British parliament releases contentious Facebook emails

British parliament releases contentious Facebook emails by Mathew Ingram:


When a British parliamentary committee looking into Facebook’s role in misinformation and data privacy seized documents last week from an American businessman involved in a lawsuit with Facebook, the committee threatened to make the files public, even though they were sealed by a California court order. And that’s exactly what it did on Wednesday: Damian Collins, the head of the committee–and the man who used a little-known British law to send a Serjeant-at-Arms to the American businessman’s hotel room to escort him to the House of Commons–published more than 200 pages of emails and other documents. The files came from a court case with Six4Three, makers of an app that allowed users to search their friends’ photos for bathing suit pictures. The details in the documents won’t come as a surprise to anyone who has been following Facebook and its various privacy blunders, but it is illuminating to see some of the company’s practices exposed in black and white.
One of the most contentious revelations revolves around a proposal to update the Facebook app for Android phones so that the social network could read and store the call logs of users. It would then use the data from a user’s call history, as well as their text messages, to tweak the News Feed algorithm and other features (including the “people you might know” feature, which recommends other users to friend on the network). An email from a senior Facebook staffer admits this is “a pretty high-risk thing to do from a PR perspective, but it appears that the growth team will charge ahead and do it.” A subsequent email says the team has figured out that if the app only wants access to the call logs, it could offer a simple “click to upgrade” option without having to get users to give their permission through a special dialog box. Ashkan Soltani, former chief technology officer for the Federal Trade Commission, pointed out that this kind of behavior may be a breach of the “consent decree” that Facebook signed with the FTC in 2011, in which it agreed not to engage in certain kinds of behavior.
From the British committee’s viewpoint, one of the more interesting email chains has to do with Facebook’s data policies; the committee is investigating the company’s behavior in the Cambridge Analytica scandal, in which the company wrongfully acquired personal data on more than 50 million users that they provided by signing up for a personality quiz app. Facebook has said repeatedly that access to this kind of data was closed off in 2015, but the emails and other documents make it clear that for certain “whitelisted” companies, access to that data continued (as _The Wall Street Journal_ has reported). The committee’s preamble to the documents continues: “It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted.”
In another document, Facebook outlines the restrictions it places on certain companies when it comes to accessing Facebook data. “We maintain a small list of strategic competitors that Mark personally reviewed,” the document states. “Any usage beyond that specified is not permitted without Mark level sign-off.” In the case of certain competitors, especially ones that competed with Facebook’s pet features (like video), Facebook would terminate virtually all access to user data. It did this in the case of Twitter’s short-lived Vine video app, for example: in an email to Zuckerberg in 2013, a Facebook product manager says Vine (which had just launched that same day) allowed users to find friends by using the Facebook API. He suggested shutting down Twitter’s access to this data immediately, and Zuckerberg responded: “Yup, go for it.”
In a response to the documents’ publication, Zuckerberg pointed out that in the time leading up to the changes to its platform in 2015, the company was driven primarily by a desire to connect people in as many different ways as possible, until it discovered that developers were building “shady apps that abused people’s data.” Without naming the bikini app company, the Facebook CEO says some of the developers whose apps were kicked off the platform sued in an attempt to reverse the change, “but we’re confident this was the right thing to do and that we’ll win these lawsuits.” Whether the published emails will also provide more ammunition for those looking to regulate the social network remains to be seen.

Obviously things progressed since this news came out. It should cause users to, yet again, reflect on their use of Facebook’s platforms.
Updates:

  • [Internal Documents Show Facebook Has Never Deserved Our Trust or Our Data – Motherboard](https://motherboard.vice.com/en_us/article/7xyenz/internal-documents-show-facebook-has-never-deserved-our-trust-or-our-data)
  • [Facebook Fined $11.3M for Privacy Violations | Threatpost | The first stop for security news](https://threatpost.com/facebook-fined-privacy/139824/)