Skip to main content

Facebook will protect your data — as long as no one’s paying them for it

Facebook CEO Mark Zuckerberg speaking on a panel at the Paley Center for Media
Drew Angerer/Getty Images

At a Capitol Hill hearing Tuesday — no, not the one with the impeachment and such — Sen. Dick Durbin (D-Illinois) asked Jay Sullivan, Facebook’s product management director for privacy and integrity in Messenger, whether Facebook collected any data from its Messenger Kids app. It was the exact same question, Durbin said, that he had posed to Mark Zuckerberg last year, when he received an answer he deemed unsatisfactory.

“I have significant concerns that the data gathered by this app might be used or sold,” Durbin told Sullivan. “[Zuckerberg] responded, ‘in general, that data is not going to be shared with third parties.’ I said his use of that terms was ‘provocative and worrisome.’” Durbin then asked Sullivan the same question. “Is your answer that there is no information collected via Messenger Kids that is shared by Facebook to any third parties?”

“Yes,” Sullivan replied “We don’t sell or share data with third parties.”

Facebook’s entire business is modeled around selling users’ data to advertisers. In the past three years, Facebook has been caught up in a whirlwind of scandals, most of them involving the improper use, access, selling, or hacking of the personal data of Facebook’s billions of users by or to third parties. Since then, Facebook has been beating the privacy drum; most recently, it openly flouted requests from three major world governments — the U.S., the U.K., and Australia.

In October, the U.S. Department of Justice, the U.S. Department of Homeland Security, the Australian Minister for Home Affairs, and the U.K.’s Home Department wrote an open letter to Zuckerberg, requesting that Facebook “not proceed with its plan to implement end-to-end encryption across its messaging services … without including a means for lawful access to the content of communications to protect our citizens.” The governments were essentially asking Facebook for a special backdoor into its messaging apps that would allow authorities to read your private messages during the course of investigations.

Facebook’s response, sent on December 9 and first reported by the Washington Post, was in essence, “no.”

“Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere,” the letter, obtained by Digital Trends, reads. “The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes … It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it.”

Facebook’s letter cited experts from groups like Amnesty International and the Center for Democracy and Technology as backing Facebook’s stance: Encryption for everyone, or no one.

In a statement to Digital Trends, a Department of Justice Spokesperson said, “Facebook’s refusal to acknowledge the serious public safety impact of its business decisions, including on vulnerable children, has triggered a bipartisan backlash. The tech industry needs to start thinking seriously about solving this problem of its own creation.”

Hannah Quay-de la Vallee, senior technologist at the Center for Democracy and Technology, told Digital Trends that this encryption means that users won’t “have to trust Facebook anymore.”

“Anytime you say ‘Facebook’ and ‘trust’ in the same sentence, that feels hard,” she said. “They’ve done things that users were surprised by, which is not a great look. But the idea of end-to-end [encryption] is, you don’t need that trust. The tech guarantees that Facebook won’t be able to see certain kinds of data.”

Quay-de la Vallee also clarified that the type of data that Facebook lets advertisers use to target you is different from the type of data they’re now talking about encrypting. “Facebook has long said that they don’t monetize the content of private messages,” she said. “That’s the data they’re talking about encrypting anyway. All of the data that they monetize, your demographic data, and who you connect with, that is still available to law enforcement.”

“Encryption is a fundamental part of the right to privacy,” said Tanya O’Carroll, the head of Amnesty International’s tech arm. “You cannot exercise the right to privacy if you don’t have strong end-to-end.”

But O’Carroll agreed that encryption was only one small part of the whole security picture. “One of the really big problems of this business model is that it incentivizes turning everything into data,” O’Carroll said. “Regardless of what [Facebook does] now with end-to-end, we’d like to see governments address wider business regulations that just restrains the amount of data that’s collected in the first place.”

Facebook can do the right thing here, but its fundamental business model of essentially selling your data to advertisers (and others) shows that privacy still isn’t really a focus at the company.

“I don’t think we should think of this as a seal of approval on Facebook’s privacy record,” she continued. “It’s a strong step in the right direction, but we’re actually strongly calling for an overhaul of the business model itself.”

Update 12/11: Added Department of Justice statement.

Editors' Recommendations

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Twitter apologizes for personal data misuse with timeline alert
Twitter logo in white stacked on top of a blue stylized background with the Twitter logo repeating in shades of blue.

If you saw an alert from Twitter in your timeline today about its use of "use of your personal information for tailored advertising," you don't necessarily need to panic. But the alert links to a statement from the app that is definitely worth reading.

The alert from Twitter is appearing within your timeline -- we saw it this morning via the desktop web version of Twitter. The timeline alert is a notice that Twitter "may have served you targeted ads based on an email address or phone number you provided to us to secure your account."

Read more
The new ways Meta will pay you to make content for Facebook and Instagram
facebook hacked

Creators on Facebook and Instagram will soon have more ways to generate revenue from their content.

On Tuesday, Meta CEO Mark Zuckerberg shared via a Facebook post (and in a series of comments on that post), a few updates on monetization for creators on Facebook and Instagram. These updates included expansions to existing monetization options, as well as a few new ways to make money.

Read more
Microsoft Edge just got a new way to protect your privacy
Microsoft Edge Secure Network graphic.

Microsoft Edge just got even more secure. After a tease a few weeks ago, Microsoft has just officially announced the availability of Edge Secure Network, the new built-in VPN feature for the Microsoft Edge browser.

Though still in an experimental stage with a small audience using the Canary version of the browser, Microsoft hopes this feature can provide extra peace of mind when using Edge on unsecured networks. As with most other VPN services, this built-in Secure Network can mask your device's IP address, encrypt your data, and route it through a secure network that's geographically co-located.  This will make it harder for hackers and others with bad intent to see your true location. The company that provides your internet also won't be able to collect your browsing data for ads.

Read more