> “The exceptionally broad nature of the Commission’s requests means we would be required to turn over predominantly irrelevant documents that have nothing to do with the Commission’s investigations, including highly sensitive personal information such as employees’ medical information, personal financial documents, and private information about family members of employees,” Facebook associate general counsel Tim Lamb said in a statement.
Why does FB even have employee medical information and personal financial records? I can sort of understand how they might inadvertently end up with small snippets of medical information via their HR process (e.g. Sally Software Engineer submits a request for maternity leave), but, other than possibly account numbers for stock accounts and deposit accounts, I'm scratching my head as to what they even mean by "medical information" and "personal financial documents."
"Why does FB even have employee medical information and personal finanacial records?"
You are assuming that they have this information. However their argument is that the search terms "could" retrieve such documents. There is nothing here that confirms they possess these purportedly irrelevant documents that would be produced given the current search terms.
Usually lawyers will redact personal, sensitive information before releasing the documents. In the US, some courts make this an obligation. Also, usually there are some search operators to limit the results of the search to usage of the terms only in certain contexts, e.g., like the ones used in Lexis and Westlaw.
It is a new level of irony, hypocrisy and cognitive dissonance to see an unregulated, privacy-destroying tech company whose core business requires ingesting personal information from hundreds of millions of people at an unprecedented scale try to argue that EU regulators, who are probably limited by statute in what they are authorised to do with the information they receive, should not have access to information for the purposes of investigating Facebook's activities.
Cognitive dissonance is an essential requirement to work in Wall St, the MIL complex, Exxon, big tobacco, the gambling industry etc etc. They all have their own stories about how it's okay to exploit weakness in people.
They all reach a stage where to survive they cannot break with their stories. Cognitive dissonance is par for the course.
Facebook by adding the Like button to the Internet is basically giving out free dopamine in exchange for attention that they exchange for $$$. It's a modern legal unregulated drug peddling empire.
And all empires collapse because of their cognitive dissonance.
> Cognitive dissonance is an essential requirement to work in
oh, boo. this is a sophomoric examination that does not do justice to the subject being critiqued.
cognitive dissonance has become a buzzword and its incorrect usage is exemplified here. those people aren't struggling with a value conflict, they just have different values than you do.
the path to togetherness, thoughtfull discussion, and mind-changing lies with honest recognition and good-faith debate, not name-calling.
> cognitive dissonance has become a buzzword and its incorrect usage is exemplified here. those people aren't struggling with a value conflict, they just have different values than you do
But maybe, just maybe, their values are incompatible with the values that build up a society. And here is where the cognitive dissonance starts.
> the path to togetherness, thoughtfull discussion, and mind-changing lies with honest recognition and good-faith debate, not name-calling.
That only works when all sides want this. I think it's pretty onbivous that any large corporation, doesn't want this kind of discussion. It mean admitting them doing a lot of cr*p in the name of profit.
Cognitive dissonance is a single person holding two contradictory views at once. A person holding views that contradict yours is not cognitive dissonance. "The values that build up a society" are not a universal truth.
That's actually incorrect. Cognitive dissonance means that someone's behavior, attitude or thoughts, beliefs are inconsistent. Or in other words someone participates in an action that goes against his beliefs, ideas, values. Which is exactly what the grandparent post refers to:
> They all have their own stories about how it's okay to exploit weakness in people.
This is definitely inconsistent and in contrast with almost all the above mentioned entities' mission statement and their corporate values.
In other words, beside my previous comment you missed the part of the discussion where we concluded (see the grandparent's post again) that both the value and the behavior originates from the same source.
This has nothing to do with an external third person's view.
You could argue in both directions actually, since they are part of society and they likely don't want to be held to the same standard as they treat their users. (still not necessarily a contradictory view, but it gets bendy)
However in general I do find cognitive dissonance badly used, since the experience of cognitive dissonance is usually the positive part, since you notice a problem in your view point. The resolution on the other hand ... So it would be better to just say contradiction and then it's obvious that one has to give a better explanation of it.
There's no need to have a good-faith debate with someone who has decided that my privacy is worth less than their salary. Those people should be punished. They can have good-faith debates with each other during their mandatory community service or what have you. That way they only waste each others' time.
Would you agree that a US Senator doubling down[1] that 'having slavery was a necessary evil[2] in order to get rid of it[3]' is correct usage of cognitive dissonance? How does it differ from the incorrect usage?
[2] I agree with him that it had been a necessary evil to form the original union. I disagree both that formation of that union was necessary, and that slave states joined the union with the intention of abolition.
[3] Luckily, like this senator, the confederate states and contemporary writers said why they seceded. Deepfakes are not an issue when people are willing to go "on the record" with their intent and state of mind.
====
As to "different values", I guess I can come up with some for the examples given above:
Exxon - We need oil profit now to fund later development of our green acquisitions
Wall St - Our arbitrages make the system more efficient for everyone else
the MIL complex - Our products only kill and maim baddies. Besides, we build them so we don't have to use them.
the gambling industry - If we were outlawed only criminals (and uncovered derivatives traders?) would gamble. Besides, people have a sure loss when they pay for other forms of entertainment. And we pay for cultural projects legislators don't want in their budgets!
big tobacco - There is controversy over long term costs, but in the short term smoking clearly demonstrates human mastery over fire. (besides, how are workers supposed to bond, and pace themselves, without the smoke break?)
