On Wednesday, the House of Commons DCMS committee – which is rapidly becoming one of the biggest thorns in Facebook’s side – published hundreds of pages of the company’s internal emails.
The documents had been dramatically seized a few weeks before from Ted Kramer, the CEO of Six4Three. That company had used Facebook’s API (a means to extract data from the site) to create an app making it easy to see photos of women in bikinis – until Facebook tightened access to such tools, citing privacy concerns.
Kramer, devastated that his in-no-way-utterly-creepy app had been hit by these changes, launched what’s become a bitter lawsuit against Facebook. The documents in that lawsuit had been held under seal by the US court overseeing it
This is something Kramer had been encouraging media outlets to fight for months. He must, then, have been devastated when he was surprised during a UK trip by House of Commons authorities – who have very little real legal power – and asked to hand over the documents, not even bothering to seek any legal advice before “panicking” and deciding to fully comply.
Now the documents he wanted to be public for months are finally public, thanks to that panicked decision, he must be mortified – especially given they’ve generated headlines across the globe. But what do they actually tell us?
The answer is quite a lot – but much less than the huge wave of worldwide headlines the documents garnered would suggest.
Both DCMS committee chair Damian Collins, and numerous publications reporting these events, have suggested the documents showed that Facebook had made no change to the API tool which had let Cambridge Analytica (via a Cambridge academic) harvest 80m user profiles, other than to charge for it.
But this reading appears to have relied on a misunderstanding of changes made to the Facebook API. The company had intended its “friends of friends” feature to be used to help apps recommend people to join – rather than to harvest data on its users, which goes against Facebook’s own commercial interests – and so it anonymised this tool.
Instead of actual information on the user, the emails show, apps would get a “one-way hash” – something it could send to Facebook which would reveal to the end user a profile they could recommend. The purpose of these hashes is to make it impossible for the person with it to decode it without Facebook’s help: that means it can be used for user interfaces, but not for harvesting. This was a genuine privacy change, but one trying to keep the ‘useful’ bit of the functionality.
The emails do reveal that Facebook gives privileged API access to companies that either pay for it, or which spend beyond certain thresholds advertising on its network. It’s easy to jump from that to assuming Facebook is “selling user data”, as many did – but the reality is more complicated.
For social media companies, the “social graph” they create – who knows who, how often people log in, what they’re interested in – is the very core of their business, and the justification for their huge valuations.
APIs grant limited access to those social graphs to power apps, which can themselves then become worth vast amounts of money – just think of Tinder, for example. Asking companies like Facebook to offer the same access to everyone for free is essentially asking them to let other people get rich off their main asset, with no return to them.
There may be a case for forcing social media companies to improve access to their graphs, to protect an open internet. But as it stands, charging for API access is standard across the industry, and would shock absolutely no-one working in the field. And isn’t the same as selling off user data to the highest bidder.
That’s the red herrings aside – but there are two other main headlines that have more to back them. One, sadly, lies in a single sentence in one email, so raises more questions than it answers. But it involves a decision to cut off API access to users’ friends from Twitter’s Vine app.
On one level, we knew this had happened, and it is understandable Facebook doesn’t want to make it easy for would-be competitors to use its network to supplant them. As a business decision, it makes perfect sense.
However, it is a decision which may provoke the interest of competition regulators: is Facebook using its social monopoly power to assert market power in another field? If so, it could face heavy sanction – though the company would surely argue that not actively helping a rival, by recommending friends as new users, is different from stifling one.
The trickiest news for Facebook, though, comes from internal decision-making on its Android app, where it deliberately rolled out an intrusive update giving it much more access to users’ private information in such a way as to hide that fact from users. That has been spotted before, but what we haven’t previously seen is Facebook’s discussions around such decisions.
Not only was this a creepy and telling decision, but the email dialogue around it served to encapsulate many of the problems with Facebook: the company was well aware users wouldn’t like it, and that there would be a media backlash if it was found out, but knew its “growth team will charge ahead” regardless. That’s the sign of a company putting itself before its users, and before society – and a sign of a toxic culture.
One prescient email included a suggestion of what kind of headline Facebook would face if it operated in this way:
“Facebook uses new Android update to pry into your private life in ever more terrifying ways – reading your call logs, tracking you in businesses with beacons, etc”
That is exactly the kind of headline the company deserves – and now we know they know that, too.