Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Facebook Privacy

Facebook Engineer Abused Access To User Data To Track Woman That Left Him After a Fight, New Book Says (yahoo.com) 78

A Facebook engineer abused employee access to user data to track down a woman who had left him after they fought, a new book said. Business Insider reports: Between January 2014 and August 2015, the company fired 52 employees over exploiting user data for personal means, said an advance copy of "An Ugly Truth: Inside Facebook's Battle for Domination" that Insider obtained. The engineer, who is unnamed, tapped into the data to "confront" a woman with whom he had been vacationing in Europe after she left the hotel room they had been sharing, the book said. He was able to figure out her location at a different hotel.

Another Facebook engineer used his employee access to dig up information on a woman with whom he had gone on a date after she stopped responding to his messages. In the company's systems, he had access to "years of private conversations with friends over Facebook messenger, events attended, photographs uploaded (including those she had deleted), and posts she had commented or clicked on," the book said. Through the Facebook app the woman had installed on her phone, the book said, the engineer was also able to see her location in real time. Facebook employees were granted user data access in order to "cut away the red tape that slowed down engineers," the book said.

"There was nothing but the goodwill of the employees themselves to stop them from abusing their access to users' private information," wrote Sheera Frenkel and Cecilia Kang, the book's authors. They added that most of the employees who abused their employee privileges to access user data only looked up information, although a few didn't stop there. Most of the engineers who took advantage of access to user data were "men who looked up the Facebook profiles of women they were interested in," the book said. Facebook told Insider it fired employees found to have accessed user data for nonbusiness purposes.

This discussion has been archived. No new comments can be posted.

Facebook Engineer Abused Access To User Data To Track Woman That Left Him After a Fight, New Book Says

Comments Filter:
  • deleted? (Score:5, Insightful)

    by wbcr ( 6342592 ) on Thursday July 15, 2021 @08:34PM (#61586969)
    > photographs uploaded (including those she had deleted) How come this is not surprising to me (and not even noteworthy to others)?
    • Because we've all known about this for a decade?

    • Guy uses the vast power of the technological giant he works for to spy on and then confront someone even as that person moved around a city, ostensibly to stay away from him. Can't we get some kind of RICO class of felony for this sort of thing?
  • Real gentlemen (Score:4, Interesting)

    by ugen ( 93902 ) on Thursday July 15, 2021 @08:50PM (#61586991)

    Facebook engineers clearly have their way with the ladies - some real gentlement they are.

    • Re:Real gentlemen (Score:4, Insightful)

      by rtb61 ( 674572 ) on Thursday July 15, 2021 @09:10PM (#61587017) Homepage

      Facebook executives of course have free reign, not low level engineers, they are monitored, for obvious reasons. That the executives allowed free reign sick as.

    • Re:Real gentlemen (Score:5, Insightful)

      by apoc.famine ( 621563 ) <apoc.famine@gm[ ].com ['ail' in gap]> on Thursday July 15, 2021 @10:20PM (#61587159) Journal

      Well, take comfort in the fact that they just fired the stupid ones.

      The smart ones are still there, and they're doing the exact same thing except they're 'accidentally' pulling in their stalkee 'randomly' into 'demographic groups' for 'testing'.

      They're not stalking one woman, they're analyzing the statistical variance of the geographical distribution of various groups of 'user types', and it just so happens that one of the women they are interested in is part of that larger group.

    • Facebook engineers clearly have their way with the ladies - some real gentlement they are.

      You see this in any job with access to sensitive information. Police officers do it, and you'd better believe that bank personnel do it as well. I've even seen access records of people doing this at places like the phone or cable companies. Actually if you want terrifying, the lady that worked for (Verizon? AT&T?) viewing all the cellular information. That was before iMessage so I think she was able to read all the text messages as well.

      Give people power and someone will probably abuse that power. T

    • Facebook engineers clearly have their way with the ladies

      More to the point, Facebook engineers clearly have their way with the data, which is a massive failure on Facebook's part.

      There's no reason for any employee to have access to user data except for support staff, and then only in response to a user request. Every access by support staff should be associated with a ticket, exactly what they looked at should be logged, and auditors should check a (large) random sample of the logs to verify that the ticket justified the data access.

      Engineers that build the s

      • Facebook engineers clearly have their way with the data, which is a massive failure on Facebook's part.

        Had. In 2015. Which is why Facebook added controls since then. Nowadays you can run peer-reviewed code against large swaths of user data to pull out statistics but you can't directly access one user's data without it being logged and reviewed by auditors in another department. If their judgement is that you didn't have a valid business reason for accessing the data, you're fired. No warnings.

        And to be clear, a valid business reason would be something like: the user reported a problem with their account and

    • They are as gentlemanly as FB is social.

