Update October 26th, 6:42PM ET: After retracting its story on Meta, The Wire posted an update stating it was subject to “deception” by a staff member. Here’s how the story unfolded previously.
Meta — Facebook and Instagram’s parent company — is at the center of controversy in India, where a local publication claimed the company removed an Instagram post on behalf of an Indian politician. Meta pushed back on these claims and accused the outlet of using “fabricated” evidence.
After Meta and several experts online found inconsistencies in The Wire’s reporting, the outlet decided to suspend access to its stories on October 18th and conduct an “internal review” of the documents it used as evidence. It later retracted its report on October 23rd due to “certain discrepancies” that emerged in its reporting.
It’s an unusually difficult story to keep track of, drawing on the nuances of Indian politics, email forensics, and Meta’s contentious relationship with the press. So we’ve boiled down the last couple weeks of chaos into a simple recap of what’s happened and why it matters.
What’s going on here?
On October 6th, independent Indian news publication The Wire published an article about how Instagram incorrectly took down a satirical image of a man worshipping Yogi Adityanath, the chief minister of Uttar Pradesh. The owner of the account, @cringearchivist, says Instagram removed the post for violating its “sexual activity and nudity” policies, even though it did not contain sexual activity or nudity.
Many had assumed the post was flagged due to a glitch in some automated system, but The Wire said this wasn’t true. An internal source at Meta reportedly told The Wire the company removed the post at the request of Amit Malviya, the head of the information technology cell at India’s ruling party, Bharatiya Janata Party (or BJP), but holes in The Wire’s reporting make these allegations questionable.
Meta has since denied The Wire’s report. It accuses the outlet of spreading false information and has attempted to debunk the “fabricated evidence” provided by The Wire’s source, stating that it hopes The Wire “is the victim of this hoax, not the perpetrator.” After adamantly defending its claims, The Wire has taken the responses from Meta and users online into account and said it’s going to “review its reporting on Meta.” The outlet later made the decision to retract its story entirely due to various inconsistencies in the documents it initially presented as evidence, which we’ll go over below.
What did The Wire say happened?
Essentially, The Wire reported that Malviya got the post banned by using special privileges given to high-profile users. To back up these claims, they published screenshots of the documentation Instagram allegedly uses as part of its internal review process, which list Malviya’s Instagram handle, @amitmalviya, as the user who reported @cringearchivist’s post. The document also stated Malviya “has XCheck privileges” and that another review of the reported content is “not required.”
The XCheck program is indisputably real: last year, a report from The Wall Street Journal revealed that Meta uses an XCheck, or cross-check, system that lets high-profile users avoid Facebook and Instagram’s typical moderation processes. But The Wire’s reporting seemed to show this was being used for partisan political ends in India, allowing Malviya to “post as he likes without the rules governing the platform applying to him.”
What does Meta say about The Wire’s claims?
Meta responded to the allegations by saying its cross-check program “does not grant enrolled accounts the power to automatically have content removed from our platform.” It adds that the policy was put in place to “prevent potential over-enforcement mistakes and to double-check cases where a decision could require more understanding.”
The company also pushed back on the internal report provided by The Wire’s source. Guy Rosen, Meta’s chief information officer, says the instagram.workplace.com URL included in the screenshots doesn’t actually exist. “It appears to be a fabrication,” Rosen writes on Twitter. “The URL on that ‘report’ is one that’s not in use. The naming convention is one we don’t use. There is no such report.”
In order to prove the legitimacy of its source, The Wire posted a video showing what the outlet claimed is part of Instagram’s internal workspace. The clip showed a user scrolling through a list of alleged “post-incident reports involving VIPS” on Instagram’s backend, which The Wire said employees can only access through the company’s internal subdomain, instagram.workplace.com. And while the outlet said, “it ascertained that the video hadn’t been tampered with,” Pranesh Prakash, a legal and policy analyst, spotted an instance where the cursor jumps unnaturally during the video.
Meta says the company has evidence that a user made an external Meta Workplace account, altering the page’s branding so that it appeared to belong to Instagram. The account was created on October 13th, a few days after The Wire’s initial reports.
“Based on the timing of this account’s creation on October 13, it appears to have been set up specifically in order to manufacture evidence to support the Wire’s inaccurate reporting,” Meta explains. “We have locked the account because it’s in violation of our policies and is being used to perpetuate fraud and mislead journalists.”
What about The Wire’s other evidence?
The Wire also claimed it obtained an email sent by Andy Stone, the policy communications director at Meta. In the email, Stone allegedly expresses frustration at the aforementioned leaked internal document and asks to put the journalists behind the story on a “watchlist.” The Wire went so far as to verify the authenticity of the email using a tool called dkimpy, which validates the email’s DKIM (DomainKeys Identified Mail) signature.
The protocol is supposed to prove that an email really came from where it says it did, and in this case, that’s Meta’s fb.com domain. The Wire posted a video showing the authentication process — that the outlet says was signed off on by two independent security experts — and came to the conclusion that the email is real.
In response, Meta said that the email is “fake” and that there’s no such thing as a “watchlist.” Stone also denies the existence of the email in a statement on Twitter. “This is completely false,” Stone writes. “I never sent, wrote, or even thought what’s expressed in that supposed email, as it’s been clear from the outset that @thewire_in‘s stories are based on fabrications.”
