A number of Facebook users discovered over the past few days that the social media company had collected a creepy level of information about their calls and texts. Many users claimed they never gave Facebook permission to gather this information. However, in response to the uproar, Facebook says the “feature” is opt-in only. Basically, the company’s saying it’s your own fault if you don’t like it.
Photo: AP
To understand what Facebook is defending requires a lot of explanation – and that’s the heart of the problem.
In the last week, Facebook has been under fire as the public discovered how reckless the company has been with their data. Watchdogs have sounded this alarm for years, but Facebook has always made a tweak here or there when it gets called out – as if its previous sins would be automatically absolved.
But as the company faces growing scrutiny over its data practices, a number of users began digging around in their archives. Spurred by a tweet from developer Dylan McKay, social media users complained this weekend that Facebook had records of their contacts, as well as call and text metadata. Facebook has let users export their data since 2010.
Downloaded my facebook data as a ZIP file
Somehow it has my entire call history with my partner’s mum pic.twitter.com/CIRUguf4vD
— Dylan McKay (@dylanmckaynz) March 21, 2018
Ars Technica spoke with numerous users who felt blindsided, and the publication’s staff did their own tests, finding SMS data and contacts data from an Android device they used in 2015 and 2016. From the report:
Facebook uses phone-contact data as part of its friend recommendation algorithm. And in recent versions of the Messenger application for Android and Facebook Lite devices, a more explicit request is made to users for access to call logs and SMS logs on Android and Facebook Lite devices. But even if users didn’t give that permission to Messenger, they may have given it inadvertently for years through Facebook’s mobile apps – because of the way Android has handled permissions for accessing call logs in the past.
If you granted permission to read contacts during Facebook’s installation on Android a few versions ago – specifically before Android 4.1 (Jelly Bean) – that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017 – the point at which the latest call metadata in Facebook users’ data was found. Apple iOS has never allowed silent access to call data.
To put all of that into plain English, Google’s Android OS has its own privacy issues, and coupled with Facebook’s apps, it could’ve made it possible for Facebook users to opt-into the company’s surveillance program without realising it.
Facebook responded on Sunday with a “Fact Check” blog post claiming that any assertion that “Facebook has been logging people’s call and SMS (text) history without their permission” is false. As the unsigned blog reads, in part:
Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. This helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook. People have to expressly agree to use this feature. If, at any time, they no longer wish to use this feature they can turn it off in settings, or here for Facebook Lite users, and all previously shared call and text history shared via that app is deleted. While we receive certain permissions from Android, uploading this information has always been opt-in only.
It’s true that Facebook, as far as we know, has always made SMS metadata collection an opt-in part of the setup process. But take a look at the difference between today’s opt-in screen and one users saw back in 2016.
Facebook Messenger permission screen from 2016 (Left), and new permission screen (Right)Screenshot: Facebook
Today, Messenger gives you the options to “turn on” metadata collection, opt-out or learn more. But before it faced criticism in 2016, the only options were “OK” or “settings”. So, it’s likely many people gave Facebook permission at one time without realising it.
This is an excellent illustration of the web that Facebook weaves. In the Cambridge Analytica scandal, Facebook allowed the personal data of 50 million users to get into the hands of a third-party app, in part because its policies gave up the data of users’ friends based on permission from a single user. When that third party transferred the information to a political data analysis firm, which was a violation of Facebook’s policies, Facebook did nothing when it found out in 2015 but issue a stern warning and make Cambridge Analytica sign a document promising that the data was deleted. Now, Facebook says that it no longer shotguns that data out to developers based on a single permission, so apparently everyone should feel OK going forward.
Explaining what’s going on shouldn’t be so difficult or time-consuming. Facebook claims this is all designed to make things more convenient for you. But it doesn’t have to constantly track your text messages and the duration of your calls just to capture your contacts list. That could be a one-time thing that you do when you set the service up, and Facebook could periodically ask if you want to do another import a month later.
However, Facebook has turned a convenience into an excuse for grabbing more information that it can combine with everything else to make a perfect psychological and social profile of you, the user. And it has demonstrated that it can’t be trusted to keep that data to itself.
Mark Zuckerburg told CNN last week that he was open to more regulations being applied to his platform. “You know, I think in general technology is an increasingly important trend in the world and I actually think the question is more what’s the right regulation rather than ‘yes’ or ‘no’ should it be regulated,” he said. This is foolish because government regulations will undoubtedly get screwed up and lead to unintended consequences.
But if Mark insists, the government could create strict terms of service requirements for what a company explains to a user before they sign up. Those regulations could require clear examples of how data might be used and even require users to complete a simple quiz to show they understand before finalising the app’s setup. Of course, that kind of burdensome activity wouldn’t be necessary if Facebook would just make everything clear on its own. Unfortunately, with congressional hearings scheduled, and government agency investigations underway, it may be too late.