowned Cyber Legal Consultant and Faculty for Cyber Laws. Let me be very candid and clear about the analysis. The majority of the replies by Mr. Zuckerberg, to various pointed and well articulated questions by 44 U S senators were answered very evasively and infertile manner. Mr. Zuckerberg tried to be more like a politician than a Technocrat by diverting the attention of entire questioning to some other non-relevant issue or promising to get back with the answer with concerned person after some time.

A technocrat was expected to provide more definite, conclusive and logical answers on the backdrop of his opening remarks that, “We didn’t take a broad enough view of our responsibility, and that was a big mistake. It was my mistake, and I’m sorry. I started Facebook, I run it, and I’m responsible for what happens here.” But in reality what I observed was that these were all tutored answers by battery of legal luminaries at his discretion, who advised him not to commit any more mistakes and provide any evidences against him to be sued.
Let’s start with analysis of the answers by Mr. Zuckerberg to questions by the senators.
1) Senator NELSON: “Yes, you did that, and you apologized for it. But you didn't notify them. And do you think that you have an ethical obligation to notify 87 million Facebook users?”
ZUCKERBERG: “Senator, when we heard back from Cambridge Analytica that they had told us that they weren't using the data and had deleted it, we considered it a closed case. In retrospect, that was clearly a mistake.”
Now here question was specific about whether notification was given to 87 million FB users whose Data was compromised and answer was not to the point. So by admitting the mistake whether notifications to 87 million users were sent remained unanswered and in my view it needs to be answered and if answer is negative then strict action should be taken against FB.
NELSON: Well, the recent scandal is obviously frustrating, not only because it affected 87 million, but because it seems to be part of a pattern of lax data practices by the company, going back years.So, back in 2011, it was a settlement with the FTC. And, now, we discover yet another incidence where the data was failed to be protected. When you discovered that Cambridge Analytica — that had fraudulently obtained all of this information, why didn't you inform those 87 million?
ZUCKERBERG: No, senator, for the same reason — that we'd considered it a closed — a closed case.
It is evident that Facebook was guilty of non-protection of user’s data in 2011 and there was settlement with FTC and this is not the first incidence wherein FB is accused of data breaches. It means FB seems to be habitual offender or in mild words bit casual as far as data security is concerned. And again Mr. Zuckerberg gives evasive answer that we thought it to be closed case. So simple doubt which may come in anyone’s mind is if a company like FB can be so casual in ascertaining whether data is permanently deleted or not and also not concerned about intimation to 87 million users about data compromise; is this company really resolute, willing and capable of protecting data of 200 million users across the globe? Whether people should rely on the capabilities of FB to protect their data? Is FB really concerned about security?
2) FEINSTEIN: “If you knew in 2015 that Cambridge Analytica was using the information of Professor Kogan's, why didn't Facebook ban Cambridge in 2015? Why'd you wait?”
ZUCKERBERG:  “Senator, that's a — a great question. Cambridge Analytica wasn't using our services in 2015, as far as we can tell. So this is — this is clearly one of the questions that I asked our team, as soon as I learned about this — is why — why did we wait until we found out about the reports last month to — to ban them. It's because, as of the time that we learned about their activity in 2015, they weren't an advertiser. They weren't running pages. So we actually had nothing to ban.”
This answer clearly establishes how much FB was concerned about Data leak and tried to hide it from entire world. Had it not been revealed by the WHISTLE-BLOWER Mr. Christopher Wylie, FB would have tried to keep it under carpet and it proves the mindset of the people working at top-management with FB. They knew well in 2015 that Data breach has happened but tried to underplay entire incident in hope that it will never see a light and will be buried under the time. But the people at the helm of affairs at FB seem to have forgotten the golden rule that DATA NEVER SLEEPS. In my views FB also attracts the penal provisions for wilfully hiding the facts and being a part of criminal conspiracy. And though CA were not using services of FB, it was established that Kogan’s app has provided the requisite data and he could have been very well acted upon by FB. FB didn’t initiate the legal action against Kogan and this act substantiates that FB must have received some monitory penalties from Kogan and might have hushed up the matter.
3) SEN. ORRIN G. HATCH : Why Facebook and Google don’t charge for access? Nothing in life is free. Everything involves trade-offs. If you want something without having to pay money for it, you're going to have to pay for it in some other way, it seems to me. And that's where — what we're seeing here. And these great websites that don't charge for access — they extract value in some other way. It’s consumer choice. Do users understand what they're agreeing to — to when they access a website or agree to terms of service? Are websites upfront about how they extract value from users, or do they hide the ball? Do consumers have the information they need to make an informed choice regarding whether or not to visit a particular website? To my — to my mind, these are questions that we should ask or be focusing on. Well, if so, how do you sustain a business model in which users don't pay for your service?
