Meta — Facebook and Instagram’s parent company — was at the center of controversy in India, where a local publication claimed the company removed an Instagram post on behalf of an Indian politician. Meta pushed back on these claims and accused the outlet of using “fabricated” evidence, and it’s starting to look like that may be the case.
After Meta and several experts online found inconsistencies in The Wire’s reporting, the outlet decided to suspend access to its stories on October 18th and conduct an “internal review” of the documents it used as evidence. It later retracted its report on October 23rd due to “certain discrepancies” that emerged in its reporting.
It’s an unusually difficult story to keep track of, drawing on the nuances of Indian politics, email forensics, and Meta’s contentious relationship with the press. So we’ve boiled down the last couple weeks of chaos into a simple recap of what’s happened and why it matters.
On October 6th, independent Indian news publication The Wire published an article about how Instagram incorrectly took down a satirical image of a man worshipping Yogi Adityanath, the chief minister of Uttar Pradesh. The owner of the account, @cringearchivist, says Instagram removed the post for violating its “sexual activity and nudity” policies, even though it did not contain sexual activity or nudity.
Many had assumed the post was flagged due to a glitch in some automated system, but The Wire said this wasn’t true. An internal source at Meta reportedly told The Wire the company removed the post at the request of Amit Malviya, the head of the information technology cell at India’s ruling party, Bharatiya Janata Party (or BJP), but holes in The Wire’s reporting make these allegations questionable.
Meta has since denied The Wire’s report. It accuses the outlet of spreading false information and has attempted to debunk the “fabricated evidence” provided by The Wire’s source, stating that it hopes The Wire “is the victim of this hoax, not the perpetrator.” After adamantly defending its claims, The Wire has taken the responses from Meta and users online into account and said it’s going to “review its reporting on Meta.” The outlet later made the decision to retract its story entirely due to various inconsistencies in the documents it initially presented as evidence, which we’ll go over below.
Essentially, The Wire reported that Malviya got the post banned by using special privileges given to high-profile users. To back up these claims, they published screenshots of the documentation Instagram allegedly uses as part of its internal review process, which list Malviya’s Instagram handle, @amitmalviya, as the user who reported @cringearchivist’s post. The document also stated Malviya “has XCheck privileges” and that another review of the reported content is “not required.”
The XCheck program is indisputably real: last year, a report from The Wall Street Journal revealed that Meta uses an XCheck, or cross-check, system that lets high-profile users avoid Facebook and Instagram’s typical moderation processes. But The Wire’s reporting seemed to show this was being used for partisan political ends in India, allowing Malviya to “post as he likes without the rules governing the platform applying to him.”
Meta responded to the allegations by saying its cross-check program “does not grant enrolled accounts the power to automatically have content removed from our platform.” It adds that the policy was put in place to “prevent potential over-enforcement mistakes and to double-check cases where a decision could require more understanding.”
The company also pushed back on the internal report provided by The Wire’s source. Guy Rosen, Meta’s chief information officer, says the instagram.workplace.com URL included in the screenshots doesn’t actually exist. “It appears to be a fabrication,” Rosen writes on Twitter. “The URL on that ‘report’ is one that’s not in use. The naming convention is one we don’t use. There is no such report.”
In order to prove the legitimacy of its source, The Wire posted a video showing what the outlet claimed is part of Instagram’s internal workspace. The clip showed a user scrolling through a list of alleged “post-incident reports involving VIPS” on Instagram’s backend, which The Wire said employees can only access through the company’s internal subdomain, instagram.workplace.com. And while the outlet said, “it ascertained that the video hadn’t been tampered with,” Pranesh Prakash, a legal and policy analyst, spotted an instance where the cursor jumps unnaturally during the video.
Meta says the company has evidence that a user made an external Meta Workplace account, altering the page’s branding so that it appeared to belong to Instagram. The account was created on October 13th, a few days after The Wire’s initial reports.
“Based on the timing of this account’s creation on October 13, it appears to have been set up specifically in order to manufacture evidence to support the Wire’s inaccurate reporting,” Meta explains. “We have locked the account because it’s in violation of our policies and is being used to perpetuate fraud and mislead journalists.”
The Wire also claimed it obtained an email sent by Andy Stone, the policy communications director at Meta. In the email, Stone allegedly expresses frustration at the aforementioned leaked internal document and asks to put the journalists behind the story on a “watchlist.” The Wire went so far as to verify the authenticity of the email using a tool called dkimpy, which validates the email’s DKIM (DomainKeys Identified Mail) signature.
The protocol is supposed to prove that an email really came from where it says it did, and in this case, that’s Meta’s fb.com domain. The Wire posted a video showing the authentication process — that the outlet says was signed off on by two independent security experts — and came to the conclusion that the email is real.
In response, Meta said that the email is “fake” and that there’s no such thing as a “watchlist.” Stone also denies the existence of the email in a statement on Twitter. “This is completely false,” Stone writes. “I never sent, wrote, or even thought what’s expressed in that supposed email, as it’s been clear from the outset that @thewire_in‘s stories are based on fabrications.”
Users on the web have poked holes in The Wire’s allegations as well. In a thread on Twitter, cybersecurity expert and author Arnab Ray found that the DKIM analysis video posted by The Wire doesn’t actually prove Stone himself sent the email.
As explained by Ray, “DKIM is based on a domain public key,” which means it can’t prove that it came from a specific person; it only shows that it came from the domain attached to a specific organization, like fb.com. This leaves room for someone with access to the organization’s email to spoof their address, making it seem like the email came from Stone but really didn’t.
Prakash also shows how easy it is to create a video that makes it looks as if he’s using a DKIM tool with a two-line shell script named “dkimverify.” Prakash made it so the “tool” outputs a “signature ok” result regardless of what’s entered, which indicates the DKIM is verified. The Wire has since revealed that, during the review of its reporting, its investigators haven’t been able to verify the validity of Stone’s alleged email.
The emails between The Wire and supposed security experts who verified the outlet’s DKIM authentication process are also questionable. Prakash points out that the dates on the emails don’t match up on the current and archived versions of the article, with the former listing the email’s year as 2022 and the latter saying 2021.
There’s also evidence that the emails may have been fabricated altogether. Kanishk Karan, a policy manager for online platforms, found that The Wire referred to him as an “independent security expert” at the bottom of one of the unredacted emails, along with a fake email address made to look as if it belongs to him. Karan says that while The Wire reporter Devesh Kumar did contact him for DKIM verification, he never did it and referred him to other experts instead. In its most recent update, The Wire admitted the other security expert featured in the story, Ujjwal Kumar, also “denied sending such an email” to sign off on the DKIM process.
