Facebook: our cookies keep you safe from cyber terrorists!

As of Monday, the Belgian-Facebook match is ON – let the rhetoric war begin!!!

Belgian privacy body: “Facebook is as bad as the NSA!”

Facebook: “If it weren’t for our infosec cookies, Belgium would become a cradle for cyber terrorism!”

The “Facebook is spying on people all over the world, just like the US National Security Agency” charge was made by lawyers representing the Belgian data protection authority during Monday’s opening statements in a court battle over privacy.

Zuckerberg’s machine is doing the same type of mass surveillance that NSA whistleblower Edward Snowden brought to light – just in a different way, they said.

The Guardian quotes Frederic Debussere, representing the Belgian privacy commission (BPC):

When it became known that the NSA was spying on people all around the world, everybody was upset. This actor [Facebook] is doing the very same thing, albeit in a different way.

Belgium’s been concerned about Facebook “spying” for a while.

A report, commissioned by the BPC and published at the end of March, suggested that the Zuckerbergians are using long-term cookies to track pretty much everybody, as in, Facebook users, be they logged in or logged out.

Facebook has dismissed the findings, claiming that the report was wrong and that any cookie setting was simply a bug that needed ironing out.

That dismissal didn’t go over well with the Belgian data protection authority, which subsequently dragged Facebook into court over its alleged “trampling” of Belgian and European privacy laws.

True to form, Facebook countered the Belgian lawyers’ analogy of its tracking being like NSA spying with equally bombastic spying lingo.

Facebook: “It’s for your own good!”

The Guardian quoted a Facebook spokesperson who said that cookies which follow users around are actually good for us:

We will show the court how this technology protects people from spam, malware, and other attacks, that our practices are consistent with EU law and with those of the most popular Belgian websites.

…while The Register quoted Facebook lawyer Paul Lefebvre, who said the cookies were downright infosec gold, planted to “allow Facebook Ireland to identify bad faith attempts to gain access via the browser being used.”

If this would no longer be possible, Belgium would become a cradle for cyber terrorism.

If bringing up cyber terrorism seems a bit overblown for a fight over ad-targeting cookies, well, you have to admit: Belgium set the tone with its claims that Facebook’s as bad as the NSA.

That old “our servers are in Ireland” shtick

Besides claiming that its cookies are some kind of security software, Facebook is also taking the well-trodden path of hiding behind the shamrock veil.

Lefebvre:

How could Facebook be subject to Belgian law if the management of data gathering is being done by Facebook Ireland and its 900 employees in that country?

The case is being watched with great interest across Europe, where other countries have begun to raise similar questions about Facebook’s privacy practices.

Frederic Debussere, representing BPC, had this to say about Facebook’s country-by-country quibbles:

Don't be intimidated by Facebook. They will argue our demands cannot be implemented in Belgium alone. Our demands can be perfectly implemented just in this country.

The stalking-cookie saga

At the heart of all this is a move Facebook made a year ago to give advertisers more ammunition to target users, by mixing data about what we do on its site with data about what we do on other sites.

Up until that point, Facebook had mostly tracked what users did on its own site – for example, tracking whether we’ve liked a brand’s page or shared a funny ad.

Since it announced the new ad-targeting program, Facebook’s been quietly turning on Like button cookies all around the web, as Global Deputy Chief Privacy Officer Simon Deadman said in a post last week:

With online interest-based ads, if you visit hotel and airline websites to research an upcoming trip, you might then see ads for travel deals on Facebook. 

We let everyone know about this new type of advertising last year, and we've been gradually introducing it around the world.

Starting next month, the switch will get flipped – Facebook will turn on its ad-targeting systems to ensure that advertisers will be able to mix in data about what we do off of Facebook, including what we like or share on sites like Instagram.

The social network also announced last year that its users would be getting a way to turn off whatever completely irrelevant ads for iPhone apps, tropical vacations, tanning salons or whatever else they’re set to see in the new, follow-you-around future.

Facebook, well aware that users aren’t necessarily going to love the extra tracking as much as its advertisers will, this week introduced a new way for people to turn off the ad targeting.

Also, Facebook has been reminding people that you can always opt-out on the Digital Advertising Alliance’s site, though it’s worth noting that multiple readers have found the opt-out page to be little more than a sop.

Michael Scheidell, CCISO ·
And the opt-out page is useless. out of 120 advertisers listed, 116 of them refuse or ignore the out-out requests.

Angie ·
I tried option out at the DAA website, but when it was finished the report said only 8 out of 112 "participating" websites were opted out of.

The price of taking on Belgium

The BPC, which accuses Facebook of tracking non-users and those who’ve logged out of their accounts, is threatening Facebook with a daily fine of 250,000 euros (about $278,000 or £181,000) if it doesn’t get in line with Belgian law.

Image of cookies courtesy of Shutterstock.com