Facebook Allegedly Gave Advertisers Special Access To User Data, Activities

Documents released by lawmaker details Facebook's 2014 and 2015 decisions.

A trove of emails and internal documents released by a British lawmaker on Wednesday illustrate how Facebook rose to dominance years ago by using people's data as a bargaining chip, undermining the social media giant's claim that changes to its business practices were motivated by a desire to protect people's privacy.

The more than 250 pages of documents, which a British parliamentary committee recently obtained as part of a wide-ranging investigation into Facebook, revolve around a decision Facebook made in 2014 and 2015 to cut off developers' access to posts, photos and other profile information from Facebook users. The internal communications, some of them from Facebook CEO Mark Zuckerberg, appear to show Facebook trading access to user data in exchange for advertising buys and other concessions, which would contradict Facebook's long-standing claim that it doesn't sell people's information.

"We've never sold anyone's data," Zuckerberg said in a post Wednesday. He added that the emails released by Damian Collins, the chairman of the British parliamentary committee, "were only part of our discussions."

The records released by Collins are part of an ongoing federal court case in California brought by an app developer called Six4Three. Facebook said the Six4Three documents were misleadingly crafted and do not represent the company's practices or policies.

The cutthroat tactics deployed by Facebook in its early years as a public company, and detailed in the newly released documents, caught up with the social media giant this year. They are likely to fuel persistent claims that the company was cavalier with people's personal information and set off even more concern among the public and lawmakers around the world that Facebook's footprint is a risk to consumers and competitors alike.

A series of emails from October 2012 reveal Zuckerberg's keen interest in figuring out how to extract revenue from Facebook's trove of user data - and the app developers who relied on it. "There's a big question on where we get revenue from," Zuckerberg wrote to one of his executives.

"Without limiting distribution or access to friends who use this app, I don't think we have any way to get developers to pay us at all besides offering payments and ad networks," he continued. Zuckerberg's private statements appear to contradict a stance he had long maintained publicly, that app developers' access was open and free.

Facebook said the 2015 decision to cut off developers' access to people's information was motivated by privacy concerns. But it also caused dozens of businesses, including Six4Three, to shut down, and it was a turning point in Facebook's relationship with the startup community in Silicon Valley.

Collins' interest in the sealed and heavily redacted documents springs from the British government's inquiry into Facebook's dealings with political consultancy Cambridge Analytica, which also benefited from the same access to user data. Facebook revealed earlier this year that Cambridge Analytica was able to obtain data on 87 million Facebook users.

Since the Cambridge Analytica controversy erupted in March, lawmakers have repeatedly questioned Facebook about its relationships with data partners, and the incident has spawned several investigations. In the U.S., the Justice Department, the Securities and Exchange Commission and the FTC have been investigating Facebook's handling of this data and its public representations about it.

The trove released by Collins "highlights areas in which the company was knowingly deceptive," said Ashkan Soltani, a former top technologist at the FTC. "It speaks to how both disingenuous the company is, and how anti-competitive some of their practices are."

The newly released correspondence between Zuckerberg and his top brass between 2012 and 2015 - though partial and collected by plaintiffs in a legal battle - offer insights into how Facebook struggled to balance its need to make money off smartphones with the ambitions of developers who had come to rely on its rich trove of data about people's relationships and preferences.

In his post Wednesday, Zuckerberg said that the internal conversations reflected the need to become "economically sustainable" as the company transitioned from desktop to a mobile app, and that the actions that the company took against against developers were a response to apps that were abusing people's privacy.

But privacy did not appear to figure heavily into the executives' discussions or into Zuckerberg's own emails. The emails were largely focused on competition and on how to leverage Facebook's extensive relationships with app developers, including Lyft, Airbnb, Nissan, Tinder and Netflix. Executives also used a free app that Facebook had acquired, called Onavo Protect, to monitor how frequently consumers were logging into potentially competitive services, such as the live video-streaming app Vine.

As Vine was getting off the ground, a Facebook manager suggested that the company immediately cut off the potential competitors' access to data, according to the documents. "Yup, go for it," Zuckerberg replied.

The discussions also centered around a controversial practice known as whitelisting, in which Facebook gave select companies preferential access to data after the 2015 restrictions went into effect. Zuckerberg did not tell Congress about the company's whitelisting when he testified in April, but subsequent reports have exposed privileged relationships brokered by Facebook. The company has since conceded that over 100 apps received special privileges, in part to maintain their functionality as the transition to less data went into effect.

"It is not clear that there was any user consent for this," Collins said of the whitelisting, in a statement. "Nor how Facebook decided which companies should be whitelisted or not."

He said major changes to Facebook's underlying policies and technology were driven by a desire to obtain "increasing revenues from major app developers."

Justin Brookman, the director of consumer privacy and technology policy for Consumers Union, said the whitelisting amounts to a "prima facie violation" of a 2011 consent decree that Facebook brokered with the U.S. government over a previous privacy mishap. That agreement stipulated that Facebook could not give away people's data to developers without their permission, and it could carry fines for violations.

There's "pretty clear documentation that they had a new setting to say, 'don't share my new data with whatever crap app my friends installed,' and then they went into agreement with a bunch of apps to get them that data," said Brookman, who previously served as a top tech aide at the agency.

The documents emerged out of a legal battle that has been quietly brewing in San Mateo County federal court in California between Six4Three and Facebook. They came into the possession of British authorities late last month when Six4Three developer Ted Kramer traveled to London with digital copies of thousands of the records. British authorities took custody of them, sidestepping the sealing order of the California court.

Kramer's company was the developer of Pikinis, an app that enabled people to find photos of Facebook users wearing bikinis. The app was built on the back of Facebook's data, which Six4Three and thousands of other developers accessed through a feed known as an application programming interface, or API.

For years, Facebook actively courted developers to build apps that encouraged people to spend more time on its desktop platform. After the rise of smartphones, Facebook eventually became large enough that it didn't need to rely on developers for engagement and ideas.

In 2014, Facebook announced it was restricting developers' access to the API, citing privacy concerns from users who complained that their data was being shared with outsiders without their knowledge. Many businesses, including Six4Three, shut down as a result.

Six4Three says privacy was not the reason Facebook shut down the API. The developer says Facebook realized that it could use its data feed as leverage, to pressure businesses to buy advertising that would fuel the company's then-nascent mobile-ad business.

The emails also suggest the extent to which Facebook users and developers may have been kept in the dark about the company's data-collection practices. Company product managers discussed testing new features to collect call logs on Android smartphones in a way that might have made it harder for users to understand what they were giving away. They debated collecting call log data from users in ways that would bypass the privacy permissions people normally check off when signing up for an app.

They acknowledged the potential blowback from their decisions. "This is a pretty high-risk thing to do from a PR perspective but it appears that the growth team will charge ahead and do it," the email read. They discussed how the idea, along with other changes, threatened to become "a meme" that journalists could turn into a story about how "Facebook uses new Android update to pry into your private life in ever more terrifying ways."