Social media and other tech companies are finally considering their approach to political ads and political content. In the past, Twitter and TikTok stated that they won’t host political ads, while Facebook defended the move in front of the US Congress.
“Given recent concerns and debates about political advertising, and the importance of shared trust in the democratic process, we want to improve voters’ confidence in the political ads they may see on our ad platforms,” Scott Spencer, VP, Product Management, Google Ads stated on the Google Blog on Wednesday.
The strategy will be tried out in the impending UK elections, the upcoming EU elections and in all other countries by January 6, 2020.
The newest entrant to this club is Google. The company, it seems, has finally put restraints on political ads targeting voters based on age, gender, and location. Advertisers will not get any access to users’ political leanings or their public voting records.
US Election 2020, Vote Rigging And Tampering
The US Presidential Election 2020 will be the testbed for political content on social media platforms and its effects on voting patterns. Google, Twitter and Facebook have all been accused of influencing the 2016 elections and held responsible for bringing President Donald Trump to power.
The effect of all such policies will only be known post this election. One thing is certain, whether tech companies abstain or get involved in political content, their effect on any election globally cannot be denied.
“Given recent concerns and debates about political advertising, and the importance of shared trust in the democratic process, we want to improve voters’ confidence in the political ads they may see on our ad platforms,” Scott Spencer, VP, Product Management, Google Ads stated on the Google Blog on Wednesday.
The strategy will be tried out in the impending UK elections, the upcoming EU elections and in all other countries by January 6, 2020.
While all tech companies are taking steps to stay away from politics, Facebook seems to be the odd one out. Facebook CEO Mark Zuckerberg defended political ads in front of the US Congress. However, even its subsidiary WhatsApp has not left things as they were.Related Stories
ZDNet reported on Thursday that WhatsApp banned nearly half a million accounts spreading misinformation in the Brazilian elections. Whether it impacted voting in any way is not yet known, but a massive crackdown on automated and bulk messaging was done. The interesting thing is that it was criticised by the winning party when it took the step.
Why hire ethical hackers and where to find them;Tristan Liverpool, Internet||
It’s no news that data breaches and cyberattacks are on the rise, with hacks becoming increasingly sophisticated. Businesses are struggling to keep up with rapidly shifting cybercriminal motivations, tactics and appetites for destruction.
The problem is exacerbated further by emerging technologies such as IoT, giving hackers new mechanisms and vehicles for attack. Organisations are also migrating data to the cloud frequently, moving large volumes of work data and applications in various deployment configurations, leaving swathes of unprotected data behind for hackers to exploit. So, what steps can companies take to avoid disruption?
To both understand and keep pace with evolving cybercriminal mindsets, many businesses are fighting fire with fire – in other words hiring hackers for help. In fact, large corporations such as Airbnb, PayPal and Spotify, recently revealed that they have willingly spent over £38M on ethical hackers to tighten their cyber defences and avoid crippling data breaches.
Image credit: Shutterstock
Ethical hackers can play a fundamental role in helping security teams consider every single possible attack vector when protecting applications. Whilst security architects have a wealth of knowledge on industry best practise, they often lack first-hand experience of how attackers perform reconnaissance, chain together multiple attacks or gain access to corporate networks.
Equipped with – one hopes – all the skills and cunning of their adversaries, the ethical hacker is legally permitted to exploit security networks and improve systems by fixing vulnerabilities found during the testing. They are also required to disclose all discovered vulnerabilities. While it may sound counter-intuitive to make use of hackers to help plan and test our cyber defences, the one thing they have in abundance is valuable, hands-on experience.
According to the 2019 Hacker Report, the white hat hacker community has doubled year over year. Last year, US$19 million was doled out in bounties, nearly matching the total paid to hackers in the previous six years combined. Eye-catchingly, the report also estimates that top earning ethical hackers can make up to forty times the median annual wage of a software engineer in their home country.
