U.S. Senate Minority Leader Chuck Schumer has officially joined the chorus of people concerned about what FaceApp is really up to.
The app has been offering creepy selfie-altering filters for two and a half years. It’s gone viral before, mostly when the public catches light of its offensive features — like the “ethnicity change” filter and a skin-lightening “hotness” filter. But the app gained a lot of attention and downloads in recent days because of the popularity of its “ageing” filter.
Soon after people started sharing their graying, wrinkled faces on social media in droves, the warning posts began, highlighting that the company is based in Russia and has a concerning privacy policy that gives the company licence to use customers’ name, photos and likeness.
That Faceapp face-aging thing?
-Requires your Facebook login
-receives your name, profile picture, photos and email address via FB
-The company’s privacy policy ambiguously states how it can share data with its “Affiliates”
-The company is based in St. Petersburg, Russia 1/3— Bob Cesca (@bobcesca_go) July 17, 2019
Btw you all know FaceApp is a Russian company, right?
Just making sure.
— Yashar Ali ???? (@yashar) July 17, 2019
As Motherboard pointed out, the privacy policy is no worse than many other popular apps that use image data. But the real concern seems to be coming from the Russia ties, stemming from a growing awareness of the ways that Russia interferes with the fabric of our democracy and society through cyberattacks and misinformation. But it also reveals some xenophobia since apps from American companies with dubious moral standings and invasive policies don’t seem to stir such a public pearl-clutching.
But it was just the kind of outcry that tends to stir lawmakers to action.
BIG: Share if you used #FaceApp:
The @FBI & @FTC must look into the national security & privacy risks now
Because millions of Americans have used it
It’s owned by a Russia-based company
And users are required to provide full, irrevocable access to their personal photos & data pic.twitter.com/cejLLwBQcr
— Chuck Schumer (@SenSchumer) July 18, 2019
On Thursday, Schumer called upon the Federal Trade Commission and the Federal Bureau of Investigation to “look into” FaceApp’s data-gathering practices. In a letter to sent to FTC Chairman Joseph Simons and FBI Director Christopher Wray, Schumer explained that by using the app, users give the company “full and irrevocable access to their personal photos and data” and give the company licence to use their content, then lays out his concerns:
Furthermore, it is unclear how long FaceApp retains a user’s data or how a user may ensure their data is deleted after usage. These forms of “dark patterns,” which manifest in opaque disclosures and broader user authorizations, can be misleading to consumers and may even constitute a deceptive trade practices. Thus, I have serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it.
In particular, FaceApp’s location in Russia raises questions regarding how and when the company provides access to the data of U.S. citizens to third parties, including potentially foreign governments.
Schumer asked the FBI to assess privacy and national security concerns of the app and asked the FTC to check what safeguards are in place to protect Americans’ privacy.
The senator is not the only person worried that the app could be a national security threat. CNN reported on Wednesday night the Democratic National Committee sent a warning to Democratic presidential campaigns not to use the app. The notice, written by the DNC’s chief security officer, Bob Lord, offers a brief description of the app, before warning dramatically: “Unfortunately, this novelty is not without risk: FaceApp was developed by Russians.”
There is also fear of the app in the United Kingdom, where the nation’s data watchdog, the Information Commissioner’s Office, is reportedly considering looking into FaceApp.
FaceApp did not immediately respond to a Gizmodo request for comment on the letter and for information on what it does with user data — but the company told TechCrunch in a statement that it does not give user data to third parties.
Schumer’s call to the FBI might be misguided. Many apps give user information to third-parties in invasive ways and FaceApp probably isn’t the most nefarious company involved in that kind of activity. But he does have a point with the FTC request. The agency should start looking into expansive and shady terms of service agreements to see what kind of deceptive trade practices are those policies are enabling.
They could start with Silicon Valley.