Ctrl + N
House Democrats are pressing Facebook on the privacy protections it has in place for people who share sensitive health information in forums for group discussion on the site.
House Energy and Commerce Chair Frank Pallone Jr. (D-N.J.) and Rep. Jan Schakowsky (D-Ill.) sent a letter to Mark Zuckerberg on Tuesday asking him for a staff briefing about whether Facebook is “misleading” users about the nature of “closed groups.” These groups are listed publicly but only allow invited or approved social media users to see discussions inside the forum.
The lawmakers are concerned about health information people may have shared in closed groups that are labeled as “anonymous” — implying a certain level of privacy in spaces devoted to discussing deeply personal issues, such as substance abuse or sexual assault.
“Despite the indications that the groups were private and anonymous, people and companies who should not have been admitted to these groups gained access to them and to lists of group members,” the lawmakers wrote. “People used the member lists and other information from these groups to target and harass members of the groups.” Pallone and Schakowsky, who chairs the Subcommittee on Consumer Protection and Commerce, also said that insurance companies that gain access to this data could use it in making decisions about offerings.
So much of the privacy debate focuses on what data the companies seek to collect from users. But these lawmakers are spotlighting just how much sensitive data — including medical details — social media companies have on their platforms that's freely offered up by users themselves. Determining the right kind of protection for this kind of data could be a particularly tough challenge for lawmakers as they work toward crafting privacy legislation this Congress.
Meg Marshall, an executive at health information technology company Cerner, said:
If you aren't paying attention to this, you're going to miss a major policy movement of the next 18 months. https://t.co/RrDl6BLQ1H— Meg Marshall (@MegMarshallHIT) February 19, 2019
In the letter, lawmakers signaled that Facebook needs to be more transparent with users, especially about who can access deeply personal information they post online.
"Labeling these groups as closed or anonymous potentially misled Facebook users into joining these groups and revealing more personal information than they otherwise would have," the lawmakers wrote. "And Facebook may have failed to properly notify group members that their personal health information may have been accessed by health insurance companies and online bullies, among others.”
Pallone and Schakowsky sent the letter to Facebook in response to a complaint filed to the Federal Trade Commission, which was first published this week. The complaint, initially filed in December, says Facebook "deceptively solicited" patients to use its Groups feature to discuss health issues. The security researcher and health advocates who filed the complaint say Facebook has marketed this product as a "personal health record."
The privacy concerns surrounding Facebook's health-related Groups first got attention over the summer, when CNBC reported Facebook closed a loophole that allowed third parties to discover the names of members in closed groups. Before the change, the leader of a private group for women with BRCA, a gene mutation that indicates a higher likelihood of breast cancer, discovered that marketers had been using a web extension to siphon off group members' names and other personal information. Facebook said at the time that the change was not a result of that group's complaints.
Facebook defended itself Tuesday night, making the case that users know what they're signing up for when they join groups.
"Facebook is not an anonymous platform; real-name identity is at the center of the experience and always has been," the company said in a statement. "It's intentionally clear to people that when they join any group on Facebook, other members of that group can see that they are a part of that community, and can see the posts they choose to share with that community. There is value in being able to know who you’re having a conversation with in a group, and we look forward to briefing the committee on this.”
The issue of storing sensitive data could only become bigger as Big Tech eyes business opportunities in health and wellness. Companies such as Amazon and Google are increasingly investing in services ranging from a digital pharmacy to fitness tracking. But as the companies face a wide range of questions about their existing privacy practices, these new services could open a Pandora's box of new issues.
Facebook itself was exploring a broader push into healthcare, and it even pursued data-sharing partnerships with top medical groups and hospitals, according to a report last year from CNBC. However it backed off those plans last year in the fallout of other privacy controversies, saying that it needed to "focus on other important work, including doing a better job of protecting people's data and being clearer with them about how that data is used in our products and services."
Facebook is facing mounting scrutiny for a range of privacy controversies. Currently the company is in early negotiations with the FTC for a multi-billion-dollar fine following the Cambridge Analytica scandal, in which a political consultancy collected sensitive data about Facebook users without their consent. Any settlement the company reaches will likely come with a new order that could require the company to submit to more regular privacy checkups.
|You are reading The Technology 202, our guide to the intersection of technology and politics.|
|Not a regular subscriber?|
BITS: Microsoft has identified another Russian government-affiliated operation targeting think tanks that have been critical of Russia, according to my colleagues Elizabeth Dwoskin and Craig Timberg. It's the second such finding the company has made in the last six months.
“The 'spear-phishing' attacks — in which hackers send out phony emails intended to trick people into visiting websites that look authentic but in fact enable them to infiltrate their victims’ corporate computer systems — were tied to the APT28 hacking group, a unit of Russian military intelligence that interfered in the 2016 U.S. election," my colleagues wrote. "The group targeted more than 100 European employees of the German Marshall Fund, the Aspen Institute Germany, and the German Council on Foreign Relations, influential groups that focus on transatlantic policy issues.”
The attacks took place over the last three months of 2018, and they come ahead of Europe's parliamentary elections in May. “The attacks we’ve seen recently, coupled with others we discussed last year, suggest an ongoing effort to target democratic organizations,” Microsoft said in a blog post. “They validate the warnings from European leaders about the threat level we should expect to see in Europe this year.”