However, the only clearly non-dissonant one I can come up with is "anything people pay me to do is by definition good."
> the MIL complex - Our products only kill and maim baddies. Besides, we build them so we don't have to use them.
Approximately no one thinks that in the military industrial complex. People are not dumb. They know what they are building. It's actually one of the least hypocritical industry I worked in.
I left because I was feeling uneasy about the foreign countries we were selling to and don't believe in the foreign policy of our last few governments. Still I am not loosing sleep about my contribution to my country military relevance.
Thanks. I'll gladly edit if you can provide me with a better justification? (to me, "contributing to my country's military relevance" would fall under "we build them so we don't have to use them," but I'm obviously the wrong person to be writing these.)
No, we build them so that we are credible when we threaten, can riposte if we are attacked, are less tempting as a bullying target and win when we wage wars (which we sadly still very much do even if it's mostly in support of allied countries nowadays).
I mean, I am far from fully Clausewitzian but force remains part of the way international relationships work.
> "But a measuring of strength may be effected in cases where the opposing sides are very unequal by a mere comparative estimate. In such cases no fighting will take place, and the weaker will immediately give way.
> If the object of a combat is not always the destruction of the enemy’s forces therein engaged—and if its object can often be attained as well without the combat taking place at all, by merely making a resolve to fight, and by the circumstances to which this resolution gives rise—then that explains how a whole campaign may be carried on with great activity without the actual combat playing any notable part in it."
(the problem here is that this strategy is unstable, as not everyone can follow it at the same time, something demonstrated twice during the prior century. Renaissance italians were fond of manoeuvre over direct combat, for which our more bloodthirsty age faults them.)
The OP gave a simplistic answer about baddies. In general though this does appear to be something of thinking of your side as pretty damn good in a moral sense. A few things I can think of that don’t feel like they align with the motives you gave:
- the US is close to near full support of course what Israel does. We have never had any issues supplying them with aid of all kinds. There doesn’t appear to be nuance there. The practice won’t stop. It exemplifies many of the general practices and uses of the military complex.
I have a hard time believing there isn’t some level of hypocrisy or dissonance to claim moral reasons like not being bullied, but on board with most of Israel’s actions.
Yemen is an easy case of how wrong things are. It is consistent with the frequency of the US not doing things for defensive purposes.
The first 3 points vs the waging war point appear To be conflicting and troublesome themselves.
> even if it's mostly in support of allied countries nowadays
Does "nowadays" include only the 1991 defense of Israel? Because that's the last time the US was in a war that was in defence of its allies, and there's basically a blank history before that.
You miss the point actually. The poster made a statement without any proof. It's a classic logical fallacy.
And your example...? Proves what exactly? It's the exact opposite of a cognitive dissonance. The behavior is consistent with the company values.
But the discussion point is that the company behavior is most of the time inconsistent with the company values. E.g. Exxon value is env friendly energy <-> Exxon true behavior is causing env disaster
There's a bit of a problem here because cognitive dissonance is harder to apply to companies, they are not a single mind even if they almost act like it. I doubt the people under the company's umbrella hold the 2 ideas in their head concurrently, they just put aside any moral aspect and let "the company" bear this moral weight, they just have a job to do regardless of personal preference.
Perhaps hypocrisy would be a better term to describe them. They'll say something is bad but they'll do the very same thing depending on how this suits their agenda.
Not at all. Hypocrisy is the act of criticizing OTHERS for something, while engaging in the same behavior. That's completely beside the point and no-one talks about that here.
> : a feigning to be what one is not or to believe what one does not : behavior that contradicts what one claims to believe or feel
> especially : the false assumption of an appearance of virtue or religion
Seems to me that this is exactly the point of what we're talking about here. It started from the "cognitive dissonance" which applies less effectively to a "hive mind" like a company than the above given definition for hypocrisy.
That feigning is exactly the difference between feigned and real values or behavior. And no matter which feigned/real pair you choose from this story (real values, claimed values, values and behavior towards themselves, or towards users, etc.) you will find evidence of hypocrisy.
I haven’t come across hypocrisy meaning one is criticizing others. I don’t think that needs to be a pretense for hypocrisy.
it would be hypocrisy for some one to be for small government always, but spend 1 trillion a year on a complex tax system beyond what any one else is doing. Regardless of any critiques they make or don’t make.
Are people on HN, reddit, et al, who have criticisms over vast numbers of people, mostly cogs, but all seem to be working jobs at companies that don’t do much harm, if any?
It appears as if at some level all of us need to have some level of cognitive dissonance to not see ourselves as bad people. I know there are levels to how bad things can be. I’m just saying no one is a saint.
Aye, cognitive distancing would be more accurate, though I don't really know what the actual term that applies here is. I generally just refer to it as simply lacking morals, be it in the form of immorality or deep ignorance, neither of which are excusable.
> Cognitive dissonance is an essential requirement
I think the correct word here is "doublethink". Cognitive dissonance implies experiencing an unpleasant sensation from the contradiction, which leads people to try resolve the dissonance. Doublethink implies fully accepting two contradictory notions at once without any unpleasant sensation.
