Facebook employees discussed monetising access to personal data, documents show
Facebook says the documents are one-sided and don’t tell the whole story. (Reuters: Stephen Lam)
Facebook has been forced to explain its policies on personal data once again after a British parliamentary committee released more than 200 pages of confidential internal communications at the company.
One of the emails shows founder and chief executive Mark Zuckerberg apparently discussing restricting “friends data” access to companies that had paid for it.
He also told a colleague in 2012, a year before Cambridge Analytica was founded, “I’m generally sceptical that there is as much data leak strategic risk as you think.”
As well, the documents show Netflix and Airbnb retained access to user data that was being denied to other companies.
But while the British parliamentary committee has defended releasing the documents as being in the public interest, Facebook says they tell only “one side of the story”.
They’re called the ‘Six4Three’ files
That’s the name of the company which had brought a lawsuit against the social media giant.
Six4Three had created an app called “Pikinis”, which helped users search for photos of their Facebook friends wearing bikinis.
The app relied on Facebook users’ friends data to work, but Facebook took away developers’ access to that data in 2015. So, Six4Three sued, and the newly released documents were part of their case.
Facebook says that means the documents are one-sided and don’t include important context.
But Damian Collins, the Conservative chair of the Digital, Culture, Media and Sport committee, defended his decision to release them:
“They raise important questions about how Facebook treats users’ data, their policies for working with app developers, and how they exercise their dominant position in the social media market,” he wrote on Twitter.
Some of the emails show Facebook knew the value of friends’ data
For instance, here’s an email from Mr Zuckerberg to a colleague on October 27, 2012:
“It’s not at all clear to me here that we have a model that will actually make us the revenue we want at scale.
“I’m getting more on board with locking down some parts of platform, including friends data and potentially email addresses for mobile apps.
“I’m generally sceptical that there is as much data leak strategic risk as you think. I agree there is clear risk on the advertiser side, but I haven’t figured out how that connects to the rest of the platform. I think we leak info to developers, but I just can’t think of any instances where that data has leaked from developer to developer and caused a real issue for us. Do you have examples of this?
“…Without limiting distribution or access to friends who use this app, I don’t think we have any way to get developers to pay us at all besides offering payments and ad networks.”
Other documents show Facebook employees linking spending on “NEKO”, which The Wall Street Journal says refers to app ads, with data access.
For instance, this is from an email on September 19, 2013:
“Key points: 1/ Find out what other apps like Refresh are out that we don’t want to share data with and figure out if they spend on NEKO. Communicate in one-go to all apps that don’t spend that those permission will be revoked. Communicate to the rest that they need to spend on NEKO $250k a year to maintain access to the data.”
And here’s another email from September 4, 2013:
“Removing access to all friends lists seems more like an indirect way to drive NEKO adoption.”
Mr Collins said linking access to friends data with financial value was “a recurring feature” of the documents.
The documents also show certain companies were ‘whitelisted’
It appears this meant these companies could keep full access to Facebook users’ friends data even after changes were made to limit other companies’ access in 2014/2015.
Here’s an email from workers at Netflix to Facebook in February 17, 2015:
“We will be whitelisted for getting all friends, not just connected friends.”
Another email from a Facebook employee in 2013 mentioned Netflix had been granted an “Extended API agreement”. That was as part of a discussion about whether Royal Bank of Canada should also be whitelisted.
On March 11, 2015, a Facebook employee also discussed giving Tinder access to friends data in return for Facebook being able to use the term “Moments” (a term Tinder had protected).
Other companies that were whitelisted according to the documents were taxi app Lyft and Airbnb.
Here’s what Mr Collins had to say about this whitelisting:
“It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not.”
Mr Zuckerberg also gave the go-ahead to shutting down Vine’s access to friends data
Facebook employee Justin Osofsky wrote in an email on January 24, 2013:
“Twitter launched Vine today which lets you shoot multiple short video segments to make one single, 6-second video. As part of their NUX, you can find friends via FB.
“Unless anyone raises objections, we will shut down their friends API access today. We’ve prepared reactive PR, and I will let Jana know our decision.”
Mr Zuckerberg responds, “Go for it.”
On Facebook’s targeting of competitor apps, Mr Collins wrote:
The files show evidence of Facebook taking aggressive positions against apps, with the consequence that denying them access to data led to the failure of that business.
The Facebook founder has written a personal response to the release of these documents … on Facebook, naturally
He says the backdrop for the discussions in the published documents was the changes the company made in 2014 and 2015 to limit data access to developers in order to prevent shady apps from abusing that data.
“This was the change required to prevent the situation with Cambridge Analytica. While we made this change several years ago, if we had only done it a year sooner we could have prevented that situation completely,” Mr Zuckerberg said.
As well, Mr Zuckerberg says the company was talking about how it could remain economically sustainable following its shift from being predominantly desktop to mobile-based.
“Ideas we considered but decided against included charging developers for usage of our platform, similar to how developers pay to use Amazon AWS or Google Cloud,” he said.
But he says that’s not the same as selling people’s data.
“We’ve never sold anyone’s data,” he said.
Ultimately, he says the company chose to allow access to the developer platform for free, a model supported by developers’ ability to buy ads.