247 comments

[ 3.2 ms ] story [ 246 ms ] thread
IS THIS WHY THE DATA SERVICE WAS DOWN ALL DAY? https://www.theverge.com/2019/3/13/18264092/facebook-instagr...
Not directly.

But employee burnout (and the nascent mass exodus of top talent we'll inevitably be hearing about shortly) may very well be.

Perhaps related: the frequency of FB Production Engineer recruiters reaching out to me has increased in the last couple months.

I simply can't sell myself to an immoral organization where, I’m afraid, any concerns of mine would be drowned out, ignored, or silenced by the incumbent powers at Facebook that are dead set on their current path.

There might be good engineers at Facebook trying desperately to change the culture, but I encourage others to resist fighting the (in my view futile) good fight.

> I simply can't sell myself to an immoral organization where, I’m afraid, any concerns of mine would be drowned out, ignored, or silenced by the incumbent powers at Facebook that are dead set on their current path.

Facebook is doing so many shady things that you would likely be able to verify that your fear would be proven correct, but many other companies do shady stuff too and you'd be none the wiser simply because they don't do enough of it to trip your alarm. The amount of stuff going on that can't stand the light of day is usually roughly proportional to company size, or, if the management is at all enlightened non-existent because they instruct their employees to not just follow the law but to do what is right. That's pretty rare though.

> Perhaps related: the frequency of FB Production Engineer recruiters reaching out to me has increased in the last couple months.

As a further anecdote, I just had a FB recruiter contact me about an ML position three months after they rejected me and I told them never to contact me again.

My first thought after reading the headline was that they had been placed under some kind of litigation hold and had to immediately back up all of their data on US customers to comply.

Just baseless speculation; I dont work for Facebook or have an inside source.

There has been a tremendous amount of grassroots lobbying, fundraising, and private investigation in New York over the past two years with respect to Facebook. It’s a serious area I feel Silicon Valley has abdicated its moral obligation to stand up to its own. Hoping we can develop the evidence that comes out of this case into criminal charges for individual engineers and senior officers.
Criminal charges for what exactly? They shared their user data with other companies. Since when is that criminal?
5th of May last year in many places and in every other place in the world where you manage to convince a judge that it is. It's easier when there are explicit laws on the books.
Which laws are those?
(comment deleted)
I think he’s referring to GDPR.
GDPR was 25th of May, and it's still not a criminal law.
Did you read the article?

Here is the excerpt:

> Privacy advocates said the partnerships seemed to violate a 2011 consent agreement between Facebook and the F.T.C., stemming from allegations that the company had shared data in ways that deceived consumers. The deals also appeared to contradict statements by Mark Zuckerberg and other executives that Facebook had clamped down several years ago on sharing the data of users’ friends with outside developers.

Nothing in that sounds criminal (though I'm not a lawyer) except maybe perjury if the "contradicted statements" were under oath.
And how exactly would any of that lead to criminal charges for any engineers?
Breach of a consent decree is not necessarily criminal, as far as I can tell. And even if it was, it definitely wouldn't represent a crime on the part of any FB engineers.
Attorney here!

Violation of a consent decree can result in criminal contempt-of-court charges. See 18 U.S.C. section 401 (https://www.law.cornell.edu/uscode/text/18/401). See also United States v. Schine, 125 F. Supp. 734 (W.D.N.Y. 1954).

But why why would that be enforced by the USAO-EDNY?
Sure, it can result in a criminal charge, but it is not in and of itself a crime. So, investigating them for breach of consent decree is not a 'criminal investigation'.
Bluntly speaking, you are totally, completely wrong. You can't imprison someone in the U.S. unless that person is reasonably suspected of a crime or has committed one. The code in question allows for such imprisonment - that's why it's called "criminal contempt."
> You can't imprison someone in the U.S. unless that person is reasonably suspected of a crime or has committed one

I didn't say otherwise.

> The code in question allows for such imprisonment - that's why it's called "criminal contempt."

I don't disagree. What I said is that breach of a consent decree is not necessarily a case of criminal contempt. And whether or not it does rise to the level of criminality will be determined by the judge, not the investigators. Therefore, referring to it as a 'criminal investigation' does not make sense if the investigation is strictly investigating breach of a consent decree.

