Meta pauses employee tracking program after internal data leak exposes sensitive information

Meta Pauses Employee-Tracking Program Following Internal Data Leak

Meta is pausing a divisive employee tracking program after an internal security issue exposed potentially sensitive data collected through the initiative to other workers. "We have carefully designed this program with privacy safeguards and while we have no indication at this time that any data was improperly accessed by Meta employees, we're pausing it while we investigate," says company spokesperson Tracy Clayton. Meta rolled out the Model Compatibility Initiative (MCI) tool in April to US employees. The tool "collects computer inputs such as mouse movements, click locations and keystrokes, as well as screen content," according to workers who have been petitioning against it over privacy, security, and personal liberty concerns. When MCI first launched, employees couldn't opt out, but that changed to a limited degree after workers protested. Got a Tip?Are you a current or former Meta employee who wants to talk about what's happening? We'd like to hear from you. Using a nonwork phone or computer, contact the reporter securely on Signal Peard33.24. Meta executives have repeatedly defended the data-gathering project, saying it was necessary to train AI systems to operate computer software the way humans do and that employees were the best examples for the artificial intelligence to learn from. On Monday, a Meta engineer issued an internal security notice stating that databases filled with information gathered by MCI had been exposed to anyone inside the company. A former employee actively involved in pushing back against MCI describes the lapse as "a mess" -- and one that employees had expected would occur. "When workers raised concerns, leadership doubled down and failed to acknowledge the risks workers raised about the safety and privacy of worker and customer data," the person says. "Leadership has clearly created an authoritarian environment where workers are no longer respected or heard." But after critical comments poured into internal forums on Monday expressing frustration about the security issue, Meta shocked some of its staff by pausing MCI altogether, telling WIRED about the development before announcing it to employees.

Meta Exposed Data Internally From Its Controversial Employee-Tracking Program

Meta left potentially sensitive information collected from employee laptops accessible to anyone inside the company, according to an internal security notice seen by WIRED and three current employees familiar with the issue. The data, which was collected as part of a divisive initiative to train artificial intelligence models, is believed to include keystrokes, mouseclicks, and content displayed on the computer screens of Meta's US employees. Meta spokesperson Tracy Clayton confirms the company is investigating the security issue. "We have carefully designed this program with privacy safeguards," he says, adding, "we have no indication at this time that any data was improperly accessed by Meta employees." The security notice sent out Monday indicated that "employee data across 45,000 hive tables," had been exposed. Those tables included employee activity such as "full prompts and transcriptions, private conversations, people and performance data," according to documents viewed by WIRED. Some employees at Meta quickly seized on the security failure, saying in internal forums that it validated concerns they had raised when the company began tracking workers' corporate laptops in April as part of a program known as the Model Capability Initiative. Got a Tip?Are you a current or former Meta employee who wants to talk about what's happening? We'd like to hear from you. Using a nonwork phone or computer, contact the reporters securely on Signal Peard33.24 and at ChaoticGoode.12. Comments about the incident posted on internal forums Monday included questions about how Meta's privacy reviews failed to prevent the breach, and whether everyone whose data was potentially exposed will be allowed to attend a meeting going over what went wrong, according to posts seen by WIRED. In one internal forum where staffers are known to trade jokes, an employee posted a meme from The Office of the character Jim Halpert holding a sign that reads "0 days since our last nonsense." Sources at Meta, who were not authorized to speak publicly, tell WIRED the incident has now been marked as closed, meaning it was likely resolved. In an internal post to employees on Monday, Andrew Bosworth, Meta's chief technology officer, said that the tracking program's implementation had fallen short of the standards outlined in its privacy review and that findings from the incident would be shared. Last month, more than 1,600 employees at the tech giant signed an internal petition protesting the laptop surveillance effort, warning that "collecting this data introduces both security and regulatory risks for Meta, including the potential for breaches and unauthorized disclosure." The petitioners also expressed concerns with what they viewed as a lack of safeguards that Meta had put in place. One engineer also wrote a widely shared internal note saying having their laptop screen scraped for training data without their consent felt like an invasion of privacy and amounted to exploitation. Meta executives have previously defended the data-gathering project, saying it was necessary to train AI systems to use computer software the way humans do. In audio of a company meeting leaked last month, Mark Zuckerberg, Meta's CEO, told employees that "AI models learn from watching really smart people do things" and the "average intelligence of the people who are at this company is significantly higher" than the average contractor who could be hired specifically to produce this kind of data. But after widespread protest from employees, Meta this month began offering more exemptions to the monitoring, including letting staffers briefly turn off the surveillance so they could complete sensitive tasks, such as scheduling a personal appointment, according to two people familiar with the matter. Some employees are still demanding that the tracking be stopped altogether. The security incident will likely contribute to the ongoing morale crisis at Meta, where employees have been frustrated by the past few years of mass layoffs, a turbulent reorganization, and an all-out push to develop AI models and features. In March, Meta created a new Applied AI team and moved some 6,500 employees into new roles focused on improving AI models. Some Meta staffers have described the new projects they have been assigned as menial and "soul-crushing." Bosworth sent out a memo to employees last week apologizing for the company's "atrocious" communication about the AI reorganization and promising improvements, including clearer communication and the return of some office perks.

