Lift the hood on just about any social media app or platform these days, and you’re likely to uncover a thorny mess of lurking privacy issues. Most days, of course, all eyes are on Facebook and its fast-and-loose approach to user privacy. However, in July 2019, all attention was focused on the FaceApp privacy drama, which even ensnared top U.S. legislators warning of a potential risk to national security. Meanwhile, privacy activists worried that a vast underground market might emerge for, of all things, facial data, or that militaries around the world might eventually use this facial data to train weapons systems.
Details of the FaceApp privacy drama
The company at the center of the FaceApp privacy drama was Wireless Lab, a Russian startup company that developed the remarkably popular app that has gone viral worldwide. If your social media feeds have been filling up with faces of old, wrinkly and super-aged faces, it’s likely due to FaceApp, which recently unveiled a new viral photo filter that uses artificial intelligence (AI) to age faces. The results were, at times, absolutely stunning – like the viral picture of uber-celebrity Kim Kardashian aged nearly beyond recognition. For anyone who ever wondered to celebrities who failed to show up for their regular Botox treatments, here was the place to find out. And, indeed, some social media gurus estimate that FaceApp has been downloaded and used more than 100 million times, making it a worldwide sensation.
But there’s just one problem – users forgot to check what they were signing over when they downloaded the app, which was easy to find in both Apple and Google app stores. That’s essentially what led to the FaceApp privacy drama. Too late, users woke up to the horrifying prospect that the FaceApp app might have unfettered access to their personal camera rolls, or that photos were being stored in the cloud and then transferred to Russian servers, where they could be accessed by Russian state security agencies. The tabloid newspaper New York Post sensationalized matters even further, with a clickbait headline promising that, “Russians Now Own All Your Old Photos.” Around the Internet, people began to panic that those pesky Russians might be able to share any user data they wanted.
Panic over privacy goes viral
Given that kind of negative media buzz, it was perhaps only a matter of time before national politicians latched onto the FaceApp privacy issue to engage in political grandstanding. New York Senator Chuck Schumer, for example, saw the FaceApp app as yet another sign that Russian bots were taking over social media and destroying American democracy. He warned that a failure to stop FaceApp might mean a risk to national security and privacy on an epic scale. Not to be outdone, the Democratic National Committee (which continues to claim that it was hacked by Russians during the 2016 presidential election) warned all 2020 presidential candidates from the Democratic Party to steer clear of FaceApp. (It can only be imagined what diabolical dangers might result if the Russians were able to get their hands on very old faces of all the Democrats running for the presidency!)
So was all this FaceApp privacy drama a tempest in a teapot, or a real privacy scandal with potential global repercussions for national security? The answer to that question, of course, depends on whom you ask for an answer about FaceApp privacy. But one thing is certainly true: as much as people talk about the value of privacy, and as much as they talk about the need for regulators to protect that privacy, the common user is remarkably lazy when it comes to crossing all the t’s and dotting all the i’s.
Standard operating practices for the social media industry
But this was not some sinister Russian plot to snoop on foreigners – it’s simply a reality that, in many cases, users must forego some of their privacy freedoms if they want to participate on the modern Internet. For an app to age your face, for example, it needs to have access to images on your phone. For an app to deliver relevant ads, it needs to have access to some types of personal information.
The big question, of course, is whether FaceApp went too far. Or was FaceApp simply following the trail already blazed by the likes of Facebook? In response to the FaceApp privacy scandal, Wireless Lab provided its full and complete terms of service, so that users could see for themselves. The company said no information was ever transferred to Russia, and that there was no way for the Russian state security organs to get their hands on the data. And, just as importantly, FaceApp said that it did not sell or share data with third parties. All requests to remove personal data (such as facial data used to train facial recognition systems), it said, would be handled within the space of 48 hours.
Thus, in many ways, the drama and hubbub surrounding FaceApp was really no different from the type of drama we’ve come to expect from social media companies. As long as an app or service is free, there needs to be some way to monetize user data and personal information. While FaceApp’s terms of service might strike some as being unnecessarily wide and broad, are they really different from those offered by Facebook or Snapchat?
In the post-GDPR era, companies are more worried than ever before of being caught up in any sort of privacy drama, so they are perhaps erring on the side of caution. At the end of the day, the FaceApp privacy scandal is a wakeup call that concepts of online privacy are changing in front of our very eyes due to the emergence of new technologies such as AI, and that regulators and legislators are quickly falling behind in this race to protect social media users.