Agreed, but it seems like pointless hair-splitting to me. One could reasonably still call it a criminal investigation even if it leads only to a civil contempt finding. Many situations are investigated as possible crimes even if no activity rising to the level of a crime is found.
Ya, I take your point, but I don't think it really is hair splitting unless one of the following is true:

A) The base rate of consent-decree breaches resulting in a criminal contempt charge is high, which I very much doubt that it is.

B) There is some information about this particular case that makes a criminal contempt charge likely. This could be true, but the article makes no attempt to demonstrate it.

Failing one of these things being true, I don't think it's fair to refer to it, at this stage, as a 'criminal investigation'.

Under the Federal Wiretap Act[1] intentionally using a device to intercept an electronic communication is a crime. Since the NYT article indicates the investigation is focused on device manufacturers and the article notes the devices may have facilitated the sharing of user data without consent this is the most likely potential charge.

[1]https://www.law.cornell.edu/uscode/text/18/2511

It started after Facebook started getting blamed for landing Trump in the White House, and the pile-on has increased steadily since then.

I’m no fan of FB’s extensive use of dark patterns, but the concerted attack on FB is meant as pressure so that Zuck agrees to let FB be used as a great firewall.

Thank you, Zuck, for resisting the pressure if indeed you have. It will only increase as 2020 approaches.

Who in particular is trying to set up a great firewall-type situation in the US? That doesn't seem like a legitimate risk to me.
All governments want a great firewall of some sort (and a social credit system too). Facebook is being strong-armed.
Zygna and the Obama campaign weren’t nearly as vilified for harvesting user data on a massive scale. My suspicion is it’s more of an old vs new media fight.
It's probably in large part old vs new media, but Facebook's scumbaggery also has been going on the longest and it certainly showed the least restraint on outright lying to everyone.
What kind of scenario could you see an engineer getting charged? I find that pretty hard to imagine here.
(comment deleted)
There is a movement starting to put ownership of data back into the hands of the people who created it.

https://hu-manity.co/

Feels like the right solution even if the task is monumental.

I was all 'pro' this link, until I read:

> Hu-manity.co has ... designed new intelligent contracts on blockchains which humans can use to negotiate new terms of consent and authorization with corporations so that inherent human data can be respected as legal property.

It's great that people are serious about this, but extreme care should be taken with the latest tech hype! Blockchains are (by design) are 'out there', which means that once consent it given, that consent is 'out there' for all time. Blockchain also rather public, so it would seem rather easy to 'harvest' who has consented to what...

... unless I missed something?

More importantly, if a project describes itself as using or being involved with blockchain, most of the time it is a scam - be it about scamming people for money or attention. I would be careful before getting tainted through association.
An audit log on blockchain with a decentralized data exchange would be a viable use case for this kind of application to build trust on the network but also provide GDPR compliance.
I'm all for it but this really needs proactive changes from legislation. EU has made a start with GDPR other jurisdictions need to follow suit and take it further.
So let's incriminate engineers for building a faulty airplane too.
(comment deleted)
But engineers (real engineers, not self-styled unregulated ones) are already liable for their negligence and failures.
The vast majority of engineers at Boeing and similar companies are not personally liable for failures; the company is. They are working under an industrial exemption.
When you hold yourself to the same legal and social standards as actual accredited engineers, of the type who build things like airplanes, you’ll be in a better position. Right now the software works wants the benefits of the unregulated Wild West, without the consequences. Such a scenario simply cannot last, and in the absence of self regulation and setting of standards, the legal system will step in. It’s slow, it’s clumsy, and it’s inevitable.
Quality software exists and is written by talented engineers. Its written in specific languages and is tested on specific hardware configurations and verifiable. These things cost a bit more. I’m sure if the mass market were willing to bear an enormous cost this would already be solved. Unfortunately I doubt you or your cohorts are willing to pony up $2,999,999 USD a seat (Minimum order 500).
In your fantasy, why does a “seat” cost orders of magnitude more than a first class round trip to Australia in an actual seat? On that note, in the same way that I prefer a more expensive seat on a plane that was designed in accordance with professional and legal standards, yes I’d do the same for software.

Maybe there would even be less cruft and bloatware when externalities were accounted for.

