Facebook responds to data misuse
Facebook CEO Mark Zuckerberg has issued a formal response to the reports that Cambridge Analytica misused customer data collected from Facebook, and the platform is making some changes.
Sheryl Sandberg says Facebook leadership should have spoken sooner, Facebook is open to regulation says zuck
The days of silence from Facebook’s top executives
after the company banned the political advisory service Cambridge
Analytica from its platform were a mistake, according to Sheryl
Sandberg.
In a brief interview on CNBC, Sandberg said that the decision for her and company chief executive and founder Mark Zuckerberg to wait before speaking publicly about the evolving crisis was a mistake.
“Sometimes we speak too slowly,” says Sandberg. “If I look back I would have had Mark and myself speak sooner.”
It was the only significant new word from the top level of leadership at Facebook following the full-court press made by Mark Zuckerberg yesterday.
The firestorm that erupted over Facebook’s decision to ban Cambridge Analytica — and the ensuing revelations that the user data of 50 million Facebook users were accessed by the political consulting and marketing firm without those users’ permission — has slashed Facebook stock and brought calls for regulation for social media companies.
Even as $60 billion of shareholder value disappeared, Zuckerberg and Sandberg remained quiet.
The other piece of information from Sandberg’s CNBC interview was her admission that the company is “open” to government regulation. But even that formulation suggests what is a basic misunderstanding at best and cynical contempt at worst for the role of government in the process of protecting Facebook’s users.
Ultimately, it doesn’t matter whether Facebook is open to regulation or not. If the government and U.S. citizens want more controls, the regulations will come.
And it looks like Facebook’s proposed solution will end up costing the company a pretty penny as well, as it brings in forensic auditors to track who else might have abused the data harvesting permissions that the company had put in place in 2007 and only sunset in 2015.
Before the policy change, companies that aggressively acquired data from Facebook would come in for meetings with the social media company and discuss how the data was being used. One company founder — who was a power user of Facebook data — said that the company’s representatives had told him “If you weren’t pushing the envelope, we wouldn’t respect you.”
Collecting user data before 2015 was actually something the company encouraged, under the banner of increased utility for Facebook users — so that calendars could bring in information about the birthdays of friends, for instance.
Indeed, the Obama campaign used Facebook data from friends in much the same way as Cambridge Analytica, albeit with a far greater degree of transparency.
The issue is that users don’t know where their data went in the years before Facebook shut the door on collection of data from a users’ network of friends in 2015.
That’s what Facebook — and the government — is trying to find out.
In a brief interview on CNBC, Sandberg said that the decision for her and company chief executive and founder Mark Zuckerberg to wait before speaking publicly about the evolving crisis was a mistake.
“Sometimes we speak too slowly,” says Sandberg. “If I look back I would have had Mark and myself speak sooner.”
It was the only significant new word from the top level of leadership at Facebook following the full-court press made by Mark Zuckerberg yesterday.
The firestorm that erupted over Facebook’s decision to ban Cambridge Analytica — and the ensuing revelations that the user data of 50 million Facebook users were accessed by the political consulting and marketing firm without those users’ permission — has slashed Facebook stock and brought calls for regulation for social media companies.
Even as $60 billion of shareholder value disappeared, Zuckerberg and Sandberg remained quiet.
The other piece of information from Sandberg’s CNBC interview was her admission that the company is “open” to government regulation. But even that formulation suggests what is a basic misunderstanding at best and cynical contempt at worst for the role of government in the process of protecting Facebook’s users.
Ultimately, it doesn’t matter whether Facebook is open to regulation or not. If the government and U.S. citizens want more controls, the regulations will come.
And it looks like Facebook’s proposed solution will end up costing the company a pretty penny as well, as it brings in forensic auditors to track who else might have abused the data harvesting permissions that the company had put in place in 2007 and only sunset in 2015.
Before the policy change, companies that aggressively acquired data from Facebook would come in for meetings with the social media company and discuss how the data was being used. One company founder — who was a power user of Facebook data — said that the company’s representatives had told him “If you weren’t pushing the envelope, we wouldn’t respect you.”
Collecting user data before 2015 was actually something the company encouraged, under the banner of increased utility for Facebook users — so that calendars could bring in information about the birthdays of friends, for instance.
Indeed, the Obama campaign used Facebook data from friends in much the same way as Cambridge Analytica, albeit with a far greater degree of transparency.