If you're not poor, then it's immoral to work in such company.
If I had to choose between working for a monopolistic corporation or a mafia, I think I'd rather join the mafia because I can't stand hypocrisy. At least they're honest about what they're going to do to you if you don't pay them the protection money and they're not pretending to be the good guys. A mafia has a clear, well defined moral code with clear boundaries which limit the harm they do; also unlike corporate entities, the members of mafias take risks upon themselves.
>You are assuming that they have this information. However their argument is that the search terms "could" retrieve such documents. There is nothing here that confirms they possess these purportedly irrelevant documents that would be produced given the current search terms.
Having the documents is a necessary condition to them being found (or in other words if they don't have the documents they can not be found), so I would hope making such an argument without actually having any documents containing this information would get them a stern talking to by the judge. Then again law often works very different to what we laypeople assume.
>> You are assuming that they have this information.
Isn't that the entire premise of the article?
What you're suggesting here is that Facebook doesn't hold any data until the government asks for it, then that data magically appears on its servers and suddenly it needs to be protected from big bad government. How convenient.
The EU Commission is a powerful barely accountable entity. It may be hypocritical for FB to defend privacy but it doesn’t necessarily mean that they are wrong.
In what way is it "barely accountable"? It's appointed by Member States directly through the European Council (the heads of each Member State who meet quarterly to discuss the EU), who propose nominations, and then confirmed by the MEPs from each Member State directly elected by their voters.
So, from two directly accountable bodies: the heads of state of each country, and then directly elected MEPs. If EU voters don't like their Commission, they can always vote in new MEPs and new governments to represent them on the Council.
There are many arguable democratic deficits within the EU, but isn't one of them in my opinion.
> Why does FB even have employee medical information and personal financial records?
At Facebook's scale, they probably self insure their employee health plans (at least in the US where we don't have universal health care). Meaning when employees make a medical claim, the company pays the cost directly. Consequently, they probably have records of every claim made.
I suspect personal financial records is limited to payroll info and tax withdrawal elections.
The companies I know that self-insure hire an actual insurance company to administer and take an administration fee, and just capitalize it themselves. They don't actually act as a health insurer.
You're generally correct, but there are exceptions. The payor still has the right to see claims if they want to, and sometimes they will carve out certain services from the insurance plan that's administered for them, usually for cost optimization reasons.
In a famous example, Wal-Mart carved out back surgery from their healthcare plan and instead negotiated directly with a few specific hospitals across the country, where all Wal-Mart employees who need back surgery then travel to for care.
More common is for big companies to contract with primary care groups to serve their employees directly. (The thinking is that incentives can be better there, since some primary care doctors stay afloat by selling their practices to large hospital chains that they then are encouraged to be aggressive about referring their patients to, raising total costs of care. I think Facebook has this sort of on-site primary care arrangement...this is particularly common in very high cost-of-living cities where it's hard to have what most would think of as a doctor's lifestyle as a primary care physician.
100% this, in addition Facebook has limited onsite medical care at its facilities that they provide as a perk to employees. Even if this is contracted out there is probably some paper trail as to who used what services.
It's probably safe to assume that some Facebook employees have used their work email to correspond with their doctor, accountant, etc. just for the sake of convenience.
And it sounds like the EU is asking Facebook to turn over every email they have the matches any of the 2500 search terms, which would include some of these.
Is there any reasonable term that's not likely to eventually end un in some personal, irrelevant conversation? I can guarantee you that by the time any court rules on anything FB will have so many of these examples where the search words are seemingly organically intermingled through all kinds of irrelevant or personal documents.
"Competition" would probably show up in half of the HR related emails. So would any generic word. You're left with the "written confessions", the ultra-specifics if you will. Imagine if you would search an assassin's phone only for evidence that contains the word "assassinate" because "eliminate" may refer to medical issues.
I'm not talking hypothetically here, I've actually seen such investigation from both sides of the fence. They're not a new thing. Between common sense, known investigative techniques, and legal teams providing coaching an executive has everything they need to avoid using very explicit wording. They use abbreviations, keywords, vague language, because they know some were caught with their pants down admitting in writing some very specific stuff.
Whatever you search for they will comply and provide a lot of material, but none of the good one. After a while somehow they start producing a lot of irrelevant material that contains this. Eventually they will make this exact move where they use the previously provided stuff as evidence that the investigation is too broad. In the meantime that data retention policy set for a laughably short interval kicks in for both the data and the backups. Some companies delete emails, messenger logs, etc. officially under the guise of "cost savings for storage". Anything an employee wants to keep has to be exported locally to some workstation. So regular employees try to manage like this, while senior management or executives get to keep the important data while maintaining plausible deniability. After all you can't search every workstation and the person can't be expected to remember where every file they ever used was.
I've seen a case where every employee who touched a certain project had to turn over their workstation's hard drive (just the drive) to a forensic company who would document and remove anything related to that project. They ended up failing to delete a bunch of stuff anyway.
This would happen in internal investigations (the worst kind, it means you can;t rely on the company's protection), and ones where there's already a warrant for the entire drive, meaning there's already strong evidence to justify this. You'll never see someone handing over the drive just for discovery.
