Mark Zuckerberg has broken his silence on the acquisition of 50 million Facebook users’ personal information by Cambridge Analytica, the shadowy data analytics company that claims to have won the presidential election for Donald Trump.
The Facebook CEO publicly addressed the exploit of Facebook users’ data on his Facebook page today.
“This was a breach of trust between Kogan, Cambridge Analytica and Facebook,” Zuckerberg wrote. “But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.”
“I started Facebook, and at the end of the day I’m responsible for what happens on our platform. I’m serious about doing what it takes to protect our community.”
It has been four days since the New York Times and The Guardian first reported the incident, which Facebook characterized as a deception by Cambridge Analytica, saying that “the entire company is outraged.” Facebook has, until now, ignored criticisms that its negligence allowed Cambridge University researcher Aleksandr Kogan to harvest people’s data using the Facebook API, which gave developers access not only to a user’s information, but the information of their friends as well. Facebook has since narrowed the pipeline for developers, and provides better disclaimers to users who consider handing over their data.
Regardless, The Guardian claims that Kogan only had a license to collect data for research purposes, and not commercial ones, which means he broke that agreement by passing it onto Cambridge Analytica.
The New York Times claims that all Kogan “divulged to Facebook, and to users in fine print, was that he was collecting information for academic purposes, the social network said,” and that, behind the scenes, Cambridge Analytica had been funding his work. Facebook, according to the report, never verified Kogan’s claims.
Today, Zuckerberg confirmed that Kogan created a personality app in 2013, that was installed by “around 300,000 people who shared their data as well as some of their friends’ data. Given the way our platform worked at the time this meant Kogan was able to access tens of millions of their friends’ data.”
In 2014, Facebook changed the rules around its API, so that apps like Kogan’s could no longer access the profile of a user’s friends, unless those friends had given their permission. At that time, developers were also required to obtain approval from Facebook before requesting sensitive data, though Zuckerberg did not elaborate on the definition of “sensitive data.”
In 2015, Zuckerberg confirmed that Facebook was made aware by The Guardian that Kogan had shared his data with Cambridge Analytica, which is against Facebook’s policies, “so we immediately banned Kogan’s app from our platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data.” Facebook claims they did.
Which brings us to now: Zuckerberg says the reports from the New York Times, The Guardian, and Channel 4 News alerted Facebook to the possibility that Cambridge Analytica did not fully delete this data.
“Cambridge Analytica claims they have already deleted the data and has agreed to a forensic audit by a firm we hired to confirm this. We’re also working with regulators as they investigate what happened,” Zuckerberg added.
Zuckerberg and Sheryl Sandberg, Facebook’s chief operating officer, have been blamed for remaining silent for too long. The company held an all-staff meeting on Tuesday where Facebook attorney Paul Grewal took questions from employees about Cambridge Analytica, but neither Zuckerberg nor Sandberg attended.
Facebook has stressed that it wants to assess the entire situation before taking action. First, Zuckerberg says that Facebook will investigate all apps that had access to users’ data through 2014.
“We will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps,” Zuckerberg says.
Secondly, Facebook intends to further restrict developers’ access to people’s data. For example, apps that a user hasn’t touched in three months will have it access revoked. And a user’s name, profile photo, and email address will be the only pieces of information required when authorizing an app.
“We’ll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. And we’ll have more changes to share in the next few days,” Zuckerberg says.
The CEO also claims that Facebook will be releasing a tool that helps users to understand which apps have access to their data. Right now, this is something that people can view under Privacy Settings, but it seems like Facebook will be making it more prominent in the future.
Zuckerberg’s statement promises a lot, and it remains to be seen whether Facebook will follow through on these changes. Several #DeleteFacebook petitions are now circulating, urging users to remove their accounts and uninstall the app.
“While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn’t change what happened in the past,” Zuckerberg concluded. “We will learn from this experience to secure our platform further and make our community safer for everyone going forward.”