The viral smartphone application, which has seen a new surge of popularity due to a filter that ages photos of users’ faces, requires “full and irrevocable access to their personal photos and data,” which could pose “national security and privacy risks for millions of U.S. citizens,” Schumer said in his letter to FBI Director Christopher Wray and FTC Chairman Joe Simons.
The Democratic National Committee also sent out an alert to the party’s 2020 presidential candidates on Wednesday warning them against using the app, pointing to its Russian provenance.
In the email, seen by Reuters and first reported by CNN, DNC security chief Bob Lord also urged Democratic presidential campaigns to delete the app immediately if they or their staff had already used it.
There is no evidence that FaceApp provides user data to the Russian government.
Democrats have invested heavily in bolstering party cyber defences after U.S. intelligence agencies determined that Russia used hacking as part of an effort to boost support for President Donald Trump’s 2016 election campaign. Russia has repeatedly denied those claims.
FaceApp, which was developed by Wireless Lab, a company based in St. Petersburg, says on its website that it has over 80 million active users. Its CEO, Yaroslav Goncharov, used to be an executive at Yandex, widely known as “Russia’s Google.”
The app, which was launched in 2017, made headlines in 2018 when it removed its ‘ethnicity filters’ after users condemned them as racist.
More recently, it has faced scrutiny from the public over issues such as not clearly communicating that the app uploads images to the cloud rather than processing them locally on a user’s device.
It is not clear how the artificial intelligence application retains the data of users or how users may ensure the deletion of their data after usage, Schumer said in the letter.
Schumer said the photo editing app’s location in Russia raises questions about how FaceApp lets third parties, including foreign governments, have access to the data of American citizens.
In a statement cited by media outlets, FaceApp has denied selling or sharing user data with third parties.
“99% of users don’t log in; therefore, we don’t have access to any data that could identify a person,” the company said, adding that most images are deleted from its servers within 48 hours of the upload date.
While the company’s research and development team is located in Russia, the user data is not transferred to Russia, according to the statement.
(Production: Alexander Chizhenok, Mikhail Antonov, Shamil Zhumatov, Gennady Novik, Dmitry Turlyun, Tatiana Gomozova)