Top US lawmakers on the Senate Intelligence Committee want answers from Meta on a newly disclosed internal investigation it conducted in 2018 that found tens of thousands of software developers in China, Russia and other “high-risk” countries may have had access to detailed Facebook user data before the company clamped down on that access beginning in 2014.
In a letter to Meta CEO Mark Zuckerberg on Monday, Sens. Mark Warner and Marco Rubio, the chair and vice-chair of the Senate committee, cited a document unsealed last week in an ongoing privacy lawsuit involving the company.
That document, an internal slide presentation from 2018, suggested that nearly 87,000 developers in China, 42,000 in Russia and a handful based in Cuba, Iran and North Korea had access to Facebook user information through an earlier version of the company’s programming interfaces. The presentation provides an interim update on the probe, which found, among other things, that Iran was home to a “significant number of seemingly Russian developers” of Facebook apps.
The document does not explicitly outline what types of information the developers could have accessed, but it focuses on a period prior to 2014, before Facebook had restricted third-party access to data such as political views, relationship statuses and education history, among other things.
The congressional letter seeks more information about the outcome of the investigation, with a particular focus on whether Facebook users’ data could have ended up in the hands of Chinese or Russian intelligence agencies.
“We have grave concerns about the extent to which this access could have enabled foreign intelligence service activity, ranging from foreign malign influence to targeting and counter-intelligence activity,” the lawmakers wrote.
The findings are “especially remarkable given that Facebook has never been permitted to operate in [China],” they added.
Meta’s investigation, launched after the company’s Cambridge Analytica data privacy scandal, had focused on third-party app developers with access to “large amounts of information” and whose software had exhibited “suspicious activity.”
On Tuesday, Meta told CNN in a statement that the document cited in the letter references data practices that are no longer in effect at the company.
“These documents are an artifact from a different product at a different time,” said Meta spokesman Andy Stone. “Many years ago, we made substantive changes to our platform, shutting down developers’ access to key types of data on Facebook while reviewing and approving all apps that request access to sensitive information.”
Meta declined to answer whether the app developer investigation is still ongoing or how many apps have been reviewed since the 2018 slide presentation, which was unsealed in court last week. The document had projected the probe would continue at least through 2020.
In recent years, policymakers have increasingly sounded the alarm about data leakages to foreign adversaries. Hostile governments could seek to use Americans’ personal information to spread disinformation or identify intelligence targets, US officials have said.
Those fears have culminated most visibly in tensions with the short-form video app TikTok, whose links to China through its parent company have prompted the US government and numerous states to ban the app from official devices. US officials have also sought to block Chinese telecom firms from the US market over similar concerns.
But the lawmakers’ letter highlights how worries about data access by foreign adversaries extends beyond TikTok and encompasses some of the largest social media platforms.
Although Meta has moved on with different, more restrictive policies for developers, Warner and Rubio called for the company to explain what information may have been transferred to China, Russia and other nations in the past, and for any evidence the company may have that the data has been abused to target Americans or engage in propaganda campaigns.