Facebook insists device data door differs from dodgy dev data deal
Phone makers agreed to behave when we handed them your friend lists, social info dispensary sniffs
Facebook on Sunday said an arrangement that gave some 60 mobile device makers access to data about device users' Facebook friends is not at all like the deal it made with app developers that gave rise to the Cambridge Analytica scandal.
Developers who signed up for access to the Facebook Graph API used to be able to get data on the friends of people using apps that integrated the API, provided those users had authenticated themselves via login.
Facebook in 2014 announced plans to shut down the data spigot the following year. But by then, Cambridge University researcher Aleksandr Kogan had already created a quiz app that allowed him to download an estimated 87 million Facebook profiles and then share the data with political consulting firm Cambridge Analytica.
This "breach of trust," as CEO Mark Zuckerberg described the unrestrained data snarfing, has kept Facebook's public relations group busy for the better part of this year, culminating with government hearings in the US and the EU in April.
The regulatory scrutiny looks likely to continue.
Stop us if you've heard this before
On Sunday, the New York Times explored the existence of a similar arrangement with mobile device makers such as Apple, Amazon, BlackBerry, Microsoft and Samsung.
Facebook, the report says, gave phone vendors access to data about device users' friends without explicit permission, despite assurances by the social network that it would not longer do such things.
The extent to which these companies took advantage of this capability isn't clear.
Apple acknowledged having private access to Facebook data, but said that stopped last September. BlackBerry said it used such access only to give customers access to their Facebook info on its phones. Microsoft similarly said it kept such data on its phones and did not sync it to remote servers. Amazon and Samsung declined to respond.
Facebook insists that it has already discontinued 22 of the more than 60 data sharing partnerships. It announced its intention to wind down its device-connected API program last month.
Not mentioned but of particular concern is whether mobile device makers alleged to have ties with a foreign government, such as Huawei or ZTE in China, participated in this program and whether authorities obtained any data gathered via device-connected APIs.
And here come the sort-of apologies
In a post challenging the New York Times report, Facebook VP of product partnerships Ime Archibong said the company is not aware of any abuse, which isn't an assurance that no such abuse occurred.
Archibong insists that Facebook controlled its device-connected APIs tightly.
"These partners signed agreements that prevented people’s Facebook information from being used for any other purpose than to recreate Facebook-like experiences," he said.
"Partners could not integrate the user’s Facebook features with their devices without the user’s permission. And our partnership and engineering teams approved the Facebook experiences these companies built."
Archibong claims that, contrary to the New York Times report, friends' info, like photos, couldn't be accessed on other people's devices unless those friends chose to share their info.
But in a series of tweets on Monday, New York Times reporter Michael LaForgia disputed this. He said, "My friends could not have stopped the device from snagging their information even by going to their settings and disabling all sharing with third-parties, an option known as turning off the platform."
Using a five-year old BlackBerry device, he said he was able to turn his list of 550 friends into a global identifier list of connected friends numbering 295,000.
Pissed off politicos
US lawmakers appeared none too pleased with this latest turn of events.
US Senator Richard Blumenthal (D-CT) issued a series of tweets on the topic. "It feels a lot like we’ve been here before, @facebook," he wrote. "Would you like to revisit your previous statements to Congress about sharing users’ data with third-parties without their consent?"
David Cicilline, US Congressional Representative (D-RI), was even more blunt. "Sure looks like Zuckerberg lied to Congress about whether users have 'complete control' over who sees our data on Facebook," he said via Twitter. "This needs to be investigated and the people responsible need to be held accountable."
US Congressional Representative Frank Pallone, Jr. (D-NJ) meanwhile called for the Federal Trade Commission to review whether Facebook had violated its 2011 consent decree with the agency.
And EU lawmakers are said to be similarly piqued. ®
Sponsored: Becoming a Pragmatic Security Leader