NIBBLES: YouTube is updating its penalties for creators who breach the platform's Community Guidelines, TechCrunch's Sarah Perez reported. The company wants to make its strike system more transparent and consistent for content that violates the platform's rules such as graphic content or threats. “With today’s changes, all strikes will now carry the same punishment: a temporary ban from YouTube activity, with the length of time increasing with the strikes,” TechCrunch reported.
YouTube also said that starting on Feb. 25, it will issue a one-time warning when a creator posts content that runs afoul of its rules for the first time, as Perez noted. The warning will not carry any penalty but the content will have to be removed. The company said in a blog post that the warning aims to give creators an opportunity to learn more about the rules. “This is to make sure everyone takes the time to learn about our Community Guidelines, and then can quickly get back to creating great content and engaging with their audience in a way that complies with our rules,” YouTube said.
BYTES: Twitter said it is expanding an initiative to make political advertising more transparent on its platform in the European Union, India and Australia, the Hill's Emily Birnbaum reported. Advertisers who want to publish political ads on Twitter in those countries will have to first go through a certification process — the changes are set to take effect on March 11. Twitter also said that people will be able to look up information about ads that endorse a candidate or a political party.
“The tools will allow users to browse the billing information, demographic targeting and ad spending details behind each political advertisement,” the Hill reported. “It will also require political advertisers to prove that they are not a foreign entity seeking to interfere in regional elections.”
The company has also assembled a team to help protect the integrity of the E.U. election that is set to be held in May, Karen White, director of public policy for Europe at Twitter, said in a blog post. “Using our proprietary-built internal tools, the team will proactively protect the integrity of regional trends, support partner escalations, and identify potential threats from malicious actors,” White said.
Our @policy team in Europe will also be ramping up its engagement with political parties, groups and candidates over the coming weeks and months. This work will include Twitter trainings, distributing resources, and amplifying voter engagement campaigns.— Karen White (@karenwhite) February 19, 2019
— Ren Zhengfei, the founder of Chinese telecommunications giant Huawei Technologies, denied in an interview on “CBS This Morning” that the company shares information with Chinese authorities, according to The Washington Post's Hamza Shaban. “Asked whether his company’s hardware has built-in vulnerabilities to enable government spying, perhaps without his knowledge, he said, ‘It is not possible because across our entire organization we have stressed once and again that we will never do that,’” Hamza reported.
— More technology news from the private sector:
-- A database that was left unprotected online revealed the extent of China's efforts to monitor its own population via facial recognition technology in the western region of Xinjiang, the Associated Press's Yanan Wang and Dake Kang reported. Victor Gevers, a Dutch cybersecurity researcher, found that the exposed database contained information including names, birth dates and places of employment on more than 2.5 million people in the region. “The database Gevers found appears to have been recording people’s movements tracked by facial recognition technology, he said, logging more than 6.7 million coordinates in a span of 24 hours,” the AP reported.
— Cisco said in a report that U.S. policies have given the United States a strong position in the race to dominate 5G wireless networks, The Post's Brian Fung reported. The development of 5G is expected to make download speeds faster and help boost new technology including self-driving vehicles. “The U.S. has made a good start in changing policies to support the deployment of 5G, and as we look around the rest of the world, policy changes of the type we’ve seen here in the U.S. have not yet happened,” said Mary Brown, senior director of government affairs at Cisco, according to my colleague. “We do expect that’s going to be changing over the next 12 to 18 months, and so the race to 5G is very real.”
— President Trump signed a policy directive laying out a plan to create a Space Force, The Post's Dan Lamothe reported. The document directs the Defense Department to come up with legislation for Congress that would establish the Space Force within the Air Force Department. “The move appears to mark a rhetorical and political compromise: While the Trump administration will continue to call the new service the Space Force, it will more closely resemble a previous proposal on Capitol Hill for a smaller Space Corps that does not have a new, separate service secretary appointed by the president,” Dan wrote.
— More technology news from the public sector:
— A digital advocacy group wants to support employees of tech companies who seek to speak out against “unethical tech,” the Guardian's Sam Levin reported. The group Fight for the Future launched a campaign that features ads on social media that are directed at tech workers. “A new website, SpeakOut.Tech, encourages workers to safely leak information and organize their colleagues and includes a video ad that the group is promoting by using the micro-targeting ad features of Facebook and Google,” according to the Guardian.
The SpeakOut.Tech website says workers should ask themselves whether the products that they are working on could potentially cause harm to people. “Does the product you’re building have the ability to unfairly target communities of color, endanger families seeking asylum, or expose survivors of abuse?” says a message on the site.
— More news about tech workforce and culture:
— Tech news generating buzz around the Web:
— Natalie Gillam McLaughlin is joining TechNet, a network of tech executives, as director of communications, according to a news release from the group.
— News about tech incidents and blunders:
— Today in funding news:
- The Woodrow Wilson Center holds an event on China’s development of new-energy vehicles tomorrow.
- Senate Commerce Committee hearing on “policy principles for a federal data privacy framework” on Feb. 27.
- The Cato Institute holds a conference titled “Who’s afraid of Big Tech?” on March 1.
- The Center for Strategic and International Studies holds an event on “digital governance and the pursuit of technological leadership” on March 4.
Trump wishes Bernie Sanders “well” in 2020 run:
The controversies of Karl Lagerfeld on and off the catwalk:
Why are people up in arms over “Green Book”?