Facebook Fights US Government Demand to Break Messenger Encryption in Criminal Case

Facebook is contesting a demand from the U.S. government that it break the encryption of its popular Messenger app so that law enforcement can listen in to a suspect’s conversations as part of an ongoing investigation into the MS-13 gang.

The U.S. Department of Justice’s demand is in relation to a case proceeding in a federal court in California that is currently under seal, so public files are unavailable. However, Reuters‘ sources said the judge in the case heard arguments on Tuesday on a government motion to hold Facebook in contempt of court for refusing to carry out the surveillance request.

Facebook says it can only comply with the government’s request if it rewrites the code relied upon by all its users to remove encryption or else hacks the government’s current target, according to Reuters.

Legal experts differed over whether the government would likely be able to force Facebook to comply. However, if the government gets its way in the case, experts say the precedent could allow it to make similar arguments to force other tech companies to compromise their encrypted communications services.

Messaging platforms like Signal, Telegram, Facebook’s WhatsApp and Apple’s iMessage all use end-to-end encryption that prevents communications between sender and recipient from being accessed by anyone else, including the service providers.

Tech companies have pushed back against previous attempts by authorities to break encryption methods, such as the FBI’s request that Apple help it hack into the iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino.

In February 2016, a U.S. federal judge ordered Apple to help the FBI, but Apple opposed the order in an open letter penned by Tim Cook, who said the FBI’s request would set a “dangerous precedent” with serious implications for the future of smartphone encryption.

Apple’s dispute with the FBI ended on March 28, 2016 after the government found an alternate way to access the data on the iPhone with the help of a private contractor and withdrew the lawsuit.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Discuss this article in our forums

Movado Group acquires watch startup MVMT

The Movado Group, which sells multiple brands, including Lacoste, Tommy Hilfiger and Hugo Boss, has purchased MVMT, a small watch company founded by Jacob Kassan and Kramer LaPlante in 2013. The company, which advertised heavily on Facebook, logged $71 million in revenue in 2017. Movado purchased the company for $100 million.

“The acquisition of MVMT will provide us greater access to millennials and advances our Digital Center of Excellence initiative with the addition of a powerful brand managed by a successful team of highly creative, passionate and talented individuals,” Movado Chief Executive Efraim Grinberg said.

MVMT makes simple watches for the millennial market in the vein of Fossil or Daniel Wellington. However, the company carved out a niche by advertising heavily on social media and being one of the first microbrands with a solid online presence.

“It provides an opportunity to Movado Group’s portfolio as MVMT continues to cross-sell products within its existing portfolio, expand product offerings within its core categories of watches, sunglasses and accessories, and grow its presence in new markets through its direct-to-consumer and wholesale business,” said Grinberg.

MVMT is well-known as a “fashion brand,” namely a brand that sells cheaper quartz watches that are sold on style versus complexity or cost. Their pieces include standard three-handed models and newer quartz chronographs.

Facebook’s Kodi box ban is nothing new

According to recent reports, Facebook has updated its Commerce Policy to specifically ban the sale of Kodi boxes on its site – that is, devices that come with pre-installed Kodi software, which are often used for illegally streaming digital content. However, the ban is not a new one – Facebook confirms its policy on Kodi box sales hasn’t changed since last summer, and its external Policy Page – the one being cited as evidence of the new ban – was updated in December.

It’s true that the changes have flown under the radar until now, though.

The policy change was first reported by Cord Cutters News, and later linked to by TorrentFreak and Techdirt.

The original report claims that Facebook added a new rule on its list of “Digital Media and Electronic Devices” under “Prohibited Content,” which specifically calls out Kodi boxes. It says that Facebook posts “may not promote the sale of devices that facilitate or encourage streaming digital content in an authorized manner or interfering with the functionality of electronic devices.”

The Policy page lists a few examples of what this means, including wiretapping devices, jamming or descrambling devices, jailbroken or loaded devices, and, then “promoting the sale or use of streaming devices with Kodi installed.” (The only permitted items are “add-on equipment for Kodi devices, such as keyboards and remotes.”)

