Skip to main content

tv   Facebook Data Privacy Practices  CSPAN  April 10, 2018 1:48am-3:22am EDT

1:48 am
1:49 am
>> we are going to get started. good afternoon am the director of the open technology institute everybody that has access to internet is open and secure. thank you for joining us here today at new america for conversation what should we do next? so you might be in the wrong room there was a fast-growing social network called facebook and then to become a platform for other apps then to launch the application program that allowed app developers to add new data for those that signed up to use their apps.
1:50 am
but there was a big privacy catch the note because they obtain data but also from their friends of those users. even though facebook notified them during privacy policies is not easy privacy setting. the default for apps to have access to friends data and mostdi funders could long -- users didn't understand what was going on. from those who didn't even use the apps. those to protect data from the issues and then to tell them
1:51 am
to use the data to provide the service so it all to a spooky consultant is -- consulting company so they can manipulate them. of course we know that iss what happenedog it was called this is your digital life could take 250,000 facebook users and through access and their friends data to obtain personal information up to 87 million facebook users. they sold that data to a political consulting firm working with the trunk -- prompt mom -- president trump campaign and also based on the
1:52 am
bribes which brings us to last month learning how they had attained this data we also learned facebook has known about this passing of data since 2015 i did not confirm that heather did their demanding a certified they did not. they continue to allow them to advertise on their platform so this is led to a firestorm on a privacy online generally and facebook specifically after controversy has been raging over the platforms were subverted for propaganda during the presidential election since then.
1:53 am
now is facebook is losing billions of dollars of stock value using public trust and out trying to regain the trust as policymakers are rattling the saber a regulation in ordinary folks only now seem to understand how facebook works or for five years ago and what that means for their privacy this simple question is what now? what should facebook do? what policymakers should do? what should users demand that they do for facebook or platforms generally? i will be talking to the panel of experts about these questions in the state of online privacy and how we can improve that but before that i want to pass semi- to my colleague who rented independent house called ranking digital rights dedicated to answering another question that is relevant just
1:54 am
how well companies like facebook are protecting their usersil rights she will give a preview of the latest annual corporate accountability index released later this month and then move on to my conversation and then our panel with the experts. thank [applause] >> i don't where to take too much of your time other than let you t o know that ranking digital right corporate accountability index will be launched april 25 in new york and we have a flyer april 27 and will ben an event here right in this room to talk people the 2017th index can be found on our website to see
1:55 am
how we evaluated companies last year to rank 22 of the most powerful internet telecommunications companies affecting users human rights to freedom of expression and privacy so there are indicators very specifically to affect how they handle user data it will not surprise you did not perform on those indicators last year and the quality of the policies and they will not be shocked to hear that is a revolutionary change.
1:56 am
you can see the report when it comes out on mine for all the details and downloadable data and then a similar event here and people will be able to go through and discuss the results in great detail. so one other point industry in general is doing poorly that facebook's disclosures were the bottom of the cohort. so that is just a preview. >> we look forward to reading all about that and now i would love to welcome ftc commissioner to chat.
1:57 am
>> hi there. >> i want to start with a question to the expert panel is this a tipping point like a snowden moment in the context of surveillance where we could see changes in policy or maybe the experian moment to see a lot of noise but not a lot of action. >> i think a major own point i will give you my own perspective from the ftc i will not pull any punches and i'm careful not to talk about the ftc has concluded
1:58 am
regarding this open case of maybe 87 million people information was used is a big deal and one of the things i was missing is talking to hundred 50 million people very detailed information was breached and unfortunately that incident didn't have a policy that i hoped so i hope this is a moment of change also because the general data protection in europe is coming into implementation in may so changes areha needed in response to that so that is a big impact at the same time this has an impact on i the story so if it has an impact on just
1:59 am
one thing but i would really, really like are the people that say to me we haveki been talking about this for years that american consumers just don't care. i think that is demonstrably false and we have given evidence that they do care and consumer trust is incredibly important i will be at the top of everybody's list what they are concerned about for their businesses and also it underscores the fact consumers are not necessarily understanding or anticipating fully the risks the data on the platform. i don't think we should put that risk on the individuals for what might happen to their data and that is part of a
2:00 am
policy conversation they are happening. >> so with any comprehensive data rules in the united states with a consumer privacy cop on the beat to go after fair and deceptive trade practices and you have gone after facebook before in 2011 over some alleges deceptions over the last privacy transition so the question how did this happen if the ftc the cop on the beat already had this in place? >> that is 100% the right question. i am the sitting trade commissioner i love the ftc i think they are doing an incredible job with the antiquated authorities 104-year-old agency to protect
