Data Protection & Privacy

Contract Workers at Facebook had full access to User Messages: Report

A ProPublica investigation has suggested that Facebook gave its contract workers access to user messages. The investigation was based on internal corporate documents, interviews, and law enforcement records. It also says that the company’s safeguards to make “Facebook Marketplace” safe failed to protect buyers and sellers from scam listings, fake accounts, and violent crime.

The reporters discovered a network of fake and suspicious accounts posting listings, the evidence of Facebook’s failure in overseeing the service. Fraudsters listed products for male enhancement, lottery numbers, puppies, apartment rentals, PlayStation 5, work visas, loans, Bitcoin, vaccine cards, miracle beauty creams, Brazillian rainforest land, egg farms, furniture, etc.

Marketplace’s ease of use and integration with Facebook, also made it easy for cybercriminals to find victims on Marketplace. The scams were not just limited to the virtual world. Criminals across America have exploited Marketplace to commit armed robberies and even homicide.

Failed Defences, and the Snooping

Facebook heavily uses software and automated systems to scan each listing for signs of fraud before it goes live. However, marketplace workers said that they frequently fail to ban “obvious scams and listings that violate Facebook’s commerce policies, and flag hacked accounts and suspiciously low priced listings, besides banning some legitimate consumers from using the platform.

Besides the automated systems, the marketplace relies upon roughly 400 workers, employed by Accenture. These workers were from U.S., Ireland, India, and Singapore. They respond to user complaints and review listings that the automated systems flag, and Facebook expects them to handle more than 600 complaints or help requests a day, including cases of fraud.

To police the marketplace, Facebook gave these workers largely unfettered access to users’ messenger inboxes. They could read all messages sent and received. They were supposed to see if an account was copying and pasting the same suspicious message to different prospective buyers or sellers or directing them off-platform to continue the scam. However, it ended in workers spying on romantic partners among other privacy violations. Facebook never notified users if such a worker accessed their inbox. The employees said that such efforts are rarely successful in preventing fraud.

One Facebook spokesperson confirmed that the contract workers had access to user’s inboxes. He said that Accenture analysts working on Marketplace could view Messenger inboxes in the past, but this access was recently restricted to messages exchanged on Marketplace.

Surprisingly, one such worker was given inbox access six hours after signing his onboarding papers.

Other Highlights of the report

Facebook certainly has an advantage over other platforms.

Marketplace has a certain advantage over other platforms. To list products, any user must have a Facebook account. As such, any consumer can visit the profile of the seller and view more information. This increases consumer trust.

Marketplaces are doing better, even with fewer resources.

Other marketplaces such as EBay and Craigslist do better to safeguard consumers. EBay has introduced an escrow service and provides refunds for fraudulent car sales. It also actively looks for stolen goods being sold on its platform. On the other hand, Craigslist reduced fraudulent offers by simply charging users to post car listings.

Facebook does not want to take responsibility for safeguarding transactions.

The Marketplace product manager Bowen Pan said way back in 2016, while launching the product, that Facebook was not responsible for safeguarding transactions. He said, “We see our role as just connecting buyers and sellers.”

While users are using money, Facebook is generating revenue through the same fraudulent Marketplace advertisements.

Facebook extended Marketplace services to known hotbeds of crime.

Workers who helped police the Marketplace said that Facebook identified several countries as “high risk” due to the volume of scams run by people based there. E.g Facebook internally identified Benin as “unusually high scam prevalence.” Cybercriminals in the country used to cheat people through listings for loans and male enhancement products even before Facebook launched the Marketplace there. But this did not stop Facebook from extending the service to Benin.

Facebook doesn’t block known offenders from its Marketplace.

Facebook doesn’t bar users accused of violent crimes related to Marketplace transactions. The reporters were able to find four active Facebook accounts belonging to people charged with murder related to Marketplace transactins.

Shooting the Messenger

Cybercriminals often meet sellers or buyers on Marketplace and rob them at gunpoint when they showed up for a meeting. In many cases, they hack into a user’s account and post listings. Once a buyer pays in advance, the scammer cuts off contact.

The report shares the story of a person whose account was hacked by cybercriminals. When he reached out to Facebook to secure his account, he didn’t receive a response. When a scammer once again used his account to post listings, he again tried to contact Facebook. However, Facebook banned the person from posting to Marketplace.

New Consumer Protection Law may force change

Marketplaces are a hotspot for cybercriminals since there is no accountability, no transparency, and no physical address for law enforcement to investigate. However, a new law could bring change.

Democratic Senator Richard Durbin of Illinois earlier this year introduced the INFORM Consumers Act. The law would require online marketplaces to verify the identity of people selling goods on their platforms.

Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates, don’t forget to subscribe to our Newsletter.

Rohit Ranjan Praveer

Rohit is a practicing advocate at Delhi. Beginning as a tech enthusiast, Rohit always had a keen interest in computer forensics and information security. Building upon these fundamentals, he has undertaken extensive research on various techno-legal topics and continues his pursuit pass on valuable information to the masses, with a zeal to build something that outlasts him.​

Share your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.