But this ban on Kodi boxes, Facebook says, is not a recently implemented policy.

According to a Facebook spokesperson, it launched a new policy last summer that prohibited the sale of electronic devices that facilitate or are intended for unauthorized streaming or access to digital content – including Kodi boxes. This policy has not changed since last summer, but its external Policy Page – this one being cited by the various reported – was updated in December 2017 to offer additional illustrative examples and more detailed information on all its policies, including the one related to unauthorized streaming devices.

In other words, Facebook has been banning Kodi boxes since it decided to crackdown on unauthorized streaming devices last year. It’s just now being noticed.

The ban affects all posts on Marketplace, Buy and Sell Groups, and Shop Sections on Pages.

Facebook explains it takes a very strong enforcement approach when “Kodi” is mentioned with a product for sale.

As Techdirt pointed out, that’s problematic because the Kodi software itself is actually legal.

However, device makers like Dragon Box or SetTV have been using the open-source Kodi platform and other add-ons to make copyright infringement easier for consumers.

Facebook does seem to understand that Kodi software isn’t illegal, but it knows that when “Kodi” is mentioned in a product (e.g. a device) listing, it’s very often a product designed to circumvent copyright. The company tells us that its intent is not to ban Kodi software altogether, however, and it’s in the process of reviewing its guidelines and these examples to more closely target devices that encourage unauthorized streaming.

That could mean it will, at some point, not outright ban a device that includes Kodi software, but focus more on other terms used in the sale, like “fully loaded” or some sort of description of the illegal access the box provides, perhaps. (Facebook didn’t say what might change.)

As for Kodi, the company says Facebook’s move doesn’t affect them.

“It doesn’t impact us, since we don’t sell devices,” says Keith Herrington, who handles Business Relations at the XBMC Foundation (Kodi).

He said his organization would love to talk to someone at Facebook – since they’ve never been in touch – in order to ensure that devices that are in compliance with Kodi’s trademark policy are not banned. Both Amazon and eBay have worked with Kodi on similar policies, he added.

“We’ve gotten thousands of devices which were in violation of our trademark policy removed from eBay,” Herrington said.

It’s unclear how well-enforced Facebook’s ban really is – I’m in Facebook groups myself where people talk about how to jailbreak “Fire sticks” and include posts from those who sell them pre-jailbroken. (It’s for research purposes. Ahem.)

Industry crackdowns go beyond Facebook

Facebook isn’t the only company that’s attempting to crack down on these devices. Netflix, Amazon and the major studios are suing Dragon Box for facilitating piracy by making it easy for consumers to access illegal streams of movies and TV shows.

In January 2018, a U.S. District Court judge handed down a preliminary injunction against TickBox TV, a Georgia-based set-top box maker that was sued by the major studios, along with streaming services Netflix and Amazon, for profiting from the sale of “Kodi boxes.”

Google has removed the word “kodi” from the autocomplete feature of Search, along with other piracy-related terms.

And more recently, the FCC asked Amazon and eBay to stop selling fake pay TV boxes. It said these boxes often falsely bear the FCC logo to give them the appearance of legitimacy, but are actually used to  perpetuate “intellectual property theft and consumer fraud,” the FCC said in letters to Amazon CEO Jeff Bezos and eBay CEO Devin Wenig.

Why Streaming Piracy is Growing

There’s a reason Kodi devices are so popular, and it’s not just because everyone is being cheap about paying for access to content.

For starters, there’s a lack of consequence for consumers who do illegally stream media – it’s not like back in the day when the RIAA was suing individuals for pirating music. While there has been some activity – Comcast several years ago issued copyright infringement notices to Kodi users, for example – you can today basically get away with illegal streaming. The copyright holders are currently focused on cutting off piracy at the source – box makers and the platforms that enable their sale – not at the individual level.

The rise of cord cutting has also contributed to the issue by creating a highly fragmented streaming ecosystem. Shows that used to be available under a single (if pricey) cable or satellite TV subscription, are now spread out across services like Netflix, Amazon, Hulu, Sling TV, HBO NOW, and others used by cord cutters.

Customers are clearly willing to pay for some of these services (largely, Netflix and maybe one or two others), but most can’t afford a subscription for each one. And they definitely don’t want to when all they’re after is access to a single show from a network. That’s another reason they then turn to piracy.

Finally, there is the fact that film distributors have forever withheld their movies from streaming services for months, creating a demand for illegal downloads and streams. Though the release window has shrunk some in more recent years, the studios haven’t yet fully bought into the idea of much smaller windows to cater to the audience who will never go to the theater to watch their movie. And when this audience is cut out the market, they also turn to piracy.

Eventually, the record industry adapted to consumers’ desire for streaming, and services like Spotify and Apple Music emerged. Eventually, streaming services may be able to make piracy less attractive, too. Amazon Channels, could become a key player here if it expands to include more add-ons. Today, it’s the only true a la carte TV service available. And that perhaps – not skinny bundles – is what people really want.

Facebook awards $200K to Internet Defense Prize winners

Facebook announced today the winners of its annual Internet Defense Prize and awarded first-, second- and third-place winners a total of $200,000 for research papers that addressed topics of internet security and privacy. Combined with $800,000 in Secure the Internet Grants awarded to security and privacy researchers earlier this week, the company has now completed its 2018 goal to invest $1 million toward securing the internet.

The Internet Defense Prize first started in 2014, but this year the prize quadrupled from its original $50,000 award to $200,000 spread across three groups. In a statement announcing the winners, Facebook said that the increase of this year’s prize money reflected not just the company’s ongoing (and in light of the its privacy catastrophes this year, seemingly increased) interest in security and privacy, but also the quality of work submitted.

“Over the years we’ve gotten higher and higher quality of submissions,” Pete Voss, Facebook’s Security Communications Manager told TechCrunch. “[But] the criteria has always been the same, and that’s making practical research. Making this go beyond theory and making it so you can actually apply security in real life.”

The first prize, $100,000, was taken home by a team from Belgium for a paper entitled “Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies” that proposed improvements to browser security that would make users less susceptible to having their internet trail tracked from site to site.

Second- and third-place prizes (for $60,000 and $40,000 each) were awarded to research teams in the U.S. and China, respectively, for papers focusing on proper use of cryptography for app development and for strengthening the algorithm behind single sign-on security systems.

Voss says the entries this year are a great example of the award’s mission to fund research that benefits not just Facebook’s interests in security and privacy, but the internet’s as a whole.

“We’re investing in not just Facebook security but in public security for the entire internet,” said Voss. “We want to keep the internet strong and the only way we can do that is by making it secure.”

As for the recipients of the Secure the Internet Grants, the $800,000 was divided between 10 teams whose research ranged from sociological approaches (like “Understanding the Use of Hijacked Facebook Accounts in the Wild” and “Enhancing Online & Offline Safety During Internet Disruptions in Times of War”) to more technical ones like improving the strength of encryption methods.

Voss told TechCrunch that Facebook has no plans to announce at this time regarding its next steps toward providing funding for researchers in this space (unlike last summer when the company laid out its $1 million goal), but says that the company is “always looking at incentivizing this kind of research” and providing support.

Facebook is going back to college

Kids these days take a greater interest in practical things than we give them credit for. For example, this summer my 12-year-old son Leo was at sleepaway camp in Canada. When we received his first letter home, among camp platitudes, the two notable items reported were that one of his counselors was discharged from the Israeli Army a week before camp, while another was recently “mugged by three guys (one had a gun!) and got stabbed in the arm.” Leo reported the cabin was mesmerized when, as a reward, the counselor showed campers his sweater with a knife hole in it.

America’s colleges and universities could learn a thing or two from Leo, because they continue to resist teaching students the practical things they’ll need to know as soon as they graduate, for instance, to get jobs that will allow them to make student loan payments. Digital skills head this list, specifically experience with the high powered software they’ll be required to use every day in entry level positions.