2:01 am
consumers from unfair deceptive practices act to adapt on the online environment but it does call for stronger tools. this underscores the ftc is not strong enough as it is currently in its current resources to be the consumer protection agency that it is required. >> i would start by making sure it's been more or less flat funded for the past three years. the obama administration to call for an increase in resources for the agency but it has never been funded at near that level so as first of all under resource. one of the things that it has
2:02 am
been doing and i'm very proud of sharing the ftc with this implementation bringing more technology into our work and bringing more researchers. we have an office at technology investigations that i think is a great first step in that direction but i think we need to think about institutional design and whether that kind of capability ought to be significantly expanded and maybe a beer of technology just like the bureau of economics. there's more horsepower in the ftc. the ftc needs additional authority to contact outside experts to evaluating. needs in-house expertise and additional resources to bring that expertise and where it doesn't have it. down that it's really important for civil penalty authority and
2:03 am
to access breach violations. it needs rulemaking authority that can at--it can use for security. it's also been studying it and it's been looking at the data broker industry in calling for more transparency and accountability for data brokers that they think that's important but beyond that we continue to make the case for the consumer rights that we need in the digital age which includes things like data affordability and interoperability. those are things we need to focus on as well. >> one of the questions is what the ftc can do and the if someone misrepresents what they are doing with your data that is the ftc's and the would have
2:04 am
fared doing something with your data but telling you about it, that is okay. how do we get past that? first off as a starter is it a workable model? certainly facebook will argue as have you that its users and the f. t. c. were aware of and had notices of how it worked. this is what the product was. where'd where do you go from there? >> the idea that it's a framework that can adequately protect consumers and the environment is correct. i don't think we can continue to rely solely on that. i think the ftc itself is advocating that it relies solely on that framework but the ftc does have limits to its authority.
2:05 am
if you're not telling people truthfully what's happening to their information and how it's being used it's very important but of course it's looking at the rule and how that has been playing out in the marketplace. the notice is clear and timely and the privacy policy agreement it's offered around the collection and use so i think it's been consistently laying out best practices whether the industry has been following it is a different question. and the issue of whether you the ftc is strong enough and i've been arguing obviously that it's not. don't think the ftc needs to be doing this all by itself. we are sitting here and after congress are peeled the stronger
2:06 am
broadband privacy rule there was no justification for that. you need more than one cop on the beat. >> the privacy settings are confusing. it has gotten more complex. it illustrates some of the problems. when the scandal broke and i've been working to some extent but when i went into the settings i found a setting that said ask your question and it was all about your friends and what they can see on facebook and share with these check boxes. some of them are checked by default. which means facebook did not detonate--up david's privacy
2:07 am
settings. when i asked facebook does this mean anything at this point they were like well we haven't gotten around to fixing it or changing it for getting rid of it. some of those checkboxes named one. i was like is that the only one and they were sure. they are not clear on their settings how can we be clear on their settings? >> again i think you are identifying the model that we are using. i don't know if anybody else have this experience in the room her the latest news through through--broke for example i had the opportunity to sit down with my mom to go through the settings and she was very concerned and also wanted some
2:08 am
help in figuring out what the settings actually were. we went into that discussion. said you want to share the information. apps. you can turn off the platform. turn it off. i don't know if anyone else has had this conversation with their moms. would suggest to me is people are trying to exert choices over how their data is flowing out of that first party relationship that they have with whatever service they are using. they may not necessarily know there are more choices that they need. the ftc has been looking at this issue. if you looked recently in our paypal case where we said you can't have a default setting where you have several different options to navigate.
2:09 am
you think you have senator private but then you have to reframe that. that's going to be problematic. the ftc was looking at whether consumers can navigate. the ftc has looks at the case is more trickery. in our case against--for example if the consumer says don't track my geolocation app running programs to serve ads and the general location on your wi-fi is probably going around privacy setting. we have to find ways to make sure they took elegy is inserted into the privacy choice of consumers. the ftc has been looking at these issues. suggest to me there are some
2:10 am
problems out there and we continued to be there at it here. >> it has been influential in her data security pieces. in fairness is a important authority and it's challenging for the ftc in the way courts have limited over the years. we have to have very clear--and while we have been talking about harms that are not just economic such as turning cameras on and emotional arms and things like that it can be very tricky for the ftc to reach some of the conduct using its authority.
