Massive Facebook document leak gives ammunition to investigators

  News
image_pdfimage_print
A man in a T-shirt looks worried.
Enlarge / Facebook CEO Mark Zuckerberg speaking about Facebook News in New York, Oct. 25, 2019.

Facebook is facing a new round of intense scrutiny worldwide after 7,000 pages of confidential files stemming from a lawsuit were made public yesterday. Those documents are not the ones California’s attorney general needs, though, so separately, the company is also facing a court challenge demanding it produce more documentation for an investigation amid allegations of stonewalling.

The piles of leaked documents, which directly reference the company’s questionable position on competition, are likely to be extremely helpful to the dozens of entities currently investigating Facebook on antitrust grounds. California, however, is conducting a privacy investigation.

State Attorney General Xavier Becerra yesterday took to court seeking to have a subpoena against Facebook enforced. The petition (PDF) alleges Facebook failed to respond to repeated subpoenas and other legal requests for information related to the Cambridge Analytica scandal.

Attorneys general for 47 states have now signed onto a joint probe of Facebook—but California has been one of the very few not participating in that probe. Neither is it involved in a joint investigation of Google that 48 attorneys general have undertaken.

Becerra in a press conference told reporters, “Today, we make this information public because we have no choice.” But he declined to provide details on any other aspect of this or any other possible Facebook investigation. He and all the other regulators and attorneys general, however, may find something worth reading in Wednesday’s leak.

The data dump

The 7,000 pages of leaked information spring from a 2015 lawsuit filed against Facebook by a company called Six4Three.

Six4Three, long since defunct, basically operated an unmemorable app that scraped Facebook looking for pictures of women in bikinis. Facebook in 2014 changed the way a key API worked, effectively breaking Six4Three’s app. The developer sued, alleging breach of contract and “fraudulent and anti-competitive schemes.” And then things got weird.

UK regulators were also conducting a probe into Facebook at the time. A Six4Three executive was brought into a meeting with a member of Parliament in November 2018, where he reportedly “panicked” and suddenly handed over confidential files from the case, despite a warning from a California judge not to.

The suit itself got even more strange from there, but the cache of documentation took on something of a life of its own.

The documents have leaked in smaller chunks through the past year, revealing that Facebook not only engaged in extensive lobbying against privacy protection laws in the EU but also considered selling access to user data.

The full trove of files was eventually leaked to UK journalist Duncan Campbell, who shared the files with NBC News and a handful of other outlets earlier this year. Campbell and those news outlets eventually released the whole lot to the public yesterday.

The juicy new bits

The documents seem to confirm two long-held, popular suspicious about Facebook. First, it treats user privacy as an afterthought at best. And second, it works hard to prevent competitors from getting too powerful.

“Switcharoo”

Facebook in 2014 made significant changes to the way developers were able to access user information through its APIs. The company needed a way to sell such a large-scale change, though, so it came up with a narrative: privacy.

Internal communications reveal that Facebook ultimately tied the change to a revision of another product: Facebook Login. In a March 2013 email, one executive, Justin Osofsky, wrote that the narrative “will focus on quality and the user experience which will potentially provide a good umbrella to fold in some of the API deprecations.”

The connection between the two was almost entirely for messaging, further emails show. In a November 2013 email, Ilya Sukhar, head of developer products until 2016, asked, “What does it actually mean to tie [the change] to login besides synchronized timing? Is it just the messaging? What’s the bullshit that you refer to?”

“Mainly messaging,” another executive replied.

Sukhar later described the plan as a “switcharoo,” writing in a Febuary 2014 email:

Hi guys, I invited you all to a doc that outlines the details of the “switcharoo” plan some of us have been knocking around. I think it is a good compromise given all the restraints, and we’ll be able to tell a story that makes sense.

Killing competition before it hatches

Emails among Facebook executives in 2013 show that the company planned to split up apps and services it didn’t own into one of three categories: current competition, potential future competition, or “developers that we have alignments with on business models.”

A series of email exchanges from 2013 also discuss in detail the choices Facebook made to prohibit potential competitors from advertising on its apps. The question of who qualified as competition—other than Google, which was taken as a given—was debated at length in the email thread.

Ultimately, company leadership seemed to settle on messenger apps being more of a threat than other types of services.

“I think we should block WeChat, Kakao, and Line ads,” company CEO Mark Zuckerberg wrote in a 2013 email. “Those companies are trying to build social networks and replace us. The revenue is immaterial to us compared to any risk. I agree we should use ads to promote our own products, but I’d still block companies that compete with our core from gaining any advantage from us.”

Another series of 2013 emails show how Facebook leadership handled new competition.

MessageMe, a messaging startup, launched in 2013 and was acquired by Yahoo in 2014. Right out of the gate, Facebook leadership considered MessageMe to be too much of a competitive threat to allow the company to access its data. But Facebook was keenly aware of how restricting MessageMe’s access would look from the outside.

“In the first week after launch, MessageMe actually didn’t make any friends.get calls,” Osofsky wrote. “However, MessageMe is now up to ~350K [monthly active users] and made 333K friends calls last week. We will restrict their access to friends.get shortly.”

Osofsky added that the company would also “see if there are any other messenger apps which have hit the growth team’s radar recently. If so, we’d like to restrict them at the same time to group this into one press cycle.”

Companies in that third bucket, however, were able to make deals with Facebook to re-secure access to user data after the API shift. Amazon, for example, was allowed in because it spent money on advertising with Facebook.

Investigator ammunition

Facebook is currently the target of at least a half-dozen different antitrust probes. In the United States, the House Antitrust Subcommittee, the Federal Trade Commission, the Department of Justice, and 47 states attorneys general are all conducting investigations. European regulators are also working on their own competition cases against the behemoth.

Those probes are not solely addressing the question of whether Facebook is a monopoly, which is what most people associate with antitrust. Rather, they are focusing on what Facebook has done with the market power it has. In particular, using data a company such as Facebook collects from one arm of the business to prevent competitors from arising to challenge other arms of the business is the sort of behavior that antitrust regulators are getting out their metaphorical magnifying glasses to investigate in depth.

https://arstechnica.com/?p=1597577