Image credit: Pexels
Where to hunt down ethical hackers
The most common method is a “bug bounty” scheme operating under strict terms and conditions. This way, any member of the public can search for and submit discovered vulnerabilities for a chance to earn a bounty. It can work well for publicly available services, such as websites or mobile apps. Rewards depend on the level of perceived risk once the affected organisation confirms the validity of its discovery.
Using crowdsourcing and paying incentives has obvious benefits. Hackers get reputational kudos and/or hard currency to showcase and test their skills in a very public forum. In exchange, the hiring organisation gains new dimensions of security smarts and perspectives.
Some businesses choose to hire hackers direct. Hands-on experience is key here. While it may sound counter-intuitive to make use of external hackers – some of which have a track record of criminal activity – the one thing they have in abundance is hands-on experience. At the end of the day, a hacker is a hacker. The only difference is what they do once a bug or vulnerability is found.
Ultimately, employing an ex-cybercriminal is a risky decision that should be made on a case-by-case basis. It is also worth noting that criminal background checks only help identify previous offenders – they lack context on how a person has changed. For example, it is unlikely that someone charged for a denial of service attack at a young age has mutated into an international career criminal. Indeed, some young offenders often go on to become well respected security consultants and industry thought-leaders.
Another fertile hunting ground for hackers could be closer to home. The best practitioners are curious, with a strong passion to deconstruct and reassemble. Businesses need to get better at harnessing the skills of those building their applications, code and network infrastructure. They may already know about vulnerabilities but have yet to report them as it isn’t part of their job description. This is a waste. Decision-makers need all the insight and help they can get, and there’s more of it out there than you think. Over the years, I’ve met many people at security workshops or capture the flag hacker events that have built products but claim to enjoy the process of ameliorative, intelligence-gathering hacking even more.
Finally, ethical hacking is also becoming increasingly formalised. Notable qualifications include Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or Global Information Assurance Certifications (GIAC). Naturally, many seasoned hackers will balk at such educative evolutions but watch this space. Ethical hacking is set to become more mainstream as perceptions and security-first business imperatives change.
Keep your friends close…
Although it seems perverse to hire hackers and ex-cybercriminals, it’s clear that they can bring invaluable, real-world knowledge to a range of security activities, including threat modelling and penetration testing. They may offer a perspective that others haven’t considered and can show businesses how to adapt to threats by giving insight into their tactics and motivations.
With more businesses taking this approach to cybersecurity, it’s important to keep a close eye on their activity to make sure that these hackers aren’t slipping into their old malicious ways and putting your business at serious risk.
Tristan Liverpool, System Engineering Director at F5 Networks
Keep your devices protected from the latest cyber threats with the best antivirus
Canada hits Zuckerberg with summons for failing to appear before parliament By Mathew Ingram
Facebook CEO Mark Zuckerberg has appeared before Congress in the past, to talk about the giant social network’s role in misinformation and election-meddling, but the number of times he has appeared before a government committee is vastly outweighed by the number of times he has declined to do so. The Facebook co-founder continued that streak by failing to appear in Canada this week before an international committee that is looking into Facebook’s status as a conduit for misinformation. His second-in-command, Sheryl Sandberg, also refused to attend. As a result, the Canadian government issued an open-ended summons that requires both Zuckerberg and Sandberg to appear before Parliament should they enter Canada for any reason. If they fail to do so, they could be held in contempt.
A vote calling for Mark Zuckerberg to stand down as Facebook’s chairman is expected to take place at the company’s annual general meeting on Thursday
“He’s holding down two full-time jobs in one of the most high-profile companies in the world right now. And if he can focus on being the CEO, and let somebody else focus on being independent board chair, that would be a much better situation,” said Jonas Kron, senior vice-president at Trillium.
Mark Zuckerberg is impossible to profile. He’s a narrative anti-catalyst, who takes all the elements of a fantastic story, and renders them lifeless, probably on purpose.
