Facebook Secretly Wiretapped Competitors: Documents

Authored by Zachary Stieber via The Epoch Times (emphasis ours),

Facebook secretly obtained proprietary data from competitors, including Snapchat, according to newly unsealed court documents.

At the request of CEO Mark Zuckerberg, Facebook officials developed a program called In-App Action Panel (IAAP) that they deployed in 2016 and which was in use through mid-2019, according to the documents, which include internal emails.

The program utilized cyberattacks to intercept information from Snapchat, YouTube, and Amazon. The program then decrypted the information.

“Facebook’s IAAP Program used nation-state-level hacking technology developed by the company’s Onavo team, in which Facebook paid contractors (including teens) to designate Facebook a trusted ‘root’ certificate authority on their mobile devices, then generated fake digital certificates to redirect secure Snapchat analytics traffic (and later, analytics from YouTube and Amazon) from Snapchat’s servers to Onavo’s; decrypted these analytics and used them for competitive gain, including to inform Facebook’s product strategy; reencrypted them; and sent them up to Snapchat’s servers as though it came straight from Snapchat’s app, with Facebook’s Social Advertising competitor none the wiser,” lawyers said in one of the documents.

The lawyers, representing plaintiffs in a lawsuit that accuses Facebook of anti-competitive behavior, were describing emails they obtained through discovery.

In one email, Mr. Zuckerberg wrote that there was a need to receive information about Snapchat but that their traffic was encrypted. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this,” he wrote.

After Facebook employees started working on figuring it out, Facebook Chief Operating Officer Javier Olivan wrote that the program could pay users to “let us install a really heavy piece of software (that could even do man in the middle, etc.).”

Man in the middle refers to a type of cyberattack where attackers secretly intercept information.

“We are going to figure out a plan for a lockdown effort during June to bring a step change to our Snapchat visibility. This is an opportunity for our team to shine,” Guy Rosen, founder of Onavo, later wrote. Onavo was started in Israel and bought by Facebook in 2013.

In a presentation on the program when it was being finalized, it was stated that there would be “’kits” that can be installed on iOS and Android that intercept traffic for specific sub-domains, allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage.”

Documents and testimony obtained in the case showed the program was launched in June 2016 and continued being used through 2019.

The program initially targeted Snapchat but was later expanded to Google’s YouTube and Amazon, according to the documents.

The information gained by the program helped inform Facebook’s product designs, according to Facebook employees. Those products “hamper[ed] Snap’s ability to sell ads,” one Snap executive said in a deposition for the case.

Snap, Google, and Amazon did not return requests for comment.

Mr. Zuckerberg, in another deposition, refused to answer questions about the program. Mr. Zuckeberg indicated he might answer questions if he was given an opportunity to review the documents.

Lawyers for the plaintiffs, who are advertisers, have asked the court handling the case, the U.S. District Court in northern California, to grant them three additional hours with Mr. Zuckerberg so they can ask him more about what happened. They also asked for sanctions against Meta, which owns Facebook, because Meta did not disclose the program when initially asked for all information and data that Facebook derived from Onavo’s work.

Violation of Law?

Facebook’s actions amounted to wiretapping and violated federal law.

The Electronic Communications Privacy Act of 1986, sometimes known as the Wiretap Act, bars people from intercepting any “wire, oral, or electronic communication” and from intentionally disclosing the contents of information that was illegally intercepted.

“Facebook’s IAAP program conduct squarely meets the statutory proscriptions … within the meaning of the statute,” lawyers for the plaintiffs told the court.

Facebook’s program does not fall within exceptions outlined in the law, particularly because Snapchat did not approve the interception and decryption of its information, they said. Further, Snap’s contact with users prohibits the behaviors in which Facebook engaged.

Meta did not respond to a request for comment.

Netflix Nexus

Reed Hastings, chairman of Netflix’s board of directors, also served on Facebook’s board for years.

Plaintiffs have attempted to secure documents and a deposition from Mr. Hastings, but he has refused so far, according to other filings. The plaintiffs asked the court to force Mr. Hastings to comply with subpoenas.

The plaintiffs separately said that it asked Netflix for materials but that Netflix had only produced 54 documents, “all of which are collateral (at best) to the issues Advertisers asked for documents on, and none of which fall within the clearly defined categories of documents that Advertisers repeatedly told Netflix were at the core of what was sought for Advertisers’ case.”

Netflix and Facebook have a yearslong relationship that includes Netflix spending tens of millions of dollars on Facebook advertising and Facebook granting Netflix unique access to its data, the filings noted.

The plaintiffs asked the court to compel Netflix to produce relevant documents.

Netflix did not respond to a request for comment.