It seems this week’s privacy backlash against viral app FaceApp has much less to do with privacy than it does FaceApp’s Russian provenance. Democratic Senator Chuck Schumer went so far as to call upon the FBI to investigate the company’s data practices, noting that “it’s owned by a Russia-based company” and that "it would be deeply troubling if the sensitive personal information of U.S. citizens was provided to a hostile foreign power actively engaged in cyber hostilities against the United States.” Yet Schumer’s letter ignores the simple fact that American companies sell, barter, loan, lose and otherwise make available the intimate personal data of Americans to companies and governments all across the world each day. In a world in which companies are no longer patriotic national assets but rather for-profit enterprises selling out their home countries to the highest bidder, does the nationality of an app’s developer really matter anymore?
It is remarkable that after more than a year and a half of almost weekly privacy and security breaches by Facebook that helped make Cambridge Analytica a household name, we still don’t care about privacy. The deluge of press coverage and policymaker statements about FaceApp have emphasized not its privacy considerations but rather the simple fact that its lead developers live in Russia.
How did we get to a point that the mere fact that a simple pop culture app was written by Russian developers warrants an FBI investigation?
More to the point, why do we not place the same scrutiny on developers elsewhere in the world, such as China and countries with close ties to Russia or where organized crime is known to have strong digital operations?
Blacklisting an application merely because of the nationality of its developers seems strangely nationalistic in an era of a globalized Web.
Most importantly, it is entirely irrelevant.
Web companies today are no longer the patriotic nationalistic assets of the last century. Today’s companies are global enterprises that view national borders strictly through the lens of tax regimes and legal jurisdictions, rather than as their home nation to which they show loyalty.
This means that an American company no longer thinks twice about selling the data of Americans to the Chinese government if it thinks it can make a profit from the transaction. As the New York Times noted last week, at least one facial recognition dataset created in the US was exported to China to a company involved in the surveillance of Uighur Muslims.
Academics in particular mass harvest data from platforms and redistribute it globally, while Facebook has gone to great lengths to guarantee data mining access to its two billion users’ most intimate and personal data to researchers all across the world, including in countries like Russia.
If Facebook is willing to make its two billion users’ data available for data mining by Russian researchers, including those with strong connections to the Russian intelligence services and whose other work is directly funded by the same Russian government agencies involved in the 2016 election interference, why should it matter that a popular mobile app happens to have Russian developers?
The simple fact of the matter is that everyday American app and Website developers are shipping our personal data to companies all across the world as part of their vast data sharing agreements.
Countless analytics companies are the recipients of a vast trove of our real-time behavioral and interest data, as Websites rely on myriad third party analytics trackers to understand their audiences, while in the process shipping all of that personal data globally.
A great deal of the apps we use involve developers from other countries, including Russia and China. Even major American companies rely heavily on developers from those two countries and their allies through outsourcing agreements.
Putting this all together, the idea that FaceApp poses a unique security and safety risk simply because its developers are Russian belies the simple fact that nationality no longer matters when it comes to online privacy in a globalized world. American companies using American developers routinely make their users’ data available to others all across the world for sale or mining.
In the end, in a globalized world, nationality no longer has any meaning.