2:11 am
this is an area where i continue to reiterate you cannot go it alone. one of the things that happens to the pc when it uses its unfairness authority very aggressively in the congress has stepped in to try to limit it. the agency has been cautious in developing the use of some of that authority. >> you are also a competition authority. there is a lot of talk in the air about platform monopoly or a variety of other ideas. how do you see competition? >> i think competition is incredibly valuable and competition would then affect
2:12 am
consumers. one of the triggs here had to do with the economics of how these methods work. because of the incentives within them it's obvious to me that just more competition is going to yield better outcomes and better connections for consumers or that's why we need additional regulation to help really direct the marketplace toward the outcome we want towards data security and privacy. more competition is good and competition is terrific. it should the advocating procompetitive policies like interoperability and i think we need to be mindful of the fact that we can't rely on competition of the mark source to correct for all of the competition we are seeing here.
2:13 am
>> he talk about what congress could do district in your agency what can it do to strengthen the consumers hand? >> i think congress can start thinking about what are the laws from the past to protect consumer privacy? one thing it can differently do a stop passing laws that undermines repealing so we could start there. we can build on that i taking a look at a number of ideas and looking around the room a number of people have been talking about for a while which is privacy legislation. also conference of data security and security legislation. i would argue for accountability for data brokers. i think that's very important. i also think some of the rights
2:14 am
to win control over your data and meaningful control around meaningful operability and the important conversations that we should be happening having. that's the consumer protection angle. one of the things that we have seen play out in all of these stories in cambridge analytica mean bigger risk than the consumer protections we are concerned about. the potential for technology to be used in an information campaign to undermine democratic come--institutions i'm concerned about the fcc's comments for the open internet order. it is a deeply harmful thing. that's going to require more
2:15 am
responses than just addressing privacy and consumer protection issues. >> there is a comprehensive data protection regulation coming forward later this month. does that strengthen or weaken it and what are the impacts for a comprehensive doll done? >> i really do hope because what is what is happening is the major technologies are coming in and they are compliant across their platforms globally then it seems to me a lot of opposition allowing u.s. consumers to codify is eliminated. i think it could have an effect of making it easier for congress to think about protection for the digital age.
2:16 am
>> i do hope you're right about that and i appreciate you taking the time to use chat today commissioner. i'm going to invite the rest of the panel up right now. [applause] >> hey gang, how are you all? i'm going to let everybody introduce themselves. we will just go down the line of what i would like is for everyone to introduce themselves and then briefly answer the 10 questions. is this a tipping point or an equifax moment? >> starting with me. this is something that's going to have legs for a little while. it's the possible newsbreak initiative might come up. it's been in the works for a
2:17 am
long time and there have been questions for a long time. i think this will make a difference. the investigation will be ongoing and i think the spotlight will remain on how the company response to this weather response to the consumer interest in privacy but also what the impact the responses might have. i think we need to insist on very important consumer protections but we also need to concentrate on the consequences for overcorrection that could exhibit some of the things that we love about the internet and about openness and ensuring competition remains vibrant. this is an opportunity to shut down competition in the name of privacy.
2:18 am
>> i'm carolyn hollen. i'm currently attacked policy fellow working on competition in the system and an open internet. >> my name is harlan yu and i am in washington d.c.. i think to answer your question i sure hope it is. we really have no way of knowing ..
2:19 am
the answer lies in your framing there've been little chips away at the public trust and even the systems at large thursday so i think that has had the success of the crescendo with a great amount of angst that exists in the country that portrays itself as friendly to the consumers and in fact it is the proposition that they are getting facebook says we will make this free for you because we want to connect you. all of those connected to this
2:20 am
moment. something happened and it will be baseline privacy legislation but i am an optimist. regardless i think facebook will have to face the music and change its practices and become more transparent. it will be a significant moment. it depends on what facebook sa says. there will be public hearings next week mark zuckerburg is going to testify. and what path they decide to follow. i think it is a tipping point in this end. this is the first major breach of an internet giant.