  • Re: (Score:2, Insightful)

    Comment removed based on user account deletion
  • by ghoul ( 157158 ) on Thursday July 15, 2021 @09:03PM (#61587005)
    Claw back stock options for the employees and everyone in their group upto VP level Create some healthy amount of colleague on colleague spying. I meanFB employes are good at it. Use their skills. If you know the asshole next to your cube is abusing his access you better report it or you will lose your stock options too.
  • C'mon /. , at least get her pronouns right. "woman that left left him" in the headline!? A professional "journalist" (I'm not complaining about commenters) making basic grammatical errors just throws all credibility out the window. And a correct version appears in the very next line "woman who had left him".

    Of course one incident is hardly news. The real story is the large number who were caught, how easy it was, the lack of any privacy protection by Facebook.
    But Facebook has a long history of lack o

  • Facebook, Equifax, banks, etc should all do the same.

    Govt folks too. Police, IRS, DMV, etc. They should be fired and prosecuted.

    • by triffid_98 ( 899609 ) on Thursday July 15, 2021 @09:34PM (#61587067)
      ...except the courts have already decided that when "our nations finest" do this it isn't a crime.

      https://www.cnn.com/2021/06/03... [cnn.com]
      • by fafalone ( 633739 ) on Thursday July 15, 2021 @10:05PM (#61587131)
        That ruling isn't limited to police and I'm very disappointed anyone here would support ordinary website ToS having the force of law, which was what was at stake in that case and what a ruling otherwise would have meant. It should be a crime to misuse private information, and it for private official records it is in most states, but what it's not is computer hacking under the Computer Fraud and Abuse Act when your legitimately possess an account with permission to access that data without bypassing any restrictions. That's what that case was about.
        • The net/net of this is that the only "recourse" in any of these situations is dismissal. Should this be codified in a better way? Certainly. Should government employees have a legal "side-hustle" where they can sell access to data (last year I personally experienced this. I don't know who did the deed but I know full well how my information was obtained). No. Should we hold Facebook employees to a higher legal standard than LEOs and other government employees? Also no
          • Well for government employees the recourse is a charge of misuse of official records. For example if it was a federal employee who sold your data, they'd have violated 5 U.S.C. Â 552a(b), and most states have similar laws, just Google '(your state) misuse of records law'. For privately owned data I'd be for passing a law to allow charges for something like accessing personal information for improper reasons, if the law is well crafted. But not a general law where breaking any ToS is a felony.
  • by Chuck Hamlin ( 6194058 ) on Thursday July 15, 2021 @09:36PM (#61587069)
    Zuckerberg created it to rate college women..
  • by Rosco P. Coltrane ( 209368 ) on Thursday July 15, 2021 @09:57PM (#61587117)

    The initial meeting with her boyfriend should've gone something like this:

    - Hello I'm Keith!
    - Hi I'm Karen. What do you do in life?
    - I work at Facebook
    - Yeah... Hmm, right... My number is 555-1212. Call me maybe. Buh bye.

  • by Anaxagoras ( 190565 ) on Thursday July 15, 2021 @11:06PM (#61587233)

    It's almost as if facebook was originally made to creep on women.

  • by ytene ( 4376651 ) on Friday July 16, 2021 @12:19AM (#61587357)
    Not, perhaps, in the United States [yet], but in other parts of the world from which Facebook accepts users, such as the UK - see here [police.uk].

    In terms of the potential for this sort of behavior to be considered illegal, it is possible that such actions could be breaches of (continuing the UK example): The Protection from Harassment Act (1997) [legislation.gov.uk], or the Malicious Communications Act (1988) [legislation.gov.uk], or the Communications Act (2003) [legislation.gov.uk], or the Computer Misuse Act (1990) [legislation.gov.uk], or the Obscene Publications Act (1959) [legislation.gov.uk], or possibly even the Public Order Act (1986) [legislation.gov.uk].

    If Facebook were to discover, for example, that they had an employee in the UK who was using their infrastructure to follow, monitor or harass any other citizen, then Facebook should have had the matter investigated. Their in-house counsel or external law firm should have been competent enough to at least think of checking the actions of the employee against the law. If, however, Facebook were to have discovered multiple employees performing similar actions and Facebook have not brought the police in to the matter, then Facebook could very well be a de facto accessory to criminal actions under one or more of the above laws.

    The instant problem this would create for Facebook would be that evidence may now show that Facebook have been aware of criminal use of their platforms and have failed to report the criminal acts to the proper authorities. Which would make Facebook an accessory to all of those criminal actions. This gets interesting, therefore, because - to use a simple math example - suppose Facebook discovered 5 rogue employees, each of whom committed prohibited and illegal acts, using Facebook infrastructure, against two different women. Five employees, two women each, that's 10 women total. That makes Facebook an accessory to crimes against all 10 women. By virtue of being involved in all the potentially criminal acts, Facebook's legal exposure could, could get real interesting, real quick.

    I'm using the UK as an example because often their social laws tend to be a bit more advanced than the federal equivalents - and of course all the above links are written in English. However, we could expect to see similar laws in Australia, New Zealand, all across Europe... and because, in UK law at least, being aware of criminal or potentially criminal conduct isn't just a crime in itself, it also makes the party an accessory to the original crime. Depending on that "original offence" the consequences might be pretty serious.

    I hope.
  • *Nobody* should have access to real-world data with the obvious exception.

    This is failure of *both* the engineer on a personal level and on facebook on a *fucking global* level.

    We use mock data for a reason. Who the hell let these douchenozzles near a keyboard?

    • by ytene ( 4376651 )
      This. A bajillion times this.

      Meanwhile, our industry appears to be absolutely intent on collectively charging over the cliff known as "DevOps". And if that's isn't a high enough precipice, then there's always "DevSecOps".

      Not, "putting the fox in charge of the hen-house" - apt though it is, think more: "lunatics taking over the asylum".
  • This seems like a good occasion to switch to a messaging app with end-to-end encryption such as Signal for all messages instead of using Facebook Messenger. Or do you still trust Facebook to keep your data and conversations safe?

  • by arQon ( 447508 ) on Friday July 16, 2021 @02:12AM (#61587505)

    The one about an engineer, a physicist, and a mathematician on a train in Scotland who see a black cow in a field. (Doubtless with multiple regional variations, and appropriate sheep/horse/etc substitutions).

    > Facebook told Insider it fired employees found to have accessed user data for nonbusiness purposes.

    IOW, "Facebook told Insider it might, potentially, consider firing an employee for this sort of behavior, at some point in time, IFF that employee's behavior became public and there was a sufficiently large outcry over it, and the employee was both low-level and disposable enough".

    If not though, he'd be given an honorary MBA and promoted....

  • Shut down facebook, no good comes from it.

  • by tsa ( 15680 )

    This kind of stuff happens everywhere where people have access to data: hospitals, insurance companies, banks. The FB incident has nothing to do with FB being bad; it's just a matter of an employee overstepping their bounds.

  • If the engineers would have just paid for the data like any customer, all would have been forgiven.

  • When women do this everyone just considers it a routine crazy ex.
  • by mallyn ( 136041 ) on Friday July 16, 2021 @10:51AM (#61588565) Homepage
    Folks:

    All of this boils down to a very simple phrase that I hold dear to my heart.

    If you don't want to be in a compromising position, please don't even take that picture of yourself or whomever that you are contemplating.

    Once you touch the click button on your camera/phone/tablet/whatever, and that image has bee captured, for all intents and purposes, you have lost control of it. You have to fight off whatever software/spyware/whatever on your device. But you also have to fight off your own carelessness and impulses. It does not take much for that electronic image of you doing something embarrassing to 'jump' from your camera/tablet/phone memory to somewhere on the net, which leads to somewhere else on the net and so forth.

    Myself? I make sure that all cameras in my house are either put in a drawer (DSLR cameras) put facedown on the table (webcam) or covered with lid closed (laptop cameras) before I even start to undress for my nightly shower/bedtime. In addition, the only computer that is turned on is my router. Everything else is hard switched off.

    I get fully showered and dressed as if I am ready to go to the office before I turn anything electronic on in the morning. No. I do not turn the Zoom unit on before my pants are fully on and that zipper is firmly closed.

    Facebook/Twitter/etc??? I post only videos and photos that I fully intend to publish. Before I post anything, I think very hard of why I am posting it and what, if any, are consequences. Sometimes, I simply turn off the computer and chill out for a day before confirming my decision to publish something. And no, nothing below my stomach and above my knees is uncovered before even setting up any cameras.

    What goes on-camera is what I have been doing in full public for a long time prior to that camera being turned on and the file sent up to the cloud.

    Humbly and Respectfully Yours

    I Love You All!

    Mark Allyn

    Bellingham, Washington

  • even had a special designation -- LOVE_INT -- or something for such types of unauthorized access. Facebook needs to be broken up and/or shut down entirely. Zuckerberg and Dorsey can share a cell at the Hague for crimes against humanity.
  • If you think this abuse is an isolated incident than I have beach front property to sell you in the Montana.
  • A great location in a desirable neighborhood, a comfortable layout with good- luxury sized bedrooms and bathrooms, a great kitchen with plenty of counter and cabinet space, many updated and upgraded features, central HVAC and programmable thermostat, garage and a spacious yard, and it's pet friendly. Interior details Flooring Flooring: Carpet, Linoleum / Vinyl Heating Heating features: Forced air, Electric Cooling Cooling features: Air Conditioner Type and style Home type: SingleFamily Material

Genius is ten percent inspiration and fifty percent capital gains.

Working...