Facebook’s Acquisitions: A Before and After Comparison of Privacy

For Facebook, it has never been about the profit, but the users. The social network has spent more than $22 billion on acquisitions, which includes $19 billion on WhatsApp exclusively! That is 2000 times the annual revenue of WhatsApp! Other popular acquisitions include Instagram ($1 billion), Oculus ($ 2 billion) and Atlas ($100 million). With recent psychological experiments conducted by Facebook on its unsuspecting users coming to surface, it becomes imperative to understand how our information is being collected, stored or used. In this blog post, I have tried to analyze the privacy policies (before and after) of three of Facebook’s major acquisitions – Instagram, Moves and WhatsApp.

Acquiring WhatsApp – From selling food stamps and Facebook rejects, to Billionaires.

“Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible: You don’t have to give us your name and we don’t ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that.” (March 17, 2014) Jan Koum (Co-Founder, WhatsApp)

WhatsApp is a messaging application which allows us exchange messages without incurring any SMS costs. Since its inception in 2009 by Jan Koum and Brian Acton, the corporation has been at loggerheads with the idea of advertising on its platform. As an alternative, it charges its users a nominal subscription fee after the ‘try-out’ first year.

Facebook acquired WhatsApp in February, 2014 for a whopping $19 billion! The apparent justification for this acquisition is WhatsApp’s rapidly growing user base with over 600 million users in its first five years (faster than Facebook itself). As of now, there is no hardcore evidence to prove speculations about Facebook monetizing WhatsApp data for targeted advertising. In fact, Facebook has supported its independent operability and even included Jan Koum on its Board of Directors.

Recently, in November, 2014, WhatsApp updated its platform to include end-to-end data encryption, touted to be the ‘strongest security any major texting app has offered’, leaving behind giants like Microsoft and Google. This does seem like a welcome change. However, keeping in mind Facebook’s recent escapades of data mining and psychological experiments, one doesn’t have to think twice about what’s actually in store for the future!

Acquiring Instagram

After Instagram was acquired by Facebook for $1 billion in September, 2012, it updated its privacy policy in January 19, 2013. The new policy incorporates a new clause stating, “We may share User Content and your information (including but not limited to, information from cookies, log files, device identifiers, location data, and usage data) with businesses that are legally part of the same group of companies that Instagram is part of, or that become part of that group (“Affiliates”). Affiliates may use this information to help provide, understand, and improve the Service (including by providing analytics) and Affiliates’ own services (including by providing you with better and more relevant experiences). But these Affiliates will honor the choices you make about who can see your photos.” Instagram’s old privacy policy can be accessed here.

This clause makes Facebook’s objectives crystal clear, i.e. data mining. But why is data mining disadvantageous? There are several privacy and security issues involved such as unethical collection or use of the information without the user’s consent. Taking this a step further, what happens when businesses with such vital information (for e.g. our behavioral trends) wither away? This information is eventually sold to someone else who might use it in any way it pleases.

Another problem here is that the policy doesn’t clearly specify how the Affiliates shall use the users’ information, apart from ‘improving Instagram’s services or their own services’. Moreover, the new policy provides that following deactivation of the account, the company’s Affiliates may ‘retain information and user content for a commercially reasonable time for backup, archival or audit purposes’. This is in violation of the National Privacy Principles which mandates destruction of the information and condemns broad responses. A brief analysis of the principles can be found here and here.

Acquiring Moves

The acquisition of the ‘Moves’ app (a popular fitness application that keeps track of your movements) by Facebook and the changes in Moves’ privacy policies within eleven days of the acquisition evidence speculations about Facebook’s upsurge in our privacy violations. Moves’ old privacy policy stated that the company would, ‘disclose an individual user’s data to third parties if our business or assets, or parts of them are acquired by a third party.’ In contrast to this, its new policy states that the company ‘may share information, including personally identifying information, with our Affiliates (companies that are part of our corporate groups of companies, including but not limited to Facebook) to help provide, understand, and improve our Services.’ This sharing of information to ‘Affiliates’ and its monetization is done by using the information obtained through data mining, to provide users with specific and targeted advertisements.

Under its old policy, Moves was bound to notify its users of any changes ‘through the service, by email, via our Twitter account or otherwise’. This time however, no such intimation through mails or via twitter was provided. Also, the only notice provided by Moves this time was, “We have updated our Terms and Privacy Policies. By continuing to use Moves, you agree to the updates.” No consent of the user had been taken, nor an appropriate notice been given. This is in clear violation of the National Privacy Principles. Rather, it posed a situation of ‘take it or leave it’ to the informed users, essentially making it a Standard Form Contract.

Recommended Readings:

1) Facebook Acquires WhatsApp: Consequences for Service Users, by Serge Malenkovich, Kaspersky Lab Blog.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s