2:21 am
yes there was a dustup with google, but in my view there are major issues facebook is willing to comply with. and i think one of the things we are going to watch closely is what do they say about that and how do they respond if this investigation is on to next year it could force the agency's hand. >> in terms of response, they've announced a whole bunch of changes and they will be simplifying their privacy settings although a lot of that was already planned for compliance to clarify the terms of service and explanations but not yet apparently talking about substantially changing those terms. they saw us working with online data brokers and closed a privacy gap in the function
2:22 am
allowing the public through finals and i wonder about that sooner and they will be narrowing what data is available with a range of the api. so it seems that they are doing everything and anything they can and short of changing their business model in terms of service, so the question what else should facebook be doing now and if you were in the war room what would you be advocating for? >> they raised two issues. we will be talking a lot on the panel about the user privacy and the scope of the sensitive user information made available to its developers that i think there is a vital conversation we need to be having a which is as
2:23 am
facebook starts to raise the wall how is the public going to scrutinize what's happening inside and in particular how the business model is vulnerable to potential abuse and how the public finds out and addresses. because of the links to the political groups and campaigns i think what a story dated that intensify people's interests and the way the facebook be done and platform was being used to manipulate both the election and political discourse so from that they promised an amount of
2:24 am
transparency after its own internal investigation of russia interference. for the avid transparency, that would help everyone especially political watchdog groups and reporters keep advertisers accountable for who they say they are and what they say to different groups. i just want to spend a few minutes talking not about the user privacy side without ad targeting. i'm talking about any message on facebook touched by money whether you are a company or not to a certain segment of the facebook users. we are obviously talking about the political campaigns, political groups that want to do if you add and we are talking
2:25 am
about other gravitational states that want to spread intentionally misinformation were to exploit certain decisions in our society. i am also talking about ways that advertisers might be using facebook at the targeting platforms to prey on for movable consumers. these are ads that are trying to find patient or fraudulent opioid rehab centers or aggressive as for the for-profit colleges were sketchy repayment schemes or campaigns that drive the discrimination as we are talking about advertising in the finance and employment and housing so these are the kind of legitimate ad targeting.
2:26 am
on this business model finding certain segments to target specific messages the main question i have is how would the public be able to scrutinize its targeting behavior and addresses of these abuses and what is facebook going to do to help address the issues.
2:27 am
if you are a user and go to an advertiser's page. in principle all of th the prins are visible but it's also a very manual process. the. it also build a robust api with research functionality. the second thing is that facebook started to make
2:28 am
enhanced transparency promises to. they should be turning their attention to all ads that are being run on the platform. it's important not just to know the content of them. it gets complicated because some advertisers don't use explicit targeting criteria.
2:29 am
the users that have the same features. the. to the extend faceboo extent fas already giving enforcement they should disclose to the public a detailed accounting of all the bad ads that they are taking down and for what reason.
2:30 am
it's not just facebook telling us they are doing these things. it's to verify the case and so i will put a plug on the report that the team is releasing the next couple of weeks to serve as a public advocate guide to the end of transparency. we are building a manipulation layer into the internet we don't understand and can't control and it will be helpful in grappling with that.
2:31 am
in terms of my wish list i would add greater transparency in the venues like this we did invite facebook but they are busy. but i will say they've done a lot more press on the record in the transcript in things like that and obviously they are testifying in congress and don't have a lot of choice. as far as other people's wish lists, they were in the war room, other things which as we move onto another question to ask >> let me say what i think they should talk about doing. one of the problems in the cambridge analytics shows this, how little control facebook was exercising over the party in particular the developers so
2:32 am
facebook has recently acknowledged they don't have contracts with the third-party developers. they don't have any remedies in case there are a delivered overharvesting or sharing. they obviously did no due diligence on any of the third-party developers and so when it comes to how you solve the problem part of it is there has to be greater oversight control, and yet this whole episode has proven that was one of the aims of the dissent decree that require facebook to identify the threats to privacy and to plug those threats and so since the third-party app developers have access to this data, that was obvious for the
2:33 am
privacy violation. as this debacle unfolds it is clear so just going down the list is there some kind of due diligence on who's getting access to the data, some kind of contractual lockups that give them power to give audits, oversight, some certification of the opera collection and sharing, audits done by facebook or a third party to ensure there is compliance, so we are weeks and months into this. or cambridge analytics researchers have destroyed them. i teach law school and we teach
2:34 am
students how to enforce these kinds of promises. it's basically just a fun the broad access to consumer data. i could go on, but what i would like to hear from facebook is what are we going to do to control this? the famous line was this is déàa vu all over again. we solve these problems in 2011 and the dissent to create was designed to avoid the problem so one of the things i like to see is facebook come before the senate and come in with a list of things that are going to control the problem. there's lots of other problems, but in terms of providing minimal safeguards those are
2:35 am
