Data Privacy Matters: Facebook Expands Encryption Just After Facebook Messages (Obtained Via Search Warrant) Used To Charge Teen For Abortion

Privacy

from the encrypt-all-the-things dept

In the wake of the Dobbs decision overturning Roe v. Wade, there has been plenty of attention paid to the kinds of data that companies keep on us, and how they could be exposed, including to law enforcement. Many internet companies seemed somewhat taken by surprise regarding all of this, which is a bit ridiculous, given that (1) they had plenty of time to prepare for this sort of thing, and (2) it’s not like plenty of us haven’t been warning companies about the privacy problems of having too much data.

Anyway, this week, a story broke that is re-raising many of these concerns, as it’s come out that a teenager in Nebraska has been charged with an illegal abortion, after Meta turned over messages on Facebook Messenger pursuant to a search warrant, which was approved following an affidavit from Norfolk Police Detective Ben McBride.

This is raising all sorts of alarms, for all sorts of good reasons. While many are blaming Meta, that’s somewhat misplaced. As the company notes (and as you can confirm by looking at the linked documents above), the search warrant that was sent to the company said it was an investigation into the illegal burning and burial of a stillborn infant, not something to do with abortion. Given that, it’s not difficult to see why Meta provided the information requested.

Of course, there’s a bigger question here: which is about why Meta should even have access to that information in the first place. And, it appears that Meta agrees. Just days after this all came out, the company announced that it is (finally) testing a much more encrypted version of Messenger (something the company has been talking about for a while, but which has proven more complicated to implement). The new features include encrypted backups of messages and also making end-to-end encrypted chats the default for some users.

While the timing is almost certainly a coincidence, many observers are making the obvious connection to this story.

While the Nebraska story is horrifying in many ways, it’s also a reminder of why full end-to-end encryption is so incredibly important, and how leaving unencrypted data with third parties means your data is always, inherently at risk.

Arguably, Facebook should have encrypted its messaging years ago, but it’s been a struggle for a variety of reasons, as Casey Newton laid out in a fascinating piece. Facebook has certainly faced technical challenges and (perhaps more importantly) significant political pushback from governments and law enforcement who like the ability to snoop on everyone.

But also part of the problem is the end users themselves:

The first is that end-to-end encryption can be a pain to use. This is often the tradeoff we make in exchange for more security, of course. But average people may be less inclined to use a messaging app that requires them to set a PIN to restore old messages, or displays information about the security of their messages that they find confusing or off-putting.

The second, related challenge is that most people don’t know what end-to-end encryption is. Or, if they’re heard of it, they might not be able to distinguish it from other, less secure forms of encryption. Gmail, among many other platforms, encrypts messages only when a message is in transit between Google’s servers and your device. This is known as transport layer security, and it offers most users good protection, but Google — or law enforcement — can still read the contents of your messages.

Meta’s user research has shown that people grow concerned when you tell them you’re adding end-to-end encryption, one employee told me, because it scares them that the company might have been reading their messages before now. Users also sometimes assume new features are added for Meta’s benefit, rather than their own — that’s one reason the company labeled stored-message feature “secure storage,” rather than “automatic backups,” so as to emphasize security in the branding.

It’s also interesting to note that Casey’s piece says that Meta’s user survey found that most of their users don’t think encrypting their own data is that much of a priority, as they’re just not that concerned. This does not surprise me at all — as we’ve now had decades of revealed preferences that show that, contrary to what many in the media suggest, most people don’t actually care that much about their privacy.

And, yet, as this story shows, they really should. But if we’ve learned anything over the past couple decades, no amount of horror stories about revealed data will convince the majority of people to take proactive steps to better secure their data. So, on that front, it’s actually a positive move that Meta is pushing forward with effectively moving people over to fully encrypted messaging — hopefully in a user-friendly manner.

Data privacy does matter, and the answer to it has to come from making it widely available in a consumer friendly version — even when that’s a really difficult challenge. Laws are not going to protect privacy. Remember, governments seem more interested in banning or breaking end-to-end encryption than encouraging it. And while perhaps the rise of data abuse post-Dobbs will expand the number of people who proactively seek to use encryption and take their own data privacy more seriously, history has shown that most people will still take the most convenient way forward.

And that means it’s actually good news that Facebook is finally moving forward with efforts to make that most convenient path… still end-to-end encrypted.

Filed Under: abortion, data, data privacy, encrypted backups, encryption, end to end encryption, facebook messenger, privacy
Companies: facebook, meta

As Expected, Facebook Is No Longer Interested In Paying News Orgs To Post News On Facebook That No One Wants

Journalism

from the what-else-did-you-expect dept

Just a few weeks we noted that this was inevitable, but Facebook has now made it official that it’s no longer interested in dumping money on news publishers.