The seat is a reference to a software license. Airlines are economies of scale, this is a small run of software that would meet your expectations to run and be verified to do so. Are you aware how much it costs to develop an airplane? It's more than the cost of a single ticket.
Make your software to the same fine degree as one makes an airplane and maybe you’d even deserve the prices you quoted.
Precedent:

229 If a builder builds a house for someone, and does not construct it properly, and the house which he built falls and kills its owner, then that builder shall be put to death.

230. If it kills the son of the owner, the son of that builder shall be put to death.

http://iws.collin.edu/mbailey/hammurabi%27s%20laws.htm

It's going to be great seeing all the years of HN commenters complaining that no bankers went to jail, insist that it's bad policy for software engineers to be held criminally liable.
Meanwhile I hope this thread stays at the top of HN for the day to see how the thread summary reads over at n-gate
n-gate?
Don't violate the prime directive.
That’s quite the hate-on someone has at that site. There’s some funny to be had, but it’s mostly very tryhard. The “coverage” of the Vitamin D thing was great, but when there isn’t low hanging fruit it just sort of defaults to generic noise. Without the anger and repetition it could be worth reading, but as it is there’s a lot of predictable 4channery.
Have you considered the possibility that you might not be the target demographic?
What’s the target demographic, and what demographic do I represent?
People in need of a chuckle?

I mean there's Poe's Law and then..

I'm pretty sure I'm at least partially it. I like to check the site out every now and then to get a point of view from the other side. HN, although having a lot of high quality discussions, can sometimes be a deafeningly loud echo chamber, and getting a different perspective helps to, well, put things into perspective.
If in order to get equal liability we have to _really_ advocate for our interests.
Usually when I saw those calls to hold bankers accountable (especially when referring to the recent recession), they are talking about the executives of the company. While Zuckerberg was an engineer, his day-to-day role now is the executive of the company. So, I think the comparison's to bank executives and tech executives are similar. However, pinning this on software engineers is an entirely different ballgame.
I'd like to go on record advocating both groups be imprisoned.
Ok, so those partnerships were basically allowing Samsung and others to build Facebook app on their phones (i.e. allowing alternative client).

Would this means that it will be criminal to allow companies to create alternative clients? That is really interesting development.

Individually negotiated confidential deals are not the same as open APIs and protocols which is where alternative clients normally come into play. And the “alternative client” stuff doesn’t even apply to Amazon, Bing etc
Ironically, the whole point of having individual deals rather than an API open to everyone seems to have been ensuring the companies didn't do anything dodgy with people's data. Then the New York Times spun Facebook's approval process as them giving those companies special access to users' data, even when that data never left the end user devices, and now this has apparently lead to a criminal investigation.
> even when that data never left the end user devices

Do we know that to be true?

In any case, I'm pretty sure they don't bring criminal cases like this frivolously. There's obviously something here.

You see the scary descriptions and illustrations of how much information was shared with the Blackberry Hub app in the previous New York Times article about this at https://www.nytimes.com/interactive/2018/06/03/technology/fa...? Well, their reporters got that information by sniffing the network traffic from the app. They knew exactly where the data was going, and clearly they didn't see it going to Blackberry's servers or that'd be right in paragraph one of the article.
Presumably Blackberry is using an access token to fetch that data, I can't see any reason why they couldn't also store that access token server side and query data without it ever appearing in device logs.
The same could be said for mail.app sending your Gmail password to Apple, but it would be rather unlikely.
>>Ironically, the whole point of having individual deals rather than an API open to everyone seems to have been ensuring the companies didn't do anything dodgy with people's data.

They were not charged for special API access? Still, FB might have used this as a negotiating tool as they dealt with Apple, Microsoft etc etc

My guess would be data harvesting to FB without the app installed.
Samsung devices shipped with the same Facebook client app as on the Google Play store, it wasn't an alternative. The back end data access was through other means.
Not all samsung devices had android at that time.
No, of course not. Why would I you ask this?

It seems like Facebook somehow gave these partners rather deep access. To all users, not just those using those phones or who opted into the arrangement.

Mostly, because article is mashup of random data things about Facebook, and it's not clear what is being investigated. They started that phone makers data deals are being investigated (which is basically alternative client), then goes into Cambridge Analytica, and mention Bing data access in the end (which could be about deep access you are talking about, but it does not looks like it's being investigated).

