Facebook’s latest scandal is one that’s been lingering in the shadows for years: if you used Facebook for Android, chances are you allowed the app to collect your SMS text logs and call history. Although Facebook has never technically obfuscated the fact that it collects your message logs and call data, the extent of its scraping only came to light last week when a New Zealand man found all the data in his Facebook archive.
That discovery led to media attention and outrage over the weekend, all of which has resulted in a blog post from Facebook trying to explain away the situation. Because Facebook hasn’t learned anything from the last two weeks, the blog post reads as a detailed explanation about why Facebook is right and everyone else is wrong, rather than any kind of acknowledgement that perhaps scraping millions of unwitting users’ non-Facebook data from their phone could be problematic.
There’s a lot to unpack in Facebook’s blog post, but one thing stands out across all of Facebook’s kickback to the situation: Nowhere has the company said why it needs to collect call logs and SMS metadata from your phone. In the blog post, Facebook says “Call and text history logging…helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook.”
In a statement to Ars Technica when the story was first breaking, a company spokesperson said “The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.”
If you read those statements, nowhere does it explain why Facebook needs access to your metadata, rather than just your contacts. If Facebook is really just scraping your phone for all the people you’ve ever had contact with to try and connect you on Facebook (what the company seems to be saying), there’s no reason for Facebook to keep granular details of when, from where, and how long you called and texted each person.
Rather than answer the underlying question — why does Facebook need to know this about me?! — the company is trying to reframe this scandal on terms that it can win. It’s arguing hard that it never logged anyone’s call and text history without their permission, and that collecting info about contacts is just standard industry practice.
That doesn’t really address people’s two main concerns, which are that a) Facebook asked permission for data collection with the same button-press as a bunch of other stuff, so that people were less likely to opt-out, and b) Facebook shouldn’t even be collecting this data anyway.
Internet companies walk a very fine line with privacy. Consensus among consumers seems to be that people are willing to give up privacy in return for a benefit from services, but they have to understand exactly what data is being used and why for the tradeoff to be acceptable.
Facebook failed both of those tests. It’s clearly come as a surprise to people that their data was being collected, which means that Facebook’s communications and permissions system failed at some point. And, to this moment, it hasn’t explained precisely why it collects call and text metadata. Facebook can’t keep responding to outrage in this way, or the company might find that the privacy tradeoffs stop being worth it.