Secret surveillance software created by a former Israeli intelligence officer is harvesting Facebook photos.
The firm behind it is taking profile images from the social network, YouTube and other sites to build a huge facial recognition database.
Its creators say the software could lead to the identification of terror suspects, captured in promotional and other material posted online.
News of the controversial service is causing alarm among privacy activists as Facebook scrambles to deal with its ongoing data scandal.
Secret surveillance software created by a former Israeli intelligence officer is harvesting Facebook photos. The firm behind it is taking profile images from the social network, YouTube and other social media sites to build a huge facial recognition database (stock image)
It was revealed last month the company shared the private data of up to 87 million users with the political consultancy firm Cambridge Analytica.
Face-Int is now owned by analytics firm Verint, who acquired it in 2017 from creators Terrogence, a surveillance company founded by onetime Israeli secret agent Shai Arbel.
Both companies have reportedly supplied the US government and its security agencies, including the NSA, with cutting edge spy technologies.
The facial recognition database is said to contain the facial profiles of thousands of terror suspects ‘harvested from such online sources as YouTube, Facebook and open and closed forums all over the globe’, according to Terrogence’s website.
Experts are concerned that the company’s efforts extend beyond this remit, however, and into the political realm.
‘It raises the stakes of face recognition – it intensifies the potential negative consequences,’ Jay Stanley, senior policy analyst at the American Civil Liberties Union, told Forbes.
‘When you contemplate face recognition that’s everywhere, we have to think about what that’s going to mean for us.
‘If private companies are scraping photos and combining them with personal info in order to make judgements about people – are you a terrorist, or how likely are you to be a shoplifter or anything in between – then it exposes everyone to the risk of being misidentified, or correctly identified and being misjudged.’
Terrogence’s marketing page, which has been in place since 2013, claims its profiles were harvested from 35,000 videos and photos.
Zuckerberg testified before Congress last week in two-high profile public hearings over the Cambridge Analytica scandal. A number of topics were discussed, from the firm’s business model, user privacy and targeted ads to extremist content and hate speech
HOW DOES FACIAL RECOGNITION TECHNOLOGY WORK?
Facial recognition is increasingly used as way to access your money and your devices.
When it comes to policing, it could soon mean the difference between freedom and imprisonment.
Faces can be scanned at a distance, generating a code as unique as your fingerprints.
This is created by measuring the distance between various points, like the width of a person’s nose, distance between the eyes and length of the jawline.
Facial recognition systems check more than 80 points of comparison, known as ‘nodal points’, combining them to build a person’s faceprint.
These faceprints can then be used to search through a database, matching a suspect to known offenders.
Facial recognition is increasingly used as way to access your money and your devices. When it comes to policing, it could soon mean the difference between freedom and imprisonment (stock)
Facial scanning systems used on personal electronic devices function slightly differently, and vary from gadget to gadget.
The iPhone X, for example, uses Face ID via a 7MP front-facing camera on the handset which has multiple components.
One of these is a Dot Projector that projects more than 30,000 invisible dots onto your face to map its structure.
The dot map is then read by an infrared camera and the structure of your face is relayed to the A11 Bionic chip in the iPhone X, where it is turned into a mathematical model.
The A11 chip then compares your facial structure to the facial scan stored in the iPhone X during the setup process.
Security cameras use artificial intelligence powered systems that can scan for faces, re-orient, skew and stretch them, before converting them to black-and-white to make facial features easier for computer algorithms to recognise.
Error rates with facial recognition can be as low as 0.8 per cent. While this sounds low, in the real world that means eight in every 1,000 scans could falsely identify an innocent party..
One such case, reported in The Intercept, details how Steven Talley was falsely matched to security footage of a bank robber.
They were produced at terrorist training camps, as part of motivational videos and during terror attacks around the world.
However, privacy advocates believe this number could be far higher and even include the facial profiles of innocent civilians.
If the database has been shared with the US government and those of other nations, it could represent a significant threat to free speech and the privacy rights of social media users, they say.
Its creators say the software could lead to the identification of terror suspects, captured in promotional and other material posted online. This image shows an ‘ISIS’ video warning of more terror attacks after the Manchester Arena bombing in May 2017
WHAT IS THE CAMBRIDGE ANALYTICA SCANDAL?
