Facebook gave a Russian company with close ties to the Kremlin extended access to collect data from users of the social network without their permission — and thanks to the Kremlin’s surveillance laws, that means intelligence agencies like the FSB also had access to that data.
Buried inside Facebook’s 748-page response to questions from the House Energy and Commerce Committees is a list of apps that were given extra time to harvest data from users and their friends before access was shut off in late 2015.
Among those app developers is Mail.ru, a Russia technology giant which developed hundreds of apps for Facebook. Two Mail.ru messaging apps, which enabled users to see their Facebook friend lists and message with people who also had the Mail.ru apps, were given a two week warning, the social network told CNN Tuesday.
Mail.ru was founded by Russian billionaire Yuri Milner, who stepped down as executive chairman of Mail.ru Group in 2012. Milner is also a major investor in Facebook, though the New York Times reported last year that the money for that investment came from Russian state institutions.
Today, Mail.Ru Group is controlled by USM Holdings, a company founded by Russian oligarch Alisher Usmanov, who was listed by the U.S. Treasury Department last January among Russian billionaires with ties to the Kremlin.
But beyond the fact that Mail.ru was given additional time to scoop up user’s data without their knowledge, what worries some experts is the fact that, because of Russia’s invasive surveillance laws, any data collected by Mail.ru is now likely in the hands of Russia’s intelligence agencies.
“The problem is, it is difficult to tell what happens the data once it leaves the server,” Emily Taylor, an associate fellow at U.K. think tank Chatham House, told VICE News.
Known as the System of Operative-Investigative Measures, or SORM, Russia’s national system of lawful interception compels all Russian companies to hand over any data they hold.
“That means Russia’s intelligence services now have access to all that data, legally, in Russia,” said Michael Carpenter, who served on the National Security Council specializing in Russia during the Obama administration.
And that could be a major problem for journalists and activists in Russia, who still use Facebook as a means of communications, according to Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation.
Senator Mark Warner, the top Democrat on the Senate Intelligence Committee, wants Facebook's relationship with Mail.Ru investigated further.
“The largest technology company in Russia, whose executives boast close ties to Vladimir Putin, had potentially hundreds of apps integrated with Facebook, collecting user data. If this is accurate, we need to determine what user information was shared with mail.ru and what may have been done with the captured data," Warner told CNN.
For Facebook, the revelations about Mail.ru are part of the ongoing fallout from the Cambridge Analytica scandal, which saw at least 87 million users affected. On Tuesday U.K. regulators concluded that Facebook had broken the law over misusing user data, imposing the maximum available fine of £500,000, or about $660,000.
But the continuing focus on third-party app developers means that Facebook and its core business of collecting and monetizing users’ data remains relatively unaffected.
"If Facebook is successful in distracting attention, and making this all about third-party app providers, they will have done a very good job of throwing regulators off the scent, because the real problem is what [Facebook] is doing," Taylor said.
Cover image: Mark Zuckerberg, chief executive officer and founder of Facebook Inc., listens during the Viva Technology conference in Paris, France, on Thursday, May 24, 2018. Marlene Awaad/Bloomberg via Getty Images.