Leaked documents have revealed that brass at flailing social media giant Facebook have failed to keep track of its nearly 3billion users’ personal data, as the Mark Zuckerberg-led company continues to face scrutiny from privacy regulators.
In an internal document obtained by Motherboard, privacy engineers for the site pointed out flaws in the site’s data management system, admitting they were at a loss as to where its users’ data goes.
The leak was revealed after the company that changed its corporate name to Meta came under fire for collecting unwitting users’ personal information for purposes including targeted advertising – a practice that is currently automated, workers who wrote the directive pointed out.
Staffers who penned the memo, which was sent within the company sometime last year, referred to the current system in place as one with ‘open borders’ – one that does not allow for the careful management regulators across the globe have been calling for.
‘We’ve built systems with open borders,’ the document, which asked brass at the company ‘to advise leadership on preparedness, investments and technology plans with respect to inbound regulations,’ reads.
The staffers, who are part of the Facebook’s Ad and Business Product team, went on to offer an analogy to managers to explain their concerns regarding the overflowing mass of data.
‘Imagine you hold a bottle of ink in your hand,’ the ad ops team wrote. ‘This bottle of ink is a mixture of all kinds of user data.’
Leaked documents have revealed that brass at flailing social media giant Facebook have failed to keep track of its nearly 3billion users’ personal data, as the Mark Zuckerberg-led company continues to face scrutiny from regulators
‘We’ve built systems with open borders,’ the 2021 document, which implored brass at the company ‘to advise leadership on preparedness, investments and technology plans with respect to inbound regulations,’ reads. The staffers, who are part of the Facebook’s Ad and Business Product team, went on to offer an analogy to managers to explain their concerns regarding the security of users’ data, which they warned they were unable to keep track of
The unidentified staffers then pointed to several categories of the accumulated information, including third part data – information collected from the company’s partners, such as those who develop apps for the site -and data garnered by the company itself.
The memo also mentioned information categorized as ‘SCD’ – which stands for sensitive categories data.
‘You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere,’ the document continues.
‘How do you put that ink back in the bottle?’ staffers wrote, questioning corporate strategy concerning data management. ‘How do you organize it again, such that it only flows to the allowed places in the lake?’
Pictured is Zuckerberg testifying before congress in 2018 after a data breach saw millions of users’ data used to target American voters in 2016
The engineers went on to admit that they are struggling to make sense and keep track of where its 2.9billion users’ data once it makes its way into Facebook’s automated systems, and called on management to change how the company deals with users’ data to prevent it from running into trouble with regulators.
‘We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as “we will not use X data for Y purpose,”‘ the document reads.
‘And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.’
The release of the document, which was transcribed by Motherboard to protect a source, comes as regulators across the globe have sought to limit how platforms like Facebook can use their own users’ data, after a slew of breaches and scandals brought attention to the social media giant’s questionable data practices.
The unidentified staffers went on to point to several sects of the accumulated information, including information collected from the company’s partners – such as those who develop apps for the site -and data garnered by the company itself
One of the most significant regulations implemented against the company is the European Union’s General Data Protection Regulation (GDPR), which requires personal data only be ‘collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.’
The guidance went into effect in May 2018 – two months after the largest known data leak in Facebook history became public knowledge.
In March of that year, The New York Times, working with The Observer of London and The Guardian, obtained a trove of documents from the data firm Cambridge Analytica, owned by the right-wing hedge fund manager Robert Mercer.
The documents proved that the firm, where former Trump aide Stephen K. Bannon – who was arrested in 2021 for an alleged scheme to use funds raised for construction to pay for personal expenses – then served as a board member, used data improperly obtained from Facebook to build voter profiles during the 2016 US Election.
The breach saw a reported 87 million users’ personal data, such as a user’s location, political affiliation, and religious orientation, compromised.
The news put Cambridge under investigation and thrust Facebook into regulators’ crosshairs, who began to more adamantly assert social media users’ right to privacy and control their personal data as a result of the scandal.
The 2018 leak saw the social media site – which has waned in popularity in recent years – fall into the crosshairs of regulators, who sought to put a stop to the company’s previous practices of sharing users’ information with partners for financial gain
The EU guidance now requires the Palo Alto-based company to produce proof that they are only collecting data for a specific purpose, and that users’ information was not reused for another reason.
For instance, Facebook previously harvested phone numbers from users through its ‘protect-your-accounts’ feature, which along with a password comprises its ‘two-factor authentication’ practice, and used users’ numbers, without their permission, to link them with other users via its ‘people you may know’ feature.
The company would also shill that information, along with data concerning a users’ background, hobbies, and other telling data, to advertisers, who would then build a personalized profile on that user to help bombard them with targeted ads.
Tech news outlet Gizmodo, however, with the aid of several academic researchers, caught on to this practice in 2021, spurring Facebook to put a stop to the practice.
