Who could have imagined that a creepy little app that scoured Facebook for pictures of women in bikinis might be the instrument that skewers the behemoth social network? Who, that is, besides Facebook executives and their lawyers? Until a little over a week ago, the company had successfully sequestered internal e-mails, which were obtained by the legal team of Ted Kramer, the founder of the app company Six4Three, during the discovery process in a 2015 lawsuit. At issue was Facebook’s policy of allowing third-party app developers to access the data of Facebook users’ friends—the very policy that enabled Cambridge Analytica to buy the data of eighty-seven million unwitting users on behalf of the Trump campaign. In Kramer’s case, his Pikinis app relied on that access; once Facebook changed its policy, in 2014, the app no longer worked. Kramer cried foul and sued Facebook for breach of contract. At the company’s request, the judge in the case ordered the records sealed to keep them, ironically, private.
That changed on November 20th, when a parliamentary sergeant-at-arms showed up at Kramer’s London hotel room and escorted him to the halls of Westminster, where the Tory M.P. Damian Collins, the chairman of the Digital, Culture, Media and Sport Committee, demanded that Kramer turn over all his files in the case under threat of arrest. Kramer, who was in London on unrelated business, said that he panicked and moved a number of files from a Dropbox account to a USB drive, which he turned over to the M.P. How Collins knew that Kramer was in London has been traced to the tireless Guardian reporter Carole Cadwalladr, who has spent more than two years unravelling the connections between Cambridge Analytica, Facebook, Donald Trump, Steve Bannon, Robert Mercer, and Brexit. After arranging to meet with Kramer, she appears to have tipped off Collins to Kramer’s whereabouts. But how Collins knew that Kramer was in possession of the documents—which were not his to have—remains a mystery. There are reports that the two men had been in communication for the past few months, at Cadwalladr’s prompting, which suggests that the frog march to Parliament was just for show. (When Kramer’s lawyers found out that he was in possession of the discovery documents and that he had given them to Collins, they attempted to drop him, but, over the weekend, a California judge demanded that they continue to represent Kramer until the matter of the purloined files is adjudicated.)
Collins, for his part, claimed that whatever seal was in force in California was irrelevant in the U.K. On November 27th, he used the snatched e-mails to grill Richard Allan, the Facebook executive who was sent to speak for the company at an unprecedented international hearing on fake news and disinformation that Collins convened in Parliament. Mark Zuckerberg, who said he was too busy to appear—making this the fourth time that he has refused a request from Parliament—was represented by a nameplate positioned in front of an empty chair; every time the television cameras panned to Allan, they also showed his absent boss. Allan admitted that the optics were “not great,” and then went on to do his best Zuckerberg imitation, dodging and feinting as the lawmakers sought to put him on the spot. The most damning claim to emerge was that Facebook either gave, or considered giving, favored access to its users’ data to companies that spent at least two hundred and fifty thousand dollars in advertising on the platform. There also seemed to be evidence that Facebook had been informed, in 2014, that computers with Russian I.P. addresses were siphoning three billion data points a day from Facebook accounts, a claim that Allan refused to address in the hearing.
On Wednesday, Collins published the full cache that he seized from Kramer. The two hundred and fifty pages of internal Facebook documents show, irrefutably, that the company did indeed whitelist a number of lucrative business partners, including Netflix, Lyft, and Airbnb, allowing them continued and unfettered access to the accounts of Facebook users and their friends after the company claimed that it had stopped the practice. The documents also reveal that, in 2015, a permissions update for Android devices, which users were required to accept, included a feature that continuously uploaded text messages and call logs to Facebook. [Continue reading…]