Facebook is in another controversy. Internal emails show it compromised user privacy to help its partners and hurt its rivals. Facebook has said the documents, made public by a British MP, have been cherrypicked ignoring important context.
The 250 pages of documents published online by the Digital, Culture, Media and Sport (DCMS) Select Committee of the UK House of Commons, include internal Facebook emails from 2012-15, which were part of sealed evidence in a lawsuit filed in the US against Facebook by app developer Six4Three. The documents are part of the DCMS Committee’s investigation into Facebook’s practices, which started after the Cambridge Analytica scandal earlier this year. What do the Facebook emails reveal?
‘White Lists’ for some apps
Facebook had “whitelisting agreements with certain companies” that got full access to the data of users’ friends, show the documents. In 2014-15, Facebook barred app developers from accessing the data of friends; however, it created a special application programming interface (API) to let some firms like the online dating-focussed Badoo, HotorNot, and Bumble, and OTT giant Netflix, continue to have access to friends’ data, emails sent in 2014-15 by Konstantinos Papamiltiadis, Director of Platform Partnerships at Facebook, show. In an email, Netflix said it would “be whitelisted for getting all friends, not just connected friends”.
In its “Response to Six4Three Documents” posted on its Newsroom feed early Thursday India time, Facebook said: “…When necessary, we allowed developers to access a list of the users’ friends. This was not friends’ private information but a list of your friends (name and profile pic).” It said whitelisting was common in the industry at the time of testing new features.
User data and revenue
The emails show Facebook leveraged user data to drive its own revenues. Apps that spent more on advertising on Facebook got more access, thanks to the special “Extended API”. CEO Mark Zuckerberg wrote in an email: “I’ve been thinking about [the] platform business model… If we make it so [app] dev[eloper]s can generate revenue for us in different ways, then it makes it more acceptable for us to charge them quite a bit more for using [the] platform. The basic idea is that any other revenue you generate for us earns you a credit towards whatever fees you ow[e] us for using [the] pla[t]form.”
Developers either bought Facebook’s ad products or paid for access to data. Papamiltiadis said in another email that apps that did not spend $250,000 a year would lose access.
Facebook’s response: “We continued to provide the developer platform for free.” On his own page, Zuckerberg wrote Wednesday,”…We continued to provide the developer platform for free and developers could choose to buy ads if they wanted… We’ve never sold anyone’s data.”
App developers had to ensure that users could share back their experiences to the social network from their apps in exchange for access. Mike Vernal, former Senior Vice President for Search, Local, and Developer Products, said in an email: “If you access a certain type of data (e.g. music listens), you must allow the user to publish back that same kind of data. Users must be able to easily turn this on both within your own app as well as from Facebook.” Developers also had to allow users to post their activity from the app back to Facebook, which would mean more social sharing on Facebook. Zuckerberg wrote that “it’s not good for us unless people also share back to Facebook and that content increases the value of our network.”
Facebook’s response: “This policy… meant that you could share your app experience (game score, photo, etc.) back to your Facebook friends if you wanted to. People had the choice about whether they did this or not.”
Android users’ call, SMS data
The emails show Facebook knew that the Messenger app update on Android that collected call log data and texts sent by the user, would be controversial and a PR challenge. Company executive Michael LeBeau wrote that “this (uploading call history and SMS to Facebook) is a pretty highrisk thing to do from a PR perspective but it appears that the growth team will charge ahead and do it”.
The company found a way so that the updated Android app would ask for access only to users’ call logs and not to other types of data, and users would not see the permission pop-up that many baulk at. Facebook got the data once the app was updated.
Facebook’s response: “We use this information to do things like make better suggestions for people to call in Messenger and rank contact lists in Messenger and Facebook Lite.” The company said this was an opt-in feature, and is not kept after about a year.
Tracking usage of other apps
Facebook used Onavo, a VPN service app that it acquired in 2013, to “conduct global surveys of the usage of mobile apps by customers” without their knowledge, including what apps they downloaded and used. This helped Facebook track rising competitors and potential targets for purchase in the future. The data showed, for example, that WhatsApp was rising fast with 8.2 billion messages sent in 2013.
Facebook response: “Onavo… creates a safer connection… Onavo collects information about app usage to gain insights into the products and services people value, so we can build better experiences.”
Killing off the competition
Facebook restricted access for Vine, a six-second video sharing service on Twitter, to its Friends API, effectively killing the product because users would not be able to find their friends on the service. Facebook then launched its own short video format on Instagram.
Justin Osofsky, currently a Vice President at the company, wrote: “Twitter launched Vine today… As part of their NUX, you can find friends via FB. …We will shut down their friends API access today. We’ve prepared reactive PR…”
Zuckerberg replied, “Yup, go for it.”
On Wednesday, Vine co-founder Rus Yusupov reacted to the revelation that Zuckerberg had personally okayed the hit on his product: “I remember that day like it was yesterday.”
Facebook’s response: “…We made the decision to restrict apps built on top of our platform that replicated our core functionality…” Facebook is now “removing this out-of-date policy”.