“A lot has changed since we signed deals three years ago to test bringing additional news links to Facebook News in the U.S. Most people do not come to Facebook for news, and as a business it doesn’t make sense to over-invest in areas that don’t align with user preferences,”

This should not be a surprise. For many years now, news publishers who refused to adapt to the changing times and changing news ecosystem blamed Facebook for their own failures to adapt, and then started demanding that Facebook (and Google) just give them money. We warned, repeatedly, that this was a dangerous game that wouldn’t end well,

And, yet, all we’ve heard for years from many in the news world is that Facebook and Google needed to pay journalism organizations. Indeed, Rupert Murdoch got so focused on this that he convinced Australia to force those companies to pay — and the idea is being proposed in many other places as well.

And, so, now Facebook is realizing that news on its platform is much more of a “nice to have” rather than a “need to have.”

Still, I guess a few giant orgs made out nicely for a few years while Facebook was effectively paying them off:

Meta spent more than $10 million on its news partnership with the Wall Street Journal, more than $3 million on its deal with CNN, and more than $20 million on its partnership with the New York Times, sources told Axios. In some cases, the partnerships also unlocked paywalled content.

Filed Under: journalism, news, paying for news
Companies: facebook, meta

If Oculus Were Separate From Meta, Would The FTC Still Block Its Latest Acquisition?

Legal Issues

from the this-is-not-how-antitrust-is-supposed-to-work dept

As you may have heard, a few days ago, the FTC announced that it was seeking to block Meta’s acquisition of Within Unlimited, a maker of a popular VR fitness app. I believe this is the first case in which the Lina Khan-run FTC has stepped in to block an acquisition by one of the big internet companies. In many ways, this seems like a test from all sides.

Since Khan took over the FTC, it seems pretty clear that Google, Amazon, Apple, and Meta/Facebook have been extremely cautious about new acquisitions. While they have continued to acquire companies, the pace (and scope) of such acquisitions appears to have dropped off noticeably. Just by way of example, from 2010 to 2014 (looking back a decade ago, along with two years in either direction), Google averaged over 23 acquisitions a year, with the “slowest” year being 2012’s 12 acquisitions and the biggest being 2014’s 34 acquisitions. In 2021, however, Google acquired just five companies, and has acquired another five this year already.

So the companies are more cautious, and when they’re making these acquisitions, they tend to be not directly connected to their core business, but to ancillary businesses. This is almost certainly done on purpose, as the issue around antitrust law, is whether or not the companies are leveraging a market they’re considered dominant in to gain an unfair advantage in another market.

That’s why even the framing of the FTC’s announcement here seems… odd. When you think of Meta… well… you probably don’t think of Meta. If you do think of the company at all, you probably think of Facebook (or possibly Instagram), but you’re thinking about social media. Yet, here’s how the FTC frames its argument:

The Federal Trade Commission is seeking to block virtual reality giant Meta and its controlling shareholder and CEO Mark Zuckerberg from acquiring Within Unlimited and its popular virtual reality dedicated fitness app, Supernatural. Meta, formerly known as Facebook, is already a key player at each level of the virtual reality sector. The company’s virtual reality empire includes the top-selling device, a leading app store, seven of the most successful developers, and one of the best-selling apps of all time. The agency alleges that Meta and Zuckerberg are planning to expand Meta’s virtual reality empire with this attempt to illegally acquire a dedicated fitness app that proves the value of virtual reality to users. 

Virtual reality giant? Virtual reality empire? Yes, we can say that Meta, via Oculus, has a large part of the VR market (stats say about 80% these days), but it’s… a small market. Current estimates say it’s a few billion dollars.

To put it another way: if Oculus were separate from Meta and still had the same marketshare, would the FTC be stepping in to stop this deal? I think most people doubt that very much. This move very much feels like it’s being driven by general animus towards Facebook’s success on the social media side, not some legitimate concern about Meta’s future prospects in VR.

Now, a lot of people are comparing this to when Facebook bought Instagram in 2012. But, that was a very different kind of deal. First, Instagram was a direct competitor to Facebook. Within Unlimited is just one app maker in the space, not really a competitor. Also, at the time, the social media market was an order of magnitude bigger, and way more established with a much larger user base than the VR market today.

So, really, the bigger issue here seems to be that the FTC under Lina Khan is testing out Khan’s belief in changing how antitrust works, away from one that has a fundamental reason for preventing abuse, towards one that is more punitive and focused on punishing big companies for being big. And that has consequences.

The NY Times has a good article noting how this case upends the way most courts and policymakers have viewed antitrust law and enforcement:

Rebecca Haw Allensworth, a professor of antitrust law at Vanderbilt University, said the F.T.C.’s arguments would face tough scrutiny because Meta and Within did not compete with each other and because the virtual-reality market was fledgling.

“The way that merger analysis has stood for at least 40 years is about what kind of head-to-head competition does this merger take out of the picture,” she said.

You can argue that the old standard was no good — and I can see compelling arguments there. But this case still seems like a spectacularly weak one with which to make this point.

We’re talking about a new and nascent market, one which seems pretty dynamic, with lots of different companies exploring and testing the waters. There doesn’t even seem to be an argument that Meta is leveraging its other businesses unfairly here. It’s just… weird to focus on this particular acquisition.

