The public policy team at Facebook India did not respond to Facebook-Data-Scientist-turned-whistleblower Sophie Zhang’s requests for authorisation to remove a network of inauthentic accounts connected to BJP MP Vinod Sonkar, internal documents disclosed to MediaNama by Zhang show.
Sonkar, a BJP MP from Kaushambi in Uttar Pradesh, was found to be connected with coordinating 50-60 Facebook accounts by Zhang, to boost engagement on his official page. According to Zhang, the users showed little to no activity apart from the ones on Sonkar’s page, shared his posts usually without any accompanying text, and radically changed their names – all signs of inauthentic accounts. More importantly, Zhang noted that the administrator of Sonkar’s official Facebook page was linked to coordinating the network of accounts.
Further, according to the documents, which show internal conversations between Facebook employees on the platform’s ticket management system where employees discuss such tasks, multiple FB employees confirmed that a network of accounts were being used to manufacture engagement through coordinated likes, reshares (almost always without accompanying text), and comments on the MP’s official page, falsely amplifying them- all actionable on the platform under fake engagement. However it must be noted that the comments were not said to be violating any community standards.
“We’ve began also witnessing inauthentic coordinated activity of this nature on Lok Sabha MP Vinod Sonkar [BJP- Kaushambi]..their actions on Mr Sonkar consist purely of positive reactions and reshares of his posts [generally without any accompanying text],” Zhang can be seen saying in an internal communication.
The documents show that Sonkar’s network was not acted upon by Facebook even though another similar network linked to multiple Indian National Congress (INC) Punjab MLAs was acted on within 8 hours of them being flagged.
Never miss out on important developments in tech policy, whether in India or across the world. Sign up for our morning newsletter, with a “Free Read of the Day”, to experience MediaNama in a whole new way.
Zhang, a former Data Scientist on the Fake Engagement team-which deals with manufactured likes, comments, shares- at Facebook, was fired from the company in September 2020 for performance issues. Before leaving, Zhang had written a 6,000+ page memo saying that she had had to take action on national presidents without any oversight and that the amount of power she had on a country’s political outcomes took a toll on her health.
In April 2021, Zhang had disclosed to The Guardian that Facebook had not acted on network of inauthentic accounts linked to a BJP MP which she had flagged to them, which caused a furore. In November 2021, Zhang had submitted the same documents to the Parliamentary Standing Committee on Communications and Information Technology which reportedly voted unanimously to invite her testimony.
However parliamentary procedure mandates the Lok Sabha Speaker’s permission to record testimony from a foreign national on which the committee has reportedly not gotten a response to, yet. MediaNama has reached out to the Lok Sabha Secretariat about the same and will update the story as and when they respond.
Today, as part of a consortium of 22 Indian news publications, MediaNama is publishing the documents that Zhang provided to the committee. MediaNama reached out to Sonkar via both his official (NIC) email and his personal address, and we’re yet to receive a response from him.
What were the activities and characteristics of the Sonkar-linked network?
- The cluster of accounts linked to MP Sonkar were mostly involved in liking, making benign comments on, and resharing posts from the MP’s page. While the documents redact the exact details of the admin. of Sonkar’s FB page- in separate disclosures to reporters, Zhang says that this was Sonkar’s personal account.
- Sonkar’s personal account was a part of Xcheck. XCheck is a programme run by Facebook which provides certain high profile users a degree of immunity from content moderation actions.
Screenshot from internal documents where Facebook’s Trust and Safety Manager flags that Sonkar has an Xcheck. BoB stands for Book of Business- according to Sophie this may contain details of Facebook’s business partners.
- The number of accounts in the cluster ranged between 50-60, varying day by day.
- Apart from the inauthentic accounts, some users in the cluster – i.e those accounts that were singularly focused on Sonkar- included genuine accounts of Sonkar himself, his page’s admin, and a family member, the documents show.
MediaNama reached out to Meta with specific questions (detailed below) on the platform’s non-response to acting on the network, to which a spokesperson sent the following response:
“We have not been provided the documents and cannot speak to the specific assertions, but we have stated previously that we fundamentally disagree with Ms. Zhang’s characterization of our priorities and efforts to root out abuse on our platform. We aggressively go after abuse around the world and have specialized teams focused on this work. As a result, we’ve already taken down more than 150 networks of coordinated inauthentic behavior. Around half of them were domestic networks that operated in countries around the world, including those in India. Combatting coordinated inauthentic behavior is our priority. We’re also addressing the problems of spam and fake engagement. We investigate each issue before taking action or making public claims about them. ” – a Meta Spokesperson
They declined to respond to follow up questions (details below).
The timeline for the takedown of other networks
November 2019- Zhang flags three networks to a Threat Intelligence Investigator on a one-on-one chat on Facebook’s internal messaging system (viewed by MediaNama). These networks were:
- 2 Indian National Congress (INC) networks- a 526-member network in Punjab and the other comprising 51 members coordinating support for the party (No location is specified for the latter).
