Did Facebook Really Know About Russian Meddling in 2014?
UPDATE: On Wednesday, Facebook shared the full scope of the redacted emails referenced by Damian Collins with the Hive. They appear to show that the suspicious activity flagged by a Facebook engineer was not coming from Russia, but from Pinterest’s servers, and that Facebook’s A.P.I was successfully pinged about 6 million times a day, rather than 3 billion. “Ok, things are not as bad as they seemed,” reads one e-mail, presumably from the engineer. “There was a series of unfortunate coincidences that made me think of the worst.” Collins later suggested Facebook had broken the seal on its California court documents. “Will they now ask for the rest to be released?” he tweeted. “These emails show there was no external investigation of Russian IP addresses calling for Facebook data & don’t confirm how much was taken.”
When Mark Zuckerberg said in June that Facebook was at war, he couldn’t have known that Facebook would soon be knee-deep in a much more threatening fight across the Atlantic. But this week, as officials in the U.K. made an unprecedented effort to obtain correspondence between Zuckerberg and other company higher-ups, Facebook found itself engaged in a tug-of-war with British lawmakers in an effort to keep the exchanges private. That fight ratcheted up a notch on Tuesday, when Damian Collins, who chairs the British parliamentary committee investigating disinformation, made what seemed to be a damning revelation during an International Grand Committee hearing: that based on a Facebook engineer’s internal e-mail, the company had been aware of suspicious Russia-linked data harvesting as early as 2014—two years before the 2016 election.
Collins, who’s reportedly read the entirety of said correspondence, which was obtained through a legal filing by app developer Six4Three, said as much while questioning Facebook V.P. Richard Allan before an assemblage of lawmakers from the U.K., Argentina, Belgium, Brazil, Canada, France, Ireland, Latvia, and Singapore on Tuesday morning. “An engineer at Facebook notified the company in October 2014 that entities with Russian I.P. addresses had been using a Pinterest A.P.I. key to pull over 3 billion data points a day through the Ordered Friends A.P.I.,” he said. In other words, Facebook supposedly knew in October 2014 that Russian entities were using a feature that let advertisers harvest mass amounts of user data.
The follow-up question was obvious: if Facebook had this information, did it do anything about it? “Was that reported or was that just kept, as so often seems to be the case, just kept in the family and not talked about?” Collins asked. Allan did not elaborate on the documents, which have been sealed by a California court, but said the information they contain is “at best partial, at worst potentially misleading.” (According to Facebook, the document Collins referenced was taken out of context: “The engineers who had flagged these initial concerns subsequently looked into this further and found no evidence of specific Russian activity,” the company told the Hive on Tuesday.) That may soon be up to the public to decide: in an exchange with reporters, Collins said that while he “can’t give you an exact date” he “would hope we would be in a position to publish [the documents] very soon . . . Certainly within the next week or so,” once they’d been stripped of personal information.
Altogether, Facebook has faced a sharper, more sophisticated critique abroad than anything the company has dealt with on U.S. soil. Some, like Canada’s Charlie Angus, have gone so far as to openly propose breaking up Facebook in the wake of its video-metric inflation scandal. “I would consider that corporate fraud, on a massive scale,” he said. “The simplest form of regulation would be to break Facebook up, or treat it as a utility, so that we can all then feel that when we talk about regulation we are talking about allowing competition, we’re counting metrics that are actually honest and true . . . To allow you to gobble up all the competition is probably not in the public interest.” At times, Allan seemed to make concessions about the fallibility of his employer, adding that Facebook was willing to accept some regulation from governments around the world. “I am not going to disagree with you that we have damaged public trust in some of the actions that we’ve taken,” he said. “To the extent this is all clarified and we have a clear playbook to work from, that would be very helpful.”
Many of Allan’s answers were evasive, however, and at several points he told lawmakers he did not have enough information to respond to a particular question. Meanwhile, the specter of Allan’s absentee boss hung heavy over proceedings. A nameplate labeled “Mark Zuckerberg” sat before an empty chair that should presumably have held the C.E.O. And lawmakers repeatedly asked Allan why he’d been sent in his boss’s stead, to which he could only reply, “I have a role supporting my company as it tries to grapple with the issues we are discussing today, and when we are trying to decide where senior officers of the company should be, we need to balance that out.”