And for phone deals, criticizing friends/deep data access... If you want to build alternative FB client, your phone have to have access not just to your data, but also to your fiends data (i.e. all data you have access), in order to provide any useful service. So yes, technically your friends didn't agree that your alternative FB app can access to their data, but you gave your access credentials (and permissions) to access that data to your phone.

Create a culture that is so fixated on wealth above all else and this is what happens. When everyone around you is judging you based on what you have and on the successes you've achieved, what motivation does one have to behave morally? God died and the dollar took its place. I know we will one day look back on this in complete confusion as to how we just watched things so clearly destructive destabilize the country. It's always hard to understand how these things happen when looking at history without being in the contemporary madness of the times.
> God died and the dollar took its place

'God died' is such bull. The worst people in the world do what they do in his name.

It is possible to act morally without God as motivation. God was a strong motivator in the Dark Ages- did people act more morally then?

It is possible to be a capitalist and act morally. Rates of crime are at some of the lowest levels of all human history now.... is that a sign of immorality?

Morality is about making responsible choices.... often tough ones. Abdicating responsibility to a deity or a monetary system is the opposite of what is needed for morally responsible decision making.

it's possible to be a "moral" capitalist but not without strong laws and punishments. There are countless # of instances where corporations have gotten away with either indirectly or directly knowingly doing harm.
> destructive destabilize the country

I don't think Facebook is destabilizing the country. In fact I don't think anything bad at all is happening. Like please explain to me your negative repercussions from Facebook sharing some of their data with Amazon. How did that undermine the country? People have gotten so hysterical about this topic, it's a madness, and that is what's destabilizing the country IMHO.

Like OP is calling to put some of the most brilliant minds in Silicon Valley in jail, which is ridiculous! But if anything like this should happen, I think you gonna see FAANG & Co seriously consider rebasing outside U.S. (well maybe not G)

Donald Trump got elected, which happened in part because of the ubiquity of Facebook and the nonsense being disseminated on their platform. I’d say that’s pretty destabilizing
> I don't think Facebook is destabilizing the country.

umm.. massive and hugely polarizing public influence campaigns, if extant, aren't destabilizing?

> Like OP is calling to put some of the most brilliant minds in Silicon Valley in jail, which is ridiculous!

plenty of brilliant sociopaths out there.. brilliant != good.

Oh wow, this is going to be huge.
No indication of what the charges are? The closest thing in the article is:

> the partnerships seemed to violate a 2011 consent agreement between Facebook and the F.T.C

which doesn't seem like it would be criminal?

Does the US actually have criminal laws regarding selling data? Any educated guesses on what's actually going on?

(comment deleted)
Attorney here!

Violation of a consent decree can result in criminal contempt-of-court charges. See 18 U.S.C. section 401 (https://www.law.cornell.edu/uscode/text/18/401). See also United States v. Schine, 125 F. Supp. 734 (W.D.N.Y. 1954).

Interesting, thanks! Who at the company could reasonably be jailed for such a thing?
What do criminal charges risk for a company? I guess fines?

How might this affect an FCC or breakup conversation?

I would entertain a wire fraud argument.
At this point it is just an investigation. Nobody has been charged with anything. They have to find a law Facebook has broken first, and presumably establish enough evidence that they expect to succeed at a trial.
Doesn't a grand jury meet after charges have been filed? Or is federal different than state in that respect?
I thought grand jury meets before charges are filed so they can authorize access to documentation and such things?
IANAL, but grand juries do a lot of work before the charges are filled. For example, they check whether there's a probable cause for a search warrant.
Do you know how grand juries are selected? I find it weird that I've been selected for a trial jury a bunch of times but never a grand jury.
AFAIK, they are selected the same way as trial jury. I think the main problem is that there's less need for grand juries since they process information much more quickly than trial juries.
(comment deleted)
No. After charges are filed you go to court. Grand jury votes on the charges.
Yeah, I was kind of writing that under assumption "if it would have been found criminal".
Do you have any idea what charges these may be? IFAIU, there're no laws which make it criminal to share information.
If even a single byte leaked, I guess the charges can include being accessory to identity fraud?
Criminal charges assume intent, and it's very hard to think that facebook as a company had intent of committing identity fraud.
Crimes do not always require intent. It depends on what the statute says specifically.
Yes, there're such crimes, but there aren't so many of them.
There are lots of crimes that require a mental state less than intent (either recklessness or criminal negligence, mostly, though there are some strict liability crimes, and the weird case of “malice aforethought” for common law murder which is narrower than recklessness but just slightly broader than only intent.)
Recklessness and negligence require some understanding of what you are doing and that it's wrong. So, it's really hard to commit them by mistake.
You know data often leaks and leads to identity theft and yet you slurp it down anyways and freely share it around. Sounds reckless and negligent to me.
> Recklessness and negligence require some understanding of what you are doing and that it's wrong.

