Despite Facebook’s long line of scandals and multiple parliamentary hearings, the company and its leadership have remained unscathed, with no consequences or impact on their performance. Once again, Facebook is under fresh investigations; this time from New York’s Attorney General, Letitia James. The Canadian and British Columbia privacy commissioners have also decided to take Facebook to Federal Court to seek an order to force the company to correct its deficient privacy practices.
It remains to be seen if Facebook’s lucky streak would continue in light of these charges.
NY Attorney General’s investigation over FB’s email harvesting scandal
Yesterday, New York’s Attorney General, Letitia James opened an investigation into Facebook Inc.’s unauthorized collection of 1.5 million users’ email contacts without users’ permission. This incident, which was first reported on Business Insider, happened last month where Facebook’s email password verification process for new users asked users to hand over the password to their personal email account.
According to the Business Insider report, “a pseudononymous security researcher e-sushi noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identities, a move widely condemned by security experts.”
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l
— e-sushi (@originalesushi) March 31, 2019
On March 21st, Facebook opened up about a major blunder of exposing millions of user passwords in a plain text, soon after Security journalist, Brian Krebs first reported about this issue. “We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users”, the company said in their press release. Recently, on April 18, Facebook updated the same post stating that not tens of thousands, but “millions” of Instagram passwords were exposed.
“Reports indicate that Facebook proceeded to access those user’s contacts and upload all of those contacts to Facebook to be used for targeted advertising”, the Attorney General mentioned in the statement.
BREAKING: We're launching an investigation into Facebook's unauthorized collection of 1.5M of their users’ email contact databases.
Facebook has repeatedly demonstrated a lack of respect for consumer information while at the same time profiting from mining that data.
— NY AG James (@NewYorkStateAG) April 25, 2019
She further mentions that “It is time Facebook is held accountable for how it handles consumers’ personal information.”
“Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data. Facebook’s announcement that it harvested 1.5 million users’ email address books, potentially gaining access to contact information for hundreds of millions of individual consumers without their knowledge, is the latest demonstration that Facebook does not take seriously its role in protecting our personal information”, James adds.
“Facebook said last week that it did not realize this collection was happening until earlier this month when it stopped offering email password verification as an option for people signing up to Facebook for the first time”, CNN Business reports.
One of the users on HackerNews wrote, “I’m glad the attorney general is getting involved. We need to start charging Facebook execs for these flagrant privacy violations. They’re being fined 3 billion dollars for legal expenses relating to an FTC inquiry… and their stock price went up by 8%. The market just does not care; it’s time regulators and law enforcement started to.”
To know more about this news in detail, read Attorney General James’ official press release.
Canadian and British Columbia privacy commissioners to take Facebook to Federal Court
Canada and British Columbia privacy commissioners Daniel Therrien and Michael McEvoy, uncovered major shortcomings in Facebook’s procedures in their investigation, published yesterday.
This investigation was initiated after media reported that “Facebook had allowed an organization to use an app to access users’ personal information and that some of the data was then shared with other organizations, including Cambridge Analytica, which was involved in U.S. political campaigns”, the report mentions.
The app, at one point, called “This is Your Digital Life,” encouraged users to complete a personality quiz. It collected information about users who installed the app as well as their Facebook “friends.” Some 300,000 Facebook users worldwide added the app, leading to the potential disclosure of the personal information of approximately 87 million others, including more than 600,000 Canadians.
The investigation also revealed that Facebook violated federal and B.C. privacy laws in a number of respects.
According to the investigation, “Facebook committed serious contraventions of Canadian privacy laws and failed to take responsibility for protecting the personal information of Canadians.”
According to the press release, Facebook has disputed the findings and refused to implement the watchdogs’ recommendations. They have also refused to voluntarily submit to audits of its privacy policies and practices over the next five years.
Following this, the Office of the Privacy Commissioner of Canada (OPC) said it, therefore, plans to take Facebook to Federal Court to seek an order to force it the company to correct its deficient privacy practices.
Daniel Therrien, the privacy commissioner of Canada, said, “Facebook’s refusal to act responsibly is deeply troubling given the vast amount of sensitive personal information users have entrusted to this company. Their privacy framework was empty, and their vague terms were so elastic that they were not meaningful for privacy protection.”
He further added, “The stark contradiction between Facebook’s public promises to mend its ways on privacy and its refusal to address the serious problems we’ve identified – or even acknowledge that it broke the law – is extremely concerning. It is untenable that organizations are allowed to reject my office’s legal findings as mere opinions.”
British Columbia Information and Privacy Commissioner Michael McEvoy said, “Facebook has spent more than a decade expressing contrition for its actions and avowing its commitment to people’s privacy. But when it comes to taking concrete actions needed to fix transgressions they demonstrate disregard.”
The press release also mentions that “giving the federal Commissioner order-making powers would also ensure that his findings and remedial measures are binding on organizations that refuse to comply with the law”.
To know more about the federal and B.C. privacy laws that FB violated, head over to the investigation report.