Play Live Radio
Next Up:
0:00
0:00
Available On Air Stations
KPBS Midday Edition

Attorneys General Demand Answers From Facebook

California Attorney General Xavier Becerra in an undated photo.
House Democratic Caucus
California Attorney General Xavier Becerra in an undated photo.
Attorneys General Demand Answers From Facebook
Attorneys General Demand Answers From Facebook GUEST: Dan Eaton, partner, Seltzer Caplan McMahon Vitek

Our top story a midday addition, California has joined 36 states in demanding more answers from Facebook about the safety of users personal information. Javier Becerra signed onto a letter asking why Facebook users personal data was provided to third parties without their knowledge or informed consent. Recently reports revealed that information from at least 50 million profiles were given to third party software developers and may have been manipulated by the company Cambridge analytic up. Joining me is legal analyst Dan Eaton. What are California Attorney General Becerra and other agencies asking for from Facebook. They are asking specific questions. Among the questions they are asking includes did the third party software developers violate the scope in terms of Facebooks owns user policies. And where those terms and services user policies efficiency clear to the average user so they knew what they were doing even if the third parties complied with Facebooks turns of services. They are asking the kinds of questions basically did Facebook do enough to guard its users privacy based on what users understood they were disclosing and making available in their use of the platform. Struck this letter is not threatening legal action. You say yes. >> I am sorry to interrupt you. It is clear from the letter that these attorney generals are saying well we care a lot about protecting the privacy of our residents information. One specific answer to this question is to see if you had safeguards in place with respect to user privacy. If the problem is with the software developers, okay. That is one thing. Did Facebook do enough to audit these developers practices and could they have done more to clarify their terms of services, audit the developers use of information that was disclosed, and a variety of other things to prevent this from happening. We realized this was not a data breach at such. Facebook contends that it was a breach by the software developer of its contract with Facebook. The software developers use this information to which they received assets from Facebook. >>> A lot of this controversy revolves around whether or not Facebook users gave informed consent for this data to be used in any particular way. What does it mean to give informed consent? >> Informed consent means you're giving consent understanding the scope of the consent. Informed consent can be given by signing a document or pressing yes I agree on a particular screen with respect to the terms and conditions of a user that Facebook imposes. Informed consent can mean that you have given consent to the use of your data even if you have not scrolled down and read all of the terms that the platform is insisting that you agree too. That is one of the issues. The question here is whether the existing terms and conditions that Facebook had to which users agreed even allowed the software developers to do what they did with this information. If they did not, Facebook may have a claim against the software developers in addition to potential legal liability that Facebook itself might save that school face. >>> How is what this letter or the subsequent legal action by these attorneys general, are they going to be asking for the same information ? >> They will ask for similar information. The states attorney general has overlapping jurisdiction to the FTC. With the FTC is concerned about is whether Facebook violated the terms of the 2011 settlement agreement that Facebook reached the promised they would not release information to third parties. Facebook would not release information to third parties without the informed consent of the user. The question is whether this whole thing violated the terms of the settlement agreement that Facebook reached. If it did, Facebook is potentially facing several thousands of dollars may be hundreds or millions of dollars in fines as a result of violating the terms of this consent agreement Facebook reached with the FTC. >>> I have been speaking with attorney Dan Eaton. Thank you, Dan. >> Thank you, Maureen.

The chief law enforcement officers for 37 U.S. states and territories are demanding to know when Facebook learned of a huge breach of privacy protections.

The officers say in a letter Monday to CEO Mark Zuckerberg that users' trust in the social media platform is "broken."

The attorneys general are asking how Facebook monitored what these developers did with all the data they collected and whether Facebook had safeguards to prevent misuse.

They also asked Zuckerberg for an update on how Facebook will allow users to more easily control the privacy of their accounts.

Cambridge Analytica, a political data-mining firm, is accused of lifting data from some 50 million Facebook users to influence voters in the 2016 elections.

The Federal Trade Commission is also investigating Facebook's privacy practices. Facebook's stock, which already took a big hit last week, plunged as a result.

Tom Pahl, acting director of the FTC's Bureau of Consumer Protection, said the probe would include whether the company engaged in "unfair acts" that cause "substantial injury" to consumers.

Facebook's privacy practices have come under fire after revelations that Cambridge Analytica got data on Facebook users, including information on friends of people who had downloaded a psychological quiz app, even though those friends hadn't given explicit consent to sharing. Facebook is also facing questions over reports that it collected had years of contact names, telephone numbers, call lengths and information about text messages from Android users.

Facebook said in a statement on Monday that the company remains "strongly committed" to protecting people's information and that it welcomes the opportunity to answer the FTC's questions. News outlets reported on the FTC investigation last week, but the FTC hadn't confirmed it until Monday. Facebook reached a settlement with the FTC in 2011 offering privacy assurances.

Facebook said Sunday that this information is uploaded to secure servers and comes only from people who gave explicit consent to allow it. Officials say the data is not sold or shared with users' friends or outside apps. They say the data is used "to improve people's experience across Facebook" by helping to connect with others. But the company did not spell out exactly what it used the data for or why it needed it.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, believes Facebook was in violation of the 2011 settlement in letting Cambridge Analytica harvest data on friends of Facebook users.

"This is what Facebook was doing 10 years ago that people objected to, what the FTC should have stopped in 2011," Rotenberg said. "It makes zero sense that when a person downloads their apps, they have the ability to transfer the data of their friends."

Although Zuckerberg talked about changes in 2014 that would have prevented this, Rotenberg said it should have been banned already under the 2011 consent decree. He said the FTC had dropped the ball in failing to enforce that.