It’s been a rough year for Facebook and then some. The latest development: a trove of documents released by a British lawmaker this week that shed light on some of Facebook’s internal communications, including discussions of “whitelist” agreements with certain companies to give them specialized access to user data — all while restricting it for others.
Damian Collins, the chair of the British Parliament’s Digital, Culture, Media, and Sports Committee who has led an investigation into Facebook and the Cambridge Analytica scandal, released a summary of findings and more than 200 pages of documentation on the social media giant on Wednesday.
The documents were originally part of a US court case stemming from a lawsuit filed against Facebook by a company called Six4Three, an app developer that used to make an app called Pikinis to help people find Facebook pictures of women in bikinis. Six4Three sued Facebook in 2015, saying that its data policies favored some companies over others.
As Recode’s Kurt Wagner explains, Six4Three sued Facebook when it stopped letting developers collect data from users who signed up for their apps and from those users’ friends. (That’s actually the same method that Cambridge Analytica used to get the data of 87 million people — before Facebook stopped giving developers access to friend data in 2015.)
Nobody paid a lot of attention to the lawsuit until the start of the year when the Guardian mentioned it in a story. But the British parliamentary committee was interested and got the documents when Six4Three’s founder traveled to the UK and was ordered to hand them over.
Much of what’s contained in the documents isn’t new — it’s no secret Facebook shares information with other companies or that one way it makes money is through user data. But they put into focus an increasingly sharper picture of the Menlo Park, California-based company that contrasts with the benevolent face it’s tried to put on for years.
Here are five of the big takeaways from the document release:
1) Mark Zuckerberg and his team had lengthy discussions about how to make money off of user data
The documents released include a series of emails from 2012 in which CEO Mark Zuckerberg discusses how to turn Facebook’s data into revenue avenues for the company and how much access to provide third-party developers.
In one October 7 communication, he weighed whether it would acceptable for Facebook to charge developers “quite a bit more” for using the platform. In another email later that month, Zuckerberg said he was “getting more on board with locking down some parts of the platform, including friends data and potentially email addresses for mobile apps.”
Zuckerberg also said he was skeptical about the risk of data leaks. “I think we leak info to developers, but I can’t just think of any instances where the data has leaked from developer to developer and caused a real issue for us,” he wrote.
Zuckerberg in a Wednesday post responding to the document dump appeared to acknowledge these discussions and said that Facebook had gone in another direction. “Ultimately, we decided on a model where we continued to provide the developer platform for free and developers could choose to buy ads if they wanted,” he wrote. “This model has worked well.”
The Wall Street Journal, citing parts of the Six4Three documents, last week reported that Facebook had indeed considered charging companies for continued access to user data. Facebook has been emphatic that it does not sell user data.
2) Facebook discussed “whitelist” agreements with a variety of companies
In the documents Collins released, he highlights “whitelisting agreements,” under which Facebook entered into deals with certain companies that allowed them to maintain access to friends data and other user data, including after the 2014 and 2015 changes to developer access guidelines. In other words, Facebook seems to have been making exceptions to its own policies.
A number of firms are mentioned in internal emails from Facebook discussing whitelisting, including dating app Badoo, Lyft, Airbnb, Netflix, and Tinder.
The Daily Beast describes Facebook as using access to its application programming interface — otherwise known as an API — that would let selected apps see user friend data as a sort of “bargaining chip,” citing its dealings with Tinder. In one email exchange, one Facebook officials appears to have offered access to the special API in exchange for using “Moments,” a term trademarked by Tinder.
3) Facebook also sought to take away access from competitors
Facebook wasn’t just giving out data access — it took it away, too.
In one 2013 email exchange, Facebook executive Justin Osofsky warns that Twitter had launched Vine, a feature that let people make six-second videos and one that he saw as a competitor for people’s attention. He said Facebook, at the time, let Vine users find their friends on Facebook and that he planned to shut down Vine’s API access.
“Yup, Go for it,” Zuckerberg replied.
4) Facebook monitored its competitors — and in some cases, then bought them up
Collins’s synopsis of the documents also includes mention of Onavo, a formerly independent analytics app Facebook used “to decide which companies to acquire, and which to treat as a threat.” He also included charts produced by Onavo in early 2013 on the mobile industry showing the reach of companies such as Instagram, Twitter, Snapchat, and WhatsApp.
Facebook bought Onavo in the fall of 2013 after the charts in the documents were produced, and the acquisition was public knowledge. New York Times technology reporter Mike Isaac on Wednesday tweeted that the move was a “key moment in [Facebook] asserting and keeping its dominance as app king.”
Facebook acquired Instagram in 2012, prior to the Onavo charts and acquisition, but it made a bid to buy Snapchat in late 2013 and acquired WhatsApp in 2014, apparently after the charts in the document trove were produced.
5) Facebook tried to make it hard for users to find out about changes to its call and text record collection
In 2015, Facebook was preparing a new partnership with Android that would include prompts for users to give the Facebook app permission to read their call logs and text messages.
In an email, Facebook product manager Michael LeBeau warned that this was “a pretty high-risk thing to do from a PR perspective,” but the growth team was going to move forward. CNBC described what happened next:
He predicted a “fallout” in which a “screenshot of the scary Android permissions screen becomes a meme (as it has in the past), propagates around the web, it gets press attention, and enterprising journalists dig into what exactly the new update is requesting, then write stories about ‘Facebook uses new Android update to pry into your private life in ever more terrifying ways — reading your call logs, tracking you in businesses with beacons, etc.’”
The update went ahead, and Facebook collected call and text records for several years. After the public backlash earlier this year, Facebook announced it would delete any records older than one year.
In other words, Facebook executives knew it would be a bad look if they got caught, did it anyway, and then apologized later.
The scrutiny on Facebook is going to continue for a while, and we’ll probably never have the full picture
Facebook has brushed aside much of the contents of the documents and said they paint an incomplete picture of its internal workings.
“As we’ve said many times, the documents Six4Three gathered for their baseless case are only part of the story and are presented in a way that is very misleading without additional context,” a Facebook spokesperson said in an emailed statement. “We stand by the platform changes we made in 2015 to stop a person from sharing their friends’ data with developers. Like any business, we had many internal conversations about the various ways we could build a sustainable business model for our platform. But the facts are clear: we’ve never sold people’s data.”
Zuckerberg’s Wednesday post also responded to the document dump, saying that Facebook, like any organization, “had a lot of internal discussion” about its business model and how to build its product and said changes it made around who could access user data in 2014 and 2015 “meant a lot of sketchy apps” couldn’t operate on the platform. It appeared to be a reference to Six4Three, though he did not mention it directly.
“I understand that there is a lot of scrutiny on how we run our systems,” Zuckerberg wrote, adding that “it’s also important that the coverage of what we do — including the explanation of these internal documents — doesn’t misrepresent our actions or motives.”
Collins tweeted that there is “considerable public interest” in releasing the documents and that they “raise important questions about how Facebook treats user data, their policies for working with app developers, and how they exercise their dominant position in the social media market.”
I believe there is considerable public interest in releasing these documents. They raise important questions about how Facebook treats users data, their policies for working with app developers, and how they exercise their dominant position in the social media market.
— Damian Collins (@DamianCollins) December 5, 2018