On Q Professional Investigations

It could be time for you to start worrying about what Facebook might be doing with the identity information collected on you and “tagged” photos.

The Hamburg Commissioner for Data Protection and Freedom of Information in Germany has announced legal action against the company and charged that Facebook’s use of facial-recognition technology is illegal.

In addition, the Federation of German Consumer Organizations is ordering Facebook to stop giving third-party applications users’ data without their consent.

If the social network doesn’t do this by Sept. 4, the FGCO will sue. Earlier this month, Norway also announced that it is looking into the legality of the social network’s use of face-matching technology.

Unlike the United States, Germany has regulations that allow Internet users control over their data.

Regarding photo tags, a Facebook spokesperson told CNET: “We believe that the photo tag suggest feature on Facebook is fully compliant with EU data protection laws. During our continuous dialogue with our supervisory authority in Europe, the Office of the Irish Data Protection Commissioner we agreed to develop a best practice solution to notify people on Facebook about photo tag suggest.”
Facebook: facial recognition profiles without user consent

A number of companies – like Facebook, Apple and Google – have facial recognition or detection as an automatic part of various services and apps.

With Apple and Google, users must opt-in, and they can opt-out. While its users can remove tags, Facebook’s facial recognition feature is active by default.

But what happens with that information? It’s not just that Facebook is using facial recognition (biometric data) to increase the worth of its data for sale, trade, or for whatever currency it’s lining litterboxes with in Menlo Park.

In its December 2011 comments the Electronic Privacy Information Center told the Federal Trade Commission:

(…) the Commission should specifically prohibit the use of Facebook’s biometric image database by any law enforcement agency in the world, absent a showing of adequate legal process, consistent with international human rights norms.

Facebook reportedly possessed an estimated 60 billion photos by late 2010, and approximately 2.5 billion photos are uploaded to Facebook each month.

The democratization of surveillance

EPIC’s comments came after the FTC held a day-long forum called “Face Facts: A Forum on Facial Recognition Technology,” focusing on the commercial applications of facial recognition technology and its potential privacy implications.

The “Face Facts” participants came from disparate sides of the discussion. They included FTC attorneys, the Face.com CEO, Facebook’s senior privacy advisor and director, and reps from Google, the Privacy Rights Clearinghouse, the Center for Democracy and Technology and the ACLU.

Demos were done for participants by Intel AIM Suite (Audience Impression Metrics: a CMS-friendly and API-ready, public-use face detection software product) and Andrew Cummins, self-described strategy expert in tech/defense markets and the chief technology officer of controversial app-maker SceneTap.

There was also a representative from the National Institute of Standards and Technology. Interestingly, in 2010 NIST tested various facial recognition systems and found that the best algorithm correctly recognized 92 percent of unknown individuals from a database of 1.6 million criminal records.

FTC Chairman Jon Leibowitz opened “Face Facts” saying this summit was timely because, “Facebook has launched new facial recognition technology” and that “These sorts of technologies have already taken hold in law enforcement and the military; in that area, they are as controversial as they are interesting.”

I’m not sure if his use of a clip from the Tom Cruise film Minority Report in his opening remarks was meant to be ironic or not. Perhaps Mr. Leibowitz misses working for the MPAA (where he was chief lobbyist until being tapped for the FTC by George W. Bush in 2004).

Leibowitz did say, “We must confront openly the real possibility that these technologies, if not now, then soon, may be able to put a name with the face, so to speak, and have an impact on our careers, credit, health, and families.”

The Face Facts meeting raised an alarm for privacy organizations; Privacy Rights Clearinghouse director Beth Givens stated outright that there is insufficient public awareness about all aspects of facial recognition tech, and zero auditing mechanisms in place for any entity using the technologies.

Six months after the FTC meeting, Facebook acquired one of the biz-dev side participants, Face.com.

It’s clear that after meetings and summits, even with good intentions for privacy protections, regulators like the FTC are merely only still on the outside looking in.

Ties between video profiling in private and government sectors more murky than ever

Back in July at a Senate Judiciary subcommittee hearing Senator Al Franken said, “Facebook may have created the world’s largest privately held database of face prints without the explicit knowledge of its users.”

Franken continued to link the holes in citizen protections and stressed implications with the then-new Federal Bureau of Investigation facial-recognition pilot program.

Franken stated that any law-enforcement gains from the program could come at a high cost to civil liberties. “The FBI pilot could be abused to not only identify protesters at political events and rallies, but to target them for selective jailing and prosecution, stifling their First Amendment rights,” he said.

Think about the implications of facial recognition profiles on social media sites along with current trends in cybersecurity legislation hysteria.

Remember CISPA? The surveillance bill would have given Homeland Security a backdoor pass to access your email, private information and social network data without a warrant or notice if it fit into a plan to stop “cybersecurity” threats. CISPA would have made it so that Facebook would be completely unrestricted (say, by your rights) to cooperate with Homeland Security to the fullest extent.

