App Developers Suing Facebook Suffer Redaction Failure, Expose Discussions About Pay-For-Play API Access
from the mostly smoke, minimal fire dept
Earlier this week, UK politicians conveniently pounced on a US businessman to force him to turn over documents possibly containing info Parliament members had been unable to extract from Mark Zuckerberg about Facebook’s data sharing. An obscure law was used to detain the visiting Six4Three executive, drag him to Parliament, and threaten him with imprisonment unless he handed over the documents MPs requested.
The executive happened to have on him some inside info produced by Facebook in response to discovery requests. Six4Three is currently suing Facebook over unfair business practices in a California court. The documents carried by the executive had been sealed by the court, which means the executive wasn’t allowed to share them with anyone… in the United States. But he wasn’t in the United States, as gleeful MPs pointed out while forcing him to produce information it wanted from another tech company unwilling to set foot in London.
It was all very strange, more than a little frightening, and completely bizarre. A lot of coincidences lined up very conveniently for UK legislators. The frightening part is it worked. This will only encourage Parliament to pull the same stunt the next time it thinks it can get information others have refused to hand over. Targeting third parties is an ugly way to do government business, especially when the UK government is attempting to obtain information from US companies. All bets are off once they’re on UK soil, so traveling execs may want to leave sensitive info on their other laptop before landing at Heathrow.
But there’s also a chance Six4Three wanted to put this information in the hands of UK legislators. Call it “plausible deniability” or “parallel construction” (why not both?!), but the ridiculousness of the entire incident lends it an air of theater that probably isn’t entirely unearned.
Now there’s more fuel for that conspiratorial bonfire. Court documents filed by Six4Three containing sensitive info about Facebook’s API terms and the possible sale of user info made their way into the public domain. They were redacted to keep this sensitive information from being made public.
Well, let me rephrase that: they were “redacted” in such a way all sensitive info could easily be read by anyone who opened the PDF. Sure, the black bars are there, but selecting the “redacted” text and pasting it anywhere that can handle text allows this information to be read.
Cyrus Farivar of Ars Technica uploaded the redaction failure [PDF] — an error first spotted by the Wall Street Journal. The first redaction, which precedes several fully-redacted pages, contain the following info — stuff Facebook would probably liked to have stayed obscured. (The failed redaction is in bold.)
Facebook filed its removal petition on the eve of its deadline to serve its motions for summary judgment and mere days before the Superior Court’s ruling on Plaintiff’s discovery motions to obtain information from key Facebook executives, including Chief Executive Zuckerberg, regarding the decision to close Graph API that shut down Plaintiff’s business and many others. Plaintiff’s discovery to date provides evidence suggesting that the decision to shut down Graph API was made: (1) for anticompetitive reasons; (2) in concert with other large companies; (3) prior to October 2012 (even though Facebook waited to announce the decision until April 2014); (4) by Mr. Zuckerberg; and (5) with the active participation of at least six other individuals who reported directly to Mr. Zuckerberg. See Godkin Reply Decl. Exhibit 3, at 1-4. Plaintiff has yet to receive information regarding this decision that shut down its business. Rather, Facebook has produced documents only from low-level employees that Facebook unilaterally selected as custodians and who clearly had no involvement in the decision that shut down Plaintiff’s business.
Another fully-redacted paragraph points to a pay-to-play API offering, gleaned from emails obtained through discovery.
On October 30, 2012, Facebook Vice President of Engineering, Michael Vernal, sent a note to certain employees stating that after discussing with Mr. Zuckerberg, Facebook has decided to “limit the ability for competitive networks to use our platform without a formal deal in place” and that Facebook is going to “require that all platform partners agree to data reciprocity.” Mr. Vernal then describes a whitelisting system Facebook will implement, and did in fact implement, to determine data access based on this “reciprocity principle.” See Godkin Reply Decl., Exhibit 5 at FB-00423235-FB-00423236. The reciprocity principle is subsequently defined and discussed among Facebook employees on numerous occasions as shutting down access “in one-go to all apps that don’t spend…at least $250k a year to maintain access to the data.” See Godkin Reply Decl., Exhibit 6 at FB-00061251. Facebook then embarks on a campaign to reach out to large companies and extract significant payments from them with the threat that they will otherwise turn off the company’s data access. However, if a company were to agree to provide significant payments to Facebook, then Facebook would offer it an enormous advantage relative to its competitors. Facebook employees routinely discuss this fact in their email exchanges: “Removing access to all_friends lists seems more like an indirect way to drive NEKO adoption.” See Godkin Reply Decl., Exhibit 7 at FB00061439. In other words, Facebook’s decision to close access to data in its operating system (“removing access to all_friends_lists”), which shut down Plaintiff’s business, was designed to generate increased revenues on Facebook’s advertising platform (“drive NEKO adoption”) by offering an unfair competitive advantage to companies from which Facebook could extract large payments.
Now, the only thing holding this back from being a Six4Three effort to expose Facebook without running afoul of the court is the filing date. This redaction failure was filed nearly 10 months ago — long before UK politicians talked a Six4Three exec out of potentially-damaging documents.
That being said, the London incident still smells super-fishy. And the information seen here doesn’t indicate much more than Facebook considered selling access to Facebook user info. It appears Facebook never followed through with the plan. The lack of pay-for-play doesn’t excuse its larger sins, but it does kind of put a dent in Six4Three’s claims Facebook unfairly locked it out of API access when it kicked its shady bikini-photo-searching app to the curb.
More intrigue is sure to develop as Facebook attempts to have Six4Three held in contempt of court following its seemingly involuntary production of sealed documents during its exec’s recent London trip.