Facebook says it was for security, but is it a breach of user trust?
You can’t remove Facebook messages from the inboxes of people you sent them to, but Facebook
When asked by TechCrunch about the situation, Facebook claimed it was done for corporate security in this statement:
“After Sony Pictures’ emails were hacked in 2014 we made a number of changes to protect our executives’ communications. These included limiting the retention period for Mark’s messages in Messenger. We did so in full compliance with our legal obligations to preserve messages.”
However, Facebook never publicly disclosed the removal of messages from users’ inboxes, nor privately informed the recipients. That raises the question of whether this was a breach of user trust. When asked that question directly over Messenger, Zuckerberg declined to provide a statement.
Tampering With Users’ Inboxes
A Facebook spokesperson confirmed to TechCrunch that users can only delete messages their own inboxes, and that they would still show up in the recipient’s thread. There appears to be no “retention period” for normal users’ messages, as my inbox shows messages from as early as 2005. That indicates Zuckerberg and other executives received special treatment in being able to pull back previously sent messages.
Facebook chats sent by Zuckerberg from several years ago or older were missing from the inboxes of both former employees and non-employees. What’s left makes it look the recipients were talking to themselves, as only their side of back-and-forth conversations with Zuckerberg still appear. Three sources asked to remain anonymous out of fear of angering Zuckerberg or burning bridges with the company.[Update: Recent messages from Zuckerberg remain in users’ inboxes. Old messages from before 2014 still appear to some users, indicating the retraction did not apply to all chats the CEO sent. But more sources have come forward since publication, saying theirs disappeared as well.]
None of Facebook’s terms of service appear to give it the right to remove content from users’ accounts unless it violates the company’s community standards. While it’s somewhat standard for corporations to have data retention policies that see them delete emails or other messages from their own accounts that were sent by employees, they typically can’t remove the messages from the accounts of recipients outside the company. It’s rare that these companies own the communication channel itself and therefore host both sides of messages as Facebook does in this case, which potentially warrants a different course of action with more transparency than quietly retracting the messages.
Facebook’s power to tamper with users’ private message threads could alarm some. The issue is amplified by the fact that Facebook Messenger now has 1.3 billion users, making it one of the most popular communication utilities in the world.
Zuckerberg is known to have a team that helps him run his Facebook profile, with some special abilities for managing his 105 million followers and constant requests for his attention. For example, Zuckerberg’s profile doesn’t show a button to add him as a friend on desktop, and the button is grayed out and disabled on mobile. But the ability to change the messaging inboxes of other users is far more concerning.
Facebook may have sought to prevent leaks of sensitive corporate communications. Following the Sony hack, emails of Sony’s president Michael Lynton who sat on Snap Inc’s board were exposed, revealing secret acquisitions and strategy.
However, Facebook may have also looked to thwart the publication of potentially embarrassing personal messages sent by Zuckerberg or other executives. In 2010, Silicon Valley Insider published now-infamous instant messages from a 19-year-old Zuckerberg to a friend shortly after starting The Facebook in 2004. “yea so if you ever need info about anyone at harvard . . . just ask . . . i have over 4000 emails, pictures, addresses, sns” Zuckerberg wrote to a friend. “what!? how’d you manage that one?” they asked. “people just submitted it . . i don’t know why . . . they “trust me” . . . dumb fucks” Zuckerberg explained.
The New Yorker later confirmed the messages with Zuckerberg, who told the publication he “absolutely” regretted them. “If you’re going to go on to build a service that is influential and that a lot of people rely on, then you need to be mature, right? I think I’ve grown and learned a lot” said Zuckerberg.
If the goal of Facebook’s security team was to keep a hacker from accessing the accounts of executives and therefore all of their messages, they could have merely been deleted on their side the way any Facebook user is free to do, without them disappearing from the various recipients’ inboxes. If Facebook believed it needed to remove the messages entirely from its servers in case the company’s backend systems we breached, a disclosure of some kind seems reasonable.
Now as Facebook encounters increased scrutiny regarding how it treats users’ data in the wake of the Cambridge Analytica scandal, the retractions could become a bigger issue. Zuckerberg is slated to speak in front of the U.S. Senate Judiciary and Commerce committees on April 10 as well as the House Energy and Commerce Committee on April 11. They could request more information about Facebook removing messages or other data from users’ accounts without their consent. While Facebook is trying to convey that it understands its responsibilities, the black mark left on public opinion by past behavior may prove permanent.
If you have more info on this situation, including evidence of messages from other Facebook executives disappearing, please contact this article’s author Josh Constine via open Twitter DMs, firstname.lastname@example.org, or encrypted Signal chat at (585)750-5674.
For more on Facebook’s recent troubles, read our feature pieces: