Tencent Technology News, according to foreign media reports, internal records and interviews show that over the years, Facebook has provided some of the world's largest technology companies with more personal privacy data than it disclosed, in fact, let these business partners bypass the usual Privacy rules.
The hundreds of pages of Facebook documents obtained by foreign media detail these special arrangements. These records were generated by the company's internal system of tracking partnerships in 2017, providing the most complete picture of the social network data sharing practices to date. They also highlight the fact that personal data has become the most valuable commodity in the digital age, with large-scale private data transactions between large companies inside and outside Silicon Valley.
The purpose of the exchange is to benefit everyone. While driving explosive growth, Facebook has gained more users and increased its advertising revenue. Partner companies have acquired features that make their products more attractive. Facebook users connect with friends through different devices and websites. But Facebook also has extraordinary power over its personal information for 2.2 billion users —— this is the control it has in the absence of transparency or external oversight.
The record shows that Facebook allows Microsoft's Bing search engine to view the names of almost all Facebook user friends without consent, and to allow video site Netflix and online music service provider Spotify to read Facebook users' private messages.
This social network allows Amazon to get the user's name and contact information through their friends, and just this summer, it also allows Yahoo to view friends' posts, even though it has publicly stated that it has stopped this type of sharing a few years ago. .
Facebook has been plagued by a series of privacy scandals. In March of this year, it was reported that Cambridge Analytica, a political consultancy, improperly used the Facebook data building tool to help President Trump's 2016 campaign, which triggered a series of privacy scandals.
Facebook admits that it violates the trust of users and insists that stricter privacy protections have been in place long ago. CEO Mark · Mark Zuckerberg assured legislators in April that people “completely control” everything they share on Facebook.
But these documents, as well as interviews with about 50 former Facebook employees and their corporate partners, show that despite these safeguards, Facebook still allows certain companies to access data. They also questioned Facebook's violation of a consent agreement reached in 2011 with the Federal Trade Commission (FTC), which prohibits Facebook from sharing user data without explicit permission.
In summary, the transactions described in the document benefit more than 150 companies, most of which are technology companies, including online retailers and entertainment sites, but also include car manufacturers and media organizations. Records show that their application requires hundreds of millions of people per month. These transactions lasted until 2010 and were active in 2017. Some of them are still valid this year.
Steve Satterfield, head of Facebook privacy and public policy, said in an interview that none of these partners violated user privacy or the FTC agreement. He added that the contract requires these companies to comply with Facebook's policies.
Despite this, Facebook executives have acknowledged the past year's missteps. “We know that to regain the trust of people, we still have a lot of work to do,” said Sutterfield. “Protecting people's information requires a stronger team, better technology and clearer policies, which is the focus of our work for most of 2018. & rdquo; He said that the partnership is "a key area", Facebook is gradually closing many of these partnerships.
A Facebook spokeswoman said Facebook did not find evidence that its partners abused private data. Some of the biggest partners, including Amazon, Microsoft, and Yahoo, say they use the data in an appropriate way, but declined to discuss the sharing agreement in detail. Facebook also said that it is poorly managed by some partners, allowing some companies to continue accessing after they have turned off the need for this data for a long time.
Sutterfield said that for most partners, the Federal Trade Commission agreement does not require Facebook to obtain user consent before sharing data, because Facebook considers itself to be an extension of the partner —— the service provider allows users to Facebook friends interact. He said that partners are prohibited from using this personal information for other purposes. “ Facebook partners can't ignore people's privacy settings. ”
Data privacy experts refute Facebook's claim that most partners are not subject to regulatory requirements and they doubt whether the trade committee will treat different businesses such as equipment manufacturers, retailers and search companies equally.
Former FTC chief technologist Ashkan & middot; Ashkan Soltani said, “The only common theme is that they are partnerships that benefit the company in terms of development or growth, into a country they could not enter. field. ”
Two former employees of Soltani and FTC Consumer Protection said in an interview that the company's data-sharing transaction may violate the agreement. The FTC's Consumer Protection Department filed a case that led to the “consent order”.
“This is only allowing third parties to obtain data without being informed or consented,” said David Vladeck, who was the head of the FTC Consumer Protection Agency. “I don’t understand how this unacceptable data collection might be justified, according to FTC approved policies. ”
For the world's largest social network, the details of these agreements surfaced at a critical moment. Legislators and regulators in the US and Europe have questioned Facebook's data sharing, which has been plaguing Facebook. This spring, the FTC launched a new investigation into Facebook's compliance with the consent order, and the Justice Department and the Securities and Exchange Commission are also investigating the company.
Facebook's share price has fallen, and a group of shareholders have asked Zuckerberg to resign as chairman. Shareholders also filed lawsuits alleging that executives failed to implement effective privacy protection measures. Angry users launched a campaign to remove Facebook software.
This month, a British parliamentary committee investigating false information on the Internet posted Facebook's internal e-mail, which was seized from the plaintiff in another lawsuit against Facebook. This information reveals some partnerships and describes a company focused on growth, whose leaders try to weaken competitors and consider selling access to user data.
As Facebook struggled with the crisis again and again, company critics, including some former consultants and employees, specifically pointed out that data sharing is a cause for concern.
Facebook early investor Roger · Roger McNamee said: “I don’t think it’s legal to establish a data-sharing partnership without the user’s prior informed consent. Before Facebook changes its business model, anyone You should not trust Facebook. ”
Personal data is 21st century oil, a multi-billion dollar resource for those who can extract and refine personal data most effectively. According to the industry's Interactive Advertising Bureau, by the end of 2018, US companies alone are expected to spend nearly $20 billion to acquire and process consumer data.
No company has better data than Facebook and its rival Google. Google's popular product information gives them a deeper understanding of the daily lives of billions of people and enables them to dominate the online advertising market.
Facebook has never sold its own user data, worried about the user's rebound, and worried about giving potential competitors a way to replicate their most valuable assets. Instead, internal documents show that it does the second best thing: allowing other companies to access parts of the social network in ways that enhance their own interests.
Facebook started building data partnerships when it was a relatively young company. Zuckerberg is determined to integrate Facebook's services into other websites and platforms, and he believes this will prevent Facebook from becoming obsolete and will isolate Facebook from its competitors. Integrating Facebook data into every business partner in its online products helps drive the expansion of the platform, attract new users, drive them to spend more time on Facebook, and increase advertising revenue. At the same time, Facebook has access to key data from its partners.
Facebook executives say the partnerships are so important that the decisions to form them are reviewed by senior executives, sometimes by Zuckerberg and chief operating officer Cheryl · Sheryl Sandberg Reviewed. Although many partnerships are publicly announced, the details of the sharing arrangements are usually confidential.
According to interviews with two former employees, by 2013, Facebook has established more such partnerships, and the number has exceeded what the middle-level employees can understand. (Like the other 30 former employees interviewed in this article, they asked for anonymity because they signed a non-disclosure agreement or remained in a relationship with Facebook executives.)
It is reported that Facebook has developed a tool to complete the technical work of opening and closing special access, and also recorded the internal so-called "functions" & mdash; & mdash; enabling companies to obtain data privileges, in some cases, without Obtain user license.
Foreign media reviewed more than 270 pages of reports generated by the system —— these records only reflect part of Facebook's extensive transactions. One of the surprises was that Facebook received a controversial friend recommendation tool from multiple partners called “People You Knowledge”.
This feature was launched in 2008, and although some users of Facebook objected, the feature continues, and these users are uncomfortable with Facebook's understanding of their relationship in the real world. Gizmodo and other news outlets reported cases where the tool recommended the same psychiatrist's patient, alienated family members, and a friend relationship between the harasser and his victim.
The record shows that Facebook has turned to partner partners' lists, including Amazon, Yahoo and other companies, to gain a deeper understanding of people's relationships and to suggest more connections.
Some of the access protocols described in the document are limited to sharing non-identity information with market research companies or enabling game makers to acquire a large number of players. None of these will cause privacy issues. But the agreement with more than a dozen companies did. Some partners can view their contact information through their friends - even after Facebook announced in 2014 that it is depriving all applications of these features.
Starting in 2017, Sony, Microsoft, Amazon, and other companies can get users' email addresses from friends.
