Facebook Settling ‘Sponsored Stories’ Privacy Lawsuit

Photo: Marco Fieber/Flickr

Facebook is agreeing in “principle” to settle allegations that its “Sponsored Stories” advertising platform breached its users’ privacy.

Terms of the deal (.pdf) were not immediately disclosed. The suit, (.pdf) filed in April 2011, claimed that the social-networking site did not adequately provide a way to opt out of the advertising program that began in January 2011.

Sponsored stories work like this: If a Facebook user “likes” an advertiser, that user’s profile and picture may appear on some of their friends’ Facebook pages — in ads — stating that the person, indeed, “likes” that advertiser. Facebook also reserves the right to do this on ads that appear on sites other than Facebook, though it has not done that.

Facebook and class-action attorneys were set to hold oral arguments Thursday in a San Jose, California, federal courtroom on whether the case could proceed as a class action representing perhaps millions of Facebook users. The lawyers wrote U.S. District Judge Lucy Koh on Tuesday that they have executed “a term sheet memorializing their settlement in principle.”

The development comes on the third trading day following Facebook’s IPO. It closed at $31, down from the original $38 asking price on Friday. The settlement agreement will eventually become public and requires Koh’s signature.

In November, the Federal Trade Commission slapped Facebook’s hand and settled government charges it “deceived” users that their information would be kept private, although it was “repeatedly” shared with the public.

The FTC deal, among other things, required Facebook to submit to a privacy audit every two years for the next two decades. The accord, which carried no financial penalties, demands that the social-networking site obtain “express consent” of its 850 million users before their information “is shared beyond the privacy settings they have established.”

Regarding Tuesday’s settlement, the ad settings at issue are not contained in Facebook’s privacy settings, and instead are in a section called Facebook Ads under the main profile settings.

While terms of Tuesday’s settlement were not lodged with Judge Koh, we suspect they will be similar to a 2010 settlement in a different Facebook privacy flap.

In that case, a  federal judge approved a $9.5 million settlement to a class-action lawsuit challenging Facebook’s so-called “Beacon” program that monitored and published what users of the site were buying or renting from Blockbuster, Overstock and other locations without users’ permission.

The lawyers in that case were awarded about $3 million of the pot, and the remainder was earmarked for grants to study online privacy.

Facebook, without admitting wrongdoing, terminated the Beacon program, though much of it has resurfaced under the guise of Facebook’s so-called “frictionless sharing.”

Under the latest deal, Facebook users likely would have to opt in to participate in the “Sponsored Stories” program or be provided a clear mechanism to opt out. It was not immediately known whether Facebook would kill the “Sponsored Stories” program.

The five named plaintiffs in the case will likely receive several thousand dollars each, while Facebook likely will admit no wrongdoing.

The plaintiffs’ lawyers, who likely will reap millions in the latest case, did not immediately respond for comment. Facebook declined comment.

NSA Teams Up With Colleges to Train Students for Secret Cyber-Ops Jobs

NSA headquarters in Fort Meade, Maryland. Photo: Courtesy NSA

The National Security Agency is partnering with select universities to train students in cyber operations for intelligence, military and law enforcement jobs, work that will remain secret to all but a select group of students and faculty who pass clearance requirements, according to Reuters.

The cyber-operations curriculum is part of the Obama administration’s national initiative to improve cybersecurity through education, and is designed to prepare students for jobs with the U.S. Cyber Command, the NSA’s signals intelligence operations, the Federal Bureau of Investigation and other law enforcement agencies that investigate cyber crimes.

The U.S. Cyber Command’s job is, in part, to support the military in offensive cyber operations against enemy networks, suggesting the students would be trained in the methods of hackers.

“We’re trying to create more of these, and yes they have to know some of the things that hackers know, they have to know a lot of other things too, which is why you really want a good university to create these people for you,” Neal Ziring, technical director at the NSA’s Information Assurance Directorate, told Reuters.

But another NSA official was quick to add that the NSA wasn’t looking to teach students illegal hacking techniques.

“We are not asking them to teach kids how to break into systems, we’re not asking them to teach that. And a lot of them have said they wouldn’t teach that,” said Steven LaFountain, a senior NSA official who guides academic programs told Reuters. “We’re just asking them to teach the hardcore fundamental science that we need students to have when they come to work here.”

Although 20 universities applied to participate in the program, only four were selected so far: Dakota State University, Naval Postgraduate School, Northeastern University and University of Tulsa.

Schools applying for the program had to meet 10 criteria, among them was a requirement that they teach courses in reverse engineering.

Once the students have the basic knowledge needed, they will be eligible to receive training to work in classified jobs with the NSA.

“In our operational developmental organization, we would spend up to 12 months to give them the secret sauce, the tradecraft, the really deep technical training so that they could make themselves useful in doing what we need them to do, and that’s with that technical underpinning,” Captain Jill Newton, who leads NSA’s cyber training and education programs, told Reuters.

New York Legislation Would Ban Anonymous Online Speech

Photo: dcwriterdawn/Flickr

Did you hear the one about the New York state lawmakers who forgot about the First Amendment in the name of combating cyberbullying and “baseless political attacks”?

Proposed legislation in both chambers would require New York-based websites, such as blogs and newspapers, to “remove any comments posted on his or her website by an anonymous poster unless such anonymous poster agrees to attach his or her name to the post.”

No votes on the measures have been taken. But unless the First Amendment is repealed, they stand no chance of surviving any constitutional scrutiny even if they were approved.

Republican Assemblyman Jim Conte said the legislation would cut down on “mean-spirited and baseless political attacks” and “turns the spotlight on cyberbullies by forcing them to reveal their identity.”

Had the internet been around in the late 1700s, perhaps the anonymously written Federalist Papers would have to be taken down unless Alexander Hamilton, James Madison and John Jay revealed themselves.

“This statute would essentially destroy the ability to speak anonymously online on sites in New York,” said Kevin Bankston, a staff attorney with the Center for Democracy and Technology. He added that the legislation provides a “heckler’s veto to anybody who disagrees with or doesn’t like what an anonymous poster said.”

Sen. Thomas O’Mara, a Republican who is also sponsoring the measure, said it would “help lend some accountability to the internet age.”

A cynic, however, might see an attempt by lawmakers to prop up Facebook’s falling stock price via an implicit endorsement of the Facebook model of identity on the internet.

The Senate and Assembly measures, which are identical, cover messages on social networks, blogs, message boards or “any other discussion site where people can hold conversations in the form of posted messages.”

The bills also demand those sites to have a contact number or e-mail address posted for “such removal requests, clearly visible in any sections where comments are posted.”

Oddly, the bill has no identification requirement for those who request the takedown of anonymous content.