some of the things i want to see facebook talk about. now that you bring about the dissent victory coming to seem to indicate earlier you believe that it had been violated so i would like to hear first in light of the audience a little bit more about wha what that wad what that was about than what you'd expect if i wanted to see in regards to death now. >> again this goes back in part to the third-party access because in 2009 to november andd december, facebook made two changes to its privacy settings that pushed him out of private information to be public and gave the third-party access to information. it'how to exercise their politil
2:36 am
views without their consent and so i've seen this movie before and it didn't end well. so, one of the things they did is try to rein in the third-party collections. if you look at that the creed draws the line between people that actually post things and third parties that actually harvesting. the goal was to limit third-party access unless there is a clear notice and consent. if you believe any of the friends that thought something
2:37 am
with cambridge analytics was going to happen to them. both in terms of the dissent's decree model was violated. they are forcing facebook to look at the vulnerability. where is the consumer privacy at jeopardy in plugging those and that was designed to respond to the downloading third-party apps and it's quite clear in the aftermath they would pay no attention to that part of the
2:38 am
dissent decree. you have no dissent or sharing a third party which is why the cambridge analytics of such a scandal. it's still done nothing to fix this. so a lot of the things has announced a new platform policies that mark has talked about the purpose of stuff before. when you negotiate a settlement with what was going on in 2014
2:39 am
they would say when we negotiated the settlement this is how it worked. these are the disclosures made to the user and the settings they had carried with chain to make that's not okay anymore because the position is they violated the rules and our product was working the way that it was designed. to force facebook to get a better notice, that was a part of the dissent decree and section number four. facebook didn't pay any attention to this. if any time after the dissent decree was edited into the friends of friends understanding
2:40 am
the scope of harvesting their data. the cambridge analytics take their data if the answer is no. >> what happens if the answer is no? >> in terms of the enforcement i don't think it really matters because i don't think facebook has any argument this isn't a violation of section number five because section five turns on what consumers reasonably expected that they also don't have the defense to my view. it is a violation of the dissent decree and a substantial penalty. at the time we did the case for the statute provided for $16,000
2:41 am
per violation and the ftc is always considered a violation to harm an individual consumer. so now if you measure them if you multiply to the 87 million they would be able to figure out what the answer to that would be. >> 16 to 40 -- >> you are talking about an astronomical penalty. obviously that would not be a starting point for the agency. but i think that there's likely to be a substantial penalty. >> we are talking about what they might do. there's also the question of what congress might do or should do to start that conversation we will go over to michelle. >> i think that yelling at mark zuckerburg is a start. it's not necessarily going to make a change though.
2:42 am
in some ways this illustrates where there are golden abilities and weaknesses and where perhaps congress could in a more discreet way to make some fixes to make them have more teeth. for example in the google case it was $25 million which is half a day of profits. to make it better when the ftc has defined i think what congress should do is not be make the gdp and for those of you in advocacy this is not exactly in line with what the advocates are saying. i think it is fantastic and forced companies to incorporate a lot of them into their platforms, though i don't think we need to duplicate it for that reason. that's not to say there are not elements that could be great in
2:43 am
the privacy law but i don't think enacting the law needs to replicate the failure of consent. they have a place but i think instead what we should be looking at is expectations over the way that congress should view a baseline privacy law is with the idea that if a person's expectations is designed for the kind of user agency it has come up with sort of transparency is available and what accountability is attached somet of looking at the idea we interact in the platforms is obscure so you can't make the consent and most people know you don't see the hundreds of eyes looking at you and all this is by design. so, to pushed to the forefront, the idea that if you are going to did you expectations in the platform and use the values of
2:44 am
agency accountability some of them have to come from the design side so creating a standard it's more about what sort of interaction with make clear to a person with the value of the proposition is. right now one person put it very well and said when the companies leverage the data 100 times that is what a price increase but you get nothing out of it except a free service. but that argument is hollow now it's up to the extent there are ways to do this and design principles for more transparency and not just the gdp are they need to be in the wall and also the idea going back into the accounaccounts of the because is crucial the idea of making public disclosure and drawing at some of the other success in
2:45 am
making them certified public disclosures on a quarterly basis it forces them to have skin in the game. other areas with auditing requirements and making the the companies tthecompany's duty tot assessment of those things are doable. they are not easy technically for sure there are challenges but i think that there are ways that would make a huge difference in privacy protections. >> the front end is not a modest proposal. i will admit i share some skepticism about the value and the political viability of the baseline privacy at this stage, considering that there was much work done. a lot of smart people focused that it basically wasn't good enough for either side of the debate.
2:46 am
and i'm not sure if the calculus is changing that much, but it does raise the question it's not some sort of a gdp are for the u.s.. and you mentioned a couple of targeted things, the ceo certification idea and impact assessments. what are more targeted -- there are staff wondering what can i write right now that my boss will introduce and looking at the decisions. >> or what can we do that strong that will strike fear into the hearts of facebook and other companies and perhaps impact the behavior what should we be doing? how do we get protection for people and of course with protection should come accountability. i do think strengthening the dissent decree would be great.
