Last week during an interview, Facebook’s VP of marketing solutions, Carolyn Everson, explained to a reporter, “We care deeply, as deep as a company can care about privacy. It’s the foundation of our company, and we want people to know that we care.” A few days later the company copped to a bug that gave app developers access to private user photos, which raised quite a few eyebrows. Late last night, the New York Times dropped a bombshell of a story describing just how false Everson’s statement is.
This article details the partnerships Facebook has had with some of the largest tech companies in the world, and the reams of user data it provided to them. Here’s a taste of what Facebook gave up to these other businesses:
Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.
Those are just a few examples; the Times says more than 150 companies had similar partnerships with Facebook, including Huawei and the Royal Bank of Canada.
There are many threads to this story that need to be teased out. For one, these deals certainly sound like they should be illegal, given Facebook never asked for specific user consent to send over their personal data to these other companies. Facebook, however, claims that it didn’t need to since it considered these companies “service providers,” which were acting in the interests of the social network. This seems like an exceptionally broad rationale, given the companies Facebook worked with spanned industries and expertise. BlackBerry, Yahoo, and Russian internet company Yandex all were reportedly given some access as part of these partnerships; they certainly would not all be acting in the same interests as Facebook when given user data.
Another lingering question is how Facebook was able to keep tabs on these partnerships and what they did with the data. Facebook told the Times that it found “no evidence of abuse by its partners,” but it’s unclear how the company would even know. It seems it rarely audited these other companies. (One interesting side note is that Facebook has performed one past audit of a company that used its data: the Boston-based analytics firm Crimson Hexagon. And after a review Facebook reinstated the company’s access.)
This latest revelation, along with all the details we’ve learned since the Cambridge Analytica debacle, illustrate the only three things Facebook really cares about: user data, growth, and how the two together further the company’s ambitions. These partnerships were ways that Facebook stayed relevant, by interlacing its services within other businesses. The price, of course, was user data. Writes the Times:
Facebook began forming data partnerships when it was still a relatively young company. Mr. Zuckerberg was determined to weave Facebook’s services into other sites and platforms, believing it would stave off obsolescence and insulate Facebook from competition. Every corporate partner that integrated Facebook data into its online products helped drive the platform’s expansion, bringing in new users, spurring them to spend more time on Facebook and driving up advertising revenue. At the same time, Facebook got critical data back from its partners.
This is the heart of Facebook’s sleight of hand. For years, it has firmly stated that it never sold user data. The company frequently and forcefully gave statements like Everson’s, insisting that Facebook treats its user privacy with the utmost care. But the truth is that though it didn’t sell the terabytes of information, it still used it as a bargaining chip for its domination. Facebook’s strategy was to work with other organizations as a way to increase its dominance, and its currency was access to our data without so much as telling us.
In the coming days and weeks we’ll be sure to hear both apologies and hedges from officials inside the company. Already the company has published a blog post trying to explain how the partnerships program worked. In it, Konstantinos Papamiltiadis, the company’s director of developer platforms and programs, writes that users had to sign in with Facebook in order for the other companies to be granted the access. This glides over the fact that a sign-in is not a disclosure, and that for many of these services it seemed like a Facebook login was the most frictionless choice.
We’ll likely hear more statements like this from top brass, insisting that, yes, they can do better, but that the partnerships they forged were nonetheless kosher. They’ll ask for forgiveness and explain that user trust and privacy is the very foundation of the company.
The truth is that what’s engrained at Facebook is the idea that growth must be attained at any cost, and these partners are the customer and its users are products. Which is to say that for years Facebook hasn’t cared about its users, so why are we to believe that it’s going to start doing so now?
Update: Netflix has provided me with this statement:
Over the years we have tried various ways to make Netflix more social. One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook, or ask for the ability to do so.