It turns out Facebook did at one point consider selling its users’ data.
We now know this not because Facebook executives had a sudden urge for transparency, but because of a bungled PDF that wasn’t properly redacted.
That error, which was reported by ArsTechnica, resulted in a number of email exchanges among Facebook employees being unintentionally made public. The court documents, which stem from a 2015 lawsuit against Facebook by a developer called Six4Three, are currently at the center of an inquiry by UK government officials into Facebook’s data privacy practices.
The newly discovered and not-actually-redacted portions reveal that the social network did toy with the idea of giving big corporations deeper access to Facebook’s data if they spent large sums of money on advertising.
Ultimately, Facebook didn’t formally pursue these types of arrangements. In a statement provided to Mashable, the company’s director of developer platforms and programs, Konstantinos Papamiltiadis, called the emails “misleading” and noted that Facebook has never charged developers for access to its platform.
That these emails were made public in the first place, though, is yet another embarrassing example of what can go wrong when PDF editing software isn’t used properly.
ArsTechnica reporter Cyrus Farivar unearthed the supposedly redacted text when he literally copied and pasted it into a text editor. “Ars was able to access pages of blacked-out text simply by copying and pasting them into a text editor,” he wrote. (The full document is available here.)
And while we don’t know what exactly went wrong that made it so embarrassingly easy to decipher the text, it certainly appears that one of the law firms involved could use a refresher on how to use their PDF editing software. (The document in question originated from Six4Three. Six4Three’s law firm, Birnbaum & Godkin, could not immediately be reached for comment.)
However, it turns out properly redacting text can be more complex than you might think. “In theory this stuff does happen because there’s a very wrong way to do redactions,” says Cathy Gellis, a cyber lawyer based in Northern California, who is not affiliated with the Six4Three case.
That might be why the District Court for Northern California, where the lawsuit was originally filed, has its own guide of do’s and don’ts to help attorneys properly obscure sensitive information.
The “don’t” section lists several methods that should not be used, such as simply changing the color of the font to white and deleting text without stripping the associated metadata. It also notes that some editing tools may appear to “black out” text even though it’s actually still visible.
Whether or not that’s what happened in this case is unclear. Though it wouldn’t be the first time a simple error has blown up into an embarrassing mess. Earlier this month, a prosecutor accidentally revealed that the U.S. government had filed charges against Wikileaks founder Julian Assange when a U.S. attorney copy and pasted the wrong text into a court document. It was also revealed this year that the former chairman of Donald Trump’s presidential campaign, Paul Manafort, accidentally created a paper trail documenting fraud because he didn’t know how to convert a Microsoft Word document into a PDF.
For lawyers, though, the Six4Three case is a reminder of what can go wrong when the tools you use don’t work the way you intend. Gellis notes that it’s important for attorneys to be able to understand how these mistakes happen so they can better avoid them in the future. “Part of our job is to keep lots of information secret in a lot of ways. Every lawyer has to redact documents, and you want to believe you redacted them correctly.”
For what it’s worth, the District Court for Northern California does recommend one redaction method it promises “will always be 100% effective,” and all you need is a good pari of scissors: “cut-out (literally) all the text to be redacted and properly dispose of (shred) the clippings.”