Data privacy alarm bells sound in wake of Facebook/Cambridge Analytica scandal

Tech giants such as Google are facing calls for tighter data rules in the wake of the Facebook election scandal. (Reuters)
Updated 23 March 2018
0

Data privacy alarm bells sound in wake of Facebook/Cambridge Analytica scandal

SAN FRANCISCO: Big Internet companies and small software developers alike are likely to face scrutiny over how they share customer information in the wake of the scandal involving Facebook and the British election consulting firm Cambridge Analytica.
Lawmakers in the US and the EU have called for probes into how Facebook allowed Cambridge Analytica to access data on 50 million users and use it to help the election campaign of President Donald Trump. Facebook shares have fallen 8.5 percent this week as investors fear the incident will lead to new regulation.
The scrutiny and the risk of regulatory action could affect Alphabet Inc’s Google, Twitter Inc, Uber Technologies Inc, Microsoft Corp’s LinkedIn and the many others that make their user data available to outside developers.
The interconnections between platforms such as Facebook and Google and third-party services sit at the core of the contemporary Internet, enabling people to share articles to Facebook from news websites and log into shopping apps using their Google account.
But the Facebook case has turned the application programming interfaces, or APIs, that enable such data sharing, into a new front in the escalating battle between lawmakers and tech companies over the monitoring and securing of their vast platforms. Threat of sanctions has already prodded companies into better policing of inappropriate commentary on their services.
“All companies are going to need to do a lot more than just laissez faire policy to manage third-party data access,” said Jason Costa, who helped run APIs at Pinterest Inc, Twitter and Google and now works at GGV Capital. “The days of (the) ‘we’re just a platform and can’t be held responsible for how users use it’ line that many companies use, is no longer going to be tenable.”
APIs have raised privacy concerns since they emerged around 2005, but their adoption and impact has grown rapidly as companies move data online and look for ways to make it more useful.
Uber, for example, in 2016 enabled apps that provided tax and lending services to import driver paystubs. The company failed to respond to a request for comment on its monitoring and auditing practices.
The economic dynamic behind APIs is simple: Software developers create new tools that benefit big tech companies’ users, and in return they gain instant access to a large number of consumers.
The big platforms say they have built in protection, such as human reviews and automated scanning tools to detect abuse by partners.
But software experts say policies are toothless because auditing is lax; Facebook CEO Mark Zuckerberg, under intense public pressure, said on Wednesday the company would now perform audits of the information it shared with partners before it tightened rules in 2014.
Dartmouth University engineering professor Geoffrey Parker, who has assigned students to develop apps based on APIs, said automated policing methods will detect spam-like apps and brazen efforts to steal data. It is much more difficult to enforce bans on storing or mashing together information, or acting against users’ interest, he said.
Some companies added safeguards in the past several years. Facebook stopped allowing developers access to information on its users’ friends. But compliance audits were minimal, a former employee said on the condition of anonymity.
Twitter and LinkedIn limited free public access. For paid deals, LinkedIn said “partners are rigorously vetted and regularly declined.” The company added that it regularly monitors API usage and takes “swift action when we see or hear of any abuse of our terms.”
Software developers acknowledged they often do not even read the terms of use for APIs. Rule-breakers can fly under the radar and amass significant information, said Andres Blank, chief executive of recruiting software maker Scout.
“It is hard to police if the alarms aren’t being sounded,” said Blank, who has worked with APIs from LinkedIn and Google. Alex Moore, chief executive of Baydin Inc, which develops Boomerang, an app that can send emails on time-delay, said Microsoft scrutinized his services when the companies partnered on a new feature. But he was not aware of any auditing after it launched. Google recently asked whether Boomerang could access less information, but that was a rare “poke,” Moore said. 
“There is going to be things people took for granted about data sharing that come to light,” he warned. Google declined to comment. Microsoft did not respond to a request to comment.
Clamping down could limit the supply of innovative tools built on data sharing. But some providers, including Royal Bank of Canada, which announced an API this week, have gone a step further to allow access only to vetted partners. 
Paul Nerger, senior vice president at Developerprogram.com, which helps companies such as Cisco Systems Inc. manage APIs, said clients have limited the number of partners so that software can be tested “to make sure they are not illegally harvesting” data. 
Startups are taking heed, too. Affectiva, which last year released an API for identifying consumers’ emotional states from speech samples, said that it would audit partners as its program grows. However, Gabi Zijderveld, the company’s chief marketing officer and head of product strategy, said: “We inevitably need regulation and legislation on ethical and transparent use of data.”


Libya’s NOC declares force majeure on El Sharara oilfield

Updated 18 December 2018
0

Libya’s NOC declares force majeure on El Sharara oilfield

  • El Sharara — a 315,000 barrels a day field was taken over on Dec. 8 by groups of tribesmen, armed protesters and state guards demanding salary payments
  • Some government officials favor offering quick cash to the occupiers to make them leave, but NOC officials have warned that would set a precedent

TRIPOLI: Libya’s state oil firm NOC has declared force majeure on operations at the country’s largest oilfield, El Sharara, a week after it announced a contractual waiver on exports from the field following its seizure by protesters.

The 315,000 barrels a day field, located in the south of the North African OPEC member country, was taken over on Dec. 8 by groups of tribesmen, armed protesters and state guards demanding salary payments and development funds.

Officials have been unable to persuade the groups, who have been camping on the field, to leave the vast, partly unsecured site amid disagreements how best to proceed, workers on the field said.

Some government officials favor offering quick cash to the occupiers to make them leave, but NOC officials have warned that would set a precedent and encourage more blockades, workers at the oilfield say.

NOC has described the occupiers as militia trying to get on the payroll of field guards, a recurring theme in Libya where many see seizing NOC facilities as an easy way to get heard by the weak state authorities.

Production will only restart after “alternative security arrangements are put in place,” NOC said in a statement.

Operations at the smaller El Feel oilfield continued as normal, engineers said.

“Production at Sharara was forcibly shut down by an armed group — Battalion 30 and its civilian support company — that claimed to be providing security at the field, but which threatened violence against NOC employees,” NOC Chairman Mustafa Sanallah said in the statement.

His comments came after the chief of staff of the Tripoli-based government, Abdulrahman Attweel, criticized some of Sanalla’s previous comments about the protesters as “irresponsible.”

“These people (guards) were there to protect the field without salaries and without any attention to them and their daily needs, not in terms of accommodation, supply, transportation and communication,” Attweel told Al-Ahrar channel late on Monday.

Their demands were legitimate, he said, echoing comments by some southern lawmakers and mayors demanding more jobs and development for the neglected region.
The blockade has been complicated by the presence of tribesmen, who have argued against quick cash payments saying they want funds to improve hospitals and other services, which might take time to deliver.

The shutdown of the El Sharara has not affected the El Feel oilfield, also located in the south. It continued to pump around 70,000 barrels a day, field engineers said.
Its exports were being routed via the Melittah oil and gas port, which like El Feel belongs to a joint venture NOC has with Italian energy company Eni, another engineer said.

A spokesman for NOC did not respond to a request for comment.
El Sharara crude is normally transported to the Zawiya port, also home to a refinery. NOC runs the field with Spain’s Repsol , France’s Total, Austria’s OMV and Norway’s Equinor, formerly known as Statoil.