Negligence specifically does not, it only requires the existence of a duty of care (except not in specialized cases, that of reasonable care, which doesn't mean you are aware of risk, but that a reasonable person in your place would be.) Recklessness requires conscious awareness and disregard of risk, but not awareness of wrongness.

Harms from recklessness are mistakes, while recklessness itself is not, but negligence is quite normally a mistake.

(comment deleted)
Since it appears the investigation is focused on information sharing agreements between Facebook and "device manufacturers" I would suspect criminal wiretapping.

But of course there's always the Computer Fraud and Abuse Act which is so broad that it could potentially apply to just about anything anyone has ever done via an internet connection.

(comment deleted)
(comment deleted)
Wholesale surveillance of individuals by internet companies has to stop. And that includes Google.
It has always been the advertisers that are asking for the sort of tooling that can be taken advantage of during the election cycle. If you don’t think Russia should be able to manipulate the black voting populace then maybe it’s worth thinking about whether Unilever should be able to specifically target and market axe body spray in the same fashion. The tools only exist because advertisers are paying for them. Blaming Facebook is akin to being mad at a Martin Shkreli, both are playing within the rules of a bad system.
Oh, poor FB and Google! They are playing by rules of a bad system!

Cmon, they are surveilling billions of people, selling, sharing, and using our data en mass. They monopolized internet, search and digital advertising. And I need to sympathetic to their situation?

Since when is Google is the owner of the Internet?

Martin Shkreli didn't play within the rules, which is why he's in prison today.
What he is in prison for is not related to what most people are mad at him for.
oh but he is.
>Blaming Facebook is akin to being mad at a Martin Shkreli, both are playing within the rules of a bad system.

That's such a poor excuse. Lead by example.

When many of the "rules" they're playing by are the way they are as a result of the massive amount of money those corporations spend lobbying to keep them that way, they no longer get to play the "we're just playing by the rules, change them if you don't like them" card.
Facebook is a criminal corp. And indeed when you are selling data to clients that resell or do with the data as they please (including mining them) they should be under criminal investigation. Thank God the FBI exists and counting for the day that criminal charges are brought against executives who broke the law.
Considering they are accused of broad criminal activity, your statement should be considered a valid expression of public opinion on the matter, and should not be downvoted.
First, the post is sensationalist populism that only serves to pull the conversation down and cause shouting matches.

Second, Facebook is not currently "accused of broad criminal activity". They are being investigated for breach of a consent decree, which may lead to criminal charges, which in turn may be broad.

Excuse me for being short, but common sense analysis by a technically inclined person results in the nearly undeniable conclusion that fb exceeded reasonable monopolistic boundaries long ago, and presumed itself to be, under Zuck’s leadership, to be so important as to be responsible, e.g. for “maintaining integrity of elections”. It’s no exaggeration that he fancies himself the leader of a sovereign nation, backed by an army of lawyers and special interest connections private and government.

In public testimony, imo Zuck came across as a smug mob boss intent on accumulating power without bound. The recent pivoting, conspiracy theory rumors that shall remain nameless accusing Zuck of rogue cia cooperation, news releases about criminal shenanigans surrounding data sharing coinciding with the excessive global downtime yesterday, and now his consligere departing, all look suspicious.

At the least, it’s an obvious monopoly controlling a significant cultural aspect of a global social graph. Now they are moving to undo the messaging unification. Last week they wanted gossipers to have more privacy so they can gossip and get away with it better.