Users on the web have poked holes in The Wire’s allegations as well. In a thread on Twitter, cybersecurity expert and author Arnab Ray found that the DKIM analysis video posted by The Wire doesn’t actually prove Stone himself sent the email.
As explained by Ray, “DKIM is based on a domain public key,” which means it can’t prove that it came from a specific person; it only shows that it came from the domain attached to a specific organization, like fb.com. This leaves room for someone with access to the organization’s email to spoof their address, making it seem like the email came from Stone but really didn’t.
Prakash also shows how easy it is to create a video that makes it looks as if he’s using a DKIM tool with a two-line shell script named “dkimverify.” Prakash made it so the “tool” outputs a “signature ok” result regardless of what’s entered, which indicates the DKIM is verified. The Wire has since revealed that, during the review of its reporting, its investigators haven’t been able to verify the validity of Stone’s alleged email.
The emails between The Wire and supposed security experts who verified the outlet’s DKIM authentication process are also questionable. Prakash points out that the dates on the emails don’t match up on the current and archived versions of the article, with the former listing the email’s year as 2022 and the latter saying 2021.
There’s also evidence that the emails may have been fabricated altogether. Kanishk Karan, a policy manager for online platforms, found that The Wire referred to him as an “independent security expert” at the bottom of one of the unredacted emails, along with a fake email address made to look as if it belongs to him. Karan says that while The Wire reporter Devesh Kumar did contact him for DKIM verification, he never did it and referred him to other experts instead. In its most recent update, The Wire admitted the other security expert featured in the story, Ujjwal Kumar, also “denied sending such an email” to sign off on the DKIM process.
So… what does all this add up to?
Whatever happened, it doesn’t look good for The Wire. One way or another, there’s mounting evidence that their initial reports weren’t quite telling the whole story. Some skeptics believe The Wire fabricated the evidence entirely and created a phony story in an attempt to smear Meta. There are even some who think someone aligned with the BJP leaked the story in a deliberate effort to discredit the publication.
Meanwhile, others think The Wire might’ve been the subject of an elaborate ruse, with someone close to Meta creating the fake evidence and tricking the journalists into believing it’s real. The Wire is considering this as well, noting “We are still reviewing the entire matter, including the possibility that it was deliberately sought to misinform or deceive The Wire.”
As more information comes out, things are starting to get clearer, though. A recent report from Platformer revealed Kumar is the only one who had contact with The Wire’s so-called “source,” and just last week, Kumar claimed his accounts were hacked. In addition to retracting Kumar’s reporting on Meta, The Wire has also suspended access to his story on Tek Fog, an app supposedly used by the BJP to infiltrate, control, and spread misinformation on various social media platforms. The Wire states the report has “been removed from public view pending the outcome of an internal review by The Wire, as one of its authors was part of the technical team involved in our now retracted Meta coverage.”
“In the light of doubts and concerns from experts about some of this material, and about the verification processes we used — including messages to us by two experts denying making assessments of that process directly and indirectly attributed to them in our third story — we are undertaking an internal review of the materials at our disposal,” The Wire explains. “This will include a review of all documents, source material and sources used for our stories on Meta. Based on our sources’ consent, we are also exploring the option of sharing original files with trusted and reputed domain experts as part of this process.”
But wherever this confusion and doubt came from in the first place, the point of reporting is to suss this stuff out — and that clearly didn’t happen here.
Why is all this important?
Meta’s leadership has had a turbulent relationship with the Indian government, and this bizarre back-and-forth is only going to make things worse. When Facebook whistleblower Frances Haugen came forward last year, internal documents showed that Meta (then-Facebook) largely ignored issues happening in India. According to The New York Times, Meta allocated 87 percent of its budget for classifying misinformation on the platform to the US in 2019, while the remaining 13 percent was spread across the rest of the world. This lack of moderation left a rash of hate speech and misinformation on Facebook in the country.
There are also issues related to Meta’s relationship with India’s ruling BJP political party. In 2020, the company was accused of failing to remove anti-Muslim posts shared by Indian lawmaker T. Raja Singh, a member of the BJP party. And last year, internal documents obtained by The Guardian found that Facebook allegedly allowed fake accounts linked to promoting a BJP politician to remain on the platform. A recent report from Al Jazeera claims Meta offers a cheaper rate for ads purchased by politicians belonging to the pro-Hindu party.
Update October 23rd, 2:28PM ET: Updated to add that The Wire has retracted its report.
Update October 19th, 12:05PM ET: Updated to add that The Wire has pulled its stories and that it’s conducting an internal review.
Correction October 17th, 6:08PM ET: A previous version of the article stated Pranesh Prakash is a legal and policy analyst at the Centre for Internet and Society. This is incorrect, as Prakash is no longer at this position. It also previously stated that Prakash shows how easy it is to fabricate a false result using a DKIM tool like dkimpy, when Prakash actually shows how to fabricate a video that makes it looks as if he’s using a DKIM tool like dkimverify. We regret the error.
Correction October 18th, 11:08AM ET: A previous version of the article stated Amit Malviya is the head of the BJP when he is actually the head of the IT cell at the BJP. We regret the error.