Blog

08 Apr Don’t Be Fooled by Its Spin: Facebook Plans to Remain a Data Company

Don’t Be Fooled by Its Spin: Facebook Plans to Remain a Data Company - Facebook on Privacy

Mark Zuckerberg’s apologies notwithstanding, his social media creation is first and foremost a tool for gathering information about everybody

It has been a tough few months for Facebook CEO Mark Zuckerberg. He has gone from tipping his toe in the presidential waters to being hauled before Congress to defend his company’s privacy policy.

His company has hit troubled waters, some of which stem from a lack of understanding of how the company really operates — and others of which are completely of Zuckerberg’s own making.

Let’s be honest. If you put material on Facebook, you have lost control of it. The company vacuums users’ personal information and traffics it into the marketplace. Data have become currency, and America’s tech industry, led by Google and Facebook, are the Vanderbilts and Rockefellers of data information sales.

It should come as little surprise that the company, as Bloomberg reports, goes so far as to scan links and personal photos people send by Facebook’s messenger app.

Your information is what fuels its bottom line and the company is one of the largest and most powerful corporations in human history.

Zuckerberg’s initial response to the “crisis” is typical of the company and an example of what Rahm Emanuel said: “Never let a good crisis go to waste.” In response to congressional concerns about privacy, the company announced it would sever relationships with third-party data providers.

Facebook claims its action will tamp down on the information, but the truth is that it will monopolize the data the company has collected. If Congress allows this sleight of hand to happen, Facebook will emerge stronger and more powerful than ever before.

For conservatives, Facebook has become a chokehold on information. From Rare, a libertarian-leaning news and information platform, to RightWingNews.com, a long-standing place for conservative-leaning stories, a tweak of the Facebook’s algorithm was enough to limit traffic to their sites, which ultimately led to their demise.

The fear that the progressives who dominate the tech industry will use their platforms to punish conservatives is not conspiracy. It is a fact. Google tips the scales on search results by using the race-baiting and vehemently anti-GOP Southern Poverty Law Center.

Facebook has partnered with Snopes, the liberal “fact-checker,” to determine what is fake news. Twitter has banned conservatives with large followings while ignoring liberals who often call for President Donald Trump’s demise.

Recently, Zuckerberg added gasoline to the fire by telling Vox.com that his vision for the platform is not free speech but the creation of an independent “supreme court” that would determine what is acceptable speech.

“[O]ver the long-term, what I’d really like to get to is an independent appeal,” Zuckerberg said. “So maybe folks at Facebook make the first decision based on the community standards that are outlined, and then people can get a second opinion.

“You can imagine some sort of structure, almost like a supreme court, that is made up of independent folks who don’t work for Facebook, who ultimately make the final judgment call on what should be acceptable speech in a community that reflects the social norms and values of people all around the world.”

Over the last few days, Facebook has been rolling out some positive-sounding policies to provide Zuckerberg with some ammo before Congress, including giving users greater control over what information third-party apps can gather and bulk-delete capabilities for such apps.

Congress would be foolish to allow Zuckerberg to use the privacy issue to gain even greater control of the marketplace.

But the company isn’t changing much about the info it collects and use. Make no mistake about it: Facebook remains a data company. It can make rhetorical claims about protecting user privacy, but it profits, and profits mightily, from consumers’ information.

Congress would be foolish to allow Zuckerberg to use the privacy issue to gain even greater control of the marketplace, while allowing him to walk away from the upcoming hearing without addressing the elephant in the room. That’s the tech industry’s willingness to limit speech and information in a manner that discriminates against conservatives.

 

(photo credit, homepage image: Mark Zuckerberg, Cut Out, CC BY 2.0, by Anthony Quintano; photo credit, article images: Mark Zuckerberg, Cut Out, CC BY 2.0, by Anthony Quintano)

Originally posted on LifeZette

Read More

19 Dec LabMD Appeal Has Privacy World Waiting

Reblogged from JDSupra

It is the case that could define the scope of the U.S. Federal Trade Commission’s authority in data security.

