On Monday, Facebook updated its platform policies to prohibit mass surveillance on its platform by explicitly blocking developers from using “data obtained from us to provide tools that are used for surveillance.” The move came after sustained pressure from civil rights organizations to make it harder for police agencies to surveil Facebook and collect data on users without their knowledge.
But given Facebook’s extensive use of data mining and prediction technologies and the fact that it still gives user info to law enforcement about 80 percent of the time, here’s a more accurate way of putting it: Facebook, a mass surveillance tool that gives user data to police, is updating its policy so that developers can’t build surveillance tools to give data to police. Feel safer yet?
Last November, the ACLU revealed that Facebook had been sharing user data with Geofeedia, a surveillance company that provided 500 law enforcement agencies with real-time information on Facebook users. Geofeedia sold itself to police departments as a tool for monitoring activists and protests. With it, cops could geo-locate Facebook users, track use of specific keywords and emoji, and even run their images through face recognition software.
Facebook and Instagram then booted Geofeedia from the service, updating its policies both then and now to block such uses. Facebook confirmed that the surveillance company violated Facebook’s privacy policies, but also noted that Geofeedia only had access to public user data.
In a blog post, Deputy Chief Privacy Officer Rob Sherman said the move was to against developers who created and marketed tools meant for surveillance:
Today we are adding language to our Facebook and Instagram platform policies to more clearly explain that developers cannot “use data obtained from us to provide tools that are used for surveillance.” Our goal is to make our policy explicit. Over the past several months we have taken enforcement action against developers who created and marketed tools meant for surveillance, in violation of our existing policies; we want to be sure everyone understands the underlying policy and how to comply.
Just to be abundantly clear, this doesn’t mean cops can’t get your Facebook data.
Facebook has not committed to fighting subpoenas from officers, who can ask for as much information as they’d like when gathering evidence. The company complies with almost all police requests for data. Second, officers are only required to subpoena private information. Any images, posts or statuses that are open to public are completely fair game and cops “patrol” suspects’ social media as openly as they do the streets.
And while Facebook is ending one specific type of third-party mass surveillance, it still collects enormous amounts of information on users, then compiles and sells that data. For example, Facebook uses data to identify users’ race and religion and would likely turn that info over if asked. What happens when they get it wrong? In November, a journalist with Business Insider was marked as linked to Hezbollah, which was designated a terrorist organization by the State Department. Imagine that showing up during an officer’s online investigation. In many ways, Facebook has already built the Muslim database it vowed it wouldn’t last year.
It’s good that companies like Geofeedia aren’t getting easy access to data, but your Facebook info is—and will always be—seen by more eyes than just your own.
Correction: 3/14/2017 12pm EST: The previous version of this story misstated Facebook’s original response to the ACLU’s report on Geofeedia. Facebook did not deny Geofeedia violated company policy before revoking its access to user data.