Note: This was originally published as the daily newsletter for the Columbia Journalism Review, where I am the chief digital writer
Last October, Facebook warned a group of social scientists from New York University that their research — known as the Ad Observatory, part of the Cybersecurity for Democracy Project — was in breach of the social network’s terms of service, because it used software to “scrape” information from Facebook without the consent of the service’s users. The company said that unless the researchers stopped using the browser extension they developed, or changed the way that it acquired information, they would be subject to “additional enforcement action.” Late Tuesday night, Facebook followed through on this threat by blocking the group from accessing any of the platform’s data, and also shutting down the researchers’ personal accounts and pages. In a blog post, the company said it was forced to do so because the browser extension violated users’ privacy. “While the Ad Observatory project may be well-intentioned, the ongoing and continued violations of protections against scraping cannot be ignored,” Facebook said.
The NYU researchers responded that they have taken all the precautions they can to avoid pulling in personally identifiable information from users — including names, user ID numbers, and Facebook friend lists — and also pointed out that the thousands of users who signed up to help the Ad Observatory Project installed the group’s browser extension willingly, to help the scientists research the impact of the social network’s ad-targeting algorithms. “Facebook is silencing us because our work often calls attention to problems on its platform,” Laura Edelson, one of the NYU researchers, told Bloomberg News in an email. “Worst of all, Facebook is using user privacy, a core belief that we have always put first in our work, as a pretext for doing this.” Edelson also said on Twitter that the Facebook shutdown has effectively cut off more than two dozen other researchers and journalists who got access to Facebook advertising data through the NYU project
Unauthorized access to private user data is a sensitive topic for Facebook. In the Cambridge Analytica scandal of 2018, a political consulting firm acquired personally identifiable information on more than 80 million people from a researcher who gained access to it through a seemingly harmless Facebook app. The resulting furor eventually led to a $5 billion settlement with the Federal Trade Commission for breaches of privacy, and the company promised it would never share the personal information of its users with third parties without stringent controls. The ripple effects of the FTC order — combined with the subsequent passing of the European Union’s General Data Protection Regulation or GDPR — led to severe restrictions on the social network’s API (application programming interface), which other web services and software use to exchange data with the social network. And many of those restrictions also affected researchers like those at NYU.Continue reading “Facebook shuts down research, blames user privacy rules”