2:47 am
it would strengthen them which we've heard and everybody in this room knows we need more tools, more resources to be able to do its job especially with everything that's gone on, more transparency around the dissent decree, we had something we are going to be coming out with is something here are specific recommendations on the dissent decree and hope only that his something that can get bipartisan support. you can look at the republicans reform playbook and use some of the ideas as good governance to get something like that to be more powerful. also another area of david touched on is the idea of the data access by researchers so it's something that has been avoided in part because of the tricky subject we don't want to shut down innovation or open access. but there are ways to create obligations for those that don't exist right now. if you are a federally funded academic researcher, you follow
2:48 am
the common rule which means you go through the institutional review board and those institutional review boards if anybody has gone through them, they are fairly worthless. not for the reasons that they are in good faith they don't ask for things like terms of service review. all the platforms see this by the way but it's imperative for there to be a preview of that. some accountability for the researcher there should also be a certification for the researcher so they are held to some obligation not just for what they intend to do how they are protecting the security of the data. facebook's agreement was light on accountability and i'm not sure that wasn't by design. the idea us but to date i go ifd
2:49 am
we don't want to create this viability for the other aspect is creating a chain of command of liability in a ecosystem which again would end be easy but you start with a platform service creating the risk and then you go down the line and decide what are the rules and what oregon liabilities and i ai think this can be chopped off in small ways may be dissent decree as a part of that order the certifications are another part of it. >> other ideas? i'm guessing you were all for the ftc. >> she's absolutely spot on. i would say to the extent there may be smaller pieces of the privacy issue this would guess that many but not all of the problems and i think given some
2:50 am
of the research that we have had and some of the problems with the data brokers, there needs to be something like the fair credit reporting act stronger for the brokers. the fact is people are worried about what the nsa knows about them and so does facebook and lots of other companies and yet we don't have any effective regulatory tools for any of them. these are massive data pools to the extent that they get worse, you have the data with the risk takes. >> going back to the platforms and away from the brokers will there be a specific use or requirement about dissent but the possibility of the stronger transparency requirements certainly talking about that in
2:51 am
the context of ad and i expect they are talking about it in the context of who gets your data. there's also the question of the political viability an of timing and whatnot. so for example, i have a crazy idea of which is there is a single malt is the strongest in the united states called the video privacy protection that is what you want to do video store and protect us what you watch on networks and that got passed after the supreme court nominee video records were obtained by journalists that congress freaked out hence the privacy law. i don't see any principled reason why that shouldn't extent the need to extend online. i shared this idea with a staffer like sure, but that's in the criminal code and would go through the judiciary and the thing is going to happen and the
2:52 am
judiciary. we have to think of things can happen in congress. so what do we make up the like anof the likingof what is possi, clearly they are not going to pass anything this year. year. they are basically already done because of the election. that's what do we need to plant now? >> what happens in the fall is huge and will decide if they take the gavel or if we take congress and the possibilities are greater based on the privacy law or any updates to the privacy journal. privacy is dressed notorious for being in 100 different committees especially in the high-profile case like this they are scrambling to figure out how to get into agriculture.
2:53 am
this is the way to democracy fumbles along that to the extent we can provide them with the correct facts about what happened first of all is something i noticed even excellent journalists scraping the access interchangeably. they work hard and make sure the committees of information about what they can do next. it's also important to bring republicans interested in this issue. they haven't said much for a little while but now they are and that is a really important development that especially in dc they can't ignore the bipartisan and it's important to engage both parties in the process and explain that this is a truly bipartisan issue or should be.
2:54 am
>> moving onto caroline and competition that is your expertise or do they play in addressing a situation like this is any? >> one of the questions we heard after this does wait a minute, he said things would be better. we've been seeing a lot of headlines talking about the power of big tech, the consolidation that has occurred and the then the follow-on is me more competition they were doing their job and it wouldn't be so bad. i adhere to say antitrust plays a limited role in some of the bigger market structured question for the consumer privacy driven questions. if we have multiple social
2:55 am
platforms in an ideal world, it might be on the basis of privacy. but the trick about social platforms is we really don't want to have to go through the different platforms to find our friends on each side. one is the value of the network effect is the value in this service that the more people that are on th on it, the more valuable it will become. so it's not necessarily something that consumers would want in the real world. you might want options and i will talk about some of these ideas for promoting competition, but we can talk about the limits of the antitrust law. the antitrust law is a function not prohibit the conduct by firms with substantial market power from taking action in the competitive process and also can stop the mergers that would lead to less competition and dick
2:56 am
have a positive impact on the platform. another important tool is the section five authority, section five is believed to and covers something more than the antitrust law and congress must have meant something to think just the antitrust law. section five prohibits so this is what the agency can use the authority and find action that facebook is taking that violates this principle of competition. so somewhat limited tools at one of the things is how do we put
2:57 am
competitive pressures in a company like facebook and is the through the vendor data portability to create a meaningful way for the data through some other application or service that would be able to create some networking service that consumers want. this then goes into some of the questions i am now exploring and trying to think about. it's more questions than answers. the importance of the data portability interoperability and hohow they use the api works ino this. a side note, i have been thinking about how low competitions both innovation and ensure the openness of the internet that we all want and that we get a lot of innovation from the.
