Skip to content
Naked Security Naked Security

Congress chews up Zuckerberg, day two: A far more thorough mastication

"What's the difference between Facebook and J. Edgar Hoover?"

After Tuesday’s nearly five-hour grilling in the Senate – more of a light sautéing, really – Facebook CEO Mark Zuckerberg on Wednesday gave Congress another five hours of his life: this time, before the House Energy and Commerce Committee.
Representatives’ questions again hit on Tuesday’s themes: data privacy and the Cambridge Analytica (CA) data-scraping fiasco, election security, Facebook’s role in society, censorship of conservative voices, regulation, Facebook’s impenetrable privacy policy, racial discrimination in housing ads, and what the heck Facebook is.
Zuck’s take on what Facebook has evolved into: “I consider Facebook a technology company. The main thing we do is write code. We do pay to help produce content. We also build planes to help connect people, but I don’t consider ourselves to be an aerospace company.” (Think of Facebook’s flying ISPs.)
When he hears people ask whether Facebook is a media company, the CEO said that what he really hears is whether the company has, or should have, responsibility over published content – be it fake news meant to sway elections, hate speech, or Russian bots doing bot badness.
His answer has evolved: for years, he’s been pushing back against fears about fake news on Facebook. The company just builds the tools and then steps back, he’s repeatedly said, insisting that platform doesn’t bear any of the responsibilities of a publisher for verifying information.


Zuck still considers Facebook to primarily be a technology company, but for two days of testimony he’s acknowledged that it’s been slow to accept responsibility when people do bad things with its tools.
Overall, the tone of the questioning was a lot tougher than it was in the Senate. Zuckerberg didn’t budge from his script, though.
For example, Rep. Frank Pallone tried to nail Zuck down on making a commitment to changing all user default settings so as to minimize, “to the greatest extent possible,” the collection and use of data. One-word answer, please: yes or no?
Zuck demurred: “That’s a complex issue,” he said. “and it deserves more than a one-word answer.”
Pallone came back with a zinger having to do with how Facebook has passed the buck when it comes to protecting users’ data from being scraped and used to do things like target voters with political ads:

You said yesterday that each of us owns the data we put on Facebook. Every user is in control. But we know the problems with CA. How can Facebook users have control over their data when Facebook itself doesn’t?

OUCH! Yea, what he said!
Zuck’s I-Am-Teflon response: “We have the ability for people to sign into apps and bring their data with them.” That means you can have, for example, a calendar that shows friends’ birthdays, or a map that shows friends’ addresses. But to do that, you need access to your friends’ data as well as bringing in your own to an app. Facebook has now limited such app access so that people can only bring in their own data, he said.
OK… but that’s not really an answer. Of course, during his two days of testimony, Zuckerberg repeatedly explained that users have control over everything they post. There’s that little drop down, Zuckerberg explained many, many times, that lets you choose who’s going to view your content – the public at large? Just friends? Groups? Just one or two people? It’s up to you!
True, privacy policies are tough to read, and that’s why Facebook tries to stick privacy into the stream of things. Like, say, those little drop-down arrows allowing you to choose who sees what… and did he mention those little drop-down arrows that let you choose the audience for a post? Maybe once or twice.
And yes, Zuck said, Facebook is working on making it easier for users to get to privacy settings. For example, after CA blew up last month, Facebook pledged to reach into the 20 or so dusty corners where it’s tucked away privacy and security settings and pull them into a centralized spot for users to more easily find and edit whatever data it’s got on them.
Assorted other bees in the House’s bonnet included:

Diamond and Silk. Diamond and Silk. Diamond and Silk.

What in the world is this “Diamond and Silk” that conservative lawmakers have repeatedly asked about during the two days of Zuck’s testimony? For those of us who aren’t familiar, it’s not a luxury brand: they’re two pro-Trump vloggers, Lynnette “Diamond” Hardaway and Rochelle “Silk” Richardson, who’ve claimed that Facebook has censored them as spreading “unsafe” content.
On Wednesday, Rep. Joe Barton started his questioning by reading a request he got from a constituent: “Please ask Mr. Zuckerberg, why is Facebook censoring conservative voices?” He said he’d received “dozens” of similar queries through Facebook.
Zuckerberg: “Congressman, in that specific case, our team made an enforcement error and we have already gotten in touch with them to reverse it.”
Sen. Ted Cruz also brought up the vloggers during a heated exchange with Zuckerberg on Tuesday, citing them as an example of what he said is Facebook’s “pattern of bias and political censorship.”
Diamond and Silk were also brought up by Rep. Fred Upton and Rep. Marsha Blackburn, the latter of whom also asked if Facebook “subjectively manipulate[s] algorithms to prioritize or censor speech?”
When Zuck began his response by referencing hate speech and terrorist material – “the types of content we all agree we don’t want on the service” and which are automatically identified and banned from the platform – Blackburn angrily interrupted him, exclaiming:

Let me tell you something right now. Diamond and Silk is not terrorism!

What’s the difference between Facebook and J. Edgar Hoover?