Records show that Facebook also allows Spotify, Netflix, and Royal Bank Of Canada to read, write, and delete private messages from users and view all participants on a topic. These permissions seem to go beyond the permissions these companies need to integrate Facebook into their systems. Facebook acknowledges that it does not consider any of the three companies to be service providers. A spokesperson for Spotify and Netflix said the two companies didn't know the broad power that Facebook gave them. A spokesman for Royal Bank of Canada denied that the bank had such authority.
Spotify can view messages for more than 70 million users per month, and it still offers the option to share music via Facebook Messenger. But Netflix and the Canadian bank no longer need access to the news because they have disabled the ability to consolidate information.
These companies are not the only companies that have special access rights that exceed the time required. Yahoo, The Times and other companies may still get personal information from Facebook users in 2017.
Yahoo can view a live summary of a friend's post to get a feature that the company ended in 2011. A Yahoo spokesperson declined to discuss the partnership in detail, but said the company did not use the information for advertising. “The Times” is one of the nine media companies mentioned in these documents, which can access a user's buddy list to get an article sharing application that the company stopped using in 2011. A spokeswoman for the news agency said they did not receive any data.
Facebook's internal records also revealed more about sharing agreements with more than 60 smartphone, tablet and other device manufacturers, and the New York Times reported this agreement for the first time in June this year.
Facebook authorizes Apple to hide all signs of its device requirements data from Facebook users. The record shows that Apple devices can also access contact numbers and calendar entries for users who change their account settings to block sharing.
Apple officials said they didn't know that Facebook gave any special access to its devices. They added that any shared data is kept on the device and no one can use it except for the user.
However, Facebook's record in regulating how external companies handle user data is not perfect. In the case of Cambridge Analytical, a Cambridge University psychology professor developed an application in 2014 to collect personal data for tens of millions of Facebook users for the consulting firm.
Pam Dixon, executive director of the non-profit privacy research organization, World Privacy Forum, said that Facebook has little power to process user information after widely sharing user information. “It will travel,” Dixon said. & ldquo; It can be customized. It can be entered into an algorithm that makes decisions about your data based on this data. ”
400 million users leaked
In Europe, social media companies must adapt to stricter regulation, and the United States does not have a general consumer privacy law. As long as technology companies do not mislead users, they are free to monetize most of their personal information. The Federal Trade Commission, which oversees trade, can take enforcement action against companies that deceive customers.
In addition to Facebook, FTC has also reached data acquisition agreements with Google and Twitter.
The agreement between Facebook and regulators was the result of the company's early data sharing trials. At the end of 2009, it changed the privacy settings of 400 million users so that some of their information could be accessed by all the Internet. It then shares this information with Microsoft and other partners, including the user's location, religion, and political orientation.
Facebook calls this “alternative personalization” as a step toward a better Internet that other companies will use to customize what people see on sites such as Bing. But this feature has caused complaints from privacy advocates and many Facebook users that the social network shared the information without permission.
The FTC investigated this and listed privacy changes as a deceptive practice in 2011. Unexpectedly, Facebook officials stopped mentioning instant personalization in public and signed a consent agreement.
Under the law, the social network launched a “Comprehensive Privacy Program” to review new products and features. It was initially supervised by two chief privacy officers, and their high-level titles clearly demonstrate Facebook's commitment. The company also hired Pricewaterhouse Coopers to evaluate its privacy practices every two years.
But according to four former Facebook employees who directly learned about the Facebook program, privacy projects faced some internal resistance from the start. They say that some engineers and executives believe that privacy reviews are hindering rapid innovation and growth. The former employee said that the core team responsible for coordinating the review – about 12 in 2016 – moved around the huge Facebook organization and sent a complex signal about how the company took it seriously.
The two former employees said that it is vital that many of Facebook's special sharing partners are not subject to extensive privacy project review. Executives believe that because partner companies are bound by commercial contracts and require Facebook to follow Facebook's data policies, they do not require the same level of review. The privacy team's ability to review or recommend modifications to some of these data sharing agreements is limited because these agreements are negotiated by higher-level officials at the company.
Facebook officials said that the privacy team members have been consulted on the sharing agreement, but the degree of review “depends on the specific partnership and time of establishment”.
In 2014, Facebook stopped the instant personalized service and blocked access to friends' information. But in a previously unreported agreement, the social network engineer continued to allow Bing search, music streaming service Pandora and film and television review site Rotten Tomatoes to access most of the data they got from the discontinued features. It is reported that Bing did not receive this information until last year, and the other two companies also obtained this information as of late summer.