Even if this did come to pass, however (which would require a vote in the House of Commons), a citation for contempt doesn’t really bring with it any kind of practical sanctions. Parliament can theoretically jail someone if they are found in contempt, but this is extremely rare, which makes it mostly a formality. This week also isn’t the first time Zuckerberg has been hit with a summons: he was given one by both the UK government and the Canadian government last year, when the two started investigating the fallout from the Cambridge Analytica data scandal. The Facebook co-founder didn’t appear in either country (no contempt citations were issued). In essence, the summons and the threat of contempt are a way for the Canadian and UK governments to show how important they believe it is for the CEO of the company to appear before them, but there’s no real practical way for them to force him to do so.
The joint summons last year came as the UK, Canada, and a number of other nations were forming what they are calling an “international grand committee” to investigate the responsibility not just of Facebook but also other tech platforms such as Google, Twitter, and Amazon to address privacy and misinformation. The hearing Zuckerberg and Sandberg refused to appear at in Ottawa, the Canadian capital, was the second meeting of this grand committee. Instead of the two senior executives, the members of the committee heard fromFacebook’s policy head for Canada, Kevin Chan, as well as Neil Potts, global policy director. The appearance of the latter seemed to upset committee co-chair Bob Zimmer, a Canadian MP, who grumbled that Potts doesn’t even appear in a list of the top 100 most important Facebook executives.
In addition to representatives from Facebook, Twitter, and Google, the committee also heard testimony from a number of experts in technology and social networking, including former Research In Motion CEO Jim Balsillie, as well as Roger McNamee, a prominent Silicon Valley venture capitalist who was an early mentor to Zuckerberg and made billions of dollars by investing before Facebook went public. McNamee has since changed his mind about the company, which he refers to as “the biggest problem we have for democracy,” and has written a book about how he believes the company is changing society and human behavior for the worse (Facebook has responded to McNamee’s criticisms by saying it has “fundamentally changed how we operate” to protect the safety of users, and that McNamee “hasn’t been involved with Facebook for a decade”). Balsillie, meanwhile, told the committee that “data is not the new oil, it’s the new plutonium: amazingly powerful, dangerous when it spreads, difficult to clean up and with serious consequences when improperly used.”
Facebook and Google both signed a declaration in advance of the Ottawa hearings, saying that they would do their best to protect the integrity of the upcoming Canadian elections (Twitter didn’t sign). But Facebook has also stuck to its guns on the way it currently handles misinformation: for example, the company said that it won’t commit to removing false reports or “fake news” about the elections or the various campaigns. That’s similar to the approach the social network took with doctored videos of US Speaker of the House Nancy Pelosi, which were modified to make it appear that she was drunk or senile. It didn’t take the videos down, but said it would prevent them from showing up as highly in the News Feed and added a note that they were “the subject of further reporting,” a decision that was widely criticized.
Don Jr accuses Instagram of Anti-Trump conspiracy, campaign//Crimson Tazvinzwa
ROME (Reuters) – Accounts tagged ‘hatetrump’ and ‘ihatetrump’ are part of a coordinated campaign to undermine U.S. President Donald Trump that has emerged on social media site Instagram, an independent study has revealed.
The photo-sharing app Instagram, which is owned by Facebook, said it was investigating the report and had already removed some of the profiles it highlighted.
Malign online attacks against Trump’s opponents have been well documented, most notably in the 2016 presidential election campaign, when Russian trolls allegedly flooded social media sites to undermine the Democratic challenger Hillary Clinton.
Italian analytics firm Ghost Data says here the U.S. president is now facing similar illicit tactics, albeit on a limited scale, with false profiles being created and coordinated online attacks organised to spread a virulent anti-Trump message.
“We have uncovered a small operation that is very likely part of something bigger,” said Andrea Stroppa, the head of research at Ghost Data, which has previously published reports on online counterfeiting and malicious botnets.
Mark Zuckerberg leveraged Facebook user data, leaked documents show
For example, Facebook gave Amazon extended access to user data because it was spending money on Facebook advertising and partnering with the social network on the launch of its Fire smartphone. In another case, Facebook discussed cutting off access to user data for a messaging app that had grown too popular and was viewed as a competitor, according to the documents.
