A series of reports this week revealed that, for the past 10 years, Facebook’s broad sharing of data extended not only to app developers but to phone companies as well. That included an agreement with Huawei, which has already been under intense government scrutiny for potential cybersecurity risks due to its alleged ties to Beijing.
On Sunday, following a New York Times report, Facebook admitted that it had data-sharing partnerships with at least 60 device makers, including Apple, Samsung, and Amazon. These companies received access to user data, including information on a user’s friends without their consent. In some instances, they could even access the information of friends of friends, as one Times reporter with a 2013 BlackBerry found. The admission reveals that the massive Cambridge Analytica data scandal, in which the data of over 87 million Facebook users was mined through a third-party social media app, was not an outlier.
More concerning, on Tuesday, Facebook revealed to The New York Times and The Washington Post that it had data-sharing agreements in place with several Chinese tech companies, including Oppo, Lenovo, TCL, and Huawei. These deals appear to be similar to the ones with Apple, Samsung, and Amazon. But Huawei, in particular, drew attention as the US government has claimed that its devices could be used for spying on American citizens. Facebook did not respond to a request for comment by press time. It told the Times that the Huawei deal would wind down by the end of this week.
Huawei used its access to Facebook data to populate an app on its devices that gave users a place to see all their messages and social media accounts together, Facebook officials told The New York Times. Spokespeople for Facebook said that the data didn’t reach Huawei servers and stayed on its phones. A Huawei spokesperson told The Verge, “Like all leading smartphone providers, Huawei worked with Facebook to make Facebook’s services more convenient for users. Huawei has never collected or stored any Facebook user data.”
Huawei’s actions appear to be the same as other major tech companies. BlackBerry and Samsung were able to integrate popular features from Facebook, such as Like buttons and address books, using the access. The BlackBerry Hub app, which sounds similar to the unnamed Huawei app, could retrieve data on a reporter’s friends, including their religious and political views, events they were attending, and relationship statuses.
So why is Huawei treated as more of a concern than the other tech companies that Facebook has shared data with? The US government has alleged for years that Huawei has ties to the Chinese government. In 2012, the US House Intelligence Committee named Huawei and fellow Chinese tech company ZTE as serious risks to national security, claiming that their devices could spy on US citizens and send information back to Beijing. Currently, Huawei is under investigation from the Justice Department for potentially violating US sanctions related to Iran.
Part of these concerns also stems from Huawei founder Ren Zhengfei’s political background. Ren is a former engineer in the People’s Liberation Army, who joined the Communist Party in 1978 and started Huawei 10 years after. Although Ren spoke up in 2013 to deny the allegations, US intelligence agencies remain extremely wary of Huawei. In testimony from last February, the heads of the FBI, CIA, and NSA all recommended that US citizens not use Huawei phones. FBI director Chris Wray cited Huawei’s “capacity to conduct undetected espionage.”
The revelation from Facebook that Huawei had access to user data has caused several senators to express concern. “Concerns about Huawei aren’t new,” said Sen. Mark Warner (D-VA) in a statement, “The news that Facebook provided privileged access to Facebook’s API to Chinese device makers like Huawei and TCL raises legitimate concerns.” Sen. Marco Rubio (R-FL) said on Twitter. “This could be a very big problem. If Facebook granted Huawei special access to social data of Americans, this might as well have given it directly to the government of China.” Google has also come under fire from lawmakers about its partnerships with Huawei and Xiaomi. Warner wrote a letter today to Alphabet, Google’s parent company, to probe whether user data was kept on devices or has reached Chinese servers.
While Huawei’s access to Facebook data may not have been any greater than other device makers, the issue that the senators are flagging is whether the data could have reached Chinese servers or been given over to Beijing, despite Facebook’s assurances.
We need answers from Facebook. The whole story, now, not six months from now. https://t.co/I7xsM8mvj4— Mark Warner (@MarkWarner) June 5, 2018
Facebook’s VP of mobile partnerships Francisco Varela told Reuters, “Facebook’s integrations with Huawei, Lenovo, Oppo, and TCL were controlled from the get-go” and that Facebook approved of the services they built using the data.
Facebook previously foreshadowed that more data scandals could come to light. Back in April, Facebook told the Securities and Exchange Commission that it expected to find other huge examples of data misuse on the scale of Cambridge Analytica. But so far, the focus of data misuse fears has been on app developers, not device makers.
Facebook said it limited what data developers could access a year after Cambridge Analytica acquired users’ data, but it did not mention that major hardware makers continued to have broader access. Many of these data-sharing partnerships are still ongoing. In a blog post on Sunday, Facebook said that it was not aware of “any abuse” by the companies and that it has “already ended 22 of these partnerships.” Out of at least 60, that means a majority are still ongoing.
We don’t know if the US government’s allegations against Huawei and reasoning for why consumers should be wary of the company are true. And when it comes to Facebook, it’s not clear that Huawei has done anything outside the scope of what other tech companies have done. But until we learn more, the newly emerging relationship between Facebook and Huawei will only give cause for additional privacy concerns and government scrutiny.