Facebook and its parent company Meta have heaps of sensitive user data ranging from tracking people on the Internet, it’s unclear where it’s all stored, who has access to it, or even what information it contains.
This is a top-notch takeaway from a newly sealed court transcript Featuring testimony from two senior Facebook engineers, who were enlisted by a US district court to help clarify the company’s data retention practices.
Testimony from Facebook engineering director Eugene Zarashaw and Steven Elia, a software engineering manager, First reported by The Intercept,
Facebook made available to experts as part of an ongoing lawsuit inspired by the Cambridge Analytica data scandal, which contained vast swathes of user data Secretly Harvested and Exploited By a firm with links to Donald Trump’s 2016 presidential campaign.
A court-appointed special master, Daniel Gary, has the incredible task of determining where Facebook stores personal data in its 55 subsystems – which neither Zarashaw nor Elia could actually answer.
Presented with a list of those systems, neither engineer identified what they were all about, let alone what data they collected.
When asked where Facebook stores user’s on-platform activity, data obtained from third parties about users’ activities outside of Facebook, and other inferred user data, again, neither answer was known.
“I don’t think there exists a single person who can answer that question,” Zarashaw told the court. “It will take a significant team effort to be able to answer that question.”
Zarashaw said Facebook builds the pieces of infrastructure, “and then leave them to run for anyone in the company to use.” Other teams then “use other pieces of infrastructure as built-in storage,” making it difficult to pinpoint who is doing what.
“The advertising side will take many teams to find out exactly where. [user] data flow,” Zarashaw said. “I would be surprised if there is a single person who can conclusively answer that narrow question.”
In addition, Zarashaw told the court that Facebook has a “somewhat strange engineering culture,” in that it often doesn’t produce documents for others to refer to later.
“Effectively the code is its own design document,” the engineer said. “For what it’s worth, it [was] It was terrible for me when I first joined. ,
A spokesperson for Meta vehemently denied the notion that its internal data tracking policies are haphazard.
“Our systems are sophisticated and it is no surprise that no company engineer can answer every question about where each piece of user information is stored,” the company said in a statement.
“We have built one of the most comprehensive privacy programs to monitor data usage across all of our operations and to carefully manage and protect people’s data. We have made it important to meet our privacy commitments and obligations, including comprehensive data controls. invested and continue to do so.”
Transcript bolsters an april motherboard reportBased on a leaked internal document from the company’s ads and business product team, which suggested that Facebook is structurally incompetent to adequately regulate user data because of how the company was formed.
“We do not have a sufficient level of control and interpretability over how our systems use the data, and thus cannot confidently make controlled policy changes or external commitments such as ‘we will use X data for Y purposes’. will not do,'” reads the document, “And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.”
The 15-page document compares Facebook’s user data to a bottle of ink that has been emptied into a body of water.
“You pour that ink into a lake of water (our open data system; our open culture) … and it flows … everywhere. How do you put that ink back in the bottle? How do you put it in again? arrange, such that it flows only at the permitted places in the lake?”