Latest Privacy Fracas Drops Facebook In The Middle Of Anti-Huawei Hysteria

Facebook is under fire yet again for potentially being far too casual in its treatment of private consumer data.

Earlier this week, the New York Times issued a report noting that Facebook had struck deals with more than 60 different hardware vendors since at least 2010, providing them with "vast amounts" of private user data. According to the report, these partnerships allowed some devices to retrieve personal information even from users' friends who believed they had barred any sharing with third party vendors, potentially violating a 2011 FTC consent decree that banned such sharing without obtaining express customer permission.

To be clear, the partnerships are notably different from the deals struck with companies like Cambridge Analytica, which we now know routinely let app makers hoover up private data under false pretenses, then use that data for other purposes (like oh, riling up partisans ahead of an election). And Facebook was quick to issue a blog post trying to downplay the scope of the revelations:

"This is very different from the public APIs used by third-party developers, like Aleksandr Kogan. These third-party developers were not allowed to offer versions of Facebook to people and, instead, used the Facebook information people shared with them to build completely new experiences."

And while that's all well and good, the problem for Facebook is that nobody trusts that they routinely policed whether this data was being abused. And while the data was all stored locally on user devices, privacy experts were quick to point out that this could still wind up being a problem:

"You might think that Facebook or the device manufacturer is trustworthy," said Serge Egelman, a privacy researcher at the University of California, Berkeley, who studies the security of mobile apps. "But the problem is that as more and more data is collected on the device - and if it can be accessed by apps on the device - it creates serious privacy and security risks."

These are all legitimate questions that Facebook will need to answer in the wake of the Cambridge scandal.

That said, this story was initially reported on Sunday without too much attention. But things took a turn with additional reports by both the Washington Post and New York Times indicating that some of these partner companies included Chinese gear makers like Huawei.

"The agreements, which date to at least 2010, gave private access to some user data to Huawei, a telecommunications equipment company that has been flagged by American intelligence officials as a national security threat, as well as to Lenovo, Oppo and TCL.The four partnerships remain in effect, but Facebook officials said in an interview that the company would wind down the Huawei deal by the end of the week."

Given that the Trump administration is currently trying to blacklist companies like Huawei amidst allegations of being proxies for the Chinese government, the story's overall tone quickly shifted to one of mass hyperventilation:

This could be a very big problem. If @Facebook granted Huawei special access to social data of Americans this might as well have given it directly to the government of #China https://t.co/5K86CDpjVE

- Marco Rubio (@marcorubio) June 6, 2018

The problem: as we've noted a few times now, the allegations that employee-owned Huawei routinely spies on American consumers for the Chinese government isn't backed up by any publicly-available evidence, something both the Post and Times oddly don't mention.

An 18 month investigation by the White House found no evidence of such spying, and companies like Cisco have been caught routinely fanning such fears among gullible lawmakers in the hopes of thwarting overseas competitors. That hysteria has been notably escalated in recent years thanks to U.S. networking vendors being afraid to compete with cheaper Chinese gear as they jockey for 5G deployment contracts with wireless carriers worldwide.

While it's certainly possible Huawei spies on the U.S., there's just not much evidence for it. And you'd also have to ignore the U.S.' epic hypocrisy on that particular subject. You know, like the time Snowden docs revealed that the NSA was caught hacking into Huawei, stealing the company's source code, and attempting to install backdoors in Huawei gear so they could spy on countries that were avoiding the use of U.S. networking gear. You know, the exact thing we're accusing Huawei of. Except with supporting evidence.

Again, it's certainly plausible that Huawei might spy on U.S. citizens. But you'd think somebody could reveal some public evidence of this nefarious behavior before the Trump FCC pondered blacklisting them, a move that's opposed by NSA bosom buddies AT&T and Verizon. The reality is that the entire Huawei fracas is driven more by protectionism than national security, largely because, as one DC insider told the Washington Post back in 2012, it's extremely easy for U.S. networking makers like Cisco to get gullible lawmakers all hot and bothered on the subject:

""What happens is you get competitors who are able to gin up lawmakers who are already wound up about China," said one Hill staffer who was not authorized to speak publicly about the matter. "What they do is pull the string and see where the top spins."

But some experts say these concerns are exaggerated. These experts note that much of Cisco's own technology is manufactured in China."

That's not to say Facebook still doesn't need to answer some questions about whether all of these partnerships have been unwound, and how it ensured that the data stored on these vendors' devices wasn't abused in any fashion. That said, the focus should remain on the 60 companies in total that Facebook struck these deals with, without getting too hung up on the CHINA CHINA CHINA aspect of the story. Lax treatment of private data is the norm, not the exception (especially in the telecom sector), and getting too hung up on Huawei alone tends to miss the forrest for the trees.