Facebook's claim of never selling user data under new scrutiny
Facebook has repeatedly denied selling users' data but those statements are under increased scrutiny after a British Parliament committee published hundreds of pages of internal documents describing how the social media company leveraged user data for profit.
The documents released Wednesday include emails between Facebook executives and other top players discussing ways to offer special data access to certain high-paying "whitelisted" developers while icing out competitors. The documents also suggest Facebook intentionally kept the public in the dark about data collection and sharing practices they knew would be "terrifying" to most users.
Facebook responded to the revelations saying the documents published by the U.K. parliamentary committee were"cherry-picked" and "misleading." In a statement, Facebook wrote, "The documents were selectively leaked to publish some, but not all, of the internal discussions at Facebook at the time of our platform changes. But the facts are clear: we’ve never sold people’s data."
The documents cover a period from 2012 to 2015. During that time Facebook had a policy allowing app developers to access users' friends lists and friends' data without explicit consent. Facebook came under fire for this practice last year when the public learned the political research firm Cambridge Analytica was able to improperly access the data of 50 million Facebook users.
Facebook has repeatedly assured the public that it ended the policy of offering users' friends data to developers. On Wednesday, Facebook CEO Mark Zuckerberg restated that in 2014 and 2015, Facebook changed the platform to "dramatically limit the data apps could access" and to prevent "shady apps" from abusing user data.
The documents released this week suggest that Facebook continued and may still continue offering companies access to users' friends information, despite cutting it off for other developers and making public statements to the contrary.
According to a summary of the documents by the British Parliament's Digital, Culture, Media and Sport (DCMS) Committee,"whitelisted" companies, including Netflix, Lyft, Airbnb and Badoo, which owns Bumble and other dating apps, "maintained full access to friends data" after Facebook's platform changes in 2014 and 2015. "It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not," the DCMS report stated.
The documents indicated that Facebook CEO Mark Zuckerberg was looking for ways to leverage Facebook's relationships with developers and its user data for revenue. Facebook currently has more than 2.2 billion monthly active users worldwide and had nearly one billion users in 2012.
"I've been thinking about platform business model a lot this weekend," Zuckerberg wrote in an Oct. 2012 email a few months after Facebook became a publicly traded company. "... if we make it so devs [developers] can generate revenue for us in different ways, then it makes it more acceptable for us to charge them quite a bit more for using platform."
He floated a hypothetical model where login and pushing content were free but "reading anything, including friends, costs a lot of money."
In a 2013 email, Facebook's director of developer platforms and programs suggested a more advanced model to give preferential access to developers who spent a quarter-million dollars on Facebook ad buys. Those who spent less would be cut off.
"Communicate in one-go to all apps that don’t spend that those permissions will be revoked," Konstantinos Papamilitiadis wrote. "Communicate to the rest that they need to spend on NEKO [Facebook ads] at least $250K a year to maintain access to the data."
Profit was not the only apparent consideration. Facebook also cut off access to companies that posed a competitive threat. When Twitter released its video app Vine, Facebook's vice president of global operations, Justin Osofsky reached out to Mark Zuckerberg about ending Twitter's access to friends data.
Zuckerberg replied in a Jan. 2013 email, "Yup, go for it."
Facebook was also conscious of growing data privacy concerns but entered arrangements knowing users would be disturbed by how their data was being collected and shared, according to the documents.
In 2015, Facebook updated its app for Android devices and had to send out "Read Call Log" permission requests. The permission allowed the Facebook app to track phone calls and text messages, ostensibly to make better friend requests. "This is a pretty high-risk thing to do from a PR perspective, but it appears that the growth team will charge ahead and do it," a product manager for Facebook's Bluetooth Beacon noted in a Feb. 2015 email.
He worried a journalist would look into "what exactly the new update is requesting" and write a story under the headline, "Facebook uses new Android update to pry into your private life in ever more terrifying ways - reading your call logs, tracking you in businesses with beacons, etc."
The revelations have sparked outrage on both sides of the Atlantic where Facebook executives have been hauled in for public questioning multiple times in the past year.
In testimony before the U.S. Congress, Zuckerberg, COO Sheryl Sandberg and others repeatedly assured lawmakers that the company never sold user data and took seriously their responsibility to protect user privacy.
"It looks like their lips were moving and they were lying," Sen. John Kennedy, R-La., told Sinclair Broadcast Group Thursday. Kennedy said he will introduce a bill early next year to impose reasonable regulations and standards on Facebook and other social media companies.
Sen. Richard Blumenthal, D-Conn., voiced concerns about Facebook's lack of privacy protections and "apparent pay-for-data pressure on other companies." He told Sinclair Broadcast Group that he and other senators are "looking into possibly misleading or inaccurate statements made by Mark Zuckerberg in his testimony."
Sen. Ed Markey, D-Mass., also suggested that Zuckerberg misled Congress, tweeting, "We now know that Facebook execs discussed requiring companies to buy digital advertisements in order to access users' personal info. Any evidence of a pay-for-data model would fly in the face of the statements Facebook has made to Congress and the public."
British MP and chair of Chair of the Digital, Culture, Media and Sport (DCMS) Committee Damian Collins ultimately decided to publish the nearly 250-page trove of internal Facebook emails and exchanges. He also cited concerns that the social media giant has not been forthcoming about its policies.
"They raise important questions about how Facebook treats users data, their policies for working with app developers, and how they exercise their dominant position in the social media market," Collins tweeted. "We don’t feel we have had straight answers from Facebook on these important issues, which is why we are releasing the documents."
Collins obtained the documents controversially last week when he ordered them seized by the House of Common's sergeant-at-arms.
The documents were part of a lawsuit filed in California by Kramer, managing director of Six4Three, a developer responsible for Pikini, a now-defunct app that found bikini photos on Facebook. Six4Three relied on the data Facebook shared with developers and when Facebook cut their access to data in 2015, the company went out of business and Kramer sued.
Six4Three obtained Facebook's internal documents through legal discovery and they were put under seal by the California court at Facebook's request. The British Parliament flouted the court order and seized the records from Kramer late last month when he was staying in a London hotel. Facebook is now countersuing Kramer for breach of court order and questions remain about why Kramer was traveling with the information.
In a defensive Facebook post, Zuckerberg implied that Six4Three was among the "sketchy apps" kicked off the platform over user privacy concerns and the developer's lawsuit was retribution for Facebook's policy change.
"I understand there is a lot of scrutiny on how we run our systems," he wrote. "But it's also important that the coverage of what we do -- including the explanation of these internal documents -- doesn't misrepresent our actions or motives. This was an important change to protect our community, and it achieved its goal."