Anecdotal of course, but I heard that this wasn't at all the case circa 2006 and that (then) FB employees would routinely read private messages and such. Obviously it wasn't a big company yet and probably didn't have those policies yet... (clearly the policies are there for a reason...)

That’s my recollection too - there were some high profile cases and so institutional safeguards were established. They very well may be at the forefront of it - however, it’s a side issue to what’s being discussed.