According to a Wall Street Journal report, Facebook employees are notified by a so-called “Sauron alert” when colleagues access their personal profile. The courtesy does not extend to the other 2 billion users who don’t work for the company.
The name of the tool is a reference to the evil omnipotent “Eye of Sauron” in the epic fantasy series the Lord of the Rings. The tool was given an official name “Security Watchdog” in 2015, but the more ominous and perhaps appropriate title has stuck around.
A Facebook spokesperson told the Journal it had discussed the double standard internally, and even considered issuing alerts to all users. “In thinking about how we could do something similar for everyone, there are a number of important considerations that come into play—for example, how we can avoid tipping off bad actors or hindering our work to prevent real-world harm in cases of abuse or other sensitive situations,” the spokesperson said.
It’s important to note that any person with this level of privilege must produce a legitimate reason for accessing a profile. Some of these include diagnosing technical errors, testing new features, or investigating potential criminal behavior, the Journal reports. The employees are closely monitored by superiors for any unethical behavior.
But issues still arise. Earlier this week, Facebook fired an employee who bragged about having access to sensitive user data. The person allegedly used their privileged clearance to “stalk women online.” After an investigation, the security engineer was terminated. “Employees who abuse these controls will be fired,” Facebook’s chief security officer Alex Stamos said following the incident.
It wasn’t the first time someone misused their data privileges. A former employee at the company said multiple people had been fired over the years for accessing accounts without authorization, according to the report.
Facebook’s privacy practices have been under the spotlight since the Cambridge Analytica scandal when it was revealed that a political data firm purchased the personal information of 87 million users from a third-party app. A series of updates with an emphasis on transparency have been released in recent weeks to prevent its reputation from tarnishing any further.
The company will soon create a global privacy control center, a single page that houses all the important settings users need to see who is using their information and how. Facebook also released a lengthy blog post attempting to clarify its practice of tracking users after they’ve logged out of their profiles. There are even half-hearted mentions of giving users the option to pay for an ad-free experience. But if Facebook truly wants to be transparent about who can access user data, it should do everything possible to give its 2.2 billion users a glimpse of Sauron.