Facebook under FTC microscope over Cambridge Analytica breach – CNET

Federal Trade Commission Building in Washington, DC

The US Federal Trade Commission wants answers about how Facebook handles user data.

Getty Images

Facebook’s troubles aren’t going away anytime soon in a wave of intense scrutiny that started with the question of how data on millions of its users ended up in the hands of Cambridge Analytica. 

The Federal Trade Commission said Monday it has opened an investigation into Facebook’s privacy practices. As reported last week, the FTC is interested in whether Facebook violated the terms of a 2011 consent decree. The decree mandated that the social media company notify users and obtain their consent to share information with third parties.

It’s just the latest shoe to drop in the Cambridge Analytica scandal. The social network is in trouble for letting data on 50 million users fall into the hands of the data analytics firm, which was hired by the Trump campaign for the 2016 presidential election. The FTC’s decision to step in signals more government scrutiny over Facebook’s actions. 

“The FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook,” Tom Pahl, acting director of the agency’s bureau of consumer protection, said in a statement. “Today, the FTC is confirming that it has an open non-public investigation into these practices.”

Separately, 37 state attorneys general sent a letter Monday to Facebook with questions for the company related to Cambridge Analytica.

“Facebook has made promises about users’ privacy in the past, and we need to know that users can trust Facebook. With the information we have now, our trust has been broken,” the letter states (PDF). 

Now Playing: Watch this: Find out what Facebook knows about you and take action

4:05

The misuse of the data, which was collected in 2013 through a personality quiz called “thisisyourdigitallife,” shed light on how poorly Facebook has handled personal information. While fewer than 300,000 people took the quiz, the app was able to grab data from an extended network of friends, a valuable trove of information that Cambridge Analytica allegedly used to great effect with its targeted political ads.

Cambridge Analytica has denied any wrongdoing.

Zuckerberg has apologized to the social network’s 2.2 billion users for what he called a “breach of trust” and said he’s addressing the app exploit. He vowed to investigate all apps that have had access to large amounts of information and to “conduct a full audit of any app with suspicious activity.”

But Zuckerberg still faces calls to testify before Congress. During an interview with CNN, Zuckerberg said he would do so — with some caveats. 

“So what we try to do is send the person at Facebook who will have the most knowledge about what Congress is trying to learn,” he said. “So if that’s me, then I am happy to go.”

He may not have much choice in the matter. On Monday, the Senate judiciary committee sent Zuckerberg invitation to appear before an April 10 hearing on how social media companies handle user data. (The CEOs of Google and Twitter are also invited.) The House committee on energy and commerce may also soon get around to requesting his presence.

Zuckerberg went on an apology tour last week following five days of silence on the matter. The lack of a response from the CEO spurred hashtags like #whereszuck and #deletefacebook, with companies like Tesla and Space X and individuals like Cher taking real action.

Man at computer during Facebook engineering bootcamp

What goes on behind the scenes at Facebook when it comes to the data you share? The US government (and others) want to know.

Facebook

The 37 state attorneys general who sent the letter Monday to Facebook have specifically requested “prompt” answers to seven questions.

“Were those terms of service clear and understandable, or buried in boilerplate where few users would even read them? How did Facebook monitor what these developers did with all the data that they collected? What type of controls did Facebook have over the data given to developers?” they asked.

“Did Facebook have protective safeguards in place, including audits, to ensure developers were not misusing the Facebook user’s data? How many users in our respective states were impacted? When did Facebook learn of this breach of privacy protections? During this timeframe, what other third party ‘research’ applications were also able to access the data of unsuspecting Facebook users?”

Facebook shares, which are down almost 14 percent since the Cambridge Analytica scandal broke March 16, dropped nearly 6 percent in morning trading Monday. The stock recovered some but was down 3.66 percent at 10 a.m. PT.

First published March 26 at 8:51 a.m. PT. 
Update, 9:23 a.m. PT: To include additional background and context. 
Update, 10:01 a.m. PT: Adds letter from state attorneys general and stock price.
Update, 1:12 p.m. PT:  Added information on the Senate judiciary hearing and other background.

Blockchain Decoded:  CNET looks at the tech powering bitcoin — and soon, too, a myriad of services that will change your life.

Special Reports: CNET’s in-depth features in one place.