Content, Breach

Facebook CEO Zuckerberg Vows Data Access Policy Changes Amid Harvesting Scandal

Facebook boss Mark Zuckerberg, under fire from U.S. and U.K. legislators to answer how political consultant Cambridge Analytica (CA) got away with harvesting the personal information of some 50 million of the social network’s users, admitted on Wednesday that his company had “made mistakes” and needed to “step up.”

“We have a responsibility to protect your data, and if we can't then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again,” Zuckerberg wrote in a lengthy Facebook post.

In his first public remarks five days after the Guardian of London and the New York Times reported on the scandal, the CEO said Facebook will change the way it shares user information with third-party applications. He said the company four years ago had clamped down on the user data third-party apps could access but needed to do more.

Zuckerberg said it will ban developers that do not comply with audits on Facebook user data in their possession going back four years, remove developers’ access to user data if their app hasn’t been used for three months, and make more visible a tool that helps users to understand the apps they’ve allowed to access their data. You can read more details on the policy changes here.

Referencing a personality app developed by Cambridge University researcher Aleksandr Kogan in 2013 that gathered data not only from the 270,000 people who signed on to it but also their friends, ultimately mushrooming to millions of users, Zuckerberg called it a “breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.”

Zuckerberg said that he learned from journalists that Kogan had shared the data he gathered with the London-based Cambridge Analytica and responded by banning his app and insisting that the consultant delete the data in its possession. Still, Facebook took those actions more than two years after the breach was first reported. It was only last week, Zuckerberg said, that he suspected from media reports that the data remained in Cambridge Analytica’s hands.

Facebook, he said, is working with regulators to investigate what happened, perhaps a reference to the Federal Trade Commission’s (FTC) inquiry into whether the company has violated a 2011 settlement in which it agreed to get user consent for certain changes to privacy settings.

Sheryl Sandberg, Facebook’s COO, in sharing Zuckerberg’s post said, “We know that this was a major violation of peoples’ trust, and I deeply regret that we didn’t do enough to deal with it.”

The breach has drawn a strong reaction among some Facebook users with a considerable number electing to leave the platform, the NYT reported on Wednesday. The hashtag #DeleteFacebook appeared more than 10,000 times on Twitter within a two-hour period on Wednesday, according to the analytics service ExportTweet. And, on Tuesday, it was mentioned 40,398 times, according to the analytics service Digimind, the report said.

It’s not clear if Facebook’s mea culpa will satisfy FTC investigators or U.K. officials. On Monday, Elizabeth Denham, the head of the U.K. Information Commission, said the watchdog was looking at how Facebook secured and safeguarded personal information, when the company knew about the breach and when it informed affected users. Zuckerberg’s post addressed some of those questions but whether he provided satisfactory answers remains to be seen.

"I don’t think we’ve seen a meaningful number of people act on that, but, you know, it’s not good," Zuckerberg told the New York Times. "I think it’s a clear signal that this is a major trust issue for people, and I understand that. And whether people delete their app over it or just don’t feel good about using Facebook, that’s a big issue that I think we have a responsibility to rectify."

Zuckerberg had a lot to say on a variety of issues in interviews on Wednesday with various media outlets. Here’s a compilation of what he said: (via USA Today).

Did Russian hackers get a hold of Facebook data?
"I can’t really say that. I hope that we will know that more certainly after we do an audit," he told Wired magazine.

Should Facebook be regulated?
"I actually am not sure we shouldn't be regulated," he told CNN. "You know, I think in general, technology is an increasingly important trend in the world, and I actually think the question is more what is the right regulation rather than yes or no, should it be regulated?"

Will he testify before Congress?
"If it is ever the case that I am the most informed person at Facebook in the best position to testify, I will happily do that," he told Wired.

Will nation state hackers interfere in the 2018 midterm elections?
"The good news here is that these problems aren’t necessarily rocket science. They’re hard, but they’re things that if you invest and work on making it harder for adversaries to do what they’re trying to do, you can really reduce the amount of false news, make it harder for foreign governments to interfere," he told the New York Times.

Did Facebook influence the 2016 election?
"That is hard. It's really hard for me to have a full assessment of that."

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.

Related Terms

Attack Vector

You can skip this ad in 5 seconds