Pluralistic: 14 Jul 2021


Today's links



An eye peeking through a keyhole set into a rusty steel door. The door has a Matrix waterfall effect superimposed over it. The eye's pupil has been replaced by the HAL9000 red eye from 2001: A Space Odyssey. The center of the pupil has a Facebook thumbs-up/like icon in it.

Facebook employees stalk users (permalink)

In Sheera Frenkel and Cecilia Kang's "An Ugly Truth: Inside Facebook's Battle for Domination," the authors recount the company's long history of insider threats in which employees (mostly men) used the company's tools to stalk people (mostly women).

https://www.harpercollins.com/products/an-ugly-truth-sheera-frenkelcecilia-kang

The stalking targets included both strangers and intimate partners – for example, an engineer used FB's tools to locate his partner after she fled their shared vacation hotel room in order to "confront her."

https://www.businessinsider.com/facebook-fired-dozens-abusing-access-user-data-an-ugly-truth-2021-7

Another FB engineer stalked a woman who didn't return his messages after a date, accessing years of private messages and photos, including photos that his target believed she had permanently deleted, but which Facebook had secretly retained.

All told, Facebook fired 52 employees for data abuses between Jan 2014 and Aug 2015, after a policy change eliminated many access safeguards in the name of eliminating "the red tape that slowed down engineers."

In other words, Facebook was in a situation in which its users' interests were at odds with its shareholders. By eliminating protections for its users, it allowed its engineers to work more efficiently, and increased its profits.

These kinds of conflicts – between shareholder and stakeholder interests – are the norm in business. Think of a busy retailer that cuts its cashiers: reducing payroll costs increases profits, at the expense of worker stress and longer waits for customers.

The question of how much value can be shifted from employees and customers to shareholders isn't really an economic one – it's really a policy question.

If we have strong labor laws – protecting cashiers from undue stress, extending unemployment benefits to workers who quit bad jobs, protecting workers from non-compete clauses, separating health-care from employment – then a business that screws its cashiers will lose them.

Meanwhile, the balance between customers' interests and shareholders' is likewise a creature of policy. If a retailer is the only game in town – if it's a Walmart that used predatory pricing to create a retail desert – then they can force customers to wait in longer lines.

Or if the business has a regulated monopoly – a patent, a trademark or some other exclusive right that makes it the only game in town (say, the sole right to sell snacks in an airport), it can shift more value from customers to shareholders before the customers walk away.

Facebook – and other tech monopolists – have engineered a world where they get to side with shareholders over users, again and again, to the users' great detriment, without losing those users.

Economic analysis of tech monopolies focuses on "network effects" – the way more users make Facebook more valuable (you join FB because your friends are there, more friends sign up because you're there).

Taken on their own, network effects are cause for despair, predicting that tech will produce "natural monopolies" – an inevitable winner-take-all market. But that's obviously not true – I'm not typing this on a Cray or using Altavista to look up facts while I do.

Far more important than network effects for antimonopoly analysis is switching costs – the things you give up when you quit a service. In FB's case, quitting means leaving behind your friends, communities and customers.

Now, this needn't be the case. You can switch phone companies or email providers without shattering your social connections. FB has engineered a high switching cost, blocking other services from connecting to it.

After all, the more you stand to lose by leaving FB, the worse FB can treat you before you're willing to leave. Zuck didn't abolish the safeguards that protected us from rogue FB employees because he's nosy – he did it because it's profitable.

He was betting (probably correctly) that no matter how unhappy the ensuring scandals made his users, it wouldn't make so many of them unhappy enough to quit that the losses would outweigh the gains from exposing us to predatory Facebookers.

Which is why proposals like the ACCESS Act, currently working its way through Congress, are such a big deal. It's a law that would force FB to let third parties plug into it, so you could leave FB but stay in touch with the people who stay behind.

https://www.eff.org/deeplinks/2021/06/new-access-act-good-start-heres-how-make-sure-it-delivers

In response to this (and the EU's Digital Markets and Digital Services Act), FB (and some lawmakers) warned that allowing third parties to connect to monopoly platforms would expose users to privacy risks, by reducing tech companies' control over their services.

There's an element of truth to this, but left unsaid is that reducing the switching costs for leaving Facebook will protect users from Facebook.

When FB says that it needs total control over its servers or Cambridge Analytica will steal our data, we have to remember that FB already let Cambridge Analytica steal our data.

When FB gutted its internal controls to increase profitability by decreasing user protections, senior employees went to Mark Zuckerberg to warn him against it. Alex Stamos, then FB's then-CSO, reportedly strenuously objected, but was personally overruled by Zuck.

Like many sociopathic business-leaders Zuck is not swayed by arguments about the immorality of otherwise profitable conduct – but he is responsive to arguments about business-losses arising from his abusive behavior. Money talks, bullshit walks.

If the argument against loosening controls over employee access to user data had been, "We will lose ten million users per month to an upstart interoperator for so long as we do this," THAT might have stayed Zuck's hand. Unlike ethics, user-loss is a factor he cares about.

Contacted by Insider's Sarah Jackson, an anonymous FB spokesperson (literally the only kind of person FB allows anonymity to!) said "We've always had zero tolerance for abuse and have fired every single employee ever found to be improperly accessing data."

