When the Cambridge Analytica scandal was in full swing earlier this year (yeah, this year), Facebook’s defense of its data practices hinged on technicalities. The biggest one was this: Facebook does not sell user data; it sells the ability to harness user data. Here’s an example: an advertiser cannot ask for the data Facebook has on me, but Facebook will enable them to target their ads at “twenty-somethings who have lived in New Jersey and like the Facebook page for Bruce Springsteen.” The point was that Facebook kept your data under lock and key and acted as a go-between for advertisers who wanted to harness it. Only Facebook and user-authorized applications could get direct access.
But … what if Facebook did sell direct access to user data? According to documents newly seized by the British government, the company considered it. According to The Wall Street Journal, as third-party developers like Cambridge Analytica and thousands of others were gaining authorized access to user data, Facebook considered charging them for it: “An unidentified Facebook employee mentioned shutting down data access ‘in one-go to all apps that don’t spend … at least $250k a year to maintain access to the data,’ according to one email referenced in the document.”
(The origin of the documents is a whole story of its own. A third-party developer on Facebook’s platform, Six4Three, made an app that scanned users’ friend’s pictures for bikini shots, and was subsequently shut out of the platform. That developer is now suing Facebook for anticompetitive practices. Last weekend, Damian Collins, the chair of British Parliament’s Digital, Culture, Media and Sport Committee — which is looking into Facebook’s role in politics and elections — seized documents from that lawsuit by force through a rarely invoked procedure.)
Facebook told the Journal that, yes, the idea had been considered, but was ultimately abandoned. The discussions took place in the foggy years immediately following Facebook’s 2012 IPO, in which the company needed to start turning its enormous cache of personal data into profit for shareholders. Many of the documents the Journal saw are redacted and don’t provide a full picture, but even the visible portions point to a company toeing the line of the acceptable limits of privacy.
It is not uncommon for companies to charge for premium API access (an “application programming interface,” if you forgot, is a set of tools that make it easy for someone to hook into a system and use its services). Twitter, for instance, does this — though its personal-data collection mechanisms seem less comprehensive than Facebook’s. Facebook is kind of like a bank in this respect: you wouldn’t want to give someone you didn’t trust access to your Facebook data in the same way that you wouldn’t want to let someone shady look at your financial statements.
It could have been worse! Charging for API access is certainly better than just selling the data wholesale; the former option would presumably still be governed by a privacy policy. Not that privacy policies at Facebook really mean anything, as we now know. A policy without enforcement mechanisms is meaningless.
If we game out this alternate history a little further, we might reach a worrying conclusion. As Facebook’s current privacy and revenue models have come under fire, the company has quickly reformed everything around them: clearer privacy controls, automatically shutting off access to dormant apps, more auditing of developers who have API access. But Facebook’s revenue model remains unchanged, and its data-collection practices are still aggressive, tracking users across apps and around the web (even users who don’t have Facebook accounts). Facebook is willing to modify everything except the actual system that fills its coffers. Now imagine if API access was also a significant revenue stream; Facebook might, hypothetically, drag its heels on reforming that, too.
But the discussions of how to monetize user data point to a larger problem with startups and social networks that rely on scaling up before figuring how to sustain themselves. Facebook was building its business, and its privacy policies and systems, based on the data it had on hand. Facebook’s enormously lucrative business did not start out with a set of rigorous principles; it started with a ton of data that users had naïvely surrendered, and then Facebook’s employees were tasked with seeing how much the company could get away with.
