Skip to content
Naked Security Naked Security

FTC goes after Facebook

Time for Facebook to face the music on its data glad-handling in the Cambridge Analytica scandal.

The US Federal Trade Commission (FTC) confirmed on Monday that it’s investigating how the personal information of 50 million users slipped through Facebook’s grasp and wound up with data analytics firm Cambridge Analytica (CA).
Last week, the FTC declined to confirm that it was investigating Facebook, including whether the company violated a consent decree signed with the agency in 2011. That decree required that Facebook notify users and receive explicit permission before sharing personal data beyond their specified privacy settings.
Any violations of the consent decree could carry a penalty of $40,000 a pop.
The statement issued by Tom Pahl, Acting Director of the FTC’s Bureau of Consumer Protection, about the concerns regarding Facebook’s privacy practices:

The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act.
Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices.

Privacy practices? What privacy practices?
According to multiple whistleblowers, Facebook basically rolled over and played dead while CA and other developers blithely scraped away its users’ data.

Sandy Parakilas, the platform operations manager at Facebook responsible for policing data breaches by third-party software developers between 2011 and 2012, spoke to British MPs last week. Parakilas said that during his tenure, he got the impression that Facebook feared looking too closely at the unvetted developers who’d been given access to Facebook servers and the user data therein, frightened as it was that lifting up the rock could lead to liability over policies or laws being broken in data breaches.
As it is, CA is believed to have used such data to create what it’s dubbed “psychographic profiles” with which to microtarget Facebook users in the 2016 presidential campaign, the Brexit campaign, and the campaigns of US Republicans including Ted Cruz, Ben Carson, Tom Cotton, John Bolton, et al.
And just where was Facebook during all this? The FTC says its probe will determine whether the company “failed” to honor its privacy promises.
Former FTC officials told the Washington Post that the investigation could lead to fines in the trillions of dollars.
Facebook’s putting on its game face. Rob Sherman, deputy chief privacy officer, told CNBC that the company would “appreciate the opportunity to answer questions the FTC may have.”


(strictly opinion, based on bits of data read on news sites and the tapes of CA) Yes FB needs to be cleaned up as far as PII, but it’s looking like they might not have had a choice. The origins of CA are looking to be all spook stuff and I expect there will be a lot of shifting of blame and “data withheld due to national security”, unless they can just get CA out of the news quietly. If the international manipulation comes more to light, it’ll get really interesting.
I’ll place my bets that it gets real quiet all of a sudden, there is just a fine to FB, couple policy changes, then the attention just fades away, and the data mining will continue for a rebranded CA.
On the bright side, more people are becoming aware and interested in their own data security.


Just to put things in perspective, Facebook leaked data that had been shared voluntarily by 50 million of their customers. Experian leaked data from many more people, none of whom had given their permission for Experian to have the data in the first place. And the Experian data leak was arguably much more damaging to the customer. This is not to excuse Facebook, but why isn’t the same level of scrutiny being given to them?


I would like to know why the FTC isn’t going after Zuckerburg for insider trading. He dumped huge shares of fb stock 4 days before all of this other stuff was made public,that’s insider trading is it not?


While everyone focuses on the Canbridge Issue. Facebook’s social setup on the web was a great way for private data centers to collect all information and most of artificial intelligence gathering to get everyone’s personal knowledge that would benefit others. That’s right artificial intelligence. The making of a supreme AI for their gain and billions made off our backs. Its the same as stealing information and knowledge of all topics from everyone and make money off of our stolen knowledge. Forget the trillions of fines. Lock them all up those B$%%$trds they mad us their money slaves.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!