But that's a dodge. "Zero tolerance" isn't the same as "top priority." If FB wants to prioritize preventing employees from stalking users, it would collect less data from users, delete data as quickly as possible, and put very strict barriers between employees and data.

If preventing stalking was FB's top priority, it would collect no data, and/or never let employees access it. Obviously, FB won't do that. it will always have to balance its users' privacy and safety against its shareholders' interests.

I am skeptical that FB will ever be a trustworthy guardian of its users' safety and privacy. I don't think the problem is that Mark Zuckerberg is the wrong self-appointed czar of 3B peoples' lives – I think the problem is that no one should have that job.

But if you disagree – if you want to fix, rather than abolish, Facebook – then you need to figure out which policies will tip the balance in favor of the public interest.

Policies like interoperability impose immediate, meaningful, concrete costs on FB every time it sides against the public and with its shareholders. If you're worried that interop will expose FB users to rogue companies or state actors, then regulate who can connect to FB.

But don't leave that up to FB. FB will side with shareholders over users whenever it's profitable to do so. Putting FB in charge of interoperability shifts that balance dramatically in favor of shareholders and against the public.

(Image: Cryteria; John Lodder; Denis Defreyne, CC BY, modified)



This day in history (permalink)

#20yrsago Spam blacklist MAPS starts charging for access https://slashdot.org/story/01/07/13/0513251/last-month-for-free-maps

#20yrsago Original Hotwired guidelines https://web.archive.org/web/20010722002246/http://www.freedonia.com/~carl/#2001.06.12

#5yrsago North Carolina adopts the nation’s worst police bodycam law https://abc11.com/1422569/

#5yrsago Vivendi lobbyist appointed to run copyright for UN agency https://web.archive.org/web/20160717052135/https://www.keionline.org/node/2614

#5yrsago The long, racist history of Brexiteer Boris Johnson, the new UK Foreign Secretary https://www.bbc.com/news/world-36792746

#5yrsago It’s official: the Olympics result in the worst budget overruns of any megaproject https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2804554

#5yrsago America’s infrastructure debt is so bad that towns are unpaving roads they can’t afford to fix https://www.wired.com/2016/07/cash-strapped-towns-un-paving-roads-cant-afford-fix/

#5yrsago UK Labour’s dirty trick excludes 130,000 members from leadership vote https://www.itv.com/news/2016-07-12/corbyn-opponents-try-to-fix-vote

#5yrsago For the first time, a federal judge has thrown out police surveillance evidence from a “Stingray” device https://www.rawstory.com/2016/07/federal-judge-throws-out-evidence-gathered-with-stingray-cell-phone-tracker/

#5yrsago The US has spent $122B training foreign cops and soldiers in 150+ countries, but isn’t sure who https://theintercept.com/2016/07/13/training/

#5yrsago Security researchers: the W3C’s DRM needs to be thoroughly audited https://www.eff.org/deeplinks/2016/06/call-security-community-w3cs-drm-must-be-investigated

#1yrago Privacy as a right, not a product https://pluralistic.net/2020/07/13/youre-still-the-product/#privacy-not-a-luxury

#1yrago Don't talk about cancer on FB https://pluralistic.net/2020/07/13/youre-still-the-product/#targeting

#1yrago California goes antitrust on Google https://pluralistic.net/2020/07/14/poesy-the-monster-slayer/#feeling-lucky-punk

#1yrago Big Oil can have you locked up https://pluralistic.net/2020/07/14/poesy-the-monster-slayer/#privilege-private-law

#1yrago Target workers strike over chickenization https://pluralistic.net/2020/07/14/poesy-the-monster-slayer/#stay-on-target

#1yrago Artists vs tax havens https://pluralistic.net/2020/07/14/poesy-the-monster-slayer/#moneylab

#1yrago Catalan politician hacked with NSO Group malware https://pluralistic.net/2020/07/14/poesy-the-monster-slayer/#catalunya

#1yrago Poesy the Monster Slayer https://pluralistic.net/2020/07/14/poesy-the-monster-slayer/#poesy



Colophon (permalink)

Currently writing:

  • Spill, a Little Brother short story about pipeline protests. Yesterday's progress: 259 words (10223 words total)

  • A Little Brother short story about remote invigilation. PLANNING

  • A nonfiction book about excessive buyer-power in the arts, co-written with Rebecca Giblin, "The Shakedown." FINAL EDITS

  • A post-GND utopian novel, "The Lost Cause." FINISHED

  • A cyberpunk noir thriller novel, "Red Team Blues." FINISHED

Currently reading: Analogia by George Dyson.

Latest podcast: Tech Monopolies and the Insufficient Necessity of Interoperability https://craphound.com/news/2021/07/12/tech-monopolies-and-the-insufficient-necessity-of-interoperability/
Upcoming appearances:

Recent appearances:

Reset the Internet? (Project Syndicate)
https://www.project-syndicate.org/podcasts/reset-the-internet

Latest book:

Upcoming books:

  • The Shakedown, with Rebecca Giblin, nonfiction/business/politics, Beacon Press 2022

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Medium (no ads, paywalled):

https://doctorow.medium.com/

(Latest Medium column: "Are We Having Fun Yet?" part one of a series on themepark design, queing theory, immersive entertainment, and load-balancing. https://doctorow.medium.com/b-are-we-having-fun-yet-part-i-4c7ef0ce9ee5)

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla