The Washington PostDemocracy Dies in Darkness

Did Facebook allow Chinese firms ZTE and Huawei to access user data? A lawmaker wants to know.

(REUTERS/Regis Duvignau/Illustration)

This post has been updated with additional comments from Sen. Warner.

A top lawmaker in Congress is questioning whether Facebook allowed two Chinese telecommunications firms with alleged ties to their country’s government to harness data about the social network’s users, potentially subjecting their personal information to new privacy and security risks.

The red flags raised by Sen. Mark R. Warner (D-Va.) about Huawei and ZTE stem from revelations that Facebook struck special data arrangements with roughly 60 device makers including Apple, HTC and Samsung over the past decade, possibly without Facebook users’ knowledge.

Using legal agreements and Facebook-supplied code, these and other device makers could access information such as names, phone numbers and photos, all in a bid to make it easier for Facebook users to access its services -- from friends’ photos to their message histories -- while using a smartphone.

But privacy advocates have fretted that users may not have been aware of the extent that data about them, or their friends, had been transferred in the process. Facebook, meanwhile, so far has declined to release a list of the device makers with which it had such a special relationship.

To that end, Warner, the top Democrat on the Senate Intelligence Committee, has pressed Facebook to detail if its partners included Huawei and ZTE, according to a spokeswoman. A day later, Warner -- appearing at an event hosted by Axios -- said his still-unanswered question stems from the "ongoing threat these Chinese telecom companies pose."

"I believe it’s a serious danger. I’ve been disappointed we’ve not gotten a straight answer," said Warner, adding it would be "very surprising to me if they somehow excluded the Chinese telecom providers."

Facebook declined to comment on its relationship with Huawei or ZTE. Representatives for both Huawei and ZTE did not respond to requests for comment.

Earlier Monday, Facebook rebuffed any charges that it had violated its users’ privacy. Ime Archibong, the company’s vice president of product partnerships, said in a blog post that Facebook had partnered with device makers in the days before smartphones had app stores so that consumers could “use Facebook whatever their device or operating system.”

U.S. officials long have raised security concerns with Huawei and ZTE. In May, for example, the Pentagon confirmed it had ceased allowing military service members to purchase either firm’s phones on its bases, citing threats to “personnel, information and mission.”

But fears about Huawei and ZTE predate the arrival of President Trump. A 2012 report from lawmakers on the House Intelligence Committee that found “risks associated with Huawei’s and ZTE’s provision of equipment to U.S. critical infrastructure could undermine core U.S. national-security interests.” The firms have denied the charges.

Facebook said its arrangements with device makers were controlled “tightly from the get-go.” The social giant said it had started phasing out its partnerships in April, and before that, it was “not aware of any abuse by these companies.” But the New York Times, which first reported the relationship, found that some device makers, such as BlackBerry, may have accessed information about Facebook users and their friends even if they had opted out of having their information shared in that manner. The new revelations have since raised the specter that Facebook could face additional fines and other penalties for its handling of users’ sensitive data.