View as a web page

EFFector! Electronic Frontier Foundation

In our 733rd issue:

We Watched The Zuckerberg Hearings So You Don't Have To

In most issues of EFFector, we give an overview of all the work we’re doing at EFF right now. This week, we present a deep dive on the recent Facebook data revelations and Mark Zuckerberg's testimony before Congress.

As the nation searched for answers in the wake of Facebook’s Cambridge Analytica scandal, Mark Zuckerberg testified last week before a joint session of the Senate Judiciary and Commerce Committees as well as the House Energy and Commerce Committee. While many users’ suspicions were affirmed, many important questions went unasked, unanswered, or deflected. Can users trust tech companies to handle their personal information? Can a surveillance-based, advertising-powered platform provide real user privacy protections? If not, how should users, legislators, and the company itself respond?

These have long been important questions for users and platforms to explore. This particular scandal with Facebook and Cambridge Analytica was unique only in that it combined sweeping data collection, indiscriminate sharing, lax safeguards, and manipulative advertising into the perfect privacy storm. Several years ago, Facebook’s Graph API allowed a researcher to engage in voracious collection of millions of people’s data without anything resembling informed consent. Then Facebook failed to step in as Cambridge Analytica subjected that user data to privacy-invasive machine learning techniques for targeted advertising purposes. Perhaps worst of all, Facebook never notified users of a known bad actor’s unauthorized access to their data.

A Pivotal Time for Online Privacy

When a former Cambridge Analytica employee came forward to the press last month, it broke the dam on over a decade of Facebook privacy concerns.

This Cambridge Analytica fiasco and subsequent fallout serve as a reminder of the serious privacy risks that users face when their personal information is captured, analyzed, indefinitely stored, and shared by a constellation of data brokers, marketers, and social media companies.

Facebook has responded with a stream of statements and changes, from reorganizing privacy settings to locking down APIs to ending relationships with third-party data brokers. But none of these changes have addressed the problem at the core of not only Facebook’s but much of the popular web’s privacy problems: We can’t be full participants in 21st-century social and political discourse without providing advertisers and others a constant stream of our most intimate personal details.

You shouldn’t have to be a settings wizard in order to enjoy a popular platform in a safe, private way. Platforms should protect your privacy by default and by design, collecting information only with your affirmative, informed consent. You should have meaningful control over your information and your experience. And, if you decide that a particular platform isn’t doing a good enough job protecting the data you’ve entrusted it with, you should be able to leave and take all your information with you. These are just a few of the privacy rights that any responsible social media platform should provide for its users.

Word Games in Congress

Unfortunately, Mark Zuckerberg’s testimony in front of Congress gave us little confidence that the company is committed to providing the transparency and accountability at the foundation of those privacy rights. Instead, the hearings were full of technically accurate but deceptively incomplete word games, as well as hand-waving about AI, confusion about the roles of platforms and ISPs, and shocking inaccuracies about Section 230. Zuckerberg was unable to provide even ballpark answers about the scale at which Facebook tracks users and non-users across the web, and promised that his team would follow up at a later date a whopping 40 times.

With the hearings over, the question remains: What next? Above all, the guiding question should not be: What legislation do we need to make sure there is never another Cambridge Analytica? Rather, we should be asking: What privacy protections are missing, and how can we fill that gap while respecting other essential values like speech, user empowerment, and competition?

What Comes Next

A knee-jerk urge to slap rules on Facebook risks enshrining it as the sole guardian of our discourse and data, with the quasi-authoritarian power to police speech and squash rivals. It’s important to consider how any reactions to the Cambridge Analytica scandal, legislative or otherwise, might help or hinder potential future competitors. While Facebook has the vast resources to comply with whatever requirements Congress throws at it, smaller start-ups may not.

Facebook’s surveillance business model and data-hungry design have created real problems for its users’ privacy rights. But some of those problems can be fixed. Going forward, we can look for answers in existing laws, pressure from users and investors, and focused legislative steps where necessary. We need to be both creative and judicious to ensure that today’s solutions don’t become tomorrow’s unexpected problems.


