FaceApp and data privacy - the joke's on you
- Summary:
- FaceApp is funny stuff, isn't it? Actually, no it isn't.
Unless you’re on an online detox this week, it’s pretty much guaranteed that your social media timeline has been backed up with ‘hilarious’ images of what your friends will look like when they’re old. Thanks to the wretched #faceappchallenge, it’s seemingly de rigeur to load your image into FaceApp and then share the ravages of time
Personally I’m having nothing to do with it. If I want to know what I’ll look like in 40 years time, I’ll just check myself out in the bathroom mirror first thing in the morning before I’ve had a coffee! On a more serious note, I’m having nothing to with it because one question screams out at me every time I see another aged-up picture - have we learned nothing at all about data exploitation over the past couple of years?
For real - what is it going to take before people understand that that funny free viral app that everyone’s using is collecting personal data that enterprises in a digital economy are slavering to get their hands on. And that’s before the government and intelligence agency implications are considered.
Just in case anyone’s managed to avoid the meme, FaceApp can be downloaded from Apple’s App Store and Google Play and uses AI to create what it calls “neural face transformations”. It’s the ageing a selfie feature that’s taken off in recent weeks, fuelled by unintended endorsements from celebrities aching to demonstrate their sense of humor. But there are other capabilities that are rather more dubious, such as a filter called ‘Hot’ which ‘whitewashes’ skin tones…
But hey, it’s all good fun, isn’t it? Well, perhaps - although it seems to me to be a ‘joke’ that wears very thin very quickly. But leaving aside my own sense of humor shortfall on this matter, there are some societal and privacy concerns that have surfaced on the back of this phenomenon. Among these are:
- The fact that FaceApp is developed by Russian company Wireless Lab.
- The face that FaceApp doesn’t locally process pictures on your phone, but uploads them to the cloud.
- That as a user you need to be on top of the access setting on your mobile device. There’s an iOS API that means that while you can block FaceApp from accessing your entire photo roll - a conspiracy theory that’s spread - you can still pick an image and upload it to the app.
Read the small print
But my biggest concerns lie with the small print in the terms and conditions, which state:
You grant FaceApp a perpetual, irrevocable, non-exclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.
So that means that you’re handing over your image to a third party and you’re giving that third party full access to rights over it with no say about what those images can be used for. I’m waiting impatiently for the first vacuous Love Island-er to have a meltdown when their image is (ab)used for commercial gain. Not so funny then, I imagine.
Of course such Ts and Cs aren’t unique. Plenty of other firms have similar provisions and it’s down to individuals to read the terms - hah! - and agree to abide by them. FaceApp is doing nothing wrong here. If you can’t be bothered to read the small print, that’s your problem.
For its part FaceApp has tried to get ahead of some of the concerns. It argues that it’s only its R&D team that’s based in Russia and that there’s no user data transferred there. There’s currently a lot of uncertainty as to where FaceApp’s servers are, so this has yet to be validated.
It says it is not selling or sharing user data with third parties. Maybe so, but as the terms and conditions do allow for that, this is obviously a position that could change in the future.
The firm says “most" images are deleted from its servers within 48 hours of upload. The key word here is “most”. How many is that? And is that total deletion?
It also points out that users can ask for data to be removed its servers. That requires users to engage with the company proactively and at a time when FaceApp’s customer support team is described by the firm as “overloaded”. It’s also unclear to me as to why this point is being made when “most” images are supposedly automatically deleted?
Concern
Concern has now moved into the regulatory and legislative realms. In the US., Senate Minority Leader Chuck Schumer has called on the FBI and the Federal Trade Commission to investigate the 'national security and privacy risks for millions of Us citizens.’. In a public letter, he writes:
FaceApp’s location in Russia raises questions regarding how and when the company provides access to the data of US citizens to third parties, including potentially foreign governments. Given the growing popularity of FaceApp and these national security and privacy concerns, I ask that the FBI assess whether the personal data uploaded by millions of Americans onto FaceApp maybe finding its way into the hands of the Russian Government, or entities with ties to the Russian Government…In the age of facial recognition technology as both a surveillance and security use, it is essential that users have the information they need to ensure their personal and biometric data remains secure.
The Democratic National Committee has also aired its concerns about the Russian connection as the 2020 Presidential Election campaigns get underway. (The Republican Party hasn’t seemed so concerned to date). Bob Lord, the DNC's Chief Security Officer, warned this week:
This app allows users to perform different transformations on photos of people, such as ageing the person in the picture. Unfortunately, this novelty is not without risk: FaceApp was developed by Russians. It’s not clear at this point what the privacy risks are, but what is clear is that the benefits of avoiding the app outweigh the risks.
Meanwhile in the UK, the Information Commissioner’s Officer (ICO) is also on the case, warning users to be wary of using FaceApp:
The UK's data watchdog has said it is "considering" concerns raised about the FaceApp service over potential privacy issues.
We would advise people signing up to any app to check what will happen to their personal information and not to provide any personal details until they are clear about how they will be used.
My take
The UK ICO’s advice is just plain commonsense and shouldn’t need to be doled out after the social platform data exploitation scandals and revelations of recent years. I’ve said before that despite all the supposed safeguards and policy changes at a ‘repentant’ Facebook, it all boils down to one question - do you trust Mark Zuckerberg to look after your personal data?
Do you trust FaceApp to look after your image?
We live in societies where, particularly in urban environments, we are being monitored by cameras 24/7. That’s a price that gets paid in the name of security and there are regulations in place to prevent abuse of such image and data collection, at least in non-totalitarian regimes.
The FaceApp trend is different. You’re voluntarily handing over your face to a third party whose contractual arrangement with you is that you have signed away commercial exploitation rights to that image.
Think about all those keynote presentations in the retail sector where an evangelical CEO talks about the day you will walk into his or her stores and your face is on file so you can have personalised offers fired at you as soon as you’re over the threshold. What would one of those businesses be willing to pay for your voluntarily given-away image and data rather than having to persuade you to opt-in to its own facial recognition gathering program?
FaceApp is a fad that will go away within a week or so. I’m already seeing people on my timelines complaining that enough’s enough, joke’s over. But there will be another FaceApp. And another. And another. And hey, that amusing ‘how sexy are you?’’ quiz on Facebook, that’s harmless, isn’t it? It’s only asking for personal information as part of the fun after all.
I say again - what is it going to take?