‘Mark’s friends’ whitelisted for access to Facebook user data
A batch of internal Facebook communications from 2012 to 2015 reveal that Facebook gave some companies privileged access to users’ friends’ data and that Facebook went to great lengths to avoid “scary” data-sharing permission screens while preparing to collect call and SMS data from users’ phones.
The House of Commons Digital, Culture, Media and Sport (DCMS) Select Commiittee released the internal Facebook documents. The 223 pages of documentation comprise internal communications from 2012 to 2015 between high-ranking figures in the company, including CEO and co-founder Mark Zuckerberg.
The documents were seized by the DCMS committee from the developers of a defunct app, Six4Three, which had obtained the documents as part of its ongoing lawsuit with Facebook in a California court. The developer – which made an app that searched for pictures of Facebook users wearing bikinis – claimed that Facebook had violated its promises to provide access to users’ friends’ data in 2015. Access to users’ friends’ data allows apps to more easily connect friends on their platform.
Damian Collins, chair of the DCMS committee, said in Twitter that the documents had to be made public: “I believe there is considerable public interest in releasing these documents. They raise important questions about how Facebook treats users’ data, their policies for working with app developers and how they exercise their dominant position in the social media market.”
“We don’t feel we have had straight answers from Facebook on these important issues, which is why we are releasing the documents.”
Facebook – which strongly objected to the release of the documents – has said that the documents provide a “misleading” version of internal discussions and that they had been “selectively leaked”.
The documents show that Facebook had tracked the growth of competitors in the social media sphere and denied them access to valuable user data. In 2013, Zuckerberg agreed with a senior executive’s request to stop sharing friends’ list access to now-abandoned social media rival Vine; the executive told Zuckerberg that he had prepared “reactive PR” to deal with the policy.
However, in 2015 Facebook allowed ride-sharing service Lyft, streaming service Netflix and short-term rental service Airbnb – none of which competed with Facebook – access to this data. Most companies did not have this privileged access to user information.
“It is not clear that there was any users consent for this, nor how Facebook decided which companies should be whitelisted,” Collins wrote.
The distinction between apps which received favourable or unfavourable treatment was explicit, with approximately 100 apps being nicknamed “Mark’s friends” or “Sheryl’s [Sandberg, Facebook COO] friends”. Executives also considered charging other apps for access to its developer tools – including the friends list – if they did not meet a certain amount of advertising spending on Facebook, although the company ultimately decided to continue providing free access.
The documents could bring about new discussion about whether Facebook had engaged in anti-competitive practices.
The documents also showed that Facebook leaders had discussed in 2015 how they could begin collecting SMS and call logs from Android users’ phones without having to display “scary” permission screens. “This is a pretty high-risk thing to do from a PR perspective,” one Facebook employee wrote.
“To mitigate any bad PR, Facebook planned to make it as hard as possible for users to know that this was one of the underlying features,” Collins commented.
Writing on Twitter, US Senator Richard Blumenthal described the documents as contributing “mounting evidence that Facebook acted chaotically, recklessly and lawlessly by granting access to private consumer data for financial gain.”
Facebook has been embroiled in scandal after scandal since April 2018, when an investigation revealed that a data analytics company, Cambridge Analytica, had improperly harvested data from 87 million Facebook users in order to develop personalised political advertising tools.
Last week, the DCMS committee invited lawmakers from around the world to form an “International Grand Committee on Disinformation” and question Zuckerberg. Zuckerberg’s conspicious absence attracted strong negative attention.
In a post written by Zuckerberg published yesterday, the Facebook CEO claimed that: “The facts are clear. We’ve never sold people’s data”. He said that Facebook had taken action to prevent “sketchy” apps from operating on the social network, and that the Cambridge Analytica scandal could have been prevented if the social network had cracked down on these app developers just a year earlier.