2:58 am
the. then what is the concept is it more responsible use of api and how to be speeded to the digital ecosystems, so one of the things i want to put out there and we should be looking for is because the technology and the competition bureau is to make sure facebook as it starts to review its api policies does a lot of things they should do to protect privacy and security to make sure people willy-nilly can't get access to all of the consumer data at the same time make sure there isn't an overcorrection in terms of shutting down access to data that helps developers come up with exciting new programs people want to use on facebook
2:59 am
that could ultimately compete with facebook and facebook could have the incentive and the ability using its api to say what's up with this developer access data because i'm worried about the threat, let's shut it down. >> there's portability which is getting the data out. facebook is a tool for getting your timeline out it's basically built for you to browse explicitly and then not suitable for uploading to another service. let's assume there are services out there. >> but they are not for you to take it somewhere else. it's going to require a level of portability so that you can move
3:00 am
it somewhere else and we have seen how people are going to implement that and that will be really interesting. but then there's also the issue of how we come up with an environment where something can get big enough that you even want to move your data and that's where you get into the interoperability because where i am sitting, one of the only plausible version of a network getting big enough at this point they bought the two networks is to be able to leave facebook while still being able to communicate with people because what it is doing right now is not its platform it's the people on the platform and no one feels like they can leave because then they would mean nothing if the pressure on them to change. but how do we do ac that like wt are the tools to push facebook
3:01 am
in the direction of what it considers its most mortal threat which is building doors into this wild card. >> we need to find them having the market power which we need to find and doing things that would require tha this sort of remedy to say you need to make this open. one of the solutions is more likely legislative to give authority to do rulemaking and i think the important thing it's not just helpful to have my pictures and posts to these valuable pieces for my friend in the data portability is also to think of privacy. my friends are my friends but i'm going to put this over some other service are my friend okay getting pained by the new service i think there's a lot of questions about what the
3:02 am
meaningful data portability to another service actually means. and the devil is going to details. and it will be great to hear from developers and others who are trying to think about the next social platform and what they need to capture the data and build a service off of that. >> what you are talking about is forcing facebook to become a common carrier and that is through all sorts of subsidiary problems. i don't know how you force the excessive legislation. >> when aol bought time warner there was a position to make its messenger interoperable with its biggest competitor and at this point whether they would
3:03 am
themselves iputthemselves in the actually it would have to assume such demand. >> [inaudible] i was just going to say maybe there is a small part of facebook. looking at the specific communication aspects. >> there's also a tension between privacy and interoperability. yesterday, their announcement to close off more parts of api privacy advocates would cheer but then the competition advocates would thought so they would probably have to do with more legal and policy solutions rather than tweaking the knob in terms of how much database.
3:04 am
>> it's going to require a lot of study for the research and empirical data to respond to the common carrier we need to think is that what you want to do because you need to keep in mind we wanted to ensure the platform facebook is going to be as soon as you get big and have a lot of people may be the website of that is we need everyone to be the best they can whatever it is i can provide that's great so it's going to be an important consideration if the trade-off
3:05 am
for certaipursued policies thatk will benefit consumers and what impact it will have. >> i will miss my greatest fear is that it's not only going to push the decision-makers on facebook but the rest of the industry of may. and i worry to some extent you will have facebook saying please don't make us mark them down even more when that would serve its competitive position. >> there are some ideas around the data collaborative it's interesting for people to look at the idea that parts of the data for sure how they would deal with this but part of the platform could be put into the data collaborative is where it
3:06 am
could be accessed by researche researchers. maybe there are ways to segment some of this so it doesn't create problems. >> what is a viable amount of data where they are not really relevant to the pittsburgh can i get my list out with a piece of data that will allow me to be identified after that is for a phone number or e-mail address and then you get into a privacy problem and they say that might be violating what we already -- the >> a lot of discussion not to overpromise much that we will be giving an event on the interoperability and portabili portability, knock on wood. but in the meantime, we have a
3:07 am
few more events in their arkansas shooting up. >> there's a microphone going around. please don't speak until you have the microphone for the folks watching on c-span. >> you brought up the dissent decree and spoke about it quite a bit and also the idea of audits are in the dissent decreed and they would have had to have gone through one if not two between then and now. and it didn't do anything to push this forward. is the object something we should be pushing for was it effective in the consent decree and it wasn't which seems not to be, how can you make them better? >> what it requires our biannual flailings by third-party essentially make sure facebook
3:08 am
is adhering to the commitment and the defense to create if there hav had been two or three submitted since it was filed to haven'haven't seen one in severl years, but that isn't really what i'm talking about. i am talking about trying to make sure third party apps stick to whatever commitment they've made so one of the problems with cambridge analytics is facebook didn't know what it was downloading nor did they have any means of making sure that the data wasn't shared with third parties. there was no control and there was no audit. so, what i am talking about is ways of overseeing the parties that have access and there needs
3:09 am
to be contractual markups and making sure they behave as they promised. at the moment, facebook has been depending on wishful thinking that they are going to do whatever the terms and service provides. cambridge analytics debacle there are no controls so that is what i was trying to refer to. >> these are assessments that are different. you have a private assessor cataloging the benchmarks about the company and there are ways to gain this and they will change the practice right befo before. none of this is public but they will also not list material
3:10 am
changes. things that would be relevant to the dissent decree because of the timing of the assessment. it would require the company to sign off on material changes of their practices before and after the audit happens and it would create a sense of accountability which hopefully would have more of a finding authority. >> it isn't clear that they reported what happened in the cambridge analytics even though it would have been required in the biannual. >> in several conversations of the debate, one of the big
3:11 am
concerns is the lack of access to data by researchers said there is a tension between the personal data and get facebook and other companies not turning over the list of content that they removed or censored etc. so i think we should be careful about making broad brush strokes at the institutional boards at least they have to go through something and definitely there needs to be more technologically adept but how can we balance the need for more oversight and auditing potential both by researchers and also potentially by the judiciary that are deciding what content is illegal or not outside of the judicial process with the need to protect private data. >> i can take that one. in terms of recommendations i was talking about, it is true there is especially when we are talking about countering the
3:12 am
violent extremism and how to balance privacy and transparency is a tough call. the recommendations applied to the facebook already considers the ads to be all public. any money that has been spent to boost its already considered public and not private information. so, at least it isn't going to get at all of the problems with for a largbutfor a large fractie problems beyond, more transparency about the will do a lot of good without risking individual privacy that much. >> i think that your question is when we all need to be asking if it is relevant to the port authoritpart aboutthe question y cluster on how to balance the need of privacy with all the other things we need.
3:13 am
you have the commission are writing to "the new york times" about how we need more opening to do research. yet at the same time we have a push to close them down because of privacy. to be fair to facebook i would be like what do you want us to do. >> [inaudible] >> for the information practice principles the data governance framework and most are very well-versed but it's also a good way to think about how to govern the data so for example it doesn't mean restrictions in terms of this is a good project or this is in secret project that is about privacy and security restrictions and requirements and meet omitting the amount of data and the scope of the data and the reason you are collecting the data into
3:14 am
those type of requirements that don't exist right now. that would be a step forward. >> i'm pretty familiar with the internals of it. to possibly mitigate the situation is the technical solution to internally deprecate all of the numbers that have been exposed so far because one of the problems is the worst left the barn in 2015 and you simply couldn't target them anymore as with mitigat would mn large part. if you had been thinking about
3:15 am
that it's something facebook will likwon't like very much, st would have a punitive aspect and it would also not fundamentally disrupt legitimate ongoing activity from people that are obeying the rules. >> i have a simple suggestion or thought as a result of the investigation. that would create a barrier to the competition to solve some of the problems and of course some of the other requirements but that is something that they would see as punitive.
3:16 am
>> i don't know whether the commission would have thought about a remedy for the deceptive act as opposed to one that impede competition and i suspect they would still have problems doing that now. bob always has interesting ideas. i think people should think about this. the remedies are basically equitable and we do at times force people to do things they don't want like occupational advancement. this is an intriguing idea. >> there will be plenty of other developments ongoing including if everyone enjoys or finds interesting than and cute panels
3:17 am
fothank you to thepanelists forg conversation. [applause]er david
3:18 am
3:19 am
3:20 am
cameron testifies about global security. unfoldsn, where history daily. in 1979, c-span was created as a public service by america's cable television companies and today we continue to bring you unfiltered coverage of congress, the white house, the supreme
3:21 am
court, and public policy events aroundington, d.c., and c-span is brought to you by your cable or satellite provider. >> "washington journal" continues. host: on mondays, we like to take a look ahead at the week in washington. jason dick joins us now to do that. the main focus this week will be on the house and senate in the committee hearing rooms. take us through the highlights of the week. guest: probably the biggest highlight of the week will be mark zuckerberg's appearance before three committees. on tuesday, he will appear before a joint senate committee


info Stream Only

Uploaded by TV Archive on