News, Culture & Society

Leaked documents reveal Facebook’s internal debate about user data

A trove of leaked documents has revealed years of internal deliberations over user data at Facebook, indicating privacy was used as public justification for business decisions designed to gain ‘leverage’ against competition, according to reports. 

Some  4,000 pages of highly sensitive Facebook internal documents, largely spanning 2011 to 2015, were leaked to a British journalist who shared them with several outlets, according to NBC News.

The documents, which include emails, webchats, presentations, spreadsheets and meeting summaries, appear to show Facebook’s internal deliberations on whether to sell user data to third party app developers.

It appears the Facebook ultimately decided against selling user data, instead opting to dole it out to app developers who were considered personal ‘friends’ of CEO Mark Zuckerberg or those who spend money on Facebook ads or shared their own valuable data.

Facebook CEO Mark Zuckerberg is seen in Dublin earlier this month. A new report says that the company shared user data with his ‘friends’ during a crackdown on third-party app access

While one employee fretted that the company’s approach to user data was ‘unethical’, Doug Purdy, Facebook’s director of product, described Zuckerberg as a ‘master of leverage,’ according to the documents. 

Facebook denied that it gave any preferential treatment based on advertising spending or personal relationships with executives. 

The company did not immediately respond to a message from Facebook has not been accused of criminal wrongdoing.

Facebook said that the leaked documents had been ‘cherrypicked’ and presented a warped view of its deliberations.

‘The set of documents, by design, tells only one side of the story and omits important context,’ the company said in a December blog post when the first documents in the leaked batch emerged.

The documents mostly describe internal deliberations leading up to a major change that Facebook made in 2014 and 2015, when it severely restricted access to user data from third party apps.

At the time, and following the 2018 Cambridge Analytica data harvesting scandal, Facebook publicly portrayed the policy change as motivated by deep concern for user privacy.

But the documents show that privacy was rarely mentioned as executives debated how Facebook handled third-party access to user data.

In the early 2010s, Facebook’s approach was to encourage third-party apps to build within its ecosystem by giving developers access to user data through an application programming interface. 

What Facebook got out of the deal was growth and more reasons for users to spend time on its platform. The game Farmville, build by Zynga, is one notorious example of these third-party apps, which lured new users to Facebook and kept them coming back.

But at a certain point, Facebook began to reconsider the business wisdom of allowing third-party apps to tap into user data so freely, the documents show.  

‘Today the fundamental trade is ‘data for distribution’ whereas we want to change it to either ‘data for $’ and/or ‘$ for distribution,’ Chris Daniels, a Facebook business development director, wrote in an August 2012 email to other top leaders in the company discussing the upcoming presentation. 

Executives also feared that rival platforms could use Facebook user data to challenge its dominant market position, the documents show. 

In a March 2013 discussion, Justin Osofsky, then director of platform partnerships, described restricting the MessageMe app from accessing Facebook data because it had grown too popular and could compete with Facebook messages. 

Osofsky asked colleagues to see if any other messenger apps have ‘hit the growth team’s radar recently.’

‘If so, we’d like to restrict them at the same time to group this into one press cycle,’ he wrote in an email.

Facebook doled out preferential user data access to favored business partners, new documents show. Zuckerberg is seen earlier this month in Dublin

Facebook doled out preferential user data access to favored business partners, new documents show. Zuckerberg is seen earlier this month in Dublin

At the same time, Facebook doled out preferential user data access to favored business partners, the documents show.

In June 2013, Chris Daniels, then Facebook’s director of business development, questioned why Amazon was getting special treatment for the launch of a group gifting product that competed with one of Facebook’s own products.

‘Remind me, why did we allow them to do this? Do we receive any cut of purchases?’ Daniels asked in an email.

‘No, but Amazon is an advertiser and supporting this with advertisement … and working with us on deeper integrations for the Fire [Amazon’s smartphone],’ replied Jackie Chang, who worked with Facebook’s ‘strategic partners.’

Although the documents show that plans for selling user data were supported by senior executives such as Zuckerberg and chief operating officer Sheryl Sandberg, the company ultimately opted not to do it.

Instead, Facebook cracked down on third-party apps with sweeping changes that affected some 40,000 apps.

The vision set out by Zuckerberg in a November 2013 email to senior leaders was one of ‘full reciprocity’ where apps would be able to access Facebook user data only in exchange for sharing all ‘social content’ the apps generated back with with Facebook.

‘The purpose of the platform is to tie the universe of all the social apps together so we can enable a lot more sharing and still remain the central social hub,’ Zuckerberg said in the email. 

Facebook paved the way for this shift by ‘whitelisting’ developers who were friends with Zuckerberg or Sandberg, and cluing in key partners such as Tinder. 

A December 2013 chatlog between several senior engineers talking about the changes reveals that some Facebook employees were unhappy about the shift:

Bryan Klimt: ‘So we are literally going to group apps into buckets based on how scared we are of them and give them different APIs? … So the message is, ‘if you’re going to compete with us at all, make sure you don’t integrate with us at all’? I’m just dumbfounded.’

Kevin Lacker: ‘Yeah this is complicated.’

David Poll: ‘More than complicated, it’s sort of unethical.’

When Zuckerberg announced the change at Facebook’s annual F8 developer conference in April 2014, it was described a change to protect user privacy.

Zuckerberg announced the sweeping change to data access at Facebook's annual F8 developer conference in April 2014 (above), it was described a change to protect user privacy

Zuckerberg announced the sweeping change to data access at Facebook’s annual F8 developer conference in April 2014 (above), it was described a change to protect user privacy

 ‘Over the years, one of the things we’ve heard over and over again is that people want more control over how they share their information, especially with apps, and they want more say and control over how apps use their data,’ Zuckerberg told the audience. 

He told the developers that Facebook wanted to give users ‘the tools they need to feel comfortable using your apps’.

But the internal documents suggest that this was public relations spin. A month prior to the conference, Jonny Thaw, a director of communications, wrote that the crackdown on access to friends’ data ‘may be a tough message for some developers as it may inhibit their growth.’

‘So one idea that came up today was potentially talking in the keynote about some of the trust changes we’re making on Facebook itself. So the message would be: ‘trust is really important to us — on Facebook, we’re doing A, B and C to help people control and understand what they’re sharing — and with platform apps we’re doing D, E and F.’

If that doesn’t work, he added, ‘we could announce some of Facebook’s trust initiatives in the run up to F8’ to make the changes for developers ‘seem more natural.’ 

The documents the new report is based on were anonymously leaked to British investigative journalist Duncan Campbell, who shared them with a several media organizations including NBC News, Computer Weekly and Süddeutsche Zeitung.

The documents stem from a California court case between Facebook and the little-known startup Six4Three, which sued Facebook in 2015 after the company announced plans to cut off access to some types of user data. 

The documents from the suit were obtained by the British Parliament last year as part of an investigation into Facebook’s data privacy policy.

Six4Three’s app, Pikinis, which soft-launched in 2013, relied on that Facebook data to allow users to easily find photos of their friends in bathing suits.

The app, labeled ‘creepy’ by Jezebel soon after its launch, was one of the thousands of apps affected by Facebook’s 2014 crackdown on data access, and shut down soon after the change.


Comments are closed.