A British lawmaker suggested that Facebook was made aware of suspicious Russian behavior on its platform as early as 2014 during a hearing on fake news and disinformation that took place in London on Tuesday. The MP, Damian Collins, was drawing on a cache of internal Facebook documents that he seized last week, and which the social networking giant has fought for months to keep sealed. In his remarks, Facebook vice president of policy Richard Allan called the documents incomplete and misleading, but their contents proved ripe fodder for the hearing, which featured dozens of lawmakers from nine different countries.
Over the course of three hours, they grilled Allan on Facebook’s long history of privacy screw-ups. He sat in a chair that had been reserved with a name plate for CEO Mark Zuckerberg—a theatrical nod at the fact that the Facebook founder rebuffed repeated invitations to testify before the International Grand Committee. In addition to the UK, the lawmakers there hailed from Argentina, Belgium, Brazil, Canada, France, Ireland, Latvia, and Singapore. It was the first time international parliamentarians had been invited to a hearing at Britain’s House of Commons since 1933, signaling the seriousness with which regulators worldwide now take social media platforms.
Collins, who chairs the Digital, Culture, Media, and Sport Committee, convened the hearing. The documents he acquired—and told reporters that he plans to release in the next week—are part of an ongoing California lawsuit, dating back to 2015, in which the parent company behind a now-defunct Facebook app is accusing Facebook of willfully exploiting user data and scheming to drive its potential rivals out of business. The developer, called Six4Three, argues that the internal Facebook communications obtained through discovery substantiate their claims. Facebook says their case is without merit. Earlier this year, a California court honored Facebook’s request to keep the documents sealed. But in a made-for-TV turn last week, British lawmakers compelled Six4Three’s founder, Ted Kramer, to hand over the documents while he was on a business trip in London.
Collins cut right to the heart of the documents during the hearing. In October of 2014, he said, a Facebook engineer notified the company that entities with Russian IP addresses had been using a Pinterest API to pull out three billion data points a day from the Facebook friends API. Collins wanted to know what happened after that information was brought forward.
“Was that reported or was it kept, as so often seems to be the case, kept within the family?” he asked.
Allan said that the emails constitute an “unverified partial account from a source who has a particular angle.”
“There is, as I understand it, a partial set of information obtained by a hostile litigant who’s seeking to overturn the very changes to restrict access to data that you, as a committee, and others would want to see happen,” Allan continued.
When reached for comment, a Facebook spokesperson told WIRED, “The engineers who had flagged these initial concerns subsequently looked into this further and found no evidence of specific Russian activity.” Facebook later supplied WIRED with redacted versions of the emails themselves. “Ok, things are not as bad as they seemed,” reads one email. “There was a series of unfortunate coincidences that made me think of the worst.” The email goes on to say that the activity was actually coming from Pinterest’s servers and was successfully pinging Facebook’s API just six million times daily, not three billion times. Facebook wouldn’t elaborate on the cause of the confusion.1
The swirling drama in the UK is just the latest crisis to emerge for Facebook over the last few weeks. In case you were too busy gnawing on leftover turkey to keep up, here’s what you need to know.
What is Six4Three?
Years ago, Six4Three developed an app called Pikinis, which allowed Facebook users to find other users’ bathing suit photos. It hinged on a feature of Facebook’s API that gave app developers access to their users’ data, as well as the data of their users’ friends. This feature is also what enabled a Cambridge University researcher named Aleksandr Kogan to collect the of data of tens of millions of Facebook users without their knowledge and sell it to the political firm Cambridge Analytica, which went on to work for President Trump’s 2016 campaign. The story of Cambridge Analytica’s wanton data scraping, and Facebook’s failure to stop it, sparked international outrage when it hit the front pages of The New York Times and The Guardian/Observer in March. The news also cast Six4Three’s years-old case in a new light.
The Six4Three lawsuit stems from Facebook’s decision in 2014 to cut off developer access to friend data. According to a source familiar with the case, Six4Three alleges that in 2012, long before Facebook changed its API, the company was desperate to boost its mobile advertising business. So, the suit alleges, Facebook began requiring developers to buy mobile ads in order to gain access to certain types of user data, including friend data. But two years later, in 2014, when Facebook announced changes to its API, it began cutting off access to friend data altogether. (Apps that were already using this data got extended access until April of 2015.) Six4Three’s Pikinis app was among the apps that shut down in 2015 due to the API changes. The suit argues that Facebook essentially defrauded developers by luring them to the platform with the promise of data, and then cutting them off from that data in 2014.
Facebook, for its part, argues that these changes were well within their rights and were made to protect user privacy. But the documents Kramer gave to Collins are reportedly what Six4Three uses to argue its more nefarious claims and offer evidence that Facebook was trading data access for advertising.
So, how did Collins get these sealed documents?