I admit to being biased, but given my direct research on how data moves around the Facebook world whether a member or not, whether you have blacklisted any fb domains using little snitch etc, disable all remote js, doesn’t matter, they keep tabs on you somehow. they are essentially their own intelligence community with unchecked power and reach

The accusation from Voldemort is they had or have secret deals with telcom etc which if true is beyond insidious. Ianal but common sense wise if that’s true, they should be broken up and not simply by undoing messaging unification.

FB Response: https://twitter.com/fbnewsroom/status/1105993038671691776?s=...

> It's already been reported that there are ongoing federal investigations, incl. by the Dept of Justice. As we’ve said, we're cooperating w/ investigators and take those probes seriously. We've provided public testimony, answered questions, and pledged that we'll continue to do so

Does anyone ever say they're not cooperating with investigators?
Roger Stone?
Okay let me amend that, does anyone except Roger Stone do that? :-) Like I obviously don't mean this 100% literally (obviously someone does this somewhere), but I'm trying to ask whether the statement really carries any weight not.
Nah, snark aside, you're right. "We're cooperating with the investigation" is largely PR speak for "we're doing the absolute minimum that's legally required of us, and we're doing that as slowly as possible".
No. When they don't cooperate they say something bullshit like "We've cooperated as much as possible" or "We're going to let the investigators do their work."
Elon Musk tends to continue posting foot-in-mouth tweets, when he's under investigation.
Is facebook still down or something? Why are they posting the responses on twitter?
I suppose we’ll someday hear that many of the companies who got people’s data have themselves been hacked, and that privacy is ended for many people. Surely Facebook must have some responsibility in such cases. It can never be too late to benefit from proactive protection of one’s own data; isn’t that why people have been leaving Facebook?
(comment deleted)
When are all the revelations going to end? It's been every few months for the past five years.
They’re a regular Wells Fargo.
Then they'll be perfectly fine in the long run. Maybe Warren Buffett can even get in on some shares at a discount.
Seems likely. Probably a large, meaningless fine.
I was personally involved in a leadership role in one of these key strategic deals while at a major handset maker.

To be clear, we built the 'Facebook experience' for our device because only we really could. During this era, APIs were a disaster of a mess, moreover, the special API that made the device so special was not available to the public. Ironically it was our internal APIs that were making the special sauce!

For this purpose, Facebook provided users of the app we designed access to their own profiles. Obviously, this is a fairly wide API and it had to be made available specially for users of our app.

At no time did we ever have access to FB users private information. At no time did anyone even remotely suggest anything inappropriate or nefarious. There were simply no moral or legal discussions on this front because it was moot.

The situation, net, was akin to Facebook having hired a 3rd party to design an app for them, giving that app the internal FB API necessary to function, and then distributing the app.

This isn't an issue of 'times have changed' or 'looking back we'd have done something different' rather - I can affirm that there was simply no bad acting, no breach of individuals accounts, and no undue risk to individuals accounts.

Obviously this situation is very specific, and that conditions will have varied.

If FB was truly giving Bing special access without people's consent - this is a big problem.

The Cambridge issue - well - this is a tricky one because Cambridge merely took advantage of the API's the entire world had access to. There was little if any discussion of the inherent problems with those APIs, and when it looked like maybe they were being abused, Facebook did the right thing and closed them. They even went ahead and investigated Cambridge to ensure the data was gone, and Cambridge presented them with evidence that it had been deleted. I think in this case Facebook was a responsible actor.

Clearly there are more situations to consider, but we should be thoughtful in terms of how we approach newly released information and not get caught up with the mob.

Personally, I loathe the koolaid mob that built Facebook up, but I'm equally loathe the hate mob wanting to take them down.

As far as the responsibility goes I’ll raise you a Zygna, and especially the Obama campaign which was lauded by the media and facilitated by the platform because after they noticed the abuse “they’re on the same side”. I doubt this would be such a pernicious issue if another candidate won.
I'm so glad you wrote this. It's mind-bogglingly stupid what people are saying about the nefarious purposes this stuff was put to when that's obviously so far from the case and EVERYBODY involved in working on this stuff 10 years ago understands it.
I should add that it's possible there were some loose ends in some other scenarios. I don't think we deeply considered our situation, to the point wherein there might have been some loopholes with caches etc..

