Meta Exposed Data Internally From Its Controversial Employee-Tracking Program
Meta left potentially sensitive information collected from employee laptops accessible to anyone inside the company, according to an internal security notice seen by WIRED and
Meta left potentially sensitive information collected from employee laptops accessible to anyone inside the company, according to an internal security notice seen by WIRED and three current employees familiar with the issue. The data, which was collected as part of a divisive initiative to train artificial intelligence models, is believed to include keystrokes, mouseclicks, and content displayed on the computer screens of Meta’s US employees. Meta spokesperson Tracy Clayton confirms the company is investigating the security issue. "We have carefully designed this program with privacy safeguards,” he says, adding, “we have no indication at this time that any data was improperly accessed by Meta employees.” The security notice sent out Monday indicated that “employee data across 45,000 hive tables,” had been exposed. Those tables included employee activity such as “full prompts and transcriptions, private conversations, people and performance data,” according to documents viewed by WIRED. Some employees at Meta quickly seized on the security failure, saying in internal forums that it validated concerns they had raised when the company began tracking workers’ corporate laptops in April as part of a program known as the Model Capability Initiative.
Got a Tip? Are you a current or former Meta employee who wants to talk about what's happening? We'd like to hear from you. Using a nonwork phone or computer, contact the reporters securely on Signal Peard33.24 and at ChaoticGoode.12. Comments about the incident posted on internal forums Monday included questions about how Meta’s privacy reviews failed to prevent the breach, and whether everyone whose data was potentially exposed will be allowed to attend a meeting going over what went wrong, according to posts seen by WIRED. In one internal forum where staffers are known to trade jokes, an employee posted a meme from The Office of the character Jim Halpert holding a sign that reads, “0 days since our last nonsense.” Sources at Meta, who were not authorized to speak publicly, tell WIRED the incident has now been marked as closed, meaning it was likely resolved. In an internal post to employees on Monday, Andrew Bosworth, Meta’s chief technology officer, said that the tracking program’s implementation had fallen short of the standards outlined in its privacy review and that findings from the incident would be shared.
Last month, more than 1,600 employees at the tech giant signed an internal petition protesting the laptop surveillance effort, warning that “collecting this data introduces both security and regulatory risks for Meta, including the potential for breaches and unauthorized disclosure.” The petitioners also expressed concerns with what they viewed as a lack of safeguards that Meta had put in place. One engineer also wrote a widely shared internal note saying having their laptop screen scraped for training data without their consent felt like an invasion of privacy and amounted to exploitation. Meta executives have previously defended the data-gathering project, saying it was necessary to train AI systems to use computer software the way humans do. In audio of a company meeting leaked last month, Mark Zuckerberg, Meta’s CEO, told employees that “AI models learn from watching really smart people do things,” and the “average intelligence of the people who are at this company is significantly higher” than the average contractor who could be hired specifically to produce this kind of data.
The BriefWire