FTC Backward Decision Gives Facebook Everything It Has Always Wanted


So, as was leaked a couple of weeks ago, the FTC has now made its $5 billion settlement with a Facebook official. There’s quite a bit that’s interesting in the stipulated order that is worth reading. I’m actually glad to see that this wasn’t just about Cambridge Analytica, where I think the “breach” issue was much less concrete. Instead, it does include a bunch of other very real violations by Facebook, including:

  1. Storing passwords in plaintext
  2. Using phone numbers that were provided for security (two-factor authentication) for advertising (a massively dangerous and stupid practice by Facebook)
  3. It’s a questionable use of facial recognition without consent
  4. Sucking up logins to other services.

Frankly, all of those are much more serious breaches than what happened with Cambridge Analytica.

Separately, as I discussed two weeks ago, if you’re mad at the size of the fine, you’re missing the point. This is, by far, the largest fine the FTC has ever issued and goes way beyond anything that it’s done before. The real problem is that this is basically all that the FTC can do. That’s the only weapon it has and it’s never going to be enough because the FTC isn’t really set up to handle modern privacy questions like this — and that would require a new mandate from Congress. This is in Congress’s court.