Leaked internal Facebook documents show that the plans to sell access to user data were discussed for years and received support from Facebook’s most senior executives, including CEO Mark Zuckerberg and chief operating officer Sheryl Sandberg. Doug Chayka for NBC News / Getty Images
Facebook CEO Mark Zuckerberg oversaw plans to consolidate the social network’s power and control competitors by treating its users’ data as a bargaining chip, while publicly proclaiming to be protecting that data, according to about 4,000 pages of leaked company documents largely spanning 2011 to 2015 and obtained by NBC News.
The documents, which include emails, webchats, presentations, spreadsheets and meeting summaries, show how Zuckerberg, along with his board and management team, found ways to tap Facebook’s trove of user data — including information about friends, relationships and photos — as leverage over companies it partnered with.
In some cases, Facebook would reward favored companies by giving them access to the data of its users. In other cases, it would deny user-data access to rival companies or apps.
For example, Facebook gave Amazon extended access to user data because it was spending money on Facebook advertising and partnering with the social network on the launch of its Fire smartphone. In another case, Facebook discussed cutting off access to user data for a messaging app that had grown too popular and was viewed as a competitor, according to the documents.
All the while, Facebook was formulating a strategy to publicly frame these moves as a way of protecting user privacy.
Private communication between users is “increasingly important,” Zuckerberg said in a 2014 New York Times interview. “Anything we can do that makes people feel more comfortable is really good.”
But the documents show that behind the scenes, in contrast with Facebook’s public statements, the company came up with several ways to require third-party applications to compensate Facebook for access to its users’ data, including direct payment, advertising spending and data-sharing arrangements. While it’s not unusual for businesses that are working together to share information about their customers, Facebook has access to sensitive data that many other companies don’t possess.
Facebook ultimately decided not to sell the data directly but rather to dole it out to app developers who were considered personal “friends” of Zuckerberg or who spent money on Facebook and shared their own valuable data, the documents show.
Facebook denied that it gave preferential treatment to developers or partners because of their ad spending or relationship with executives. The company has not been accused of breaking the law.
A man poses for photos in front of the Facebook sign on the company's campus in Menlo Park, California, in 2014.Jeff Chiu / AP file
About 400 of the 4,000 pages of documents have previously beenreported by other media outlets, and also by a member of the British Parliament who has been investigating Facebook’s data privacy practices in the wake of the Cambridge Analytica scandal. However, this cache represents the clearest and most comprehensive picture of Facebook’s activities during a critical period as the company struggled to adapt to the rise of smartphones following its rocky debut as a public company.
The thousands of newly shared documents were anonymously leaked to the British investigative journalist Duncan Campbell, who shared them with a handful of media organizations: NBC News, Computer Weekly and Süddeutsche Zeitung. Campbell, a founding member of the International Consortium of Investigative Journalists, is a computer forensics expert who has worked on international investigations including on offshore banking and big tobacco. The documents appear to be the same ones obtained by Parliament in late 2018 as part of an investigation into Facebook. Facebook did not question the authenticity of the documents NBC News obtained.
The documents stem from a California court case between the social network and the little-known startup Six4Three, which sued Facebook in 2015 after the company announced plans to cut off access to some types of user data. Six4Three’s app, Pikinis, which soft-launched in 2013, relied on that data to allow users to easily find photos of their friends in bathing suits.
Facebook has acknowledged that it considered charging for access to user data. But Facebook has challenged the significance of those discussions, telling the Wall Street Journal last year and NBC News this month that the company was merely mulling various business models.
Facebook has also repeatedly said that the documents had been “cherry-picked” and were misleading. Facebook reiterated this stance when NBC News contacted the social media company for comment on the newly leaked documents.
“As we’ve said many times, Six4Three — creators of the Pikinis app — cherry picked these documents from years ago as part of a lawsuit to force Facebook to share information on friends of the app's users,” Paul Grewal, vice president and deputy general counsel at Facebook, said in a statement released by the company.
“The set of documents, by design, tells only one side of the story and omits important context. We still stand by the platform changes we made in 2014/2015 to prevent people from sharing their friends' information with developers like the creators of Pikinis. The documents were selectively leaked as part of what the court found was evidence of a crime or fraud to publish some, but not all, of the internal discussions at Facebook at the time of our platform changes. But the facts are clear: we've never sold people’s data.”