At the time, nobody considered the issue to be hugely problematic, it was 'info on a site' and we treated it responsibly, but not like top secret data.

Also, we had no reason to want user data. Today, companies may or may not be able to use such data, but they all seem to be in the game of collecting user information as a systematic impetus. I think this will evolve.

Facebook isn't doing anything worse than what Acxiom and other data brokers have been doing for decades. None of it is criminal without any general purpose data protection laws. This is just pitchfork populism.
How do you know it?
Unless Facebook is mishandling HIPAA data they can do no wrong in the US.
Or they sign a consent decree. Or their customer agreements and disclosures say they don’t do something that they do.
That's not true.

With the 2011 FTC consent agreement, there is plenty that Facebook can do with customer data that will land them on the wrong side of the law.

Investigating and preventing unfair or deceptive acts/practices affecting commerce is a big part of what the FTC does: https://www.federalreserve.gov/boarddocs/supmanual/cch/ftca....

(comment deleted)
I used to think that as well. I've been monitoring the fallout of several labs that were recently hacked and basically mismanaged patient data for millions of people, most of whom have no idea their data was compromised. I have yet to see any of the labs punished. The most recent that I know of was LabCorp.
Facebook isn't doing anything worse than what Acxiom and other data brokers have been doing for decades

Because other people are doing bad things, it's OK for Facebook to do bad things.

I'm not sure that's how the law works.

What?

That's literally how the law works. What "bad things" we prohibit people from doing is determined by law.

We don't have laws regulating the gathering and trade of data on populations or individuals.

Did you read the article?

> Privacy advocates said the partnerships seemed to violate a 2011 consent agreement between Facebook and the F.T.C., stemming from allegations that the company had shared data in ways that deceived consumers.

That (among other things) is what's landing Facebook in legal trouble.

The 2011 FTC consent agreement itself does carry the force of law, which means that if Facebook breaks the terms, it's breaking the law and penalties can be assessed.

I failed to add a qualifier (as in "good" laws, "robust" laws, etc.), but the comment I was responding to was a broad generalization and not specific to this case.

I was aiming at the notion that "this isn't how the law works".

If federal prosecutors are conducting a criminal investigation, it's almost certain those investigators believe(d) a law was broken. I don't think anyone here is in a position to claim "they did nothing criminal" without inside knowledge of the investigation - in which case you certainly wouldn't be commenting here
The idiocy of the echo chamber is entertaining.

Facebook has been milking data piracy, harvesting and monetizing personal data for a decade.

They thought nobody would ever challenge them.

prediction: record fines coming
"It is not clear when the grand jury inquiry, overseen by prosecutors with the United States attorney's office for the Eastern District of New York, began or exactly what it is focusing on."

What is NYT source for this story?

A leak about the existence of an investigation?

NYT journalist saw entries for grand jury subpoenas on PACER?

How do they know the crime has to do with data deals?

We must wait until complaint is filed before anyone can disclose the statute allegedly violated, correct?

“according to two people who were familiar with the requests and who insisted on anonymity to discuss confidential legal matters.”

Yes, there is a lot (more) we would like to know.

But this is as good a time as ever to do a little experiment regarding the practice of anonymous sources: at some point, we are likely to learn more about this investigation. Then, you can check if the information we have now was correct. Or, as the common accusation goes, it was a wholesale fabrication by the Times.

Thank you. Sadly, I missed that line.

It sounds like a leak from within Facebook or another tech company on the receiving end of one of these requests.

I always thought grand jury proceedings are supposed to be secret. Maybe this explains the anonymity. I guess it is not unusual for the fact of the existence of proceedings to leak and for media to speculate? Does this have potential to negatively affect the outcome?

>NYT source for this story

Most probably a US DA turning the screws on Facebook.

Are you suggesting NYT is lying...? I mean, why they'd lie about it? Prosecutors use the media routinely to push their POV so it's not that strange...

Not revealing sources is SOP

(comment deleted)
IANAL. But this:

"reports last June and December that Facebook had given business partners — including makers of smartphones, tablets and other devices — deep access to users’ personal information, letting some companies effectively override users’ privacy settings."

suggests breach-of-contract. Just by creating those privacy settings, the company is 'saying' to (promising) the customer who elects to use them that it will protect that information. That's an (implied) contract. Subsequently allowing anyone else to access that information is a breach.