Indeed, it’s so weird that Khan’s own staff advised against going after this merger, and Khan overruled them. That generally doesn’t bode well for showing that you have a strong case.

Federal Trade Commission Chair Lina Khan led her fellow Democrats in the agency’s majority vote to sue Meta Platforms Inc. this week, despite the staff recommending against bringing a case to challenge the company’s acquisition of Within Unlimited Inc., according to three people with knowledge of the decision. 

But, to me, the biggest concern here is that this attempt — purportedly to help enable more competition, could actually result in less competition. Box CEO Aaron Levie explained the concern succinctly in a tweet.

I’ve seen a lot of people confused about this point, so it’s worth unpacking a bit. The startup/investor ecosystem is based on investors making huge bets knowing that most won’t pan out. There’s a common refrain that one deal in ten being successful is what’s needed to be a successful VC, though many VCs I’ve spoken to dispute that, and say it’s more of a spectrum. You expect to have a very few massively successful investments, and then a whole bunch of middling success stories, and a few failures.

It’s 15 years old now, but famed venture capitalist Fred Wilson had a post on this way back when, noting that a VC has to shoot for getting 5 to 10x returns on every deal and hope that you’ll get 30% to hit that number, but you also need another 30% or so to “under perform” — and get closer to 2x returns. And those often (not always…) are the ones that are selling out to large companies.

The VC math gets a bit complex, but VC success stories are made on the big unicorn exits. They need those. And when they’re investing, they’re not doing so with the expectation of selling to one of the big guys. I’ve met some VCs who won’t invest in entrepreneurs who say their exit strategy is to sell out to a big company — because that means the entrepreneur isn’t thinking big enough for growth capital. If they’re aiming low, then they’re creating a ceiling for themselves.

That said, having the fallback position of selling out if a company can’t be a unicorn is still super important. A VC may need a few unicorns to be successful, but having a “soft landing” by selling to a larger tech company if that fails is still helpful to keeping a VC in business.

If the FTC is saying that big companies can never buy up startups again, that wipes out much of that middle part of the spectrum for VCs, massively increasing the risk of investing in startups. Now, suddenly, you either need to make sure that more of the companies you invest in are unicorns (if that were possible to do, everyone would be doing it…), or you have to focus on even higher potential returns on each investment, so that when you do get a unicorn, it covers the missing middle of the spectrum.

And, either way, that’s going to massively disincentivize VC investment in lots of startups. The ones that are taking off and appear to be on their way to unicorn land will get more VCs piling in to try to cash in, but then you’ll just have a smaller number of super-funded players, and not a truly competitive market.

So the end result is fewer startups get funded, and there’s less competition in the marketplace, rather than more.

These things work as an ecosystem, and it would be nice if the people making the decisions at the FTC actually understood that.

We do have a real problem in this country where many industries lack true competition. But nascent, dynamic industries don’t really seem to be the areas of concern right now, and the potential consequences of messing with that could be large. Why not focus on large, consolidated industries that aren’t growing and aren’t dynamic?

Filed Under: antitrust, competition, ftc, investment, lina khan, nascent market, vr
Companies: facebook, meta, oculus, within unlimited

Why Meta’s Project To Translate Automatically Between 200 Languages Will Be Stymied By Copyright

Copyright

from the copyright-ruins-everything dept

Meta’s AI division has announced two exciting new projects in the field of machine translation:

The first is No Language Left Behind, where we are building a new advanced AI model that can learn from languages with fewer examples to train from, and we will use it to enable expert-quality translations in hundreds of languages, ranging from Asturian to Luganda to Urdu. The second is Universal Speech Translator, where we are designing novel approaches to translating from speech in one language to another in real time so we can support languages without a standard writing system as well as those that are both written and spoken.

The No Language Left Behind technology could have a major impact on how people around the world use the Internet, particularly in the way they access key scientific and medical resources. It would allow people to translate material in one of the more prevalent languages used online, such as English or Spanish, into their own local language once it has been included in the No Language Left Behind project. There’s a crying need for this, for reasons the following Wikipedia article makes clear:

Slightly over half of the homepages of the most visited websites on the World Wide Web are in English, with varying amounts of information available in many other languages. Other top languages are Russian, Spanish, Turkish, Persian, French, German and Japanese.

Of the more than 7,000 existing languages, only a few hundred are recognized as being in use for Web pages on the World Wide Web.

Unfortunately, Meta’s grand vision is unlikely to be realized – because of copyright. Unless online material is released under a permissive license such as the ones devised by Creative Commons, it will be necessary to obtain permission from the copyright holder before a full translation can be made using Facebook’s new tools. It will only take a few high-profile lawsuits from bullying publishers to frighten people away from daring to translate mainstream online articles into their own, poorly-served language without a license.

And so, once again, copyright maximalism will throttle an exciting chance to make the world a better, fairer place by improving access to knowledge – and all to preserve the sanctity of an outdated intellectual monopoly.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon. Originally posted to WalledCulture.