But if they have to provide something, executives are safe almost by default. Companies explicitly use data retention policies as an official means of destroying evidence on centralized systems (on the servers), and they're not shy when discussing this openly (just not in writing). Executives will not be happy about losing their email history so they store a copy elsewhere, on another workstation whose existence is simply not a matter of common knowledge, many times it's associated with a management assistant. Or they will use aliases [0] and investigators will never know there's anything relevant there. When cooperating with the authorities only the official device used by that person is presented, the one in the asset management. You can't ask for something unless you know and can prove it exists.
These investigations could eventually cost a company billions so trust me, they invest billions worth in effort to make sure evidence stays buried.
How about a hypothetical example? I went out of my way to use all three terms that were examples. A better way of handling such wide dragnets is similar to how ACLs work. Inclusive terms grant privileges, but specific denials always deny. So the dragnet is cast, and then from the dragnet anything that matches various keywords is flagged for manual review, with a default of excluding if it matches _that_ information. Items which are relevant to the interests of the intended search but which also contain information that is sensitive and not to be made public might end up filed under some sort of seal.
From: Reporting
To: Employee
Subject: Re Vacation / PTO / Family Medical Leave
... The change in policy is not good for us as it will impact my ability to care for ++my elderly parents++ and the ++young child++ that is on the way.
... It is still a big question about how paternity leave works and if this change in policy might shut down any chance for promotion based on having a family.
Tax withholding elections, retirement contributions, medical elections, emergency contact information, beneficiary information, medical leave requests are all information most employers have about their employees.
I didn't think the day would come when government dragnets would be defended like this. This is clearly a fishing expedition using broad queries. Glad I don't work at companies that are routinely targeted for this shit by overzealous spy governments.
This isn't overzealous spy governments. They are investigating the one of the top three data heavy organisations on earth. They are requesting a miniscule subpercentage of that data, and doing so through an untrustworthy and opaque filter. You cannot investigate a company like facebook without large volumes of data.
It's just that relative to people's normal perceptions, it seems like a dragnet.
Facebooks feelings about this are unjustified and nothing but a tactic to waste regulatory body time, taxpayer money, and judicial stamina.
Crack them open like an egg, is what I say. I've no time for companies doing literal exabytes of questionable business and then playing the victim around handing over a few gigs of it for investigation.
Oh yeah, sure, there's always some big evil bad. At least back in the day they were claiming it's terrorists and child pornographers. Now it's Facebook. They told me this slope wasn't slippery but down we go.
Yeah yeah. Pawn all of your reasoning off on a "they" and infer slippery slopes while breaking out the false equivalencies - as if people are equating anti-trust violations with child pornography.
Do you think the anti-trust investigators should instead focus their efforts on Boko Haram? They are a suitable group for the job? Do you think facebook just... shouldn't be investigated?
This has to be one of the weakest arguments I've yet to see on HN.
I don't want the government to hoover up personal data in order to dragnet search for child porn or terrorism so obviously I think it's a massive overreach to do so for something as piddling as antitrust investigations.
Obviously you are falling for facebooks ploy here and imagining the government wants any personal data at all. The regulator is requesting literally zero personal information, especially of the public.
Facebook is smokescreening saying "oh but what if some of our employees' information is given over", to which the response is "well edit that out then, you idiots."
Not only was this lost on you, but you still think it's a dragnet. I've never seen someone fall so hard for corporate propaganda, right before my eyes.
Where is that response? I think if the EU regulators said that and pay for the redaction (the same as we pay for FOIAs) then that's fine but otherwise looking for "big question" OR "not good for us" OR "shut down" is a dragnet.
Happy to revise position if you have a source for that response.
Companies often have an internal escalation path to deal with issues with their company provided health insurance, for instance if the insurance fails to cover something that their company claims they should cover. Those escalation tickets will be logged and retained.
They don't even have to be lying, it's not a stretch to imagine FB interpreting these requests so broadly that they gave up this information to use it as leverage against the requests.
They will explicitly include the search parameter in such documents specifically to prove they are irrelevant and that they should not have to comply with future requests. It's an actual tactic used in all such investigations.
The investigators obtain some circumstantial evidence for what they should search, request it from the company being investigated, then hope that they get enough of the evidence before that company manages to poison the well and make it look like the investigators are on a witch hunt that's so broad it can only be spiteful.
When this happens you can be sure that they're doing their darndest to hide something. From my experience the cases when such investigations are chasing ghosts are rarer then hens' teeth. After seeing the process from both sides I can honestly say that given how chronically deprived of resources (most of all time) almost all investigations are, when they go for something you can bet the farm that it's hidden somewhere in there and they just have time to pull it out before the other side buries it completely. The more damaging the data, the more resources allocated to burying it.
P.S. Let's install on every car this emission cheating device that tricks all the tests and brings us more profits, we'll never get caught. Young child support parents mortgage breast lump. Welp, guess the evidence is compromised now, we'll have to look elsewhere.
It's possible they're exaggerating to get a good sound bite to get people on their side -- "medical information" could refer to health insurance enrollment forms, and "financial records" could refer to paystubs or benefits information.
Is that really exaggerating? Those are both legitimate examples of the words they used. Working at Facebook shouldn't mean that some official in the EU gets to know what kind of insurance I opt for or how much I make, or generally dig around my personal communications without warrant based on the use of arbitrary phrases (speaking hypothetically; I don't work at facebook).
The irony is, that this is exactly what Facebook and Google (and whole bunch of other companies) do with their users as part of their business model. Somehow that's ok.
In my case (in the UK) my employer would have diagnoses of diseases from sick notes, occupational health assessments that include medical information, pension details, payslips and personal details of my next of kin. All this would fall under GDPR protection which a) doesn't just apply to websites and b) includes the "only ask for the minimum you need to do the job" proviso so I can see Facebook's point that it's problematic for them to hand over this information. But I'd be surprised if there wasn't a law enforcement carve out that this falls under.
This was exactly my thought when reading this, why do they have this information? Unless it's trivial information like next of kin or the sick days of employees, which really should not contain the search terms, why should Facebook have details of employees medical information or partners?
> we would be required to turn over predominantly irrelevant documents that have nothing to do with the Commission’s investigations
No but it's needed so the Commission can offer better personalized services. Or do what the users have to do when they reject overly broad EULAs: take their business elsewhere.
I expect the regulator has asked for a lot of email or messenger comms to investigate something and FB has said "we can't turn over that email, it could contain personal stuff that people deal with in their work email".
For example if you send your paycheck home via your email, that's a "personal financial document", if you send home a receipt from when you got a flu vaccination that's "employee medical information" and private information about families is when your mom/spouse/whoever emails you at work about something.
This is typical in a discovery situation and the lawyers will usually sit down and sift through stuff and figure out what really is relevant, what needs to be redacted/excluded altogether etc.
If it is irrelevant to the Commission, then it is irrelevant to Facebook. If the data is highly sensitive, then it is relevant information for the Commission!
The CSIRO has the domain CSIRO.au and they're the only one site that comes to mind. All domains in Australia are required to be registered under the kind of organisation they are. There is .com.au for companies, you need a valid Australian Business Number (ABN) to register one, .org.au where you need to be a registered "organisation"[0]. Soon we'll be able to register .au domains and you can read more about the history of the domain on Wikipedia[1].
In short, the reason you never see `.au` domains is because no one can register them.
IANA delegated .au to someone at the University of Melbourne in the 80s. He devised the 2LD structure, and chose .com.au, .org.au, .net.au, and .edu.au as the major second level domains, with various eligibility requirements. Recently, auDA (the Australian domain administrator) started investigating releasing top level .au domains, but the timeline went from "late 2019" to "first half 2020" [0], and I haven't seen anything since.
Having lived in Australia, Germany and New Zealand amongst others, I find the Australian scheme the best. In Germany, everything is just .de (like in many other countries), while I find that the nz sites (.co.nz, .ac.nz ...) using a different scheme than the topdomains (.com, .edu) even worse.
I kind of see it but it still seems like a stretch since lots of companies take legal action against governments for a variety of reasons. At face value the company is airing a legitimate concern/grievance and they're using the EU's own courts to explore the legitimacy of that grievance so it's not like they're subverting the rule of law somehow.
The problem is that whatever you'd search for, that term could and eventually would, by any means necessary, be found in "employees’ health information, performance evaluation and even job applications to the company". Then again you can't not see the irony of the situation where FB is complaining that someone is requesting too much data from them.
> Facebook is also seeking interim measures at the Luxembourg-based General Court, Europe’s second-highest, to halt such data requests until judges rule
Having participated in such investigations I can tell you one thing for sure, whatever the final outcome of their initiative FB can only win from the respite this would provide. Evidence gets old and data retention policies just happen to kick in, evidence gets lost, evidence gets moved to another jurisdiction, etc.
I am taking the uncharitable interpretation because it's the most realistic.
I'm inclined to take the realistic approach: It's in their best interest to fight any anti-trust investigation, regardless on whether their denial is legitimate or not. A successful anti-trust suit could cost FB billions of dollars, which is well worth some overtime for a few lawyers to delay-delay-delay.
It's their lawyer's role to make every step of the legal process as painfully slow as possible.
Facebook being concerned about anybody's privacy is a good thing I guess.
What they should do instead of suing the EU antitrust regulator (good luck with that) is to comply with the request and leave out or redact those things that they feel would breach employee confidentiality, and enumerate where they've done so with specific reasons as to why a particular item has been left out.
What will happen now is (1) they will lose this lawsuit; (2) will have to pay costs and (3) will still have to cough up the data. So I interpret this as a stalling action to buy time to figure out how they can not get to (3) in some way or other. Maybe they'll lose the data somehow.
As an employer I don't hold any such data on my employees, and neither should Facebook. They are right that legislators / the antitrust entity has no right to this information, but the best way to achieve that is if they didn't have it in the first place.
Facebook employees should wake up and see that it is their rights being violated by Facebook here, the anti-trust entity is not the one that is at fault.
You piss off regulators at your peril. In the end they're all people and being stymied is going to cause some kind of reaction, likely not one to Facebooks' benefit.
> They are right that legislators / the antitrust entity has no right to this information, but the best way to achieve that is if they didn't have it in the first place.
