The Facebook civil rights audit is a mixed bag

For more than two years, a team of civil rights activists have been examining Facebook’s actions under a microscope. They have issued various interim reports: this week they produced their final report, which evaluates how well Facebook has done in implementing their extensive recommendations. The short answer: not very well.

The report covers a wide scope of activities, including eliminating hate speech, policing posts that are threatening democratic elections and the collection of US Census data, changes in advertising policies and algorithmic bias, inciting violence, and policies promoting diversity and inclusion. It would be a tall order for many tech companies to resolve all of these issues, but for business the size and scope of Facebook, I would expect to see more coherent and definitive progress.

At first glance, Facebook seems to be trying — maybe. “Facebook is in a different place than it was two years ago,” as the report mentions. The company has begun several initiatives towards making amends on some of their most reprehensible actions, including:

  • Setting up better screening of posts that encourage hate speech or promote misinformation or harassment. The auditors mention that while there have been improvements during the study period, specific recommendations haven’t been implemented.
  • Prohibiting ads that mention negative perceptions of immigrants, asylum seekers or refugees.
  • Creating new policies prohibiting threats of violence relating to voting and elections outcomes.
  • Expanding diversity and inclusion efforts, although in interviews with Facebook staff the auditors feel there is still plenty of room for improvement and could do a lot more.
  • Eliminating explicit bias in targeting housing, employment and credit application ads by age, gender or Zip code.
  • Making changes to its Ad Library to make it easier and more transparent for researchers to search for bias and to determine if Facebook is making progress in implementation of these policies.

But when you read the entire 90-page report, you get to see that while the company has moved (and is continuing to move) towards a more equitable and appropriate treatment, they have just begun to move the needle. “It is taking Facebook too long to get it right.” they state.

Megan Squire, a CS professor at Elon University, wrote to me with her reaction. “The report highlights the same kinds of inconsistencies and persistent failures to act that I have experienced as a researcher studying the hate groups. These groups still routinely use Facebook’s platform to recruit, train, organize, and plan violence. Onboarding civil rights expertise is something they have yet to do in the white supremacist and domestic terror space, but I hope they strongly consider something like this in the future.” Squire refers to hiring civil rights specialists to round out various teams. The final report mentions this hiring in several contexts, but doesn’t touch on it when it comes to the sections on fighting hate speech and improving Facebook’s content moderation.

One thing that occurred to me as I was reading the report is how many of the issues mentioned have to do with the actions of our President and his campaign staff. Many of his statements, on Twitter and Facebook and in his campaign advertising, violate the auditors’ recommended actions. They auditors mention a trio of Trump posts in May which contained false claims on mail-in voting and an attempt at voter suppression. The posts were removed by Twitter but left online by Facebook. “These political speech exemptions [justifying keeping them online] constitute significant steps backward that undermine the company’s progress and call into question the company’s priorities,” the auditors say. “For many users who view false statements from politicians or viral voting misinformation on Facebook, the damage is already done without knowing that the information they’ve seen is false.” The auditors mention civil rights advocates’ claims that Trump’s content is “troubling because it reflects a seeming impassivity towards racial violence.”

The auditors specifically address this, saying “powerful politicians do not have to abide by the same rules that everyone else does, so a hierarchy of speech is created that privileges certain voices over less powerful voices.” They mention how Facebook has reined in anti-vax proponents but ironically has been “far too reluctant to adopt strong rules to limit misinformation about voting.” They go on to state, “If politicians are free to mislead people about official voting methods (by labeling ballots illegal) and are allowed to use not-so-subtle dog whistles with impunity to incite violence against groups advocating for racial justice, this does not bode well for the hostile voting environment that can be facilitated by Facebook in the United States.”

Facebook has tried to blunt the auditors’ criticism, saying that from January to March 2020, they removed 4.7M pieces of hate speech-related content, which is more than twice what was removed in the prior three months. That’s progress, but just the tip of the hate-speech iceberg. Earlier this week, Zuck once again promised to address the auditors’ issues. And last week, the company announced they are trying to still lock down API access to private data, after yet another revealing breach of private user data was discovered. Clearly, they could do a better job.”Facebook has a long road ahead on its civil rights journey.” I agree. It is time we see progress over promises.

FIR B2B podcast episode #139: Faulting and fixing Facebook’s hate speech problem

This week we discuss the Facebook ad boycott. Well, it really isn’t a total boycott but more like a brief pause by hundreds of major consumer brands in their advertising programs with Facebook and all of its social media platforms. CNN is keeping track of who is pulling their ads this month. However, the protests aren’t expected to hurt Facebook very much since most of its $70 billion in annual ad revenue comes from smaller businesses, something that Andrew Yang discusses on his podcast with cybersecurity pro John Redgrave and is worth listening to (after you listen to ours).

