Developing Story

Facebook responds to data misuse

Facebook CEO Mark Zuckerberg has issued a formal response to the reports that Cambridge Analytica misused customer data collected from Facebook, and the platform is making some changes.

Zuckerberg refuses UK parliament summons over Fb data misuse

So much for ‘We are accountable‘; Facebook founder and CEO Mark Zuckerberg has declined a summons from a UK parliamentary committee that’s investigating how social media data is being used, and — as recent revelations suggest misused — for political ad targeting.

The DCMS committee wrote to Zuckerberg on March 20 — following newspaper reports based on interviews with a former employee of UK political consultancy, Cambridge Analytica, who revealed the company obtained Facebook data on 50 million users — calling for him to give oral evidence.

Facebook’s policy staffer, Simon Milner, previously told the committee the consultancy did not have Facebook data. “They may have lots of data, but it will not be Facebook user data,” said Milner on February 8. “It may be data about people who are on Facebook that they have gathered themselves, but it is not data that we have provided.”

In his letter to Zuckerberg, the chair of the committee Damian Collins accuses Facebook officials of having “consistently understated” the risk of user data being taken without users’ consent.

“It is now time that I hear from a senior Facebook executive with the sufficient authority to give an accurate account of this catastrophic failure of process,” Collins writes. “There is a strong public interest test regarding user protection. Accordingly we are sure you will understand the need for a representative from right at the top of the organisation to address concerns. Given your commitment at the start of the New Year to “fixing” Facebook, I hope that this representative will be you.”

Regardless of rising pressure around what is now a major public scandal — including the FTC opening an investigation — Zuckerberg has declined the committee’s summons.

In a statement a company spokesperson said it has offered its CTO or chief product officer to answer questions.

“We have responded to Mr Collins and the DCMS and offered for two senior company representatives from our management team to meet with the Committee depending on timings most convenient for them. Mike Schroepfer is Chief Technology Officer and is responsible for Facebook’s technology including the company’s developer platform.  Chris Cox is Facebook’s Chief Product Officer and leads development of Facebook’s core products and features including News Feed.  Both Chris Cox and Mike Schroepfer report directly to Mark Zuckerberg and are among the longest serving senior representatives in Facebook’s 15 year history,” the spokesperson said.

Facebook declined to answer additional questions.

Collins made a statement before today’s evidence session of the DCMS committee, which is hearing from Cambridge Analytica whistleblower Chris Wylie — saying it would still like to hear from Zuckerberg, even if he isn’t able to provide evidence in person.

“We will seek to clarify with Facebook whether he is available to give evidence or not, because that wasn’t clear from our correspondence,” he said. “If he is available to give evidence, then we will be happy to do that either in person or by video link if that will be more convenient for him.”

Update: Collins returned to the theme of the Facebook founder’s reluctance to put in a personal appearance to answer questions about the issue more than once during the four hour oral hearing, remarking later: “I must say that given the extraordinary evidence we’ve heard so far today, and the things we’ve heard in the other enquiry, I think it’s absolutely astonishing that Mark Zuckerberg is not prepared to submit himself to questioning in front of a parliamentary or congressional hearing given that these are questions of a fundamental importance and concern to Facebook users and to our enquiry as well.”

“We would certainly urge him to think again if he has any care for people who use him company’s services,” he added.

Zuck apologizes for Cambridge Analytica scandal with full-page print ad

Facebook chief Mark Zuckerberg has taken out a full page ad in the Washington Post, the New York Times, the Wall Street Journal and six UK papers today to apologize Cambridge Analytica scandal, according to CNN’s Brian Stelter.

The ad starts in bold letters, saying:

“We have a responsibility to protect your information. If we can’t, we don’t deserve it.”

The ad was published on Sunday, following Zuck’s first public acknowledgement of the issue on Facebook and a subsequent media tour earlier this week.