But talk to a college President or Provost about the importance of Marketo, HubSpot, Pardot, Tableau, Adobe, and Autodesk for their graduates, and they’re at a loss for how to integrate Last-Mile Training into their degree programs in order prepare students to work on these essential software platforms.

Enter a new company, Pathstream, which just announced a partnership with tech leader Unity and previously partnered with Facebook. Pathstream supports the delivery of career-critical software skill training in VR/AR and Digital Marketing at colleges and universities.

According to Pathstream Co-Founder Eleanor Cooper, the company was created from piecing together two insights. First, graduates aren’t getting the digital skills they need to be hired. Employers are so frustrated that they no longer believe that new grads are qualified for digital jobs; according to a recent survey of over 95,000 job postings by TalentWorks, 61% of positions that say they’re seeking entry-level employees now specify at least three years or more of relevant work experience. Second, tech companies are struggling to reach new generations of learners.

While today’s college graduates are “digital natives,” these natives have been conditioned on Netflix -like interfaces, and aren’t accustomed to laborious software configurations, or the steep learning curves required to master a software platform.

As a result, Cooper says Pathstream makes learning a new software platform live up to student expectations of receiving “joy before pain,” thereby gently nudging college students down the road to mastery. In addition, rather than traditional classroom-based learning, Pathstream’s platform simulates a work environment, where students complete tasks and projects on the platform, build a portfolio of work, and earn a certification from both a higher education institution and the software company.

Facebook is using Pathstream to support training students on its digital marketing platform, including social media marketing using Facebook Ad Manager and Instagram . Parisa Zagat, Policy Programs Manager at Facebook, related the partnership with Pathstream to its pledge in June to train 1 million U.S. small business owners on the digital skills they need to compete in today’s workplace.

Unity is focusing its training on VR/AR courses for industry use cases (construction, manufacturing, automotive, enterprise training). Jessica Lindl, Global Head of Education at Unity, said “in order to gain employment in today’s digitally-focused world, job-seekers are required to rapidly up-level their skills.

Image: Getty Images/smartboy10/DigitalVision

The problem is there’s a significant education gap between those who seek to learn these skills and the programs available to them. With Pathstream, we will be able to provide interactive programs for students of all backgrounds to learn real-world software platforms in their own way, making it easier and more efficient for them to find success in their current career path or a new one.”

While it completes training programs for Facebook and Unity, Pathstream is building out a network of colleges that will offer the curriculum to students. Recently, Facebook announced that Pathstream will be offering digital marketing certificates at Central New Mexico Community College and Des Moines Area Community College. According to Zagat, “By the end of the year, Facebook plans to form a total of 20 partnerships with community colleges across the country, working hand-in-hand with Pathstream and the colleges to build out custom curriculums and programs for these partnerships.”

Cooper says that “colleges and universities understand that their students are focused on employment, and specifically on getting a good first job. Today’s students no longer buy the line that college prepares you for your fifth job, not your first job. They know that if you don’t get a good first job, you’re probably not going to get a good fifth job.” And, as she points out, most good first jobs specifically require one or more technologies like Facebook or Unity – technologies that colleges and universities aren’t teaching.

If Pathstream is able to realize its vision of integrating industry-relevant software training into degree programs in a big way, colleges and universities have a shot at maintaining their stranglehold as the sole pathway to successful careers. If Pathstream’s impact is more limited, watch for millions of students to sidestep traditional colleges, and enroll in emerging faster + cheaper alternative pathways to good first jobs – alternative pathways that will almost certainly integrate the kind of Last-Mile Training being pioneered by Pathstream.

Facebook cracks down on opioid dealers after years of neglect

Facebook’s role in the opioid crisis could become another scandal following yesterday’s release of harrowing new statistics from the Center for Disease Control. It estimated there were nearly 30,000 synthetic opioid overdose deaths in the U.S. in 2017, up from roughly 20,000 the year before. When recreational drugs like Xanax and OxyContin are adulterated with the more powerful synthetic opioid Fentanyl, the misdosage can prove fatal. Xanax, OxyContin and other pain killers are often bought online, with dealers promoting themselves on social media including Facebook.