NBC News has not been able to determine whether the documents represent a complete picture. Facebook declined to provide additional evidence to support the claim of cherry-picking.
Still, these freshly leaked documents show that the plans to sell access to user data were discussed for years and received support from Facebook’s most senior executives, including Zuckerberg, chief operating officer Sheryl Sandberg, chief product officer Chris Cox and VP of growth Javier Olivan. Facebook declined to make them available for comment.
After NBC News contacted Facebook for comment, Facebook’s lawyers wrote to the judge in the Six4Three case, claiming that Six4Three had leaked the documents to a “national broadcast network” and seeking to depose Six4Three’s founders. NBC News received the documents from Campbell, who received them from an anonymous source. Six4Three denied leaking the documents.
When Facebook ultimately cut off broad access to user data in 2015, the move contributed to the decline of thousands of competitors and small businesses that relied on what Facebook had previously described as a “level-playing field” in terms of access to data. In addition to Pikinis, the casualties included Lulu, an app that let women rate the men they dated; an identity fraud-detecting app called Beehive ID; and Swedish breast cancer awareness app Rosa Bandet (Pink Ribbon).
The strategy orchestrated by Zuckerberg had some of his employees comparing the company to villains from Game of Thrones, while David Poll, a senior engineer, called the treatment of outside app developers “sort of unethical,” according to the documents. But Zuckerberg’s approach also earned admiration: Doug Purdy, Facebook’s director of product, described the CEO as a “master of leverage,” according to the documents.
Facebook declined to comment on these employee communications.
One of the most striking threads to emerge from the documents is the way that Facebook user data was horse-traded to squeeze money or shared data from app developers.
In the wake of the Cambridge Analytica scandal in early 2018 and rising awareness of the Six4Three case, Facebook has attempted to frame changes it made to its platform in 2014 and 2015 as being driven by concerns over user privacy. In statements to media organizations, Facebook has said it locked down its platform to protect users from companies that mishandled user data, such as Cambridge Analytica, as well as apps that spammed users’ news feeds or were creepy, such as Six4Three’s bikini-spotting app Pikinis.
However, among the documents leaked, there’s very little evidence that privacy was a major concern of Facebook’s, and the issue was rarely discussed in the thousands of pages of emails and meeting summaries. Where privacy is mentioned, it is often in the context of how Facebook can use it as a public relations strategy to soften the blow of the sweeping changes to developers’ access to user data. The documents include several examples suggesting that these changes were designed to cement Facebook’s power in the marketplace, not to protect users.
In Six4Three’s case, for example, Facebook’s head of policy Allison Hendrix acknowledged in a June 2017 deposition obtained by NBC News that the social network never received any complaints about the Pikinis app, nor did Facebook send Six4Three any policy or privacy violation notices. Six4Three, Hendrix confirmed, was playing within the rules Facebook had set for developers.
Despite this, Six4Three’s access to data, specifically access to a user’s friends’ photos, was cut off in April 2015 as part of sweeping changes to Facebook’s platform announced a year earlier, which affected as many as 40,000 apps. Six4Three shut down the app soon afterward.
Ted Kramer, founder of Six4Three.Peter DaSilva / for NBC News
“Our case is about Zuckerberg’s decision to weaponize the reliance of companies on his purportedly neutral platform and to weaponize the private and sensitive data of billions of people,” said Six4Three founder Ted Kramer.
Facebook recognized early on that working with third-party app developers could help make the social network more interesting and drive the platform’s expansion. Beginning in early 2010, Facebook created tools that allowed the makers of games (remember Farmville?) and other apps to connect with its audience in return for ensuring those users spent more time on Facebook.
Facebook achieved this through its “Graph API” (Application Programming Interface), a common means to allow software programs to interact with each other. In Facebook’s case, this meant that third-party apps such as games could post updates on people’s profiles, which would be seen by players’ friends and potentially encourage them to play, too. Beyond that, it allowed the makers of those games to access a slew of data from Facebook users, including their connections to friends, likes, locations, updates, photos and more.
