There may not be any honor among thieves, but there is certainly a collegial quid pro quo among tech companies.
The NYTimes published a story yesterday that explained just why Facebook was so good at knowing what you bought on Amazon and how Amazon knew all your FB friends. It turns out that Facebook has been illegally sharing your data with a whole bunch of companies.
For years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules, according to internal records and interviews.
The special arrangements are detailed in hundreds of pages of Facebook documents obtained by The New York Times. The records, generated in 2017 by the company’s internal system for tracking partnerships, provide the most complete picture yet of the social network’s data-sharing practices. They also underscore how personal data has become the most prized commodity of the digital age, traded on a vast scale by some of the most powerful companies in Silicon Valley and beyond.
The social network allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.
The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
When countries do this, we call it spying, and there is at least some political oversight. But when tech companies do it, they try to keep it as secret as possible, claiming that it is completely legal and above board.
And yet for some reason they won’t tell users what is being shared, and it’s not even clear that regulators know exactly what data was passed or if Facebook’s conspirators (such as Hauwei, Yandex, and Amazon) used it legally.
Hell, there’s evidence that even Facebook doesn’t know how its partners used the data. Several say they were never audited by FB.
Furthermore, these partnerships were almost certainly illegal:
Data privacy experts disputed Facebook’s assertion that most partnerships were exempted from the regulatory requirements, expressing skepticism that businesses as varied as device makers, retailers and search companies would be viewed alike by the agency. “The only common theme is that they are partnerships that would benefit the company in terms of development or growth into an area that they otherwise could not get access to,” said Ashkan Soltani, former chief technologist at the F.T.C.
Mr. Soltani and three former employees of the F.T.C.’s consumer protection division, which brought the case that led to the consent decree, said in interviews that its data-sharing deals had probably violated the agreement.
“This is just giving third parties permission to harvest data without you being informed of it or giving consent to it,” said David Vladeck, who formerly ran the F.T.C.’s consumer protection bureau. “I don’t understand how this unconsented-to data harvesting can at all be justified under the consent decree.”
When I first read the headline I wondered what law Facebook had broken this time. By the time I got to the end of the piece I wondered if it might be easier to instead list the ones they hadn’t broken.
On the upside, this story did inspire me to invent a new party game. You play it by thinking up the worst possible thing for Facebook could have done and then try to guess how long we’ll have to wait before we find out that Facebook already did it last year.
My entry in this game is that some time in the next 6 months we’ll find out Facebook has a data-sharing agreement with the Saudi gov’t, and that the FB data was used to target Jamal Khashoggi for assassination.
I know I have a reputation for being inflammatory, but let’s not forget that data is Facebook’s stock in trade, and that FB has a record of sharing your data with just about everyone. Hell, Facebook even knew it was selling ads to the Russian government that influenced the 2016 election; what makes you think they didn’t pass data to the Saudis?