Communications firms Cambridge Analytica has offices in London, New York, Washington, as well as Brazil and Malaysia.
The company boasts it can ‘find your voters and move them to action’ through data-driven campaigns and a team that includes data scientists and behavioural psychologists.
‘Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections,’ with data on more than 230 million American voters, Cambridge Analytica claims on its website.
The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.
The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump
This meant the company was able to mine the information of 55 million Facebook users even though just 270,000 people gave them permission to do so.
This was designed to help them create software that can predict and influence voters’ choices at the ballot box.
The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.
This information is said to have been used to help the Brexit campaign in the UK.
Neither Verint or Terrogence wished to comment on the matter, but a spokesman for Facebook told Forbes that the software would breach a number of its user policies.
That includes using data taken from the site to create tools for surveillance, as well as using bots or scrapers to acquire this information.
The news comes just weeks after the Facebook disclosed information about 50 million Facebook users wrongly ended up in the hands of political consultancy Cambridge Analytica.
The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.
The world’s largest social media company is already under pressure to improve the way it handles customer data.
It emerged yesterday that Facebook’s own artificial intelligence software can predict your future behaviour and sells this information to advertisers.
Facebook’s artificial intelligence software predicts your future behaviour and sells this information to advertisers, it has emerged. The new tool raises concerns over privacy and data sharing in the wake of the Cambridge Analytica scandal (stock)
As part of a new service, advertisers are granted the power to bombard your feed with marketing material in order to change your course of action.
Leaked documents reveal the new service is being offered to Facebook’s advertising clients, according to reports in The Intercept.
Dubbed ‘FBLearner Flow,’ this AI-powered technology was first developed in 2016 but is only now being offered to third parties.
Facebook says it can comb through its database of more than two billion users, to spot signs of millions of people who are ‘at risk’ of dropping their use of a particular brand.
Advertisers could then take action to promote their business, in an attempt to dissuade customers from jumping ship.
The service is not about showing you Pepsi ads because you have bought Coca-Cola, a long established technique in online marketing.
Instead, it aims to predict the fact that you’re dropping drinking soda altogether.
The new tool raises concerns over privacy and data sharing in the wake of the Cambridge Analytica scandal.
The world’s largest social media company is already under pressure to improve the way it handles customer data. It comes after the firm disclosed that information about 50 million Facebook users wrongly ended up in the hands of political consultancy Cambridge Analytica
Facebook CEO Mark Zuckerberg testified before Congress last week in two-high profile public hearings.
A number of topics were discussed, from the firm’s business model, user privacy and targeted ads to extremist content and hate speech.
A recurring theme was the level of data gathered by the firm, and the way it is processed and shared.
It also emerged that private conversations you had on Facebook Messenger may be among the data harvested by Cambridge Analytica.
The disclosure was buried in the fine print of a ‘Protecting Your Information’ app, created to address concerns over the scandal and launched last week.
It checks whether you or your friends logged into the ‘This Is Your Digital Life’ quiz responsible for the data grab.
Some of the social network’s 2.2 billion users have already begun to receive automatic notifications on their newsfeed as part of a gradual global rollout.
Privacy concerned Facebook fans who have yet to receive the message can also access this information manually from a new section of its Help Centre site.
Cambridge Analytica has denied the claims that it accessed private message data.
Messenger communications may be among the data harvested by Cambridge Analytica, a disclosure buried in a new ‘Protecting Your Information’ (pictured) tool on the social network has revealed
Facebook slipped the previously unknown information into the fine print (highlighted in red) of the app created to address concerns over the scandal. MailOnline reporter Joe Pinkstone is among those to have had personal information shared with Cambridge Analytica
‘This Is Your Digital Life’ was designed by Cambridge University researcher Aleksandr Kogan’s Global Science Research in 2014 to collect data on Americans.
Users who gave permission for the quiz to run also granted it permission to mine their profile for additional information, including their page ‘likes’, their birthday and the city they live in.
Thanks to a quirk in the way Facebook worked at the time, the app was also able to harvest similar data on a user’s friends.
This was then passed on to Cambridge Analytica through its parent firm Strategic Communication Laboratories (SCL).