Congress has also put Mark Zuckerberg on notice to potentially come speak with them, with Senator Kennedy of Louisiana encouraging Zuck to “do the common sense thing and roll up his sleeves and take a meaningful amount of time talking to [them].”

For those of you still unsure what’s going on with Facebook and Cambridge Analytica, you can see a full play-by-play here.

Here’s the full transcript from the print ad:

We have a responsibility to protect your information. If we can’t, we don’t deserve it.

You may have heard about a quiz app built by a university researcher that leaked Facebook data of millions of people in 2014. This was a breach of trust, and I’m sorry we didn’t do more at the time. We’re now taking steps to make sure this doesn’t happen again.

We’ve already stopped apps like this from getting so much information. Now we’re limiting the data apps get when you sign in using Facebook.

We’re also investigating every single app that had access to large amounts of data before we fixed this. We expect there are others. And when we find them, we will ban them and tell everyone affected.

Finally, we’ll remind you of which apps you’ve given access to your information — so you can shut off the ones you don’t want anymore.

Thank you for believing in this community. I promise to do better for you.

Mark Zuckerberg

House and Senate put Zuckerberg on notice: ‘You are the right person to testify before Congress’

Facebook CEO Mark Zuckerberg has been rather scarce lately, despite a host of woes besetting his company — but Wednesday he emerged from his cocoon to offer a limp apology, admit they had no control over data like that used by Cambridge Analytica, and that he “will happily” testify before Congress if he’s the right person to do so.

Well, Congress has taken him at his word. “You are the right person to testify before Congress,” wrote the leaders of the House Energy and Commerce Committee in a letter detailed early this morning. His capacity as CEO and “the employee who has been the leader of Facebook through all the key strategic decisions since its launch” make him the best person to testify.

Earlier this week Senators Klobuchar (D-MN) and Kennedy (R-LA) from the Senate Judiciary Committee specifically asked for Zuckerberg as well.

Senator Kennedy had sharp words (in a CNN interview) for Facebook and other tech companies that sent along some smooth operators to talk to them back in November: “We had one hearing — they all sent their lawyers. I don’t know what they paid them but they got their money’s worth, cause their lawyers didn’t say a damn thing.”

He and others are asking that the man himself to come along.

The Senate Commerce Committee also desires his presence.

At this point it would be pretty dangerous for Zuckerberg not to heed the call. Lawmakers don’t take kindly to captains of industry who send underlings instead of tackling major issues like this personally.

As the Open Markets Institute’s Matt Stolller points out in an insightful tweet storm, however, the shortcomings of Facebook’s privacy rules are only part of the story. Once Congress has Zuckerberg in the hot seat, they might consider taking on the idea that Facebook has been playing news organizations and publishers like a fiddle.

Sheryl Sandberg says Facebook leadership should have spoken sooner, is open to regulation

The days of silence from Facebook’s top executives after the company banned the political advisory service Cambridge Analytica from its platform were a mistake, according to Sheryl Sandberg.

In a brief interview on CNBC, Sandberg said that the decision for her and company chief executive and founder Mark Zuckerberg to wait before speaking publicly about the evolving crisis was a mistake.

“Sometimes we speak too slowly,” says Sandberg. “If I look back I would have had Mark and myself speak sooner.”

It was the only significant new word from the top level of leadership at Facebook following the full-court press made by Mark Zuckerberg yesterday.

The firestorm that erupted over Facebook’s decision to ban Cambridge Analytica — and the ensuing revelations that the user data of 50 million Facebook users were accessed by the political consulting and marketing firm without those users’ permission — has slashed Facebook stock and brought calls for regulation for social media companies.

Even as $60 billion of shareholder value disappeared, Zuckerberg and Sandberg remained quiet.

The other piece of information from Sandberg’s CNBC interview was her admission that the company is “open” to government regulation. But even that formulation suggests what is a basic misunderstanding at best and cynical contempt at worst for the role of government in the process of protecting Facebook’s users.

