A lot of people made fun of the questions Mark Zuckerberg was asked when he went to Congress last week, there were all sorts of gags of how it would be like having to set up your grandparents’ wifi, but Senator Dick Durbin, I think, made a good point with a simple question
That was fun, turning the tables a bit, but this, I think, was a much more important exchange.
That was Senator Brian Schatz asking the questions. And I’m suspicious of the answers there.
But before that I want to go back to a young southern governor who was an unlikely candidate for the Democratic presidential nomination more than quarter of a century ago. Back then, any association with drugs was a serious issue for any candidate.
Some enterprising journalist had the bright idea of sending a questionnaire to all candidates, which included a question about whether they had ever taken drugs. This candidate answered, apparently, clearly. He said that he had never broken our country’s drug laws. Case closed.
Except, not quite. The candidate in question was then-Governor Bill Clinton. He was later questioned more closely about his drug-taking and he said this:
But, he hadn’t lied. When asked about ever taking drugs, he reframed the question and answered something else, and nobody noticed. So, when caught, he could claim that he was telling the truth that he had never broken US drug laws.
This is called a non-denial denial. You’re asked if you did something. You answer in the negative, you say you didn’t do the thing, but within your answer, you subtly reframe the question, so that you are denying something that isn’t quite what you were asked about.
The average listener takes away a flat denial, but you have left open whether you actually did what you were accused of. By the way, when you use a non-denial denial, it’s really risky to do it in person, because if you phrase something wrongly, you might end up stepping over the line and actually lying, which is bad, or you might have to correct yourself, which would draw the listener’s attention to the difference between the question asked and the question answered. It’s much safer to do it in writing, less chance of tripping up. And, of course it helps if the questioner isn’t very experienced at asking the questions.
When I heard that exchange between Schatz and Zuckerberg, I remembered about a show I heard a while back on a podcast about Facebook using people’s phone microphone to spy on them. There were examples of people getting a slew of ads for products that they had never searched for, never liked, never typed into the internet in any way, but had talked about, either on the phone or in person with someone very shortly before they got the ads.
The podcast, Reply All, is from a big podcast publisher, they put a lot of resources into their show, but Facebook flat-out refused to supply a spokesperson. Instead, they sent a written statement. Red flag number one.
In that podcast, in the very first line, they say that it’s about using phone microphones to inform advertising.
And if you listen to the show, it’s clear that nobody there is talking about having someone in a darkened room in Facebook headquarters with a pair of headphones on, scribbling in a notepad. The suspicion is that audio is being recorded, and sent to Facebook to be used to target ads.
Even if you ignore the anecdotal evidence of ads showing up for people who have discussed topics in real life, but never on the internet, there is some reason to believe this might happen. First of all, the Facebook Messenger licence agreement allows the app to record audio with microphone, at any time without your confirmation.
But let’s look back at that Facebook statement to the Reply All podcast. It says
Some recent articles have suggested that we must be listening to people’s conversations in order to show them relevant ads. This is not true.
That seems pretty emphatic. Sort of. Remember what I said about reframing the question?
For sure, one way that Facebook could target ads based on conversations would be to listen in on them. And Facebook flat-out deny that, and that denial seems to include some automated systems at Facebook listening in, as well as the pretty-unlikely idea of a human doing the eavesdropping. And Facebook are being pretty specific that that is what they are denying. Very specific. Red flag number two.
But, if I were programming a feature like this, that’s not the way I would do it. Remember that most phones these days have more processing power than the average laptop did just a couple of years ago. I don’t think that it would be very efficient to transmit all those billions of hours of audio recordings to Facebook servers, then run a speech analysis on them, and then tag different accounts for different types of ads.
A much simpler way of doing it would be to do that processing within the phone. Analyse the audio, and as you are going along, tag the account for whatever popular advertising keywords come up in conversation.
This would also mean much less data traffic, and much less chance of getting caught.
Speaking of getting caught, let’s listen to that exchange between Zuckerberg and Senator Brian Schatz again
Note how much more eager Zuckerberg is to answer the question that WhatsApp is encrypted – which wasn’t asked – than he is to talk about how it might inform advertising. Red flag number three.
Zuckerberg what he’s talking about here, when he says fully encrypted, it means that your messages are encrypted before they leave your phone and only decrypted when they get to your contact’s phone, so even if they are intercepted, they cannot be read by anyone in between, not even Facebook, so, he’s implying, they can’t be used to target advertising.
That’s what he’s implying. But not stating. But again, this would be a smart way to do this anyway, not least because it would become a huge and easy target for someone trying to hack into your messages, don’t bother trying to decrypt them, just get the stream going to Facebook, if it exists.
Which I don’t think it does. But Zuckerberg’s answer doesn’t rule out the possibility that keywords from that message tag the user’s account to be included in related advertising.
To me, that sounds like a non-denial denial. Red flag number four. There is no need to see the content of messages being transmitted over WhatsApp, if those messages have already been used by a process within the app on the phone to tag the originating account for certain advertising groups.
Zuckerberg goes on then to say this
Now, if he were to be doing this, doing textual analysis on the phone and transmitting the results, but not the text, and if he were to get caught, Zuckerberg could say what I said was true, the messages don’t inform any ads. The message content only tags the account into certain ad groups, and the ad groups inform the ads.
He could say that, but that would really be stretching the truth. That’s not so much an ‘I didn’t break my country’s drug laws’, that’s more a ‘I did not have sexual relations with that woman’. Nevertheless, it’s interesting how he struggles to keep his answers within his own frame, not the one being asked. That’s red flag number five
There is one more thing. WhatsApp copied its encryption features from a messaging app called Telegram. Telegram does everything that WhatsApp does, and it actually has a lot more security features that WhatsApp didn’t replicate, Telegram was developed to protect messages between political activists in countries with autocratic regimes. And on my phone, WhatsApp takes up 111Mb; Telegram is less than half of that, at 45Mb. We have no idea what hidden features are taking up all that extra space, and that’s red flag number six.