Small print in the new ‘Protecting Your Information’ and related Help Centre page, which went largely unnoticed upon release, hinted at the inclusion of data from private messages in this process.
Writing in it, a Facebook spokesman said: ‘A small number of people who logged into ‘This Is Your Digital Life’ also shared their own News Feed, timeline, posts and messages which may have included posts and messages from you.’
Menlo Park firm Facebook confirmed to Wired that the quiz requested access to user’s Messenger inboxes through a read_mailbox permission contained in its coding.
Friends that used the app ‘This Is Your Digital Life’ before it was removed in 2015 could have jeopardised the information of their friends to Cambridge Analytica. Many users took to social media after receiving automatic notifications
The ability for apps to collect information on a user’s friends was phased out in April 2015, unless both people had the same app installed.
However, the read_mailbox permission didn’t go out of operation until that October.
Facebook estimates that a total of 1,500 people granted This Is Your Digital Life this permission in that time.
Anyone who messaged those people or received messages from them on Facebook may be caught up in the leak, so the true number could be far higher.
However, Cambridge Analytica denies having accessed this data.
A spokesman added: ‘GSR did not share the content of any private messages with Cambridge Analytica or SCL Elections.
‘Neither company has ever handled such data.’
Affected users are now being automatically presented with a notice that says: ‘We have banned the website ‘This Is Your Digital Life,’ which one of your friends used Facebook to log into.
‘We did this because the website may have misused some of your Facebook information by sharing it with a company called Cambridge Analytica.’
For those not affected by the Cambridge Analytica incident the message reads: ‘You can go to the Apps and Websites section of your settings anytime to see the apps and websites you’ve used Facebook to log into.’
A separate webpage, ‘How can I tell if my info was shared with Cambridge Analytica?’, will also resolve the question for you.
To manually access this site, click the link here.
Users not believed to be affected will see the message ‘Based on our available records, neither you nor your friends logged into ‘This Is Your Digital Life’.
Journalist Andrew Nathanson was not impressed by the revelation that Cambridge Analytica may have his personal infromation. He said his data was shared ‘because a friend used a trash app’
‘As a result, it doesn’t appear your Facebook information was shared with Cambridge Analytica by ‘This Is Your Digital Life’.’
Affected users will see a different message and they will be asked to to change their app settings, available here.
This is something that is still advisable for the security conscious, removing permissions for apps you no longer need or don’t recognise.
Facebook is not notifying individual users of the identify of friends who may have used the ‘This Is Your Digital Life’ app.
Facebook is still reeling from its worst privacy crisis in history, which saw Trump -affiliated company Cambridge Analytica use the data mined to try and influence the US presidential election.
A separate ‘How can I tell if my info was shared with Cambridge Analytica?’ webpage will also resolve the question for you. Affected users will see a different message to the one displayed and they will be asked to to change their app settings
Latest estimates suggest more than 87 million users may have had their data mined by the firm through ‘This Is Your Digital Life’.
However, the whistleblower behind the revelations about the consultancy firm says the true number affected by the scandal could be far higher.
The new tools came a day later than expected, with many criticising Facebook for a lack of communication.
In a written statement at the time, Mike Schroepfer, chief technology officer at Facebook said: ‘Starting on Monday, April 9, we’ll show people a link at the top of their News Feed so they can see what apps they use — and the information they have shared with those apps.
‘People will also be able to remove apps that they no longer want. As part of this process we will also tell people if their information may have been improperly shared with Cambridge Analytica.
‘Overall, we believe these changes will better protect people’s information while still enabling developers to create useful experiences. We know we have more work to do — and we’ll keep you updated as we make more changes.’
Experts say the revelations may trigger a wave of lawsuits.
A class action lawsuit filed against the firm is seeking compensation for the roughly 70 million US users who were affected as ‘Facebook stood idly by’ while Cambridge Analytica ‘sucked down’ their data.
Facebook says most of the users caught up in the Cambridge Analytica scandal are in the US, with more than a million each in the Philippines, Indonesia and the UK.
After finding out personal information was shared without their consent, some users blamed certain types of friends
US law firm Hagens Berman filed the class-action suit with the US District Court for the Northern District of California on April 9 to represent the millions of Americans whose data were shared improperly.
