Facebook engineers aren’t sure where all user data is kept

If it takes a village to raise a child, apparently it takes Facebook a team to tell you what data the company keeps about you and where they keep it.

In the recently unsealed transcript of a hearing led by “Discovery Special Master” Daniel Garrie, an expert appointed by the court, two Facebook engineers were grilled regarding what user data the company keeps about its users and where they are. To everyone’s frustration, their response was, essentially, “We don’t know.”

The hearing is part of an ongoing lawsuit concerning the Facebook-Cambridge Analytica scandal.

Garrie has attempted to get Facebook to reveal where personal data is stored in its 55 subsystems, but two veteran Facebook engineers—Eugene Zarashaw and Steven Elia—who were present at the hearing, couldn’t give satisfying answers.

“I don’t believe there’s a single person that exists who could answer that question,” Zarashaw said, according to the transcript. “It would take a significant team effort to even be able to answer that question.”

The Intercept, which first reported this story, has noted Garrie’s seeming disbelief over simple questions left unanswered. However, the engineers’ inability to give solid answers as to where Facebook user data is kept doesn’t surprise Dina El-Kassaby, a spokesperson from Meta. In a statement, she said, “Our systems are sophisticated and it shouldn’t be a surprise that no single company engineer can answer every question about where each piece of user information is stored.”

“We’ve built one of the most comprehensive privacy programs to oversee data use across our operations and to carefully manage and protect people’s data. We have made—and continue making—significant investments to meet our privacy commitments and obligations, including extensive data controls.”

The engineers not knowing where user data is kept also lends credence to an internal document leaked in April 2022, claiming Facebook can’t tell where all the data it gathers comes from or is stored.

This internal document was written in 2021 by Facebook privacy engineers on the Ad and Business Product team, the group tasked to build and maintain the social network’s ads system.

“We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And, yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation,” the document read.

https://blog.malwarebytes.com/feed/