California announces probe of Facebook privacy practices

The social network is under fire in the US state for giving third parties data access and not disclosing its practices.

California attorney general Xavier Becerra, right, speaks as California Governor Gavin Newsom looks on during a news conference in Sacramento [File: Justin Sullivan/Getty Images/AFP]
California attorney general Xavier Becerra, right, speaks as California Governor Gavin Newsom looks on during a news conference in Sacramento [File: Justin Sullivan/Getty Images/AFP]

The attorney general of California – the most populous state in the United States – says he has been investigating Facebook privacy practices since 2018.

California Attorney General Xavier Becerra offered few details about the probe and said he was disclosing it only because his office was making a public court filing to force Facebook to answer subpoenas, to which he said Facebook had thus far failed to respond adequately.

According to the filing, Facebook took a year to fully respond to an initial June 2018 subpoena related to the scandal in which Cambridge Analytica obtained the data of more than 50 million Facebook users – and used that data to influence political outcomes in the US in 2016.

The attorney general then asked for more information, including communications among executives related to developers’ access to user data and privacy-related news stories.

The filing said that Facebook “broadly refuses to answer the interrogatories or comply with the subpoena”, adding that the company has refused to search the emails of top executives Mark Zuckerberg and Sheryl Sandberg in response to the second subpoena.

Facebook didn’t immediately respond to a request for comment.

The investigation is into Facebook’s practices related to privacy, disclosures and third-party access to user data.

The state is looking into whether Facebook violated California law by deceiving users and misrepresenting privacy practices.

Officials say the probe began in early 2018 as a response to the Cambridge Analytica scandal, but has since expanded.

The court filing says Facebook has not yet given answers for 19 of the attorney general’s questions, or provided any new documents in response to six document requests.

The filing says Facebook is dragging its feet and also simply not complying with subpoenas or responding to questions.

California did not join a separate probe involving attorneys general from New York and other US states. The New York probe is looking into Facebook’s dominance and any resulting anticompetitive conduct.

The US Federal Trade Commission recently fined Facebook $5bn over privacy violations, though the penalty was criticised by consumer advocates and a number of public officials as being too lenient.

 

SOURCE: AP NEWS AGENCY

US allies’ government officials hacked via Facebook’s WhatsApp

Victims are spread across at least 20 countries on five continents, sources close to the investigation told Reuters.

WhatsApp says a vulnerability in the app let phones be infected with spyware with a missed in-app call alone [Patrick Sison/AP]

WhatsApp says a vulnerability in the app let phones be infected with spyware with a missed in-app call alone [Patrick Sison/AP]

Senior government officials in multiple countries allied with the United States were hit earlier this year with hacking software that used Facebook Inc’s WhatsApp messaging system to take over users’ phones, according to people familiar with the company’s investigation.

Sources familiar with WhatsApp’s internal investigation into the breach told the Reuters news agency that a “significant” portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents.

More:

Many of the nations are US allies, the people said.

The hacking of a wider group of top government officials’ smartphones than previously reported suggests the WhatsApp cyber-intrusion could have broad political and diplomatic consequences.

Israeli surveillance firm NSO Group was the target of a lawsuit filed by WhatsApp on Tuesday. The Facebook-owned firm alleged that NSO Group built and sold a hacking platform that exploited a flaw in WhatsApp-owned servers to help clients hack into the mobile phones of at least 1,400 users between April 29, 2019, and May 10, 2019.

The total number of WhatsApp users hacked could be even higher. A London-based human rights lawyer, who was among the targets, sent Reuters photographs showing attempts to break into his phone dating back to April 1.

While it is not clear who used the software to hack officials’ phones, NSO has said it sells its spyware exclusively to government customers.

Some victims are in the US, United Arab EmiratesBahrainMexicoPakistan and India, said people familiar with the investigation. Reuters could not verify whether the government officials were from those countries or elsewhere.

Some Indian nationals have gone public with allegations they were among the targets over the past couple of days; they include journalists, academics, lawyers and defenders of India’s Dalit community.

NSO said in a statement that it was “not able to disclose who is or is not a client or discuss specific uses of its technology.” Previously it has denied any wrongdoing, saying its products are only meant to help governments catch groups involved in violent campaigns and criminals.

Cybersecurity researchers have cast doubt on those claims over the years, saying NSO products were used against a wide range of targets, including protesters in countries under authoritarian rule.

Citizen Lab, an independent watchdog group that worked with WhatsApp to identify the hacking targets, said on Tuesday at least 100 of the victims were civil society figures such as journalists and dissidents, not criminals.

John Scott-Railton, a senior researcher at Citizen Lab, said it was not surprising that foreign officials would be singled out as well.

“It is an open secret that many technologies branded for law enforcement investigations are used for state-on-state and political espionage,” Scott-Railton said.

Prior to notifying victims, WhatsApp checked the target list against existing law enforcement requests for information relating to criminal investigations, such as violent campaigns or child exploitation cases. But the company found no overlap, said a person familiar with the matter. Governments can submit such requests for information to WhatsApp through an online portal the company maintains.

WhatsApp has said it sent warning notifications to affected users earlier this week. The company has declined to comment on the identities of NSO Group’s clients, who ultimately chose the targets.

SOURCE: REUTERS NEWS AGENCY

Rashida Tlaib to Mark Zuckerberg: Why Haven’t You Stopped Hate Groups From Organizing on Facebook?

