Facebook's Threat To NYU Researchers Is A Mistake, But It's The Inevitable Follow On To Overreaction To Cambridge Analytica

from the research-v-abuse dept

Late on Friday news came out that Facebook had sent a cease and desist letter to researchers at NYU working on the Ad Observatory project. At issue was that the project had asked people to install a browser extension that would share data back to NYU regarding what ads they saw. Facebook — responding to significant criticism — has put forth an ad library that allows researchers to search through what ads are being shown on Facebook and who is behind them (which is good transparency!), but it does not show how those ads were targeted. This is what the researchers at NYU were trying to collect data on. And that is a reasonable research goal.

Facebook has argued that this is a breach of Facebook’s terms of service — though it does seem notable that this is coming out right around the same time that these very same researchers discovered that Facebook’s promise to properly label political ads isn’t working so great (it’s a tangent, but this is why promising to label political ads may be problematic in the first place: you’re going to miss a bunch, especially on a platform this big).

The Knight 1st Amendment Center at Columbia is representing the researchers and is condemning this move (and the researchers are refusing to comply with the cease-and-desist). Here’s the Knight Center’s litigation director Alex Abdo:

?Frankly it?s shocking that Facebook is trying to suppress research into political disinformation in the lead-up to the election. There?s really no question more urgent right now than the question of how Facebook?s decisions are shaping and perhaps distorting political discourse. It would be terrible for democracy if Facebook is allowed to be the gatekeeper to journalism and research about Facebook.?

This is not the first time that the Knight Center and Facebook have clashed over research. Two years ago, the Center had asked Facebook to create a special safe harbor for journalists doing research on the platform, to avoid having them face CFAA claims. Facebook declined.

I think this is a bad move by Facebook and a huge mistake. I think it’s a mistake on multiple levels: political, technological, legal and just on general PR. However, I will give one sliver of a defense to Facebook: it likely feels somewhat forced into this because of the years-long over-reaction to Cambridge Analytica. Cambridge Analytica did a bunch of bad stuff, and it started out as an “academic” claiming (misleadingly) that he was merely doing “academic research” on Facebook users — creating a Facebook app that would get users to basically cough up data about their entire social graph. The “academic” then gave the data over to the company (violating the rules), which then became part of a political advertising machine. Eventually, Facebook was pretty significantly fined, in part because of Cambridge Analytica’s ability to extricate and share that data.

You may note some similarities. Ostensibly academic researchers asking users to install something to collect some data about Facebook users, and then collecting that data for “research.” Given what happened with Cambridge Analytica, you might see why some folks within Facebook would be reasonably gunshy about letting this happen again — and that may explain the company’s aggressive legal response. And, you and I can say “but NYU is a respected institution — they’re not going to abuse this data” but the guy who did the data for Cambridge Analytica was initially at Cambridge, also a respected university.

You might also argue that since Facebook has been dinged by the FTC, in part over this, and the consent decree doesn’t really specify that this there are separate rules for “legitimate” research, it has to do this. Indeed, that’s kind of what Facebook itself is now arguing in response to this:

However, I believe the scenario here is quite different for a few key reasons. The original data used (eventually) by Cambridge Analytica was created via a Facebook app, for which the developer had to sign an agreement with Facebook that promised not to use the data in this way. And he was using the setup of Facebook’s own tools to extract this data. That is, it was Facebook’s API making this information available.

This is very, very different from what the NYU researchers are doing. They’re asking users to install a browser extension (i.e., outside the Facebook ecosystem and not using the Facebook API or signing any kind of agreement with Facebook) in order to extract data from their own computers (again, not via the Facebook API, or the Facebook servers). And while Facebook may not like it, it’s problematic that the company is arguing that it can step in and argue that end users can’t — by their own choice — install an app they want on their own computers to capture the data that is on their own computers.

So, I think there’s a pretty strong argument that me on my computer installing software to collect data in my own browser is not “unauthorized access” in any sense of the term, no matter what Facebook or the FTC might think. In fact, I’d argue that thinking that me collecting data out of my own browser and willfully handing it over to someone I chose to is, frankly, none of Facebook’s business — and it suggesting that this is a form of “unauthorized access” (which has a specific meaning under the CFAA) is crazy.

Indeed, this gets back to the infamous (and dangerous) lawsuit between Facebook and Power, in which Facebook won a CFAA claim, in part because it had sent a cease-and-desist. I still think this case was wrongly decided and the ramifications are huge, and are one of the reasons why Facebook remains so dominant today. But, in that case, again, it involved a third party offering a service to end-users who willingly chose to use the software, in order to gain access to their Facebook data in order to interact with it in a different way (in Power’s case via a universal social media dashboard).

Unfortunately, I fear that the similarities to the Power case make this dangerous for the NYU researchers — though they make a much more sympathetic defendant than a for-profit startup. And, the facts here are somewhat distinguishable from the Power case (the app here is simply collecting data in a user’s browser, rather than doing an independent login and sucking out data).

We should be able to install whatever software we want — even if Facebook doesn’t like it — to access data on our own computers. Facebook should have no say in that, and shouldn’t be able to reach into our computers with a legal effort to block it. If the services were somehow damaging Facebook’s technology, I could understand the issue. But this is just about reading the information on your own computer sent by Facebook and collecting and sharing that information, and it’s done entirely outside the Facebook ecosystem. Facebook should not only drop the threat, but it should actually support this kind of important research.

