That long-awaited Mark Zuckerberg response: Everything's fine! Mostly fixed! Facebook's great! All good in the hoodie!
The sound of stable door shutting years too late
Mark Zuckerberg, CEO of Facebook, has broken his silence about his data gathering and advertising firm's unforeseen role in data gathering and advertising.
On Wednesday, Zuckerberg provided "an update on the Cambridge Analytica situation," a reference to the UK-based data analytics firm's alleged use of 50 million Facebook profiles it obtained from Cambridge University researcher Aleksandr Kogan to develop psychographic profiles that would be employed to advance Donald Trump's presidential aspirations.
Cambridge Analytica denies the data played any part in the services it provided to Donald Trump's presidential campaign. Nonetheless, the firm saw fit on Tuesday to suspend CEO Alexander Nix while it investigates.
In contrast with his last dozen or so apologies, Zuckerberg says the problem is already fixed, even as he acknowledges there's further work to do.
"The good news is that the most important actions to prevent this from happening again today we have already taken years ago," the behoodied one said in a post on Facebook. "But we also made mistakes, there's more to do, and we need to step up and do it."
Zuckerberg is referring to changes to Facebook's developer platform policies made four years ago. In 2014, the mass surveillance biz announced the planned shutdown of an API that allowed developers to gather data about the friends of people using their apps.
A year earlier, Kogan built a personality quiz app using that API. The app attracted an audience of about 300,000, which gave Kogan access the app users' friends – about 50 million people. It is perhaps worth noting that Kogan was not the only developer who made use of this treasure trove of personal information that would be prohibitively expensive to obtain any other way.
This exfiltration of Facebook data was not by breach but by design. At least once the horses had escaped, Facebook dutifully shut the barn door. Zuckerberg said Facebook intends to hunt down escapees and excommunicate them if necessary.
"First, we will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity," he said. "We will ban any developer from our platform that does not agree to a thorough audit."
The ban hammer has already fallen, on Kogan, who claims he's being scapegoated, on Cambridge Analytica, which insists it behaved lawfully, and on Christopher Wylie, the former employee of Cambridge Analytica who blew the whistle on the misuse of Facebook data.
Wylie, according to reports, has been locked out of his Facebook and Instagram accounts, exile that Brian Acton, co-founder of What'sApp, on Tuesday urged people to impose on themselves by deleting their Facebook accounts.
Zuck said that his company was alerted to the Kogan situation by The Observer. He didn't mention that Facebook, along with Cambridge Analytica, then tried to ban The Observer from breaking this story, through the threat of litigation, but the social data sharing biz's saber rattling proved no more effective than its privacy promises. Zuckerberg's account of the timing is also disputed by some.
Minor typo in Mark Zuckerberg's statement today on Cambridge Analytica:— The Register (@TheRegister) March 21, 2018
Replace "we learned from The Guardian" with "we legally threatened the Guardian/Observer". Minor typo.https://t.co/qum2ldVtN1 pic.twitter.com/XqmnmK4shF
⏩ UPDATE: Facebook knew about later #CambridgeAnalyticaFiles app problem since 2011, but said data sharing is perfectly legal. Irish Regulator (@DPCIreland) saw a "satisfactory response" in 2012 by Facebook.— Max Schrems (@maxschrems) March 21, 2018
DETAILS & DOCUMENTS: https://t.co/lmSUYLJlAV#CambridgeAnalytics pic.twitter.com/wYFumu9WSO
Zuckerberg says Facebook will also "restrict developers' data access even further to prevent other kinds of abuse" and will take steps to help users "understand which apps you've allowed to access your data."
If Facebook is able to provide some clarity, it will be a long-overdue achievement because people have complained about the difficulty of understanding Facebook privacy settings and controls for years.
The company says it will take additional steps to limit platform abuse, such as disabling unused apps, restricting the data apps implementing Facebook Login can request, and encouraging people to manage the apps they use more actively.
"I started Facebook, and at the end of the day I'm responsible for what happens on our platform," said Zuckerberg. "I'm serious about doing what it takes to protect our community."
Facebook's board of directors, however, has shown no sign it intends to translate that responsibility into any meaningful action against Zuckerberg. Nor is there any indication the company's ads-and-data business model will be reconsidered. ®
Sponsored: Becoming a Pragmatic Security Leader