The issue is that users don’t know where their data went in the years before Facebook shut the door on collection of data from a users’ network of friends in 2015.
That’s what Facebook — and the government — is trying to find out.
Mozilla pulls ads off Facebook over data access concerns
Mozilla has announced it’s suspending its advertising on Facebook in the wake of the Cambridge Analytica privacy controversy — saying it has concerns the current default privacy
settings remain risky, and having decided to take a fresh look at
Facebook’s app permissions following the latest user data handling
scandal.
This week the New York Times and The Observer of London reported that a researcher’s app had pulled personal information on about 270,000 Facebook users and 50 million of their friends back in 2015, and then passed that data haul to political consulting firm Cambridge Analytica in violation of Facebook’s policies.
Facebook’s policies previously allowed developers to siphon off app users’ Facebook friends data — though Facebook tightened up these permissions in 2014 — “to dramatically reduce data access”, as founder Mark Zuckerberg has now claimed — though evidently not dramatically enough for Mozilla.
Mozilla writes: “This news caused us to take a closer look at Facebook’s current default privacy settings given that we support the platform with our advertising dollars. While we believe there is still more to learn, we found that its current default settings leave access open to a lot of data – particularly with respect to settings for third party apps.”
It is also running a petition calling for Facebook to lock down app permission settings to ensure users’ privacy is “protected by default”, saying the current default settings “leave a lot of questions and a lot of data flying around”.
“Facebook’s current app permissions leave billions of its users vulnerable without knowing it,” it writes. “If you play games, read news or take quizzes on Facebook, chances are you are doing those activities through third-party apps and not through Facebook itself. The default permissions that Facebook gives to those third parties currently include data from your education and work, current city and posts on your timeline.
“We’re asking Facebook to change its policies to ensure third parties can’t access the information of the friends of people who use an app.”
Mozilla says it will “consider returning” to advertising on Facebook when — or presumably if — the company makes adequate changes to bolster default privacy settings.
“We are encouraged that Mark Zuckerberg has promised to improve the privacy settings and make them more protective. When Facebook takes stronger action in how it shares customer data, specifically strengthening its default privacy settings for third party apps, we’ll consider returning,” it writes. “We look forward to Facebook instituting some of the things that Zuckerberg promised today.”
We’ve reached out to Facebook for comment on Mozilla’s action and will update this story with any response.
At the time of writing Mozilla had not responded to questions about the move.
Even setting aside the current Facebook-Cambridge Analytica data handling scandal, big privacy-related changes are incoming to Facebook thanks to the European Union’s updated data protection framework, GDPR, which will apply from May 25 to any company that processes EU citizens’ personal data.
As part of those changes — and as Facebook tries to comply with the new EU privacy standard — in January the company announced it would be rolling out a new privacy center globally that would put core privacy settings in one place. That one-stop hub is yet to launch but must arrive before May 25.
Also in January Facebook published a set of privacy principles — including grand claims that: “We help people understand how their data is used”; “We design privacy into our products from the outset”; “We work hard to keep your information secure”; “You own and can delete your information”; and “We are accountable”.
Given the last of its published principles, it will be interesting to see which executive Facebook chooses to send to testify in front of Congress — to explain things like how it failed to protect the privacy of ~50M users nor even inform people their data had been siphoned off for illicit purposes.
Asked by CNN whether he will personally testify, Zuckerberg said he will do so “if it’s the right thing to do”. So we’ll soon find out how much that privacy accountability ‘principle’ is really worth.
This week the New York Times and The Observer of London reported that a researcher’s app had pulled personal information on about 270,000 Facebook users and 50 million of their friends back in 2015, and then passed that data haul to political consulting firm Cambridge Analytica in violation of Facebook’s policies.
Facebook’s policies previously allowed developers to siphon off app users’ Facebook friends data — though Facebook tightened up these permissions in 2014 — “to dramatically reduce data access”, as founder Mark Zuckerberg has now claimed — though evidently not dramatically enough for Mozilla.
Mozilla writes: “This news caused us to take a closer look at Facebook’s current default privacy settings given that we support the platform with our advertising dollars. While we believe there is still more to learn, we found that its current default settings leave access open to a lot of data – particularly with respect to settings for third party apps.”
It is also running a petition calling for Facebook to lock down app permission settings to ensure users’ privacy is “protected by default”, saying the current default settings “leave a lot of questions and a lot of data flying around”.