ZUCKERBERG: Senator, we run ads.
The question by senator itself explains more than what was answered by Mr. Zuckerberg. If you are getting something free then you have to pay for it in some other form and in the case of FB, it’s your data which you upload on FB. It’s also queried that whether users are aware about how value is extracted from their posts, for which Mr. Zuckerberg preferred silence and remained answerless. His only answer to entire direct question was we run ads. He has never come up with the details about revenue received from ads and targeted ads revenue. I need to explain what I mean by ads and targeted ads for readers understanding. I presume that FB ad tariff is based on the number of audience you want to cater and the time and geographical demography. The more precise your target audience, the higher would be the ad rates as FB would be putting more efforts in Data mining for targeted ads. So it can be certainly presumed that the more data you put on FB, it’s more advantageous for FB to exploit you for targeted advertisement. By running simple ads which can be open for all the users of FB, FB is not earning much revenue but by providing facility of targeted audience FB is making most of its money and it may be concluded that by exploiting Data of the users FB is making money. If we understand traditional advertising like newspapers, electronic or hoardings, the tariffs vary mostly on circulation and page location in case of newspapers; viewership and time slot in case of electronic media; location, size and number of footfalls in case of hoardings. And these tariffs are same for all the advertisers and the important data like circulation of newspaper or viewership of electronic media are available for general public to access. All these advertising media’s cannot assure the desired outcome of the advertising but FB, having huge analysed Data of users at its discretion, can certainly assure targeted audience by more precision and have monopoly over the data. Another major difference is other ads are open to all the audience who happen to come across the same whereas targeted ads by Facebook are displayed to pre-selected set of people. So these running of ads by FB can’t be covered under category of simple ads but needs to be redefined and regulated under certain different category where innocent user’s personal information is commercially exploited. In reality user’s innocence and ignorance about what happens to their data after its put on social media platforms is cleverly exploited by Mr. Zuckerberg on pretext of offering the services for free. This needs to be certainly debated at length and regulated as FB has failed miserably to protect that Data and thereby caused huge loss to the users.
4) WICKER- Is it true that — as was recently publicized, that Facebook collects the call and text histories of its users that use Android phones?
ZUCKERBERG: Senator, we have an app called Messenger for sending messages to your Facebook friends. And that app offers people an option to sync their — their text messages into the messaging app, and to make it so that — so basically so you can have one app where it has both your texts and — and your Facebook messages in one place. We also allow people the option of ...
WICKER: You can opt in or out of that?
ZUCKERBERG: It is opt-in. You — you have to affirmatively say that you want to sync that information before we get access to it.
This revelation shows that the default settings of most of the features of FB are public and unless you allow FB for ownership and use of the basic information shared on platform, FB doesn’t permit to use those features. It is expected that all the users must select the audience to whom they like to share their information but default settings are such that all the information is made public. It also highlights that FB collects the call as well as text histories of its users when accessed by android phones. It may be possible for FB to gain access to your android phone’s phone book, photos and other audio as well as video files.
WICKER: One other thing: There have been reports that Facebook can track a user's Internet browsing activity, even after that user has logged off of the Facebook platform. Can you confirm whether or not this is true?
ZUCKERBERG: Senator — I — I want to make sure I get this accurate, so it would probably be better to have my team follow up afterwards.
WICKER: You don't know?
ZUCKERBERG: I know that the — people use cookies on the Internet, and that you can probably correlate activity between — between sessions. We do that for a number of reasons, including security, and including measuring ads to make sure that the ad experiences are the most effective, which, of course, people can opt out of. But I want to make sure that I'm precise in my answer, so let me...
Now here Mr. Zuckerberg has clearly ducked the straight forward question about cookies and replies that my team will follow up the same. But after being asked whether he don’t know the answer he acknowledges that FB utilises cookies for assessing the ad experiences, and this affirms my previous assessment that FB’s ad’s can’t be termed as  simple ad’s but those are targeted ad’s after commercially exploiting the free information shared through FB platform by the users. So this again reaffirms that FB is not offering anything free to users but rather making fool of the people by commercially exploiting them.
5) GRAHAM: Do you think the average consumer understands what they're signing up for?
ZUCKERBERG: I don't think that the average person likely reads that whole document.
Now this open acknowledgment that average person does not understand what they are signing up for poses very serious issues about Data privacy and Data security. If people world over don’t understand what they are committing is right or wrong then its respective State’s responsibility and duty to educate people and make them aware about traps and pitfalls laid through social media, as most of the governments are making use of social media in promoting its welfare schemes. It must be considered as primary duty of State to make its citizen digital literate and educated in this era of digitalisation. The social media platforms should not be given free licence to exploit digital illiteracy of the citizen across globe and thereby making people’s data more vulnerable.