All the while, Facebook was formulating a strategy to publicly frame these moves as a way of protecting user privacy.
Private communication between users is “increasingly important,” Zuckerberg said in a 2014 New York Times interview. “Anything we can do that makes people feel more comfortable is really good.”
But the documents show that behind the scenes, in contrast with Facebook’s public statements, the company came up with several ways to require third-party applications to compensate Facebook for access to its users’ data, including direct payment, advertising spending and data-sharing arrangements. While it’s not unusual for businesses that are working together to share information about their customers, Facebook has access to sensitive data that many other companies don’t possess.
Facebook ultimately decided not to sell the data directly but rather to dole it out to app developers who were considered personal “friends” of Zuckerberg or who spent money on Facebook and shared their own valuable data, the documents show.
Facebook denied that it gave preferential treatment to developers or partners because of their ad spending or relationship with executives. The company has not been accused of breaking the law.
A man poses for photos in front of the Facebook sign on the company’s campus in Menlo Park, California, in 2014.Jeff Chiu / AP file
About 400 of the 4,000 pages of documents have previously been reported by other media outlets, and also by a member of the British Parliament who has been investigating Facebook’s data privacy practices in the wake of the Cambridge Analytica scandal. However, this cache represents the clearest and most comprehensive picture of Facebook’s activities during a critical period as the company struggled to adapt to the rise of smartphones following its rocky debut as a public company.
The thousands of newly shared documents were anonymously leaked to the British investigative journalist Duncan Campbell, who shared them with a handful of media organizations: NBC News, Computer Weekly and Süddeutsche Zeitung. Campbell, a founding member of the International Consortium of Investigative Journalists, is a computer forensics expert who has worked on international investigations including on offshore banking and big tobacco. The documents appear to be the same ones obtained by Parliament in late 2018 as part of an investigation into Facebook. Facebook did not question the authenticity of the documents NBC News obtained.
The documents stem from a California court case between the social network and the little-known startup Six4Three, which sued Facebook in 2015 after the company announced plans to cut off access to some types of user data. Six4Three’s app, Pikinis, which soft-launched in 2013, relied on that data to allow users to easily find photos of their friends in bathing suits.
Facebook has acknowledged that it considered charging for access to user data. But Facebook has challenged the significance of those discussions, telling the Wall Street Journal last year and NBC News this month that the company was merely mulling various business models.
Facebook has also repeatedly said that the documents had been “cherry-picked” and were misleading. Facebook reiterated this stance when NBC News contacted the social media company for comment on the newly leaked documents.
“As we’ve said many times, Six4Three — creators of the Pikinis app — cherry picked these documents from years ago as part of a lawsuit to force Facebook to share information on friends of the app’s users,” Paul Grewal, vice president and deputy general counsel at Facebook, said in a statement released by the company.
“The set of documents, by design, tells only one side of the story and omits important context. We still stand by the platform changes we made in 2014/2015 to prevent people from sharing their friends’ information with developers like the creators of Pikinis. The documents were selectively leaked as part of what the court found was evidence of a crime or fraud to publish some, but not all, of the internal discussions at Facebook at the time of our platform changes. But the facts are clear: we’ve never sold people’s data.”
NBC News has not been able to determine whether the documents represent a complete picture. Facebook declined to provide additional evidence to support the claim of cherry-picking.
Still, these freshly leaked documents show that the plans to sell access to user data were discussed for years and received support from Facebook’s most senior executives, including Zuckerberg, chief operating officer Sheryl Sandberg, chief product officer Chris Cox and VP of growth Javier Olivan. Facebook declined to make them available for comment.
After NBC News contacted Facebook for comment, Facebook’s lawyers wrote to the judge in the Six4Three case, claiming that Six4Three had leaked the documents to a “national broadcast network” and seeking to depose Six4Three’s founders. NBC News received the documents from Campbell, who received them from an anonymous source. Six4Three denied leaking the documents.
When Facebook ultimately cut off broad access to user data in 2015, the move contributed to the decline of thousands of competitors and small businesses that relied on what Facebook had previously described as a “level-playing field” in terms of access to data. In addition to Pikinis, the casualties included Lulu, an app that let women rate the men they dated; an identity fraud-detecting app called Beehive ID; and Swedish breast cancer awareness app Rosa Bandet (Pink Ribbon).
The strategy orchestrated by Zuckerberg had some of his employees comparing the company to villains from Game of Thrones, while David Poll, a senior engineer, called the treatment of outside app developers “sort of unethical,” according to the documents. But Zuckerberg’s approach also earned admiration: Doug Purdy, Facebook’s director of product, described the CEO as a “master of leverage,” according to the documents.
Facebook declined to comment on these employee communications.
A PRIVACY MYTH
One of the most striking threads to emerge from the documents is the way that Facebook user data was horse-traded to squeeze money or shared data from app developers.
In the wake of the Cambridge Analytica scandal in early 2018 and raising awareness of the Six4Three case, Facebook has attempted to frame changes it made to its platform in 2014 and 2015 as being driven by concerns over user privacy. In statements to media organizations, Facebook has said it locked down its platform to protect users from companies that mishandled user data, such as Cambridge Analytica, as well as apps that spammed users’ news feeds or were creepy, such as Six4Three’s bikini-spotting app Pikinis.
However, among the documents leaked, there’s very little evidence that privacy was a major concern of Facebook’s, and the issue was rarely discussed in the thousands of pages of emails and meeting summaries. Where privacy is mentioned, it is often in the context of how Facebook can use it as a public relations strategy to soften the blow of the sweeping changes to developers’ access to user data. The documents include several examples suggesting that these changes were designed to cement Facebook’s power in the marketplace, not to protect users.
In Six4Three’s case, for example, Facebook’s head of policy Allison Hendrix acknowledged in a June 2017 deposition obtained by NBC News that the social network never received any complaints about the Pikinis app, nor did Facebook send Six4Three any policy or privacy violation notices. Six4Three, Hendrix confirmed, was playing within the rules Facebook had set for developers.
Despite this, Six4Three’s access to data, specifically access to a user’s friends’ photos, was cut off in April 2015 as part of sweeping changes to Facebook’s platform announced a year earlier, which affected as many as 40,000 apps. Six4Three shut down the app soon afterward.
Ted Kramer, founder of Six4Three.Peter DaSilva / for NBC News
“Our case is about Zuckerberg’s decision to weaponize the reliance of companies on his purportedly neutral platform and to weaponize the private and sensitive data of billions of people,” said Six4Three founder Ted Kramer.
A TURNING POINT FOR FACEBOOK
Facebook recognized early on that working with third-party app developers could help make the social network more interesting and drive the platform’s expansion. Beginning in early 2010, Facebook created tools that allowed the makers of games (remember Farmville?) and other apps to connect with its audience in return for ensuring those users spent more time on Facebook.
Facebook achieved this through its “Graph API” (Application Programming Interface), a common means to allow software programs to interact with each other. In Facebook’s case, this meant that third-party apps such as games could post updates on people’s profiles, which would be seen by players’ friends and potentially encourage them to play, too. Beyond that, it allowed the makers of those games to access a slew of data from Facebook users, including their connections to friends, likes, locations, updates, photos and more.
The Graph API — and particularly the way it let third parties promote their products to and extract data from a user’s social connections — was a key feature of Facebook that Six4Three and thousands of other companies relied upon for viral marketing and user growth.
However, after a few years, Facebook decided the app developers were getting more value from the user data they extracted from Facebook than Facebook was getting out of the app developers, the documents show.
