The meta is potentially gone sensitive information collected from employee laptops that could be accessed by anyone in the company, according to an internal security memo seen by WIRED and three current employees familiar with the issue.
Data collected in a divisive initiative to train artificial intelligence models is believed to include keystrokes, mouse clicks and content displayed on the computer screens of Meta’s US employees.
Meta spokeswoman Tracy Clayton confirms that the company is investigating the security issue. “We have carefully designed this program with privacy safeguards in mind,” he says, adding, “at this time there is no indication that any data was improperly accessed by Meta employees.”
A security notice sent on Monday indicated that “employee data in 45,000 branch tables” was exposed. These tables included employee activities such as “full prompts and transcripts, private conversations, people and performance data,” according to documents reviewed by WIRED.
Some Meta employees were quick to spot the security flaw, saying in internal forums that it confirmed concerns the company raised in April when a program known as the Model Capability Initiative monitored employees’ corporate laptops.
Posts viewed by WIRED show that comments about the incident posted on internal forums on Monday raised questions about how Meta’s privacy reviews failed to prevent the breaches and whether anyone whose data was potentially exposed would be able to attend a meeting to discuss what went wrong.
On one of the internal forums where employees often joke, an employee posted a meme Office the character of Jim Halpert holding a sign that reads “0 days since our last nonsense.”
Sources at Meta, who were not authorized to speak publicly, tell WIRED that the incident has been marked as closed, meaning it has likely been resolved. In an internal post to employees on Monday, Andrew Bosworth, Meta’s chief technology officer, said the implementation of the tracking program had not met the standards set out in his privacy review and that lessons learned from the incident would be shared.
Last month, more than 1,600 employees of the tech giant signed an internal petition protesting laptop surveillance, warning that “the collection of this data poses both security and regulatory risks to Meta, including the potential for breaches and unauthorized disclosure.” The petitioners also expressed concerns about what they considered a lack of safeguards put in place by Meta. One engineer also wrote a widely distributed internal memo stating that scraping laptop screens to obtain training data without their consent amounts to an invasion of privacy and amounts to exploitation.
Meta executives have previously defended the data collection project, saying it is necessary to train artificial intelligence systems to operate computer software in the same way humans do. IN a recording from a company meeting was leaked last month, Mark Zuckerberg, Meta’s CEO, told employees that “AI models learn by watching what really smart people do” and that “the average intelligence of people working at this company is much higher” than the average contractor who might be hired specifically to create this kind of data.
But after widespread employee protests, Meta this month began offering more exceptions to monitoring, including allowing workers to briefly unsurveil so they can perform sensitive tasks such as scheduling an in-person meeting, according to two people familiar with the matter. Some workers continue to demand an end to tracking altogether.