6) BLUNT: Do you track devices connected to the device used by individual for their Facebook connection, but (those devices) not necessarily connected to Facebook?
ZUCKERBERG: Yes. There — there may be some data that is necessary to provide the service that we do. But I don't — I don't have that on — sitting here today. So that's something that I would want to follow up on.
This answer is more than an admission that the connected or networked devices are also not safe as far as Data safety and security is concerned. In other words it may be possible that someone may be using mobile phone for accessing FB but the connectivity of that mobile phone is through some hotspot to which more than one device is connected and then FB is capable of extracting some data from all those connected devices or FB may be used on mobile on which other banking apps may be operated and it may be possible for FB to get hold of your banking transactions information. If this understanding is true then just imagine the fate of information residing on all the devices which are in network with the computer or laptop or mobile being used to access FB. The more significant issue is how many users understand these complexities in technologies? There mere understanding is I can access the whole world in privacy. BUT IS THIS UNDERSTANDING TRUE? We certainly have collective responsibility to educate such digital illiterates and make them aware that their privacy is like a glass room where whole world with the help of connected devices can get hold of all his activities done in presumed privacy. And I think this could be greatest service we can offer to mankind in digital era.
7) BLUMENTHAL: I want to show you the terms of service that Alexander Kogan provided to Facebook and note for you that; in fact, Facebook was on notice that he could sell that user information. Have you seen these terms of service before?
ZUCKERBERG: I have not.
BLUMENTHAL: Doesn't that term of service conflict with the FTC order that Facebook was under at that very time that this term of service was, in fact, provided to Facebook. And you'll note that— the FTC order specifically requires Facebook to protect privacy. Isn't there a conflict there?
ZUCKERBERG: Senator, it certainly appears that we should have been aware that this app developer submitted a term that was in conflict with the rules of the platform.
BLUMENTHAL: Well, what happened here was, in effect, wilful blindness. It was heedless and reckless, which, in fact, amounted to a violation of the FTC consent decree. Would you agree? Your business model is to monetize user information to maximize profit over privacy. And unless there are specific rules and requirements enforced by an outside agency, I have no assurance that these kinds of vague commitments are going to produce action.
ZUCKERBERG: Senator, we have already a “download your information” tool that allows people to see and to take out all of the information that Facebook — that they've put into Facebook or that Facebook knows about them. So, yes, I agree with that. We already have that. Cambridge Analytica actually did start as an advertiser later in 2015. So we could have in theory banned them then.
The Facebook again stands exposed by the pointed questions by senator and affirmative answers from Marc Zuckerberg. As per terms of service provided by Kogan, it was known to FB that the App developed by Kogan is going to extract data from FB and which could be sold further. And these terms of app of Kogan were accepted by FB prior to issuing installation to Kogan’s app on FB platform. But in spite of knowing the terms of Kogan’s app, FB preferred to remain silent and thereby is partner in crime of Data breach of 87 million FB users. The fact that you are aware about violation of privacy terms by another app developer on your platform and you maintaining silence and in a way consenting for such violation makes FB equally liable for penalties of Data breach. When FB was under obligation of FTC order for maintaining Data privacy of FB users, all this happened and thus makes FB wilful and consenting partner in crime and should be penalised according to the due process of law. FB has clearly displayed its scant respect for rule of law and should be held liable for Data privacy breach.   
8) SEN. JOHN CORNYN (R-TEX): Thank you, Mr. Zuckerberg, for being here. I know in — up until 2014, a mantra or motto of Facebook was move fast and break things. Is that correct? Do you think some of the misjudgements, perhaps mistakes that you've admitted to here, were as a result of that culture or that attitude, particularly as it regards to personal privacy of the information of your subscribers?
ZUCKERBERG: Senator, I do think that we made mistakes because of that. But the broadest mistakes that we made here are not taking a broad enough view of our responsibility. And while that wasn't a matter — the “move fast” cultural value is more tactical around whether engineers can ship things and — and different ways that we operate. But I think the big mistake that we've made looking back on this is viewing our responsibility as just building tools, rather than viewing our whole responsibility as making sure that those tools are used for good.