The U.S. Court of Appeals for the Eleventh Circuit heard argument six months ago in LabMD, Inc. v. Federal Trade Commission. As readers of this blog know, the case turns on what kind of consumer harm is required for the agency to maintain a data security enforcement action.

Yet, for a case with such potentially broad implications, it doesn’t involve a high-profile data breach with millions of protected healthcare records roaming freely in the digital ether. Nor does it involve a single instance of identity theft or untoward use of patient information.

In fact, it’s doubtful that there was even a data breach.

The FTC’s enforcement action against LabMD focuses on two incidents dating back a decade. In the first instance, the FTC complaint charged that a report with the names, birth dates and Social Security numbers for 9,000 patients was compromised. But the back story is more complicated. A cybersecurity firm soliciting LabMD’s business allegedly “discovered” the report on a peer-to-peer file sharing program installed on one computer in LabMD’s accounting department. The cybersecurity firm allegedly shared the report with the FTC. There’s no evidence, however, that the report was shared with anyone else.

The second instance – the FTC charged – was a document with sensitive patient information that ended up in the hands of identity thieves in California. Again, there’s no evidence that this second document was used for illicit purposes, nor it is clear how the report found its way to California.

At the heart of the appeal is the scope and reach of the FTC’s enforcement powers under Section 5 of the FTC Act and the trigger for an enforcement action, all hotly debated issues since the case started in 2010 and a powerful test of the Commission’s authority. Section 5 prohibits “unfair” acts or practices that “cause[] or is likely to cause substantial injury to consumers….”

After a three-year investigation, the agency filed an Administrative Complaint in 2013 alleging that LabMD failed to adequately protect patient medical data, and demanded that, as part of a settlement, it institute a comprehensive data security program and submit to third-party security audits for the next 20 years. LabMD rejected the settlement.

Round One: LabMD Wins Administrative FTC Trial

In a stinging 91-page ruling, the agency’s own chief administrative law judge, J. Michael Chappell, dismissed the case against LabMD on the grounds that the Commission failed to demonstrate that it was “likely” consumers had been substantially injured – as required by Section 5 – by the two alleged data security incidents. ALJ Chappell concluded that the FTC failed to show any proof whatsoever of actual consumer injury. He flatly rejected the FTC’s theory that a statistical or hypothetical risk of future harm was enough to find LabMD liable for unfair conduct under Section 5 of the FTC Act.

“To impose liability for unfair conduct under Section 5(a) of the FTC Act, where there is no proof of actual injury to any consumer, based only on an unspecified and theoretical ‘risk’ of a future data breach and identity theft, would require unacceptable speculation and would vitiate the statutory requirements of ‘likely’ substantial consumer injury.”

Round Two: Commission Reverses ALJ

In its Opinion and Final Order, the Commission reversed the ALJ’s ruling and held that the “wrong” legal standard was applied and that the pertinent inquiry is whether the act or practice at issue posed a “significant risk” of injury to consumers.

“[C]ontrary to the ALJ’s holding that ‘likely to cause’ necessarily means that the injury was ‘probable,’” the Commission wrote, “a practice may be unfair if the magnitude of the potential injury is large, even if the likelihood of the injury occurring is low.” The Commission concluded that Congress had entrusted it with protecting a broad range of consumer harms and “need not wait for consumers to suffer known harm at the hands of identity thieves” before taking action.

Round Three: Stay Tuned

In a 20-minute spirited oral argument on June 21, 2017, the Eleventh Circuit asked why the Commission didn’t simply use rulemaking instead of an enforcement action if its concern is the prevention of future incidents. As one member of the court observed during the hearing: “A tree fell and nobody heard it, that’s the case we have here.” To listen to the oral argument, click here.

Even before oral argument, the Eleventh Circuit signaled its discomfort with the FTC’s position that actual or likely consumer injury wasn’t required under Section 5. In a pre-appeal motion, the court noted that LabMD had “made a strong showing” that the agency’s legal interpretation of Section 5 may not be reasonable.