Over the course of two days, both branches of Congress wondered whether Facebook is a surveillance outfit. Does it listen to our conversations? One seed of that worry was planted when many users, post-CA, requested their data archives from Facebook, only to find that the platform logs calls and textswith permission, Facebook stressed and which apparently went in many ears and right back out.
Rep. Bobby Rush asked Zuckerberg what the difference is between Facebook and a 1960s program wherein the government, through the FBI and local police, conducted a counterintelligence program to track and share information about civil rights activists, including their religious and political ideology. He himself was a “personal victim” of the program.
“Your organization is similar,” Rush said. “You’re truncating basic rights … including the right to privacy. What’s the difference between Facebook’s methodology and the methodology of American political pariah J. Edgar Hoover?”
Zuck said the difference between surveillance and what Facebook does is that on Facebook, you have control over your information. “You put it there. You can take it down anytime. I know of no surveillance organization that gives people that option.”
Mark, you’ve had a tough few days. I hate to make your week even more arduous.
But puh-LEEEZ. Come on. Everybody knows that Facebook tracks us across the web, even when we leave the platform. It’s been doing it for years.
One tool among many to do so is Facebook Pixel, a tiny, transparent image file the size of just one of the millions of pixels on a typical computer screen. No user would ever notice the microscopic snippet, but requests sent by web pages to get one are packed with information.
No, we don’t have that much control over our information. But Mark Zuckerberg has demonstrated masterful control when it comes to staying on message.


23 Comments

I feel like you’re taking a side in this but…I can’t tell which.
In the technology field it’s common knowledge that anything you sign up for sells or abuses your personal information in some way. Is this really surprising to anyone?
If this is upsetting to anyone beyond the Senate, there are a lot of useful links when you search Google for: “How to delete my Facebook account”.

When something is addictive, harmful, pervasive, and has only it’s own self interest in mind. That’s how it crosses that line from a generally accepted agreement that people can make, into something we should question and scrutinize more deeply.

What about the stuff they get by having their non-deletable/non-disableable apps on my phone?

I completely agree, i dont have facebook, but i have this app, cant get rid of it. another vendor with these kind of invasive programs is Amazon. I found it was sending out anonymous data through my firewall, when i approached them, suddenly it stopped. I know im not Paranoid, because its happening everywhere to everyone.

What app is that?
AFAIK, you have to download the Facebook app from Google Play or the App Store before it’ll be on your phone…and then you have to launch it, and then you have to set it up by telling it your Facebook username and password. Unless and until you do all of those, you don’t “have this app”…
…or did I miss something?

You missed something.
Facebook and Amazon apps come pre-installed and non-removable by default on many smart phones. I haven’t dug into Amazon’s rabbit hole yet (and it’s mostly irrelevant to the story, except for the part where I keep getting the “Amazon photos has stopped” error because I disabled it) , but Facebook also has a pair of apps that come with it that can’t be deleted or disabled, and run in the background. This I know because they put wake-locks on my phone, draining the battery and showing evidence of unauthorized activity.

Do you have the names of those apps, and the device/vendor/carrier’s firmware they’re baked into?

Not a comprehensive list, but I can verify immediately that my Sprint LG G6 has Facebook (not deletable), Facebook App Manager (cannot be disabled or removed) and Facebook App Installer (also cannot be disabled or removed).

I have no doubt Paul is going to dig into those apps for the adventure.

One of the problems with adventures on Android is that there are so many tweaked-and-tailored versions of everything, including the underlying incarnation of Android itself…

Let me echo that … What’s the difference between Facebook and J. Edgar Hoover?

I can think of two very large & important differences just off the top of my head:
#1, those under surveillance by Hoover & Company had absolutely no control over any decisions to monitor their activities.
#2, the FBI’s dirty deeds were bought and paid for by U.S. taxpayers.
Please note that I am NOT saying this in any sort of defense of Facebook.

“think about people paying each other with Facebook’s Venmo)”
I believe Venmo is owned by PayPal, not Facebook.

It’s not obvious, from visiting Venmo’s website, who owns the company. But if you click through to its User Agreement page you will see that indeed describes “a contract between you and PayPal, Inc. […that] applies to your use of Venmo […]”
(I removed the bit about FB and Venmo, thanks for pointing it out.)

It actual says on the bottom of the home page: Venmo is a service of PayPal, Inc.

Aha. But no mention of PayPal on the home page of the mobile site, which is the one I looked at. Unless I managed to miss it…

One was ran by the government, one isn’t. Honestly people just put way to much information on facebook.

I’ve never signed up to Facebook because I don’t want them hoarding & sharing my private & personal info. You know what annoy me, they collect it anyway off others.
People post photos of me & my family, then tag us all.
When the install facebook/whatsapp/etc it sucks down their contacts including my info (just like the viruses of old which sucked down contacts & then sold them to spammers).
Facebook then cross references this info & builds a profile on me. Even though I’ve deliberately chosen not to join their service or give them any information. their little spies are always gathering information on me. The know my name, my birthday, where I live, who I am & have been friends with, what i look like, who my family is, who I hang around with. How do I have control over the information Facebook has? I don’t. simple as that.
J Edgar *wishes* he had Facebook. Facecrooks is more apt.

While you can argue that Facebook’s reach, and scale, and popularity, and influence (add as many similar epithets as you wish) all make the problem worse…
…the issue of other people giving away personal data about you without asking permission is something that goes way, way beyond Facebook. It’s something that we all need to confront as a society, given that we are so widely equipped with instant-operation cameras and immediate-upload internet service.

Although you haven’t signed up to Facebook, it is worrying that they could still potentially be recording data about you. Shadow profiles appear to be profiles created based on Facebook user’s contacts who are not on Facebook. Could this data – email, mobile number, name (anything else recorded in contacts book – coupled with tagged photos on facebook of you, plus facebook pixel and other tracking tools be used to create a profile of online activities?

“You put it there. You can take it down anytime.” What about the Facebook image cache? Are you able to delete your information once you’ve shared it with an app?

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?