Data Analytics, App Developers, and Facebook's Role in Data Misuse

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: March 21, 2018 at 9:00:07 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Data Analytics, App Developers, and Facebook's Role in Data Misuse
> Reply-To: dewayne-net () warpspeed com
>
> [Note:  This item comes from friend David Rosenthal.  DLH]
>
> Data Analytics, App Developers, and Facebook’s Role in Data Misuse
> By Daphne Keller, Q&A with Sharon Driscoll
> Mar 20 2018
> <https://law.stanford.edu/2018/03/20/data-analytic-companies-app-developers-facebooks-role-data-misuse/>
>
> Facebook has come under increased scrutiny in recent months,  the social media giant’s efforts to protect its users’ 
> data questioned. Now, it has come to light that Cambridge Analytica, a data analytics company that has been credited 
> with playing a role in the Leave campaign for Britain’s EU membership referendum andin the digital operations of 
> Donald Trump’s election campaign, was given access to the personal information of millions of Facebook users through 
> an independent app developer. How is the data collected by Facebook and its app developers used? Is it protected 
> sufficiently?  In the discussion that follows, Daphne Keller, Director of Intermediary Liability at the Stanford 
> Center for Internet and Society, discusses these issues.
>
> Can you help us to understand the role of Global Science Research (GSR), a development company that allegedly 
> harvested tens of millions of Facebook profiles and provided the data to Cambridge Analytica?
>
> The reporting on this keeps evolving, but here is what I think we know as of now. GSR built a Facebook quiz app, and 
> some 270,000 FB users installed it. Some were paid to do so. Like most Facebook (FB) apps, it collected information 
> from people who installed it. And, like many FB apps, it collected far more information than would seem to be 
> necessary for the app’s purpose or utility to the user. This included not only information about the user who 
> installed it, but information about his or her FB friends (FB has since limited apps’ ability to collect that info). 
> It was supposedly this info about friends that brought the number of affected people up to a reported 50 million.
>
> All this info flowed to the app developers with FB’s permission, subject to the Terms of Service agreed to between 
> the developer and FB. Users nominally consented via their own TOS agreement with FB and FB’s Privacy Policy. And I 
> suspect they would have seen—but mostly ignored— a disclosure of data the app collected in some kind of pop-up or 
> other UI element at the time of installation. But I haven’t seen reporting to confirm that, and this aspect of FB’s 
> UI has changed over time, so possibly the notice was less conspicuous.
>
> So how did Facebook user data get to Cambridge Analytica (CA)?
>
> What happened here was a breach of the developer’s agreement with FB — not some kind of security breach or hacking. 
> GSR did more with the data than the TOS permitted—both in terms of keeping it around and in terms of sharing it with 
> CA. We have no way of knowing whether other developers did the same thing. FB presumably doesn’t know either, but 
> they do (per reporting) have audit rights in their developer agreements, so they, more than anyone, could have 
> identified the problem sooner. And the overall privacy design of FB apps has been an open invitation for developments 
> like this from the beginning. This is a story about an ecosystem full of privacy risk, and the inevitable abuse that 
> resulted.  It’s not about a security breach.
>
> Is this a widespread problem among app developers?
>
> Before we rush to easy answers, there is a big picture here that will take a long time to sort through. The whole app 
> economy, including Android and iPhone apps, depends on data sharing. That’s what makes many apps work—from 
> constellation mapping apps that use your location, to chat apps that need your friends’ contact information. Ideally 
> app developers will collect only the data they actually need—they should not get a data firehose. Platforms should 
> have policies to this effect and should give users granular controls over data sharing.
>
> User control is important in part because platform control can have real downsides. Different platforms take more or 
> less aggressive stances in controlling apps. The more controlling a platform is, the more it acts as a chokepoint, 
> preventing users from finding or using particular apps. That has competitive consequences (what if Android’s store 
> didn’t offer non-Google maps apps?). It also has consequences for information access and censorship, as we have seen 
> with Apple removing the NYT app and VPN apps from the app store in China.
>
> For my personal policy preferences, and probably for most people’s, we would have wanted FB to be much more 
> controlling, in terms of denying access to these broad swathes of information. At the same time, the rule can’t be 
> that platforms can’t support apps or share data unless the platform takes full legal responsibility for what the app 
> does. Then we’d have few apps, and incumbent powerful platforms would hold even more power. So, there is a 
> long-complicated policy discussion to be had here. It’s frustrating that we didn’t start it years ago when these apps 
> launched, but hopefully at least we will have it now.
>
> [snip]
>
> Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
> Twitter: https://twitter.com/wa8dzp



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20180321091549:F730DE4C-2D09-11E8-8B75-C8E96555A510
Powered by Listbox: http://www.listbox.com