In 2018, Facebook identified thousands of developers in countries labeled “high-risk jurisdictions” had access to user data that could enable foreign espionage.
On Monday, Senate Select Committee on Intelligence Chairman Mark Warner of Virginia and Vice Chairman Marco Rubio of Florida wrote a letter to Meta CEO Mark Zuckerberg. The letter questions Meta’s recently released documents that reveal the company knew user data was at risk to Russia and the People’s Republic of China (PRC). Release of the documents was part of ongoing litigation against Meta in regards to its lax handling of personal data after revelations regarding Cambridge Analytica.
After pressure from Congress encouraged Facebook to reveal in 2018 that it provided access to key application programming interfaces to device-makers in the PRC, including Huawei, OPPO and TCL, senators and committee members met with Facebook staff to discuss controls the social media giant might put in place.
“Given those discussions, we were startled to learn recently, as a result of this ongoing litigation and discovery, that Facebook had concluded that a much wider range of foreign-based developers, in addition to the PRC-based device-makers, also had access to this data,” Warner and Rubio stated in the letter. “According to at least one internal document, this included nearly 90,000 separate developers in the People’s Republic of China (PRC), which is especially remarkable given that Facebook has never been permitted to operate in the PRC. The document also refers to discovery of more than 42,000 developers in Russia, and thousands of developers in other ‘high-risk jurisdictions,’ including Iran and North Korea, that had access to this user information.”
Documents available now reveal that internally in 2018, Facebook staff acknowledged the risks access created for purposes of espionage against the United States.
“As the Chairman and Vice Chairman of the Senate Select Committee on Intelligence, we have grave concerns about the extent to which this access could have enabled foreign intelligence service activity, ranging from foreign malign influence to targeting and counter-intelligence activity.”
The letter peppers Facebook with a serious of questions regarding the risk to user data, including Facebook’s definition of “suspicious activity,” whether the social media giant has any indication that developers’ access enabled coordinated activity by a foreign government, and whether Facebook is aware of access that enabled malicious advertising or other fraudulent activity by foreign entities.