Employees within Facebook have dug up “emails that appear to connect Chief Executive Mark Zuckerberg to potentially problematic privacy practices” in the course of responding to a Federal Trade Commission investigation, the Wall Street Journal reported on Wednesday, citing “people familiar with the matter.”
The Journal was not able to review the emails directly, but wrote they could complicate efforts at Facebook to quickly reach a settlement with the FTC over alleged violations of a 2012 agreement known as a consent decree. That agreement resolved charges that Facebook “deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public,” according to the FTC. To avoid penalties, the agency required the company agree to obtain “express consent before sharing [users’] information beyond their privacy settings” as well as implement a “comprehensive privacy program to protect consumers’ information.”
At least one of the email chains from April 2012 (after the decree was announced but before it went into effect) appears to show Facebook and Zuckerberg “grappling” with what type of practices it should permit under the order, namely a third party service that claimed to be offering access to user profiles no matter what privacy settings they had enabled. The Journal wrote:
In one email exchange from April 2012 that has caught regulators’ attention, according to a person familiar with the matter, Mr. Zuckerberg asked employees about an app that claimed to have built a database stocked with information about tens of millions of Facebook users. The developer had the ability to display that user information to others on its own site, regardless of those users’ privacy settings on Facebook, the person said.
According to the Journal (paraphrased), Zuckerberg replied asking “if such extensive data collection was possible” and whether Facebook should do something about it. A staffer responded in the affirmative to the first question, adding that it was common practice, but that it was a “complicated issue.” Facebook later suspended the specific app, but did not do much to change its platform in response; similar issues blew up in the company’s face over the course of the past year as privacy scandals including the sprawling Cambridge Analytica mess were revealed.
Facebook staff have also expressed concern that the content of the emails could damage the company’s reputation and make it look like Zuckerberg doesn’t care about privacy (duh!), the Journal added. It’s unclear whether additional emails are involved.
“We have fully cooperated with the FTC’s investigation to date and provided tens of thousands of documents, emails and files. We are continuing to work with them and hope to bring this matter to an appropriate resolution,” a Facebook spokesperson told the paper. “... At no point did Mark or any other Facebook employee knowingly violate the company’s obligations under the FTC consent order nor do any emails exist that indicate they did.”
Reports have indicated that Facebook expects to pay up to a record-setting $5 billion in a settlement with the FTC, but the agency is still mulling naming Zuckerberg as a respondent in its official complaint—something that could make the CEO personally liable for any future violations and would likely push Facebook into fighting the FTC in court, according to the Journal. But such a court battle would risk sensitive Facebook documents such as the aforementioned email going public.