Facebook and Instagram finally ban people from using data for 'surveillance', after criticism of privacy policy

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Facebook and Instagram have finally banned developers from using people's posts to spy on them.

Until now, the sites had given up public posts freely to sites that monitor activists and protesters and hand that information over to law enforcement. But after sustained criticism from civil liberties groups, it has finally announced that it will introduce a policy banning such surveillance.

Facebook said that by doing so it was making its policy "explicit", and that it has already taken action against developers who created or marketed tools meant to be used for surveillance. The only change it had made was to "be sure everyone understands the underlying policy and how to comply", it said.

But last year the site was shown to be providing information from Facebook and Instagram to Geofeedia, which develops a product for law enforcement to monitor citizens. When that arrangement was revealed by the American Civil Liberties Union, the site cut off access, but it continued not to have a public policy that prohibited developers from taking information and selling it to law enforcement.

Geofeedia employees boasted that it had "great success" finding out where people were during the protests that broke out in Ferguson after Michael Brown was killed, for instance. It worked with more than 500 law enforcement agencies.

The new prohibition states that developers — who get access to user data from Facebook to create apps — should protect "the information you receive from us against unauthorized access, use, or disclosure. For example, don't use data obtained from us to provide tools that are used for surveillance."

The ACLU report says the data the companies provided to Geofeedia included only public posts, not those that users restricted to just friends or in some other way. But such access to Facebook data is still valuable to third parties because it would be very difficult to collect and comb through all the stuff on their own.

According to the ACLU, Facebook had provided Geofeedia with access to a data feed called the "Topic Feed API," which is supposed to be a tool for advertisers. But Geofeedia could use it to obtain a feed of public Facebook posts that mentioned a specific topic, place or event — for example, "monitor hashtags used by activists and allies, or target activist groups as 'overt threats,"' Matt Cagle, attorney for the ACLU of Northern California, wrote last October. Facebook terminated this access nearly a month earlier after being notified about it by the ACLU.

Major social media platforms including Twitter and Alphabet Inc's YouTube have taken action or implemented policies similar to Facebook's, said Nicole Ozer, technology and civil liberties policy director at the ACLU of Northern California.

Ozer praised the companies' action but said they should have stopped such use of data earlier. "It shouldn't take a public records request from the ACLU for these companies to know what their developers are doing," she said.

It was also unclear how the companies would enforce their policies, said Malkia Cyril, executive director of the Center for Media Justice, a nonprofit that opposes government use of social media for surveillance. Inside corporations, "is the will there, without constant activist pressure, to enforce these rules?" Cyril said.

Additional reporting by agencies