But they do have a right to it by way of enforcing compliance with existing regulation. That's why Facebook isn't daring to outright refuse the requests. It's hoping by some wishful thinking that a decision will come back restricting the Commission on the basis of rights violations. It's a 50/50 bet that could either ease Facebook's burden on GDPR, or worsen it.
Honestly, I hope it worsens it. SV Tech, especially social media companies like Facebook and Twitter, have caused a lot more trouble now than they have created benefit. Back in the days of MySpace, it was a "hip" thing to interact on social media. But as the capability to monetize social media shrunk, and Facebook and Twitter, among others, decided to go public with none of the diversity in their product portfolios that's kept public giants profitable for decades, they turned to pretty nefarious and reckless opportunism to keep investors happy.
Facebook has struck deals with South Asian wireless providers that have since come into serious trouble with governments who saw social media be used to aid anti-government agendas. I was co-sponsor on a deal with one of the largest providers, which was desperately trying to get out from under its agreement with Facebook, since it had effectively lost all the money it had earned from the partnership to fines, bans, and regulatory compliance in countries like Burma, Thailand, Vietnam, Indonesia, Singapore, and Malaysia. All of those governments have cracked down severely on social media being used to organize anti-government activity.
Facebook is not our friend. It's not here to protect us. It's not interested in serving our best interest. If it was, it wouldn't have entire teams of attention engineers. It wouldn't constrain our ability to receive direct support for issues on the platform to a set list of automated help articles. Facebook wouldn't have allowed political ads at all during an election cycle, because the integrity of the election was already in question over the volume of activity by US candidates and the impulsive nature of social media activity in response.
I'm all for turning Facebook upside down and flushing its head in the toilet. It's gotten a little too cool for its own good. It needs to be reminded that its still just another student in the same school of life everyone else has to attend. We can't afford to set aside skepticism because we're enamored with the glow of its success with adoption. I mean, COVID-19 has had an insanely good run at new adoption too.
> "... we would be required to turn over predominantly irrelevant documents ... such as ... personal financial documents, and private information about family members of employees,”
Sounds like the kind of documents useful for investigating (at least) fraud, kickbacks, and hiding assets.
So, EU antitrust regulator seems to be doing it's job (thus far).
This is nothing more the a PR misdirection to evoke anti government sympathies. EU regulator has no interest in this information, and probably has not directly requested it. The wording says that the search terms $might$ return this information. So the lawyers can always redact it if these turn out, I'm pretty sure the regulator would accept it.
Thank you for proving my point.
The regulator has no intention to read your medical records, nor did it ask for them. Facebook misuses the court for sly PR tricks to evoke anti government sympathies and get people on their side.
Just as you did. Don't forget, Facebook is the bane for privacy, not the EU.
I read the comment in full, and the comment is wrong. Facebook’s statement:
> “The exceptionally broad nature of the Commission’s requests means we would be required to turn over predominantly irrelevant documents that have nothing to do with the Commission’s investigations, including highly sensitive personal information such as employees’ medical information, personal financial documents, and private information about family members of employees,”
There is no “might” PR weasel-wording as OP implies. It is clear that Facebook believes with certainty they are asking to turn over information that is predominantly irrelevant.
Also, the OP’s statement that the EU “has no use for the information” is irrelevant and an affront to privacy. If the EU has no use for it, then they should not be asking for it.
“Facebook bad! EU good!” is a naive mentality and I’m disappointed to see that HNers are falling into the same groupthink present everywhere else.
You are jumping to conclusions. EU might have their own problems, but believing EU, a representative body formed from people elected through a democratic process is just the same as a global corporation with a single "rational" goal of "make more money whatever it takes", is naive.
In a way, Corporations are inherently corrupt because they are not measured on anything but getting more money, which does not equate creating more value, but is merely a proxy. Democratic bodies maybe be corrupted, but you have the moral grounds to complain about it. Which you don't have with corporations, as long as they make money, they are acting withing our morality expectations.
And it is weasel speak, because they don't claim that the EU is asking for this impertinent information specifically, but they make it sound like that. I dare you to find "employee medical records" in the search terms.
If they were acting in good faith, they would've ask to enable post dragnet filters, and not to publicly claim the EU is after employee medical records. Which is a lie.
> Democratic bodies maybe be corrupted, but you have the moral grounds to complain about it. Which you don't have with corporations, as long as they make money, they are acting withing our morality expectations.
And yet there is still nuance here. Just because a capitalist corporation is inherently corrupt does not mean that every decision made by it will be similarly corrupt or devoid of ethics. And just because a body is democratically elected does not mean that it is not functioning in a morally corrupt manner.
Case in point: Facebook (a corrupt entity) is legitimately defending the privacy of their employees in this decision (a decision that is not necessarily corrupt).
On the contrary, the regulators asking for this information is symptomatic of corruption. The fact that they did not back off saying that they did not need this information, but rather, decided to pursue a lawsuit, lends credibility to Facebook’s claim. Otherwise, it would be as simple as asking Facebook to exclude this private information from the search.
> And it is weasel speak, because they don't claim that the EU is asking for this impertinent information specifically
They do. They claim that the search requested by the EU would predominantly include this information. I’m not sure how much clearer you can get.
> I dare you to find "employee medical records" in the search terms.
A dare that we both know is impossible to test, because the search terms and the underlying body of data are not public.