Just in the past few weeks, information has surfaced from a Wikileaks leak of private intelligence documents that the purpose of a surveillance product called TrapWire is to combine various intelligent surveillance technologies with tracking and location data, individual profile histories from various sources (datamining and social media), and image data analysis (such as facial recognition; TrapWire’s video component) to monitor people under the guise of threat detection.

TrapWire is a commercial product sold to and implemented by private entities, the US Government “and its allies overseas.”

Too little FTC, too late?

Facial recognition technologies are no longer held back from commercial sectors by high costs and poor accuracy and are quickly becoming directed at recording faces in public places and business establishments, rather than only online.

The FTC had impressed the point that the avenue of interest for “Face Facts” would solely address commercial uses and does not address the use of facial recognition technologies for security purposes or by law enforcement or government actors.

Right now there is nothing that requires any private entity to provide the individual with notice that facial recognition information is being collected, or the duration of the period in which the information will stored, or used.

There is nothing preventing private entities (businesses, app developers, data brokers or advertisers) from selling, trading, or otherwise profiting from an individual’s biometric information – or from disclosing or disseminating the information without obtaining the individual’s consent or pursuant to a valid warrant or subpoena.

It will be interesting to see how Facebook handles its newest privacy problem in Germany.

View Source

Well, now it is official. Mark Zuckerberg was not so smart after all, but just fronting for the CIA in one of the biggest Intelligence coups of all times.

But there remains one small problem, the CIA is not supposed to monitor Americans. I guess we will hear more on that soon from the lawyers once the litigation gets cranked up.

Personally I will be more interested in how this is going to effect the stock offering and shares as all Americans should own the entity that has been spying on them.

And then there are the SEC full disclosure regulations and penalties. It’s bonanza time for the lawyers.

Could the loophole the CIA used be that, ‘you aren’t being spied on if you are willingly posting everything a repressive regime would love to have on your Facebook account, with no threats, no family hostages, no dirty movies or photos that could be released?

Read more

In its first ever transparency report, Twitter reported Monday that the United States leads the pack when it comes to government demands for user data, having filed 679 requests in the first half of the year.

Worldwide, Twitter said it has received more government demands for data in the first six months of this year than all of last year.

In Twitter’s Transparency Report, it said it has complied with 75 percent of user-data disclosure demands by producing “some or all information” requested by U.S. authorities. Globally, the average was 63 percent.

Data previous to 2012 was not available. Twitter said it notifies its users of government demands “unless prohibited by law.”

The closest country behind the United States was Japan, which lodged 98 requests with a 20 percent Twitter compliance rate. The United Kingdom and Canada came in with 11 requests, with an 18 percent compliance rate. All of the other countries in the 23-nation Twitter report registered with less than 10 government demands.

“We’ve received more government requests in the first half of 2012, as outlined in this initial dataset, than in the entirety of 2011,” Twitter said on its blog.

The disclosure follows Google’s lead — nearly two years ago, when the search giant turned heads by publishing a treasure trove of data surrounding government demands for user data, in addition to information on the number of takedown notices connected to copyright infringement.

“Wednesday marks Independence Day here in the United States. Beyond the fireworks and barbecue, July 4th serves as an important reminder of the need to hold governments accountable, especially on behalf of those who may not have a chance to do so themselves,” Twitter said.

The Twitter report came the same day a New York state judge ordered the San Francisco-based microblogging site to divulge the tweets and account information allegedly connected to an Occupy protester.

Twitter did not say whether, at least in the United States, the authorities presented probable-cause warrants for user data. Manhattan Criminal Court Judge Matthew A. Sciarrino Jr.’s ruling Monday did not require local prosecutors to have probable cause to get the tweets and accompanying account information of an Occupy protester.

The company, however, listed a few reasons why it does not acquiesce to all government-issued, user-data requests.

“We do not comply with requests that fail to identify a Twitter user account. We may seek to narrow requests that are overly broad. In other cases, users may have challenged the requests after we’ve notified them,” Twitter said. Most famously, Twitter successfully fought to allow individuals being investigated for their connections to WikiLeaks to challenge requests for their Twitter data.

In a separate reporting category, Twitter said it received 3,378 requests to remove copyrighted material from Twitter in the United States for the first half of the year. The Digital Millennium Copyright Act requires internet service providers to remove works, at the copyright holder’s request, to avoid legal liability.

Overall, Twitter said it removed 38 percent of the material specified in the takedown requests. Among other reasons, Twitter said it does not comply with all requests because sometimes they “fail to provide sufficient information” or were “misfiled.”

Twitter also reported that it did not comply with any of the handful of requests from France, Greece, Pakistan, Turkey and the United Kingdom to remove content that is illegal in those nations.

Twitter’s not the first to follow Google’s transparency lead – Dropbox, LinkedIn, SpiderOak and SonicNet beat Twitter to it.

Among those who ought to be next: Facebook, AT&T, Verizon, Sprint, Yahoo, Comcast, Time Warner Cable, and Microsoft.

Read more

As businesses, public agencies and colleges continue to request social media account user names and passwords from students and job seekers, two Bay Area lawmakers are pushing bills to stop the practice.

Yesterday, the Assembly Judiciary Committee unanimously approved Senate Bill 1349, authored by state Sen. Leland Yee, D-San Francisco/San Mateo, that prohibits public and private colleges and universities in the state from requesting the information.

Today, the Senate Labor and Industrial Relations Committee will consider Assembly Bill 1844, authored by Assemblywoman Nora Campos, D-San Jose.

The Campos bill specifically prohibits businesses from requesting social media user names and passwords.

Lawmakers are crafting similar bills in states across the country.

In late March, however, a proposed Facebook user protection amendment was shot down by the U.S. House of Representatives.

The amendment to the Federal Communications Commission Process Reform Act of 2012 would have allowed the FCC to stop any employers from seeking the confidential information.

Facebook officials would not comment on the two new California bills yesterday but pointed to a statement made by Erin Egan, the company’s chief privacy officer, back in March after the House voted against the Facebook user protection amendment.

“This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability,” Egan wrote in a statement.

The most alarming practice is the reported incidents of employers asking prospective or actual employees to reveal their passwords, Egan wrote.

Facebook users should never have to share their password or let anyone access their accounts, she wrote.

The increase in reports of employers asking for inappropriate access to accounts is distressful to the company, she wrote.

In California, Yee and Campos are co-authoring each other’s bills.

“These social media outlets are often for the purpose of individuals to share private information — including age, marital status, religion, sexual orientation and personal photos — with their closest friends and family,” Yee wrote in a statement. “This information is illegal for employers and colleges to use in making employment and admission decisions and has absolutely no bearing on a person’s ability to do their job or be successful in the classroom.”

The two California bills would also prohibit employers and colleges from demanding personal email addresses and login information of employees, applicants and students.

SB 1349 will be considered by the Assembly Higher Education Committee next week.

Read more

Facebook estimates that as of December 31, 2011, false or duplicate accounts represented approximately 5-6% of monthly active users, but also stated, “This estimate is based on an internal review of a limited sample of accounts and we apply significant judgment in making this determination, such as identifying names that appear to be fake or other behavior that appears inauthentic to the reviewers. As such, our estimation of false or duplicate accounts may not accurately represent the actual number of such accounts.”

Why would anyone set up a fake Facebook account?

To steal your clients or potential clients. To squat on your name or brand. To post infected links while posing as legitimate individuals or businesses. To offer deals with links to spoofed websites in order to extract credit card numbers. To damage your name or brand. To harass you or someone you know. To co-opt a name or brand that has leverage in order to obtain privileged access.

Social media websites could go a long way in protecting their users by incorporating device reputation management. Rather than relying solely on information provided by a user (who could be an impersonator), device reputation goes deeper, identifying the computer or other devices being used, so that known scammers and spammers are exposed immediately, and potentially threatening accounts are denied and users abused.

Read more

Facebook has apparently become the new “lipstick on your collar.”

Twenty percent of divorces involve Facebook and 80 percent of divorce lawyers have reported a spike in the number of cases that use social media for evidence, according to a survey by the American Academy of Matrimonial Lawyers.

It’s so common that there’s a website dedicated to Facebook cheating.

FacebookCheating.com’s founder says he started the site after his now ex-wife had an affair with an old flame she re-ignited on Facebook.

The site is an outlet that gives tips on how to catch a cheating spouse in the age of social networks and heartbreaks across the Web.

“Facebook has ruined my marriage of almost 20 years,” a man wrote on another support group website, marriagehelper.com. “My wife ‘reconnected’ with old boy friends and even started innocently flirting with a stranger.”

Stories of infidelity posted on such websites illustrate how the social media network has helped to reconnect former lovers.

Even celebrities are not immune.

Actress Eva Longoria has said that husband Tony Parker strayed with a woman he kept in touch with on Facebook early in their marriage.

Indeed, real-life desperate housewives have discovered that opportunities to cheat aren’t sitting at the next barstool but a keystroke away.

Couples Led Astray

Marriage counselor Terry Real said he believes that Facebook can provide a sort of fantasy for a cheating spouse.

“There is nothing more seductive than the ‘one that got away’ fantasy is always better than someone who’s up to her eyeballs in bills and diapers,” he said.

The Rev. Cedric Miller, a pastor in New Jersey, made headlines recently when he called Facebook a “portal to infidelity” and told his parishioners to delete their accounts after 20 couples confessed that Facebook led them astray.

Miller himself took a leave of absence because of his own (non-Facebook) sexual transgressions. He later admitted to having a three-way sexual relationship in the past.

A connection is made and it starts out platonic and can later turn into something more. But such connections cannot solely be blamed on Facebook, therapists say.

“Before it was e-mail, then before that it was the phone,” Real said. “The problem is not Facebook, it is the loss of love in your marriage.”

Read more