Montgomery College Pulls Ads From Facebook, Supports 'Stop Hate ...The effort was created by a group of anti-hate speech advocates such as NAACP and ADL under the banner of Stop Hate for Profit. That website lists their demands for changes to Facebook’s operations. We wonder why more B2B companies haven’t stepped up to this effort. I wrote a blog post with his point of view last month here. Shortly after we recorded this episode, the results of an internal audit were released, finding that Facebook’s “approach to civil rights remains too reactive and piecemeal.” Clearly the company still has a long way to go, particularly since top executives appear to be in denial that anything is wrong in the first place. I will post more about the audit results soon.

Facebook has also been criticized for some sloppy programming with its API, allowing discontinued mobile apps to still access private data. The company has made a lame and half-hearted response.

Speaking about other worthwhile podcasts, the NY Times tech columnist Kevin Roose has been producing a series called Rabbit Hole about how social networks in general, and YouTube in particular, suck people into echo chambers through their recommendation engines. It’s an unsettling series and well worth a listen if you want to know how Gen Z and  younger use social media.

You can listen to our 17 minute podcast here.

Apple’s App Store: monopoly or digital mall?

Another salvo in the legal battle between Apple and its developers was fired last month. The EU Commission is following up on a complaint from Spotify that says Apple’s practices are anti-competitive and are designed to block the popular music streaming service. Apple has two policies: one that prevent app creators from linking payments from within the app other than subscriptions, and another that limits users from making payments other than in-app purchases. These two policies result in developers having to pay Apple commissions on these payment streams: which amount to nearly a third for the first year and 15% in subsequent years.

This follows the US Supreme Court ruling that iPhone customers could sue Apple for allegedly operating the App Store as a monopoly that overcharges people for software. So far no action has happened as a result of this case and legal experts say it will probably take several years to wind its way through the courts. There was another lawsuit filed in US District Court in San Jose by two app developers that also accuse Apple of being a monopolist.

Andy Yen of ProtonMail posted this blog entry last month, saying “We have come to believe Apple has created a dangerous new normal allowing it to abuse its monopoly power through punitive fees and censorship that stifles technological progress, creative freedom, and human rights. Even worse, it has created a precedent that encourages other tech monopolies to engage in the same abuses.” He states further that “It is hard to stay competitive if you are forced to pay your competitor 30% of all of your earnings.” 

Of course, Apple disputes all of these charges, saying that it is just a digital mall where the tenants (the developers) are just paying rent. Nevertheless, it is the only mall when it comes to providing iOS apps. Apple claims it needs some compensation to screen out malware and badly coded apps and claims that the vast majority of apps in its store are free with no payments collected from developers. “We only collect a commission from developers when a digital good or service is delivered through an app.” The company explained its practices in this post in May, and cited a number of instances where third-party app developers compete with its own apps such as iCloud storage, the Camera, Maps and Mail apps.

Tim Cook thinks nobody “reasonable is going to come to the conclusion that Apple’s a monopoly. Our share is much more modest. We don’t have a dominant position in any market.” I disagree. From where I sit this seems very similar to what Microsoft went through back in the 1990s. You might remember that the US government ruled its Windows and anti-competitive practices were considered a monopoly.

There are some differences between Microsoft then and Apple now: Apple doesn’t have a dominant share in mobile OS outside of the US (Google’s Android has 75% of the market). whereas Microsoft had 90% of the PC OS market. But still, the Apple App Store represents a high barrier for app developers to enter, and consumers do suffer as a result.

Fighting online disinformation and hate

The past month has seen some interesting developments in the fight against online disinformation and hate speech. First was the K-Pop campaign that diluted the impact of white nationalists by filling the various social media channels with fan videos using their hashtags. The K-Pop fans were also initially credited for buying up tickets to the Trump Tulsa rally. While we know only about six thousand people attended the rally, it is hard to state with any certainty who really got those tickets in the end.

This is an effective way to blunt the impact of hate groups, because you are using the crowd to counter-program their content. What hasn’t worked until now is forcing different social media platforms to ban these groups entirely. This is because a ban will only shift the haters’ efforts to another platform, where they can regroup. As a result many new social platforms are popping up that are decentralized and unmoderated.

Megan Squire, a computer science professor whom I am distantly related, has studied these hate groups and documents how their members know how to push the limits of social media. For example, one group uses You Tube for its live streaming and real-time comments, then deletes the recorded video file at the end of their presentation and uploads the content to other sites that are less vigilant about their hate speech moderation.

Part of the problem is politics: tech companies are viewed as supporting mostly liberal ideologies and target conservative voices. This has resulted in a number of legal proposals. Squire says that these proposals are “naive and focused on solving yesterday’s problems. They don’t acknowledge the way the social media platforms are actually being gamed today nor how they will be abused tomorrow.”

