This is absolutely insane. Including that we haven’t heard from Congress today. If Facebook’s breach is seen as old news then certainly 500 million people’s personal data now being posted for free and everything the company failed to do to avoid this outcome is damn important.
It’s also worth noting that Facebook has argued to Canada, UK, even local US regulators that they have no jurisdiction over Facebook’s failures to protect its user data. So who the F is in charge here? ⬆️ so far America is allowing Facebook to wreck the world.
Here is the spin by Facebook comms shared across their team and pushed out aggressively to press over the weekend to gaslight whether this is news or not.
And the press, even those involved in prior reports, can’t keep up with Facebook’s data abuses. Old problem but resurfaced when your FTC relies on monetary solutions rather than fixing leadership and cover-up.
good point, @ashk4n. Press, Congress should be leaning in hard on timing here. FTC's $5B settlement was announced 7/24/19. I want to know whether FB knew about this security lapse let alone breach when it signed the settlement? Did FTC Chair know about it?
Remarkable as Facebook was negotiating a $5B settlement for a breach of 87 million records covered up from PWC audit and public, they were in middle of an even larger 500 million record breach. State of R.I., now suing why FB was willing to overpay to settle, may have its answer.
Let's take a tour to see some accounts that were in the breach. Not sure the Pope will answer his phone number but go for it.
Adding here. If you want to check the breach, highly recommend @haveibeenpwned. As operator @troyhunt notes and @ashk4n, thanks to Facebook we now have a first global phone book. I’ll add it also set a 💣 to phone # isn’t personal data which was being made just a few years ago.
In related news, Facebook - and its friendlies - appear to still publicly be going with this message and spreading it. This won’t last.
Adding this here to keep in single thread. Appears Ireland DPC (lead data regulator in Europe for Facebook) is hearing something different. I don’t see how FTC settlement and this can co-exist without a cover-up.
For those who have noted your phone number was never included in your profile, reminder FTC complaint did include allegation that the 2-factor security process was abused by Facebook to microtarget ads at you.
If Ireland DPC was 1) informed the breach was prior to GDPR (May 25, 2018) then 2) FTC should have known when they settled all incidents prior to June 12, 2019 for $5B or 3) FTC signed the deal without Facebook telling them about this? 🤦🏽♀️
I point to the timeline because if Facebook told its EU regulator it fixed the issue April 4 2018, Zuckerberg also testified this six days later to @SenCoryGardner on April 10, 2018 so he may have wanted to mention the vulnerability even if it hadn’t been knowingly abused.
And they certainly would have had a duty to inform their users according to his testimony to @SenatorBaldwin on same date April 10, 2018 which is sort of core to the entire hearing and Facebook’s cover-up.
But now Facebook is feeding to the press they fixed the issue August 2019 which happens to be:
-15 months after GDPR enforcement rolled out
-one month after $5B FTC settlement absolving them of pre-June 12th harms
-two months before Zuckerberg testified this to @RepDean - watch.
I should add the April 26th, 2018 testimony by the CTO of Facebook. Listen careful to how he responds to @JoStevensLabour regarding a different data breach. Again, Facebook’s EU data regulator says they claimed to have fixed this other vulnerability ⬆️ a few weeks earlier.
Wow, this is some next-level BS even for Facebook. Their excuse is the equivalent to arguing that if I provide social security numbers to a bank and the bank gives me names for each of them then the bank didn’t actually reveal any social security #s. 🤦🏽♀️ wired.com/story/facebook…
I mean this is the crazy nonsense that Facebook vomited out in 2018 during testimony to @DamianCollins@CommonsDCMS in order to suggest Cambridge Analytica didn’t have Facebook’s data, FB data wasn’t sold and there wasn’t a “breach.”
Jackpot, though. This line confirms the issue was present in 2019 AFTER the June 12th get of jail free card that Facebook purchased for $5 BILLION and AFTER EU GDPR enforcement began on May 25, 2018. Time to start calling for investigations. Their word is garbage.
It’s important to realize Facebook is posting the above on its blog 4 days later and feeding “off record” language to press. The language is coming from people with zero credibility at this point due to their blindly protecting the company for years. Press should be digging in.
“It’s an audacious move for a company worth over $300 billion, with $61 billion cash on hand, to ask its users to secure their own information, especially considering how byzantine and complex the company’s settings menus can be.” vice.com/en/article/88a…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
We're up to a couple hundred people in this Twitter Space including the technologists who discovered the Facebook vulnerability, the 500 million personal data records, and others who have spent careers trying to get Facebook to be a better company. twitter.com/i/spaces/1RDxl…
Again, my only hope, in light of Facebook's (poor) messaging, was to get closer to truth, ID'ing public harms and solutions. A ton of press were listening in, too, and then of course we heard from @carolecadwalla who has very closely witnessed how Facebook covers up stories. 2/2
Great get, @karaswisher interview of @tim_cook. Lean-in at 8:20-16:30 as Cook brilliantly discusses why privacy is “bedrock” - “one of top issues of 21st century.” We believe data policy extends to enforcement of competition policy with Googl and Facebook. podcasts.apple.com/us/podcast/swa…
Cook spends time answering why any tracking company (ahem, Facebook) would be treating privacy enhancements as existential. He reconfirms iOS 14.5 (see ATT) to enhance choice to not have apps track across apps rolls out in next two weeks. 🙏🏽 and he avoids company specifics...but
it’s the right point that it’s not existential for Facebook. It just constrains Facebook’s revenues and profits from mining your behaviors when you’re not choosing to use their apps. this is a good thing, no negative effect on users. Only FB’s stock. And don’t even get me...
Yes, Facebook needs heightened regulations *and* antitrust enforcement but worth pointing out we’re also here because FTC and Congress were willing to get paid off in 2018/19 rather than deal with the core issues at the company. $5 billion to protect leadership and bury cover-up.
And yes, worth noting # of US personal records in this Facebook breach is similar to the case ⬆️. And that one we only were told in a report last year was used for election harms to suppress black voters. We also learned several people likely perjured themselves. ht @slpng_giants
So yes it matters it was never properly dealt with and instead Facebook leadership was either protected, even rewriting history through press leaks, or off launching “oversight” programs at leading academic institutions while public continues to be harmed.
whew, ok, I made it thru this new class action suit vs Google. 1) like state AGs, focused on ads at intersection of data policy and competition policy 2) lead also brought impressive suit vs Facebook in 2018 (still active) 3) feels more like racketeering👀 documentcloud.org/documents/2053…
there is an interesting claim how Google and Facebook mutually benefited each other enriching data. Reminder, Google merged cookies in Fall 2016 ahead of AG's alleged Facebook+Google collusion in 2017. Cites 🙏🏾WSJ/NYT reporting by @ryanjtracy@JeffHorwitz / @tiffkhsu@daiwaka.
Very interesting point: "Through this amendment, Google explicitly takes the position that nonconsensual surveillance of 'browsing history' is 'dishonest behavior.'"
Watch. Canada first sent Mark Zuckerberg and Sheryl Sandberg a summons to testify nearly two years ago. It’s incredible Facebook can still send in this guy yesterday to make statements like this to Parliament. Of course, when UK pressed too hard, Zuckerberg threatened them. 1/2
Just watch. Another from yesterday. 2/2
They sent him in 2019 to answer Parliaments from around the globe, too.
I would argue this is the most important line of questioning connecting data policy to competition. ETHI (ethics committee) also arrived there in 2019 and it’s why FB is so freaked out by data protection changes from Apple and govts. ht @juliedabrusin