> If they were acting in good faith, they would've ask to enable post dragnet filters, and not to publicly claim the EU is after employee medical records. Which is a lie.
Maybe, but my main point is this sort of misuse of the court procedures for the side effect of manipulating the crowd using deceptive claims, is what makes FB disgusting.
How do these things work with work from home? Activity at one's home or anywhere outside the offices is private, even if it's work-related. Could remote employees block such requests on the ground of personal privacy?
What are you talking about? Your employer shouldn't have access to your private activities in the first place. Just because you are out of office and you send a company email doesn't make it private.
It's your work device and can be investigated when pursuing against your employer, activity in your work computer in your home is part of your work and your employer's IP so there's nothing about personal privacy here. Use your own devices for personal use...
I didn't RTFA but assuming the requests were excessive, it's great to see Facebook defend themselves. Sad to see how beleaguered this company has become despite (IMO) having good intentions in an impossible situation where you can't make everyone happy.
Why would you assume that the requests are excessive and that FB is in the right? Given their track record against regulatory bodies it's quite rich to assume that and then derive a whole supporting comment out of it.
It's not sad, this is self-inflicted, FB played with fire and that has consequences, it doesn't matter how pretty to the outside their vision and mission statements are. What good intentions are there from FB? They talk the talk but don't walk the walk, and never had.
> EU regulators comb through documents looking for about 2,500 search phrases which include “big question”, “shut down” and “not good for us”, said a person familiar with the matter.
Is the text of the Commission's requests public? This paragraph seems to be implying that they're demanding every Facebook document containing any of these 2,500 phrases, which does seem pretty dumb if true.
The alternative is for regulators to issue narrow, targeted requests for the information they need to investigate specific issues. I don't think the government should be able to tell a company "alright, hand over all your documents so we can make sure there's no evidence of wrongdoing in them".
The investigators should ask exactly for the smoking gun, but they need the smoking gun to know exactly what to ask for. Imagine if when asking for a warrant the Police would have to say "we are looking for a knife on the left side of a shoe box under the defendant's bed". Oh the knife is wrapped in some tax returns and blood work results... bummer.
You don't need to go much farther than your average internet search to see that it's nigh impossible to search so narrowly that only the best result comes up from the first try and doesn't contain any irrelevant information. And that's before considering that unlike internet searches companies go through a lot of effort to intentionally poison the well and mix up the now known search words throughout a big volume of irrelevant information to prove their point. This is what this request is about, buying that time.
As I already said, you can't not spot the irony when a company insists they need very broad access to your data to monetize it, but complain when regulators need access to their data as part as an official investigation.
In my area, that's indeed how police investigations work. They don't have to be quite that specific, but they do have to explain what specific things they're looking for and why they expect to find them. They couldn't say "well, it's possible you committed a murder, so we'll search your house to see if there's any murder evidence in it".
Let's not pretend that Facebook isn't accused of a myriad of anti-competitive practices. Not even Facebook is claiming that the EU doesn't have grounds for a search. They are simply saying the search is overbroad.
? The irony is the other way around. FB is free, users provide information, FB doesn't sell it or share it, they use it to place ads. The EU government is concerned about 'privacy' while asking a private, foreign company to hand over arbitrary private data.
Imagine the police pulling you over and asking you to show any emails which included the terms 'deal' or 'partying' or 'the green stuff'.
The investigators are probably barking up the wrong tree.
You are one of those that falls for the semantic trick of "we don't sell your data" [0].
A private foreign company isn't more powerful than the EU, there is no irony that a regulatory and investigative body wants private information concerning an investigation from a company operating under its jurisdiction. And a company that has a track record of strong-arming regulations and governments.
I'm aware of how my data is being used by Facebook, and am generally unconcerned by it, as are most people.
Conversely, it would seem you're falling for the completely false claim made in the NY Times that somehow, placing ads on FB is somehow tantamount to 'buying customer data'. The article is making a bizarrely stupid claim.
"I am shocked that anyone continues to believe this claim. Each time you click on a Facebook ad, Facebook sells data on you to that advertiser. This is such a basic property of online targeted advertising that it would be impossible to avoid, even if Facebook somehow wanted to."
It's basically lying to suggest that someone placing ads on a network is remotely similar to, for example, Facebook literally selling user data directly to advertisers or anyone else.
You, I, everyone, we see the ads on Facebook, the means by which those ads are purchased is available for anyone to see and it's really not that big a deal. It's mostly demographics, location, and some degree of interest that usually isn't correct in the first place.
"A private foreign company isn't more powerful than the EU"
The EU and FB are bound by law, and it seems clear the EU is breaking it by making broad search and seizure during some kind of investigative discovery, and the EU courts will have to rule on it.
I don't understand how we can have such crazy double standards. If it's against the law, and there is evidence somewhere that I broke it, why is it outside the mandate and allowance of government to enforce its access to it? Your examples are a bit contrived and evokes "incriminate myself" ideas that complicate it a bit. But what if it's more obvious? An email or private text message that quite explicitly says "yeah, I stashed the murder weapon in location xyz". We've all agreed that murder is illegal, currently using certain substances is illegal, fraud is illegal, etc. So why the double standard under the guise of "right to privacy"?