The Graph API — and particularly the way it let third parties promote their products to and extract data from a user’s social connections — was a key feature of Facebook that Six4Three and thousands of other companies relied upon for viral marketing and user growth.
However, after a few years, Facebook decided the app developers were getting more value from the user data they extracted from Facebook than Facebook was getting out of the app developers, the documents show.
After Facebook went public in May 2012, its stock price plummeted, which Zuckerberg later characterized as “disappointing.” The company was in a desperate position, documents show, with users sharing fewer photos and posts on the platform as they spent more time on their cellphones. An internal Facebook presentation looking back at this period used the phrase “terminal decline” to describe the fall in engagement.
Facebook executives, including Zuckerberg and Sandberg, spent months brainstorming ways to turn the company around. An idea that they kept returning to: make money from the app partners, by charging them for access to Facebook’s users and their data.
Several proposals for charging developers for access to Facebook’s platform and data were put forward in a presentation to the company’s board of directors, according to emails and draft slides from late August 2012.
Among the suggestions: a fixed annual fee for developers for reviewing their apps; an access fee for apps that requested user data; and a charge for “premium” access to data, such as a user trust score or a ranking of the strongest relationships between users and their friends.
“Today the fundamental trade is ‘data for distribution’ whereas we want to change it to either ‘data for $’ and/or ‘$ for distribution,’” Chris Daniels, a Facebook business development director, wrote in an August 2012 email to other top leaders in the company discussing the upcoming presentation.
Discussions continued through October, when Zuckerberg explained to close friend Sam Lessin the importance of controlling third-party apps’ ability to access Facebook’s data and reach people’s friends on the platform. Without that leverage, “I don’t think we have any way to get developers to pay us at all,” Zuckerberg wrote in an email to Lessin.
In the same week, Zuckerberg floated the idea of pursuing 100 deals with developers “as a path to figuring out the real market value” of Facebook user data and then “setting a public rate” for developers.
“The goal here wouldn’t be the deals themselves, but that through the process of negotiating with them we’d learn what developers would actually pay (which might be different from what they’d say if we just asked them about the value), and then we’d be better informed on our path to set a public rate,” Zuckerberg wrote in a chat.
Facebook told NBC News that it was exploring ways to build a sustainable business, but ultimately decided not to go forward with these plans.
"I just can’t think of any instances where that data has leaked from developer to developer and caused a real issue for us.”
Zuckerberg was unfazed by the potential privacy risks associated with Facebook’s data-sharing arrangements.
“I’m generally skeptical that there is as much data leak strategic risk as you think,” he wrote in the email to Lessin. “I think we leak info to developers but I just can’t think of any instances where that data has leaked from developer to developer and caused a real issue for us.”
Facebook told NBC News that this was an example of a cherry-picked email designed to bolster Six4Three’s case.
Zuckerberg didn’t know it at the time, but a privacy bug affecting an unnamed third-party app would create precisely this kind of strategic risk the following year, according to a panicked chatlog between Michael Vernal, who was director of engineering, and other senior employees.
It’s not clear exactly what happened or which app was involved, but it appears that Zuckerberg’s private communications could have leaked from Facebook to the external app in an unexpected way.
Vernal said that it “could have been near-fatal for Facebook platform” if “Mark had accidentally disclosed earnings ahead of time because a platform app violated his privacy.”
“Holy crap,” replied Avichal Garg, then director of product management.
“DO NOT REPEAT THIS STORY OFF OF THIS THREAD,” added Vernal. “I can’t tell you how terrible this would have been for all of us had this not been caught quickly.”
Vernal and Garg did not respond to requests for comment.
In late November 2012, Zuckerberg sent a long email to Facebook’s senior leadership team saying that Facebook shouldn’t charge developers for access to basic data feeds. However, he said that access to Facebook data should be contingent on the developers sharing all of the “social content” generated by their apps back to Facebook, something Zuckerberg calls “full reciprocity.”
The existing arrangement, where developers weren’t required to share their data back with Facebook, might be “good for the world” but it’s not “good for us,” Zuckerberg wrote in the email.
He noted that though Facebook could charge developers to access user data, the company stood to benefit more from requiring developers to compensate Facebook in kind — with their own data — and by pushing those developers to pay for advertising on Facebook’s platform.
The endgame: to ensure Facebook maintained its dominant position in the market.