Filed Under: ai, copyright, fair use, translation
Companies: facebook, meta

Facebook Is So Sure Its Erroneous Blocking Of Music Is Right, There’s No Option To Say It’s Wrong

Copyright

from the do-not-doubt-the-copyright-filter-gods dept

It’s hardly a secret that upload filters don’t work well. Back in 2017, Felix Reda, then Shadow Rapporteur on the EU Copyright Directive in the European Parliament, put together a representative sample of the many different ways in which filters fail. A recent series of tweets by Markus Pössel, Senior Outreach Scientist at the Max Planck Institute for Astronomy, exposes rather well the key issues, which have not improved since then.

Facebook muted 41 seconds of a video he uploaded to Facebook because Universal Music Group (UMG) claimed to own the copyright for some of the audio that was played. Since the music in question came from Bach’s Well-Tempered Clavier, and Bach died in 1750, there’s obviously no copyright claim on the music itself, which is definitely in the public domain. Instead, it seems, the claim was for the performance of this public domain music, which UMG says was played by Keith Jarrett, a jazz and classical pianist, and noted interpreter of Bach. Except that it wasn’t, as Pössel explains:

Either I am flattered that a Bach piece that I recorded with my own ten fingers on my digital keyboard sounds just like when Keith Jarrett is playing it. Or be annoyed by the fact that @UMG is *again* falsely claiming music on Facebook that they definitely do not own the copyright to.

This underlines the fact that upload filters may recognize the music – that’s not hard – but they are terrible at recognizing the performer of that music. It gets worse:

OK, I’ll go with “very annoyed” because if I then continue, Facebook @Meta DOES NOT EVEN GIVE ME THE OPTION TO COMPLAIN. They have grayed out the option to dispute the claim. They are dead wrong, but so sure of themselves that they do not even offer the option of disputing the claim, even though their system, in principle, provides such an option. And that, in a nutshell, is what’s wrong with companies like these today. Algorithms that make mistakes, biased towards big companies like @UMG.

This absurd situation is a foretaste of what is almost certainly going to happen all the time once major platforms are forced to use upload filters in the EU to comply with Article 17 of the Copyright Directive. Not only will they block legal material, but there will probably be a presumption that the algorithms must be right, so why bother complaining, when legislation tips the balance in favor of Big Content from the outset?

Follow me @glynmoody on Twitter, Diaspora, or Mastodon. Originally posted to WalledCulture.

Filed Under: copyright, copyright filters, counterclaim, counternotice, mistakes, public domain
Companies: facebook, umg, universal music group

Would Meta Really Shut Down Facebook And Instagram In The EU Over Data Transfer Rules?

Privacy

from the this-could-get-interesting dept

Just a few weeks back we talked about how the US’s unwillingness to fix the way the NSA collects internet data could basically mean that most of the big US internet services cannot work in the EU. That article was about Google, and it goes through the background and history of the various US/EU privacy data sharing agreements, and how each one has been tossed out by EU courts in large part because of the NSA surveillance techniques brought to light by Edward Snowden. But much less attention has been paid to what this all means at a practical level.

The latest, though, is that Meta, the parent company of Facebook and Instagram, is making noises about how similar rulings regarding its services might mean that the company couldn’t offer either of those popular social media apps in the EU. I think this is unlikely how things will actually play out for a variety of reasons, but it is still worth watching closely.

While Facebook has pulled out the nuclear option like this once before in Australia, that was only on a small segment (and not an important one). If anything, this all seems like posturing by Meta to try to highlight how absurd some of the setup of the EU data protection regime is (even as EU policymakers whine that Facebook hasn’t been punished enough).

But, once again, the underlying issue here is only partially the setup of the GDPR. The real issue is the way the NSA surveillance works — and despite the many, many, many times people have pointed this out, the US has done basically nothing to fix all of that. Instead, it’s leaving US internet companies out to dry, and the end result might be a system that makes it effectively impossible for them to actually operate in the EU.

Of course, the US and the EU announced new data sharing rules recently, and, while it still seems likely that (years from now) these will also be struck down, it might give the kind of temporary reprieve that means that Facebook and Instagram remain accessible in the EU, and everyone just kicks the can down the road, rather than solving the underlying NSA problem.

Filed Under: data privacy, data protection, data transfers, eu, gdpr, nsa, privacy shield
Companies: facebook, instagram, meta

Senators Klobuchar And Warren Are Mad That Meta Is Taking Down Abortion Posts; If They Were Serious, They’d Protect Section 230

Content Moderation

from the i-mean,-come-on dept

Almost exactly a year ago, Senator Amy Klobuchar (with Senator Ben Ray Lujan) introduced a bill to create a giant hole in Section 230 for “medical misinformation.” The bill would make social media sites like Facebook and Instagram potentially liable for any “health misinformation” found on their platforms. Of course, as we explained at the time, this is a horrifically dangerous idea on multiple levels. First, since there is no set definition of “medical misinformation” (and, in times of rapidly changing information, like a pandemic, accurate information may initially be labeled misinformation), it means that websites will be much more aggressive in taking down content. Second, it opens the door to widespread abuse because whoever is in power gets to determine what is, and what is not “medical misinformation” (the bill gave that role to whoever was the Secretary of Health and Human Services).

