Analysis Emails released today reveal Facebook CEO Mark Zuckerberg discussing how to squeeze more cash from companies hoping to tap into the platform's goldmine of personal data on a billion-plus people.
And the memos show staff deliberately hid the amount of data the Facebook Android app was slurping, and Zuck personally giving the OK to shut down Twitter's access to the Friends API after it acquired video-hosting service Vine.
These emails were published by the British Parliament's Digital, Culture, Media and Sport Select Committee after the panel seized them from a US exec, Ted Kramer, who was visiting London last month.
Kramer obtained the documents during the discovery phase of a bitter legal battle between Facebook and his biz, bikini-picture app biz Six4Three, which alleges Facebook behaved in an anti-competitive and misleading way. After arriving on Blighty's soil, he was ordered by the committee to hand over copies of these files, seeing as the panel is investigating Facebook's activities.
Damian Collins, chairman of the Commons committee, issued a brief note at the top of the 250-page document setting out what he sees as the main issues.
These include whitelisting certain third-party apps so that they could access profile information of their users' friends seemingly without permission. When you granted an app access to your Facebook account, it got its hands on your personal info. Crucially, though, it's known that Facebook was a little loose in protecting the privacy of your friends, offering apps a chance to peek at their profiles, too, seemingly without consent.
A number of the emails come direct from the big cheese himself, with messages revealing how Zuckerberg mulled milking fees from advertisers and other businesses that were interested in slurping data from Facebook user profiles, while others are internal discussions between FB execs.
Most of the conversations are from 2012 and 2013, prior to the rollout of version 3.0 of its Graph API, which third-party Facebook apps use to extract information from their users. This API was overhauled to limit access and avoid more bad headlines, like the ones generated by data-gobbling Cambridge Analytica.
It's also important to note that the committee's MPs, who have chosen which parts of the Six4Three cache to release, are very much keen to prove Facebook is a bad apple – not to mention they are smarting from repeat rejections by Zuck, who had been asked to attend their hearings. Something to keep in mind.
Emails that link Zuckerberg to revenue discussions, mostly in autumn 2012, show he had been "thinking about platform business model a lot" and considered making it so that devs can generate revenue for Facebook, "then it makes it more acceptable for us to charge them quite a bit more for using [the] platform."
The idea would be that any other revenue earned for Facebook by developers would earn them credits towards fees owed for accessing the social network and its users. "So instead of every[one] paying us directly, they'd just use our payments or ads products," he said, proposing a model with login being free, pushing content to FB being free, but that reading anything, including friends' data, “costs a lot of money. Perhaps on the order of $0.10/user each year."
In other words, proposals to charge apps makers, one way or another, to peek at users' and their friends' profiles.
Later that month, he sent an email to colleagues saying he was “getting more on board with locking down some parts of platform, including friends data and potentially email addresses for mobile apps. Without limiting distribution or access to friends who use this app, I don’t think we have any way to get developers to pay us at all besides offering payments and ad networks."
In that same email – and in words he surely lived to regret – he said he was “generally sceptical that there is as much data leak strategic risk as you think." He said: “I agree there is clear risk on the advertiser side, but I haven’t figured out how that connects to the rest of the platform. I think we leak info to developers, but I just can’t think if any instances where that data has leaked from developer to developer and caused a real issue for us.”
In an email from November 2012, Zuckerberg's thoughts had progressed to the idea of data reciprocity – if companies build services on Facebook's platform, they should share their data with the antisocial network giant.
"The quick summary is that I think we should go with full reciprocity and access to app friends for no charge," said Zuck. "Full reciprocity means that apps are required to give any user who connects to FB a prominent option to share all of their social content within that service back... to Facebook."
He acknowledged that sometimes the best way for people to share stuff on Facebook is to have a software maker build a special purpose app, and have Facebook plug into it. However, he said, "that may be good for the world but it’s not good for us unless people also share back to Facebook and that content increases the value of our network. So ultimately, I think the purpose of platform – even the read side – is to increase sharing back into Facebook.”
A separate discussion, which was reported last week, involved Facebook's Konstantinos Papamiltida discussing whether to sell access to user data, telling a colleague to find out if and what a firm spent on its new ad platform:
Communicate in one-go to all apps that don’t spend that those permission will be revoked. Communicate to the rest that they need to spend on NEKO $250k a year to maintain access to the data.
Facebook has repeatedly denied it ever considered selling user data – and so, despite the fact it didn’t actually follow through with this idea, the proposal has been seized by critics as evidence of the Silicon Valley titan's dishonesty.
Other emails seemingly show Facebook discussing how to get some apps whitelisted, to ensure they could have continued access to friends-of-users. The cache contains a number of documents from companies complaining that the Graph API change had damaged their business model – and shows them being whitelisted.
Dating biz Badoo said: “The friends data we receive from users is integral to our product (and indeed a key reason for building Facebook verification into our apps).”
In response, a series of emails from Papamiltidas discussed and then confirmed the app had been whitelisted for the new Hashed Friends API. Similar emails were included to Lyft, AirBnB, and Netflix. Another discusses how to whitelist the Royal Bank of Canada, a Facebook partner.
"Without the ability to access non-app friends, the Messages API becomes drastically less useful. It will also be impossible to build P2P payments within the RBC app, which would have dire consequences for our partnership with them,” said Sachin Monga to a colleague. Later emails in this chain saw the app sent for whitelisting.
Six4Three alleges that these emails prove Facebook gave preferential treatment to certain apps by allowing them this extra data access for longer than everyone else. Facebook denies this, saying that it was the only option to ensure users' apps didn't break.
A separate conversation about the Friends API allegedly shows Zuckerberg giving the thumbs up to shutting down access to Twitter after it launched Vine – during the time when Facebook was working on video.
"Twitter launched Vine today which lets you shoot multiple short video segments to make one single, 6-second video.," one message explained. "As part of their NUX, you can find friends via FB. Unless anyone raises objections, we will shut down their friends API access today. We’ve prepared reactive PR, and I will let Jana know our decision."
To which Zuckerberg replied: "Yup, go for it."
In one set of emails, Facebook's Michael LeBeau discussed an update on Android – which allowed the app to collect a record of calls and texts – that the biz knew it would be controversial, and figuring out if there was a way to temper the reveal.
"Guys, as you know all the growth team is planning on shipping a permissions update on Android at the end of this month," he wrote. "They are going to include the ‘read call log’ permission, which will trigger the Android permissions dialog on update, requiring users to accept the update.
"This is a pretty highrisk thing to do from a PR perspective but it appears that the growth team will charge ahead and do it."
In response, a mail from Yul Kwon said that the team was "exploring a path where we only request Read Call Log permission, and hold off on requesting any other permissions for now." Initial testing, Kwon said, suggested "this would allow us to upgrade users without subjecting them to an Android permissions dialog at all. It would still be a breaking change, so users would have to click to upgrade, but no permissions dialog screen."
At 250 pages, the email cache is an early Christmas present for Facebook watchers, who will pore over it this week. In the shorter term, the firm's stock price took an initial hit of about three per cent.
Zuckerberg and his Social Network may live to regret his decision not to give evidence to this band of British MPs. ®