A representative for Collins told WIRED he had no further comment on the matter, and Kramer did not respond to WIRED’s request for comment. But in a court filing in San Mateo Superior Court on Monday, Kramer’s lawyers wrote that while traveling on a business trip to London last week, Kramer received several notices to his hotel from the DCMS committee, demanding the documents. In one instance, the committee sent the serjeant-at-arms to the hotel to personally serve Kramer with an order to produce the documents. But because of the California court’s decision, Kramer’s lawyers repeatedly advised him not to comply. Kramer’s lawyers say it’s unclear how British lawmakers knew where Kramer was staying, though the filing notes that Kramer had previously shared his location with Observer journalist Carole Cadwalladr. It was also Cadwalladr, the filing says, who first suggested “rais[ing] Six4Three’s case with Damian Collins” earlier in the year. Cadwalladr didn’t respond to WIRED’s request for comment.
After several notices, the filing says, Collins sent Kramer a letter notifying him that he was under investigation by Parliament. After some hasty Googling, Kramer decided to present himself to Collins, who, Kramer’s lawyers say, threatened their client with imprisonment if he refused to hand over the documents. “Mr. Kramer did not know whether he was free to leave the location, nor did he know whether, if allowed to leave, he would be allowed to fly home to the United States,” the filing reads. “At this point, Mr. Kramer panicked. He opened his computer, took out a USB drive, and went onto the local [D]ropbox folder containing Six4Three’s documents.”
Facebook is now calling for the DCMS committee, which is in possession of the documents, to keep them private, in keeping with the California court’s decision. But Collins says the California court has no authority over the committee.
“The House of Commons has the power to order the production of documents within the UK jurisdiction, and a committee of the House can publish such documents if it chooses to, with the protection of parliamentary privilege,” Collins wrote in an email to Allan before the hearing. Collins argued that while the committee doesn’t have an opinion about Six4Three’s legal claims, the information contained in the documents is relevant to the committee’s “ongoing inquiry into disinformation and fake news.”
What went down at the hearing?
Zuckerberg’s absence loomed large over the day of questioning. Charlie Angus, MP of Canada, kicked off the morning by telling Allan he was “deeply disappointed” in Zuckerberg’s decision to “blow off this meeting,” and criticized the “frat boy billionaires in California” upending global democracies.
At one point, after being asked how Zuckerberg’s absenteeism might look to the lawmakers, Allan himself said, “Not great.”
Things didn’t get easier. The lawmakers asked additional questions about the allegations in the documents Collins seized, including Six4Three’s claim that Facebook created a whitelist of developers who were given access to friend data after other apps had been cut off. Facebook has previously shared this list, noting that these apps were granted an extension to ease their transition to the new API. As WIRED previously reported, one of the companies given this cushion was the Russian internet giant Mail.Ru, whose major investor, Alisher Usmanov, has close ties to Russian president Vladimir Putin.
Allan also faced questions about whether Facebook ever required developers to buy mobile ads in order to receive access to friend data, as alleged in Six4Three’s lawsuit. Allan said they didn’t, but he acknowledged that it may have been among the options Facebook discussed internally.
“In 2014, 2015, there was a transition from desktop to mobile that meant that every business, ours and everyone else, had to think about what the business models were in this new mobile environment,” Allan said. “I suspect you may have some partial records and some discussions of business models.”
Allan generally cast Six4Three as an untrustworthy, disgruntled developer with an axe to grind. He said Six4Three’s “beef” with Facebook began when the company made “precisely the changes [lawmakers] would want us to make.”
“Their application depended on access to friends data. When we changed the API … they lost access to friends data. Therefore, their app no longer worked,” he said. “They wanted us to reverse this.”
Allan went on to field questions about, among other things, fake news, hate speech, Cambridge Analytica, turmoil in Sri Lanka, and a recent New York Times report that suggested Facebook tried to hide what it knew about Russian interference in the 2016 US election. Allan went so far as to assert that regulatory regimes that exempt Facebook and other tech platforms from being held responsible for all of their users’ actions may be “out of date.”
But Allan’s responses didn’t seem to satisfy his questioners. Not that any response would. The 24 lawmakers in the room made clear that it was Zuckerberg they wanted to talk to. As Belgian parliamentarian Nele Lijnen bluntly put it, using a colloquialism from her home country, Zuckerberg “sent his cat” instead.
“In this room, we represent over 400 million people,” said Canadian MP Bob Zimmer, “and to not have your CEO in that chair is an offense to all of us.”
After the hearing, lawmakers from all nine countries signed a declaration outlining their approach to the law governing the internet. It included, among other things, the stipulation that “social media companies should be held liable if they fail to comply with a judicial, statutory or regulatory order to remove harmful and misleading content from their platforms, and should be regulated to ensure they comply with this requirement.”
One thing is certain: This won’t be the last Facebook hears from the DCMS committee and the other countries present. Collins says he expects to be able to publish the documents within the next week. If he does release them, it will no doubt invite a new round of tough questions for the already embattled tech giant.
1Update: 5:32 pm ET 11/27/18 This story has been updated to include the emails supplied by Facebook.