#1: The protection against data that would require "disproportionate effort" seems like a valid protection of the company. A company the size of Facebook surely has very complex databases, logs, and caches going on, so that if they had to literally fetch all the data they have about a user, I could see this becoming quite a project.
#2: I would consider data models a trade secret. So if the personal data contains information that belies the underlying structure, I'm okay with the data being "scrubbed" clean of anything that would potentially give competitors a peek into the underlying engineering.
Note that I canceled my Facebook account long ago because I think Facebook is a system that is structured so that the users' best interests are not a priority. But this doesn't mean that everything Facebook does is bad or is against users' privacy, so I find this article to be a bit sensationalist.
#1: A large company called Sony recently had almost 100 million accounts stolen from PSN. We all assumed that because they're big, they wouldn't do stupid things like store our passwords or credit card numbers in plaintext.
If Facebook can't fetch data from its own infrastructure, I would be seriously worried, more so than I am right now.
#2: I understand them wanting to preserve trade secrets like facial recognition, but I still would like a general idea of /every single thing/ Facebook has on me. That's like a bank storing a bunch of information on me while refusing to disclose certain parts of my bank account because they're "trade secrets".
You're right, not everything Facebook does is bad. But they don't have the users' best interests at hand and when you need to worry about a site tracking you across the Internet simply because you have an account and they can, that's the time to worry. I'm surprised we haven't seen more lawsuits than the media is reporting.
The OP mentioned that Facebook is a big corporation so they clearly must have secure data structures and invincibility from all attacks ever. I'm just pointing out that to support my point -- Facebook has the ability to fetch the data but really doesn't want to. Secure data structures have nothing to do with it, they don't prevent the fetching of data. And if Facebook is smart, they don't just throw things around randomly in the database without rhyme or reason.
What? No one said anything about invincibility from attack, or security in general. And the point was that they have a complex infrastructure, not that they throw things around randomly without rhyme or reason.
"Our files are generally indexed in our Central Records System. This computerized index contains most of our records; some of our earliest records are not indexed."
Exactly. Obvious example would be whatever data facebook uses to determine what's interesting and to put in your newsfeed. If it's just profile views, that's your data, but if I were building a site running at facebook scale, I'd be performing the final calculation using some intermediate data massaged by some totally top zecret algorithms.
I agree. It doesn't seem so outrageous to me that, after sending a CD worth of data, they drew a line.
At a certain level of detail, what they report back is going to start revealing internal secrets and IP, such as data models or algorithms. And given the volume of data that they did, provide, I find it plausible that they've drawn the line in an appropriate place.
The headline is sensationalist scaremongering. A careful read shows that it's not the data itself that's IP, but that the form in which it's presented reveals Facebook's IP.
As an example of this specific kind of data, run this bookmarklet on any facebook page to get their calculations of who is most interesting/important to you. Note: this requires trusting thekeesh.com with your data.
From playing with it myself, it looks like the rankings are calculated within a sliding window, i.e. who's updates are most interesting to you _now_. This is probably data calculated using various correlation coefficients that FB has legitimately researched on their own using the data that we give them. The data I give them is mine, the inferences they draw from it is theirs.
This is interesting but as a general rule I'd advise against giving a third-party, non-HTTPS, obfuscated Javascript the ability to rummage around inside your Facebook session.
For example, information on the recently discussed ...
"likes" that Facebook assigns to individuals, but also
very delicate process information such as their biometric
data collected by the activated facial recognition this
year from Facebook.
It doesn't seem to be the original source, either. My guess is that the biometric facial recognition data was requested, and that Facebook is trying to block that request.
Whether Facebook can get away with this depends on (i) what the data is and (ii) applicable European legal precedent, if any..
There may not be any legal precedent with regards to this type of situation since laws (in the US and abroad) are notoriously slow to adapt to new technologies, so this case may be the first test.
From a moral standpoint, it clearly seems wrong for Facebook to claim that its users' personal information is its intellectual property. Users can protest Facebook's stance through account closings, etc. But its not likely that enough users will care to force Facebook to change.
I'm not sure what you mean by saying the law is notoriously slow to adapt, since Facebook is basically quoting the law to the user.
Section 4(12) of the Acts carves out an exception to
subject access requests where the disclosures in
response would adversely affect trade secrets or
intellectual property. We have not provided any
information to you which is a trade secret or
intellectual property of Facebook Ireland Limited
or its licensors.
For all I know, Facebook may even be obligated to include such a disclaimer about missing information when processing an information request.
The laws, written in 1988 and 2003, were not designed with modern situations in mind because, back in 1988 or even 2003, many did not foresee the vast influence of social networks. The definition of "trade secret or intellectual property" in those laws are not likely going to give a clear answer as to whether certain Facebook user data fits that definition - i.e. its going to be an ambiguity argued in court unless a settlement is negotiated beforehand (at which point, the uncertainty remains and is waiting for the next controversy).
Historically, at least in the US (and I'd assume the rest of the world), the law adapts slowly to new industries because of (i) the difficulties in deciding how to best tackle the issues in the new industry and (ii) the bureacracy involved in enacting/revising laws.
For example, take a look at the way that hedge fund managers are able to get away with a 15% capital gains tax rate on their entire income because they structure their income to fit the law. The government is still trying to play catch up on that one, years later.
The EU (and the UK) are actually good way ahead of the US in this area, to the point that control over your personal data is written into the EU charter of fundamental rights as article 8:
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority.
maybe releasing some data will allow for reverse engineering of sorts, if telling you that will reveal something about how they collect, or store or analyze the data...
#1: The protection against data that would require "disproportionate effort" seems like a valid protection of the company. A company the size of Facebook surely has very complex databases, logs, and caches going on, so that if they had to literally fetch all the data they have about a user, I could see this becoming quite a project.
#2: I would consider data models a trade secret. So if the personal data contains information that belies the underlying structure, I'm okay with the data being "scrubbed" clean of anything that would potentially give competitors a peek into the underlying engineering.
Note that I canceled my Facebook account long ago because I think Facebook is a system that is structured so that the users' best interests are not a priority. But this doesn't mean that everything Facebook does is bad or is against users' privacy, so I find this article to be a bit sensationalist.