App Developers Suing Facebook Suffer Redaction Failure, Expose Discussions About Pay-For-Play API Access

from the mostly-smoke,-minimal-fire dept

Earlier this week, UK politicians conveniently pounced on a US businessman to force him to turn over documents possibly containing info Parliament members had been unable to extract from Mark Zuckerberg about Facebook's data sharing. An obscure law was used to detain the visiting Six4Three executive, drag him to Parliament, and threaten him with imprisonment unless he handed over the documents MPs requested.

The executive happened to have on him some inside info produced by Facebook in response to discovery requests. Six4Three is currently suing Facebook over unfair business practices in a California court. The documents carried by the executive had been sealed by the court, which means the executive wasn't allowed to share them with anyone… in the United States. But he wasn't in the United States, as gleeful MPs pointed out while forcing him to produce information it wanted from another tech company unwilling to set foot in London.

It was all very strange, more than a little frightening, and completely bizarre. A lot of coincidences lined up very conveniently for UK legislators. The frightening part is it worked. This will only encourage Parliament to pull the same stunt the next time it thinks it can get information others have refused to hand over. Targeting third parties is an ugly way to do government business, especially when the UK government is attempting to obtain information from US companies. All bets are off once they're on UK soil, so traveling execs may want to leave sensitive info on their other laptop before landing at Heathrow.

But there's also a chance Six4Three wanted to put this information in the hands of UK legislators. Call it "plausible deniability" or "parallel construction" (why not both?!), but the ridiculousness of the entire incident lends it an air of theater that probably isn't entirely unearned.

Now there's more fuel for that conspiratorial bonfire. Court documents filed by Six4Three containing sensitive info about Facebook's API terms and the possible sale of user info made their way into the public domain. They were redacted to keep this sensitive information from being made public.

Well, let me rephrase that: they were "redacted" in such a way all sensitive info could easily be read by anyone who opened the PDF. Sure, the black bars are there, but selecting the "redacted" text and pasting it anywhere that can handle text allows this information to be read.

Cyrus Farivar of Ars Technica uploaded the redaction failure [PDF] -- an error first spotted by the Wall Street Journal. The first redaction, which precedes several fully-redacted pages, contain the following info -- stuff Facebook would probably liked to have stayed obscured. (The failed redaction is in bold.)

Facebook filed its removal petition on the eve of its deadline to serve its motions for summary judgment and mere days before the Superior Court’s ruling on Plaintiff’s discovery motions to obtain information from key Facebook executives, including Chief Executive Zuckerberg, regarding the decision to close Graph API that shut down Plaintiff’s business and many others. Plaintiff’s discovery to date provides evidence suggesting that the decision to shut down Graph API was made: (1) for anticompetitive reasons; (2) in concert with other large companies; (3) prior to October 2012 (even though Facebook waited to announce the decision until April 2014); (4) by Mr. Zuckerberg; and (5) with the active participation of at least six other individuals who reported directly to Mr. Zuckerberg. See Godkin Reply Decl. Exhibit 3, at 1-4. Plaintiff has yet to receive information regarding this decision that shut down its business. Rather, Facebook has produced documents only from low-level employees that Facebook unilaterally selected as custodians and who clearly had no involvement in the decision that shut down Plaintiff’s business.

Another fully-redacted paragraph points to a pay-to-play API offering, gleaned from emails obtained through discovery.