Given all that, it seems wildly ironic, that Senator Klobuchar (now with Senator Elizabeth Warren) have sent Mark Zuckerberg (and Instagram CEO Adam Mosseri) an angry demand letter over the news that Facebook has been banning people for simply mentioning that abortion pills exist following the Supreme Court’s Dobbs decision overturning Roe v. Wade.

If Klobuchar got her way and her medical misinformation bill became law, it’s guaranteed that Facebook and Instagram would be taking down way more posts about abortion. Because they’d be sued left and right if they didn’t.

I am honestly perplexed at who the hell works in Klobuchar’s office that handles internet policy, because they seem to have less than no clue about how any of this works. For fuck’s sake, talk to someone who understands this stuff.

But, first, let’s look at the letter.

We write to express our concern about reports that Facebook and Instagram are censoring posts containing accurate information about abortion in the wake of the Supreme Court’s decision in Dobbs v. Jackson. As a result of the Court’s decision, it is more important than ever that social media platforms not censor truthful posts about abortion, particularly as people across the country turn to online communities to discuss and find information about reproductive rights.

Yeah, sure, that makes sense (though, I again question the use of “censor” here when we’re talking about a private platform making moderation choices). And I’ll note that both Warren and Klobuchar have been aggressive over the last few years in suggesting that Facebook does far too little moderation — so it comes off a bit rich for them to now be complaining that the company does too much. It just reinforces the notion that everyone thinks that the “right” way to do moderation is however they, themselves, would do moderation.

Last month the Supreme Court overruled Roe v. Wade, stripping away constitutional protections for abortion. In the aftermath of the decision, many took to social media to share stories about the impact of the decision, let others know how to legally obtain abortion services, and to discuss their personal experiences. Posts about abortion spiked across social media in the days following the decision

That’s right. And how does Amy Klobuchar think that would have played out if she had successfully removed “medical misinformation” from being protected by Section 230? Under such a world, where Facebook would be liable for medical misinformation, the only smart move would be to rapidly try to take down anything medical related entirely, to avoid the risk of liability.

And this would be especially true over a hot topic like abortion.

This is why Senators like Ron Wyden have pointed out that we need Section 230 now more than ever because Republicans are pushing very real bills that would try to try to make social media websites liable for allowing users to post information about abortion. Section 230 preempts such laws. Or, at least it does for now. But if Klobuchar succeeds in removing medical information from Section 230, then… perhaps not.

And, even if you argue that a HHS Secretary under Biden wouldn’t classify information about abortion as misinformation, must I remind you that at some point soon, it’s likely that a Republican will return to the Presidency, perhaps as soon as 2025, and they could easily appoint someone to HHS who will declare any information about abortion or abortion pills to be medical misinformation.

So, hey, Senator Klobuchar, maybe stop trying to undermine that part if you actually want Facebook and Instagram to help people “share stories about the impact of the decision, let others know how to legally obtain abortion services.”

As people across the country took to the internet to discuss the Dobbs decision, both Facebook and Instagram removed posts about abortion. Reports indicate that multiple posts providing accurate information about how to legally access abortion services were removed, often within minutes after the information was posted. Others reported that posts mentioning abortion were taken down or were tagged with “sensitivity screens” and warnings, including a post promoting an abortion documentary, a posting entitled “Abortion in America How You Can Help,”5 and a post from a healthcare worker describing how people were already being harmed by laws banning abortion. One organization dedicated to informing people in the United States about their abortion rights temporarily had its account suspended. Users reported similar issues last fall when Texas’s law banning abortions after six weeks went into effect.

Last week, Meta spokesperson Andy Stone pointed to Facebook’s policy banning attempts to buy, sell, trade, gift, or request pharmaceuticals on its platform as the reason for the posts being removed. Stone acknowledged, however, that Facebook and Instagram have had problems applying the policy to posts about abortion.

Yeah, because determining what is legal information regarding pharmaceuticals is already hellishly difficult… and if (as Senator Klobuchar wants) it also because legally risky, then Facebook is going to be even more aggressive in trying to take down that information.

So, if this is really as big a concern as Klobuchar makes it out to be she should pull her own medical misinformation bill and admit that it would make the problem worse, not better.

Instead of recognizing that she’s a part of the problem, the letter instead demands all sorts of information about Facebook and Instagram’s content moderation practices and policies. I hope that Meta tells them to pound sand. Those are editorial decisions, and it’s none of Congress’ business. The demands are no different from Senators demanding that a news organization reveal their editorial policies, why they rejected certain articles, or why they lead with a certain story.

Everyone would freak out if Congress demanded such information, as they should here.

I mean, this is, yet again, the flip side of Republicans and their nonsense populist freakouts about “anti-conservative bias.” If Klobuchar and Warren are demanding this kind of information, and get it, then that just opens the door to Senators Ted Cruz and Josh Hawley demanding the exact same info, but not about policies on abortion, but rather whatever new moral panic they have today.

