Meta is strongly left sensitive information collected on employee laptops is accessible to anyone inside the company, according to an internal security memo seen by WIRED and three employees with knowledge of the matter.
The data, which was collected as part of a classified program to train artificial intelligence models, is believed to include keystrokes, mouse clicks, and content displayed on the computer screens of Meta’s US employees.
Meta spokesperson Tracy Clayton confirmed that the company is investigating the security issue. “We have carefully designed this system with privacy safeguards in mind,” he said, adding, “we have no indication at this time that any data has been improperly accessed by Meta employees.”
A security notice posted Monday revealed that “employee data on 45,000 tables,” was exposed. Those tables include employee activity such as “full and transcribed information, confidential conversations, personnel and performance data,” according to documents seen by WIRED.
Some employees at Meta quickly seized on the security failure, saying in internal forums that it confirmed complaints they had made when the company began tracking employees’ company laptops in April as part of a program known as the Model Capability Initiative.
Comments about the incident posted on internal forums Monday included questions about how Meta’s privacy review failed to prevent the breach, and whether everyone whose data may have been exposed will be allowed to attend the meeting that went wrong, according to a post seen by WIRED.
In one internal forum where employees are known to trade jokes, an employee posted a meme from The office of character Jim Halpert holding a sign that read, “0 days since our last bullshit.”
Sources at Meta, who were not authorized to speak publicly, tell WIRED that the incident has now been marked as closed, meaning it may have been resolved. In an internal letter to staff on Monday, Andrew Bosworth, Meta’s chief technology officer, said the implementation of the tracking system had fallen short of the standards set out in its confidential review and that the findings of the incident would be shared.
Last month, more than 1,600 employees at the technology company signed an internal petition against the laptop surveillance effort, warning that “collecting this data presents both security and regulatory risks for Meta, including the potential for breach and unauthorized disclosure.” The petitioners also expressed concern about what they saw as a lack of safeguards imposed by Meta. One engineer also wrote a widely shared internal memo saying that hacking their laptop screen to access training data without their permission felt like an invasion of privacy and amounted to exploitation.
Meta executives previously defended the data collection project, saying it was necessary to train AI systems to use computer software the way humans do. In audio of a company meeting leaked last month, Mark Zuckerberg, Meta’s CEO, told employees that “AI models learn by watching really smart people do things,” and that “the average intelligence of the people at this company is much higher” than the average contractor who would be hired to generate this kind of data.
But after widespread employee protest, Meta this month began offering more exemptions from monitoring, including allowing employees to briefly turn off monitoring to complete sensitive tasks, such as scheduling personal appointments, according to two people familiar with the matter. Some workers still want to stop the tracking of workers.
