This post was last updated on October 21, 7:17 pm IST

Over last week, The Wire and Facebook parent Meta have locked horns in a public dispute over reporting that BJP IT cell head Amit Malviya was able to report — and without oversight, cause a takedown of — anti-government memes on Instagram. Meta claims that documents The Wire relied on were fabricated, while The Wire has released further details that have also been subject to intense scrutiny by experts.

The Wire on Tuesday “suspended” the story pending internal review. 

Here is what happened.

The memes

In September, the Instagram meme page Archive of Cringetopia posted a video of a shrine in Ayodhya with an idol of Yogi Adityanath as Prabhakar Maurya, a supporter of the Uttar Pradesh Chief Minister, performed arti for the idol. “Atheism runs along the lines of giving up on god, basically and accepting that one can lead a life that does not have anything to do with god but that is not possible in a society which finds its roots in supernatural forces so much so that even the idea of what is right and is wrong is derived from it,” the meme text said, in part.

The indirect and allegorical tone is typical of the page’s memes, which are often written in dense academic language. This, one of the admins of the page said in an email, was to protect themselves. “[W]e don’t directly criticise the government of the day — we use a very complex wording and symbolic meme-ing to avoid any state-sponsored attack on our project,” one of the people behind the page said in an email.

But less than two minutes after posting this meme, Archive of Cringetopia told Entrackr, Instagram had taken the post down for nudity. The page didn’t even have the time to add the meme, published as an Instagram Story, to one of the collections (“Archives”) they maintain on their page.

The page attempted to appeal the post to Instagram, but the meme was not restored. Meta did not provide the page with an incident report ID for the post, effectively shutting the creators out of a possibly potent way to challenge the post’s removal: an appeal to the Meta Oversight Board.

And so, Archive of Cringetopia wrote to The Wire that same month, which put out a report on October 6, documenting the removal of this meme, as well as other posts put out by the page. (The email we quoted above is from the page’s communications to The Wire.) The publication said it reached out to a Meta spokesperson working for the PR agency Weber Shandwick, and that it did not hear back from the company even after publishing the story.

In spite of the enforcement mistake, and the press attention it received, Meta did not undo the takedown for a long time. The post was restored at some point, though; Archive of Cringetopia said on Twitter on Tuesday evening that the post had been silently restored. Meta did not, at any point, discuss the takedowns of the page’s memes. Archive of Cringetopia told Entrackr that they would check if other memes have been restored too, and we will update this post if they have done so.

Entrackr posted the same meme (after obtaining the original video file from Archive of Cringetopia) on a personal public Instagram profile as a Story, and invited two people to report the post for nudity. Meta did not take the Story down as of Tuesday. Based on the restoration of Archive of Cringetopia’s meme, it appears that Meta’s automated systems are no longer detecting nudity on this clip.

While Meta — which has close ties to the Indian government — avoided engaging with the subject at the time of The Wire’s initial report, explosive allegations the publication subsequently made drew the attention of the company’s policy communications director and several other US-based employees, and triggered an ongoing internal investigation. But the investigation isn’t about whether The Wire’s reporting is true; it’s about how, Meta says, the publication was tricked into false reporting based on fabricated information.

The stories

Earlier this year, The Wire said it was approached by a Meta employee concerned about the company’s increasing closeness to the Indian government, and how it was allegedly exempting Indian politicians from enforcement processes that other users are subject to. A reporter for the publication — Devesh Kumar — met the source, The Wire said, and provided a copy of the site’s whistleblower policy, physically signed by editor Siddharth Varadarajan.

Subsequently, a different source supposedly shared a document summarizing how the censorship of Archive of Cringetopia came to be; the Bharatiya Janata Party’s IT cell head, Amit Malviya, was part of a program called X-check, which was previously known as a program that Meta had created to make sure that reports on certain prominent individuals receive additional scrutiny to prevent “over-enforcement”. Malviya reported the meme, leading it to allegedly bypass Meta’s checks on enforcement, the publication reported.

It is unclear if Malviya has ever followed Archive of Cringetopia, which has been private for months, including at the time it posted the Yogi meme. He currently follows ten accounts on Instagram, of which the page isn’t one. Entrackr has reached out to Malviya for comment; the IT cell head has not publicly discussed the story, only sarcastically remarking the same day that an anti-establishment lawyer should join the publication. Malviya has criticized The Wire’s reporting various times in the past few years in other instances.

