Risk
10/8/2012
01:20 PM
50%
50%

Facebook Tries Again On Sponsored Stories Settlement

New proposed settlement terms call for plaintiff payments, increased user control over content. Meanwhile, Facebook urges judge to dismiss proposed $15 billion class action lawsuit over tracking practices.

Cue take two for a proposed Facebook settlement over the social networks' Sponsored Stories program, which was the subject of a class action lawsuit filed on behalf of users whose names and images were used for advertising purposes without their permission.

In a surprise turn of events, the first proposed settlement was blocked in August by U.S. District Court Judge Richard Seeborg, who voiced "serious concerns" with a provision in the settlement that guarantees that the plaintiffs' lawyers will receive up to $10 million in attorneys' fees from Facebook.

Given that the settlement amount being offered to consumers affected by Sponsored Stories was also $10 million, Seeborg asked whether the lawyers representing consumers "may 'have bargained away something of value to the class'"--meaning they may not have demanded enough money from Facebook--and asked to know how negotiators had arrived at their total $20 million settlement amount.

[ Wondering how to handle those annoying Facebook newsfeed highjacks? Read Attack Of The Rude Facebook Shoes. ]

Critics of the settlement also questioned why all of the settlement money--beyond attorney fees and related costs--was set to go not to affected consumers, but rather to six organizations that deal with consumers' privacy rights: Consumer Federation of America, Electronic Frontier Foundation, Campaign for a Commercial-Free Childhood, Center for Democracy and Technology, Rose Foundation, and the Stanford Law School Center for Internet and Society.

But that could change, as the amended settlement filed Friday now says that affected consumers will receive "a one-time cash payment equal to $10." If more than one million consumers make a settlement-related claim, the $10 million will be split evenly between them. If the settlement amounts drop to less than $5, however, the settlement administrator can either split the money equally between all claimants, or instead distribute all of the money to the aforementioned privacy organizations.

Other settlement changes include Facebook providing consumers with an easily accessible way to review all of their Sponsored Stories interactions, including any related content of theirs that may have been used. Facebook would also revise its terms of service to make clear that any user agrees to give Facebook "permission to use your name, profile picture, content, and information in connection with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us." In other words, Facebook will tell users that they "permit a business or other entity to pay us to display your name and/or profile picture with your content or information."

Meanwhile, anyone under the age of 18 who uses Facebook would be attesting that their parent or legal guardian has agreed to those terms. That said, when Facebook knows about users' family relationships--for example, when a user designates themselves to be the parent of a minor who's also a Facebook user--it will allow the parent to opt their child out of Sponsored Stories. "Where a minor user indicates that his or her parents are not on Facebook, Facebook will make the minor ineligible to appear in Sponsored Stories until he or she reaches the age of 18, until the minor changes his or her setting to indicate that his or her parents are on Facebook, or until a confirmed parental relationship with the minor user is established," reads the revised settlement.

In other lawsuit-related Facebook news, an attorney for the social network Friday urged a judge to dismiss a separate $15 billion class action lawsuit against the company, which consolidated lawsuits filed in 10 different states. The lawsuit accuses Facebook of tracking users' online behavior even after they'd left the social network's website.

Facebook attorney Matthew Brown told U.S. District Judge Edward Davila that the complaint against Facebook--in what's known as the "In re Facebook Internet Tracking Litigation" case--contained an "utter lack of allegations of any injury to these particular named plaintiffs," reported Bloomberg. Because the plaintiffs hadn't demonstrated that anyone had been harmed, Brown recommended that the lawsuit be dismissed.

But Stephen Grygiel, a lawyer for the users, disputed that no harm had been done, telling the court that "through a trick," Facebook had intercepted communications with other websites, reported Bloomberg. "Nowhere in Facebook's privacy policies does the company say, 'We are involved in your communication with third-party websites after you log out,'" he said.

Benchmarking normal activity and then monitoring for users who stray from that norm is an essential strategy for getting ahead of potential data and system breaches. But choosing the right tools is only part of the effort. Without sufficient training, efficient deployment and a good response plan, attackers could gain the upper hand. Download our Fundamentals Of User Activity Monitoring report. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.