FourWays to Fix Facebook
This story was co-published with The Atlantic.
 |
| For more cartoons by Ted Rall, CLICK HERE. |
But the room fell silent when “Facebook” was proclaimed — and the silence was punctuated by scattered boos and groans.
These days, it seems the only bipartisan agreement in Washington
is to hate Facebook. Democrats blame the social network for costing them the
presidential election.
Republicans loathe Silicon Valley billionaires like Facebook founder and CEO Mark Zuckerberg for their liberal leanings. Even many tech executives, boosters and acolytes can’t hide their disappointment and recriminations.
Republicans loathe Silicon Valley billionaires like Facebook founder and CEO Mark Zuckerberg for their liberal leanings. Even many tech executives, boosters and acolytes can’t hide their disappointment and recriminations.
The tipping point appears to have been the recent revelation that a voter-profiling outfit working
with the Trump campaign, Cambridge Analytica, had obtained data on 87 million Facebook users without their
knowledge or consent.
News of the breach came after a difficult year in which, among other things, Facebook admitted that it allowed Russians to buy political ads, advertisers to discriminate by race and age, hate groups to spread vile epithets, and hucksters to promote fake news on its platform.
News of the breach came after a difficult year in which, among other things, Facebook admitted that it allowed Russians to buy political ads, advertisers to discriminate by race and age, hate groups to spread vile epithets, and hucksters to promote fake news on its platform.
Over the years, Congress and federal regulators have largely
left Facebook to police itself. Now, lawmakers around the world are calling for
it to be regulated.
The Federal Trade Commission is investigating whether Facebook violated its 2011 settlement agreement with the agency. Zuckerberg himself suggested, in a CNN interview, that perhaps Facebook should be regulated by the government.
The Federal Trade Commission is investigating whether Facebook violated its 2011 settlement agreement with the agency. Zuckerberg himself suggested, in a CNN interview, that perhaps Facebook should be regulated by the government.
The regulatory fever is so strong that even Peter Swire, a privacy law professor at Georgia Institute of Technology who testified last year in an Irish court on behalf of Facebook, recently laid out the legal case for why Google and Facebook might be regulated as public utilities.
Both companies, he argued, satisfy the traditional criteria for utility regulation: They have large market share, are natural monopolies, and are difficult for customers to do without.
While the political momentum may not be strong enough right now
for something as drastic as that, many in Washington are trying to envision
what regulating Facebook would look like. After all, the solutions are not
obvious. The world has never tried to rein in a global network with 2 billion
users that is built on fast-moving technology and evolving data practices.
I talked to numerous experts about the ideas bubbling up in
Washington. They identified four concrete, practical reforms that could address
some of Facebook’s main problems. None are specific to Facebook alone;
potentially, they could be applied to all social media and the tech industry.
1.
Impose Fines for Data Breaches
The Cambridge Analytica data loss was the result of a breach of
contract, rather than a technical breach in which a company gets hacked. But
either way, it’s far too common for institutions to lose customers’ data — and
they rarely suffer significant financial consequences for the loss.
In the United States, companies are only required to notify people if their data has been breached in certain states and under certain circumstances — and regulators rarely have the authority to penalize companies that lose personal data.
In the United States, companies are only required to notify people if their data has been breached in certain states and under certain circumstances — and regulators rarely have the authority to penalize companies that lose personal data.
Consider the Federal Trade Commission, which is the primary
agency that regulates internet companies these days. The FTC doesn’t have the
authority to demand civil penalties for most data breaches. (There are
exceptions for violations of children’s privacy and a few other offenses.)
Typically, the FTC can only impose penalties if a company has violated a
previous agreement with the agency.
That means Facebook may well face a fine for the Cambridge
Analytica breach, assuming the FTC can show that the social network violated a
2011 settlement with the agency.
In that settlement, the FTC charged Facebook with eight counts of unfair and deceptive behavior, including allowing outside apps to access data that they didn’t need — which is what Cambridge Analytica reportedly did years later. The settlement carried no financial penalties but included a clause stating that Facebook could face fines of $16,000 per violation per day.
In that settlement, the FTC charged Facebook with eight counts of unfair and deceptive behavior, including allowing outside apps to access data that they didn’t need — which is what Cambridge Analytica reportedly did years later. The settlement carried no financial penalties but included a clause stating that Facebook could face fines of $16,000 per violation per day.
