Facebook accused of striking 'secret deals over user data'

Authored by bbc.co.uk and submitted by plkijn
image for Facebook accused of striking 'secret deals over user data'

Emails written by Facebook's chief and his deputies show the firm struck secret deals to give some developers special access to user data while refusing others, according to MPs.

A cache of internal documents has been published online by a parliamentary committee.

It said the files also showed Facebook had deliberately made it "as hard as possible" for users to be aware of privacy changes to its Android app.

Facebook had objected to their release.

It said that the documents had been presented in a "very misleading manner" and required additional context.

The emails were obtained from the chief of Six4Three - a software firm that is suing the tech giant - and were disclosed by the Digital, Culture, Media and Sport Committee as part of its inquiry into fake news.

About 250 pages have been published, some of which are marked "highly confidential".

Damian Collins MP, the chair of the committee, highlighted several "key issues" in an introductory note.

Facebook allowed some companies to maintain "full access" to users' friends data even after announcing changes to its platform in 2014/2015 to limit what developers' could see. "It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted," Mr Collins wrote

Facebook had been aware that an update to its Android app that let it collect records of users' calls and texts would be controversial. "To mitigate any bad PR, Facebook planned to make it as hard as possible for users to know that this was one of the underlying features," Mr Collins wrote

Facebook used data provided by the Israeli analytics firm Onavo to determine which other mobile apps were being downloaded and used by the public. It then used this knowledge to decide which apps to acquire or otherwise treat as a threat

there was evidence that Facebook's refusal to share data with some apps caused them to fail

there had been much discussion of the financial value of providing access to friends' data

Skip Twitter post by @DamianCollins I believe there is considerable public interest in releasing these documents. They raise important questions about how Facebook treats users data, their policies for working with app developers, and how they exercise their dominant position in the social media market. — Damian Collins (@DamianCollins) December 5, 2018 Report

Facebook said Six4Three had "cherry-picked" the documents and claimed they had omitted "important context".

"We stand by the platform changes we made in 2015 to stop a person from sharing their friends' data with developers," said a spokeswoman.

"Like any business, we had many internal conversations about the various ways we could build a sustainable business model for our platform.

"But the facts are clear: we've never sold people's data."

Mr Zuckerberg has also posted a personal response on his Facebook page.

"I understand there is a lot of scrutiny on how we run our systems. That's healthy given the vast number of people who use our services around the world, and it is right that we are constantly asked to explain what we do," he said.

"But it's also important that the coverage of what we do - including the explanation of these internal documents - doesn't misrepresent our actions or motives."

The correspondence includes emails between Facebook and several other tech firms, in which the social network appears to agree to add third-party apps to a "whitelist" of those given permission to access data about users' friends.

This might be used, for example, to allow an app's users to continue seeing which of their Facebook friends were using the same service.

Image copyright Netflix Image caption Netflix tapped into Facebook friends lists to let users see what titles their contacts had watched and rated highly

the dating service Badoo, its spin-off Hot or Not, and Bumble - another dating app that it had invested in

However, others including the ticket sales service Ticketmaster, Twitter's short-video platform Vine and the connected-cars specialist Airbiquity seem to have been denied the privilege.

Among the emails that have been published are the following extracts:

The following concerns a decision to prevent Twitter's short-form video service having access to users' friends lists. It is dated 24 January 2012.

"Twitter launched Vine today which lets you shoot multiple short video segments to make one single, 6-second video... Unless anyone raises objections, we will shut down their friends API access today. We've prepared reactive PR, and I will let Jana know our decision."

The following is part of a discussion about giving Facebook's Android app permission to read users' call logs. It is dated 4 February 2015.

"As you know all the growth team is planning on shipping a permissions update on Android at the end of this month. They are going to include the 'read call log' permission... This is a pretty high-risk thing to do from a PR perspective but it appears that the growth team will charge ahead and do it...[The danger is] screenshot of the scary Android permissions screen becomes a meme (as it has in the past), propagates around the web, it gets press attention, and enterprising journalists dig into what exactly the new update is requesting, then write stories about "Facebook uses new Android update to pry into your private life in ever more terrifying ways".

The following is from a discussion in which Mark Zuckerberg mulled the idea of selling developers access to users' friends' data. It is dated October 2012, pre-dating the quiz involved in the Cambridge Analytica scandal. It was sent to Sam Mullin, who was vice president of product management.

"It's not at all clear to me here that we have a model that will actually make us the revenue we want at scale. I'm getting more on board with locking down some parts of platform, including friends' data and potentially email addresses for mobile apps. I'm generally sceptical that there is as much data leak strategic risk as you think... I think we leak info to developers but I just can't think of any instances where that data has leaked from developer to developer and caused a real issue for us."

The following is from an email sent by Mark Zuckerberg to several of his executives in which he explains why he does not think making users pay for Facebook would be a good idea. It is dated 19 November 2012.

"The question is whether we could charge and still achieve ubiquity. Theoretically, if we could do that, it would be better to get ubiquity and get paid. My sense is there may be some price we could charge that wouldn't interfere with ubiquity, but this price wouldn't be enough to make us real money. Conversely, we could probably make real money of we were willing to sacrifice ubiquity, but that doesn't seem like the right trade here."

Clemen11 on December 6th, 2018 at 17:27 UTC »

Mark probably isn't too happy about people getting their hands on his data.

ironic

Chalklead on December 6th, 2018 at 16:57 UTC »

Michael LeBleu (Facebook Product Manager): "As you know all the growth team is planning on shipping a permissions update on Android at the end of this month. They are going to include the 'read call log' permission... This is a pretty high-risk thing to do from a PR perspective but it appears that the growth team will charge ahead and do it...[The danger is] screenshot of the scary Android permissions screen becomes a meme (as it has in the past), propagates around the web, it gets press attention, and enterprising journalists dig into what exactly the new update is requesting, then write stories about "Facebook uses new Android update to pry into your private life in ever more terrifying ways".

Facebook completely understands and admits from the highest levels that what it is doing is 1) bad PR 2) unethical from a privacy standpoint 3) necessary to obfuscate as to prevent "memes". These are the words of the product manager! They know that users DO NOT want Facebook collecting data about their calls and text messages, yet they literally will "charge ahead and do it" anyway.

The United States needs to adopt stricter privacy laws that protect users and their personal data from companies like Facebook.

plkijn on December 6th, 2018 at 16:00 UTC »

They also sought to kill Vine:

Justin Osofsky (Facebook vice president): "Twitter launched Vine today which lets you shoot multiple short video segments to make one single, 6-second video... Unless anyone raises objections, we will shut down their friends API access today. We've prepared reactive PR, and I will let Jana know our decision." Mark Zuckerberg (Facebook chief executive): "Yup, go for it."