Meta is 'pausing' employee tracking program after it let the whole company see sensitive data - Engadget

This won't make the already-controversial AI training endeavor any more popular. Meta has paused use of an AI training program that tracks its own employees' keystrokes and mouse movements. The company has suspended the Model Capability Initiative, not because of workers' understandable displeasure around being (almost) perpetually monitored or for potentially breaking privacy laws, but because it caused an internal data leak. Business Insider reported that sensitive data collected through MCI, including employees' private conversations, performance data and transcriptions, was made inadvertently available to the entire Meta staff. "We have carefully designed this program with privacy safeguards, and while we have no indication at this time that any data was improperly accessed by Meta employees, we're pausing it while we investigate," a spokesperson told BI. Despite this official line and previous statements that employees' collected data would be "tightly controlled," it appears Meta wasn't quite as on top of security as it claimed. This marks the latest in a series of AI-related cybersecurity incidents for the company. Meta reps issued a similar response in March after an agentic AI took unprompted action that also dominoed into a security breach. And earlier this month, the company had to react after hackers exploited its AI customer service chatbot to hijack Instagram accounts.

Meta halts worker tracking for AI training due to privacy fears

Meta has paused a new company-wide program of tracking its employees' computer usage which has been plagued by internal frustration. The program was started only two months ago as part of an effort by Meta to gather data on how people used computers, including mouse clicks and keystrokes, that could be used to train artificial intelligence (AI) models. It was met immediately with upset from employees who were to have their every online action at work tracked and recorded, but also concerned about where the data was going and how it would be protected. Meta halted the program on Monday after realising some of the collected data had been left potentially accessible to anyone inside the company. A Meta spokesman confirmed to the BBC that the program, named internally the Model Capability Initiative (MCI), was "on pause for now" as the company investigates the issue. "We have no indication at this time that any data was improperly accessed by Meta employees," the spokesman added. The pause follows weeks of blow-back from workers at the company, led by billionaire Mark Zuckerberg, to being tracked at work. In an initial response to worker frustration - which was displayed in part through a petition signed by nearly 2,000 Meta workers demanding that the MCI program be cancelled - Meta said it would allow workers to not be tracked for up to 30 minutes at a time. "That was just an attempt at damage control," one current employee told the BBC. The person asked not to be identified. Another Meta employee, who also asked not to be identified, said that while a lot of technical workers inside the company are open to the idea of improving its AI models and being more competitive in a field dominated by Anthropic and OpenAI, the fact that tracking "was forced on us, there was no consent" left people angry. "I've never seen morale here so bad," the employee said. In addition to the tracking program, frustration inside Meta has grown as it has done extensive layoffs, and reorganised many employees and their work around AI initiatives, on which the company is spending up to $145bn (£109bn) this year alone. Employees have even openly insulted management in an internal meeting on the AI-driven changes, according to a report in Wired. While Meta has long had a reputation in the technology industry as a company that frequently reorganises internal teams around new projects, the changes and spending in an effort to catch up on AI feels like "chasing your tail", a person who recently left Meta after several years said. "The direction this company is going in is depressing", the former employee said. "Exhausting and depressing."

