Breaches

It’s important to note that the breach of the FB T&C that led to this particular issue is different than the normal building of a User Profile through data collection that typically occurs.

The gist of what happened here was a bait-and-switch mechanism where users who decided to play an on-line quiz game provided a vast amount of information to the quiz creator who was using the behaviors in the quiz along with the user information to create a psychographic User Profile. Those User Profiles were then provided to another company that utilized the information in the User Profiles in a way different than the original information collected was intended. The release of the User Profile information itself AND then then reuse of that information for things beyond it’s original user approved intent are BOTH separate breaches of the FB Dev T&C. Additionally, it should be notable that after the data was collected under one set of terms the FB Dev T&C did change and retroactively was supposed to eliminate the continued use of some data and require it’s purging. It’s unclear if the previously collected data that became unusable was actually leveraged or not (the company says it was not, but there’s no way of trusting if that’s true). Furthermore, the actual uses of the repurpose data may also have been in breach of the FB Advertiser T&C as well, depending on the interpretation of those Terms, so it seems.

FB then found out about the contractual breach and the misuse of FB data and was initially neglegent in dealing with it. What’s more, FB’s advertising team was working with the company that possessed the illgotten data, providing assistance on the ad platform even with some of the questionable ways it was being used.

So, Sally & Rob while it is true that Facebook and other major services do build extremely complex user profiles and users may not always understand what they have opted into (by choice of not caring, by ignorance of what it means, or by some other mechanism) this process has been going on for decades and is nothing new. (By way of an old skool example loyalty cards from the grocery store possess a huge amount of information on your shopping behaviors that is linked to a great deal of other things you probably didn’t realize). However, an extensive abuse of mined data through a Terms of Service breach is something we’ve not really ever experienced at this scale before. It isn’t necessarily a surprise given the nature of Developer T&C at FB were pretty lax to begin with, as are to a lesser degree the Advertiser T&Cs. Breaches occur all the time either accidentally from people who don’t fully comprehend what the terms are OR what they are doing, but we’ve also always experienced some level of poison players who play in the grey areas of contracts, of governmental regulations, etc. as well as those who actively breach contracts and break the law knowing that the value of their actions is more than the punishment they might receive.

Do you have a credit card? Great, you have a profile that contains vast amounts of information regarding your shopping and payment habits together with a tonne of other information about who you are. Loyalty card for the grocery or other store? Yeah, there’s another documentation. Cable? Another. Any type of communications device? Another. In areas where Toll Payment systems are automated through privitization? Potentially another. And connecting all of this information together isn’t that difficult. Furthermore, it’s not even just about the raw information, it’s about how it can be organized. The raw data can be segmented but that’s pretty low level. Where there is value is in being able to use the collected data to predict and make assumptions about how consumers in a particular cohort might behave. The more data points not just about you but about all the aspects of the data set the greater possibility the predictions will be correct.

interestingly enough, there’s an anomaly that can occur where using it for your personal life could have implications on your business. Not that it is happening in your situation but it’s been noted by several publications that it can occur.

For example, Facebook’s “People You Know” algorithm is proprietary, as well as being “self-learning,” so no one knows exactly what aspects of your user profile go into matching you to other people and what weight each of those aspects has.

However, it’s apparent that some form of location plays some role in the suggestions. The theoretical basis for this is that if you and someone else both frequent a particular area where there’s a Coffee Shop you may know one another and benefit from the connection. FB might know this because you’re logged into the app and the app is looking at your device location data in the background and not even that you “Checked In” to the location or “At Handled” the business or even “Liked” the business page (although those help too).

Now, imagine it’s not a coffee shop but, perhaps, your Therapist’s office. The recommendation engine could potentially suggest you be friends with other patients of your therapist, or recommend your therapist an their staff, or possibly recommend people who frequent other offices at that same physical location. The engine doesn’t know it’s a private doctor’s practice, it just knows that on a certain schedule you are there regularly and these other people are there regularly so like the Coffee Shop you might have something in common to benefit being friends with. All of a sudden your private interaction with your Therapist becomes somewhat “public” since the recommender works both ways, not only are you seeing these people but they are also seeing you.

