By Ryan Banfill, FJA Communications Director
Does Russian strongman Vladimir Putin have copies of Americans’ most-prized personal photos? With an innocent click of a button, millions of Americans gave a Russian company permission to access their photos and use them, perpetually.
That’s forever. Why would a nuclear power want to have your Valentine’s Day selfies or photos of your nephew’s Bar Mitzvah? Estimates say the data could be worth billions of dollars. In the hands of a superpower’s intelligence agency, the information could be priceless. The same is true for other social apps, too.
Note a recent Wired article carrying the headline, “Think FaceApp is scary? Wait until you hear about Facebook.” The Atlantic provides examples of how private photos are being used for more than preserving memories.
“In May, the news came out that Ever, a photo-album app, used vacation photos and users’ selfies to enhance the computer-vision software used in the Department of Defense’s military drones,” the article says. “Clarifai, a computer-vision start-up, scraped profile pictures from the dating site OKCupid’s apps to build services that infer race and sex from detected faces. It also partnered with the military. Stanford researchers similarly tapped an undisclosed U.S. dating website to see if they could predict people’s sexual orientation from their face.”
From Russia with Love?
At the center of the discussion is FaceApp, a “state of the art photo-editor powered by AI,” according to the St. Petersburg, Russia-based company’s website.
St. Petersburg, Russia also is home to the infamous Internet Research Agency. The company’s alleged role in exploiting social media platforms to manipulate American voters during the 2016 election cycle is detailed in the Muller Report.
“The Internet Research Agency (IRA) carried out the earliest Russian interference operations identified by the investigation-a social media campaign designed to provoke and amplify political and social discord in the United States. The IRA was based in St. Petersburg, Russia, and received funding from Russian oligarch Yevgeniy Prigozhin and companies he controlled.”
Source: Public Intelligence
Just because two-year-old FaceApp shares the same hometown of a company indicted for committing crimes against the United States of America doesn’t mean the company is doing something underhanded. The U.S. Senate Minority Leader calling on the FBI and CIA to investigate if U.S. national security and the privacy rights of American citizens have been violated. It’s an action that’s reminiscent of the proverb, “Fool me once, shame on you. Fool me twice, shame on me.”
It’s All in the Fine Print
The free app uses artificial intelligence to change a person’s appearance, with filters that provide the user an opportunity to make them look older and younger, along with other features.
Under FaceApp’s terms of service, that many accepted without reading:
You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. …
… By using the Services, you agree that the User Content may be used for commercial purposes. You further acknowledge that FaceApp’s use of the User Content for commercial purposes will not result in any injury to you or to any person you authorized to act on its behalf. …
… User Content removed from the Services may continue to be stored by FaceApp, including, without limitation, in order to comply with certain legal obligations. …
… [Y]ou consent to the processing, transfer, and storage of information about you in and to the United States and other countries, where you may not have the same rights and protections as you do under local law.
How Did This App Get Cleared for Market?
A CNET commentary on the FaceApp saga by writer Ry Crist quotes Aviran Hazum, head of Analysis and Response at the security research firm Check Point Research who took a closer look under FaceApp’s hood.
“This app seems to be developed in a good fashion,” Hazum says. “No greedy permissions, and it does what they claim it does.”
The commentary raises the issue of the accountability of tech giants Apple and Google in providing the app to the masses.
“What sort of vetting do Apple and Google do before hosting apps like FaceApp that collect user data in order to deliver targeted ads?” asks Crist. “Is there any extra scrutiny of apps like these that are based out of Russia?”
I Downloaded FaceApp, What Can I Do Now?
“FaceApp and the other FaceApp Parties will not be liable to you under any theory of liability—whether based in contract, tort, negligence, strict liability, warranty, or otherwise—for any indirect, consequential, exemplary, incidental, punitive or special damages or lost profits, even if FaceApp or the other FaceApp Parties have been advised of the possibility of such damages,” the company’s terms of service says. “The total liability of FaceApp and the other FaceApp Parties, for any claim arising out of or relating to these Terms or our Services, regardless of the form of the action, is limited to the amount paid, if any, by you to access or use our Services.”
If you are concerned the app is compromising your privacy, the company says there’s something you can do about it. In a statement published by Techcrunch.com, FaceApp gives users instructions on how to drop the service.
“We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority,” the company’s statement says. “For the fastest processing, we recommend sending the requests from the FaceApp mobile app using ‘Settings->Support->Report a bug’ with the word ‘privacy’ in the subject line. We are working on the better UI for that.”
As for the “red scare redux” reaction to the app, the company offers consumers this reassurance, “Even though the core R&D team is located in Russia, the user data is not transferred to Russia.”