Another issue is how content is recommended by these platforms. “The issue of content moderation should focus not on content removal but on the underlying algorithms that determine what is relevant and what we see, read, and hear online. It is these algorithms that are at the core of the misinformation amplification,” says Hany Farid, a computer science professor in his Congressional testimony this past week about the propagation of disinformation. He suggests that the platforms need to tune their algorithms to value trusted, respectful and universally accepted information over the alternatives to produce a healthier ecosystem.

But there is another way to influence the major tech platforms: through their pocketbooks. In the past month, more than 100 advertisers have pulled their ads from Facebook and other social sites. CNN is keeping track of this trend here. Led by civil rights organizations such as the NAACP and the ADL, the effort is called Stop Hate for Profit. They have posted a ten-point plan to improve things on Facebook/s various properties. It has been called a boycott, although that is not completely accurate: many advertisers have said they will return to Facebook in a few weeks. One problem is that the majority of Facebook business is from smaller businesses. Still, it is noteworthy how quickly this has happened.

Perhaps this effort will move the needle with Facebook and others. It is too soon to tell, although Facebook has announced some very small steps that will probably prove to be ineffective, if history is any predictor.

Avast blog: Understanding BlueLeaks

Earlier this month, a group of hackers published a massive dataset stolen from various local law enforcement agencies. The data has been labeled BlueLeaks and contains more than 269 GB of thousands of police reports that go back at least two decades from hundreds of agencies from around the US. The reports list private data including names, email addresses, phone numbers and bank accounts. The source is a group called Distributed Denial of Secrets or DDoSecrets, which like Wikileaks has been publishing various leaked datasets for many years.

The data can be easily searched as shown in the screenshot below.

What BlueLeaks shows is that third-party IT providers need to be properly vetted for their internal security methods. While having an easy-to-update website is great, it needs to be secure and all accounts should use multi-factor authentication and other tools to ensure that only authorized users have access. You can read more about the leak and its relevance here in my post for Avast’s blog.

RSA blog: Making the Next Digital Transition Will Require Extensive Security Planning

We are all in a forced march towards a more accelerated digital transition because of the global health crisis. McKinsey is one of many consulting firms proposing a 90-day guide towards moving into this brave new era. While the intentions are good, this proposal is somewhat flawed. It will take more than Zoom, Slack and a corporate subscription to a cloud-based collaboration platform to transform a business for this next normal. To make this move successful, we all have a lot more work to do in planning for this transition. In my blog post this month for RSA, I share a few ways to begin to frame your thinking about this subject.

There are many risks and security challenges associated with digital transformation in response to the on-going health crisis. I think they can be conquered, but will require significant planning to ensure that we manage the associated risks appropriately.

Documenting online antivax misinformation

Whatever your position on childhood vaccinations, a new report provides very solid documentation of the role played by various antivax pressure groups to sway public opinion using a variety of online social media platforms. The report is a joint effort of two non-profit organizations, the Sabin Vaccine Institute and the Aspen Institute. I haven’t read the entire report, “Meeting the Challenge of Vaccination Hesitancy,” (a copy linked to at the end of this post) but want to focus on its last chapter, a paper written by Renée DiResta and Claire Wardle. DiResta is a cybersecurity researcher at Stanford, Wardle is a TED fellow and US director of First Draft. Their paper examines the changing policies of Facebook, Instagram, Twitter and other online platforms towards the antivax movement.

There is no doubt that this movement has created a global health crisis, even before Covid appeared. Doubts about polio and measles vaccines have created new outbreaks of this disease in places such as Brooklyn, Samoa and Italy, among other places. Both of these diseases were considered cured just a few years ago and rarely seen anywhere. That all has changed as a result of increasing opposition to vaccinating children.

Part of the problem is the asymmetric relationship between pro- and antivax groups: the provax folks use mostly medical literature and poorly designed public health websites; the antivax folks use well-thought out videos, catchy Internet memes and powerful personal anecdotes to make their points. Having just a few global social media platforms means the antivaxxers can spread their message more easily too. The antivaxxers also give the impression that they are the sole trusted source of information about vaccines, which isn’t helped by the several missteps over Covid over the past few months from the CDC and WHO. It also helps that several celebrities have been pushing the antivax message, which gets further amplified by mainstream media.

The authors wrote: “To counter online misinformation, we must understand how the rumors, conspiracy theories, and misleading content that we see in digital spaces intersects with existing barriers to vaccination in different countries.” The researchers took screenshots of how people searched for vaccine information in different countries and compared those results with the official policies of the social media platforms. Not surprisingly, things didn’t line up. There are “real concerns which still exist about whether these promised changes to vaccine-related policies are having the desired effect.” For example, a search for the term “vaccines” on Instagram in February 2020  produced top results that were disproportionately pushing antivax positions, even though Instagram instituted changes to reduce this misinformation almost a year earlier.