Facebook officials said that data sharing did not infringe on users' privacy because it only allowed access to public data —— including data that the social network was released in 2009. They added that the social network made a mistake in allowing the three companies to continue to visit, but declined to elaborate. A spokeswoman for Pandora and Rotten Tomatoes said the two companies didn't know of any special access.
Facebook also declined to discuss other Bing features, including viewing a list of friends for all users.
Microsoft officials said Bing used the data to create Facebook user profiles on Microsoft servers. They refused to provide details, just saying that the information was used for "function development", rather than for advertising. The officials said that since then, Microsoft has deleted the data.
For some people, the large amount of user data flowing out of Facebook not only raises questions about whether Facebook has complied with the FTC agreement, but also questioned the agency's approach to privacy regulation.
“Facebook's way of ignoring user privacy settings is endless. We really think we have solved this problem in 2011,” said Mark ·, head of the online privacy organization Electronic Prive Information Center; Rothenberg (Marc Rotenberg) said. The center is one of the first complaints from Facebook to federal regulators. “After a lot of work, we put Facebook under the supervision of FTC. The Federal Trade Commission did not take action. ”
According to Facebook, most of its data partnerships are exempt from the FTC agreement. The company argues that partner companies are service providers - these companies use this data only for Facebook and under their direction, and as an extension of social networks.
But Fradick and other former FTC officials said Facebook's explanation for this exemption was too broad. They said the clause is designed to allow Facebook to perform the same day-to-day functions as other companies, such as sending and receiving information over the Internet, or handling credit card transactions without violating the consent order.
When “New York Times” reported a partnership with device manufacturers last summer, Facebook used the term “integration partner” to describe other manufacturers, such as BlackBerry, who use Facebook data to provide on smartphones. Social media style features. Facebook claims that all such integration partners are part of the service provider exemption.
Since then, Facebook has also listed them as integration partners as the social network disclosed its data sharing agreements with other types of businesses, including Internet companies such as Yahoo.
Facebook even reclassified the Russian search giant Yandex as an integration partner.
Facebook's records show that although the social network stopped sharing with other apps for privacy reasons, Yandex still got Facebook's user ID in 2017. A spokeswoman for Yandex said the company didn't know and didn't know why Facebook allowed this to continue. Last year, Ukrainian security authorities accused Yandex of leaking user data to the Kremlin. She added that the Ukrainian allegations "no basis".
Last October, Facebook stated that Yandex is not an integration partner. But in early December, when the New York Times was preparing to publish this article, Facebook told lawmakers that this is true.
A spokeswoman for the FTC declined to comment on whether the committee agreed with Facebook's explanation of the exemption provided by the service provider. The FTC's ongoing survey of Facebook may involve this. She also declined to say whether the committee had received a complete list of partners that Facebook considers to be service providers.
But federal regulators have reason to know the relationship between the two parties and question whether Facebook fully protects the privacy of users. According to a letter from Facebook to Oregon Democratic Senator Ron & Middot; Ron Wyden this fall, Pricewaterhouse Coopers reviewed at least some of Facebook's data partnerships.
The first assessment report sent to FTC in 2013 only found “limited” evidence that Facebook monitored the use of data by these partners. The findings were extracted from a public assessment report that scored a passing score on Facebook's privacy program.
Huaiden and other critics question whether these assessments are effective. In these assessments, the FTC essentially outsourced most of its day-to-day supervision to companies such as Pricewaterhouse Coopers. Like other companies that have signed an agreement with the FTC, Facebook pays for the evaluation and largely determines the scope of the assessment. These assessments are primarily limited to recording the internal privacy review conducted by Facebook, which the company claims has conducted such a review. .
Facebook's close monitoring of its data partners is uncertain. Most of Facebook's partners refuse to discuss what comments or audits Facebook has made to them. Two former Facebook partners said they could not find any evidence that Facebook had audited them. Their deal with Facebook began in 2010. One of the two partners is the BlackBerry. The other is Yandex.
Facebook officials said that although Facebook rarely audits partners, it manages its partners closely.
“These are all about maintaining high frequency contact,” said Sutterfield.