By and large, everyone understands the trade off they are making (i.e. FB can put ads in your stream) for a free Social Networking service, and it's fine.
Facebook is doing a bit more than showing ads. They are tracking people over the web, deciding the information stream for many, collecting a huge amount of data, helping to spread fake news, and helped to get someone stupid elected as the leader of the world biggest power.
Nope, I wouldn't beg to differ so don't put your words in my mouth.
And nope, by and large the majority of non-tech savvy people don't understand the trade off they are making. I've done research for data privacy advocacy here in Sweden, in Germany and Norway and the vast majority of people have no idea about the kind of data that FB, Google, etc., are able to collect about you, across the web or your phone and so on.
People are in the dark about this, they have a vague notion that "oh, they collect my data" but they have no idea about the implications of this, so no, it's not fine when your business model depends on the ignorance of people to thrive... That's exploiting, not business.
500 Million Europeans are not stupid, and they know what is going on: they see the ads right in front of them and are aware there is some degree of targeting going on.
The mechanism of this targeting is not some complicated dark secret - it's literally available to 7 billion people to see any time. It's right there: location, demographic and basic interest targeting. Data is not being sold to anyone, and advertisers can place ads based on a few simple things. There's nothing remotely nefarious.
People around the world 100% make the choice to use Facebook with this understanding, it's literally free, and there is no compulsion to use it.
If you use Facebook, then you have made the choice, nobody is putting words in your mouth, your assertion is a function of your actions, not my words.
If Facebook was leaking data, selling data etc. there would be a problem. But they aren't, so there isn't.
I'm saying that you are wrong given that I worked with data privacy advocacy groups in 3 countries in Europe where one of the researches was exactly to gauge how much the average internet user knows about how their data is collected, used and cross-referenced between multiple parties.
You are building the strawman that because people know about data collection they aren't stupid, I never said they are stupid, I'm saying that the way this data is collected and used is so obfuscated from the general public that it's akin to exploiting a whole populace ignorance as a business model.
> People around the world 100% make the choice to use Facebook with this understanding, it's literally free, and there is no compulsion to use it.
This is patently false, not sure if you like hyperboles or if you are just that ignorant about the knowledge of the rest of the people in the world that doesn't live on Hacker News and breath tech...
Sure, but I am not talking about their users but the company itself. If it doesn't want to follow EU law while doing business in the EU, I think they should not business here...
Similarly, to how some news sites in the US block EU ip address so they don't need to comply with GDPR.
I am quite happy that EU tries to protect the privacy of its citizens. I would be delighted if the US and other countries would follow suit.
"> which does seem pretty dumb if true
Why is that? "
Because governments have no right to ask private groups to hand over arbitrary, speculative bits of information.
They can ask for specific things relating to specific matters with a court order, but broad searches for loose search terms is ridiculous and probably unconstitutional.
No they absolutely don't and every modern nation has rules against arbitrary search and seizure.
In fact, this looks pretty crazy upon first glance, these keyword searches are very arbitrary and broad, it wouldn't hold up in most other scenarios, FB is right to take this to court.
It's not arbitrary search and seizure. It's a legitimate request for FB to produce documents because they're under suspicion of abusing their market position.
This shows the generation and technically challenged politicians that came up with this nonsense request. Agree on an API that is practical and fair and pay for the data transfer
I don't use Facebook and think it's a waste of time for people who are addicted to it. However, I also don't think it's right that a bunch of gov lackeys in Brussels should be suing and fining US companies that have lots of customers & money. When they sue Google for $500M or whatever, where does this money go? To the supposed "victims", or to the EU gov coffers, to pay for more staffers so they can file more lawsuits?
If you want companies to follow rules, history has shown that only steep fines, or jailing executives work. Where the money goes isn't that important, it's a fine, and it's intent is to be big enough that following laws is cheaper.
They want to operate on the EU market, they follow EU laws. EU companies don't get to select which US laws to follow when active in the US.
That's probably only part of the story though, it might be a little more behind why this happens now.
US have worked to extend the reach of their laws outside the country for decades, aggressively. This is part of what's called soft power, which US has historically been quite good at. The current US administration has dropped the ball on soft power so hard its sad. Not only has it opened up for China in parts of the world where they barely got any play before, the emboldening we see in how China tries to assert jurisdiction over people outside China is almost certainly a direct result of these catastrophic failures of foreign policy. Not only Chine, but it's an extremely obvious case..
Anyway, that kind of massive clownery on the geopolitical arena is going to have consequences. The massive power vacuum alone almost certainly enabled, but likely also forced EU's hand enforcing the laws more aggressively, at least to some extent.
> “The exceptionally broad nature of the Commission’s requests means we would be required to turn over predominantly irrelevant documents that have nothing to do with the Commission’s investigations, including highly sensitive personal information such as employees’ medical information, personal financial documents, and private information about family members of employees,” Facebook associate general counsel Tim Lamb said in a statement.
Why does FB even have employee medical information and personal financial records? I can sort of understand how they might inadvertently end up with small snippets of medical information via their HR process (e.g. Sally Software Engineer submits a request for maternity leave), but, other than possibly account numbers for stock accounts and deposit accounts, I'm scratching my head as to what they even mean by "medical information" and "personal financial documents."