At least according to two veteran Facebook engineers being deposed over the Cambridge Analytica scandal – Facebook has no idea where they keep your personal data.
As reported by The Intercept (Facebook Engineers: We Have No Idea Where We Keep All Your Personal Data, written by Sam Biddle – hat tip to the “Data Diva” Debbie Reynolds for the heads up), in March, two veteran Facebook engineers found themselves grilled about the company’s sprawling data collection operations in a hearing for the ongoing lawsuit over the mishandling of private user information stemming from the Cambridge Analytica scandal.
The hearing, a transcript of which was recently unsealed, was aimed at resolving one crucial issue: What information, precisely, does Facebook store about us, and where is it?
Apparently, the engineers don’t know and Facebook has no idea.
Evidently, at least, based on a hearing with special master Daniel Garrie, a court-appointed subject-matter expert tasked with resolving a disclosure impasse. Garrie was attempting to get the company to provide an exhaustive, definitive accounting of where personal data might be stored in some 55 Facebook subsystems. Both veteran Facebook engineers, with according to LinkedIn two decades of experience between them, struggled to even venture what may be stored in Facebook’s subsystems. “I’m just trying to understand at the most basic level from this list what we’re looking at,” Garrie asked.
“I don’t believe there’s a single person that exists who could answer that question,” replied Eugene Zarashaw, a Facebook engineering director. “It would take a significant team effort to even be able to answer that question.”
When asked about how Facebook might track down every bit of data associated with a given user account, Zarashaw was stumped again: “It would take multiple teams on the ad side to track down exactly the — where the data flows. I would be surprised if there’s even a single person that can answer that narrow question conclusively.”
In an emailed statement that did not directly address the remarks from the hearing, Meta spokesperson Dina El-Kassaby told The Intercept that a single engineer’s inability to know where all user data was stored came as no surprise. She said Meta worked to guard users’ data, adding, “We have made — and continue making — significant investments to meet our privacy commitments and obligations, including extensive data controls.”
In other words, they meant to do that.
What The Intercept characterizes as “Facebook’s stonewalling” is revealing nonetheless: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within. The hearing amounted to two high-ranking engineers at one of the most powerful and resource-flush engineering outfits in history describing their product as an unknowable machine.
The special master at times seemed in disbelief, as when he questioned the engineers over whether any documentation existed for a particular Facebook subsystem. “Someone must have a diagram that says this is where this data is stored,” he said, according to the transcript. Zarashaw responded: “We have a somewhat strange engineering culture compared to most where we don’t generate a lot of artifacts during the engineering process. Effectively the code is its own design document often.” He quickly added, “For what it’s worth, this is terrifying to me when I first joined as well.”
Imagine how we feel.
The article overall is an interesting look at what Facebook knows, or at least admits to knowing about where it stores personal data. You can also read the redacted transcript – all 833 pages of it – if you want. Have fun.
So, what do you think? Are you surprised that a data company like Facebook doesn’t know where your data is? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.
Speaking of artifacts not being where they belong: “So, what do you think? Are you surprised that Australia fined Google for something that happened so long ago?” Huh?
Doh! 😮 Good catch, Craig! Guess I need to check a little more carefully when I re-use a file that I created for a previous post and replace with content for the new post! That’s a bad habit of mine that I need to change. Time to create a template! 🙂
[…] Meta, which also just had a proposed privacy settlement rejected by a judge). Maybe it’s because they have no idea where your data is? Cookies once again left a bitter taste in regulators mouths’ and even […]