“Anti-vaccination activists have gained a deep understanding of how to communicate
effectively on social platforms and have developed techniques to take advantage of their unique characteristics, such as groups, ads, and trending topics,” they wrote. That is a depressing situation.

Another problem is that the state health departments are largely in charge of vaccination programs, and the antivaxxers are very organized at the state level to pressure their legislators to enact laws supporting their point of view. “The ability of the pro-vaccine community to tell a more compelling story more persuasively and to spread its evidence-based message to broader audiences online is an imperative for public health,” conclude the researchers.

Click to access sabin-aspen-report-2020_meeting_the_challenge_of_vaccine_hesitancy.pdf

Network Solutions blog: How to sell your spare IP address block

For the past 27 years, I have owned a class C or /16 block of IPv4 addresses. I don’t recall what prompted me back then to apply for my block: I didn’t really have any way to run a network online, and the Internet was just catching on at the time. The transaction took moments with the exchange of a couple of emails, and there was no cost to obtain the block. 

Earlier this year I was reminded that I still owned this block and that I could sell it and make some quick cash. What was interesting is that in all the years I had the block I had never really used it for anything. I had never set up any computers using any of the 256 IP addresses associated with it. In used car terms, it was in mint condition. Virgin cyberspace territory. So began my journey into the used marketplace that began just before the start of the new year. I document some of this journey in a blog post for Network Solutions. I tell the story about what I learned and what I would do differently knowing what I know now. You can see that block transfers have become a thing from this graph.

I also wrote an eBook for them based on this experience if you want to learn more about the address block aftermarket. And in this more personal post,Beware that it isn’t easy or quick money by any means. It will take a lot of work and a lot of your time.

Red Cross blog: A life-long learner, profile of Stan Brasch

What makes any of us become an American Red Cross volunteer? Does it happen because of a change in our life circumstances, or because of a particular crisis or other event?

Stan Brasch recalls the moment it began for him: it was about three years ago when he retired from federal government service. He had returned to St. Louis after many years in Kansas City where he served with the Kansas National Guard and later the U.S. Army Reserves for a total of over 30 years.

“I wanted to help with the disaster recovery efforts,” he said. Brasch had already had extensive training for the U.S. Department of Transportation in delivering their own rapid response to emergencies.

You can read more about Stan on the Red Cross blog here.

Measuring your Covid KPIs

A friend of mine has been noting several of her family’s key performance indicators (KPIs) during the Covid Times. Things like how many minutes her family collectively naps and exercises each day, or the number of days they have cooked dinner together (vs. getting takeout) or total episodes of Tiger King they have watched. At first I thought it was very cute and clever but now I think this idea is worth a closer look. After months under lockdown, we all need some solid data to measure how we are holding up under the strain. And you all know how much of a data nerd I am.

This week the NY Times published its own instructive “pandemic rules”. The piece included accounting for the number of close contacts, managing your exposure “budget” and keeping higher-risk activities as short as possible. All are worthy goals.

Here are a few more of the ones that I have discovered from my wife and I being under lockdown.

  1. Number of bottles of wines remaining before resupply. Early on in the Covid period, we didn’t venture out for anything. I wanted to order at my favorite wine shop and pickup at the curb. Their website was terrible and it took forever to find things that would have taken me about 15 minutes if I was shopping at the physical store. Thankfully we aren’t big drinkers but we will eventually have to restock.
  2. Rolls of toilet paper remaining on hand. No more needs to be said of this.
  3. Instacart fulfillment wait times. When we began in March, we already were big users of Instacart for grocery delivery. Orders which were usually filled within hours of completing the carts suddenly took days or even a week as newbies jumped on board this system. Thankfully they have gotten things back under control and now are back to a few hours to fill.
  4. Teenage eye rolls per day. Thankfully we are empty nesters, otherwise the first metric might have to be adjusted. But hearing from parents of teens who are sheltered together more has been interesting. Some teens are finding out what mom and dad actually “do” during the work day instructive, and perhaps are more sympathetic when sharing the communal “office.”
  5. Number of Zoom minutes consumed by non-work activities. As Zoom has become the de facto connective and social tissue of our lives, its use varies depending on our social needs.
  6. Steps. We have always tracked our daily step count, but finding places to walk where you aren’t dodging folks can be tricky.
  7. Proportion of non-masked people encountered. Across our region this varies by place, time of day and other factors. Hard to have any hard and fast rules here. But we both are using them as much as possible when we are out.

If you have suggestions on other metrics to determine progress, do share in the comments.