Cambridge Analytica, Facebook, Fake news, fake-news inquiry, friends API, ico, Information Security, Law & order, lawsuit, Privacy, Six4Three, Social networks, Top News

Court: Embarrassing leaks of internal Facebook emails are fishy

All those internal Facebook emails that got handed to MP Damian Collins during the UK’s fake-news inquiry, when he purportedly spooked Six4Three’s managing director into whipping out a USB drive?

A California court agrees with Facebook: a judge said on Friday that the “I panicked” explanation from Six4Three’s Ted Kramer could stand a bit of scrutiny. After all, Kramer handed over highly confidential documents, which he was explicitly told not to do during the company’s legal battle with Facebook. The whole thing looks more like a plot to leak confidential data than a flustered moment in an MP’s office, the court says.

Judge V. Raymond Swope, of the ­superior court of California, ruled that there was prima facie evidence that Six4Three had plotted to “commit a crime or fraud” by leaking the emails in violation of an earlier court order. Prima facie evidence is that which is sufficient to establish a fact or raise a presumption unless disproved or rebutted.

Six4Three’s legal team had been trying to hide the developer’s conversations with British MPs, claiming that they should be protected under attorney-client privilege. But given that prima facie evidence points to Six4Three having potentially leaked the emails, the court has ordered the developer to hand over all such records.

A bikini-sized bite of background

Six4Three, the former ‘wanna-see-your-gal-pals-in-bikinis?’ app developer, in 2015 launched a suit over Facebook’s 2014 decision to shut down the Friends data API, through which users could allow thousands of third-party apps to track their friends’ location, status, and interests.

No Facebook Friends API, no “pikinis” from Six4Three – a kicking-off-the-knees move that crippled the developer. In its suit, Six4Three alleged that Facebook turned off the tap as a way of forcing developers to buy advertising, transfer intellectual property or even sell themselves to it at a bargain basement price.

Why pull out a USB stuffed with confidential documents?

The story from MP Collins and Kramer: the two met in Collins’s London office on 20 November. Collins told Kramer that he was under active investigation in the UK’s fake news inquiry, that he was in contempt of parliament, and that he could potentially face fines and imprisonment.

Kramer claims to have “panicked” and whipped out a USB drive before frantically searching his Dropbox account for relevant files obtained under civil discovery. He purportedly looked for any files whose names suggested they might be relevant, purportedly dragged them onto the USB drive without even opening them, and handed over the USB stick – in spite of Facebook having labelled the documents highly confidential, and “against the explicit statements by counsel.”

In December, Collins’s parliamentary committee published about 250 pages of internal emails showing how Facebook limited the data on users’ friends that developers could see… at any rate, it cut off access to some developers. Facebook kept a whitelist of certain companies that it allowed to maintain full access to friend data.

The emails also showed that Facebook knew that changing its policies on the Android mobile phone system to enable the Facebook app to collect a record of users’ calls and texts would pull in bad PR… so the plan was to bury it deep, “to make it as hard as possible for users to know that this was one of the underlying features of the upgrade of their app,” as Collins characterized it.

As far as the “I panicked” story goes, the response from Facebook has been: Nah, we don’t buy it. Judge Swope thinks the company’s lawyers are on to something. The Telegraph quoted Judge Swope as he concluded what was reportedly a combative two-day hearing in Redwood City, California, near Facebook’s campus in Menlo Park:

The evidence reflects that Six4Three utilized the services of counsel to aid in committing a crime or fraud. It is apparent from the evidence that Six4Three’s counsel was engaged in the ‘heavy lifting’ of analyzing and summarizing Facebook’s confidential parties, and not merely acting in an ­advisory role.

”Scared out of” vs. “served up on a silver platter”

One example of Six4Three’s proactive communications noted by Judge Swope was an email exchange with the UK’s Information Commissioner’s Office (ICO). It was initiated by Six4Three lawyer David Godkin, who introduced himself in an initial email that bore the subject line “Extensive evidence regarding Facebook’s treatment of friend data and user privacy.”

He went on to say that his law firm had obtained…

extensive discovery of communications between [Facebook CEO Mark] Zuckerberg and numerous executives… that [they] believed is highly relevant to the Cambridge Analytica investigation.

The judge also found that lawyers in the case had shared summaries of legal filings with journalists and government agencies. Those summaries didn’t just include allegations; they “also analyze in detail the confidential information obtained from Facebook.”

The leaks keep coming

The leaks in December were just the start. Since then, 60 more pages of unredacted legal documents were published on GitHub.

The second leak of internal emails revealed that Facebook planned to spy on Android users and that Facebook itself had what it called a near-fatal brush with a data privacy breach when a third-party app came close to disclosing its financial results ahead of schedule.

It’s not clear how many more internal documents may have made it into the public domain or might still be destined to appear. Facebook’s lawyers have been fighting to shut down the leaks and identify their source by pushing for Six4Three’s legal team to be cross-examined under oath.

Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend