By Zero Hedge
Facebook provided at least four Chinese electronics companies, including government-linked telecom giant Huawei, unrestricted access to user data, according to a person familiar with the matter but not authorized to speak on the record.
The relationships were part of a recently revealed data-sharing partnership program which included at least 60 major device manufacturers, including Apple, Amazon, Blackberry, Microsoft and Samsung – allowing the companies to integrate various Facebook features into their operating systems which gave them access to user data, and the data of users’ friends without consent.
Huawei in particular has stoked concerns over national security, as lawmakers in Congress and top intelligence officials have raised red flags over whether or not the Chinese government might be able to demand access to data stored on Huawei devices or servers. While Huawei has denied the claims, the Pentagon decided to ban the sales of Huawei smartphones on U.S. military bases.
Facebook data was only ever stored on Huawei servers, only directly on devices, according to the Washington Post.
A spokesman for Huawei did not immediately respond to a request for comment. Facebook late Tuesday confirmed that it had worked with Huawei, as well as three other Chinese firms, Lenovo, OPPO and TCL. Facebook said those arrangements were “controlled from the get go — and we approved the Facebook experiences these companies built.”
Facebook’s statement followed a day of silence about its relationships with Chinese firms, which drew a sharp rebuke from Sen. Mark R. Warner (D-Va). Warner said in a statement Tuesday that Facebook’s relationships with Huawei and TCL raise “legitimate concerns, and I look forward to learning more about how Facebook ensured that information about their users was not sent to Chinese servers.” –WaPo
Facebook says they will be winding down their relationship with Huawei by the end of the week.
The data-sharing agreement, reported Sunday evening by the New York Times, allowed manufacturers to access information on relationship status, calendar events, political affiliations and religion, among other things. An Apple spokesman, for example, said that the company relied on private access to Facebook data to allow users to post on the social network without opening the Facebook app, among other things.
What’s more, the manufacturers were able to access the data of users’ friends without their explicit consent, despite Facebook declaring they would not let outside companies access user data. The catch? The NYT explains.
Facebook’s view that the device makers are not outsiders lets the partners go even further, The Times found: They can obtain data about a user’s Facebook friends, even those who have denied Facebook permission to share information with any third parties.
In interviews, several former Facebook software engineers and security experts said they were surprised at the ability to override sharing restrictions. –NYT
Despite winding down the partnerships in April – including the posting capabilities used by Apple, Facebook has defended the data-sharing agreements, saying they comply with the company’s privacy policies and a 2011 consent decree issued by the FTC. Facebook officials say they don’t know of any cases where user information has been misused.
“These partnerships work very differently from the way in which app developers use our platform,” said Ime Archibong, a Facebook vice president. Unlike developers that provide games and services to Facebook users, the device partners can use Facebook data only to provide versions of “the Facebook experience,” the officials said.
“These contracts and partnerships are entirely consistent with Facebook’s F.T.C. consent decree,” said Archibong.
Former FTC official Jessica Rich, however, disagreed with that assessment.
“Under Facebook’s interpretation, the exception swallows the rule,” said Ms. Rich, now employed by the Consumers Union. “They could argue that any sharing of data with third parties is part of the Facebook experience. And this is not at all how the public interpreted their 2014 announcement that they would limit third-party app access to friend data.”
And because Facebook does not consider the device makers to be outsiders, the data sharing partnerships go even further, The Times discovered, which is what allows the companies to access user data of a Facebook user’s friends – even if they’ve denied Facebook permission to share information with third parties.
The discovery of the manufacturer data-sharing agreements comes on the heels of a massive data harvesting scandal in which the social media giant allowed third party apps to gather massive quantities of user information for various political and marketing purposes. In March, political consulting firm Cambridge Analytica was revealed to have misused the private information of tens of millions of Facebook users. The Cambridge Analytica ordeal shed light on the pervasive collection of data which has come under growing scrutiny since the scandal began in March.
Facebook’s partnerships with device manufacturers may prove to be a headache for the social media giant, as the Federal Trade Commission is already investigating the company for a string of privacy mishaps – which could at minimum result in siginiviant fines if the agency finds further violations of consumer privacy.