Meta — Facebook and Instagram’s parent company — is currently at the center of controversy in India, where a local publication claims the company removed an Instagram post on behalf of an Indian politician. Meta has since pushed back on these claims and accuses the outlet of using “fabricated” evidence, which may actually be the case based on Meta’s rebuttals and the findings from users online.
It’s an unusually difficult story to keep track of, drawing on the nuances of Indian politics, email forensics, and Meta’s contentious relationship with the press. So we’ve boiled down the last week of chaos into a simple recap of what’s happened and why it matters.
On October 6th, independent Indian news publication The Wire published an article about how Instagram incorrectly took down a satirical image of a man worshipping Yogi Adityanath, the chief minister of Uttar Pradesh. The owner of the account, @cringearchivist, says Instagram removed the post for violating its “sexual activity and nudity” policies, even though it did not contain sexual activity or nudity.
Many had assumed the post was flagged due to a glitch in some automated system, but The Wire said this wasn’t true. An internal source at Meta reportedly told The Wire the company removed the post at the request of Amit Malviya, the head of India’s ruling party, Bharatiya Janata Party (or BJP), but holes in The Wire’s reporting make these allegations questionable.
Meta has since denied The Wire’s report. It accuses the outlet of spreading false information and has attempted to debunk the “fabricated evidence” provided by The Wire’s source, stating that it hopes The Wire “is the victim of this hoax, not the perpetrator.”
What does The Wire say happened?
Essentially, The Wire reported that Malviya got the post banned by using special privileges given to high-profile users. To back up these claims, they published screenshots of the documentation Instagram allegedly uses as part of its internal review process, which list Malviya’s Instagram handle, @amitmalviya, as the user who reported @cringearchivist’s post. The Wire also states Malviya “has XCheck privileges” and that another review of the reported content is “not required.”
The XCheck program is indisputably real: last year, a report from The Wall Street Journal revealed that Meta uses an XCheck, or cross-check, system that lets high-profile users avoid Facebook and Instagram’s typical moderation processes. But The Wire’s reporting seemed to show this was being used for partisan political ends in India, allowing Malviya to “post as he likes without the rules governing the platform applying to him.”
What does Meta say about The Wire’s claims?
Meta responded to the allegations by saying its cross-check program “does not grant enrolled accounts the power to automatically have content removed from our platform.” It adds that the policy was put in place to “prevent potential over-enforcement mistakes and to double-check cases where a decision could require more understanding.”
The company also pushed back on the internal report provided by The Wire’s source. Guy Rosen, Meta’s chief information officer, says the instagram.workplace.com URL included in the screenshots doesn’t actually exist. “It appears to be a fabrication,” Rosen writes on Twitter. “The URL on that ‘report’ is one that’s not in use. The naming convention is one we don’t use. There is no such report.”
In order to prove the legitimacy of its source, The Wire posted a video showing what the outlet claims is part of Instagram’s internal workspace. The clip shows a user scrolling through a list of alleged “post-incident reports involving VIPS” on Instagram’s backend, which The Wire says employees can only access through the company’s internal subdomain, instagram.workplace.com. And while the outlet says, “it ascertained that the video hadn’t been tampered with,” Pranesh Prakash, a legal and policy analyst, spots an instance where the cursor jumps unnaturally during the video.
Meta says the company has evidence that a user made an external Meta Workplace account, altering the page’s branding so that it appeared to belong to Instagram. It says the account was created on October 13th, a few days after The Wire’s initial reports.
“Based on the timing of this account’s creation on October 13, it appears to have been set up specifically in order to manufacture evidence to support the Wire’s inaccurate reporting,” Meta explains. “We have locked the account because it’s in violation of our policies and is being used to perpetuate fraud and mislead journalists.”
What about The Wire’s other evidence?
The Wire also claims it has obtained an email sent by Andy Stone, the policy communications director at Meta. In the email, Stone allegedly expresses frustration at the aforementioned leaked internal document and asks to put the journalists behind the story on a “watchlist.” The Wire went so far as to verify the authenticity of the email using a tool called dkimpy, which validates the email’s DKIM (DomainKeys Identified Mail) signature.
The protocol is supposed to prove that an email really came from where it says it did, and in this case, that’s Meta’s fb.com domain. The Wire posted a video showing the authentication process — that the outlet says was signed off on by two independent security experts — and came to the conclusion that the email is real.
In response, Meta said that the email is “fake” and that there’s no such thing as a “watchlist.” Stone also denies the existence of the email in a statement on Twitter. “This is completely false,” Stone writes. “I never sent, wrote, or even thought what’s expressed in that supposed email, as it’s been clear from the outset that @thewire_in‘s stories are based on fabrications.”
Users on the web have poked holes in The Wire’s allegations as well. In a thread on Twitter, cybersecurity expert and author Arnab Ray found that the DKIM analysis video posted by The Wire doesn’t actually prove Stone himself sent the email.
As explained by Ray, “DKIM is based on a domain public key,” which means it can’t prove that it came from a specific person; it only shows that it came from the domain attached to a specific organization, like fb.com. This leaves room for someone with access to the organization’s email to spoof their address, making it seem like the email came from Stone but really didn’t.
Prakash also shows how easy it is to create a video that makes it looks as if he’s using a DKIM tool with a two-line shell script named “dkimverify.” Prakash made it so the “tool” outputs a “signature ok” result regardless of what’s entered, which indicates the DKIM is verified. The emails between The Wire and supposed security experts who verified the outlet’s DKIM authentication process are also questionable. Prakash points out that the dates on the emails don’t match up on the current and archived versions of the article, with the former listing the email’s year as 2022 and the latter saying 2021.
Whatever happened, it doesn’t look good for The Wire. One way or another, there’s mounting evidence that their initial reports weren’t quite telling the whole story. Some skeptics believe The Wire fabricated the evidence entirely and created a phony story in an attempt to smear Meta. Meanwhile, others think The Wire might’ve been the subject of an elaborate ruse, with someone close to Meta creating the fake evidence and tricking the journalists into believing it’s real. There are even some who think someone aligned with the BJP leaked the story in a deliberate effort to discredit the publication.
But wherever the confusion came from, the point of reporting is to suss this stuff out — and that clearly didn’t happen here.
Why is all this important?
Meta’s leadership has had a turbulent relationship with the Indian government, and this bizarre back-and-forth is only going to make things worse. When Facebook whistleblower Frances Haugen came forward last year, internal documents showed that Meta (then-Facebook) largely ignored issues happening in India. According to The New York Times, Meta allocated 87 percent of its budget for classifying misinformation on the platform to the US in 2019, while the remaining 13 percent was spread across the rest of the world. This lack of moderation left a rash of hate speech and misinformation on Facebook in the country.
Correction October 17th, 6:08PM ET: A previous version of the article stated Pranesh Prakash is a legal and policy analyst at the Centre for Internet and Society. This is incorrect, as Prakash is no longer at this position. It also previously stated that Prakash shows how easy it is to fabricate a false result using a DKIM tool like dkimpy, when Prakash actually shows how to fabricate a video that makes it looks as if he’s using a DKIM tool like dkimverify. We regret the error.