On October 30, 2012, Facebook Vice President of Engineering, Michael Vernal, sent a note to certain employees stating that after discussing with Mr. Zuckerberg, Facebook has decided to “limit the ability for competitive networks to use our platform without a formal deal in place” and that Facebook is going to “require that all platform partners agree to data reciprocity.” Mr. Vernal then describes a whitelisting system Facebook will implement, and did in fact implement, to determine data access based on this “reciprocity principle.” See Godkin Reply Decl., Exhibit 5 at FB-00423235-FB-00423236. The reciprocity principle is subsequently defined and discussed among Facebook employees on numerous occasions as shutting down access “in one-go to all apps that don’t spend…at least $250k a year to maintain access to the data.” See Godkin Reply Decl., Exhibit 6 at FB-00061251. Facebook then embarks on a campaign to reach out to large companies and extract significant payments from them with the threat that they will otherwise turn off the company’s data access. However, if a company were to agree to provide significant payments to Facebook, then Facebook would offer it an enormous advantage relative to its competitors. Facebook employees routinely discuss this fact in their email exchanges: “Removing access to all_friends lists seems more like an indirect way to drive NEKO adoption.” See Godkin Reply Decl., Exhibit 7 at FB00061439. In other words, Facebook’s decision to close access to data in its operating system (“removing access to all_friends_lists”), which shut down Plaintiff’s business, was designed to generate increased revenues on Facebook’s advertising platform (“drive NEKO adoption”) by offering an unfair competitive advantage to companies from which Facebook could extract large payments.

Now, the only thing holding this back from being a Six4Three effort to expose Facebook without running afoul of the court is the filing date. This redaction failure was filed nearly 10 months ago -- long before UK politicians talked a Six4Three exec out of potentially-damaging documents.

That being said, the London incident still smells super-fishy. And the information seen here doesn't indicate much more than Facebook considered selling access to Facebook user info. It appears Facebook never followed through with the plan. The lack of pay-for-play doesn't excuse its larger sins, but it does kind of put a dent in Six4Three's claims Facebook unfairly locked it out of API access when it kicked its shady bikini-photo-searching app to the curb.

More intrigue is sure to develop as Facebook attempts to have Six4Three held in contempt of court following its seemingly involuntary production of sealed documents during its exec's recent London trip.


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 30 Nov 2018 @ 4:46am

    Having access to those documents is a violation

    He was not allowed to take those docs outside of the US so anything that happens, as a result, is directly due to the actions of Six4Three. I really doubt it was happenstance that gave the UK a chance to get these docs and legally it is 100% on Six4Three.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Nov 2018 @ 9:07am

      Re: Having access to those documents is a violation

      >He was not allowed to take those docs outside of the US

      Says who?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Nov 2018 @ 9:19am

      Re: Having access to those documents is a violation

      I think we may have found one of those infamous Facebook trolls.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Nov 2018 @ 5:17am

    handed over the documents PMs requested. MPs, Tim.

    reply to this | link to this | view in chronology ]

  • icon
    Gary (profile), 30 Nov 2018 @ 6:58am

    Is that true? Was there actually something in the order preventing him from taking those documents outside of the country, or are you just supposing that?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Nov 2018 @ 7:24am

    Why could't he just tell them that he didn't have or didn't have access to the documents, then head straight to the US consulate? OR he Could have just called the US Consulate and told them that the UK was meddling in US affairs

    OR....He could have just headed over to the Ecuador's consulate and handed the documents to Julian.

    Smells more fishy then a Taco at the Y.

    reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 30 Nov 2018 @ 7:24am

    Google: Don't be evil.

    Facebook: Don't bother even pretending we're not being evil.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Nov 2018 @ 7:33am

    Effort to expose Facebook?

    The failed redaction is in bold. ... Now, the only thing holding this back from being a Six4Three effort to expose Facebook without running afoul of the court is the filing date.

    Six4Three didn't publish the documents, they filed these documents with the court. Why should the court or Facebook rely on them to redact it properly? Why would Six4Three expect the court to publish without checking?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Nov 2018 @ 9:54am

      Re: Effort to expose Facebook?

      Moreover, given how frequently this exact failure mode has plagued electronic documents in a variety of venues, why is anyone still surprised when someone gets this wrong? PDF is a good format, but it's clear that the tools and/or the training about how to redact content in it are inadequate to the point that every party handling the documents should just assume that everyone else did it wrong, and re-check before proceeding. Yes, it's unfair that every party has to work harder to cover the potential mistakes of other parties, but when secrecy is important, it is the only safe approach.

      reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 30 Nov 2018 @ 12:07pm

    Building your house on someone else's property

    Plaintiff has yet to receive information regarding this decision that shut down its business.