On October 10, the site posted its first story, after reaching out to Meta once again with follow-up queries on the posts’ takedown. The Wire did not provide a copy of the report it was partly basing its story on; a reporter for the publication told Newslaundry that it was concerned that doing so might expose the source, and that they were not sure Meta would use the information in good faith. In spite of these stated misgivings, The Wire published a watermarked version of the report it had on Scribd, and embedded the document in its story.

Andy Stone, the policy communications director at Meta, who has a reputation for engaging directly with reporters on Twitter, in a confrontational style unusual for people in public relations, jumped into the fray. “X-check has nothing to do with the ability to report posts,” he tweeted. “And the underlying documentation appears to be fabricated.”

It was an extraordinary charge — that the incident report obtained by The Wire was falsified. The Wire then obtained an internal email they believed Stone sent thereafter from what they said was a different source , where he is seen asking “how the hell” the Instagram report summary leaked to the press. The Wire confronted Stone with this information, and did not receive a response. When prompted to respond to an email that they sent Stone, the executive sidestepped the reminder, asking Varadarajan, “Hi, are you planning to update your October 10 story?”

In the internal emails, Rajiv Aggarwal, a retired IAS bureaucrat who heads policy for Meta in India, is seen responding to Stone saying that he had assigned a communications executive in India to discuss the first story with the journalist. The Wire said that shortly after the timestamp on this reply, Jahnavi Sen, the author of the first story, received a call from Rishabh Khandelwal, a Meta India spokesperson.

Khandelwal and Meta did not respond to queries by Entrackr on whether Aggarwal had indeed assigned him to that conversation. A Meta spokesperson told Entrackr that the company would not be commenting on this issue beyond the updated statement that it has issued.

After The Wire published a story detailing Stone’s internal emails, Meta’s Chief Information Security Officer flatly denied the piece, saying that no such email was sent within the company, and that all the documents The Wire had based its stories on were fabrications.

The emails

Questions immediately swirled around the legitimacy of the internal emails The Wire had published, with some pointing out that Stone’s message was not worded in a way typical of American English. Others still argued that it was unlike Stone (or any PR professional) to admit to wrongdoing on email. Meta issued a longer statement on its website, saying that “The second story cites emails from a Meta employee – the screenshot included in the story has two emails – both are fake. There are no such emails.”

It further denied the existence of a “watch list” for journalists that Meta was supposedly maintaining. TechCrunch reporter Manish Singh said that Meta does maintain dossiers on journalists, as a PR professional working for the company had accidentally shared such a document with him in the past.

Some experts suggested that The Wire conduct a DomainKeys Identified Mail (DKIM) test on the email. The test, performed on the original raw email file obtained by The Wire, would verify the authenticity of the email, or at least determine conclusively that it came from an individual inside Meta.

On October 15, The Wire did just that, posting a video of a DKIM verification check being conducted on the email, and video sent by The Wire’s source of an internal instance of Workplace — Meta’s Slack-like platform for collaboration — which the publication claimed was used to store incident reports that may be demanded by law enforcement agencies.

The Wire also defended its sourcing, saying it had a longstanding relationship with the individuals who provided them this information. (This includes a “personal” relationship, The Wire said, without elaborating what that entailed.)

“I know – and whoever is now going to increasing lengths to fabricate this story knows – this is completely false,” Stone said in response to the story. “I never sent, wrote, or even thought what’s expressed in that supposed email, as it’s been clear from the outset that @thewire_in’s stories are based on fabrications.”

Meta later updated its statement, saying that the Workplace instance recorded by The Wire was fraudulently created on October 13. It’s unclear how Workplace, which Meta owns, allowed someone to create an instance named ‘Instagram’.

The DKIM check itself received a fair share of criticism, such as being easily falsifiable. Robert Graham, a programmer who verified a leaked email from Hunter Biden, pointed out that the original email file could have been shared with outside experts in a redacted but still verifiable form.

That evening, a different detail surfaced from The Wire’s third report that shocked some commentators. The publication had also had the DKIM check performed by two anonymous security researchers, and in the first version of the story, screenshots of their redacted responses showed a date of October 2021 instead of 2022.

Devesh Kumar, a reporter for The Wire who executed the DKIM check, said on Twitter that a misconfigured fresh installation of Tails, an open-source Linux based operating system, with the year 2021 instead of 2022, was behind the error. Cybersecurity researchers at the Stanford Internet Observatory, Alex Stamos and David Thiel, both questioned this explanation, pointing out that the days of the week mentioned in the earlier screenshot are inconsistent with October 2021.

Kumar promised to recreate the error and document how it came about in detail in a future blog post. The Wire revealed the identity of one of the researchers who validated the DKIM finding in response to the uncertainty — Ujjwal Kumar, a Lead Architect at Microsoft Singapore. The other researcher remained anonymous as they worked with companies that did work for Meta, The Wire said.

