Facebook Didn’t Kill 2,000,000… But Could It Kill 1,000?

Facebook “dead” bug

Facebook “dead” bug

Around 4 p.m. on November 11, 2016, facebook declared roughly 2 million of its users dead.  Even founder and CEO Mark Zuckerburg was a victim.

People logged into their accounts and saw the following headline:

Remembering (insert name here)
“We hope people who love (insert name here) will find comfort in the things others share to remember and celebrate their life.”

The company later claimed that it was a faulty system update.  A spokesperson apologized,  “For a brief period today, a message meant for memorialized pages was mistakenly posted to other accounts.  This was a terrible error that we have now fixed. We are very sorry that this happened and we worked as quickly as possible to fix it.”

Well, I guess nobody was physically hurt.  The damage was strictly emotional. Hey, it was just a glitch or a bug.  All’s well that ends well I suppose.

Forgive the sarcasm.  Now let me explain why this is actually a big deal.

When false messages are simultaneously pushed to 2,000,000+ individuals, it might be foreshadowing a hypothetical national security breach.   One that could result in an irrevocable calamity.  But hold on a second.  The average facebook user has around 200 friends.  So that’s actually 400 million alerts, a number that easily surpasses the population of the entire United States.

Facebook recently implemented something called “Safety Check.”  During an ecological disaster or imminent threat (floods, earthquakes, active shooters, suicide bombers, etc.), this feature allows people to quickly share with friends and family that they’re safe.

Facebook utilizes the following information and factors to determine if you’re in the affected area.

* The city you have listed in your profile.
* Your current location, assuming you’ve given facebook access to your phone or tablet’s location.
* Other signals that point to your location.  For example, the city where you predominantly use the internet.

Once you’ve confirmed that you’re safe, facebook prioritizes and relays the messaging to the users on your friends list.  Depending on your social media popularity, this could potentially result in thousands of high priority push notifications and updates for just one individual.  That would represent an exponential distribution of information.  Keep in mind, these algorithms and the intellectual property rights which accompany them are classified.  They are not available for scrutiny, review or public consumption.

Alright, now let’s try a hypothetical scenario based on the recent facebook mass death hoax.

During the NFL regular season, every Sunday features a slew of games that overlap during the 1-4 p.m. time frame.  The total, median attendance for these games is roughly 500,000 fans.  That’s a half million people in stadiums across the country.  These venues provide an extraordinary amount of wireless hyper-connectivity.

Now what does every individual at these games have in common?  Answer: Virtually all of them are carrying an active cell phone.  They’re texting and tweeting.  They’re posting status updates.  They’re showing off selfies and group pics. They’re checking scores and fantasy football stats.  Nearly all of them are sending and receiving instantaneous information.

This is the new norm.  Everyone wants the entire world to know they’re at the big game.  Don’t believe me?  Try going to a game.  Or better yet, just observe the fans during any televised broadcast.  Many appear oblivious to the action on the field, as they’re totally engrossed and beholden to their little smart phone screens.

Now do you recall the facebook “safety check” feature?  What might happen if hundreds, or worse yet, tens of thousands of individuals in targeted locations (NFL stadiums) received an emergency “safety check” while the games were in progress?  How might people react?  How might people react watching others react?  At the game?  Not at the game?  Nearby?  Far away?

What if it wasn’t a “bug” or an “accident?”  What if there was a concerted effort to saturate and target specific stadiums with false information?  Words have consequences.  What might happen in Buffalo and Pittsburgh… if things take a turn for the worse in say, Philadelphia and Atlanta?  In today’s world of wireless techno-velocity, how might people interpret an event that has never occurred, let alone been conceived of?

Yes, I’m talking about a real-world panic… an “artificially generated stampede.”  Whether it’s the result of a programming error or coding mishap really wouldn’t matter.  Would it?

Now here’s the bad news.  There’s about a dozen other ways to transmit information to people’s cell phones.  Social media represents just one of them.  And guess what?  A physical list of phone numbers isn’t required.

Emergency wireless notifications may have altered the playing field.   But the internet has transformed the entire game.

But this is NOT a game.  Historically speaking,  a stadium stampede has a death toll in the 50-150 range w/ 5x to 10x that number of injuries.

People have a right to a heightened level of situational awareness.  People should know that if they received a “safety check” while attending an NFL game, it’s almost certainly an attempt to foment a real-world panic, potentially resulting in a human stampede, or worst case scenario “dominipede” (multiple, simultaneous stampedes).

How can I say this with such certainty?  Well, it’s pretty much common sense.  If an NFL incident commander seeks to launch a real-world emergency evacuation, there’s already a very strict protocol in place.  You use the public address system in tandem with the jumbotron and the video monitors.  You alert the ushers via their headsets.  First, you clear the field.  Then, you evacuate the stands. There are things you say.  And there are things you don’t say.  Like I said, the protocol is paramount.  Nobody in their right mind would initiate a stadium evac via facebook alerts, safety checks or bulk text messaging.  That’s just not how it’s done.  Not only would it be a direct violation of the established protocol, but it would also represent gross negligence, both legal and moral, of an incomprehensible scale.

Go to an NFL game and you’ll see plenty of physical security.  Steel fencing, barricades, bomb detection scanners, video surveillance, magnetometers, scores of low-paid event staff, local police… the majority of which are all in plain sight.  There’s even an airspace perimeter grid that renders drones inoperative.  Oops, sorry.  Nobody’s allowed to know about the “no-go, drone zone.”

But there’s virtually nothing in the realm of cyber-security.  It’s my contention that this invisible dynamic will be challenged in the foreseeable future.  Eventually, someone will test the cracks in the system.  There’s a discernible inevitability in play.  After all, it’s merely the wireless equivalent of shouting “FIRE” in a crowded theater.  Just on a vastly more pernicious scale.

So this leaves us with two distinct choices.

A. You can inform people that there’s a POSSIBILITY someone could try to manipulate the collective behavior of the crowd.  You can explicitly divulge the existing security disconnect (50,000 – 100,000 cell phones in every stadium capable of receiving real-time, false information).  You can tell fans that official stadium evac orders would NEVER be delivered via their personal cell phones.


B.  You can deliberately choose to leave humanity ignorant.

I’ll take the former.  The NFL and the federal government are aware of this asymmetric cyber-security threat.  And they have chosen the latter.  And they’re going to stick with the status quo… until and unless there’s a tragedy where innocent people die.

It’s a really twisted paradox.

Perhaps the future will unfold differently.  Perhaps nothing bad will ever happen.  Perhaps nobody would panic.  Perhaps there wouldn’t be a stampede.  But I’ll leave you with one vexing question —  what action will be taken after something like this is ATTEMPTED?

I guess it all comes down to a very simple question.  Do people have a fundamental right to know about this stuff?  I believe they do.  It’s why I created the site.