After Facebook went public in May 2012, its stock price plummeted, which Zuckerberg later characterized as “disappointing.” The company was in a desperate position, documents show, with users sharing fewer photos and posts on the platform as they spent more time on their cellphones. An internal Facebook presentation looking back at this period used the phrase “terminal decline” to describe the fall in engagement.
Facebook executives, including Zuckerberg and Sandberg, spent months brainstorming ways to turn the company around. An idea that they kept returning to: make money from the app partners, by charging them for access to Facebook’s users and their data.
‘SELL DATA FOR $”
Several proposals for charging developers for access to Facebook’s platform and data were put forward in a presentation to the company’s board of directors, according to emails and draft slides from late August 2012.
Among the suggestions: a fixed annual fee for developers for reviewing their apps; an access fee for apps that requested user data; and a charge for “premium” access to data, such as a user trust score or a ranking of the strongest relationships between users and their friends.
“Today the fundamental trade is ‘data for distribution’ whereas we want to change it to either ‘data for $’ and/or ‘$ for distribution,’” Chris Daniels, a Facebook business development director, wrote in an August 2012 email to other top leaders in the company discussing the upcoming presentation.
Discussions continued through October, when Zuckerberg explained to close friend Sam Lessin the importance of controlling third-party apps’ ability to access Facebook’s data and reach people’s friends on the platform. Without that leverage, “I don’t think we have any way to get developers to pay us at all,” Zuckerberg wrote in an email to Lessin.
In the same week, Zuckerberg floated the idea of pursuing 100 deals with developers “as a path to figuring out the real market value” of Facebook user data and then “setting a public rate” for developers.
“The goal here wouldn’t be the deals themselves, but that through the process of negotiating with them we’d learn what developers would actually pay (which might be different from what they’d say if we just asked them about the value), and then we’d be better informed on our path to set a public rate,” Zuckerberg wrote in a chat.
Facebook told NBC News that it was exploring ways to build a sustainable business, but ultimately decided not to go forward with these plans.
“I just can’t think of any instances where that data has leaked from developer to developer and caused a real issue for us.”
Zuckerberg was unfazed by the potential privacy risks associated with Facebook’s data-sharing arrangements.
“I’m generally skeptical that there is as much data leak strategic risk as you think,” he wrote in the email to Lessin. “I think we leak info to developers but I just can’t think of any instances where that data has leaked from developer to developer and caused a real issue for us.”
Facebook told NBC News that this was an example of a cherry-picked email designed to bolster Six4Three’s case.
Zuckerberg didn’t know it at the time, but a privacy bug affecting an unnamed third-party app would create precisely this kind of strategic risk the following year, according to a panicked chatlog between Michael Vernal, who was director of engineering, and other senior employees.
It’s not clear exactly what happened or which app was involved, but it appears that Zuckerberg’s private communications could have leaked from Facebook to the external app in an unexpected way.
Vernal said that it “could have been near-fatal for Facebook platform” if “Mark had accidentally disclosed earnings ahead of time because a platform app violated his privacy.”
“Holy crap,” replied Avichal Garg, then director of product management.
“DO NOT REPEAT THIS STORY OFF OF THIS THREAD,” added Vernal. “I can’t tell you how terrible this would have been for all of us had this not been caught quickly.”
Vernal and Garg did not respond to requests for comment.
‘GOOD FOR THE WORLD’ BUT NOT ‘GOOD FOR US’
In late November 2012, Zuckerberg sent a long email to Facebook’s senior leadership team saying that Facebook shouldn’t charge developers for access to basic data feeds. However, he said that access to Facebook data should be contingent on the developers sharing all of the “social content” generated by their apps back to Facebook, something Zuckerberg calls “full reciprocity.”
The existing arrangement, where developers weren’t required to share their data back with Facebook, might be “good for the world” but it’s not “good for us,” Zuckerberg wrote in the email.
He noted that though Facebook could charge developers to access user data, the company stood to benefit more from requiring developers to compensate Facebook in kind — with their own data — and by pushing those developers to pay for advertising on Facebook’s platform.