- 1 BJP network – A 65 member network coordinating support for the BJP. These would only interact with a particular politician and change their devices and IP addresses everyday, Zhang notes in the documents.
The investigator asked Zhang to create a task for these networks so they could be delegated to another investigator. Threat Intelligence are a specialised team that looks at sophisticated coordinated inauthentic behaviour and activities on the platform like, espionage for instance.
3rd December: The Threat Intelligence (TI) investigator delegates another investigator, who works closely with the TI team, to the task Sophie created.
- They conclude that the accounts were part of a Facebook group called ‘Best Review Exchanges’ which was indeed engaged in fake engagement.
- They also point out that the group was investigated in 2018 for conducting scripted i.e automated fake engagement on the pages of certain Punjab INC politicians.
- The investigator asks Site Integrity Operations (SI Ops) to evaluate enforcement options. Site Integrity Operations look at less sophisticated inauthentic behaviour (compared to threat intelligence) on the platform such as hate speech, misinformation, inauthentic activity, etc.
17th December : A SI Ops manager confirms that the accounts were manually driven, inauthentic ones with little behaviour other than messaging, liking and sharing civic content.
- Both Zhang and SI Ops manager recommend ‘Identity Review Checkpoints’ are enforced on these accounts (IDR CP), the documents show. This, Zhang explained, is an action used to takedown inauthentic accounts by locking them until they provide identity proof to show authenticity.
- The networks are actioned by Facebook’s Trust and Safety team, which is authorised to conduct IDR CP.
23rd December : Zhang flags that the INC related network in Punjab had re-emerged and it had 413 users, the documents show.
- This network subsequently started posting comments criticising the Citizenship Amendment Act (CAA) on the post of a ‘high profile political figure’, the documents note.
It is worth noting here that at this time, December 2019, documents also show that Facebook India at the time was also witnessing a ‘high risk’ situation due to the CAA.
Screenshot from internal communications shared by Zhang showing another employee mention the situation in India
- The network now comprised of new accounts created roughly a month-and-a-half earlier or through using older ones which had been missed earlier by FB, the documents note.
6th January :
- The accounts are subsequently recommended for identity reviews by the aforementioned investigator delegated by TI, conversations related to the network in the documents show, while no recommendations for actions are made for the comments.
19th January:
- Zhang observes that the Punjab-based INC network had extended to Delhi to support the Aam Aadmi Party (AAP) before the Delhi elections scheduled for February 2020.
- The accounts were leaving comments on BJP pages advocating for an AAP-led government in Delhi with Narendra Modi at the centre, Zhang notes.
- Zhang flags the incident to an India Public Policy Manager as an attempt to influence the upcoming Delhi elections.
“As we are not aware of the root motives of the actors in this case, it is possible that the actors comprise a financially-motivated mercenary-style inauthentic activity network that was paid separately to support both the INC and AAP in seperate areas – or that the actors coordinating the activity have reason to support both the INC and the AAP in these cases,” – Zhang can be seen saying in an internal communication.
20th January:
Investigator delegated by TI asks Zhang if there was a way to filter through those comments as they “Currently have an ongoing situation in India where we might be able to use incitement to violence as an additional lens here.”
The investigator subsequently says she found no additional insights by using CAA-specific keywords
29th February:
- Trust and Safety Manager points out that the accounts were also connected to hundreds of Instagram accounts
“Hey Sophie sorry the task has gotten pretty big so checking to make sure you’re aware that the accounts you flagged for this cluster are connected to hundreds of Instagram accounts. I’m not an expert on IG, however the majority have [redacted] that indicate they are either scripted (automated) or SUMAs (Same User Multiple Accounts, ” the T&S Manager is seen saying in the documents
- T&S Manager enrolls 400+ users on the pro-AAP and Pro-INC network(s) were enrolled into IDR-CP. However, the action does not go through.
5th February: Zhang flags that the network was still active and was posting more avidly pro-AAP and Anti-BJP content.
- Sends a list of 199 new accounts that were unactioned before and a list of 259 accounts that were not actioned before.
7th February: At 12:20 AM, the investigator delegated by the TI team flags that the list of 259 accounts includes admins of the verified pages of several INC MLAs and asks for approval of an Indian Public Policy Manager before subjecting to identity review. These MLA’s were:
i. Sunder Sham Arora,
ii. Balwinder Singh Laddi
iii. Arun Dogra
MediaNama has reached out to all three with questions about their involvement in online inauthentic activity and will update the story as and when they respond.
“These users appear to be authentic users connected to the Punjab INC as far as I can tell; they seem to have cleared UFAC okay. They were repeatedly identified in the last few months on the [redacted] as several dozen other users- many apparently inauthentic and now UFACed- acting on the Punjab INC. This provides a clear connection between some of the inauthentic pro-INC Punjab activity and the Punjab INC [akin to MP Vinod Sonkar in Kaushambi],” Zhang says in the document.
A mere eight hours later: At 8:35 AM, the Indian Public Policy Manager informs that approval has been received from Shivnath Thukral, then Facebook India Public Policy director to action the accounts.
10th February: Zhang confirms that the activity had now stopped in New Delhi and the cluster was restricted to New Delhi.
In late January, Zhang also spoke about the inauthentic activity she witnessed interfering with the Delhi elections at a Civic Summit meeting, held at the FB headquarters with other civic integrity employees in preparation of the US 2020 elections, to push for action there.
Subsequently, on January 28th, an India Public Policy Manager reached out to Zhang asking for more clarity on the Delhi and Punjab, AAP and INC networks, copies of communications show. After Zhang noted that similar activity was occurring on a network linked to a Lok Sabha MP as well, the policy manager- whose name is redacted from internal documents since, according to Zhang, she was a mid-level employee- says that she will take the issue up with other teams.
However, according to Zhang, no conversations were started about it.
It is worth noting here, that on January 8th Zhang was asked to stop her work on such inauthentic activity, including in India, by her superior who’s designation was Director, Data Science at Facebook, she told MediaNama. However, Zhang continued to work on the networks in India
The problem at Facebook India, according to Zhang
The entire episode reflects a conflict of interest between Facebook India public policy team’s function to maintain good relationships with the government and ensure authentic engagement on the platform, Zhang told MediaNama. According to her, while Facebook allows its India policy teams to get involved in content moderation actions and decisions, other platforms, for example Twitter does not allow its India policy teams any say in content moderation decisions.
Beyond Sonkar, Zhang also highlights the issue with how Facebook categorised such inauthentic behaviour itself.
“Overall this represents an implementation gap in terms of lack of prioritisation for semi-sophisticated influence operations- not sufficiently complex to be considered info-ops/CIB (Coordinated Inauthentic Behaviour) [too complex for most other times], acting to simplify/silence existing messages or create new messages in aggregate via targeted engagement without actually creating content posts (the general focus of CVI).” (CVI stands for Civic Integrity)
“It is technically correct as [redacted name of TI investigator] mentioned below that this is ‘spam at best’ in terms of implementation standards, but that more reflects a gap in terms of definition than an actual statement of impact,” Zhang is seen saying in internal conversation, about the networks.
Coordinated Inauthentic Behaviour relates to coordinated, inauthentic behaviour which is extremely severe and impactful. According to Zhang, although the comments and the likes were not technically violative, hateful, etc. in nature they still cause harm by drowning out authentic voices.
Questions we sent Meta
MediaNama sent the following questions to Meta for clarification:
Between late 2019 to January 2020, former Facebook Data Scientist Sophie Zhang flagged 5 networks of inauthentic coordinated behaviour active on the platform. This included a coordinated network involving BJP MP Vinod Sonkar.
i) Why wasn’t this removed by Facebook?
ii) Internal documents accessed by MediaNama show that Facebook India public policy executives repeatedly ignored Zhang’s requests for removing Sonkar’s network. Why was this done? Please provide a reasoning as possible.
iii) There are concerns raised about the capacity instituted/ efforts taken by Facebook to check such inauthentic behaviour by political actors on its platform. Please tell us how many individuals, automated mechanisms (if any) have been instituted by Facebook to check such activity on its platforms.
vi) Lastly, was Zhang fired for her aforementioned work in India? What were the reasons for Meta deciding to fire her?
Following this email, we sent the following supplementary questions:
i) Was the network involving Vinod Sonkar’s account removed or acted on (how exactly, in case of the latter)?
ii) Why didn’t anyone at Meta respond to Sophie’s request to authorise actions on the Vinod Sonkar network?
Here are the details of the Vinod Sonkar network, which I believe were also shared with the policy team/ Mr. Thukral since these are from the internal documents. These are also similar to the details shared about INC MLA’s Sunder Sham Arora, Balwinder Singh Laddi, and Arun Dogra whose pages were actioned:
- 50-60 accounts that would help boost his posts with likes and shares
- Most of these users had no activity other than boosting Mr. Sonkars posts.
- Links emerged with Sonkar’s personal account (either operated by him personally or by a family member or trusted employee, etc.)
There are also the other questions on how Facebook currently checks inauthentic behaviour on the platform and why Zhang was fired.
Questions we sent to MLA’s Sunder Sham Arora, Balwinder Singh Laddi and Arun Dogra
i) Is it true that your office was involved in coordinating Facebook accounts for inauthentic activity to boost Punjab INC on Facebook between November 2019 to February 2020?
ii)If yes, how many accounts were being coordinated by you/your office?
iii) What was the justification/ need for coordinating them?
iv) Is it true that these accounts also post comments promoting Punjab INC?
v) Were these Facebook accounts linked to several Instagram accounts as well?
vi) Lastly, do such accounts often face action by Facebook?
Update 11:20PM : The meaning of CVI was updated.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
Also read:
- IT Committee hears from Facebook representatives on citizens’ rights
- Oversight Board asks Facebook to clarify exceptions for high profile users
- Facebook whistleblower’s AMA focuses on hate speech, IT cells in India