Hours after the new stats were reported by The New York Times and others, a source spotted that Facebook’s internal search engine stopped returning posts, Pages and Groups for searches of “OxyContin,” “Xanax,” “Fentanyl” and other opioids, as well as other drugs like “LSD.” Only videos, often news reports deploring opiate abuse, and user profiles whose names match the searches, are now returned. This makes it significantly harder for potential buyers or addicts to connect with dealers through Facebook.

However, some dealers have taken to putting drug titles into their Facebook profile names, allowing accounts like “Fentanyl Kingpin Kilo” to continue showing up in search results. It’s not exactly clear when the search changes occurred.

On some search result pages for queries like “buy xanax,” Facebook is now showing a “Can we help?” box that says “If you or someone you know struggles with opioid misuse, we would like to help you find ways to get free and confidential treatment referrals, as well as information about substance use, prevention and recovery.” A “Get support” button opens the site of The Substance Abuse and Mental Health Services Administration, a branch of the U.S. department of health and human services that provides addiction resources. Facebook had promised back in June that this feature was coming.

Facebook search results for many drug names now only surface people and video news reports, and no longer show posts, Pages or Groups, which often offered access to dealers

When asked, Facebook confirmed that it’s recently made it harder to find content that facilitates the sale of opioids on the social network. Facebook tells me it’s constantly updating its approach to thwart bad actors who look for new ways to bypass its safeguards. The company confirms it’s now removing content violating its drug policies, and it’s blocked hundreds of terms associated with drug sales from showing results other than links to news about drug abuse awareness. It’s also removed thousands of terms from being suggested as searches in its typeahead.

Prior to recent changes, buyers could easily search for drugs and find posts from dealers with phone numbers to contact

Regarding the “Can we help?” box, Facebook tells me this resource will be available on Instagram in the coming weeks, and it provided this statement:

We recently launched the “Get Help Feature” in our Facebook search function that directs people looking for help or attempting to purchase illegal substances to the SAMHSA national helpline. When people search for help with opioid misuse or attempt to buy opioids, they will be prompted with content at the top of the search results page that will ask them if they would like help finding free and confidential treatment referrals. This will then direct them to the SAMHSA National Helpline. We’ve partnered with the Substance Abuse & Mental Health Services Administration to identify these search terms and will continue to review and update to ensure we are showing this information at the most relevant times.

Facebook’s new drug abuse resource feature

The new actions follow Facebook shutting down some hashtags like “#Fentanyl” on Instagram back in April that could let buyers connect with dealers. That only came after activists like Glassbreakers’ Eileen Carey aggressively criticized the company, demanding change. In some cases, when users would report Facebook Groups’ or Pages’ posts as violating its policy prohibiting the sale of regulated goods like drugs, the posts would be removed, but Facebook would leave up the Pages. This mirrors some of the problems it’s had with Infowars around determining the threshold of posts inciting violence or harassing other users necessary to trigger a Page or profile suspension or deletion.

Facebook in some cases deleted posts selling drugs, but not the Pages or Groups carrying them

Before all these changes, users could find tons of vendors illegally selling opioids through posts, photos and Pages on Facebook and Instagram. Facebook also introduced a new ads policy last week requiring addiction treatment centers that want to market to potential patients be certified first to ensure they’re not actually dealers preying on addicts.

Much of the recent criticism facing Facebook has focused on it failing to prevent election interference, privacy scandals and the spread of fake news, plus how hours of browsing its feeds can impact well-being. But its negligence regarding illegal opioid sales has likely contributed to some of the 72,000 drug overdose deaths in America last year. It serves as another example of how Facebook’s fixation on the positive benefits of social networking blinded it to the harsh realities of how its service can be misused.

Last November, Facebook CEO Mark Zuckerberg said that learning of the depths of the opioid crisis was the “biggest surprise” from his listening tour visiting states across the U.S, and that it was “really saddening to see.”

