Meta halts employee-tracking AI program after data leak
What's the story
Meta has put a halt to its controversial employee tracking program, the Model Compatibility Initiative (MCI), after an internal security breach exposed sensitive data collected through the initiative. The company confirmed this decision on Monday as it investigates the potential data security concerns. The move comes after it was revealed that sensitive employee information intended for monitoring digital interactions within Meta's internal systems was accessible to all employees.
Data gathering
Details about the MCI tool
The MCI tool was launched in April for US employees. It collects computer inputs like mouse movements, click locations, keystrokes, and screen content. Employees have raised privacy and security concerns over these data collection methods. Initially, there was no option to opt out of the program but after protests from workers, Meta made some changes to allow limited opt-outs.
Program justification
MCI tool essential for training AI systems, says Meta
Meta executives have defended the data-gathering project, saying it is essential for training AI systems to operate computer software like humans. They believe employees are the best examples for this purpose. However, on Monday, a Meta engineer issued an internal security notice saying databases filled with information gathered by MCI had been exposed to anyone inside the company.
Employee backlash
Data exposure a 'mess,' say critics
A former employee who was instrumental in the anti-MCI movement described the data exposure as "a mess" that employees had anticipated. They criticized leadership for ignoring worker concerns about data safety and privacy. In light of the criticism, Meta decided to pause MCI altogether after an employee filed a high-priority security incident report over its exposure of employee data.
Data exposure
Exposed data included private conversations and performance ratings
The exposed data included "full prompts and transcriptions, private conversations, people & performance data, DSS sensitivity ratings (1-4)," according to internal documentation. A Reuters report in May had revealed that the program was collecting more information than initially described and storing it in an unencrypted form. This raised privacy concerns among employees who were assured their personal tax and medical information would be protected for valid business purposes after aggressive filtering.