In a major Friday night data dump, Facebook handed Congress a ~750-page document with responses to the 2,000 or so questions it received from US lawmakers sitting on two committees in the Senate and House back in April.
The document (which condensed into a tellingly apt essence — “people data… Facebook information” — above, when we ran it through Word It Out‘s word cloud tool) would probably come in handy if you needed to put a small child to sleep, given Facebook repeats itself a distressing amount of times.
TextMechanic‘s tool spotted 3,434 lines of duplicate text in its answers — including Facebook’s current favorite line to throw at politicians, where it boldly states: “Facebook is generally not opposed to regulation but wants to ensure it is the right regulation”, followed by the company offering to work with regulators like Congress “to craft the right regulations”. Riiiiight.
While much of what Facebook’s policy staffers have inked here is an intentional nightcap made of misdirection and equivocation (with lashings of snoozy repetition), one nugget of new intel that jumps out is a long list of partners Facebook gave special data access to — via API agreements it calls “integration partnerships”.
Some names on the list have previously been reported by the New York Times. And as the newspaper pointed out last month, the problem for scandal-hit Facebook is these data-sharing arrangements appear to undermine some of its claims about how it respects privacy because users were not explicitly involved in consenting to the data sharing.
Below is the full list of 52 companies Facebook has now provided to US lawmakers — though it admits the list might not actually be comprehensive, writing: “It is possible we have not been able to identify some integrations, particularly those made during the early days of our company when our records were not centralized. It is also possible that early records may have been deleted from our system”.
The listed companies are also by no means just device makers — including also the likes of mobile carriers, software makers, security firms, even the chip designer Qualcomm. So it’s an illustrative glimpse of quite how much work Facebook did to embed into services across the mobile web — predicated upon being able to provide so many third party businesses with user data.
Company names below that are appended with * denote partnerships that Facebook says it is “still in the process of ending” (it notes three exceptions: Tobii, Apple and Amazon, which it says will continue beyond October 2018), while ** denotes data partnerships that will continue but without access to friends’ data.
21. MediaTek/ Mstar
23. Miyowa /Hape Esia
31. Opentech ENG
32. Opera Software**
47. Virgin Mobile
49. Warner Bros
50. Western Digital
52. Zing Mobile*
NB: Number 46 on the list — Verizon — is the parent company of TechCrunch’s parent, Oath.
The number and scope of the partnerships raised fresh privacy concerns about how Facebook (man)handles user data, casting doubt on its repeat claims to have “locked down the platform” in 2014/15, when it changed some of its APIs to prevent other developers doing a ‘Kogan‘ and sucking out masses of data via its Friends API.
After the Cambridge Analytica story (re)surfaced in March Facebook’s crisis PR response to the snowballing privacy scandal was to claim it had battened down access to user data back in 2015, when it shuttered the friends’ data API.
But the scope of its own data sharing arrangements with other companies show it was in fact continuing to quietly pass over people’s data (including friend data) to a large number of partners of its choosing — without obtaining users’ express consent.
This is especially pertinent because of a 2011 consent decree that Facebook signed with the Federal Trade Commission — agreeing it would avoid misrepresenting the privacy or security of user data — to settle charges that it had deceived its customers by “telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public”.
Yet, multiple years later, Facebook had inked data-sharing API integrations with ~50 companies that afforded ongoing access to Facebook users’ data — and apparently only started to wind down some of these partnerships this April, right after Cambridge Analytica blew up into a major global scandal.