April 9, 2018

Facebook has suspended another data analytics firm amid claims that the company has been improperly harvesting user information. The firm, Cubeyou, gathered data under the guise of academic research, then shared it with marketers, a CNBC report found.

The tactics echo those of Cambridge Analytica, a data firm that accessed and shared information from as many as 87 million users without permission for political marketing. Cubeyou created personality quizzes that reached tens of millions of Facebook users, labeling the privacy permissions as "non-exclusive access for research purposes only." However, the quizzes allowed Cubeyou to access personal information that was disclosed to third parties, such as location, age, relationship status, likes, comments on posts, and mentions of brands. A previous version of the quizzes also gave Cubeyou access to the personal data of a user's friends.

The company's customers included communication firms and advertising agencies, CNBC reports. A Cubeyou executive said that the app had disclaimers about its use of data on a separate website, and denied that the quizzes could access the data of a user's friends.

Facebook was reportedly unaware of Cubeyou's improper practices, and suspended Cubeyou for an audit. The discovery comes just days before Facebook CEO Mark Zuckerberg is scheduled to testify before Congress regarding the platform's recent privacy issues. Read more at CNBC. Summer Meza

December 21, 2016

Germany's strict privacy laws prevent the widespread usage of surveillance cameras, but the coalition government on Wednesday approved regulation that could change things.

While the proposed laws will still give Germany's states and city states the final say on whether to allow or ban CCTV cameras in public areas, they will "force data protection commissioners to give greater weight than before to 'the protection of life, health, and freedom' when deciding whether to permit video surveillance," The Guardian reports. The initiative is not a result of Monday's attack against a Christmas market in Berlin, but rather the attempted suicide bombing in Ansbach and a mass shooting in Munich this past July.

In Berlin, there are 15,000 CCTV cameras installed on vehicles, with more than 3,000 capable of being switched to live transmission, but police cannot install cameras in public spaces that transmit live images due to data privacy regulations. Bodo Pfalzgraf of the German police union told The Guardian that "better and more intelligence surveillance" is needed in public places, especially after Monday's deadly attack. "We would know a lot more about the perpetrator by now if we had been allowed to install video cameras on Breitscheidplatz square," he said. "We couldn't have prevented the attack, but our investigation would be more advanced by now. CCTV can save lives." Critics of surveillance say this statement is merely hypothetical, and it's more important to have additional police officers on the streets. Catherine Garcia

December 31, 2015

Microsoft announced Wednesday that it would be joining the growing industry trend of alerting users of suspected government hacking attempts. The announcement comes just nine days after Reuters questioned the company's decision to not inform members of a hacking campaign in 2011 allegedly carried out by Chinese authorities that targeted international leaders of China's Tibetan and Uighur minorities, as well as diplomats, media workers, and human rights lawyers. Though Microsoft allegedly knew that Chinese authorities were behind the hacking, they did not disclose that information to users of its email service, Reuters reports.

"We're taking this additional step of specifically letting you know if we have evidence that the attacker may be 'state-sponsored' because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others," Microsoft said in a blog post published Wednesday, later telling Reuters that as "the threat landscape has evolved our approach has too." Previously, the company offered alerts of security breaches without specifying the identity of the suspected hacker.

Facebook, Twitter, and Yahoo installed similar policies in October. Becca Stanek

July 21, 2015

Here's another reminder to be careful what you post online: A New York state court ruled Tuesday that Facebook has to comply with search warrants allowing prosecutors to glean information from hundreds of users believed to be committing Social Security fraud.

The court ruled that the warrants, which applied to the photos, private messages, and personal account information of 381 users, could only be challenged by individual defendants after prosecutors gathered evidence, Reuters reports. In 2013, the Manhattan District Attorney's office served warrants to Facebook, looking for information on people who were eventually indicted for Social Security fraud, including some police officers and firefighters who pretended to be sick after the Sept. 11 attacks. Facebook submitted the records to prosecutors in 2014 after a state judge tossed their claim that the warrants violated the Fourth Amendment, but went ahead with an appeal.

Prosecutors said they found Facebook pages with photos of public employees who said they were disabled riding jet skis, playing golf, and showing off their martial arts skills. A spokeswoman for the district attorney's office told Reuters that prosecutors were able to get $25 million from people targeted in the probe, and "in many cases, evidence on their Facebook accounts directly contradicted the lies the defendants told to the Social Security Administration." Catherine Garcia

May 9, 2014

On Thursday, the photo messaging service Snapchat settled charges from the Federal Trade Commission that the company misrepresented how it maintains the privacy of its users.

Snapchat's appeal is its ephemeral nature: You send a contact photos or video with a time limit, and once that's over, the image disappears. At least, that's what is supposed to happen; the FTC says that the messages, or snaps, can be saved via third party apps or by a user taking screenshots. Further, The New York Times reports, the FTC also accused the company of collecting sensitive personal data, including address book contacts, despite promising otherwise.

"One thing we want to make clear," said Chris Olsen, the assistant director of the FTC's division of privacy and identity protection. "If you make promises about privacy, you must honor those promises or otherwise risk FTC enforcement."

Under the terms of the settlement, Snapchat must start a privacy program and will be independently monitored for the next 20 years. If the company violates the agreement, it will be fined.

Hopefully this settlement will serve as a reminder to everyone that once an image is transmitted into cyberspace, there's no telling what can happen. "The internet is forever, and people don't realize that," security expert Nico Sell tells The Times. "You think you can delete a tweet or a Facebook post, but it doesn't go away. Most people don't know how hard it is to make a message disappear." And Sell should know — he's co-founder of Wickr, one of Snapchat's rivals in the timed-self-destruct messaging business. Catherine Garcia

See More Speed Reads