The Electronic Privacy Information Center and the Center for Digital Democracy have filed a complaint with the Federal Trade Commission against Facebook’s $16 billion acquisition of WhatsApp based on privacy concerns, according to a document released Thursday. EPIC and CDD’s problems with the acquisition center around the fact that WhatsApp staked its reputation on—that it’s a company keeping a reasonable distance from its customers’ data. Now that it will fall under the aegis of Facebook, its users stand to lose those privacy guarantees, even though WhatsApp told its users nothing would change.
Facebook draws legal complaints for treading outside the bounds of responsible data use on a fairly regular basis. There was Beacon, which posted users’ activity to third party sites without so much as a heads up. There were Sponsored Stories, which placed users’ photos and names alongside ads. There was the sudden unsolicited use of facial recognition. The list goes on with many new and interesting ways Facebook has found to use the information it’s collected, but it’s plain that given an opportunity, Facebook is more likely to ask forgiveness than permission.
Then Facebook bought WhatsApp, the messaging app that, up until now, cared not a whit for information about its users or what they were doing. Despite the fact that the company could be sitting on a staggering database of phone numbers, locations, and names (not to mention troves of conversations, media, and links), WhatsApp has traditionally dismissed all of those opportunities.
When the acquisition was announced, WhatsApp reassured its current users in a blog post that “nothing” would change. “WhatsApp will remain autonomous and operate independently,” Koum wrote, promising the experience would remain ad-free.
Despite WhatsApp’s reassurances that it doesn’t store or collect its customers’ info, industry experts cited by EPIC and CDD state that many of the app’s users chose the app specifically due to its commitment to privacy. Because of that, it’s an even bigger concern that Facebook will start reaching for that information once the transaction goes through.
“WhatsApp users could not reasonably have anticipated that by selecting a pro-privacy messaging service, they would subject their data to Facebook’s data collection practices,” says the complaint. The document concludes by asking the FTC to launch an investigation into Facebook’s ability to see and use “WhatsApp’s store of user mobile phone numbers and metadata,” and to halt the acquisition until it’s clearer how the two companies’ relationship will develop.
Facebook getting its hands on WhatsApp data is decidedly a privacy concern, but how immediate that concern is lies in how you interpret Koum’s post-sale blog post. The founder promised that “nothing” will change. In one sense, this means that WhatsApp will continue to keep customer phone numbers, metadata, and their contacts’ information off its servers, and it will continue to not store messages. In this case, Facebook will not actually have access to anything, because there are no logs.
However, Koum seemed mostly focused on the consumer end—how a user experiences the product—as opposed to how WhatsApp does business. Koum assured users that the experience will remain ad-free and operate on nominal fees. He also promised that WhatsApp will not “compromise on the core principles that will always define our company.” He did not specifically mention data collection or transmission.
Adapted from arstechnica.com