Meta investigates security concerns of internal mouse-tracking tech used to track employees and train AI

• Meta paused its internal Model Capability Initiative (MCI) after an employee flagged exposure of sensitive data from mouse movement and activity tracking
• Program allegedly collected prompts, private conversations, performance data, and even tax/medical info in unencrypted form
• Meta says no improper access confirmed but is investigating; some employees still see the program running during the pause

Meta is pausing an employee-tracking program after one of the employees flagged it as exposing sensitive data.

The company behind Facebook, Instagram, and WhatsApp, was apparently running an internal program that was tracking employee mouse movements and digital activity. Called Model Capability Initiative (MCI), this program allegedly started in April with the goal of training Meta’s AI models through employee behavior recordings.

According to a memo released on launch, the purpose of the program was to improve the company’s AI models in areas where they struggled to replicate how humans interacted with computers, such as picking from a dropdown menu, or using different keyboard shortcuts.

Personal tax and medical information exposed?

“This is where all Meta employees can help our models get better simply by doing their daily work,” the memo said at the time.

Reuters reported that an employee filed a high-priority security incident report (SEV) over the program’s exposure of employee data, including “full ​prompts and transcriptions, private ​conversations, people & performance ⁠data, DSS sensitivity ratings (1-4).” The same publication also said the program was collecting “more information than initially described” and stored it in unencrypted form.

“I have accessed both personal tax and medical information through ⁠my ​work computer, as have many thousands of employees,” the employee allegedly said. “​We were told this data would be protected and only used for valid business purposes after aggressive ​filtering.”

Now, Meta confirmed pausing the program to investigate these claims.

“We have carefully designed this program ​with privacy safeguards and while we have no indication at this time that ​any data was improperly accessed by Meta employees, we’re pausing it while we investigate,” company spokesperson Tracy Clayton was cited saying. The company did not say for how long the program will be paused but stressed that it would take time to stop it for everyone, so some employees might still see it running.

As of Monday afternoon, the program was still running for some people, Reuters confirmed.

Via Reuters

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.