In recent months, questions about Facebook and its data sharing practices have become common. With the revelation that they basically handed out information to groups working for presidential campaigns, people are more concerned than ever that their personal data might be at risk.
According to recent news, it seems that there may be a good reason for that. Multiple sources state that Facebook gave device makers access to a lot of information on people using their products, and even information on their friends, and documents from the company corroborate that claim. Given their response thus far to the information being outed, it seems that the social media organization likely knew that they were acting improperly, but continued anyway.
Facebook, one of the most popular social media sites currently in use, which boasts almost 2 billion users, has apparently reached agreements with more than 60 companies that produce devices, promising to share ‘data’ with them.
The scope of these partnerships was not previously known, and now it raises concerns about the business and its compliance with a 2011 consent decree that they made with the Federal Trade Commission.
The list includes many of the largest companies currently or formerly offering handheld devices for the mobile phone market.
This practice is not something new, however. Allegedly, this ‘data sharing’ practice goes back at least a decade, to when Facebook became a common mobile application for tablets and mobile phones.
These deals allowed Facebook to reach more devices, and to offer ever-expanding services, like the addition of the ‘Like’ button. Yes, it’s true; the most popular social media site on earth originally didn’t have the ‘Like’ button. These deals also allowed the company to offer things like its successful messaging application, and even to interact better with ‘address book’ functionality on many phones.
Allegedly, Facebook allowed these device makers to access the data of individuals using the phones they produced with their application installed (which, for quite some time, came pre-installed on many cell phones).
Worse still, they allowed the companies that manufactured those devices to access personal information from their friends.
The problem there is that the 2011 consent decree required that people must agree for their information to be accessed and shared by Facebook and other applications on mobile phones.
Since mobile phone makers were able to access not only the information of people who agreed to share their information, but also the personal information of their friends, even friends who believed that they were safe and never agreed to such an intrusion, they may have broken that decree.
According to the New York Times, Facebook began to wind down some of those programs when the government began threatening to call Mark Zuckerberg in to testify in front of the legislature. However, they say that most of the data-sharing programs remain in place.
Facebook has been in the news fairly often since March, when it was revealed that they handed over information to a group called Cambridge Analytica, which used it for political purposes.
Facebook openly touted the steps it took to protect the privacy of its users, but it failed to mention that those policies only applied to outside organizations like the political campaign consultants, not to the device makers, who the company exempted from the regulations.
According to Serge Egelman, a privacy researcher at Berkeley, the problem isn’t so much the dishonesty of Facebook, as it is the ever-expanding amount of information that users willingly put on their mobile devices.
He said that the more information placed on the devices, and the more applications that have the ability to utilize this information, the great the risk becomes that something will go wrong, whether by accident or design.
Ime Archibong, a Facebook Vice President, offered a different outlook. According to Archibong, “these partnerships work very differently” from the way in which their relationships with third-party app developers, such as those who create games and other software that utilizes the social media platform to some extent, work.
Tests carried out by the New York Times, however, suggest that this just isn’t true and that these ‘hardware partners’ requested and received data just like other third-party application developers.
However, because Facebook doesn’t view their device partners as ‘outsiders,’ like they generally do the third-party app developers, these organizations are allowed even greater access to data, extending to information from friends of any Facebook user.
Ashkan Soltani, who was the chief technologist for the FTC, said that “It’s like having door locks installed, only to find out that the locksmith also gave keys to all of his friends so they can come in and rifle through your stuff without having to ask you for permission!”
According to former Facebook software engineers and security experts interviewed by the Times, they were surprised at the ability for ‘partners’ to override sharing restrictions.
Still, Archibong claimed that these partnerships were “entirely consistent with Facebook’s FTC consent decree.” Jessica Rich, a former FTC official who lead the investigation into Facebook years ago, disagreed with that assessment.
According to Rich, who now works with the Consumers Union, their insistence that the exception is legitimate undermines the rule entirely.
The Times ran a test, using a product created by the only ‘device partner’ officially acknowledged, Blackberry.
According to their findings, not only was Blackberry able to access personally identifying information about the user, it also retrieved all of the user’s messages, as well as the responses.
It also returned information from the Facebook user’s friends, and even retrieved identifying information for just under 300,000 other users who were either friends of the user, or friends of a friend.
It’s truly terrifying to see how far the social media company has come toward allowing their ‘preferred’ partners to access personal information, even for people who thought they ‘opted out’ of such information sharing.