Facebook's Week of shame: the Cambridge Analytica Fallout

How the dam broke. (The Guardian)

A Short History of Facebook's Privacy Gaffes

The recent scandal may result in significant reimagining of how we share our information online, and what responsibility platforms have to protect their users' information. But, it's certainly not the first time users have questioned their trust in Facebook. (Wired)

The Facebook Privacy Setting That Doesn't Do Anything at All

It shouldn't be entirely surprising that users struggled to understand how each privacy setting worked. At times, so did Facebook. (Wired)

The Giant List of Shit Mark Zuckerberg Swears He'll Get Back to Congress on

Mark Zuckerberg did face some important questions during the congressional hearings. We're still waiting for answers on many of them. (Gizmodo)


Editor: Nathan Sheard, Grassroots Advocacy Organizer

EFFector is a publication of the Electronic Frontier Foundation.

Membership & donation queries:

General EFF, legal, policy, or online resources queries:

Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.

Back issues of EFFector

This newsletter is printed from 100% recycled electrons.

EFF appreciates your support and respects your privacy. Privacy Policy.

Unsubscribe or change your email preferences, or opt out of all EFF email

815 Eddy Street
San Francisco, CA 94109-7701
United States


EFF's 2nd Annual Tech Trivia Night in San Francisco, CA

Join us from 6 pm to 11 pm on April 26, for our second annual exploration of the fascinating, obscure, and trivial minutiae of digital security, online rights, and Internet culture. It's the ultimate technology quiz crafted by EFF experts and hosted by our very own Cooper Quintin.

EFF’s Tech Trivia Night is a great opportunity to gather with peers in the tech community AND support the crucial fight for online civil liberties.

Spaces are limited, so act fast and register now!

The Facebook Fiasco: What does it mean and what do we do?

The personal information of 87-million Facebook users was collected by a consulting firm called Cambridge Analytica.

How dangerous is this? What do we do about it? These are the questions many activists are now asking themselves. We want to talk about some answers in this latest Need to Know webinar from May First/People Link and the Progressive Technology Project on Thursday, April 19, at 12 pm PT / 2 pm CT / 3 pm ET.

Community Meeting About Surveillance in St. Louis, MO

On Wednesday, August 23, from 7 pm to 9 pm, join EFA ally Privacy Watch STL for a community meeting regarding Board Bill 66 and surveillance in St. Louis. We'll have a discussion regarding surveillance technology, how this technology affects St. Louis, and how you can take action.

20 Years of DMCA Shenanigans discussion hosted by README @ UCLA in Los Angeles, CA

A law intended to stop people from making off-brand DVD players now means that security researchers can't warn you about dangers from the cameras in your bedroom; that mechanics can't fix your car; and that your printer won't take third-party ink.

Every three years, the US Copyright Office holds hearings about proposed exceptions to this law. This is one of those years.

On April 24, at 6 pm, come and hear about what we showed and told the Copyright Office, and ask us questions about your freedom and the funny thing that happened to us all on the way to the twenty-first century.

Representation in the Age of Digital Consciousness

Join EFA ally EYEBEAM, at 6:30 pm ET on April 24, as they livestream a discussion about embodied artificial intelligence (androids) as representation, community generated storytellers, and the animated transmitters of culture.

Stanford Law Cybersecurity Symposium in Palo Alto, CA

EFF Staff Attorney Nate Cardozo will be in attendance for Stanford Technology Law Review and Stanford Policy & Law Review's Cybersecurity Symposium on Thursday, April 26, and Friday, April 27, at Stanford Law School in the Law Lounge.

LinuxFest Northwest in Bellingham, WA

LinuxFest Northwest is a free community event for people of all technical skill levels. On April 28th & 29th, stop by our table in the expo hall to talk about digital rights issues, or to sign up to become a member.

Job Opening: Member Outreach Assistant

We're looking for an energetic Member Outreach Assistant to support EFF's fundraising operations and help build relationships with our growing community.

EFF on
twitter facebook google plus