Filed Under: , , , , , ,
Companies: facebook, nyu

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Facebook's Threat To NYU Researchers Is A Mistake, But It's The Inevitable Follow On To Overreaction To Cambridge Analytica”

Subscribe: RSS Leave a comment

This comment has been flagged by the community. Click here to show it.

PaulT (profile) says:

Re: Re: Hey, "D", explain your TWELVE YEAR gap.

It’s all a conspiracy to make you look like an idiot when you start ranting about something that nobody else cares about. You fell into our trap perfect, nut job.

Seriously, though, does anyone else remember what stage of the pattern this is? I can’t remember if the jumping at shadows tends to come before or after the flooding threads with 20 comments whining about he’s getting blocked, only for us to see all of the comments, and I want to plan popcorn orders for the eventual meltdown.

Bloof (profile) says:

They would do the same thing if Cambridge Analytica hadn’t happened because facebook is a huge rock they don’t want anyone looking beneath. The more people see what’s being hidden from view, the more they’re repulsed and that’s bad for the bottom line, and the analytica scandal gives them convenient cover for when they go after legitimate research.

Khym Chanur (profile) says:

From a tweet by Sriram Krishnan, quoted in a tweet by Rob Leathern:

User consent is meaningless here as you can’t consent for your friends.

  1. A browser plugin has access to all of your friends data who never consented to this.

  2. Even if limited to ads ( a huge IF), ads also have embedded social data from friends which doesn’t belong to you

1) What friends data would the plugin have access to, besides the list of who your friends are? (I don’t use Facebook, so I wouldn’t know)
2) What social data about your friends is embedded in ads on Facebook?

Anonymous Coward says:

Re: Re:

Number 2 is a bit shaky of a statement. Unless FB is pushing friends data into their ad service and that info is being pushed into the ad placements… I doubt this is a thing. It sounds more like FUD than fact.

You do have a lot of friend info in your feed — things they posted, online status, the People You Might Know section has other people and shows how they are connected to people who are connected to you… so yes FB has a lot of info about your friends that they surface to you while trying to suck you in further.

With that said, these researchers could easily allay fears by allowing others to see their code and make sure it only targets the ad section of the FB page — but then again, FB likes to put adds everywhere including in the middle of your feed, so it may not be that cut and dry.

This comment has been flagged by the community. Click here to show it.

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Re: Re: Grave Matter Has Arisen -- Explain this, "Matthew C

Go on, kids, try to explain an account with the characteristic name change and activating after TWELVE YEARS without least mention as other than astro-turfing.

The hoots here are incomparable. TD is the most fun site on teh internets, if’n ya take it right.

[Boy, the "filter" is working hard today, blocks PART some of the time. But it’s IN, and you’re welcome.]

This comment has been flagged by the community. Click here to show it.

Khym Chanur (profile) says:

Re: Re: Re:2 Grave Matter Has Arisen -- Explain this, &qu

And for that matter, "Khym Chanur", explain your name change from "___"!

I decided to try to minimize the connection between my handle "Khym Chanur" and my real name. If I could have I would have renamed my account to my real name, but I can only change the display name. I decided that I didn’t want to start all over again with a new account, so I just changed my display name back to the same as my account name. For occasions where mere minimization of the connection isn’t enough, I create brand new accounts with account names and email entirely separate from either "Khym Chanur" or my real name.

This comment has been flagged by the community. Click here to show it.

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

Re: Grave Matter Has Arisen NEW RECORD ZOMBIE! 12 YEAR 1 MONTH

Grave Matter Has Arisen


D or Devang: 26 (<2), 3 Jan 2006 https://www.techdirt.com/user/cleanup_crew

Go on, kids, try to explain an account with the characteristic name change and activating after TWELVE YEARS without least mention as other than astro-turfing.

The hoots here are incomparable. TD is the most fun site on teh internets, if’n ya take it right.

Rishytk (user link) says:

how to tell if a chinese girl likes you

Primal cravings vaccines

PM urges localities to accelerate supervision of Covid vaccines

At the conference The PM spoke this statement at an online conference about healthcare work in 2022 with the <a href=https://www.love-sites.com/latin-women-date-online-dating-advice-for-men/>Latin women</a> engagement of leaders of 63 provinces and cities this morning. He said that listening to advice from Ho Chi Minh City’s experience, Other localities must be faster in vaccination rollout. pm Pham Minh Chinh said that in 2021, Ho Chi Minh City was the country’s largest epidemic center. The southern largest city faced difficulties because it’s the most populous city. encouraging person he knows, The city prioritized the organization of vaccines, Medical add-ons, And human resources. therefore, The crisis in Ho Chi Minh City is under good control now. He emphasized that Ho Chi Minh City has been open for nearly a month now with the number of instances and deaths from Covid 19 decreasing sharply. The city has turned out the green zone. This achievement resulted from good admin of the Covid vaccine, this is an early priority for the city. The prime minister <read>more.] About PM urges localities to accelerate current administration of Covid vaccinesVit Nam refutes ‘false’ claim on militia deployment in East SeaLk Lake, A serene solitude spot in the Central Highlands16,715 new COVID 19 cases reported on ThursdayMasan Group Top ASEAN consumer pick according to Bank of America16,715 new cases unveiled on January 20Vit Nam, Hungary foster parliamentary cooperationApple discontinues full size HomePod, to focus on HomePod miniiPhone demand weakness just ‘noise,’ outlook stays on strong, Analyst saysAd guaranteed HBO Max option coming in JuneApple Watch SE returns to $259, Cellular $309 in today’s Amazon dealsDaVinci Resolve and Fusion now known as support M1 Macs.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...