Ultimately, it doesn’t matter whether Facebook is open to regulation or not. If the government and U.S. citizens want more controls, the regulations will come.

And it looks like Facebook’s proposed solution will end up costing the company a pretty penny as well, as it brings in forensic auditors to track who else might have abused the data harvesting permissions that the company had put in place in 2007 and only sunset in 2015. 

Before the policy change, companies that aggressively acquired data from Facebook would come in for meetings with the social media company and discuss how the data was being used. One company founder — who was a power user of Facebook data — said that the company’s representatives had told him “If you weren’t pushing the envelope, we wouldn’t respect you.”

Collecting user data before 2015 was actually something the company encouraged, under the banner of increased utility for Facebook users — so that calendars could bring in information about the birthdays of friends, for instance.

Indeed, the Obama campaign used Facebook data from friends in much the same way as Cambridge Analytica, albeit with a far greater degree of transparency.

The issue is that users don’t know where their data went in the years before Facebook shut the door on collection of data from a users’ network of friends in 2015.

That’s what Facebook — and the government — is trying to find out.

 

Zuckerberg on #deletefacebook: ‘You know, it’s not good’

Following what felt like years of silence on a plethora of issues, Facebook founder and CEO Mark Zuckerberg has gone on an interview rampage (but not us — was it my editorial?). Although he mainly plugs away at the points he made in today’s blog post, there are a few items worth noting.

Regarding the company’s acceptance at face value that Cambridge Analytica had deleted the data they weren’t supposed to have (to Recode):

At the time it didn’t seem like we needed to go further on that. Given what we know now we clearly should have followed up and we’re never going to make that mistake again.

And what about the thousands of apps that may have performed similar data grabs during the many years it was possible?

The data isn’t on our servers, so it would require us sending out forensic auditors to different apps.

How many apps are we talking about here? (to the New York Times)

It will be in the thousands.

Will the 50 million estimated to be affected by the data collected by Aleksandr Kogan be notified to what extent their data was shared?

Yes. We’re going to tell anyone whose data may have been shared.

Presumably the same will be true for anyone found to be affected by other unsavory apps.

What about the public response? What does he think about #deletefacebook?

I don’t think we’ve seen a meaningful number of people act on that, but, you know, it’s not good.

As for preventing future manipulation of the system during a major election year (not just here but around the world):

In 2017 with the special election in Alabama, we deployed some new A.I. tools to identify fake accounts and false news, and we found a significant number of Macedonian accounts that were trying to spread false news, and were able to eliminate those.

It’s the first time he’s talked about it, apparently. Hopefully they’ll prove as effective during larger campaigns.

Zuckerberg also goes off on some interesting tangents with Wired, for instance the efficacy of AI in certain situations and the status of the Cambridge Analytica audit in the UK. As for whether he’ll appear in front of Congress:

If it is ever the case that I am the most informed person at Facebook in the best position to testify, I will happily do that.

If I had to guess, I’d say that hour fast approaches.

7 much scarier questions for Zuckerberg

Could this be just the beginning of a much bigger Cambridge Analytica scandal for Facebook? The answer rides on how transparent Facebook is actually being right now. CEO Mark Zuckerberg just put forth a statement and plan to improve data privacy, but omitted some of the most grievous inquiries — and stopped short of apologizing.

Exactly how Facebook handled the multi-year fiasco could be core to whether the public forgets and goes back to scrolling their News Feed, or whether users leave en masse while government regulators swoop in. With journalists around the world digging in and government officials calling for Zuckerberg to testify, the truth is likely to trickle out. Here’s what we want to know:

  1. To what extent did Facebook vigorously investigate whether Cambridge Analytica had actually deleted all its Facebook user data back in 2015 when it made it promise to do so, and why didn’t it inform the public of the situation? (When did Zuckerberg find out? Was Facebook concerned about appearing liberal and for investigating a conservative political organization?)
  2. How could Facebook not know Cambridge Analytica was using ill-gotten Facebook data when Facebook employees worked directly with the Donald Trump campaign? (Facebook employees worked side by side with Cambridge Analytica in Trump’s San Antonio campaign office, so did they look the other way about suspicious data?)
  3. Did Cambridge Analytica attain illicit Facebook data from any other sources besides Aleksandr Kogan’s app, such as from other apps it operated, scraping Facebook group membership or buying data from other developers? (Was the Trump campaign’s masterful use of Facebook and other social media powered by more than just this one data set, perhaps even from other social networks?)
  4. Is there any evidence that data from Russian hackers or the government was used by Cambridge Analytica to inform Trump’s campaign marketing? (If so, could Facebook be the smoking gun of potential collusion between Russia and Trump’s campaign?)
  5. Is Facebook retaining data, ads or posts connected to Cambridge Analytica for further investigation? (If Cambridge Analytica did misuse data, what content was powered by that misuse, and who else pitched in?)
  6. Why did Facebook try to suppress the stories about Cambridge Analytica from news outlets like The Observer with legal threats if it’s so serious about atoning for the scandal? (Who authorized or conducted those threats, and what’s happened to them since?)
  7. How will Facebook ensure the security of user data attained by apps given that there could be tons of developers storing multiple separate copies of the data, beyond the big or suspicious ones Facebook plans to audit? (Should the public expect more news of app data misuse by other developers?)

Zuckerberg’s response to Cambridge scandal omits why it delayed investigating

“I started Facebook, and at the end of the day I’m responsible for what happens on our platform” Facebook CEO Mark Zuckerberg posted after days of the public and government officials waiting for him to speak up about the Cambridge Analytica scandal since it broke Friday. “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”

For more on what Zuckerberg omitted in his statement, check out our feature piece

Zuckerberg laid out a slate of changes Facebook will make to prevent past and future abuses of user data by app developers. Those include:

  1. Blocking data access of apps you haven’t used for three months or more
  2. Auditing old apps that collected a lot of personal data
  3. Reducing the amount of data apps can pull using Facebook Login without an additional permissions screen to just your name, profile photo, and email address
  4. Requiring a signed contract from developers that want to pull your posts or private information
  5. Surfacing Facebook’s privacy third-party app privacy settings tool atop the News Feed to help people repeal access to apps
  6. Telling people if their data was misued by the app associated with Cambridge Analytica, or apps Facebook bans for misue in the future.

What’s missing from this response is any indication why Facebook didn’t do more to enforce its policy prohibiting apps from sharing user data, or why it took Cambridge Analytica at their word when they said they deleted the data without proper investigation. Or a straight-forward apology. Facebook is still playing the victim here.

Facebook was hit with one of its biggest scandals ever when multiple outlets reported that a researcher’s app pulled personal information about 270,000 users and 50 million of their friends, then passed that data to Cambridge Analytica. The political strategy firm then used that data to power messaging, targeting, and more for Donald Trump’s presidential campaign and the Brexit Leave movement.

The proposed solutions should help users take better control of their data while putting sensible friction and documentation in place for app developers that want people’s personal info or content. The audits of developers who pulled lots of friends’ data before the 2014 change that restricted that ability could root out some more bad actors.

But overall, the plan doesn’t address the fact that tons of developers pulled and may still be in possession of illicit Facebook data. Now off of Facebook’s servers, it has little control over it. Finding and deleting every copy of these data sets may be impossible. That could lead to future data scandals that may make people take Zuckerberg up on his assertion that if Facebook can’t keep people’s data safe, they shouldn’t use it.

You can read Zuckerberg’s full post below:

I want to share an update on the Cambridge Analytica situation — including the steps we've already taken and our next…

Posted by Mark Zuckerberg on Wednesday, March 21, 2018

For more on Facebook’s Cambridge Analytica scandal, read our feature pieces: