By Corey Moss

First – A Code Exploit and the Coder: The Question of Personal Data, Control and Privacy on Facebook After Scandal and Security Breach

Last Friday, after the Facebook security breach was made public, Senator Mark Warner (D-VA) had had enough.

“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users.” *

Warner, in a press release dated Sept. 28th, issued a stern reprimand to Facebook over Friday’s Security Update admittance that 50 million users had their access token stolen by a hacker, exploiting a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else.

A portion of what Warner stated:

The news that at least 50 million Facebook users had their accounts compromised is deeply concerning. A full investigation should be swiftly conducted and made public so that we can understand more about what happened. 

Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures.

Back in July, Warner published an expansive policy paper ** outlining where he believes regulation is necessary for social media companies. According to the policy paper, Warner proposed that companies holding large data sets be regulated as “information fiduciaries” with additional consequences for improper security. Warner also suggests requirements for data portability and interoperability that would allow users to export their personal information and use it elsewhere if they were unsatisfied with their treatment by a social media giant. He also recommends applying similar rules in the US to Europe’s GDPR including a requirement that breaches be disclosed within 72 hours of discovery.

Facebook actually did disclose the breach within that window.

Then came a followup on Friday from FTC Commissioner Rohit Chopra, who simply tweeted…

Mark Zuckerberg’s last post on his social media platform is from 9/28, and it begins:

I want to update you on an important security issue we’ve identified. We patched the issue last night and are taking precautionary measures for those who might have been affected. We’re still investigating, but I want to share what we’ve already found:

It goes on from there with findings and precautionary measures, then this:

We face constant attacks from people who want to take over accounts or steal information around the world. While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.

This is all of course true, though maybe too little too late for the Facebook CEO?

We’ve watched a happier Mark Zuckerberg dabble in the recent past with various forms of tech and “strategy” at Facebook (Workplace by Facebook being one to go along with the umpteen team collaboration applications), he also spent a heavy investment in time cloning some of the apps he considered competition – this to go with buying the competition as well (WhatsApp, Instagram).

One project/experiment of note included photo-realistic avatars, a new technology that uses a photo to map someone’s face into VR, sensors to detect facial expressions and movements for animation – all without the use of an Oculus headset. In essence, a VR-like replacement for the “human element” in a meeting or other type of get together.

According to TechCrunch:

These social VR experiences will fall flat without emotion that’s obscured by headsets or left out of static avatars. But if Facebook can port your facial expressions alongside your mug, VR could elicit similar emotions to being with someone in person. 

Back in late 2016 Facebook showed off technology called “VR emoji gestures,” adding emotions to avatars, letting users shake their fists to turn their avatar’s face mad, or shrug their shoulders to adopt a confused expression. I immediately thought it was pretty goofy when I first saw it (Zuckerberg was whooping it up in a presentation), like who would want to be represented as a humanesque VR whirling dervish in a meeting (or playing cards, etc.)?

Of course Zuckerberg and team, fascinated with VR and its potential, continued to work on perfecting technology to transport one to other places around the world. Here’s one of those examples from 2017 – Zuckerberg and Rachel (who he says runs the social virtual reality team at Facebook), both cartoon versions virtually teleporting into Puerto Rico, assessing some of the results of damaging hurricanes in a 360° video (that begins in an orb held by Zuckerberg) taken by NPR. He begins by talking about the upcoming Oculus Connect (OC) 4.

 

As they virtually asses the damage, he talks about the magic of virtual reality. The cartoon figures actually joke, chuckle, high five, talk about the suffering after the hurricanes’ aftermath – along with how Zuckerberg mentions that Facebook is focused on doing this type of thing, working with the Red Cross with AI and machine learning for relief efforts. What would no doubt become another long term experiment, which he admits Facebook tried to do a couple of times in the past. Finally Rachel talks about how crazy it is to feel like being there in the disaster zone, and after Zuckerberg asks her where she’d like to teleport next – and she says “yeah, maybe back to California?” And they chuckle again. Then they’re at OC3 in 2016. Then the moon.

Then Zuckerberg apologized for his tone-deaf VR cartoon tour of Puerto Rico devastation.

Possibly, in the grand scheme of things, Facebook executives and engineers could have convinced Zuckerberg that they had more important things to do, like paying attention to vital front-line social media platform development and engineering – along with staying focused to looking out for and fixing bugs perhaps? Especially in tools meant to improve the privacy of users??

Yes, above VR, AI and all, Facebook now has much bigger fish to fry – security and privacy of the platform – to go along with keeping the generations that are still users (Gen Z has already chosen Snapchat and Instagram over Facebook).

In terms of such wild side projects undertaken at Facebook, along with trying to acquire the social media world, these could well be main reasons for the mess at hand. Taking one’s eye off the ball, leading to potential daily Facebook user compromise?

Exactly.

James Foster, ZeroFox (social media security and digital risk monitoring company) CEO, in April talked about Facebook’s lack of security and strategy, discussing the company’s need to “right the ship” along with “is data ever safe.” This, to go with how a major enterprise tech company like Facebook does not have a CISO.

Watch: CNBC Video Security is not in Facebook’s DNA: ZeroFox CEO

“The hack is just another symptom of a bigger problem, which is that the company is not well managed,” Pivotal Research Group analyst Brian Wieser told USA TODAY.

“We see this recent security problem adding to already significant concerns about the company and its management,” CFRA analyst Scott Kessler wrote in a research note Monday.

I rest my case. Facebook is in trouble, Zuckerberg is dangerous (until they finally show him the door at Facebook), and one should be very careful about what they place on Facebook, and how they share.

Yet, the question of Congressional social media regulation is one for the books indeed.

This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before – the era of the Wild West in social media is over.”

Senator Warner stated this at the end of the press release.

Social media compared to the Wild West – in this day and age, Warner might just be on to something…

Header image CC0 Creative Commons via Pixabay

* Reuters Facebook says big breach exposed 50 million accounts to full takeover.

** Warner Policy Paper (which can be downloaded).

(Editors note: Here is the full press release Sen. Warner Responds to Facebook Hack).

Me at Barco

With over 20 years in audio visual integration and IT/computer sales and consulting, Corey Moss is the owner of Convergent AV. Corey writes for the publication and hosts/produces podcasts – The AV Life, The Collaboration Factor and Convergent Tech Talk. He has written for numerous industry publications about AV, IT, unified communications and collaboration (UCC), cloud and software, IoT, cybersecurity and more. He has also conducted interviews with AV and IT executives and global influencers. Find him talking about a whole lot of things, tech and otherwise. On LinkedIn https://www.linkedin.com/in/mosscorey/.