Less than three months after the Cambridge Analytica data harvesting scandal, Facebook is confronted with fresh scrutiny over data-sharing deals it cut with smartphone manufacturers across the world, including brands like Apple, Samsung, Microsoft and BlackBerry, and major Chinese players Huawei, Lenovo, Oppo, and TCL.
An investigation published by The New York Times Sunday revealed Facebook gave smartphone makers “deep access” to data on users and friends, in some cases without their explicit consent. How big is this data partnership scandal, and should normal users of smartphones and Facebook be concerned?
What has Facebook been accused of?
According to The New York Times investigation, Facebook entered into “data sharing partnerships” with over 60 smartphone makers, deals that remained in place for over a decade until April, when the company finally started to wrap up some of them. The deals helped Facebook expand its reach, with features such as the ‘like’ and ‘share’ buttons being integrated into the operating systems of many devices. In 2012, Apple introduced a feature in iOS 6 that allowed the sharing of images, status updates, etc. directly to Facebook without opening the app separately. Apple removed this integration in 2017, with iOS 11.
The data deals, however, went further than just improving convenience, The New York Times said. Some device makers were allowed to pull information on users and their friends’ relationship statuses, political leanings, locations, etc. Data were shared, even if the user’s friends had not given their explicit consent. The report demonstrated how BlackBerry Hub, a feature introduced in 2013 with the BlackBerry 10 OS, was able to pull such data around a user’s friends from their Facebook accounts. BlackBerry no longer builds smartphones; other companies like TCL make its phones. BlackBerry phones are also on Android now, and no longer run the BB 10 OS.
Why are these partnerships a big deal?
They have given rise to concerns over how Facebook handles user data and privacy. There is fear that device makers got a free hand to collect user data. It has also been alleged that Facebook’s partnership deals with the device makers violated a consent decree that the social networking company signed with the US Federal Trade Commission (FTC) in November 2011, under which Facebook was required to obtain explicit consent from users before sharing their data with a third party, and before changing or overriding users’ privacy settings. If found in violation of this decree, Facebook can face legal action.
The FTC had in 2011 noted that third party developers had access to nearly all of a user’s data. It had pulled up Facebook over the so called “Verified Apps” programme, which did not verify the security of participating apps, and for handing over users’ personal information to advertisers.
What is Facebook’s defence?
Facebook has said that it “disagrees” with The New York Times, that all deals were tightly controlled, and that the partnerships were not the same as the ones it had with app developers. In a detailed blog post criticising the daily, Ime Archibong, Facebook’s vice-president for Product Partnerships, wrote, “All these partnerships were built on a common interest — the desire for people to be able to use Facebook whatever their device or operating system… Given that these APIs enabled other companies to recreate the Facebook experience, we controlled them tightly from the get-go. These partners signed agreements that prevented people’s Facebook information from being used for any other purpose than to recreate Facebook-like experiences.”
APIs are application programming interfaces — the ones from Facebook would have allowed device makers to create the FB experience on their operating systems. According to Facebook, this was done at a time when there were many operating systems and not all had proper app stores, and in order to expand the reach of the social network. Archibong also wrote that “contrary to claims by The New York Times, friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends”.
But did the smartphone makers store the Facebook data?
There is not a lot of clarity on what sort of deals were struck with different players. But the API would have given most manufacturers access to some data. The NYT report says some device partners could retrieve Facebook user data, but does not specifically mention which partners stored the data on their servers.
Facebook has also not confirmed whether the Chinese players stored user data on their servers, or whether it would ask them to delete this data. Facebook insists Huawei — the company long believed by American officials to be a national security risk — stored data on devices, not on the company’s servers. Facebook says most partnerships are either over or in the process of ending. Also, the BlackBerry Hub example cited by NYT would only work if the user signed into their Facebook account on the Hub.
It is unclear how many users’ data would have been accessed by such deals. The BlackBerry 10 OS, for example, did not exactly dominate the market, which Android and iOS ruled when it was launched in 2013. Even Microsoft’s Windows Mobile OS never really challenged Android or iOS for market share.
That said, the concerns over these deals cannot be brushed aside, given Facebook’s record with third party apps. Despite Facebook’s claims of tight control over the partnerships, the NYT investigation has showed a BlackBerry Hub could, in fact, pull friends’ data without permission.
What do the smartphone makers say?
Samsung has not commented on the partnership with Facebook. Apple has denied having received data from Facebook. NPR quoted Apple CEO Tim Cook as saying, “We were never in the data business,” and “The things mentioned in the (New York) Times article about relationship statuses and all these kinds of stuff, this is so foreign to us, and not data that we have ever received at all or requested — zero.”
And what’s next for Facebook?
The deals with the Chinese players will not escape the scrutiny of US intelligence agencies. Facebook co-founder and CEO Mark Zuckerberg had been called to testify before a joint session of the Senate Commerce and Judiciary Committees after the Cambridge Analytica scandal, and he will likely face more questions from Congress on these data sharing deals. Reuters has reported that the US FTC is investigating Facebook’s privacy practices. The company is also facing questions in the European Union over its handling of user data. It has already admitted that the data of 87 million users was compromised by the Cambridge Analytica breach.