Zuckerberg meets with Opioid crisis caregivers and the families of victims in Ohio in April 2017

Five months later, Representative David B. McKinley (R-W.VA) grilled Zuckerberg about Facebook’s responsibility surrounding the crisis. “Your platform is still being used to circumvent the law and allow people to buy highly addictive drugs without a prescription” McKinley said during Zuckerberg’s congressional hearings in April. “With all due respect, Facebook is actually enabling an illegal activity, and in so doing, you are hurting people. Would you agree with that statement?” The CEO admitted “there are a number of areas of content that we need to do a better job policing on our service.”

Yet the fact that he called the crisis a “surprise” but failed to take stronger action when some of the drugs causing the epidemic were changing hands via his website is something Facebook hasn’t fully atoned for, nor done enough to stop. The new changes should be the start of a long road to recovery for Facebook itself.

Facebook says birthday fundraisers have raised more than $300 million over the past year

Facebook marked the first anniversary of its birthday fundraisers by revealing that more than $300 million in donations have been raised through the feature, which lets users mark their birthdays by creating a donation drive for an organization of their choice. About 750,000 non-profits currently have access to Facebook’s fundraising tools (but not every user, since they haven’t rolled out to all countries).

The company also said that it is adding several new features based on feedback. These include allowing Pages to create and donate to fundraisers, as well as the ability to add matching donations and co-organizers to fundraisers. Donors will also be able to choose if they want to set up a recurring monthly contribution.

For people who want to create a birthday fundraiser but don’t have an organization in mind already, Facebook plans to include more information about charities in the feature’s selection tool. The company said its fundraising feature’s top beneficiaries include St. Jude, the Alzheimer’s Association, the American Cancer Society, Share Our Strength—No Kid Hungry and the ASPCA.

Last November, Facebook removed its 5% fee on donations, which means all money goes to non-profits. For many charities, Facebook fundraisers are now the most frictionless way to raise donations, including from people who might otherwise never visit the charity’s own donation links. Facebook fundraisers are a notable example of how social media activism can actually translate into tangible results instead of yet more memes–but, of course, whenever Facebook releases any self-congratulatory announcements, it’s a good idea to take a step back and look at the potential downsides.

As with almost every other Facebook feature, its fundraising tools have prompted concerns about privacy, particularly donor privacy, which is considered sacrosanct by many organizations (Facebook lets users decide if they want to share their donation with friends). Some charities also have qualms about benefiting from Facebook fundraisers until the company does a better job of policing hate speech, especially if the purpose of their work is aiding marginalized or persecuted minority groups.

In an insightful blog post from last November, fundraising consultant Jeremy Hatch argued that fundraising on Facebook also eliminates the relationship between donors and organizations, “where there are established norms and ethical practices.” He added that non-profits should reconsider before they grow increasingly reliant on a company whose ultimate goal is to gather and monetize user data.

At the same time, Facebook’s reach leaves many organizations with little choice but to use the platform so they don’t miss out on much-needed funds. One notable example of how effective Facebook fundraisers can be is the more than $20 million raised by users on behalf of RAICES to help migrant families separated at the U.S.-Mexico border by the Trump administration.

Twitter suspends Alex Jones for urging people to keep “battle rifles” ready

After holding out for a few weeks, Twitter joined the chorus of social media and tech giants that have punished conspiracy theorist Alex Jones for questionable content. Twitter suspended Jones from his account on Tuesday after he tweeted out a link to a video in which he calls for his supporters to get their “battle rifles” ready for the media and others.

But the catch is that Jones’ ban will last just seven days—the InfoWars host will not be able to tweet or retweet from his personal account during that week. The InfoWars Twitter account has not been affected by this suspension.

According to a report by The New York Times, Jones tweeted a link to a Periscope live broadcast video (which can be viewed in part in a Media Matters tweet) in which he urged his supporters to ready their weapons against the media and other groups. Twitter issued the seven-day suspension after a user flagged the tweet and the company determined that it violated its rules against inciting violence.

Read 3 remaining paragraphs | Comments