So, Senators stop meddling in the 1st Amendment protected editorial decision making of media organizations and (more importantly) stop trying to pass laws, like the medical misinformation bill, that would effectively serve to silence more of the conversation about abortion that you (correctly) deem so valuable.

Filed Under: 1st amendment, abortion, amy klobuchar, content moderation, editorial decisions, elizabeth warren, mark zuckerberg, medical misinformation
Companies: facebook, instagram, meta

Meta Sues Scraping Firms; Is It Really Protecting Users? Or Protecting Meta?

Legal Issues

from the potentially-problematic dept

For many years we’ve written stories regarding various lawsuits over scraping the web. Without the ability to scrape the web, we’d have no search engines, no Internet Archive, and lots of other stuff wouldn’t work right either. However, more importantly, the ability to scrape the web should result in a better overall internet, potentially reversing the trend of consolidation and internet giants that silo off your info. Most often, we’ve talked about this in the context of Facebook’s case over a decade ago against Power.com. That involved a company that was trying to build a single dashboard for multiple social media companies, allowing users to log into a single interface to see content from, and post content to, multiple platforms at once. In that case Facebook relied on the Computer Fraud and Abuse Act (the CFAA), and the courts sided with Facebook, saying that because Facebook had sent Power a cease-and-desist letter, that made the access (even with the approval of the users themselves!) somehow “unauthorized.”

Over the years, we’ve pointed out how this decision and interpretation of the CFAA is one of the biggest reasons the market for social media is not as competitive as it could be. That decision effectively said that Facebook could build its own silo, in which your data checks in but it never checks out. Other tech companies — including Craigslist and LinkedIn — have brought similar lawsuits, though in LinkedIn’s case against HiQ the court cut back the earlier Power.com ruling, and basically said that it only applied to information that was behind a registration wall. Publicly available information was legal to scrape.

More recently, Facebook parent company Meta has again gone after scraping operations. Earlier this year, we noted how the company had sued a somewhat sketchy provider of “insights” into “influencers and their audiences” that had been scraping information on Facebook. And, now, the company has announced two new lawsuits against scraping companies. Once again, neither of the defendants are as sympathetic as Power, and Meta even frames these lawsuits as “safeguarding” its users privacy.

The first lawsuit, against a company called Octopus Data, raises all sorts of questions. Octopus offers a cloud-based service called Octoparse, which allows customers to extract web data from basically any URL without having to do any coding yourself. This is actually… really really useful? Especially for researchers. The ability to scrape and extract data from webpages is not just useful, it’s how lots of services work, including search engines. But Meta is not at all happy.

Since at least March 25, 2015, and continuing to the present, Defendant Octopus Data Inc., (“Octopus”) has operated an unlawful service called Octoparse, which was designed to improperly collect or “scrape” user account profiles and other information from various websites, including Amazon, eBay, Twitter, Yelp, Google, Target, Walmart, Indeed, LinkedIn, Facebook and Instagram.

Defendant’s service used and offered multiple products to scrape data. First, Defendant offered to scrape data directly from various websites on behalf of its customers (the “Scraping Service”). Second, Defendant developed and distributed software designed to scrape data from any website, including Facebook and Instagram, using a customer’s self-compromised account (the “Scraping Software”). Defendant’s Scraping Software was capable of scraping any data accessible to a logged in Facebook and Instagram user. And Defendant designed the “premium” Scraping Software to launch scraping campaigns from Defendant’s computer network and infrastructure. Finally, Defendant claimed to use and distribute technologies to avoid being detected and blocked by Meta and other websites they scraped.

Defendant’s conduct was not authorized by Meta and it violates Meta’s and Instagram’s terms and policies, and federal and California law. Accordingly, Meta seeks damages and injunctive relief to stop Defendant’s use of its platform and products in violation of its terms and policies.

Perhaps notably, Facebook does not try to use either the CFAA or California’s state equivalent in this case. Instead, it tosses in… a copyright claim. That’s because one of the premium services of Octoparse is that it will scrape the data and store it on its own server — and Meta argues that Octoparse violates Section 1201 of the DMCA (the anti-circumvention part) because the scraping tool has to “circumvent” Meta’s technical tools put in place to block Octoparse.

Certain user generated content is also copyright protected and users grant Meta a non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of that content consistent with the user’s privacy and application settings.

Meta uses technological measures designed to detect and disrupt automaton and scraping and that also effectively control access to Meta’s and users’ copyright protected works, including requiring users to register for an account and login to the account before using those products, monitoring for the automated creation of accounts, monitoring account use patterns that are inconsistent with a human user, employing a reCAPTCHA program to distinguish between bots and human users, identifying and blocking of IP addresses of known data scrapers, disabling accounts engaged in automated activity, and setting rate and data limits.

Defendant has circumvented and is circumventing technological measures that effectively control access to copyright protected works and those of its users on Facebook and Instagram and/or portions thereof.

Defendant manufactures, provides, offers to the public, or otherwise traffics in technology, products, services, devices, components, or parts thereof, that are primarily designed or produced for the purpose of circumventing technological measures and/or protection afforded by technological measures that effectively control access to copyright protected works and/or portions thereof.