“Facebook’s current app permissions leave billions of its users vulnerable without knowing it,” it writes. “If you play games, read news or take quizzes on Facebook, chances are you are doing those activities through third-party apps and not through Facebook itself. The default permissions that Facebook gives to those third parties currently include data from your education and work, current city and posts on your timeline.
“We’re asking Facebook to change its policies to ensure third parties can’t access the information of the friends of people who use an app.”
Mozilla says it will “consider returning” to advertising on Facebook when — or presumably if — the company makes adequate changes to bolster default privacy settings.
“We are encouraged that Mark Zuckerberg has promised to improve the privacy settings and make them more protective. When Facebook takes stronger action in how it shares customer data, specifically strengthening its default privacy settings for third party apps, we’ll consider returning,” it writes. “We look forward to Facebook instituting some of the things that Zuckerberg promised today.”
We’ve reached out to Facebook for comment on Mozilla’s action and will update this story with any response.
At the time of writing Mozilla had not responded to questions about the move.
Even setting aside the current Facebook-Cambridge Analytica data handling scandal, big privacy-related changes are incoming to Facebook thanks to the European Union’s updated data protection framework, GDPR, which will apply from May 25 to any company that processes EU citizens’ personal data.
As part of those changes — and as Facebook tries to comply with the new EU privacy standard — in January the company announced it would be rolling out a new privacy center globally that would put core privacy settings in one place. That one-stop hub is yet to launch but must arrive before May 25.
Also in January Facebook published a set of privacy principles — including grand claims that: “We help people understand how their data is used”; “We design privacy into our products from the outset”; “We work hard to keep your information secure”; “You own and can delete your information”; and “We are accountable”.
Given the last of its published principles, it will be interesting to see which executive Facebook chooses to send to testify in front of Congress — to explain things like how it failed to protect the privacy of ~50M users nor even inform people their data had been siphoned off for illicit purposes.
Asked by CNN whether he will personally testify, Zuckerberg said he will do so “if it’s the right thing to do”. So we’ll soon find out how much that privacy accountability ‘principle’ is really worth.
Zuckerberg on #deletefacebook: ‘You know, it’s not good’
Following what felt like years of silence on a plethora of issues, Facebook founder and CEO Mark Zuckerberg has gone on an interview rampage (but not us — was it my editorial?). Although he mainly plugs away at the points he made in today’s blog post, there are a few items worth noting.
Regarding the company’s acceptance at face value that Cambridge Analytica had deleted the data they weren’t supposed to have (to Recode):
What about the public response? What does he think about #deletefacebook?
Zuckerberg also goes off on some interesting tangents with Wired, for instance the efficacy of AI in certain situations and the status of the Cambridge Analytica audit in the UK. As for whether he’ll appear in front of Congress:
Regarding the company’s acceptance at face value that Cambridge Analytica had deleted the data they weren’t supposed to have (to Recode):
At the time it didn’t seem like we needed to go further on that. Given what we know now we clearly should have followed up and we’re never going to make that mistake again.And what about the thousands of apps that may have performed similar data grabs during the many years it was possible?
The data isn’t on our servers, so it would require us sending out forensic auditors to different apps.How many apps are we talking about here? (to the New York Times)
It will be in the thousands.Will the 50 million estimated to be affected by the data collected by Aleksandr Kogan be notified to what extent their data was shared?
Yes. We’re going to tell anyone whose data may have been shared.Presumably the same will be true for anyone found to be affected by other unsavory apps.
What about the public response? What does he think about #deletefacebook?
I don’t think we’ve seen a meaningful number of people act on that, but, you know, it’s not good.As for preventing future manipulation of the system during a major election year (not just here but around the world):
In 2017 with the special election in Alabama, we deployed some new A.I. tools to identify fake accounts and false news, and we found a significant number of Macedonian accounts that were trying to spread false news, and were able to eliminate those.It’s the first time he’s talked about it, apparently. Hopefully they’ll prove as effective during larger campaigns.
Zuckerberg also goes off on some interesting tangents with Wired, for instance the efficacy of AI in certain situations and the status of the Cambridge Analytica audit in the UK. As for whether he’ll appear in front of Congress:
If it is ever the case that I am the most informed person at Facebook in the best position to testify, I will happily do that.If I had to guess, I’d say that hour fast approaches.