Meta's Program That Spies on Every Employee's Computer Just Blew Up in Its Face in Spectacular Fashion

Can't-miss innovations from the bleeding edge of science and tech Meta's controversial program that spied on its employees' computers has backfired spectacularly. Though its chief technology officer Andrew Bosworth assured that the data it collected would be "tightly controlled," the company is now pausing the tracking program after sensitive employee information was leaked internally, according to reports from Business Insider and Wired. A security notice sent out Monday said that the exposed data included employee's full AI prompts and transcriptions, performance data, and even private conversations. The leak allowed the data to be accessible to any employee inside the company. Meta said it's investigating the incident and confirmed it paused the program, but maintains it's keeping a lid on things. "We have carefully designed this program with privacy safeguards, and while we have no indication at this time that any data was improperly accessed by Meta employees, we're pausing it while we investigate," a spokesperson told outlets. The program, dubbed the Model Capability Initiative, was intended to gather data so Meta's AI models could learn "how people actually complete everyday tasks using computers." Reports suggested it collected everything from employee keystrokes to recording their computer screens. When it was announced in April, it immediately sparked backlash in the workforce, with internal posts openly denouncing the initiative as an invasion of privacy, and some employees circulating a petition calling to end it. It came while morale at the company was at a nadir, following fresh layoffs that forced out nearly 8,000 employees, and a heavy push from the top that workers should heavily use AI to produce as much code as possible. Under CEO Mark Zuckerberg's directive, the company has doubled-down even further on developing automation tech, moving employees who were working elsewhere onto a new AI project, sowing further discontent. Reactions from employees about the leak were unequivocally critical. "I am incensed," one employee wrote Monday in an internal group, per a screenshot obtained by BI. "I don't see any evidence of malicious access, but the fact that this data wasn't locked down as originally promised is super frustrating," another complained. Memes also abounded. In an internal forum, one employee posted an image of Jim Halpert from "The Office" holding a sign that says, "0 days since our last nonsense." Bosworth, Meta's CTO who promised that the collected data would be "tightly controlled," responded to employees' posts by admitting that the initiative's implementation had fallen short of the standards set in its prevacy review, per Wired. The company, however, is poised to resume the data tracking program once the issue is settled. "We will only re-enable MCI when we are confident in the effectiveness of our data protection controls," Stephane Kasriel, a Meta vice president overseeing AI research, told employees Monday, according to Wired. Kasriel said the company discovered and resolved the issue last week, but that the initial fix didn't work. It's not the only recent security blunder at Meta. In March, a rogue AI agent gave an employee advice that it wasn't authorized to share, resulting in sensitive data being exposed and causing what was described as a critical security incident.

Meta: Meta to pause internal mouse-tracking tech while examining data security issues

The company's announcement follows revelations that sensitive employee data, intended to monitor digital interactions within ⁠Meta's ⁠internal systems, was accessible to all Meta staffers, according to documents reviewed by Reuters. Meta said on Monday it will pause an internal program that tracks employee mouse movements and digital activity for AI training as the social media giant investigates data security concerns. The company's announcement follows revelations that sensitive employee data, intended to monitor digital interactions within ⁠Meta's ⁠internal systems, was accessible to all Meta staffers, according to documents reviewed by Reuters. The pause was first reported by Business Insider. While Meta confirmed the investigation, it declined to say how long Meta planned to halt the program. "We have carefully designed this program with privacy safeguards and while we have no indication at this time that any data was improperly accessed by Meta ⁠employees, we're pausing it while we investigate," said company spokesperson Tracy Clayton. The tool, Model Capability Initiative, or MCI, rolled out in April, captures ⁠mouse movements, clicks and keystrokes on U.S.-based employees' computers to train Meta's AI models. The tool was still recording as of Monday afternoon, a source told Reuters. The company spokesperson said the pause was rolling out and it would take time to halt the program for everyone. Meta's decision to pause MCI came after an employee filed an SEV, or high-priority security incident report, over its exposure of employee data. Data exposed included "full prompts and transcriptions, private conversations, people & performance data, DSS sensitivity ratings (1-4)," according to the internal documentation. Reuters reported in May the program was collecting more ⁠information than initially described and storing that data in unencrypted form, raising privacy concerns among employees. The internal documentation showed that an employee commented on the SEV discussion, asking for a deeper investigation into the issues. "I have accessed both personal tax and medical information through my work computer, as have many thousands of employees. We were told this data would be protected and only used for valid business purposes after aggressive filtering," the employee wrote.