Damages in this case include both the dissemination of personal information and the loss of its sales value.
It’s not yet clear how much money the affected users could be compensated, though lawyers in the UK have estimated it could be upwards of £10,000-£12,500 ($14,000-17,000) for some.
The amounts, however, will ultimately be determined at trial, Hagens Berman says.
In March, three users of the Facebook Messenger app sued Facebook, saying the social network violated their privacy by collecting logs of their phone calls and text messages, in the latest legal challenge facing the company.
The US lawsuit filed in federal court in the Northern District of California seeks status as a class action on behalf of all affected users and asks for unspecified damages.
It’s not clear yet if Facebook users in the US could claim similar compensation for having their data compromised as part of the Cambridge Analytica scandal.
However, dispute resolution lawyer Jonathan Compton said those affected in the UK could complain to the Information Commissioner’s Office or make a claim through the civil courts on the grounds that losing their data had been ‘distressing’.
Mr Compton, a partner at DMH Stallard, said: ‘The start point for any award might be between £10,000 and £12,500. This will vary of course if the personal information is comparatively trivial or very serious and damaging.’
Cambridge Analytica whistleblower Christopher Wylie in March revealed that the political firm had improperly collected the data of millions of Facebook users without their consent.
He previously estimated that more than 50 million people were compromised by a personality quiz that collected their data and that of their friends.
Mr Schroepfer upped this to around 87 million users.
And in an interview aired on NBC’s ‘Meet the Press,’ Mr Wylie revised this number saying that it could actually be larger than 87 million.
‘I think that it could be higher, absolutely,’ he said.
Cambridge Analytica whistleblower Christopher Wylie in March revealed that the political firm had improperly collected the data of millions of Facebook users without their consent. In a recent interview, he revised this number saying that it could actually be larger than 87m
WHO ARE THE DATA VAMPIRES MINING FOR INFO ON FACEBOOK?
Facebook’s latest scandal involving communications firm Cambridge Analytica has served as a startling wake-up call for many users on the countless companies mining our social data.
Through a feature that meant apps could ask for permission not only to your data, but that of your Facebook friends as well, the firm was able to mine the information of million of users.
And, only 270,000 had given them permission to do so.
In 2014, Facebook changed its rules so that apps could no longer obtain data about a person’s friends unless those users had also authorized the app.
Still, Cambridge Analytica is far from the only firm to have access to Facebook users’ data.
By connecting your Facebook profile to a third-party app, you’re typically also granting that app permission to access your data.
You can check which apps your Facebook account is sharing data with by clicking here.
To view the apps you’ve given permission to (as shown above), go to Settings > Apps
That includes your name, profile picture, cover photo, gender, networks, username and user ID. These apps can also access your friends list, and any other public data.
Once the outside parties have access to your data, they can then use it to track different types of activity.
Many popular apps such as Instagram, Spotify, Airbnb, and Tinder can be connected to your Facebook account.
Just weeks ago, for example, MoviePass CEO Mitch Lowe bragged that the company stores ‘an enormous amount of information’ about users, and even tracks where they go after the movies.
MoviePass is also among the many apps that can be connected to your Facebook.
And, it doesn’t stop there.
Facebook users are waking up to just how much of their private information they have accidentally handed over to third-party apps. Social media users are sharing their shock at discovering thousands of software plugins have been gathering their data
Taking Facebook quizzes from third-party services, or doing image generators (such as the ever-popular ‘What Would Your Baby Look Like, or What Would You Look Like As The Opposite Sex), also often gives outside firms access to your data.
While these are usually preceded by a pop-up asking permission to access certain parts of your profile, many users have taken to clicking through without thoroughly reading what they’ve just agreed to.
Some users are now expressing their horror upon realizing they’ve granted permission to hundreds of third-party apps.
Other apps that have experienced viral popularity over the last few years, such as Facetune and Meitu, can access your Facebook data as well.
The initial conservative estimate, Mr Wylie explained, was made based on evidence in his possession at the time, adding that The Guardian, who broke the story, published only what could be verified at the time.
Cambridge Analytica, run by former White House senior adviser Steve Bannon and billionaire campaign benefactor Robert Mercer, was hired by the Trump campaign during the 2016 election.
