Facebook to Pay $100m for Misleading Investors on Risks from Misuse of User Data Helping Russian Attacks on US Democracy

The Securities and Exchange Commission today announced charges against Facebook Inc. for making “misleading disclosures” about the risk of misuse of Facebook user data. Facebook has agreed to pay $100 million to settle the charges. Thus, another enabler of the Soviet assault on the U.S. democracy gets off with a paltry fine and no criminal consequences.

According to the SEC’s complaint, in 2014 and 2015, the now-defunct advertising and data analytics company, Cambridge Analytica, paid an academic researcher, through a company he controlled, to collect and transfer data from Facebook to create personality scores for approximately 30 million Americans. 

For more than two years, Facebook’s public disclosures said the risk of misuse of user data as merely hypothetical when Facebook knew that Cambridge Analytica had misused Facebook user data.

The SEC notes that public companies must identify and consider the material risks to their business and have procedures designed to make disclosures that are accurate in all material respects, including not continuing to describe a risk as hypothetical when it has in fact happened.

In addition to the personality scores, the researcher, in violation of Facebook’s policies, also transferred to Cambridge Analytica the underlying Facebook user data, including names, genders, locations, birthdays, and “page likes.”  Cambridge Analytica used this information in connection with its political advertising activities, a euphemism for treason in AutoInformed’s opinion.

The SEC’s complaint alleges that Facebook discovered the misuse of its users’ information in 2015 but did not correct its existing disclosure for more than two years.  Instead, Facebook continued to tell investors that “our users’ data may be improperly accessed, used or disclosed.

According to the SEC complaint, Facebook reinforced this false impression when it told news reporters who were investigating Cambridge Analytica’s use of Facebook user data that it had discovered no evidence of wrongdoing. When the company finally did disclose the incident in March 2018, its stock price dropped.

The complaint further alleges that during this two-year period, Facebook had no specific policies or procedures in place to assess the results of their investigation for the purposes of making accurate disclosures in Facebook’s public filings.

“Public companies must accurately describe the material risks to their business,” said Stephanie Avakian, Co-Director of the SEC’s Enforcement Division. “As alleged in our complaint, Facebook presented the risk of misuse of user data as hypothetical when they knew user data had in fact been misused.  Public companies must have procedures in place to make accurate disclosures about material business risks.”

“We allege that Facebook exacerbated its disclosure failures when it misled reporters who asked the company about its investigation into Cambridge Analytica,” said Erin E. Schneider, Director of the SEC’s San Francisco Regional Office.  “This gave further weight to Facebook’s misleading statements in its public filings.”

Without admitting or denying the SEC’s allegations, Facebook has agreed to the entry of a final judgment ordering a $100 million penalty and permanently enjoining it from violating Sections 17(a)(2) and 17(a)(3) of the Securities Act of 1933 and Section 13(a) of the Securities Exchange Act of 1934, and Rules 12b-20, 13a-1, 13a-13, and 13a-15(a) thereunder.

The SEC’s investigation was conducted by Matthew Meyerhofer and Robert Tashjian and supervised by Tracy L. Davis and Erin Schneider of the San Francisco office. They deserve better leadership…

About Ken Zino

Ken Zino is an auto industry veteran with global experience in print, broadcast and electronic media. He has auto testing, marketing, public relations and communications expertise garnered while working in Asia, Europe and the U.S.
This entry was posted in fools 'n frauds, litigation, news analysis and tagged , , , , . Bookmark the permalink.

2 Responses to Facebook to Pay $100m for Misleading Investors on Risks from Misuse of User Data Helping Russian Attacks on US Democracy

  1. AutoCrat says:

    This SEC outrage follows what in essence is a corrupt plea deal earlier in the week that grants Facebook and its corporate officers immunity in a wide range of possible misdeeds committed before 12 June 2019. The agency did not hold Mark Zuckerberg – or any other Facebook billionaire/millionaire – liable for Facebook’s repeated privacy violations.

    Facebook had $15 billion in revenue Q2, when it said in a SEC filing that it had set aside $3 billion to pay potential fines. Facebook’s investors when the size of the expected fine was first reported this month shrugged it off. After the F.T.C.’s official announcement on Wednesday, the stock price closed slightly higher.

    FTC Commissioner Rohit Chopra, casting one of two dissenting votes on the latest plea deal, said, “The settlement imposes no meaningful changes to the company’s structure or financial incentives, which led to these violations. Nor does it include any restrictions on the company’s mass surveillance or advertising tactics.”

  2. SEC says:

    S.P. Kothari is the Chief Economist and Director, Division of Economic and Risk Analysis at the SEC.

    “The term “big data” is new, but the underlying phenomenon is anything but new and it is certainly not unique to financial economics. Consider, for example, the U.S. census, which is taken every ten years as required by the U.S. Constitution. It is a seemingly simple task to count people and report demographic information such as marital status and family size. Yet by 1870, the quickly expanding U.S. population hampered the ability of the Census Office to tabulate results effectively. In fact, the 1880 census, which was hand-counted, took nearly ten years to complete. In other words, the 1880 census involved big data. Herman Hollerith saw the opportunity and left the Census Office before the 1880 census to develop a machine that could count and tabulate the results. His machine was tested in 1887, and it was quickly leased by the Census Office for the 1890 census. His success in 1890 led to contracts with foreign governments and private companies. Hollerith machines were used in 1891 for censuses of Canada, Norway, and Austria; railroad companies used them to calculate fare information; etc. In other words, Hollerith machines efficiently solved many important big-data problems of the day.

    Today, 150 years later, where do we stand? We stand on mountains of data that are inconceivably larger. By some estimates, the world generates more data every two days than all of humanity generated from the dawn of time to the year 2003.