Pranesh Prakash, an independent researcher who co-founded the Centre for Internet & Society, documented these inconsistencies (and others) over the last few days on Twitter. Kumar posted a thread questioning Prakash’s credibility as a former coworker, Sunil Abraham, now worked as a policy executive at Meta India. Kumar later deleted some parts of this thread, later arguing that Prakash should have disclosed this potential conflict of interest before requesting information on Stone’s alleged email.

On Tuesday, Prakash claimed that both the experts who supposedly performed the DKIM check for The Wire had disavowed their claims. Microsoft’s Kumar was said to have recanted his testimony and asked The Wire to remove all mention of him in the third story, The Wire said. But the second expert has made an even more damning claim, per Prakash: that he never sent The Wire the email that was featured on the site verifying that he had performed the DKIM check. The expert, Kanishk Karan, posted a denial himself on Tuesday evening.

Even more damaging: Microsoft told a reporter in a statement that Ujjwal Kumar had denied ever verifying the email, and hadn’t merely recanted his testimony. 

The hacking

On Sunday, even as Meta continued to dispute the story and The Wire continued to stand by its reports, Devesh Kumar said he lost access to his password manager, exposing access to his personal Gmail account and the Protonmail account that The Wire uses to receive anonymous tips, as well as his Twitter handle; Varadarajan later said other team members of The Wire also had their accounts hacked. The Wire said that access to the whistleblower’s revelations were not exposed in this hack, and warned people to avoid replying to messages received from the compromised accounts.

Even as Kumar said he worked to recover an older database exported by his password manager that was accessible with the previous password, he claimed that an attacker sent out messages impersonating Kumar, asking people for original copies of emails that The Wire used in its reporting. Kumar said he would file a police complaint following this incident; he says he has since recovered access to his accounts.

One communications staffer at The Wire insinuated that “an entity with a vested interest in finding a source” was behind the hack.

In a statement on Monday, The Wire said that it was “not prepared to play this game any further,” repeating an earlier allegation by Varadarajan that Meta’s denials were motivated by an effort to gain more information that would identify the source of the story. “Even if Meta insists on disputing our claim that X-check powers extend to taking down posts, the officially acknowledged privileges themselves point to an unhealthy arrangement that is bad for democracy,” the publication argued.

The controversy around its reporting “has obscured the key disclosure The Wire made – that Meta’s X-check programme is up and running in India, and includes at least one representative of the ruling party with a reputation for social media posts which violate ‘community guidelines’,” the publication said.

After both experts cited by the publication denied ever performing the DKIM checks, The Wire on October 18 said that it would “suspend” the story until it finished an internal review of its reporting. Kumar said he stands by the story, but did not respond to pointed questions on why the two sources who did the DKIM check denied that they had ever done so.  

What’s next

Meta has launched an investigation into the disputed documents and videos used by The Wire, and said that it would update the statement on its website as appropriate. Meta reversed the takedown of at least one meme at some point on or before Tuesday evening; a spokesperson for the company did not have any immediate comment to offer on when the meme was restored.

The Wire has not released further details of its coverage of the story, and has not indicated whether it stands by its story pending review, or if it will formally retract. An internal committee will draw upon experts for its review, The Wire said in a statement. It is unclear if the matter has also been referred to Pamela Philipose, a veteran journalist who serves as The Wire’s ombudsperson. Philipose told Entrackr that she had not reviewed the matter yet as she was traveling until recently. We will update this story if we hear back from her.

“This will include a review of all documents, source material and sources used for our stories on Meta. Based on our sources’ consent, we are also exploring the option of sharing original files with trusted and reputed domain experts as part of this process,” the publication said. “Based on our findings, we will determine a future course of action and inform our readers as well, and promise to act – as always – in their best interests.”

Update (October 19, 9:40 am): Updated the post in light of new information surrounding the takedown. A previous version of this article also did not reflect that The Wire said it relied on at least two sources. We have corrected this.

Update (October 21, 7:17 pm): A previous version of this story said that an expert was currently employed with a company he recently left. The company and his role there have been removed. The alleged sourcing of the first story has also been clarified.

Update (October 20, 5:38 pm): A previous version of this story named an expert incorrectly. We regret the error.

Update (October 18, 10:22pm): Added information on The Wire retracting its story.

Update (October 18, 4:27pm IST): Updated with information on one of Archive of Cringetopia’s memes being restored.

Update (October 18, 1pm IST): Updated with information about the experts contacted by The Wire to verify the DKIM check disclaiming the result of the check.