On Monday, Facebook updated its platform policies to prohibit mass surveillance on its platform by explicitly blocking developers from using "data obtained from us to provide tools that are used for surveillance". The move came after sustained pressure from civil rights organisations to make it harder for police agencies to surveil Facebook and collect data on users without their knowledge.
But given Facebook's extensive use of data mining and prediction technologies, and the fact that it still gives user info to law enforcement about 80 per cent of the time, here's a more accurate way of putting it: Facebook, a mass surveillance tool that gives user data to police, is updating its policy so that developers can't build surveillance tools to give data to police. Feel safer yet?
Last November, the ACLU revealed that Facebook had been sharing user data with Geofeedia, a surveillance company that provided 500 law enforcement agencies with real-time information on Facebook users. Geofeedia sold itself to police departments as a tool for monitoring activists and protests. With it, cops could geo-locate Facebook users, track use of specific keywords and emoji, and even run their images through face recognition software.
Monday's change represents something of a reversal for Facebook. Initially, the company claimed that surveillance companies didn't violate Facebook's privacy policies because they only used data that users made public. Facebook and Instagram then booted Geofeedia from the service, updating its policies both then and now to block such uses.
In a blog post, Deputy Chief Privacy Officer Rob Sherman said the move was against developers who created and marketed tools meant for surveillance:
Today we are adding language to our Facebook and Instagram platform policies to more clearly explain that developers cannot "use data obtained from us to provide tools that are used for surveillance." Our goal is to make our policy explicit. Over the past several months we have taken enforcement action against developers who created and marketed tools meant for surveillance, in violation of our existing policies; we want to be sure everyone understands the underlying policy and how to comply.
Just to be abundantly clear, this doesn't mean cops can't get your Facebook data.
Facebook has not committed to fighting subpoenas from officers, who can ask for as much information as they'd like when gathering evidence. The company complies with almost all police requests for data. Second, officers are only required to subpoena private information. Any images, posts or statuses that are open to public are completely fair game and cops "patrol" suspects' social media as openly as they do the streets.
And while Facebook is ending one specific type of third-party mass surveillance, it still collects enormous amounts of information on users, then compiles and sells that data. For example, Facebook uses data to identify users' race and religion and would likely turn that info over if asked. What happens when they get it wrong? In November, a journalist with Business Insider was marked as linked to Hezbollah, which was designated a terrorist organisation by the US State Department. Imagine that showing up during an officer's online investigation. In many ways, Facebook has already built the Muslim database it vowed it wouldn't last year.
It's good that companies like Geofeedia aren't getting easy access to data, but your Facebook info is — and will always be — seen by more eyes than just your own.