Schumer said that FaceApp’s origins “raise questions regarding how and when the company provides access to the data of U.S. citizens to third parties, including potentially foreign governments.”
“It would be deeply troubling if the sensitive personal information of U.S. citizens was provided to a hostile foreign power actively engaged in cyber hostilities against the United States.”
(Both the FBI and the FTC declined to comment on the letter.)
FaceApp lets users upload photos of their faces and automatically edit them to look older. Celebrities such as Drake, LeBron James and the Jonas Brothers all posted edited snapshots on social media showing their graying hair and wrinkling skin, as did millions of other users across the country. Since it was launched in 2017, more than 80 million people have edited their photos through FaceApp.
But beyond its superficial entertainment, FaceApp drew questions about how it collects and stores users’ headshots. FaceApp uploads photos to the “cloud” of servers run by Amazon and Google. And deleting the app doesn’t make much of a difference for how the data is used. The app’s terms of service say users grant the company a “perpetual, irrevocable ... (and) worldwide” license to use a user’s photos, name or likeness.
Schumer wrote that he was concerned both about the security of the data FaceApp aggregates and users’ awareness about who could it. Schumer warned that it isn’t clear how long FaceApp retains a user’s data or how users can make sure their data is deleted.
In an interview with The Washington Post on Tuesday, FaceApp CEO Yaroslav Goncharov said FaceApp deletes “most” of the photos from its servers after 48 hours. Goncharov described a complicated process for how people can request that their data be deleted from FaceApp’s servers and told The Post that FaceApp is “planning to make some improvements” about posting the information to its website.
Schumer also asked the FTC to consider whether there are sufficient safeguards in place to prevent Americans’ privacy from being compromised. If not, Schumer suggested that the public be alerted to the “risks associated with the use of this application.”
“In the age of facial recognition technology as both a surveillance and security use, it is essential that users have the information they need to ensure their personal and biometric data remains secure, including from hostile foreign nations,” Schumer wrote.