Start Up: Facebook v Mueller (yes, that one), FaceID questions answered, Equifax’s musical security, and more

Do you want AI to be outing people without their consent? Photo by the_gain_card on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Handle with care. I’m @charlesarthur on Twitter. Observations and links welcome.

Facebook’s heading toward a bruising run-in with the Russia probe • Talking Points Memo

Josh Marshall:


I believe what we’re seeing here is a convergence of two separate but highly charged news streams and political moments. On the one hand, you have the Russia probe, with all that is tied to that investigation. On another, you have the rising public backlash against Big Tech, the various threats it arguably poses and its outsized power in the American economy and American public life. A couple weeks ago, I wrote that after working with Google in various capacities for more than a decade I’d observed that Google is, institutionally, so accustomed to its customers actually being its products that when it gets into lines of business where its customers are really customers it really doesn’t know how to deal with them. There’s something comparable with Facebook.

Facebook is so accustomed to treating its ‘internal policies’ as though they were something like laws that they appear to have a sort of blind spot that prevents them from seeing how ridiculous their resistance sounds. To use the cliche, it feels like a real shark jumping moment. As someone recently observed, Facebook’s ‘internal policies’ are crafted to create the appearance of civic concerns for privacy, free speech, and other similar concerns. But they’re actually just a business model. Facebook’s ‘internal policies’ amount to a kind of Stepford Wives version of civic liberalism and speech and privacy rights, the outward form of the things preserved while the innards have been gutted and replaced by something entirely different, an aggressive and totalizing business model which in many ways turns these norms and values on their heads. More to the point, most people have the experience of Facebook’s ‘internal policies’ being meaningless in terms of protecting their speech or privacy or whatever as soon as they bump up against Facebook’s business model.


link to this extract

Mueller investigation into Facebook ads may be a big deal • NY Mag

Benjamin Hart:


The Wall Street Journal reported on Friday that Facebook had turned over much more information to Special Counsel Robert Mueller about Russian-backed advertisements during the 2016 election than the company had shared with Congress:


The information Facebook shared with Mr. Mueller included copies of the ads and details about the accounts that bought them and the targeting criteria they used, the people familiar with the matter said. Facebook policy dictates that it would only turn over “the stored contents of any account,” including messages and location information, in response to a search warrant, some of them said.


CNN confirmed on Saturday that Mueller had indeed obtained the information with the help of a warrant.

Legal experts said that the news could signal a potentially explosive new phase in Mueller’s investigation. In a tweetstorm, Yale Law School associate dean Asha Rangappa said that to obtain the warrant, Mueller would have had to believe that a crime was committed – it is illegal for foreign people or entities to make contributions connected to American elections – and that the offense would need to be connected to “specific accounts” on Facebook.

Former federal prosecutor Renato Mariotti also focused on the warrant in a series of tweets, arguing that its presence meant that Mueller was “close to charging specific foreign people with a crime,” and that if Trump associates were part of the planning behind it, they could face serious charges as well.


A senior person who I know at Facebook said “that was quite a week”. There might be some more coming.
link to this extract

The AI “Gaydar” study and the real dangers of big data • The New Yorker

Alan Burdick on the reaction to the study which took pictures from Tindr and applied AI to guess – well, calculate – whether they were gay or straight:


Historically speaking, the hair-trigger response to the study was understandable. Regardless of the accuracy of the method, past schemes to identify gay people have typically ended in cruel fashion—pogroms, imprisonment, conversion therapy. The fact is, though, that nowadays a computer model can probably already do a decent job of ascertaining your sexual orientation, even better than facial-recognition technology can, simply by scraping and analyzing the reams of data that marketing firms are continuously compiling about you. Do gay men buy more broccoli than straight men, or do they buy less of it? Do they rent bigger cars or smaller ones? Who knows? Somewhere, though, a bot is poring over your data points, grasping for ways to connect any two of them.

Therein lies the real worry. Last week, Equifax, the giant credit-reporting agency, disclosed that a security breach had exposed the personal data of more than a hundred and forty-three million Americans; company executives had been aware of the security flaw since late July but had failed to disclose it. (Three of them, however, had off-loaded some of their Equifax stock.) The collection and sale of consumer data and buying patterns has become a vast business of which consumers are largely unaware, although they actively contribute to it by clicking on ads, accepting cookies, and agreeing to be tracked. But each new security breach reveals again that the data-collection farms feel little obligation toward us; their customer is the data buyer, not the data source.


link to this extract

Google will delete Android backups after two months of no device usage • Android Police

Ryan Whitwam:


It turns out Google won’t keep your Android backups forever. In fact, it only gives you about two months.

Android has been able to sync some apps and data to a new phone since the Eclair days, but the system was vastly improved in Marshmallow. Now, you have backups for your Android devices in a Google Drive folder, and the process of restoring is somewhat reliable. It’s far from perfect, but it usually works… unless your backup is expired. As someone on Reddit recently reminded us, Google deletes unused backups after two months. All that app and settings data is gone, and there’s no way to save it even if you’re paying for Google Drive storage.

You can see which backups of yours, if any, are set to expire by checking the backup folder in Google Drive. Backups for any device inactive for more than two weeks should have an expiration date. This is only showing up for me in the Android app, which seems especially problematic since you might not be using an Android device at all.


To me this tells us more about how Google views (and what it knows about) device usage, and backup retrieval, than anything else. A backup that hasn’t been touched for two months is probably for a dead device – supplanted, forgotten, lost, stolen. I’d bet that the amount of data stored is minimal. Even though 2 billion devices can add up to a lot of stored data, Google has plenty of storage for it. Except that the Reddit user who raised this had been using a “temporary” iPhone.

Apple’s use of never-expiring backups becomes odd in this context. Do you really need that two-year-old backup?
link to this extract

Every major advertising group is blasting Apple for blocking cookies in the Safari browser • Adweek

Marty Swant:


In an open letter expected to be published this afternoon, the groups describe the new standards as “opaque and arbitrary,” warning that the changes could affect the “infrastructure of the modern internet,” which largely relies on consistent standards across websites. The groups say the feature also hurts user experience by making advertising more “generic and less timely and useful.”

“Apple’s unilateral and heavy-handed approach is bad for consumer choice and bad for the ad-supported online content and services consumers love,” according to a copy of the letter obtained by Adweek this morning. “Blocking cookies in this manner will drive a wedge between brands and their customers, and it will make advertising more generic and less timely and useful. Put simply, machine-driven cookie choices do not represent user choice; they represent browser-manufacturer choice.”

Of course, the digital advertising world has a lot to lose if hyper-targeting becomes more diluted. According to an eMarketer report released in March, digital ad spending in the US is expected to reach $83bn in 2017, up nearly 16% from last year.


Apple’s response as given to John Gruber and others:


“Apple believes that people have a right to privacy — Safari was the first browser to block third party cookies by default and Intelligent Tracking Prevention is a more advanced method for protecting user privacy.

Ad tracking technology has become so pervasive that it is possible for ad tracking companies to recreate the majority of a person’s web browsing history. This information is collected without permission and is used for ad re-targeting, which is how ads follow people around the Internet. The new Intelligent Tracking Prevention feature detects and eliminates cookies and other data used for this cross-site tracking, which means it helps keep a person’s browsing private. The feature does not block ads or interfere with legitimate tracking on the sites that people actually click on and visit. Cookies for sites that you interact with function as designed, and ads placed by web publishers will appear normally.”


They thought adblocking on iOS would end the world too. Hasn’t, so far.
link to this extract

Interview: Apple’s Craig Federighi answers some burning questions about Face ID • TechCrunch

Matthew Panzarino:


One anecdotal thing: If you lift your phone and swipe up immediately, there’s a good chance that the Face ID system will have performed its authentication fast enough to have unlocked your device by the time you finish your swipe. That’s how fast it is.

But the speed isn’t the only question. Sunglasses, for instance, are fairly commonly worn outdoors. Federighi had mentioned in an email to a user that “most” sunglasses would work fine.…

…Face ID requires that it be able to see your eyes, nose and mouth. This means there are scenarios where it just won’t work.

“If you’re a surgeon or someone who wears a garment that covers your face, it’s not going to work,” says Federighi. “But if you’re wearing a helmet or scarf, it works quite well.”

This means that Face ID is not going to be a viable option for people who wear a mask for work or wear a niqab, for instance. They would need to use a passcode. Federighi notes that this limitation is similar to Touch ID, which simply didn’t work if you wore gloves or had wet fingers.

Another common question is about what kind of angles and distances you can be at in relation to your iPhone to get it to unlock.

“It’s quite similar to the ranges you’d be at if you put your phone in front-facing camera mode [to take a picture],” says Federighi. Once your space from eyes to mouth come into view that would be the matching range — it can work at fairly extreme angles — if it’s down low because your phone is in your lap it can unlock it as long as it can see those features. Basically, If you’re using your phone across a natural series of angles it can unlock it.”


The question all becomes one of “what does ‘look’ at your phone mean?” From the demos I’ve seen it’s not a fixed stare. It’s a lot more casual than that.
link to this extract

Changes in the new iTunes • Apple Support


The new iTunes [on desktop; version 12.7] focuses on music, movies, TV shows, podcasts, and audiobooks. Apps for iPhone, iPad, and iPod touch are now exclusively available in the new App Store for iOS. And the new App Store makes it easy to get, update, and redownload apps—all without a Mac or PC.

You’ll find these changes in the new iTunes:
• Apps: Looking for your past iOS app downloads? Learn how to redownload apps on your iOS device.

• iTunes U: Collections of iTunes U content appear in the Podcasts section of iTunes. 

• Internet Radio: Your Internet Radio stations appear in your music library’s sidebar. Click Edit in the sidebar to show or hide Internet Radio.

• Ringtones: iOS 11 supports redownloading ringtones directly to your iOS device, without the need to use iTunes on your Mac or PC.

•Books on Windows: Books on iTunes for Windows are managed in iBooks for iOS. Learn how to redownload books on an iOS device.


It’s been a long run, iTunes – 16 years of syncing with Apple’s top portable devices! – but it’s finally time to cut the cord.
link to this extract

Equifax hired a music major as chief security officer and she has just retired • MarketWatch

Brett Arends:


When Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the company’s data security.

And then they might also ask him if anyone at the company has been involved in efforts to cover up [former chief security officer] Susan Mauldin’s lack of educational qualifications since the data breach became public.

It would be fascinating to hear Smith try to explain both of those extraordinary items.

If those events don’t put the final nails in his professional coffin, accountability in the U.S. is officially dead. And late Friday Equifax said both Mauldin and the company’s chief information officer have retired effective immediately [in an announcement which didn’t name either].

Equifax “Chief Security Officer” Susan Mauldin has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security. Late last week, her LinkedIn page was made private and her last name replaced with “M.”

This is the person who was in charge of keeping your personal and financial data safe — and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.


Arends allows, fairly, that Mauldin’s music training might have equipped her for computer security. There just isn’t anything in her LI profile that would lead you to conclude she’s best-suited for the job. (Then again, there’s no responsibility to curate your LI profile to show such detail.) It would be good to have some more detail about Mauldin’s experience before this.

link to this extract

Experts say the use of private email by Trump’s Voter Fraud Commission isn’t legal • ProPublica

Jessica Huseman:


President Donald Trump’s voter fraud commission came under fire earlier this month when a lawsuit and media reports revealed that the commissioners were using private emails to conduct public business. Commission co-chair Kris Kobach confirmed this week that most of them continue to do so.

Experts say the commission’s email practices do not appear to comport with federal law. “The statute here is clear,” said Jason R. Baron, a lawyer at Drinker Biddle and former director of litigation at the National Archives and Records Administration.

Essentially, Baron said, the commissioners have three options: 1. They can use a government email address; 2. They can use a private email address but copy every message to a government account; or 3. They can use a private email address and forward each message to a government account within 20 days. According to Baron, those are the requirements of the Presidential Records Act of 1978, which the commission must comply with under its charter.


Private emails are also at risk of hacking, too.
link to this extract

Sign language interpreter used gibberish, warned of bears, monsters during Hurricane Irma update |

Leada Gore:


Officials in Manatee County, Florida are under fire after an interpreter for the deaf warned about pizza and monsters during an emergency briefing related to Hurricane Irma.

The interpreter, Marshall Greene, a lifeguard for the county, has a brother who is deaf, according to the DailyMoth, a video news site that provides information via American Sign Language. Greene was used as the interpreter for a Sept. 8 press conference regarding the incoming storm and possible evacuations.

Members of the deaf community said Greene mostly signed gibberish, referencing “pizza,” “monsters,” and using the phrase “help you at that time to use bear big,” during the event. Other information signed to viewers was incomplete, experts said.


One always suspects this about the sign language interpreters. Never expects it to be true. (Apparently the interpreter had said previously he didn’t feel confident about doing this.)
link to this extract

Errata, corrigenda and ai no corrida: none notified

1 thought on “Start Up: Facebook v Mueller (yes, that one), FaceID questions answered, Equifax’s musical security, and more

  1. Not just a phone backup, but my last Google Takeout (I try to do them every few months, backups are offsite offline multiple and tested, cloud is only 1 of those 4) is 33 GB (bytes !). That’s all my data on Google servers: contacts, mails, docs, calendar… I’d guess that’s fairly average. Supporting a user must be a non-trivial cost, a few dollars/yr ?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.