Facebook accused of striking 'secret deals over user data'

Getty Images Facebook documentsGetty Images

Emails written by Facebook's chief and his deputies show the firm struck secret deals to give some developers special access to user data while refusing others, according to MPs.

A cache of internal documents has been published online by a parliamentary committee.

It said the files also showed Facebook had deliberately made it "as hard as possible" for users to be aware of privacy changes to its Android app.

Facebook had objected to their release.

It said that the documents had been presented in a "very misleading manner" and required additional context.

The emails were obtained from the chief of Six4Three - a software firm that is suing the tech giant - and were disclosed by the Digital, Culture, Media and Sport Committee as part of its inquiry into fake news.

About 250 pages have been published, some of which are marked "highly confidential".

Damian Collins MP, the chair of the committee, highlighted several "key issues" in an introductory note.

He wrote that:

  • Facebook allowed some companies to maintain "full access" to users' friends data even after announcing changes to its platform in 2014/2015 to limit what developers' could see. "It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted," Mr Collins wrote
  • Facebook had been aware that an update to its Android app that let it collect records of users' calls and texts would be controversial. "To mitigate any bad PR, Facebook planned to make it as hard as possible for users to know that this was one of the underlying features," Mr Collins wrote
  • Facebook used data provided by the Israeli analytics firm Onavo to determine which other mobile apps were being downloaded and used by the public. It then used this knowledge to decide which apps to acquire or otherwise treat as a threat
  • there was evidence that Facebook's refusal to share data with some apps caused them to fail
  • there had been much discussion of the financial value of providing access to friends' data

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read  and  before accepting. To view this content choose ‘accept and continue’.

Facebook said Six4Three had "cherry-picked" the documents and claimed they had omitted "important context".

"We stand by the platform changes we made in 2015 to stop a person from sharing their friends' data with developers," said a spokeswoman.

"Like any business, we had many internal conversations about the various ways we could build a sustainable business model for our platform.

"But the facts are clear: we've never sold people's data."

"I understand there is a lot of scrutiny on how we run our systems. That's healthy given the vast number of people who use our services around the world, and it is right that we are constantly asked to explain what we do," he said.

"But it's also important that the coverage of what we do - including the explanation of these internal documents - doesn't misrepresent our actions or motives."

Tactics revealed

The correspondence includes emails between Facebook and several other tech firms, in which the social network appears to agree to add third-party apps to a "whitelist" of those given permission to access data about users' friends.

This might be used, for example, to allow an app's users to continue seeing which of their Facebook friends were using the same service.

Netflix NetflixNetflix
Netflix tapped into Facebook friends lists to let users see what titles their contacts had watched and rated highly

They include:

  • the dating service Badoo, its spin-off Hot or Not, and Bumble - another dating app that it had invested in
  • the car pick-up service Lyft
  • the video-streaming service Netflix
  • the home rental service Airbnb

However, others including the ticket sales service Ticketmaster, Twitter's short-video platform Vine and the connected-cars specialist Airbiquity seem to have been denied the privilege.

Among the emails that have been published are the following extracts:

short presentational grey line

Blocking Vine

The following concerns a decision to prevent Twitter's short-form video service having access to users' friends lists. It is dated 24 January 2012.

Justin Osofsky (Facebook vice president):

"Twitter launched Vine today which lets you shoot multiple short video segments to make one single, 6-second video... Unless anyone raises objections, we will shut down their friends API access today. We've prepared reactive PR, and I will let Jana know our decision."

Mark Zuckerberg (Facebook chief executive):

"Yup, go for it."

short presentational grey line

Android update

The following is part of a discussion about giving Facebook's Android app permission to read users' call logs. It is dated 4 February 2015.

Michael LeBeau (Facebook product manager):

"As you know all the growth team is planning on shipping a permissions update on Android at the end of this month. They are going to include the 'read call log' permission... This is a pretty high-risk thing to do from a PR perspective but it appears that the growth team will charge ahead and do it...[The danger is] screenshot of the scary Android permissions screen becomes a meme (as it has in the past), propagates around the web, it gets press attention, and enterprising journalists dig into what exactly the new update is requesting, then write stories about "Facebook uses new Android update to pry into your private life in ever more terrifying ways".

short presentational grey line

Data leaks

The following is from a discussion in which Mark Zuckerberg mulled the idea of selling developers access to users' friends' data. It is dated October 2012, pre-dating the quiz involved in the Cambridge Analytica scandal. It was sent to Sam Mullin, who was vice president of product management.

Mark Zuckerberg (Facebook chief executive):

"It's not at all clear to me here that we have a model that will actually make us the revenue we want at scale. I'm getting more on board with locking down some parts of platform, including friends' data and potentially email addresses for mobile apps. I'm generally sceptical that there is as much data leak strategic risk as you think... I think we leak info to developers but I just can't think of any instances where that data has leaked from developer to developer and caused a real issue for us."

short presentational grey line

Membership fees

The following is from an email sent by Mark Zuckerberg to several of his executives in which he explains why he does not think making users pay for Facebook would be a good idea. It is dated 19 November 2012.

Mark Zuckerberg (Facebook chief executive):

"The question is whether we could charge and still achieve ubiquity. Theoretically, if we could do that, it would be better to get ubiquity and get paid. My sense is there may be some price we could charge that wouldn't interfere with ubiquity, but this price wouldn't be enough to make us real money. Conversely, we could probably make real money of we were willing to sacrifice ubiquity, but that doesn't seem like the right trade here."