More than a year ago, Facebook CEO Mark Zuckerberg laid out on his personal page a “timeline” related to the Cambridge Analytica “situation”. But he omitted a key piece of information, which was finally made public on today.
As reported in March, internal emails show a Facebook employee warned the company about Cambridge Analytica in September 2015, saying it was engaged in some “sketchy” data-harvesting activities. For most of the year, Facebook has fought vigorously in court to prevent that email from being disclosed to the public.
For reasons not immediately clear, its attorneys folded this week and agreed to its release.
“The District of Columbia fought to make this document public because we believe the American people have a right to know what and when Facebook knew about its data security weaknesses,” said a spokesperson for the office of the attorney general for the District of Columbia.
“According to the conversations this document contains, Facebook employees were raising alarms about political partners and doubts about their compliance with Facebook’s data policies as far back as September 2015.”
The attorney general for the District of Columbia, Karl A. Racine, is currently suing Facebook, arguing that its privacy policies during the 2016 US election were in direct violation of the District’s Consumer Protection Procedure’s Act. The office has said in court that nearly half of all DC residents were swept up in the Cambridge Analytica incident.
In total, the political consultancy inappropriately obtained data on as many as 87 million users of the social network, according to Facebook.
Facebook has repeatedly filed motions intended to derail the case, arguing that, even though Facebook maintains an office in DC, the District lacks personal jurisdiction. The company also argued that the documents released today contain sensitive commercial information.
Attorneys for the District disputed Facebook’s claims, however, saying that its objection to releasing the documents was “ultimately reputational”.
Facebook appears to be hiding its post about the Cambridge Analytica emails released today from the front page of its "newsroom" pic.twitter.com/HBQHb6B9VT
— Dell Cameron (@dellcam) August 23, 2019
What the emails show is that months before Facebook learned that its user data was being illicitly shared with Cambridge Analytica, Facebook employees based in DC had pressed the company to investigate a “sketchy”, but unrelated, Cambridge Analytica data-scrapping operation.
Zuckerberg neglected to mention this in his letter to the public about Cambridge Analytica. And perhaps for obvious reasons: It shows Facebook was at least aware that the firm was engaged in (to use its own employee’s words) “sketchy” activities months before Zuckerberg claims to have “learned” about the firm by reading a Guardian news report.
Facebook said in a statement it is “agreeing” to release the email, which belies the fact that it spent months trying to prevent its release:
Today we are agreeing with the District of Columbia Attorney General to jointly make public a September 2015 document in which Facebook employees discuss public data scraping. We believe this document has the potential to confuse two different events surrounding our knowledge of Cambridge Analytica. There is no substantively new information in this document and the issues have been previously reported. As we have said many times, including last week to a British parliamentary committee, these are two distinct issues. One involved unconfirmed reports of scraping — accessing or collecting public data from our products using automated means — and the other involved policy violations by Aleksandr Kogan, an app developer who sold user data to Cambridge Analytica. This document proves the issues are separate; conflating them has the potential to mislead people.
Last month, the US Federal Trade Commission announced Facebook would pay a $US5 billion ($7 billion) fine, the largest ever handed down for violations of consumer privacy, after a year-long investigation into the Cambridge Analytica incident. The company also agreed to ask users’ permission before sharing their data beyond what’s specified in its privacy settings.