> What does a good, meaningful fine actually look like? Would it need to wipe out one quarter’s revenue (roughly $15 billion)? Is a fine meaningless unless it’s recurring (penalties for every quarter or year since Facebook last settled with the F.T.C. for violating user privacy in 2011)?
I get that people want to see a company crippled but wiping out a quarter of revenue is a death-blow.
I don’t use Facebook at all, but I followed the CA scandal because I thought it was an interesting case that Facebook predictably botched nearly every aspect of handling it.
$5 billion is a lot of money. It is not and never can be considered “chump change”. It is irrational to think a Board or management team isn’t going to seriously implement rigorous changes to avoid a $5 billion dollar fine.
This is where someone says that if you can violate the law and earn $6 billion and only be fined $5 billion you will violate the law every time.
There are numerous problems with this statement. One, you don’t know ahead of time what the fine will be. Two, it assumes there’s no way to earn even $1 of the $6 billion without violating the law.
If you can earn $3 billion without violating the law and double it to $6 billion with the violation, but the fine is $5 billion then it’s not “worth it” but even still this fails to account for the tremendous reputational and legal risks.
One parting thought. If the behavior which is being fined was directly used to obtain a monopoly position in the marketplace which the company continues to benefit from, that changes the calculus. But was CA’s ability to scrape social network data from Facebook’s API a proximate cause of Facebook’s market position?
Here is what you dont get,the idea is to give them a death blow.
Nobody is interested in giving FB a warning. If you ask me, prison time for execs in addition to at least $10B yearly fine makes sense. They intentionally did things that harmed millions of people, the idea is not to just make them think twice before they do something like that again,but to make the message loud and clear: "that move is a fatal move". Not just for FB but for all others who make money out of user surveillance (snapchat,linkedin,google,etc...). We don't want to give them a risk they can calculate and evaluate,we want to give them a risk as clear as death, a risk no company will even bring up in any meeting.
Maybe I’m out of sync with what really happened with Cambridge Analytica? As I understand it, CA scraped Facebook and retained the data in violation of Facebook’s ToS.
This was not a secret agreement with CA, this was CA using a publically documented API which was returning the data it was designed to return, but CA using and retaining the data improperly.
Later Facebook decided to significantly restrict the data that apps can pull out of their system (arguably making the system more closed and harder to compete with, but protecting that data from misuse).
They exposed too much of the social graph through their developer APIs. I can see an alternate universe where they are fined for exposing too little.
Like I said, I don’t use Facebook so I don’t care much about them. I don’t think they add a lot of value in the world, but their billion plus users must feel differently.
But I don’t understand why, on the basis of Cambridge Analytica, the company should be fined out of existence.
You can hate Facebook, and you can not use it if you do hate it. But there are a billion plus people who apparently don’t hate Facebook and might be damaged by Facebook being dismantled by the government.
Facebook is a strange beast when it comes to privacy. According to themselves, they have what amounts to hidden profiles for people who aren't part of Facebook. In other words, they track you and try to learn about you, even if you actively avoid them.
So you can "not use Facebook", but you can't not BE used by Facebook. Which means you also can't dismiss them as a choice. They are imposing themselves on you, whether you like them or not.
Most of the privacy-violating industry works the same way, they're just better at keeping it out of the news. The NSA, the FBI, all 3 major credit-reporting bureaus, any security company with CCTVs, Google, ad-trackers, 23andMe, anyone who buys or sells your mailing address - they all keep data about you whether or not you have chosen to allow them or have any business relationship with you at all.
Not to defend FB, but many trackers by companies work this way. They build an anonymous profile based on device fingerprint and then merge it if you sign in as a user.
>Like I said, I don’t use Facebook so I don’t care much about them. I don’t think they add a lot of value in the world, but their billion plus users must feel differently.
If billion+ users use/like FB, it means you are surrounded by them _everywhere_ you go! Its like saying Im fine living in a mental asylum b/c im not the crazy one there!
We all _are_ FB users whether we have an account or not!
I totally agree there are other issues that have come to light. But those aren’t in any way part of the government calculation of the fine in this case.
I think it’s important to be rigorous and even handed in calculating these fines. Part of that is identifying precisely what action(s) are being called out, and how the fine is calculated. I disagree with many of the EU fines, but I do think they are fairly methodical about how they calculate the amounts. ‘We don’t like you, and you do lots of other bad stuff’ is not a valid methodology.
Repeat offender certainly is justification for multiplying the fine, but at this point in this particular case that’s jumping the gun.
In the case of verifying a user’s email by asking them for their password, that seems to have been an egregious mistake that was quickly rectified once it was called out, and although certainly they could have used that access to pilfer contacts (and a whole host of other personal info) I don’t believe anyone has claimed they actually did that, and they said definitively that they did not. For what that’s worth.
"ToS violation" is a lame copout, especially since the CA events happened long after the 2011 decree https://www.ftc.gov/news-events/press-releases/2011/11/faceb... . As a former president said, "There's an old saying in Tennessee — I know it's in Texas, probably in Tennessee — that says, fool me once, shame on — shame on you. Fool me — you can't get fooled again"
As humans we are certainly willing to give others extra chances to do right by people, but at some point people realize that the bad actors will never rectify their behavior and should be stopped. I'd personally vote for jail time for executives.
> But I don’t understand why, on the basis of Cambridge Analytica, the company should be fined out of existence.
I'm with you that it shouldn't kill them, but it needs to really hurt so they take better care (and not do illegal stuff in the future). I don't think something like this does. It's annoying, yes.
Consider a similar scenario where a food or drug manufacturer doesn't check their raw materials and poisons a bunch of people. Should their supplier make sure that they don't sell them poisonous stuff? Absolutely. Do they themselves bear the responsibility to make sure that nothing bad happens? I believe so, so by skipping their own checks to save a few bucks, it's their fault. And you can be quite sure that in such a case, there won't just be a small fine - there will be a fine, and production halt with a lengthy and expensive re-certification, because the processes they had in place are obviously flawed. Yeah, FB doesn't produce food, so those regulations don't apply to them. I don't really subscribe to the theory, but there are many who believe that they have the power to sway elections - that certainly puts them in the same ballpark as the company that provides your aspirin or pizza sauce.
The problem with this argument is there is no great evidence it has any effect. Definitely doesn't on the next bunch of 20 year old Zuckerbergs that comes along, not knowing what the fuck they are doing and doing it anyway.
Risk takers and driven people aren't thinking about punishment. By definition. But that drive can be channeled in positive directions. Punishment is really a pretty hopeless method of doing it.
Its why bombing random goat herders for 20 years hasn't reduced the number of people who want to blow themselves and others up.
The focus on punishment is a distraction. It just makes everyone involved channel their energy into playing defense and that delays the real fixes.
Focus should be on getting them to clean up the mess, rather than sending them to jail. Social media and the news media need a whole lot of re-architecting. And the focus really should be on what that new architecture needs to be.
Remember when VW did all that computer magic with emissions controls.
Only a mid level engineering manager went to jail.
The diesel emissions will probably cause cancer in people in the streets. CEO's need to start going to the gaol long term , and we need to start banning those involved from being able to run, own, or hold shares in corporations outside of blind trusts ever again.
The car industry support hundreds of thousands of jobs all over the world and in the respective countries of each manufacturer. There would never be any strong action taken against them, this would be hurting the government who took it and its people.
On a side note. Big internet companies will never enjoy the same level of political support. They don't support any job and don't pay any tax where they get their money from. It's a bunch of nerds in the west coast and that's barely caricaturing. If anything, the bigger fines will come from Europe rather than Washington, because politics.
60 million advertisers use Facebook to run ads...I am pretty confident that they have a strong economic interest in the government being nice to Facebook.
I do think there should be a "death penalty" for companies, but you don't need to punish the company (and many innocent employees) to prevent unethical behavior.
Instead, you need to:
1) hold the C-suite and the Board accountable for the crime(s)
2) eliminate all their compensation from the years they were committing the crime
3) force the company to replace the entire C-suite
Fining someone like Zuckerberg and letting him retain control is like finding out your babysitter is giving your child alcohol, fining them, and then letting them continue watching your child. It makes no sense in any other context.
> I get that people want to see a company crippled but wiping out a quarter of revenue is a death-blow.
What do we think would change if "Facebook" as a company went bankrupt? Certainly, the website would continue operating - it's profitable. The technology is still worth whatever it's worth. I have a hard time imagining that a purely financial threat to the corporate entity changes the product too much.
What it does change is the incentives to the capital involved. It threatens equity. If we all agree that the Facebook "tech" is morally neutral(ish) then the purposes its being put to are what we should challenge. Breaking the back of the company's financials seems like a reasonable way to do that.
But like...why would bankruptcy do that? The servers aren't worth that much. Their contents are worth more secret! The secrecy of their data is how Facebook makes money.
If the company that operates those servers gets shut down, I don't see how the group that takes over the business (whoever it is) shuts down the servers. Maybe everyone freaks out and Facebook loses a lot of people, maybe we don't get updates for a bit. Those seem possible, probable even. But things that make money don't get taken apart in bankruptcy.
I could be wrong! But I don't know of any historic examples where things like that happen.
Facebook did not keep user data secret, they used it as a lure to attract Farmvilles and 'Which Hogwarts House are YOU' surveys to make sure people spent more time on the platform, because having a billion people look at the website every day is how facebook makes money. Using the data they have to make sure ads are efficiently targeted is a par for the course -- but it does no harm to facebook if someone else has all my user data, if I spend all my time on facebook, facebook is the only one who makes money selling ads to me.
$5 billion is a lot of money. It is not and never can be considered “chump change”. It is irrational to think a Board or management team isn’t going to seriously implement rigorous changes to avoid a $5 billion dollar fine.
Well, seeing that the board is powerless since Zuckerberg has a controlling interest in FB....
>I get that people want to see a company crippled but wiping out a quarter of revenue is a death-blow.
No, it's not. 15 billion is less than 3% of Facebook's market cap. It's less than the swing in Facebook's value after market close on Wednesday. Also probably less than the value they got through violating their consent decree.
A company's market evaluation has nothing to do with its internal cash flows. Put differently, 15 billion being less than 3% of Facebook's market cap says nothing about how much such a fine would affect Facebook.
Assuming the fine is one-off and market doesn’t devalue facebook because of the fine itself, couldn’t Facebook issue new stock to offset the fine, effectively losing 3% of stock value in the end?
Your question is basically "Couldn't Facebook just ask someone else to pay their fine?" – to which the answer is yes, they certainly could. But I highly doubt it'd work. I mean investors would basically be bailing out Facebook and wouldn't get anything in return.
Look at it from the perspective of existing investors: They would be forced to buy the new shares Fb is issuing in order to maintain their respective percentage of shares and, thus, their expected future dividends. There's nothing to gain from that – in fact, their investment's expectation value just goes down as they now need to pay an additional price for the same expected future return. Needless to say, shareholders don't value such a move, so any CEO trying to pull off such a thing would likely be removed immediately.
I was talking about the investors not gaining anything from the company issuing new stock in order to pay fines in general. (Which also explains why this is not a common practice.) Fines that are threatening a company's existence are certainly a different beast as the investors' expectation value calculation then needs to factor in that if the company goes bankrupt they lose their entire investment. So refinancing the company by buying new stock then becomes more attractive because it will (or might) keep a shareholder's overall expectation value at least slightly above zero.
But even in these situations, I think a case can be made for why refinancing the company by having it take a loan is still more attractive. While from the perspective of an existing shareholder it will reduce future dividends in a similar way as new stock, there will at least be no opportunity costs. (If the company issues new stock, the investor has to consider what else they could do with their money instead of throwing fresh money at the company.)
Of course it does. They can easily convert 3% of their market cap into cash via bonds or issuing new stock. If the fine we're 150% of Facebook's market cap they wouldn't be able to.
> I get that people want to see a company crippled but wiping out a quarter of revenue is a death-blow.
So is a lengthy prison sentence for individuals. Should we get rid of those to make it fair?
> There are numerous problems with this statement. One, you don’t know ahead of time what the fine will be.
You can take an educated guess going off of what happened to you and others on previous occasions. If there are no examples of a fine that is "a death blow", your risk to receive one is low. Hell, you might not even get caught. It's hard to tell how much they get away with because there's no leak or whistleblower.
I'm pretty sure that the reason FB isn't putting bogus charges on users' credit cards isn't that they wouldn't because of ethical reasons. It's that a) they'd likely get caught and b) they'd get into a lot of trouble.
Companies aren't sex offenders or committing crimes of passion, they are much closer to rational actors, deterrence works great on them.
I get that people want to see a company crippled but wiping out a quarter of revenue is a death-blow.
I don’t use Facebook at all, but I followed the CA scandal because I thought it was an interesting case that Facebook predictably botched nearly every aspect of handling it.
$5 billion is a lot of money. It is not and never can be considered “chump change”. It is irrational to think a Board or management team isn’t going to seriously implement rigorous changes to avoid a $5 billion dollar fine.
This is where someone says that if you can violate the law and earn $6 billion and only be fined $5 billion you will violate the law every time.
There are numerous problems with this statement. One, you don’t know ahead of time what the fine will be. Two, it assumes there’s no way to earn even $1 of the $6 billion without violating the law.
If you can earn $3 billion without violating the law and double it to $6 billion with the violation, but the fine is $5 billion then it’s not “worth it” but even still this fails to account for the tremendous reputational and legal risks.
One parting thought. If the behavior which is being fined was directly used to obtain a monopoly position in the marketplace which the company continues to benefit from, that changes the calculus. But was CA’s ability to scrape social network data from Facebook’s API a proximate cause of Facebook’s market position?