David Vladeck, former FTC director of consumer protection, who
crafted the 2011 settlement with Facebook, said he believes Facebook’s actions
in the Cambridge Analytica episode violated the agreement on multiple counts.
“I predict that if the FTC concludes that Facebook violated the consent decree,
there will be a heavy civil penalty that could well be in the amount of $1
billion or more,” he said.
Facebook maintains it has abided by the agreement. “Facebook
rejects any suggestion that it violated the consent decree,” spokesman Andy
Stone said. “We respected the privacy settings that people had in place.”
If a fine had been levied at the time of the settlement, it
might well have served as a stronger deterrent against any future breaches.
Daniel J. Weitzner, who served in the White House as the deputy chief
technology officer at the time of the Facebook settlement, says that technology
should be policed by something similar to the Department of Justice’s environmental crimes unit.
The unit has levied hundreds of millions of dollars in fines. Under previous administrations, it filed felony charges against people for such crimes as dumping raw sewage or killing a bald eagle. Some ended up sentenced to prison.
The unit has levied hundreds of millions of dollars in fines. Under previous administrations, it filed felony charges against people for such crimes as dumping raw sewage or killing a bald eagle. Some ended up sentenced to prison.
“We know how to do serious law enforcement when we think there’s
a real priority and we haven’t gotten there yet when it comes to privacy,”
Weitzner said.
2.
Police Political Advertising
Last year, Facebook disclosed that it had inadvertently accepted thousands of advertisements that were
placed by a Russian disinformation operation — in possible violation of laws
that restrict foreign involvement in U.S. elections.
FBI special prosecutor Robert Mueller has charged 13 Russians who worked for an internet disinformation organization with conspiring to defraud the United States, but it seems unlikely that Russia will compel them to face trial in the U.S.
FBI special prosecutor Robert Mueller has charged 13 Russians who worked for an internet disinformation organization with conspiring to defraud the United States, but it seems unlikely that Russia will compel them to face trial in the U.S.
Facebook has said it will introduce a new regime of advertising transparency later this
year, which will require political advertisers to submit a government-issued ID
and to have an authentic mailing address. It said political advertisers will
also have to disclose which candidate or organization they represent and that
all election ads will be displayed in a public archive.
But Ann Ravel, a former commissioner at the Federal Election
Commission, says that more could be done. While she was at the commission, she
urged it to consider what it could do to make internet advertising contain as
much disclosure as broadcast and print ads. “Do we want Vladimir Putin or drug
cartels to be influencing American elections?” she presciently asked at a 2015 commission meeting.
However, the election commission — which is often deadlocked
between its evenly split Democratic and Republican commissioners — has not yet
ruled on new disclosure rules for internet advertising.
Even if it does pass such a rule, the commission’s definition of election advertising is so narrow that many of the ads placed by the Russians may not have qualified for scrutiny. It’s limited to ads that mention a federal candidate and appear within 60 days prior to a general election or 30 days prior to a primary.
Even if it does pass such a rule, the commission’s definition of election advertising is so narrow that many of the ads placed by the Russians may not have qualified for scrutiny. It’s limited to ads that mention a federal candidate and appear within 60 days prior to a general election or 30 days prior to a primary.
This definition, Ravel said, is not going to catch new forms of
election interference, such as ads placed months before an election, or the
practice of paying individuals or bots to spread a message that doesn’t
identify a candidate and looks like authentic communications rather than ads.
To combat this type of interference, Ravel said, the current definition of election advertising needs
to be broadened. The FEC, she suggested, should establish “a multi-faceted
test” to determine whether certain communications should count as election
advertisements. For instance, communications could be examined for their
intent, and whether they were paid for in a nontraditional way — such as
through an automated bot network.
And to help the tech companies find suspect communications, she
suggested setting up an enforcement arm similar to the Treasury
Department’s Financial
Crimes Enforcement Network, known as FinCEN. FinCEN combats money
laundering by investigating suspicious account transactions reported by
financial institutions. Ravel said that a similar enforcement arm that would
work with tech companies would help the FEC.
“The platforms could turn over lots of communications and the
investigative agency could then examine them to determine if they are from
prohibited sources,” she said.
3.
Make Tech Companies Liable for Objectionable Content
Last year, ProPublica found that Facebook was allowing
advertisers to buy discriminatory ads, including ads targeting people who
identified themselves as “Jew-haters,” and ads for housing and employment that
excluded audiences based on race, age and other protected characteristics under
civil rights laws.
Facebook has claimed that it has immunity against liability for
such discrimination under section 230 of the 1996 federal Communications
Decency Act, which protects online publishers from liability for third-party
content.
“Advertisers, not Facebook, are responsible for both the content
of their ads and what targeting criteria to use, if any,” Facebook stated in
legal filings in a federal case in California challenging Facebook’s use of
racial exclusions in ad targeting.
After being contacted by ProPublica, Facebook removed several
anti-Semitic ad categories and promised to improve monitoring.
But sentiment is growing in Washington to interpret the law more
narrowly. Last month, the House of Representatives passed a bill that carves out an exemption in the
law, making websites liable if they aid and abet sex trafficking. Despite
fierce opposition by many tech advocates, a version of the bill has already
passed the Senate.
And many staunch defenders of the tech industry have started to
suggest that more exceptions to section 230 may be needed. In November, Harvard
Law professor Jonathan Zittrain wrote an article rethinking his previous support for the
law and declared it has become, in effect, “a subsidy” for the tech giants, who
don’t bear the costs of ensuring the content they publish is accurate and fair.
“Any honest account must acknowledge the collateral damage it
has permitted to be visited upon real people whose reputations, privacy, and
dignity have been hurt in ways that defy redress,” Zittrain wrote.
In a December 2017 paper titled “The Internet Will Not Break: Denying Bad Samaritans 230 Immunity,”
University of Maryland law professors Danielle Citron and Benjamin Wittes argue
that the law should be amended — either through legislation or judicial
interpretation — to deny immunity to technology companies that enable and host
illegal content.
“The time is now to go back and revise the words of the statute
to make clear that it only provides shelter if you take reasonable steps to
address illegal activity that you know about,” Citron said in an interview.
4.
Install Ethics Review Boards
Cambridge Analytica obtained its data on Facebook users by
paying a psychology professor to build a Facebook personality quiz. When 270,000
Facebook users took the quiz, the researcher was able to obtain data about them
and all of their Facebook friends — or about 50 million people altogether.
(Facebook later ended the ability for quizzes and other apps to pull data on
users’ friends.)
Cambridge Analytica then used the data to build a model
predicting the psychology of those people, on metrics such as “neuroticism,”
political views and extroversion. It then offered that information to political
consultants, including those working for the Trump campaign.
The company claimed that it had enough information about
people’s psychological vulnerabilities that it could effectively target ads to
them that would sway their political opinions. It is not clear whether the
company actually achieved its desired effect.
But there is no question that people can be swayed by online
content. In a controversial 2014 study, Facebook tested whether it
could manipulate the emotions of its users by filling some
users’ news feeds with only positive news and other users’ feeds with only
negative news. The study found that Facebook could indeed manipulate feelings —
and sparked outrage from Facebook users and others who claimed it was unethical
to experiment on them without their consent.
Such studies, if conducted by a professor on a college campus,
would require approval from an institutional review board, or IRB, overseeing
experiments on human subjects. But there is no such standard online. The usual
practice is that a company’s terms of service contain a blanket statement of
consent that users never read or agree to.
James Grimmelman, a law professor and computer scientist, argued in a 2015 paper that the technology
companies should stop burying consent forms in their fine print. Instead, he
wrote, “they should seek enthusiastic consent from users, making them into
valued partners who feel they have a stake in the research.”
Such a consent process could be overseen by an independent
ethics review board, based on the university model, which would also review
research proposals and ensure that people’s private information isn’t shared
with brokers like Cambridge Analytica.
“I think if we are in the business of requiring IRBs for
academics,” Grimmelman said in an interview, “we should ask for appropriate
supervisions for companies doing research.”
Julia Angwin is a senior reporter at ProPublica. From 2000 to 2013,
she was a reporter at The Wall Street Journal, where she led a privacy
investigative team that was a finalist for a Pulitzer Prize in Explanatory
Reporting in 2011 and won a Gerald Loeb Award in 2010.