Defendant’s Octoparse Scraping Services or parts thereof, as described above, have no or limited commercially significant purpose or use other than to circumvent technological measures that effectively control access to Meta and its user’s copyrighted works and/or portions thereof in order to scrape copyright protected data from Facebook and Instagram.

So, much of that is bullshit. Octoparse seems like a pretty useful service for researchers and others looking to extract data from websites. There are tons of non-nefarious reasons for doing so, including research or building tools to enable people to access content on social media sites without having to set up an account and give all your info to Meta.

In other words, this lawsuit seems dangerous in multiple ways — an expansion of DMCA 1201, and a tool that Meta can use in a similar manner to what it did with Power and the CFAA to effectively limit competition and to build higher walls for its silos.

The second lawsuit, admittedly, involves a much, much sketchier defendant (which may be why Meta seems to be playing it up, and why much of the press coverage focuses on this lawsuit, rather than the Octoparse one). It’s against a guy named Ekrem Ates, who is apparently based in Turkey and runs (or possibly ran) a website with the evocative name of MyStalk.

MyStalk would scrape information from Instagram users, and repost it to its own site, so that users could follow an Instagram users’ stories without (1) having to log in to Instagram or (2) reveal to the original uploader who was viewing the video. For semi-obvious reasons you can see why this is a bit… creepy. And stalkerish (I mean, the name doesn’t help). But, there are potentially useful reasons for such a service. I mean, in some ways it’s similar to the Nitter service that some people use to view tweets without sharing information back to Twitter.

But, again, Meta insists this is nothing but evil.

Beginning no later than July 2017 and continuing until present, Defendant Ekrem Ateş used unauthorized automation software to improperly access and collect—or “scrape”—the profiles of Instagram users, including their posts, photos, Stories, and profile information. Defendant’s automation software used thousands of automated Instagram accounts that falsely identified themselves as legitimate Instagram users connected to either the official Instagram mobile application or website. Through this fraudulent connection, Defendant scraped data from the profiles of over 350,000 Instagram users. These profiles had not been set to private by the users and, beyond a limited number of profiles and posts, were publicly viewable only to loggedin Instagram users. Defendant published the scraped data on his own websites, which allowed visitors to view and search for Instagram profiles, displayed user data scraped from Instagram, and promoted “stalking people” without their noticing. Defendant also generated revenue by displaying ads on these websites.

Meta notes that it sent Ates a cease and desist letter (a la Power). Ates, apparently without a lawyer (and not very wisely) replied directly to the C&D, admitting to a bunch of stuff he probably should not have admitted to. He claimed that he shut down the services he ran and deleted the data, but also that he had sold the “mystalk” domain to someone else and no longer had control over it. Meta’s lawyers asked him to say who he sold it to, and Ates tried to use that as a negotiation tactic, saying he would reveal the information if Meta promised not to take legal action against him. Meta’s lawyers were, as lawyers are, somewhat vague, suggesting that something might be worked out, but without promising anything, and after that Ates went silent — leading to this lawsuit.

Ates does admit that he made about $1000 from the site, and says he got rid of it because it wasn’t worth it, and says he spent more than that maintaining the site.

This lawsuit is… strange on multiple levels. Ates is clearly a small time player, and he’s based in Turkey, so it seems unlikely he’s going to show up in a US federal court. A default judgment seems like the most likely outcome.

Like the Octoparse case, this one involves breach of contract and unjust enrichment claims, but then adds in California Penal Code § 502. This is the California equivalent of the CFAA.

So, yes, obviously someone setting up a website to allow people to “stalk” others is unsympathetic. But the underlying issue still remains: scraping data and extracting data is also a really useful tool. It’s useful for research. It’s useful for building additional services. It’s useful for creating competition and for limiting the ability of certain internet giants to control absolutely everything.

Yes, it can be abused. But it really feels here (yet again) that this is Meta/Facebook leaning hard on the fact that people keep complaining it doesn’t do enough to protect its users’ privacy as an excuse to get legal rulings that will increasingly shield the company from both scrutiny and competition.

Filed Under: ca penal code 502, cfaa, clone sites, competition, copyright, data, dmca 1201, ekrem ates, octoparse, research, scraping, stalking
Companies: facebook, meta, mystalk, octopus data

Now That Rupert Murdoch Has Convinced Governments To Force Facebook To Pay For News, Facebook No Longer Wants Anything To Do With News

Journalism

from the i-mean,-what-else-did-you-expect? dept

This should surprise no one, but Joshua Benton, over at Nieman Lab, has a really fantastically well-reported article about how Facebook basically wants out of the news business entirely. It goes through multiple reasons why this is the case, but a big one is that Rupert Murdoch’s decade-long demands that Facebook and Google simply fork over some cash to news organizations (for sending them traffic) has finally had some modicum of success in Australia, and is now being considered elsewhere around the globe.

As Benton highlights:

The fact that it worked in Australia has inspired other countries to try to do the same. Canada will soon pass a version of Australia’s law. The U.K. will likely do the same, promising “Australia plus plus.” And while I still doubt it will pass, there’s a weaker bill in Congress that’s seeing “new bipartisan interest.”