7 much scarier questions for Zuckerberg
Could this be just the beginning of a much bigger Cambridge Analytica scandal for Facebook? The answer rides on how transparent Facebook is actually being right now. CEO Mark Zuckerberg just put forth a statement and plan to improve data privacy, but omitted some of the most grievous inquiries — and stopped short of apologizing.
Exactly how Facebook handled the multi-year fiasco could be core to whether the public forgets and goes back to scrolling their News Feed, or whether users leave en masse while government regulators swoop in. With journalists around the world digging in and government officials calling for Zuckerberg to testify, the truth is likely to trickle out. Here’s what we want to know:
Exactly how Facebook handled the multi-year fiasco could be core to whether the public forgets and goes back to scrolling their News Feed, or whether users leave en masse while government regulators swoop in. With journalists around the world digging in and government officials calling for Zuckerberg to testify, the truth is likely to trickle out. Here’s what we want to know:
- To what extent did Facebook vigorously investigate whether Cambridge Analytica had actually deleted all its Facebook user data back in 2015 when it made it promise to do so, and why didn’t it inform the public of the situation? (When did Zuckerberg find out? Was Facebook concerned about appearing liberal and for investigating a conservative political organization?)
- How could Facebook not know Cambridge Analytica was using ill-gotten Facebook data when Facebook employees worked directly with the Donald Trump campaign? (Facebook employees worked side by side with Cambridge Analytica in Trump’s San Antonio campaign office, so did they look the other way about suspicious data?)
- Did Cambridge Analytica attain illicit Facebook data from any other sources besides Aleksandr Kogan’s app, such as from other apps it operated, scraping Facebook group membership or buying data from other developers? (Was the Trump campaign’s masterful use of Facebook and other social media powered by more than just this one data set, perhaps even from other social networks?)
- Is there any evidence that data from Russian hackers or the government was used by Cambridge Analytica to inform Trump’s campaign marketing? (If so, could Facebook be the smoking gun of potential collusion between Russia and Trump’s campaign?)
- Is Facebook retaining data, ads or posts connected to Cambridge Analytica for further investigation? (If Cambridge Analytica did misuse data, what content was powered by that misuse, and who else pitched in?)
- Why did Facebook try to suppress the stories about Cambridge Analytica from news outlets like The Observer with legal threats if it’s so serious about atoning for the scandal? (Who authorized or conducted those threats, and what’s happened to them since?)
- How will Facebook ensure the security of user data attained by apps given that there could be tons of developers storing multiple separate copies of the data, beyond the big or suspicious ones Facebook plans to audit? (Should the public expect more news of app data misuse by other developers?)
Zuckerberg’s response to Cambridge scandal omits why it delayed investigating
For more on what Zuckerberg omitted in his statement, check out our feature piece
Zuckerberg laid out a slate of changes Facebook will make to prevent past and future abuses of user data by app developers. Those include:
- Blocking data access of apps you haven’t used for three months or more
- Auditing old apps that collected a lot of personal data
- Reducing the amount of data apps can pull using Facebook Login without an additional permissions screen to just your name, profile photo, and email address
- Requiring a signed contract from developers that want to pull your posts or private information
- Surfacing Facebook’s privacy third-party app privacy settings tool atop the News Feed to help people repeal access to apps
- Telling people if their data was misued by the app associated with Cambridge Analytica, or apps Facebook bans for misue in the future.
Facebook was hit with one of its biggest scandals ever when multiple outlets reported that a researcher’s app pulled personal information about 270,000 users and 50 million of their friends, then passed that data to Cambridge Analytica. The political strategy firm then used that data to power messaging, targeting, and more for Donald Trump’s presidential campaign and the Brexit Leave movement.
The proposed solutions should help users take better control of their data while putting sensible friction and documentation in place for app developers that want people’s personal info or content. The audits of developers who pulled lots of friends’ data before the 2014 change that restricted that ability could root out some more bad actors.
But overall, the plan doesn’t address the fact that tons of developers pulled and may still be in possession of illicit Facebook data. Now off of Facebook’s servers, it has little control over it. Finding and deleting every copy of these data sets may be impossible. That could lead to future data scandals that may make people take Zuckerberg up on his assertion that if Facebook can’t keep people’s data safe, they shouldn’t use it.
You can read Zuckerberg’s full post here
For more on Facebook’s Cambridge Analytica scandal, read our feature pieces:
No comments:
Post a Comment