    How much data is generated by or for the SEC? One easy answer is that the SEC’s Electronic Data Gathering, Analysis, and Retrieval system (or EDGAR) receives and processes about 2 million filings a year. But those filings are themselves complex documents, many of which contain scores of pages, numerous attachments, and many thousands of pieces of information.

    What is big data? I think it is kind of like old age: anyone older than me is old, and any data set bigger than my computer system can process is big. What does “big” mean to the SEC? The SEC processes and maintains several big data sets. One example is the Option Pricing Reporting Authority data, or OPRA data. One day’s worth of OPRA data is roughly two terabytes.

    Big data are often characterized by so called “three v’s,” which are volume, velocity, and variety.
    Volume is the quantity of the data.
    Velocity is the speed at which the data are created and stored.
    Variety is the heterogeneity of the data in term of data type and data format.
    To this list of three, some would add a fourth “v,” veracity.
    Veracity is the quality and accuracy of the data.

    Policy Challenges

    Like the Census Office 150 years ago, the SEC faces a big-data problem today. This leads me to the first question that I want to highlight in this talk: What are the policy challenges that stem from big data at the SEC?
    Let me begin by reminding you that the mission of the SEC is to (1) protect investors; (2) maintain fair, orderly, and efficient market; and (3) facilitate capital formation. I see several big-data policy challenges considering the SEC’s three-fold mission.


    Let me begin with security, which is a primary concern of the SEC. The volume, velocity, and variety of big data make security particularly challenging for several reasons. First, big data are harder to store and maintain. For example, it is harder to ensure that only the right people at only the right time have access to only the right data. Second, big data are bigger targets for bad actors. For example, portfolio holdings data for all investment advisors are more valuable than portfolio holdings data for one investment advisor, and weekly portfolio holdings data are more valuable than annual portfolio holdings data. These challenges get harder as certain data sets start to include more personally identifiable information (PII) or identifiers that link investors and institutions within and across data sets.

    The SEC must be mindful of the data it collects and its sensitive nature, and the SEC must be a principled, responsible user of that data. Naturally, data collection is not an end unto itself—the SEC must not be in the business of ill-defined and indefinite data warehousing. For these reasons, the SEC continues to look into whether it can reduce the data it collects or reduce its sensitivity. One example of this is the SEC’s approach to Form N-PORT, which is a new form for reporting both public and non-public fund portfolio holdings to the SEC. The Commission recently modified the submission deadlines for this information in order to reduce the volume of sensitive information held by the SEC. This simple change reduced the SEC’s cyber risk profile without affecting the timing or quantity of information that is made available to the public.


    Another policy challenge is technology. For example, the potential trading gains from having computer systems and other technologies that are even just a little faster and smarter than the competition are enormous. Thus, there is a technology arms race between trading firms that are striving to get the best technology and the best personnel. The media regularly reports about institutions that are increasing their use of AI, machine learning, and related tools.[6] However, there may be fixed costs to the deployment of these technologies that exclude small, fragmented, or less resourceful investors.

    Second, there are cultural differences between organizations that affect not just the choice of which technology to deploy but also the timing of deployment. For example, hedge funds might be able to adopt new technologies such as cloud computing more quickly than pension funds are able to do so.

    Third, some technologies are inherently challenging for the SEC to monitor. To mention just one example, consider artificially intelligent algorithmic trading (AI algo trading), which trade through time in non-predictable ways. Suppose an AI algo eventually starts spoofing without the knowledge of the algo creator. (Spoofing is a prohibited activity than involves creating and cancelling many trades in an attempt to convey false information about market demand.) How should the SEC respond to that?

    And speaking of fast-moving technology, how does the SEC develop or attract a workforce that not only sees and understands the current state of the art but that can also envision and prepare for the future? The SEC has prioritized and supported the development of a workforce with big data skills and experience. Over the last 10 years, DERA’s headcount has grown from a little over 30 people to nearly 150 people today.


    Another big-data policy challenge is communication because the SEC has diverse stakeholders. The SEC focuses on “Main Street” investors, meaning individual, retail investors who typically invest through their 401(k)-style plans. But our stakeholders also include pension funds, municipal bond issuers, brokerage firms, hedge funds, and Congress. The issues surrounding big data are complex and increasing require specialized training to understand. So, it is challenging to communicate the essential parts of these markets to each group of stakeholders. Indeed, one size does NOT fit all.

    While I am talking about communication, I would like to mention an important detail about the Herman Hollerith story. A key insight into the census data problem was the realization that the variety of the data could be dramatically reduced by requiring the data to be transcribed onto what we would now call punch cards. With all the data in one standardized form, it was relatively easy to build a machine that could tabulate the information. This principle still holds true today. For example, the SEC has required filers to tag some data using methods such as XML, FIX, FpML, XBRL, and, more recently, Inline XBRL. By dramatically reducing the variety of the data, tagging transitions an electronic document from being human readable into one that is also machine readable. A perennial challenge of the SEC is to find cost-effective ways to reduce the variety of financial data without loss of substantive information.

    An additional feature of data tagging is network effects. It is well known that data in tagged 10-Ks can be linked to data from other forms and other firms. Perhaps it is less appreciated that data in tagged documents could be linked across regulatory boundaries and even national boundaries provided the regulator community required similar data tagging. For the SEC, a key benefit of cross-regulator consistency in tagged data is the ability to understand better the nature of the risks in the financial markets. The markets today do not stop at national borders, so looking only at intra-national data provides only a partial picture of the system’s risk.”

Leave a Reply

Your email address will not be published. Required fields are marked *