For those watching the TikTok hearing - a thread of something most of the public missed two months ago as it was unsealed in a federal court late on a Friday night. Facebook tried to keep it secret for years - a Sep 2018 "Status and Re-scoped Approach" from the unprecedented audit Mark Zuckerberg promised Congress during its Cambridge Analytica scandal. /1
Reminder, here is what Zuckerberg promised Congress. They had attempted to keep even the names of the two consultants sealed for years but failed because they promised the public they would do the audit to keep us safe. Not just for legal reasons. The case is currently being settled for a record amount. /2
This was the timeline. It looks like the project was kicked off in May at the "Project Analytica Summit." A catchy name I suppose. Reminder, this was basically to investigate the extent that their entire app platform was leaking data as they hacked for growth. /3
These were the apps that appear to have been immediately escalated as high-priority. Gibson Dunn being the lawyers, FTI and Stroz the secret forensic consultants. Any apps that stand out, let me know. Definitely AIQ and Mail dot ru. /4
Get this. Over 2 million apps fit the P0 priority list meaning they were created before 2015 and had access to sensitive user and friends' permissions. So again, that seems like a lot to me but what do I know. It's a big platform. /5
Let's get to where things started to get even more interesting related to TikTok hearing. High-risk countries for all of that accessible personal data across the Facebook platform. Russian developers in Iran? China? Russia? Yes, TikTok 2023 actually seems super, super benign compared to this. /6
Status:
Under development
We ran preliminary queries on a test set of 9 suggested countries to understand the number of #developers in those jurisdictions and review any..."
"...facially interesting results - see next slide for numbers of developers.
E.g., some countries have a relatively small number of developers that created pre-2014 apps; #Iran had a significant number of seemingly #Russian#developers.
Based on a review of lists prepared by government agencies (e.g., #StateDepartment, #FBI, #OFAC) and watchdog organizations (e.g., #FireEye), ..."
We will separately review #China and #Russia, given the risk associated with those countries.
For other #jurisdictions, we have identified them as tier 1 ..."
@HistoPol@jasonkint@shashj
If Facebook needs to restrict countries that do intelligence targeting and cyber espionage, then why wasn't the US on the top of the list?
Did everyone forget that the NSA has been spying on all of us?
"Developers by Predicted Country." Again, this is from an unprecedented audit to see if Facebook had other Cambridge Analyticas - apps harvesting our personal data. Look at the nations ' list, it wasn't publicly known until this January:
*China 86,961
Cuba 250
*Iran 2,533
**North Korea 21
*Russia 42,078
Sudan 647
*Syria 929
Ukraine 34,624
Vietnam 76,813
/7
Again, reminder. The Sept 17, 2018 presentation is titled: "Status and Rescoped Approach." Why? Well sure enough slide 16 says, "Now is an opportunity to reflect and consider alternative approaches to better risk-calibrate the investigation." /8
They appeared to have been super early in the app investigation and already had a timeline to move it in-house, re-calibrate how deep they would really go. At that time, Zuckerberg and Sandberg (both scheduled to be deposed in the coming weeks btw) were refusing summons from international parliaments. SEC was likely a major risk. /9
And a key enforcer,
UK's ICO investigation was soon shut down informing public FB never even followed up on Cambridge Analytica servers afterward which Zuckerberg had told Congress was a priority. And then $5B+ of settlements shut down the FTC and SEC. /10
Add comment