    Assuming I'm reading this right FB didn't shut down their business, they shut down the free access system and replaced it with a paid version, and losing access to that shut down the app/business.

    If you build your business entirely around what another business does, such that if they stop doing it or change how they do so you go under, you have no one to blame but yourself. Now if you set up a formal contract, where they guarantee that they will provide X if you provide Y, and will not stop doing so unless certain conditions are met and then they stop in violation of those terms then you could almost certainly go after them for breach of contract, but barring that I'm not seeing any grounds to sue over.

    Running with this idea it seems a comparable hypothetical would be if I were to set up a business that required a local store to stock a particular product, didn't set up any sort of formal agreement/contract that they would do so, and then crying foul if they decide(for whatever reason) to stop stocking it, such that I could no longer operate. In such a case it would be entirely on me for basing my business on such flimsy ground, where my ability to continue to operate depended entirely on something I had no control over.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Nov 2018 @ 2:43pm

      Re: Building your house on someone else's property

      If you build your business entirely around what another business does, such that if they stop doing it or change how they do so you go under, you have no one to blame but yourself.

      Or like building a business that requires electricity? Yeah, I see how that works. Thank goodness there are laws preventing electric companies from arbitrarily denying connections or we'd have people going around spouting off about how the victims have no one to blame but themselves for depending on electricity in the first place.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Nov 2018 @ 3:00pm

        Re: Re: Building your house on someone else's property

        That is a massive false equivalency. And, really, a very dumb one.

        Electricity is a utility. Access to data stored on Facebook's servers is not. Not even close.

        FB may be chock full o' assholes but it'll never be demonstrated or proven (or change) with arguments like yours.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 30 Nov 2018 @ 6:14pm

          Re: Re: Re: Building your house on someone else's property

          That is a massive false equivalency. And, really, a very dumb one.

          No claim of general equivalency was made, so take your stupid straw man go burn it. Now that that's out of the way, do you deny that both are examples of one business relying on fair dealing by another without "having a contract"?

          Electricity is a utility. Access to data stored on Facebook's servers is not. Not even close.

          Again, nobody said otherwise. Quite a bonfire you're building there.

          FB may be chock full o' assholes but it'll never be demonstrated or proven (or change) with arguments like yours.

          Talk about assholes, I don't know if you are, but you sound kinda like one of their paid trolls.

          reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 30 Nov 2018 @ 3:27pm

        Re: Re: Building your house on someone else's property

        While I'm certainly aware that there are people who use it extensively, I apparently missed the point at which it was classified as a utility, alongside water and electricity, such that such a comparison would be even remotely accurate.

        Strange really, given how large the company is you'd think that sort of thing would be widely known...

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 30 Nov 2018 @ 6:21pm

          Re: Re: Re: Building your house on someone else's property

          I apparently missed the point at which it was classified as a utility,

          Nobody said it was. In fact, I can't think of any other company that is exactly the same as FB, period. But, there is an underlying principle that your apparent love for FB is blinding you to.

          reply to this | link to this | view in chronology ]

          • icon
            That One Guy (profile), 30 Nov 2018 @ 7:18pm

            Strike two, go for three?

            Nobody said it was.

            Huh, guess I must have hallucinated the part where you immediately compared FB with the electricity company, as though running a business under the assumption that a utility, electricity in this case, is remotely comparable to running a business under the assumption that another company that is not a utility will continue to operate in a certain fashion.

            Seems to be a pretty persistent hallucination too, given the comment is still there. Strange that.

            But, there is an underlying principle that your apparent love for FB is blinding you to.

            It's telling that you assume, sans any evidence, that I simply must love FB in order to call out any company stupid enough to build business models around something they have no control over, in this case the actions of another company they lack a contract with.

            But by all means, expound upon this 'underlying principle' that I am apparently missing that makes running a business that can crash overnight due to actions outside of your control not incredibly stupid.

            reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.