staff in 2012 discussed removing restrictions on user data for companies who were able to spend upwards of $250,000 on mobile advertising, before ultimately deciding to apply a uniform policy restricting such access two years later, according to a tranche of internal emails released by the UK parliament.
The internal emails were obtained by the Commons digital, culture, media and sport committee last month after they had been disclosed, under seal, by Facebook as part of an American software developer, Six4Three’s lawsuit against Facebook.
The emails are a selection, often with little or no context or continuity, showing Facebook staff, including Mark Zuckerberg , discussing whether to trade access to user data for revenue, valuable trademarks, or simple cash payments. The emails also cast new light on a number of other controversial practices at the social network:
In 2015, the company began “continuously uploading” call and text logs from Android phones, giving it a valuable window into the communications habits of its users. The company knew it was “a pretty high-risk thing to do from a PR perspective”, and discussed ways to do it without requiring users to actively opt-in at all.
Since 2013, the company has used a VPN app it acquired, named Onavo, to harvest information about app usage on iPhones. By funnelling all internet usage on those phones through Facebook’s servers, it could be forewarned about popular apps, and take pre-emptive action against possible competition. The company used this information in 2013 to show that WhatsApp was more popular on mobile than Facebook Messenger; it acquired the company a year later.
In 2013, when Twitter launched its mobile video app Vine, Facebook immediately shut down access to the company’s Find Friends API, frustrating Vine’s ability to grow the way Facebook’s own Instagram had – by piggybacking onto a wider social network. The move was personally approved by Zuckerberg.
Even though it clamped down on apps accessing user data in 2015, Facebook offered continued access to that data to a small number of large companies, including Netflix, Lyft and Airbnb.
The emails show Facebook staff discussing how to use access to user data to extract concessions such as higher advertising spend from major clients, in conversations dating from 2012 and 2013.
The discussions occurred at roughly the time that Facebook decided to change the way third-party developers could access user data, which had the effect of closing the hole through which Cambridge Analytica’s UK parent company Strategic Communications Laboratories’ partner GSR had managed to extract the personal information of millions of Facebook users.
One employee proposed blocking access “in one go to all apps that don’t spend … at least $250k a year [on adverts] to maintain access to the data”.
Elsewhere, the filings suggest that Facebook offered to extend the length of time Tinder could continue using the old, more permissive terms of access in exchange for a licence for the dating company’s trademark on the term “moments”.
In emails from Zuckerberg, the Facebook chief executive discussed similar limitations, proposing that access to user data be restricted either to companies who were making content that would be shared with Facebook – or to those who were willing to pay for it.
In an October 2012 email, Zuckerberg wrote that companies could pay the money they owed by buying adverts on Facebook, using the company’s payments infrastructure, selling items in its store, “or if the revenue we get from those doesn’t add up to more than the fees you owe us, then you just pay us the fee directly”.
There is no suggestion that Facebook acted on the proposals to charge for access, and the company has always maintained that it tightened the restrictions on what could be done with its user data for privacy and security reasons.
The filings are drawn from a set of Facebook emails obtained by Six4Three’s legal advisers in the discovery portion of its lawsuit against the social network, subsequently sealed by the Californian court. In late November, however, the UK parliament obtained copies of the emails from Six4Three’s chief executive, and quoted from them during its grilling of a Facebook executive the following week.
In a statement, Facebook’s director of developer platforms and programs, Konstantinos Papamiltiadis, told the Guardian: “As we’ve said many times, the documents Six4Three gathered for this baseless case are only part of the story and are presented in a way that is very misleading without additional context.” Facebook declined a request to provide the Guardian with the emails in their additional context.
Papamiltiadis added: “That said, we stand by the platform changes we made in 2015 to stop a person from sharing their friends’ data with developers. Any short-term extensions granted during this platform transition were to prevent the changes from breaking user experience.
“To be clear, Facebook has never sold anyone’s data. Our APIs have always been free of charge and we have never required developers to pay for using them, either directly or by buying advertising.”
On Tuesday, the day before the emails were released, Facebook reversed the policy under which it had banned Vine from its platform. “As part of our ongoing review we have decided that we will remove this out-of-date policy so that our platform remains as open as possible. We think this is the right thing to do as platforms and technology develop and grow,” the company said.