Policy

The FTC hits back at Facebook after it shut down NYU research

"I am disappointed by how your company has conducted itself in this matter," Samuel Levine, acting director of the Bureau of Consumer Protection wrote in a letter to Mark Zuckerberg.

Facebook logo

Facebook logo

Photo: Chesnot/Getty Images

In a letter to Mark Zuckerberg Thursday, the Federal Trade Commission's acting director for the Bureau of Consumer Protection said Facebook should not "use privacy" as "a pretext to advance other aims," after Facebook shut down the accounts of a team of researchers who were studying political ads on the platform. Facebook said the researchers had violated the company's terms of service which prohibit scraping.


"I write concerning Facebook's recent insinuation that its actions against an academic research project conducted by [New York University's] Ad Observatory were required by the company's consent decree with the Federal Trade Commission," Acting Director Samuel Levine wrote in the letter. "As the company has since acknowledged, this is inaccurate."

On Wednesday, Facebook published a blog post saying that it had taken actions against researchers associated with the NYU Ad Observatory project "to stop unauthorized scraping and protect people's privacy in line with our privacy program under the FTC order." Facebook has since said the tool didn't explicitly violate the consent decree.

"While I appreciate that Facebook has now corrected the record, I am disappointed by how your company has conducted itself in this matter," Levine wrote.

The NYU Ad Observer tool is a browser extension that enables Facebook users to send information about why they've been targeted with an ad to the NYU researchers. Facebook alleges that the NYU researchers have been collecting data from users who never consented to having their data collected, including advertisers, as well as people who have interacted with those ads.

"From a privacy perspective, Facebook doesn't differentiate between information scraped about people who are advertisers and those who are not," a Facebook spokesperson said Thursday. "The data they were collecting was from users who did not consent to share data with NYU, such as first name, last name, user name, Facebook ID, and link to profile photo as just a few of the examples."

The Ad Observer team does not, however, publish data about people who have interacted with the ads. Third parties, including Mozilla, which has reviewed the open source tool, have called Facebook's claims about privacy problems "wrong."

Levine stopped short of saying whether Facebook made the right or wrong call, but chastised Facebook for not giving the FTC a heads up about the issue. "[T]he FTC received no notice that Facebook would be publicly invoking our consent decree to justify terminating academic research earlier this week," Levine wrote.

"Had you honored your commitment to contact us in advance, we would have pointed out that the consent decree does not bar Facebook from creating exceptions for good-faith research in the public interest."

Entertainment

'Never Have I Ever' is back for season 3, and more weekend recs

Don’t know what to do this weekend? We’ve got you covered.

Image: Netflix; FitXR; Knopf

This week is all about magic: “Light & Magic” on Disney+ takes us behind the scenes of Disney’s special effects unit; “The Swimmers” reminds us how magical life can be; and “Never Have I Ever,” Mindy Kaling’s Netflix comedy, invokes the magic of “Gilmore Girls,” but for Gen Z.

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

Sponsored Content

How cybercrime is going small time

Blockbuster hacks are no longer the norm – causing problems for companies trying to track down small-scale crime

Cybercrime is often thought of on a relatively large scale. Massive breaches lead to painful financial losses, bankrupting companies and causing untold embarrassment, splashed across the front pages of news websites worldwide. That’s unsurprising: cyber events typically cost businesses around $200,000, according to cybersecurity firm the Cyentia Institute. One in 10 of those victims suffer losses of more than $20 million, with some reaching $100 million or more.

That’s big money – but there’s plenty of loot out there for cybercriminals willing to aim lower. In 2021, the Internet Crime Complaint Center (IC3) received 847,376 complaints – reports by cybercrime victims – totaling losses of $6.9 billion. Averaged out, each victim lost $8,143.

Keep Reading Show less
Chris Stokel-Walker

Chris Stokel-Walker is a freelance technology and culture journalist and author of "YouTubers: How YouTube Shook Up TV and Created a New Generation of Stars." His work has been published in The New York Times, The Guardian and Wired.

Enterprise

CJ Moses is CISO at AWS, but service leaders own their own security

Moses, a former FBI tech leader and one-time AWS customer, thinks Amazon’s culture of ownership helps him secure AWS because executives are taught that they are directly responsible for the security of their services.

"That mental model, that starting from scratch building and continuing to do so and never wavering … that model is why we are the most secure."

Photo: AWS

AWS customers are used to hearing about the cloud provider’s “shared responsibility” model when it comes to security, which means that while AWS promises customers it won’t allow its servers and networks to be compromised, customers still have to do the work of securing their own applications. Inside the company, however, the buck stops with the head of each service offered by AWS.

“Service leaders are responsible for the profit/loss, success/failure and, most of all, the security,” said CJ Moses, AWS’ chief information security officer (CISO) since January. “There are no excuses or finger pointing, so leaders don’t leave security success to chance, but rather actively own it.”

Keep Reading Show less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Fintech

A shake-up could be coming for banks working with crypto

The OCC is facing calls to pull guidance allowing banks to conduct some crypto-related business.

Lawmakers including Sens. Elizabeth Warren and Bernie Sanders fear crypto could introduce systemic risk to banking without strict guardrails.

Illustration: Christopher T. Fong/Protocol

As efforts to pass federal crypto legislation are maybe, finally picking up steam in Washington, so, too, is the debate about how traditional banks should approach the sector.

A group of progressive senators including Elizabeth Warren and Bernie Sanders are calling on a federal banking regulator to pull Trump-era guidance that gives banks limited clearance to engage in crypto-related business.

Keep Reading Show less
Ryan Deffenbaugh
Ryan Deffenbaugh is a reporter at Protocol focused on fintech. Before joining Protocol, he reported on New York's technology industry for Crain's New York Business. He is based in New York and can be reached at rdeffenbaugh@protocol.com.
Entertainment

Making TV social is hard. Will Plex get it right?

Plex’s new “Discover Together” feature adds a social feed to the popular streaming app.

The company is adding a social feed that lets people share and discuss their viewing activity, ratings and watch lists.

Image: Plex

Media center app maker Plex is giving its users a new way to talk to each other: The company is adding a social feed in its app that lets people share and discuss their viewing activity, ratings and watch lists with friends.

The new feature makes Plex just the latest company looking to add a social networking layer on top of its streaming platform. Doing so requires walking a fine line between appealing to people’s willingness to share and valuing their privacy, all while actually improving the core service. It’s something other services in both music and TV have struggled with before, but Plex has a few built-in advantages over some of its competitors.

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

Latest Stories
Bulletins