The Eleventh Circuit’s ruling – whenever and however decided – will have far-reaching implications. If the FTC prevails, the agency will likely have more discretion in defining the threshold for consumer harm under a Section 5 enforcement action; and, the agency’s consent decrees will be viewed a body of precedents indicating what data security practices are considered “unfair” by the Commission. But if LabMD wins, the enforcement bar will be raised – requiring more than just speculative or hypothetical consumer injury – to sustain an enforcement action.

Read More

18 Oct Michael is speaking on Prosecutorial Fallibility and Accountability

Nov 7, 2017
4-6PM
Hayek Auditorium, Cato Institute
Featuring Rob Cary, Partner at Williams & Connolly, and author of Not Guilty: The Unlawful Prosecution of U.S. Senator Ted StevensHoward Root, Former CEO, Vascular Solutions, and author of Cardiac Arrest: Five Heart-Stopping Years as a CEO on the Feds’ Hit-List; and Michael J. Daugherty, Founder and president, LabMD, and author of The Devil Inside the Beltway: The Shocking Exposé of the U.S. Government’s Surveillance and Overreach into Cybersecurity, Medicine and Small Business; moderated by Clark Neily, Vice President for Criminal Justice, Cato Institute.

Prosecutors and other government lawyers who enforce our nation’s laws wield vast power and exercise tremendous discretion with little oversight or accountability. For example, more than 95 percent of criminal convictions are now obtained through plea bargaining instead of jury trials. As a result, citizen participation in our criminal justice system has effectively been eliminated and with it much of the oversight that the Constitution’s framers intended. Even when cases do go to trial, it is possible — and, some have argued, disturbingly common — for prosecutors to further tilt the playing field in their favor by failing to disclose potentially exculpatory evidence, influencing witnesses with threats or inducements, and manipulating juries with improper arguments. Unfortunately, when government lawyers do commit misconduct, it is extremely rare for them to be punished or indeed even publicly identified. Finally, the U.S. Supreme Court has held that prosecutors are absolutely immune from civil lawsuits, even for willful violations of people’s rights, such as deliberately prosecuting someone they know to be innocent and suborning perjury to obtain an unjust conviction.

As a result, two important questions arise: (1) Are the existing checks on prosecutorial misconduct strong enough to ensure fairness in criminal and regulatory proceedings; and (2) are Americans well-served by our current system of near-zero accountability for prosecutors and other government lawyers? Our panelists have written powerful and often deeply shocking books about their firsthand experiences with that system and the damage it does to the cause of justice.

For more information see this website.

Read More

07 Jul LabMD v. FTC: A David Against Goliath Story

Location:
Federalist Society Teleforum Conference Call

Featured Speakers:
Justin (Gus) Hurwitz
Michael Daugherty

Description:
Mike Daugherty was the CEO of LabMD, a medical testing lab put out of business by the FTC. He has spent most of the last decade defending his company against charges that it had deficient cybersecurity practices. The early years of this battle are recorded in his book, “The Devil Inside the Beltway”. In so doing, he has become the only litigant to challenge the basic authority that underlies more than 200 enforcement actions relating to cybersecurity and online privacy that the FTC has brought over the past 15 years. Every one of the 200+ litigants before him – including some of the largest companies in the world – have settled with the FTC, creating an unquestioned and untested belief that the FTC has broad authority to regulate in these areas.Following oral arguments last month before a panel of the 11th Circuit Court of Appeals, it seems entirely possible that Mike, a David against the FTC’s Goliath, is going to prevail. In so doing, he may well topple key pillars of the FTC’s cybersecurity and online privacy edifice.Mike’s story, however, is about far more than cybersecurity. It is about the owner of a small company who had the audacity to stand up to the administrative state, to tell the emperors of a federal agency that they had no clothes, and to stand on principle, refusing to accept a settlement offer to make the charges that he believed were baseless go away. His story is remarkable because it tells us what it takes to fight an administrative agency. 

Sign up for Regulatory Transparency Project updates at RegProject.org.

 

Featuring: 

  • Michael J. Daugherty, Founder, President and CEO, LabMD
  • Gus Hurwitz, Assistant Professor of Law, Nebraska College of Law
Agenda:

Call begins at 12:00 p.m. Eastern Time. Must be registered to participate and must be a Federalist Society to register.

 

Read More