Facebook has denied claims its engineers found evidence in 2014 that “entities with Russian IP addresses” used the social network’s controversial API key to harvest data about its users.
The allegation was made in an extraordinary parliamentary committee meeting in Westminster today by its co-chair, Damian Collins MP, who used an obscure British law to seize a cache of internal company emails from an app developer currently taking legal action against Facebook.
Collins said the emails, which have been sealed by order of a Californian court, reveal that a Facebook engineer flagged evidence of the rogue activity in 2014, long before the social network acknowledged Russia had used its platform to disseminate propaganda.
But in a statement shared with NS Tech and other media this afternoon, Facebook said that the “engineers who had flagged these initial concerns subsequently looked into this further and found no evidence of specific Russian activity”.
Facebook found the calls to the API were legitimate calls from Pinterest and not from Russia, it added on Monday evening. While the engineer’s email cited by Collins suggested billions of data points were pulled, the investigation revealed the actual volume of calls was around six million.
Pressed on the issue during Monday’s meeting, which brought together parliamentarians from nine countries including the UK, Canada, Singapore and Ireland, Richard Allan, Facebook’s European policy chief and a Liberal Democrat peer, cast doubt on the allegations.
“To set expectations around the emails […], there is, as I understand it, a partial set of information that was obtained by a hostile litigant who is repeatedly seeking actually to overturn the very changes to restrict access to data that you as a committee and others would want to see happen,” he told the committee.
Collins interjected: “I don’t want you to use this opportunity just to attack the litigant who is actually not in a position to speak for themselves because they’ve been told they can’t speak publicly about these matters. I want you to address the question.
“If you don’t have the answer to it, I want you to report back to the committee to say what internal process [Facebook] ran when this was reported to the company by an engineer and did they notify external agencies of this activity? Because if Russian IP addresses were pulling down a huge amount of data from the platform was that reported or was it kept, as so often seems to be the case, within the family and not talked about?”
Adams responded: “The context I’m giving is really to say any information that you have seen which is contained within that cache of emails is at best partial and, at worst, potentially misleading. On the specific question of whether or not we believe based on our subsequent investigations that there was activity by Russians at that time, I will come back to you.”
The committee had indicated over the weekend that it was considering whether to publish the documents, but Collins said at the start of the session that the committee was “not in a position to do” so today.
The committee also grilled Allan on the subject of regulation. Asked whether Facebook should accept regulation on a global level, he said: “Absolutely and that’s our expectation. We should be accountable to you. We should tell you what we’ve done and if you’re unhappy, you should have the power to take sanctions against us. I completely accept that principle.”
But in response to a further question on whether Facebook should be liable for all illegal content that is not taken down within a reasonable timeframe, he added: “I don’t think that the internet would be well served by removing all intermediary liability protections but I do accept […] the idea that we’re exempt from everything is also out of date. We need to get to the right balance on where our responsibilities lie.”
Updated: This story was updated on Tuesday (28 November) after Facebook shared more detail on the nature of its investigation into the activity.