A June 18 internal security notice revealed that databases from Meta's employee-keystroke-tracking program, the Model Compatibility Initiative (MCI), were accessible to any Meta employee. The tool had been collecting mouse movements, click locations, keystrokes, and screen content since its April rollout in the US.
What MCI Actually Collected
MCI was designed to train AI systems to operate computer software the way humans do. Meta executives argued that employees were the best examples for the AI to learn from. Workers couldn't opt out initially, though limited opt-out options were added after protests. The data included fine-grained interaction logs: every click, every keypress, every on-screen element.
The Security Lapse That Killed It
On June 18, a Meta engineer found that databases filled with MCI-gathered information had been exposed to anyone inside the company. The initial fix took four hours, but it didn't stick; access had to be further locked down. On Monday, June 22, critical comments flooded internal forums. By late Monday, VP Stephane Kasriel announced the pause, telling staff that the exposure made "some MCI-derived data" accessible to more people than intended. A former employee involved in pushing back against MCI called it "a mess" that workers had predicted.
What Happens Next
Kasriel stated Meta would only re-enable MCI when confident in its data protection controls. He added that Meta had now "gathered sufficient data to assess the long-term value of the tool." For the engineers who raised privacy and security concerns from day one, the pause is vindication but not victory. The trust deficit inside Meta's own engineering teams may be the most expensive casualty of this episode.
Source: Meta Pauses Employee-Tracking Program Following Internal Data Leak
Domain: wired.com
Comments load interactively on the live page.