It'd be interesting to see FB argue in court that breaking promises was okay as a form of restitution for the services they provide.

If it's for one user then it's a breach of contract, if you do that for 10 million, that's a deliberate act of breaching all contracts and that is usually criminal.

scale matters on these issues as well.

and if you are doing it as a big utility company (e.g. banks) then you are free to go :)

The bank I've long used is constantly reminding me that it shares data with its 'affiliates'. So I give it very little data to share.
This sounds like an absurdity, hiding your information from your bank?
Fake address is a good start... Like a PO box you own. Banks are the worst offenders in sharing data with... Data brokers.
Wait, isnt that illegal? Afaik you need to use correct information in a contract.
If the mail reaches me then AFAIU it's legal. A contract does not stipulate that I must spend nights at the address I provide. How, for example, would you otherwise deal with having two residences?
While you may have multiple residencies, legally you have one domicile. This is the location where you live and verification of you actually living there is required by most contracts and is enforceable in a court.
Unless of course you don’t live anywhere because you move every 4 weeks.

Turns out our society is really not designed for someone without a physical residence. It’s made for a frustrating year for me.

Get a better bank. And better banking regulation. I'm pretty sure Dutch (and probably European) banks aren't allowed to share their customers' data around like that, and I'm horrified that there are banks that do this.
Please refrain from suggesting idiotic and potentially illegal actions.
Why not? That is, why does your bank need all that information about you? I give bank my money for safekeeping and the bank provides convenient access to it. Reliable access can be done with different methods using a different degree of anonymity.

At least in the US, banks requiring all sorts of information do it not even as their own business choice -- they do it because government regulators insist that this data is collected because security, because terrorism, because money laundering, etc.

I hope that this does not include providing incorrect information. That would be very dumb and an easy way to lose control of your own money or worse!
So I work for a bank and constantly have to take compliance training...

One of the courses is over disclosure of information to third parties. This info isn’t part of my personal bau, so I might have it wrong, but:

There are two kinds of data sharing a bank does with affiliates, necessary for business (credit checks, appraisal companies, etc) that you cannot opt out of.

Then there’s everything else which you can.

It’s in legalese, but you can ask someone at your bank how to opt out of as much as possible.

It doesn’t help much, but it’s something I guess(?)

Referring to Facebook users as customers is quaint.
I could call them what Zuckerberg did, but some people here might take umbrage.
IANAL either, but two things stand out. First, breach of contract is not a criminal wrong, only a civil one. Second, it would be a big stretch to say that the relationship between users and Facebook (or any nominally free service) is a contract, as valid contracts must follow certain requirements like consideration or a meeting of the minds. This is partly why things like the Computer Fraud and Abuse Act that e.g. Aaron Swartz was being prosecuted under (persecuted, IMHO) can be so alarming: things like terms of service normally wouldn't even stand up as a contract, but under CFAA, they can give rise to criminal charges.

I have no idea what charges the Eastern District of NY might be seeking pursuant to these data deals, but maybe something like mail/wire fraud or honest services fraud? Again IANAL, but those are fairly broad and the government could make the case that Facebook fraudulently breached its duties to its users.

Read the article. This discusses violations of an agreement between Facebook and the FTC. Not an agreement or ToS between users and Facebook.
Did you read OP? In context, the idea is clearly that Facebook violated some sort of contract with its users.
FB seems to be the new Microsoft
The fact that FB and all of its services were down at the same time can't really be a coincidence, can it?

Is Facebook trying to delete incriminating evidence? It wouldn't surprise me one bit if they did that. I hope the prosecutors are smart enough to look for evidence of this, even though I'm sure FB's experts will try to leave as few traces as possible.

OT: While I like how FB is recently struggling, I have to say that their open source contributions and the teams working on those are by far the best in this industry. I hope they keep up doing this great work despite all their problems.
by far?

redhat, ibm, (linux, java, etc) for starters...

Intel (Linux, Mesa), Microsoft (VS Code, .Net core, Python, Language Server Protocol)
Looking at code in Linux contributed by Googlers I don't see how what Facebook has made is better "by far". In my opinion it isn't better at all but that's just me.