Facebook CEO Mark Zuckerberg has been silent all through the Cambridge Analytica scandal which has tanked the company’s stock by over $45 billion and caused widespread outrage in the US and UK. He’s now decided to break his silence through a Facebook post which explains what happened and what’s going to happen to fix things.
Zuckerberg starts out the post by stating that Facebook has a responsibility to protect user data and if it can’t then it doesn’t deserve to serve them. While this is all well and good, he doesn’t actually apologize for the mistakes it’s made so far. He does at least admit to them, but some might say it’s a bit late for that given that he’s only fessing up now that it’s been caught.
As per his timeline, Facebook allowed apps to gain access to a person’s information as well as their friends’ information in 2007. A Cambridge University researcher named Aleksandr Kogan created a personality quiz app in 2013 which was used by 300000 people. This in turn allowed him to access the data of tens of millions of their friends.
Facebook changed things up in 2014 to limit the amount of data an app could view. Applications could only see a friends’ data if that friend had also authorized the application and had to get approval from the company to request sensitive data. As a result, apps today can’t steal the same kind of information.
Neither of these measures addresses the numerous apps which took advantage of the system for all those years it was active, though. This came to a head in 2015 when Facebook was told by The Guardian that Kogan had shared his app data with Cambridge Analytica, a data mining firm.
Facebook banned Kogan’s app and asked him and Cambridge Analytica to certify that they had deleted all the illegal data. While the pair provided these certifications, it seems the latter did not get rid of the data as certified. Zuckerberg says Facebook found out about this just last week and is now conducting a forensic audit on the firm to confirm whether the data has gotten removed or not.
There’s no doubt that Facebook has been lax with people’s information and hasn’t done nearly enough to stop malicious parties from benefitting from loopholes, even though it was aware of the potential for misconduct. It plans to investigate all the apps which had access to large amounts of data before its policy change in 2014.
Any developer who doesn’t agree to an audit or is found misusing personally identifiable information will be banned. Facebook also plans to inform the people who were affected by these apps. It should have done this years ago as the breaches occurred, but better late than never.
Facebook is further going to restrict the amount of data a developer can access to a person’s name, profile photo, and email address upon signing in. Posts and private data are off limits until approval has been sought and a contract has been signed.
Lastly, Facebook is going to make its existing privacy settings more obvious by pinning a new tool at the top of an individual’s News Feed. It will show them the apps they’ve used and a simple way to revoke permission to their data.
It remains to be seen whether these steps will be enough to stop the wave of #DeleteFacebook. Zuckerberg told The New York Times that he hadn’t seen a “meaningful number of people” saying goodbye to the site, but trends on the internet say otherwise. He also got around to apologizing to users in a CNN interview, saying that this was a major breach of trust and he was sorry it had happened.