This question by Senator Cornyn about the attitude of FB to move fast and in process break the things and thereby lot of mistakes or misjudgements on part of FB and being acknowledged by Marc Zuckerberg is really an eye-opener for one and all, who are blindly relying on available technologies only on the pretext that these technologies are used in US and hence most authenticate and reliable one. The ardent supporters of these technologies never ever doubted the intentions or pitfall behind creation of these technologies and in process defended these technologies very passionately and vehemently. But these admissions that , “big mistake that we've made looking back on this is viewing our responsibility as just building tools, rather than viewing our whole responsibility as making sure that those tools are used for good” should come as a rude shock to these supporters. By only focusing on building the tools without understanding the capabilities of the hands holding and exploiting these tools is proving to be disastrous and catastrophic now. This ignorance towards the responsibilities of educating and making the society mature and aware before handing over the tools to them and changed moral values of the generation which has created these  technology based tools can not be simply pardoned by mere apology. The repercussion of these mistakes will be witnessed by the world in coming years and which will be more devastating and shattering. Unfortunately many of us are still not ready to believe on these shocking effects which we are about to witness in near future and are ready to forgive and Forget Mr. Marc Zuckerberg. But that will be a huge mistake for mankind. The role of social media in destabilising regimes in Middle East is witnessed by us. Though there is no concrete evidence, still the role played by CA in US elections remains undisputed. There are many State’s elections across the world which will be held in coming months and these tools can be certainly (mis)used by the politicians/multi-national companies for their betterment though detrimental in collective national interest. So for a small mistake on part of FB , how much price world will be required to pay, collectively, will be assessed in coming years and I only hope that It could be affordable to collective population of the world.
 9) HELLER: How long do you keep a user's data, once they — after — after they've left? If they — if they choose to delete their account, how long do you keep their data?
ZUCKERBERG: I don't know the answer to that off the top of my head. I know we try to delete it as quickly as is reasonable. We have a lot of complex systems, and it work — takes awhile to work through all that. But I think we try to move as quickly as possible, and I can follow up or have my team follow up.
This is what I say an evasive answer. Can anyone believe that a person who developed the entire app and is at the helm of affairs of the company doesn’t know the answer of the question asked by Senator Heller? Everyone knows that FB never deletes the entire data because that Data is the lifeline of FB business module. Still Mr. Zuckerberg can’t recollect data retention policy of his company after the user has left FB.
10) HARRIS--During the course of this hearing, these last four hours, you have been asked several critical questions for which you don't have answers. And those questions have included whether Facebook can track user's browsing activity even after the user has logged off of Facebook, whether Facebook can track your activity across devices even when you are not logged into Facebook. Who is Face book’s biggest competition? Whether Facebook may store up to 96 categories of user's information? Whether you knew whether Kogan's terms of service and whether you knew if that Kogan could sell or transfer data.
So my question is, did anyone at Facebook have a conversation at the time that you became aware of this breach, and have a conversation where in the decision was made not to contact the users?
ZUCKERBERG: Senator, I don't know if there were any conversations at Facebook overall because I wasn't in a lot of them. But ...
Here again it was reiterated by the Senator Harris that Mr. Marc Zuckerberg was asked critical questions to which he don’t have answers or he preferred to remain silent. So these observations must compel the readers to draw their own conclusions about the manner in which FB conducted itself in US senate. Why Mr. Zuckerberg was so evasive to answer critical and very significant questions asked in senate? Answering to direct question by Senator Harris, he says there were no discussions regarding Kogan’s confession about Data sale. So it’s really shocking to know that a CEO of company doesn’t think it important to discuss issue like Data breach through his platform and tries to undermine importance of the act. The more basic question is should the world trust such organisations who are so casual about the Data Security issue? Should there be more stringent punishments for such civil and criminal wrongs?
11) KENNEDY: Do you have the right to put my data, a name on my data and share it with somebody?
ZUCKERBERG: I do not believe we have the right to do that.
KENNEDY: Do you have the ability?
ZUCKERBERG: Senator, the data is in the system. So ...
KENNEDY: Do you have the ability?
ZUCKERBERG: Technically, I think someone could do that. But that would be a massive breach. So we would never do that.
This is clear admission that the system owner where data resides has the ability to share that data to anybody and use it the way he likes.
12)  JOHNSON --Do you have any idea how many of your users actually read the terms of service, the privacy policy, the statement of rights and responsibilities? I mean, actually read it?
ZUCKERBERG: Senator, I do not.
JOHNSON: Would you imagine it's a very small percentage?
ZUCKERBERG: Senator, who read the whole thing? I would imagine that probably most people do not read the whole thing. But everyone has the opportunity to and consents to it.
The arrogant answer from Mr. Marc Zuckerberg that, “who read the whole thing” is self explanatory. How the trap is laid by such social media apps gathering information and how much they are confident about digital illiteracy of the social media users is evident from these answers. He says everyone has opportunity to read the same but is convinced that most people don’t read the same.
  
This is work of Advocate Mahendra Limaye. You may contact the author by calling 09422109619 or mail mahendralimaye@yahoo.com.


No comments:

Post a Comment