Whistleblower Tells How Facebook App Developers Collected Data

A former Facebook employee has described in detail how the social network’s app developers were able to collect vast amounts of data without people’s permission.

Sandy Parakilas, who worked in policy compliance and data protection for Facebook between 2011 and 2012, told MPs on the Digital, Culture, Media and Sport committee that the company used users’ personal data to entice developers to build apps and games like Farmville.

“The real problem is that they allowed all of this personally identifiable data to pass out of their servers into the hands of a very un-vetted set of people,” Mr Parakilas said.

“Anyone can create a Facebook app,” he added. “There are no background checks to making a Facebook app.”

The whistleblower was speaking amid a row involving election consultants Cambridge Analytica, who are accused of using Facebook data on more than 50 million Americans to help Donald Trump’s US presidential campaign target political ads on the platform.

The data is alleged to have originally been collected by Alexander Kogan, a Cambridge University professor who surveyed more than 270,000 Facebook users through an app he created.

Facebook’s settings at the time allowed app developers to access the personal data of not just the people who used their app, but all of their friends as well.

“It was your name, in some cases your email addresses, in some cases your private messages,” Mr Parakilas claimed. “They just basically allowed that to leave Facebook’s servers intentionally and there weren’t really controls once the data had left to make sure it was being used in an appropriate way.”

It was this mechanism which allowed Cambridge University professor Alexander Kogan to collect data from more than 50 million Americans, data which he then allegedly passed on to Cambridge Analytica.

Dr Kogan said he believed his work for the company was all above board, and claimed he had since been used as a “scapegoat”.

While the policy was described in Facebook’s terms and conditions for users, Mr Parakilas said most people do not read Facebook’s terms and conditions in detail and the setting itself was “opt-in”, meaning users had to know it existed, find it in their privacy settings and de-activate it manually to stop developers harvesting their personal information.

“I’m pretty sure if you talk to pretty much all of the 50 million people impacted by this Cambridge Analytica issue then none would know that the data would have been shared with Kogan, let alone Cambridge Analytica,” he added.

Facebook changed its terms for how developers accessed such data in 2014, but Mr Parakilas described the company’s attitude to users’ personal data between 2010 and 2014 as “far outside the bounds of what should have been allowed”.

“Their motto was ‘move fast and break things’,” he said. “So the goal was to grow the platform as quickly as possible and data was one of the key ways to do that.”

Facebook’s huge user base meant developers were happy to build apps and games for Facebook for free, Mr Parakilas said. And although Facebook included rules forbidding any data collected to be used by advertisers, they were rarely enforced, he said.

Facebook discovered that Alexander Kogan had given data to Cambridge Analytica in 2015 but only suspended access to its platform last Friday, almost two-and-a-half years after being made aware of the policy violation.

“I believe that the company felt it would be in a worse legal position if it investigated and understood the extent of abuse than if it did not,” Mr Parakilas added.