Facebook Secretly Wiretapped Competitors
Posted by freedomforall 6 months, 2 weeks ago to Business
Excerpt:
"At the request of CEO Mark Zuckerberg, Facebook officials developed a program called In-App Action Panel (IAAP) that they deployed in 2016 and which was in use through mid-2019, according to the documents, which include internal emails.
The program utilized cyberattacks to intercept information from Snapchat, YouTube, and Amazon. The program then decrypted the information.
“Facebook’s IAAP Program used nation-state-level hacking technology developed by the company’s Onavo team, in which Facebook paid contractors (including teens) to designate Facebook a trusted ‘root’ certificate authority on their mobile devices, then generated fake digital certificates to redirect secure Snapchat analytics traffic (and later, analytics from YouTube and Amazon) from Snapchat’s servers to Onavo’s; decrypted these analytics and used them for competitive gain, including to inform Facebook’s product strategy; reencrypted them; and sent them up to Snapchat’s servers as though it came straight from Snapchat’s app, with Facebook’s Social Advertising competitor none the wiser,” lawyers said in one of the documents.
The lawyers, representing plaintiffs in a lawsuit that accuses Facebook of anti-competitive behavior, were describing emails they obtained through discovery.
In one email, Mr. Zuckerberg wrote that there was a need to receive information about Snapchat but that their traffic was encrypted. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this,” he wrote.
After Facebook employees started working on figuring it out, Facebook Chief Operating Officer Javier Olivan wrote that the program could pay users to “let us install a really heavy piece of software (that could even do man in the middle, etc.).”
Man in the middle refers to a type of cyberattack where attackers secretly intercept information.
...
Facebook’s actions amounted to wiretapping and violated federal law.
The Electronic Communications Privacy Act of 1986, sometimes known as the Wiretap Act, bars people from intercepting any “wire, oral, or electronic communication” and from intentionally disclosing the contents of information that was illegally intercepted.
“Facebook’s IAAP program conduct squarely meets the statutory proscriptions ... within the meaning of the statute,” lawyers for the plaintiffs told the court.
Facebook’s program does not fall within exceptions outlined in the law, particularly because Snapchat did not approve the interception and decryption of its information, they said. Further, Snap’s contact with users prohibits the behaviors in which Facebook engaged.
Meta did not respond to a request for comment."
"At the request of CEO Mark Zuckerberg, Facebook officials developed a program called In-App Action Panel (IAAP) that they deployed in 2016 and which was in use through mid-2019, according to the documents, which include internal emails.
The program utilized cyberattacks to intercept information from Snapchat, YouTube, and Amazon. The program then decrypted the information.
“Facebook’s IAAP Program used nation-state-level hacking technology developed by the company’s Onavo team, in which Facebook paid contractors (including teens) to designate Facebook a trusted ‘root’ certificate authority on their mobile devices, then generated fake digital certificates to redirect secure Snapchat analytics traffic (and later, analytics from YouTube and Amazon) from Snapchat’s servers to Onavo’s; decrypted these analytics and used them for competitive gain, including to inform Facebook’s product strategy; reencrypted them; and sent them up to Snapchat’s servers as though it came straight from Snapchat’s app, with Facebook’s Social Advertising competitor none the wiser,” lawyers said in one of the documents.
The lawyers, representing plaintiffs in a lawsuit that accuses Facebook of anti-competitive behavior, were describing emails they obtained through discovery.
In one email, Mr. Zuckerberg wrote that there was a need to receive information about Snapchat but that their traffic was encrypted. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this,” he wrote.
After Facebook employees started working on figuring it out, Facebook Chief Operating Officer Javier Olivan wrote that the program could pay users to “let us install a really heavy piece of software (that could even do man in the middle, etc.).”
Man in the middle refers to a type of cyberattack where attackers secretly intercept information.
...
Facebook’s actions amounted to wiretapping and violated federal law.
The Electronic Communications Privacy Act of 1986, sometimes known as the Wiretap Act, bars people from intercepting any “wire, oral, or electronic communication” and from intentionally disclosing the contents of information that was illegally intercepted.
“Facebook’s IAAP program conduct squarely meets the statutory proscriptions ... within the meaning of the statute,” lawyers for the plaintiffs told the court.
Facebook’s program does not fall within exceptions outlined in the law, particularly because Snapchat did not approve the interception and decryption of its information, they said. Further, Snap’s contact with users prohibits the behaviors in which Facebook engaged.
Meta did not respond to a request for comment."
/s