Facebook is in full damage-control mode, with Mark Zuckerberg acknowledging he’s made a ‘huge mistake’ in failing to take a broad enough view of what Facebook’s responsibility is in the world.
Zuckerberg was grilled by Congress on a range of subjects when he appeared before them last week.
This included special counsel Robert Mueller’s investigations, data privacy, Russian exploitation, political bias, the firm’s business model and hate speech on the social network.
Zuckerberg has said Facebook came up with the 87 million figure by calculating the maximum number of friends that users could have had while Kogan’s app was collecting data.
The company doesn’t have logs going back that far, he said, so it can’t know exactly how many people may have been affected.
Cambridge Analytica previously said in a statement that it had data for only 30 million people.
Zuckerberg took out full-page adverts in nine major US and British newspapers in late March to apologise for the Cambridge Analytica scandal.
In the ads, the Facebook founder vowed to clamp down on allowing third parties access to data which can be sold on.
The ads, done in simple black text against a plain white background, were headlined: ‘We have a responsibility to protect your information. If we can’t, we don’t deserve it.’
‘You may have heard about a quiz app built by a university researcher that leaked Facebook data of millions of people in 2014,’ the apology begins.
‘This was a breach of trust, and I’m sorry we didn’t do more at the time. We’re now taking steps to make sure this doesn’t happen again.’
‘We’ve already stopped apps like this from getting so much information. Now we’re limiting the data apps get when you sign in using Facebook.’
‘We’re also investigating every single app that had access to large amounts of data before we fixed this. We expect there are others. And when we find them, we will ban them and tell everyone affected.
‘Finally, we’ll remind you which apps you’ve given access to your information – so you can shut off the ones you don’t want anymore.’
‘Thank you for believing in this community. I promise to do better for you.’
The apology was formally signed off by the Facebook chief.
WHAT HAS FACEBOOK DONE TO ADDRESS PRIVACY CONCERNS?
Facebook is giving its privacy tools a makeover as it reels from criticisms over its data practices and faces tighter European regulations in the coming months.
The changes won’t affect Facebook’s privacy policies or the types of data it gathers about its users.
But the company hopes its 2.2 billion users will have an easier time navigating its complex and often confusing privacy and security settings.
Facebook is giving its privacy tools a makeover as it reels from criticisms over its data practices and faces tighter European regulations in the coming months. This image shows how the settings will appear before (left) and after (right) the redesign
Facebook says it’s trying to make the controls easier to find and to give users a simpler way to access and download the data it collects on them.
The announcement follows revelations that Trump-affiliated consulting firm got data on millions of unsuspecting Facebook users.
Facebook is also facing criticism for collecting years of data on call and text histories from Android users.
In a written statement, Erin Egan, vice president and chief privacy officer, policy, and Ashlie Beringer, vice president and deputy general counsel, said: ‘Last week showed how much more work we need to do to enforce our policies and help people understand how Facebook works and the choices they have over their data.
This image shows a redesign of Facebook’s privacy tools. The changes won’t affect Facebook’s privacy policies or the types of data it gathers on users, but the company hopes users will have an easier time navigating its complex settings menus
Among the changes, Facebook is making data settings and tools easier to find, is introducing a new privacy shortcuts menu, and is adding tools to find, download and delete your Facebook data
‘We’ve heard loud and clear that privacy settings and other important tools are too hard to find and that we must do more to keep people informed.
‘We’re taking additional steps in the coming weeks to put people more in control of their privacy.
‘Most of these updates have been in the works for some time, but the events of the past several days underscore their importance.’
Among the changes, Facebook is making data settings and tools easier to find, is introducing a new privacy shortcuts menu, and is adding tools to find, download and delete your Facebook data.
The Facebook data scandal deepened after users found the social network had harvested information including call logs and text messages.
Some users discovered the firm had been storing complete logs of incoming and outgoing calls and text messages.
Others reported that data such as contacts in their address books, social events in their calendars and even friends’ birthdays had been stored.
The company says an opt-out for uploading contacts is available and users can delete all uploaded contacts by turning off the continuous uploading setting in Facebook’s Messenger app.
All previously uploaded contacts are deleted when a user permanently removes their profile. Contacts will also no longer continue to be uploaded.