“The purpose of the platform is to tie the universe of all the social apps together so we can enable a lot more sharing and still remain the central social hub,” Zuckerberg said in the email.
Facebook told NBC News that the focus of “full reciprocity” was to enable users to share their experiences within external apps with their friends on Facebook, not about providing Facebook with user data.
With Zuckerberg’s vision for Facebook set, the company began making deals with some of its most valued partners, including dozens of app developer friends of Zuckerberg and Sandberg. Facebook whitelisted their access to feeds of user data while restricting that same access to apps that Facebook viewed as competitors.
These data access deals prepared key partners, including Tinder, Sony and Microsoft, for sweeping changes to the Facebook platform that the company planned to announce at its annual developer conference in April 2014 and enforce within a year.
In one instance, described in June 2013 documents, Amazon received special treatment for the launch of a group gifting product, despite the fact that it competed with one of Facebook’s own products.
“Remind me, why did we allow them to do this? Do we receive any cut of purchases?” Chris Daniels, then Facebook’s director of business development, asked in an email.
“No, but Amazon is an advertiser and supporting this with advertisement ... and working with us on deeper integrations for the Fire,” Amazon’s smartphone, replied Jackie Chang, who worked with Facebook’s “strategic partners.”
Apps that were not considered “strategic partners” got different treatment. In a March 2013 discussion, Justin Osofsky, then director of platform partnerships, described restricting the MessageMe app from accessing Facebook data because it had grown too popular and could compete with Facebook messages. He asked colleagues to see if any other messenger apps have “hit the growth team’s radar recently.”
“If so, we'd like to restrict them at the same time to group this into one press cycle," he wrote in an email.
Deal negotiations created confusion among partners who had grown accustomed to unfettered access to Facebook user data.
“We gave a bunch of stuff ‘for free’ historically (data, distribution) and now we’re making you ‘pay’ for it via reciprocal value,” Vernal, director of engineering, wrote in an email in June 2013. He added, “The confusing thing here is that we haven’t really announced these changes publicly/broadly yet.”
Some Facebook employees were unhappy about this direction, particularly the way the company appeared to be blocking competitors from accessing data.
Here’s an extract from a December 2013 chatlog between several senior engineers talking about the changes:
Bryan Klimt: “So we are literally going to group apps into buckets based on how scared we are of them and give them different APIs? ... So the message is, ‘if you’re going to compete with us at all, make sure you don’t integrate with us at all’? I’m just dumbfounded.”
Kevin Lacker: “Yeah this is complicated.”
David Poll: “More than complicated, it’s sort of unethical.”
Lacker and Poll declined to comment. Vernal and Klimt did not respond to requests for comment.
Facebook declined to comment on the employee exchanges.
When it came to publicly announcing the sweeping changes at Facebook’s annual F8 developer conference in April 2014, members of the communications team worked with Zuckerberg to craft a narrative around user trust, not competition or profitability.
In a March 2014 email discussing Zuckerberg’s keynote speech at the event, where he was due to announce the removal of developers’ access to friends’ data, Jonny Thaw, a director of communications, wrote that it “may be a tough message for some developers as it may inhibit their growth.”
“So one idea that came up today was potentially talking in the keynote about some of the trust changes we’re making on Facebook itself. So the message would be: ‘trust is really important to us — on Facebook, we’re doing A, B and C to help people control and understand what they’re sharing — and with platform apps we’re doing D, E and F.’”
If that doesn’t work, he added, “we could announce some of Facebook’s trust initiatives in the run up to F8” to make the changes for developers “seem more natural.”
Facebook told NBC News that it was “completely reasonable” for someone on the communications team to discuss the best way to get the message out on changes to the platform.
User trust was crucial when Zuckerberg delivered his speech at the event on April 30, 2014.
Facebook CEO Mark Zuckerberg delivers the keynote address at the F8 developer conference in San Francisco in 2014.Ben Margot / AP file
“Over the years, one of the things we’ve heard over and over again is that people want more control over how they share their information, especially with apps, and they want more say and control over how apps use their data,” he told the audience of journalists and developers. “And we take this really seriously because if people don’t have the tools they need to feel comfortable using your apps, that’s bad for them and that’s bad for you.”