Facebook scandal: EU politicians should aim for straight answers, not star witnesses

Justice commish 'advises' Sheryl Sandberg to send her boss, but is Zuck best one to grill?

Comment Politicians on this side of the Pond need to stop obsessing about getting Mark Zuckerberg in front of them, and start preparing to grill his subordinates.

In the aftermath of the revelations about Facebook data being sold to political consultancy Cambridge Analytica, lawmakers have been queuing up to demand the CEO sits in front of them to face the music.

Just this morning, EU justice commissioner Vera Jourova said that, having spoken on the phone with Facebook chief operating officer Sheryl Sandberg yesterday, she advised the exec that her boss should come to Brussels.

“Of course we’ve been watching [the Congressional hearings],” she told the Today programme. “I said [to Sandberg] the Europeans also have many questions, and it would be advisable if he came to Brussels.”

But, if they really were watching his total ten-hour performance in Washington DC this week, lawmakers in the EU might have realised they aren't missing much more than obfuscation and wordplay.

Take, for example, Zuckerberg’s responses to questions about extending the EU’s General Data Protection Regulation across the world. Yes, he’s happy to say, those controls will be available globally.

But privacy controls - and especially the set of toggles that Facebook is offering - are not the same as giving everyone the same protections and rights that they get under EU law.

As University College London academic Michael Veale puts it, these controls “are a highly restrictive interpretation of data protection law that does not reflect the depth of transparency, accountability, and control the regulation demands”.

Could the EU do it better?

After the hearings, commentators and the Twitterati argued that, had Zuckerberg been sat in front of the EU lawmakers that drafted the GDPR, he would have had a tougher time.

This is possibly true – but only to an extent. Congressmen and women did push him on whether GDPR rights – such as the right to data portability or to object – would apply to everyone, but he slipped out of those questions just as he did the ones on shadow profiles or tracking logged-out users.

The format of US committee hearings is something UK Parliament-watchers can only wonder at. Four minutes per politico, with more than 50 politicos lined up for their moment in the spotlight, does have some downsides.

For a start, many politicians used the opportunity (or wasted the time, depending on your viewpoint) to ask about a pet topic, even if it had been answered numerous times already (hello, social media superstars Diamond and Silk).

(A similar effect occurs in the UK when MPs use their prime minister’s question time slot to ask the PM to join them in support of a local issue - see The Spectator’s Isabel Hardman's Burn Book for the worst offenders.)

But the four-minute rule also meant Zuck could buy himself time by asking for clarifications, while lawmakers taking a rapid-fire "yes or no" approach were told (not always unreasonably) it was a complex issue that "deserves more than a one-word answer".

Get the right person, not the top dog

Facebook CEO's appearances show that – despite the geek-turned-businessman effect created when he dons a suit, and for all his talk of social missions – he is no less of a slick, well-prepped exec who has been trained to dodge questions and protect his firm's interests than any other enterprise tech boss.

He was easily able to shrug off accurate and insightful questions about whether and how Facebook makes inferences about people using a combination of the information they share, the metadata gathered on them and data from brokers.

Either Zuck would re-interpret the question, or say that, although he does get briefings, he is “not familiar with the details” of the issue - he’ll get one of his team to come back on that, for sure.

EU politicos, with their documented disdain for big tech monopolies, would almost certainly be less effusive about his All-American entrepreneurship. But whether they’d be able to stop him from telling half-truths is another question.

Better, then, that the people who drew up some of the toughest data protection and e-privacy laws in the world, and who claim to want to challenge the internet giants, talk to the ones with no excuses to get things wrong.

In two weeks, the UK’s Digital, Culture, Media and Sport committee gets to quiz Mike Schroepfer, Facebook’s CTO.

That gives MPs plenty of time to try out the "Download Your Data" tool they've been told about – and see what it doesn't spit out – for themselves.

They also have time to get briefed on what to ask, and read the reams of articles unpicking Zuck’s answers so they can identify the dodges – like talking about the data users share when the question was about the data they generate – and counter them.

Because if Schroepfer can’t say exactly what browsing information Facebook sucks up through its Custom Audience tool, or feigns ignorance when someone asks about shadow profiles, it’s going to be a lot harder for Facebook to shrug off. And the markets will listen. ®

Other stories you might like

  • Never fear, the White House is here to tackle web trolls
    'No one should have to endure abuse just because they are attempting to participate in society'

    A US task force aims to prevent online harassment and abuse, with a specific focus on protecting women, girls and LGBTQI+ individuals.

    In the next 180 days, the White House Task Force to Address Online Harassment and Abuse will, among other things, draft a blueprint on a "whole-of-government approach" to stopping "technology-facilitated, gender-based violence." 

    A year after submitting the blueprint, the group will provide additional recommendations that federal and state agencies, service providers, technology companies, schools and other organisations should take to prevent online harassment, which VP Kamala Harris noted often spills over into physical violence, including self-harm and suicide for victims of cyberstalking as well mass shootings.

    Continue reading
  • Abortion rights: US senators seek ban on sale of health location data
    With Supreme Court set to overturn Roe v Wade, privacy is key

    A group of senators wants to make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    A bill filed this week by five senators, led by Senator Elizabeth Warren (D-MA), comes in anticipation the Supreme Court's upcoming ruling that could overturn the 49-year-old Roe v. Wade ruling legalizing access to abortion for women in the US.

    The worry is that if the Supreme Court strikes down Roe v. Wade – as is anticipated following the leak in May of a majority draft ruling authored by Justice Samuel Alito – such sensitive data can be used against women.

    Continue reading
  • Tim Hortons collected location data constantly, without consent, report finds
    Hortons hears a sue

    From May 2019 through August 2020, the mobile app published by multinational restaurant chain Tim Hortons surveilled customers constantly by gathering their location data without valid consent, according to a Canadian government investigation.

    In a report published Wednesday, Office of the Privacy Commissioner (OPC) of Canada and the privacy commissioners from three provinces – Alberta, British Columbia, and Quebec – presented the results of an inquiry that began shortly after the publication of a June 2020 National Post article.

    That article revealed the Tim Hortons app tracked location data every few minutes even when relegated to the background, and the report compiled by Canadian privacy officials confirmed as much.

    Continue reading
  • Facebook phishing campaign nets millions in IDs and cash
    Hundreds of millions of stolen credentials and a cool $59 million

    An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it's only getting bigger.

    Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful. Just one landing page - out of around 400 Pixm found - got 2.7 million visitors in 2021, and has already tricked 8.5 million viewers into visiting it in 2022. 

    The flow of this phishing campaign isn't unique: Like many others targeting users on social media, the attack comes as a link sent via DM from a compromised account. That link performs a series of redirects, often through malvertising pages to rack up views and clicks, ultimately landing on a fake Facebook login page. That page, in turn, takes the victim to advert landing pages that generate additional revenue for the campaign's organizers. 

    Continue reading

Biting the hand that feeds IT © 1998–2022