Facebook subsequently agreed to the massive settlement in response to its violation of privacy rules through its work with the firm, and agreed to create an independent privacy committee that removes ‘unfettered control by Zuckerberg over decisions affecting user privacy.’
The Palo Alto-based company also agreed to have greater oversight over third-party apps, Reuters reported at the time.
That settlement absolved Facebook and its top officials of any other consumer-protection violations known to the Federal Trade Commission (FTC) at the time – though Democrats in the agency said the settlement did not go far enough or require a large enough fine.
GDPR, meanwhile, prohibits the company from repurposing users’ information for financial gain – and the leaked document now suggests that the team responsible for the sites’ ads, the driving force of its business model may not have the means to fulfill that promise and responsibly handle users’ data.
The document subsequently raises the question of whether staffers at the social media site – which has seen its popularity plummet in recent years – can skirt privacy regulations by pleading ignorance, due to the sheer amount of data it collects and where it flows within the company – making it next to impossible to comply.
A Facebook spokesperson denied to Motherboard Tuesday that the document shows the company is not complying with mandated privacy regulations.
‘Considering this document does not describe our extensive processes and controls to comply with privacy regulations, it’s simply inaccurate to conclude that it demonstrates non-compliance.’ the spokesperson wrote in a statement sent via email.
‘New privacy regulations across the globe introduce different requirements and this document reflects the technical solutions we are building to scale the current measures we have in place to manage data and meet our obligations.’
Regarding to the lake metaphor, the spokesperson asserted that the ‘analogy lacks the context that we do, in fact, have extensive processes and controls to manage data and comply with privacy regulations.’
The claim from the company seems to contradict the apparent call for guidance from the company’s ad workers seen in the document, who used another aquatic metaphor to describe the wave of regulations thrust on the company as a ‘tsunami’ – one that will force the company to drastically change how it handles users’ data.
A recent job listing posted by Meta for a position with the site’s Ad and Business product team – the group that penned the memo – said the team’s mission ‘is to make meaningful connections between people and businesses,’
According to the post, the team ‘sits at the center of our monetization strategy and is the engine that powers Facebook’s growth.’
Meanwhile, social media platform’s mobile app’s download numbers took an unprecedented nosedive this month, thrusting the app out of its usual spot in the digital store’s top ten most downloaded applications, and even out of the top 40.
The social media giant’s fall from grace comes amid bombshell claims from former employee-turned-whistleblower Frances Haugen, who claimed in 2021 that the company ignored internal complaints from staff for years to put profits first, ‘lied’ to investors and shielded CEO Mark Zuckerberg from public scrutiny.
It comes following bombshell claims from former employee turned whistleblower Frances Haugen that the tech giant ignored internal complaints from staff for years to put profits first (pictured outside the Houses of Parliament in London in October 2021)
She claimed Facebook knowingly spread misinformation, fueled hate speech, failed to crack down on abuses spread on the platform and exacerbated body image issues, particularly among teenage girls.
In the email sent to employees, obtained by the New York Times, Facebook said: ‘As you are probably aware, we’re currently the focus of extensive media coverage based on a swath of internal documents.
‘As is often the case following this kind of reporting, a number of inquiries from governments and legislative bodies have been launched into the company’s operations.’
Facebook acknowledged to shareholders late last year that it was facing ‘government investigations’ in relation to the leaked documents, which reportedly contained information about the company’s misuse of users’ information.
Despite the deal Facebook made, Haugen’s massive trove – which spurred the FTC to launch a still-active investigation into the company to see whether staffers violated previous agreements reached between top brass and regulators – may prove that not much has changed since the company’s Cambridge Analytica scandal.
When asked for comment on the FTC probe, a Facebook spokesperson sent a statement to DailyMail.com that said, ‘We are always ready to answer regulators’ questions and will continue to cooperate with government inquiries.’
The allegations in the leaked documents have prompted lawmakers on both sides of the Atlantic to call for regulation of the tech firm.
Sen. Richard Blumenthal (D-Conn) said the leaked documents show Facebook bosses ‘chronically ignored serious internal alarms, choosing to put profits over people’ and said the company is ‘obviously unable to police itself.’
Sen. Kirsten Gillibrand (D-N.Y.) called for a new federal agency to protect personal data and ensure privacy late last year
Meanwhile Sen. Kirsten Gillibrand (D-N.Y.) called for a new federal agency to protect personal data and ensure privacy.
In an op-ed for NBC News, she wrote: ‘The approach companies like Facebook take to data is motivated not by protecting our privacy but by growing their profit and power.’
Her proposed agency would review ‘high-risk’ data practices and write new rules for data privacy, she suggested.
Legislation in the UK and the EU is further along with draft bills expected this year introduce independent digital regulation.
It is not known whether the inquiries refer to the US Senate or the UK Parliament.