The non-stop concerns about improper data sharing practices at social media giant Facebook show no signs of stopping. After a New York Times reporter published a bombshell story on how Facebook intentionally shared personal information of its users with over 60 different device makers – including the two largest, Apple and Samsung – in order to create “Facebook-like experiences” on those devices, U.S lawmakers and regulators are asking Facebook for answers. What they see is a clear pattern of abuse, in which Facebook pledges over and over again that it has figured out its data sharing problem, but new revelations continually come to light.
The Facebook data sharing problem, explained
In its defense, Facebook says that the data sharing partnerships with mobile device manufacturers were only intended to make it easier for these global device makers to build software incorporating Facebook functionality into their smartphone devices. According to Ime Archibong, Facebook Vice President of Product Partnerships, the data-sharing program was controlled and monitored by Facebook from the very beginning, and all integrations with the device manufacturers were personally approved by Facebook. Moreover, while personal user data might have been shared with these device makers, Facebook says it was only used in order to give users access to Facebook messages and notifications on their mobile phones.
But the New York Times report suggests that the data-sharing program went far beyond this. Deeply personal information – including relationship status and political affiliation – was also shared with device manufacturers. Moreover, it is highly likely that the contact information of users was shared with device manufacturers. This means that users and their friends might have had data about their social network shared with device makers, even without giving their explicit consent. Doesn’t this sound a lot like the Cambridge Analytica case, in which a simple quiz app was used as a back door to slurp up data from 87 million users?
And there’s one more wrinkle to this case that makes it so difficult for Facebook to defend. While Facebook claims that all personal information of users physically remained on the phone itself, the New York Times report suggests that the data might have been somehow scraped and then moved to the servers belonging to the device manufacturers. In other words, data that belonged to a user (and his or her friends) now belonged to the device manufacturers as well. That’s a huge red flag, and one big reason why Congressional lawmakers are now asking Facebook for answers.
The national security implications of sharing data with foreign device makers
If the situation only involved domestic users and domestic device makers, Facebook might have been able to contain the story. But there’s still one more aspect to the case that’s so alarming, and that’s the fact that among the foreign device makers who had access to the data were four Chinese companies – Huawei, Lenovo, Oppo and TCL. They all might have used Facebook user data in creating versions of Facebook.
The inclusion of Huawei in the list is particularly notable because that is the same Chinese company that has already come under blistering attack from U.S. regulators for its ties to the Chinese government and China’s spy and surveillance apparatus. (The company was founded by a former Chinese army engineer and has received funding from state-run Chinese banks.) Huawei has been in the crosshairs of U.S. lawmakers since 2012, when issues first surfaced about the company’s deep ties to the Chinese state, and the potential for foreign espionage.
This, of course, raises the stakes dramatically, ever since the story first broke on June 4, 2018. It suggests that China might have been secretly harvesting information about U.S. users for years, and using it for its own surveillance purposes. In the U.S. market, the phones from Huawei are marketed under the Honor brand, which means that some (if not most) of U.S. consumers might not even have realized that they were buying phones made by a Chinese company. Fears of espionage have reached the point where the U.S. Pentagon is not taking any chances – starting in May 2018, it has banned the sale of Huawei and ZTE phones at any locations of its military bases.
Huawei, as might be expected, has denied that it has ever collected or stored any Facebook user data. From the Chinese company’s perspective, it was simply doing what 59 other companies were doing. Why get riled up about its own practices, and not those of Apple or Samsung? The formal Chinese government response to charges of spying and surveillance suggested that the U.S. needs to provide a “fair, open, transparent and friendly environment” for its companies, and that the U.S. might be unfairly targeting Huawei.
How is this different from the Cambridge Analytica case?
One important question that remains to be answered is whether giving device makers access to Facebook user data is any different from giving third-party app developers access. Put another way, what’s the difference between sharing data with Apple and sharing data with Cambridge Analytica?
To date, the Facebook answer to this question has been that the two cases are fundamentally different. In the case of the device manufacturers, says Facebook, the group of partners was relatively small (60), all integrations were approved by Facebook, and data was “only” used in order to create versions of the Facebook experience on smart phones, not to create any other app or experience. Moreover, Facebook suggests that there is a much higher degree of trust and credibility with billion-dollar hardware companies than with rogue third-party app developers.
But U.S. lawmakers are not as convinced. They see the latest scandal as just further proof that Facebook has always played fast and loose with user data, and has always cloaked its data sharing practices with an opaque veil. Facebook CEO Mark Zuckerberg, for example, recently testified in front of U.S. Congressional lawmakers, and not a word was mentioned about these Apple, Samsung or Huawei data-sharing deals.
There are legal and regulatory implications involved in this data sharing case. First and foremost, Facebook is still operating under a 2011 consent decree from the U.S. Federal Trade Commission, in which it has pledged to take data sharing more seriously or face potential penalties and fines. That’s what led to Facebook breaking off its data sharing deals with third-party app developers back in 2015. But the deals with companies like Apple and Samsung persisted. It is only after the June 4 story broke that Facebook has said that it is closing down its data sharing partnerships with the four Chinese companies.
Facebook has suggested over and over again that users have complete control over their Facebook experience. According to this view of reality, all users have to do is toggle a few boxes, and their data is safe from prying eyes. But, as we are seeing now, nothing could be further from the truth. It’s not just third-party app developers and companies like Cambridge Analytica that had access to their data – it’s also all of the world’s largest device makers.