The walled garden you thought you had between some aspects of your personal life and other aspects of your so-called Facebook life are suddenly breached. And, right now in this one example, it’s only reliant on the People You Know engine. There’s a whole host of potential examples of how this simple piece of background information along with other aspects of your user profile could be used for other features within Facebook — most obviously the Advertising Engine.

Again, I’ll emphasize that this is a known occurrence that’s been reported on by not just big tech mags but other traditional investigative news paper reporting. It doesn’t mean that it happens to you specifically either in the way that I described as a general example or in other ways not covered here that you might come across. But, it just goes to demonstrating that we might not realize how our information is being collected and processed and used back to us. FB is hardly the only company to have location data, it’s been a core component of user profiles dating back, again, to things like loyalty cards.

interestingly enough, there’s an anomaly that can occur where using it for your personal life could have implications on your business. Not that it is happening in your situation but it’s been noted by several publications that it can occur.

For example, Facebook’s “People You Know” algorithm is proprietary, as well as being “self-learning,” so no one knows exactly what aspects of your user profile go into matching you to other people and what weight each of those aspects has.

However, it’s apparent that some form of location plays some role in the suggestions. The theoretical basis for this is that if you and someone else both frequent a particular area where there’s a Coffee Shop you may know one another and benefit from the connection. FB might know this because you’re logged into the app and the app is looking at your device location data in the background and not even that you “Checked In” to the location or “At Handled” the business or even “Liked” the business page (although those help too).

Now, imagine it’s not a coffee shop but, perhaps, your Therapist’s office. The recommendation engine could potentially suggest you be friends with other patients of your therapist, or recommend your therapist an their staff, or possibly recommend people who frequent other offices at that same physical location. The engine doesn’t know it’s a private doctor’s practice, it just knows that on a certain schedule you are there regularly and these other people are there regularly so like the Coffee Shop you might have something in common to benefit being friends with. All of a sudden your private interaction with your Therapist becomes somewhat “public” since the recommender works both ways, not only are you seeing these people but they are also seeing you.

The walled garden you thought you had between some aspects of your personal life and other aspects of your so-called Facebook life are suddenly breached. And, right now in this one example, it’s only reliant on the People You Know engine. There’s a whole host of potential examples of how this simple piece of background information along with other aspects of your user profile could be used for other features within Facebook — most obviously the Advertising Engine.

Again, I’ll emphasize that this is a known occurrence that’s been reported on by not just big tech mags but other traditional investigative news paper reporting. It doesn’t mean that it happens to you specifically either in the way that I described as a general example or in other ways not covered here that you might come across. But, it just goes to demonstrating that we might not realize how our information is being collected and processed and used back to us. FB is hardly the only company to have location data, it’s been a core component of user profiles dating back, again, to things like loyalty cards.

Marketers have been doing it for decades. Political organizations not quite as long but they too connect it. Modern tech companies are simply doing the same things only in some cases eliminating the middle men of having to broadly connect these various sources by having you “voluntarily” pool it all together for them inside their platform. If you use the internet, particularly if you have to log in, your Profile is being developed. Sometimes it’s to make the technology run more efficiently and effectively. Sometimes it is to make money for the platform owner. Sometimes it is used nefariously for other reasons. And, in a lot of cases the cost-benefit to the end-user isn’t always clear which is, I believe, where we run into the most problems — particularly in the US where we socially have a very, how you call, “interesting” view of what privacy means.

Unfortunately, American’s social mindset is much different than that of, say, the European Union where they actively educate their citizens on privacy and their data footprint as well as have regulations in place to define what is and is not acceptable by business and providing mechanism for users to better control the data about them. An popular current events example of this is GDPR which is being instituted as I type. It is an attempt at being very consumer friendly and does possess a level of burden on business to reach compliance which is why it is highly unlikely in the overly pro-business and anti-consumer environment of the US at this moment we’ll actually see anything like it happen.

Advertisements

About thedoormouse

I am I. That’s all that i am. my little mousehole in cyberspace of fiction, recipes, sacrasm, op-ed on music, sports, and other notations both grand and tiny: https://thedmouse.wordpress.com/about-thedmouse/
This entry was posted in business commentary, Opinion. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s