SYSTEM Cited by 1 source

Policy Zones (Meta)

Definition

Policy Zones is Meta's information flow control (IFC) technology — the runtime enforcement primitive underneath the Privacy Aware Infrastructure (PAI) initiative. It "provides a comprehensive mechanism for encapsulating, evaluating, and propagating privacy constraints for data both 'in transit' and 'at rest,' including transitions between different systems" and is integrated into numerous Meta data and code frameworks.

Mechanism

1. Data annotation: developers attach a metadata label (e.g. BANANA_DATA) to data assets at varying granularities — table, column, row, potentially cell (batch) or request parameter, database entry, event log entry, return value (function-based). Each annotation is associated with "a set of data flow rules that enable systems to understand the allowed purposes for the data."
2. Zone creation: when annotated data is loaded by code or a query, the executing context (a web request, an SQL job) becomes a zone that inherits the annotation's policy.
3. Runtime flow checks: Policy Zones programmatically checks every data flow from the zone against the flow rules, detecting violations where annotated data would reach a non-annotated sink.
4. Remediation options: (a) annotate the sink (safe flow); (b) block the flow (unsafe flow); (c) explicitly mark the flow as reclassified (data not actually used/propagated).
5. Logging → enforcement: zones first run in logging mode to surface violations without blocking; once remediated, they flip to enforcement, where any new violating sink-write is blocked automatically.

Integration surface (from the 2024-08-31 post)

• Function-based systems — HHVM (Meta's PHP/Hack runtime, web/middle-tier/backend): call-tree propagation so a zone "includes all functions that it calls directly or indirectly."
• Batch-processing systems — Presto (interactive SQL) and Apache Spark (batch): zones created per query/job, with per-column/row annotation.
• Cross-system propagation — "When data flows across different systems (e.g., from frontend, to data warehouse, then to AI), Policy Zones ensures that relevant data is annotated correctly." Systems without Policy Zones integration fall back to point-checking.

Host languages

PAI runtime libraries shipped in Hack, C++, Python — the three languages named in the 2024-08-31 post, matching Meta's polyglot infrastructure.

Performance engineering

The post reports "10x improvements in computational efficiency" through multiple iterations, specifically:

• Simplified policy-lattice representation and evaluation.
• Language-level features to natively propagate Policy Zones context.
• Canonicalized policy annotation structures.

Absolute overhead numbers are not disclosed.

Design lessons (from the post's "Lessons learned" section)

• Focus on one end-to-end use case first — Meta's function-based design was abstracted before a concrete customer-facing rollout and required significant rework.
• Separate annotation from requirement — the monolithic-annotation-API schema broke under multi-requirement composition; Meta split to simple labels plus separate per-requirement flow rules.
• Build tools (PZM) — the Policy Zone Manager UX suite was load-bearing for adoption, "reducing engineering efforts by orders of magnitude."

Seen in

• sources/2024-08-31-meta-enforces-purpose-limitation-via-privacy-aware-infrastructure — canonical wiki source.

Related

• systems/meta-privacy-aware-infrastructure — umbrella initiative.
• systems/meta-policy-zone-manager — rollout UX.
• systems/hhvm / systems/presto / systems/apache-spark — integration targets.
• concepts/information-flow-control — the classical primitive.
• concepts/data-annotation — the metadata-label primitive.
• concepts/logging-vs-enforcement-mode — the rollout discipline.
• patterns/runtime-information-flow-enforcement — the canonical pattern.
• companies/meta