Facebook Inc. is under fire this week for yet another instance in which the personal data of users was shared outside of the social network in ways that most users were not aware. At issue are partnerships with more than 60 device-makers who had permission to make Facebook-branded apps. One of those phone-makers was Huawei Technologies Co., which the U.S. has warned could be a security risk, given its close ties to the Chinese government. Facebook says data never ended up on Huawei’s servers, and that it regularly checked to make sure. Huawei says the same. Still, Facebook has lost trust with lawmakers, who are calling for tighter scrutiny of the company’s data practices and may demand further testimony on the issue.
- What are these device partnerships?
Years ago, to get the Facebook experience onto phones, tablets and other devices that didn’t have app stores, the company let device-makers from Apple Inc. to Huawei build Facebook apps and tools on its behalf. That required special contracts so the hardware-makers could take control over the projects, which would later be approved by Facebook. Facebook says this was a common practice by tech companies at the time. The contracts persisted because a lot of these older devices are still in use around the world, though Facebook is working to end them.
- Why are these deals a privacy concern?
As people use the Facebook app, it processes a lot of very personal information — users’ friends, religious leanings, private messages and more. People gave Facebook permission to see that information. But they may not have realised the device-makers could have also had access. In some of the deals, Facebook did allow data to be stored on the other company’s servers. That may not have bothered the person who bought the device from the manufacturer. But once that person downloaded Facebook, he or she started to inadvertently share information on their Facebook friends, and their friends of friends, none of whom had any idea what was happening.
- Why do lawmakers care more about the Huawei deal?
The U.S. considers Huawei a security risk. Congress has barred the Pentagon from buying Huawei’s gear, along with ZTE Corp., citing the companies’ connections to the Chinese government and the potential for intellectual-property theft and spying. “The Facebook case came at a very sensitive time when China and the U.S. are in a looming trade war and Huawei and ZTE are challenged in the U.S. due to national security concerns,” said Jia Mo, an analyst with tech consultancy Canalys. “The question is if the user information was only in the hardware rather than been uploaded to servers. Huawei can’t easily explore the data if it’s only on the smartphones.”
4. So why would Facebook do such a deal?
Because if Facebook isn’t on Huawei phones, it’s not reaching the users of those phones. “Huawei is the third largest mobile manufacturer globally, and its devices are used by people all around the world, including in the United States,’ Facebook said in a statement this week. “Facebook, along with many other U.S. tech companies, have worked with them and other Chinese manufacturers to integrate their services onto these phones.”
5. Why didn’t we hear about all this until now?
Huawei announced its deal with Facebook in 2011. And Facebook touted Huawei as a partner in 2012. But data leakage is a much bigger concern now than back then. Lawmakers don’t trust Facebook — or any other big tech companies — on privacy. The U.S. is also wary of China. And Facebook is more powerful than ever, with more than 2 billion users around the world. Many people have only recently come to understand, to some extent, the vast amount of data the company collects on them and how that information is turned into profit.
- How are this like other Facebook scandals?
Earlier this year, we learned about a professor who made a personality quiz on Facebook. He was able to gather information on all of the people who took the quiz — and their unsuspecting friends. Once the data was stored on his server, he then passed it on to Cambridge Analytica, the political advertising consultancy that helped Donald Trump win the U.S. presidency. As many as 87 million people may have had their data exploited. In that case, it was easy to see the consequences of a third party having had access to Facebook’s user data. In the case of the device makers, it’s not so clear. Either way, users weren’t explicitly aware of these relationships.
- What is Facebook going to do about it?
After Cambridge Analytica, Facebook undertook a broad review of the potential holes in its policy for handling people’s private data. It flagged its partnerships as one of the potential problems and publicly disclosed in April that it was winding down the relationships with device makers. But the disclosure was vague, laced with jargon and buried in a blog post, so nobody noticed. This week, Facebook said the Huawei data relationship would end in a couple of days.
- What about the scrutiny from lawmakers?
The leaders of the House and Senate commerce panels on Wednesday chastised Chief Executive Officer Mark Zuckerberg for keeping silent about the partnerships when asked at hearings in April about third parties that might be receiving users’ data from the company. Facebook also has missed a deadline to respond to follow-up questions from the Senate Commerce, Science and Transportation Committee, even after receiving an extension, Chairman John Thune said. Facebook said it plans to respond to questions from the Senate by the end of the week. “We are working right now to provide substantive answers to the over 2,000 questions we received coming out of the April hearings,” according to the statement.
Credit: Sarah Frier for Bloomberg, 7 June 2018.