Facebook Gave a Russian Internet Giant a Special Data Extension
Since March, when news violated that the political consulting firm Cambridge Analytica utilized a Facebook app to amass data on as many as 87 million people without their consent, the social networking giant has been forced to repeatedly answer for how it has given away user data and who it’s given that data to. In the immediate wake of the scandal, Facebook rushed to defend itself in a blog post, saying that in 2014, it changed an element of its API to prevent apps from collecting data on their users’ friends, as the Cambridge Analytica app did. Facebook has since clarified that while it announced this change in 2014, apps that already had access to people’s friends’ data continued to have access until May 2015.
Then, in more than 700 pages of written reactions delivered to the House Energy and Commerce Committee late last month, Facebook acknowledged that some apps had this access for up to six months longer, to allow them to “come into compliance” with the new rules. There were dozens of companies on the list, including dating apps like Hinge and music-streaming services like Spotify, but one may raise more than a few eyebrows in Washington: the Russian internet giant Mail.ru.
According to Facebook, Mail.ru was given a two-week extension to wind down a feature on two messaging apps that enabled users to ensure their Facebook friend lists and message with people who also had the Mail.ru apps. During the extension, at least, the app merely had access to people’s friend lists , not any information about those friends’ likes or interests. And yet, long before that extension was in place, Facebook tells Mail.ru ran hundreds of apps on the platform, all of which operated under Facebook’s old rules, which did allow app developers to collect their users’ friends’ data. Some of those apps began operating as early as 2009.
“Some apps were constructed prior to the opening of the platform altered in 2015, so they did have access to the earlier version of our platform, ” a Facebook spokesperson told. “That made it possible for users to consent to sharing information about themselves, as well as their friends.”
Facebook says the majority of Mail.ru’s apps were test apps that remained private and that merely a handful actually launched publicly. It did not share details on how many users may have had their information exposed to Mail.ru apps without their consent. The company adds that Mail.ru’s collection of apps have not had access to people’s friends’ data since May 2015, when Facebook changed its API. Still, Facebook is now investigating Mail.ru, along with all other apps that had access to large quantities of user data prior to the changes. But, the spokesman says the investigation is not itself a censure. “We find no indication of misuse with Mail.ru. If we see any suspicious activity or potential misuse, that’s when we formally audit a company.”
Facebook awarded thousands of other companies the same data access as Mail.ru prior to 2015. And yet, recent concern over Russia’s manipulation of social networks in the run-up to the 2016 election may cast the relationship between the two companies in a new light.
In a statement to WIRED, a spokesperson for Mail.ru wrote, “We assume that while changing API Facebook changed the terms for the customer who had popular applications that had not been updated to the latest version […] We definitely use our cooperation with Facebook strictly for business needs of our products and strictly according to the Facebook regulations.”
The fact that Facebook would have brokered an extension with Mail.ru may not come as a surprise to people who are familiar with Facebook CEO Mark Zuckerberg’s relationship with Yuri Milner. The Russian billionaire and Mail.ru founder was also a major investor in Facebook.( A spokesman for Milner said in a statement, “Yuri Milner has not been involved as CEO of Mail.ru since 2003. Shortly after the IPO of Mail.ru in 2010, he sold all of his shares in the company. In 2012, he stepped down from the board of directors and has not been involved since then.”)
‘It’s embarrassing that four months from this scandal became public, Facebook still has no idea how many others have its users’ data and how that data is being used today.SSSS
Representative Frank Pallone Jr.
Over the last year, reports have also surfaced about Milner’s ties to the Kremlin. In November 2017, in accordance with the so-called Paradise Papers leak of 13.4 million confidential documents pertaining to offshore pays, The New York Times reported that Milner had received millions of dollars in Russian country funding, which he used in part to invest in both Facebook and Twitter through his international investment firm, DST Global.
While nothing in research reports suggested that the investments were part of Russian influence operations, the news violated after the US launched federal investigations into Russian interference in the election. Milner defended his reputation in an open letter last autumn, telling the suggestion that he tried to infiltrate American tech companies to help Russia was “far-fetched” and a “fairy tale.”
In a statement following Facebook’s disclosures, the House committee’s ranking member, New Jersey Democrat Frank Pallone Jr ., said Facebook’s answers to Congress “raise more questions than they answer.” While he didn’t respond to WIRED’s request for comment considering Mail.ru, Pallone Jr. said in the statement, “It’s disconcerting that four months after this scandal became public Facebook still has no idea how many others have its users’ data and how that data is being used today.”
Democratic senator Mark Warner, who has been investigating Russia’s manipulation of social media platforms as vice chairman of the Senate Intelligence Committee, said in a statement, “We need to determine what user information was shared with Mail.ru and what may have been done with the captured data.” Warner conveyed particular concern that leading player at Mail.ru, including major investor Alisher Usmanov, “boast close ties to Vladimir Putin.” 1
At the very least, the fact that Facebook is only now coming forward with this bit of information, nearly a year after investigations conducted by Russian actors’ manipulation of Facebook began, indicates a glaring absence of transparency on Facebook’s part. Throughout its thousands of responses to the House committee, Facebook was asked repeatedly about what access Russian country agencies had to Facebook user data. Facebook responded saying that it received 34 requests for data from the Russian government between 2013 and 2017 and didn’t provide data in response to any of them. But experts say the Mail.ru deal, viewed alongside the news that Facebook devoted data to device manufacturers including Chinese companies like Huawei, reflects naivete on Facebook’s part about the power that international regimes have over industries within their borders.
“If you are a Russian businessperson of a certain scale, you can’t escape specific requirements Russian intelligence services are going to put one across you, ” tells Brett Bruen, a US diplomat who served as director of global engagement under President Obama and now runs the consulting firm Global Situation Room. “This is the reality of doing business in Russia today.”
It’s not unique to Russia, either. Bruen notes that the National Security Agency in the United States has procured its own ways to hoover data from American tech companies, as revealed by whistleblower Edward Snowden. The Cambridge Analytica scandal appears tiny in comparison to what a state-sponsored intelligence agency could do with all of that data. “Cambridge Analytica was a relatively small company that was fiddling on the edges, ” Bruen says. “Now set that information in the hands of a massive intelligence agency.”
1 Update: 6:36 PM EST 07/10/ 2018 This narrative has been updated to include commentary from Sen. Warner. Update: 9:40 AM EST 07/11/ 2018 This narrative has been updated to clarify Alisher Usmanov’s relationship with Mail.ru .