IMG_20181216-facebookpiece2-ajb

We feature more highlights from the five-hour grilling of Facebook CEO Mark Zuckerberg this week on Capitol Hill, where Michigan Congressmember Rashida Tlaib said she feared that far-right hate groups were using Facebook event pages to incite violence against Muslims and other minorities — including death threats directed at her office. Tlaib asked to be seen not only as a Congresswoman, but also as “a mother that is raising two Muslim boys in this pretty dark time in our world.” Meanwhile, California Congressmember Katie Porter pinned Zuckerberg down on Facebook’s privacy policies. “You are arguing in federal court that in a consumer data privacy lawsuit, in which your own lawyers admit that users’ information was stolen, that the plaintiffs fail to articulate any injury,” Porter said. “In other words, no harm, no foul. Facebook messed up, but it doesn’t matter. Is that your position?”

“You Won’t Take Down Lies or You Will?”: AOC Grills Facebook’s Zuckerberg on Lies in Political Ads

OCTOBER 25, 2019

This week, as Facebook said it will not fact check political ads or hold politicians to its usual content standards, the social media giant’s CEO Mark Zuckerberg was grilled for more than five hours by lawmakers on Capitol Hill on the company’s policy of allowing politicians to lie in political advertisements, as well as its role in facilitating election interference and housing discrimination. We play highlights from New York Congressmember Alexandria Ocasio-Cortez, and Ohio Congressmember Joyce Beatty, who asked Zuckerberg about Facebook’s record on civil rights, which she called “appalling and disgusting.” Beatty said the company “should have known better” and might have if “you had real diversity and inclusion on your team.”

Facebook sets aside $3bn for possible privacy probe damages (guilty, anyone?)

Facebook

Facebook has said it will set aside $3bn (£2.3bn) to cover the potential costs of an investigation by US authorities into its privacy practices.

While it has provided for a heavy toll from the investigation by the US Federal Trade Commission, the final cost could be $5bn, it said.

The social media giant also said total sales for the first three months of the year leapt 26% to $15.08bn, narrowly beating market expectations.

Monthly users rose 8%, it said.

That rise takes the number of users to 2.38 billion.

“We had a good quarter and our business and community continued to grow,” founder and chief executive Mark Zuckerberg said.

“We are focused on building out our privacy-focused vision for the future of social networking, and working collaboratively to address important issues around the internet.”

IMG_20181216-facebookpiece1-ajb.jpg

Image: “Facebook, #2”  by Alyssa Joy Bartlett, 2018

Shares rise

The shares are up by nearly 40% in the year to date, far outperforming the broader market, and were up nearly 5% in late trading on Wall Street.

Facebook is facing a probe over the Cambridge Analytica data scandal, however no findings have yet been published.

Facebook was labelled “morally bankrupt pathological liars” by New Zealand’s privacy commissioner this month after hosting a livestream of the Christchurch attacks that left 50 dead.

In an interview after the attacks, Mr Zuckerberg refused to commit to any changes to the platform’s live technology, including a time delay on livestreams.

Facebook, which owns Instagram, last week admitted that millions more Instagram users were affected by a security lapse than it had previously disclosed. It had mistakenly stored the passwords of hundreds of millions of users without encryption.

Facebook, WhatsApp and Instagram users hit by outages (huh.)

Social media sites were inaccessible to many users across the globe on Sunday, according to Downdetector.com.

Facebook, WhatsApp and Instagram users hit by outages
Most of those affected by the outages were in Europe, according to Downdetector.com 

Social media networks, Facebook, WhatsApp and Instagram, were inaccessible to some users across the world on Sunday, according to Downdetector.com, a website which monitors outages.

The outage tracking website showed that there are more than 9,000 incidents of people reporting issues with Facebook.

Downdetector.com’s live outage map showed that the issues mainly cropped up in Europe.

Separately, Downdetector.com also showed that there were issues with WhatsApp and Instagram, but with a relatively lower count of outage reports.

Facebook had experienced one of its longest outages in March, when some users around the globe faced trouble accessing Facebook, Instagram and WhatsApp for over 24 hours.

Millions of Facebook passwords exposed internally

Smartphone users silhouetted against the Facebook logo (file photo)

The passwords of millions of Facebook users were accessible by up to 20,000 employees of the social network, it has been reported.

Security researcher Brian Krebs broke the news about data protection failures, which saw up to 600 million passwords stored in plain text.

The passwords that were exposed could date back to 2012, he said.

In a statement, Facebook said it had now resolved a “glitch” that had stored the passwords on its internal network.

In a detailed expose, Mr Krebs said a Facebook source had told him about “security failures” that had let developers create applications that logged and stored the passwords without encrypting them.

Commenting on Mr Krebs’s story Facebook engineer, Scott Renfro said an internal investigation started after Facebook had uncovered the logs had not revealed any “signs of misuse”.

In public comments, Facebook said it had discovered the issue in January as part of a routine security review.

And its investigation showed that most of the people affected were users of Facebook Lite, which tends to be used in nations where net connections are sparse and slow.

“We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users,” the company told Reuters.

But it added it would enforce a password re-set only if its taskforce looking into the issue uncovered abuse of the login credentials.

The news caps a long period of trouble for Facebook over the way it handles and protects user data.

In September last year, it said information on 50 million users had been exposed by a security flaw.

And earlier in 2018 it revealed that data on millions of users had been harvested by data science company Cambridge Analytica.