And, for Facebook, (whose core business has been struggling a lot of late) that’s just one more reason to just ditch news entirely.

But Facebook? Facebook has been trying to wipe the news off its platform for years. Why would it think it should be doling out hundreds of millions of dollars to publishers it is actively trying to squeeze off its feeds?

[…]

So it shouldn’t be surprising that it’s Facebook that plans to just…stop writing checks. It’s hit a little revenue bump and needs to cut costs. It has handed out hundreds of millions of dollars in order to shut up publishers, and now publishers in countries a lot bigger than Australia think they’ve figured out how to force it to hand out more — a lot more. If the checks didn’t work…why keep writing them?

Of course, as Benton notes throughout the article, there are plenty of other reasons for Facebook to abandon the news business entirely. It’s actually not what most people use Facebook for (he has citations to stats that suggest most users don’t even want to use it for news), and Facebook regularly gets blamed for all sorts of stuff, based on how news (and fake news) is shared on the site.

So, getting rid of news entirely kills two birds with one stone. It takes some heat off of Facebook… and it removes the need to pay these massive sums to shut up Murdoch and others.

Of course, that may mean that everyone who’s been hoping that free cash from Facebook would somehow “save the news business” are going to be forced to look elsewhere. Google may still be on the hook, but it’s not like the newer social media networks are likely to care much about news either. I don’t think many people rely on TikTok or Instagram (of course, also owned by Facebook) for news, as both are not even remotely built on links.

Maybe, just maybe, like we’ve been saying since Techdirt’s earliest days, news organizations need to focus on building sustainable business models, not just demanding cash from others who figured out how to give people what they actually want.

Filed Under: australia, link tax, news, rupert murdoch, social media
Companies: facebook, meta

Facebook Bans People For Simply Saying Abortion Pills Exist

Content Moderation

from the with-friends-like-these... dept

On the one hand, content moderation at the scale modern social media companies operate at is an impossible nightmare. Companies are always going to lack the staff and resources to do it well (raising questions about the dangers of automation at scale), and they’re always going to screw things up for reasons well discussed.

At the same time, there’s Facebook. A company whose executive leadership team often compounds these challenges by making the worst and most idiotic decisions possible at any particular moment.

Case in point: the company appears to have consciously embraced the policy of banning Facebook and Instagram users for saying they might mail abortion pills in the wake of the Supreme Court’s overturning Roe:

To corroborate this activity, on Friday a Motherboard reporter attempted to post the phrase “abortion pills can be mailed” on Facebook using a burner account. The post was flagged within seconds as violating the site’s community standards, specifically the rules against buying, selling, or exchanging medical or non-medical drugs. The reporter was given the option to “disagree” with the decision or “agree” with it. After they chose “disagree,” the post was removed. 

Again, we’re not just talking about blocking websites that actually mail abortion pills. Reporters at Vice’s Motherboard found that even publicly acknowledging that abortion pills exist and could be mailed resulted in an account ban:

Other reporters have confirmed the changes. Facebook refuses to reverse the bans or even respond to reporter inquiries into the policy, which are consciously bad choices, not content moderation at scale problems.

The company’s systems claim that even mentioning that these pills exist violates its community standards related to “restricted goods and services.” Yet when other reporters made similar posts promising to mail marijuana or guns, there were no restrictions:

The Facebook account was immediately put on a “warning” status for the post, which Facebook said violated its standards on “guns, animals and other regulated goods.”

Yet, when the AP reporter made the same exact post but swapped out the words “abortion pills” for “a gun,” the post remained untouched. A post with the same exact offer to mail “weed” was also left up and not considered a violation. Marijuana is illegal under federal law and it is illegal to send it through the mail.

Activist groups like Fight For the Future were decidedly unimpressed, saying the policy foretold uglier things to come as the far right continues to push its court-enabled advantage:

Facebook’s censorship of critical reproductive healthcare information and advocacy should be a massive, code-red warning to Democrats who want to revise or repeal Section 230. In a post-Roe environment, litigation-fearing platforms will cover their hides by tearing down online access to abortion healthcare and support.

Facebook, no stranger to sucking up to and amplifying the authoritarian right, has also tried to restrict employees from talking about abortion bans at work, triggering a backlash. The company is also finding itself under fire after it classified one prominent pro-choice activism group a terrorist organization.

Countless tech companies, including Facebook, have failed to even issue basic platitudes on securing women’s location, app usage, or browsing data from state officials (or vigilantes) looking to punish women in the wake of Roe’s reversal.

Again, this initial lack of any meaningful backbone whatsoever in the face of one of the most wide-reaching, transformative, legally dubious, and dangerous political projects in a generation doesn’t exactly instill confidence that Facebook will make sound decisions as U.S. authoritarianism accelerates and a radical court steadily chips away at democratic norms and long-established law.

Filed Under: abortion, abortion pills, content moderation, dobbs, social media, speech
Companies: facebook, meta