Facebook is no stranger to scandal, but the last few days have been a particular kind of rocky for the gargantuan social network. Following revelations that Facebook happily handed over the data of 50 million users to Cambridge Analytica, the company’s stock price has tanked, investors have filed suit against the company, and CEO Mark Zuckerberg has been doing his best tumbleweed impression.

But Zuckerberg has recognized the seriousness of the crisis facing his company, and the hoodied figure has finally made a public post to address the issues. In a statement on his Facebook page (but of course), Zuckerberg gave an exhaustive timeline of events, said that “mistakes were made,” and promised that it would never happen again.

“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Zuckerberg said. “I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there’s more to do, and we need to step up and do it.”

The scandal emerged into the public eye late last week, when a whistleblower from data firm Cambridge Analytica revealed to The Guardian and the New York Times how the company harvested data from Facebook to fuel its political operations. Cambridge Analytica, best known for its work on President Trump’s digital campaign, reportedly “harvested private information from the Facebook profiles of more than 50 million users without their permission.”

According to The Guardian‘s report, Cambridge Analytica used a harmless-looking Facebook app to gather information not just on a few hundred thousand users, but also on their friends:

The data was collected through an app called thisisyourdigitallife, built by academic Aleksandr Kogan, separately from his work at Cambridge University. Through his company Global Science Research (GSR), in collaboration with Cambridge Analytica, hundreds of thousands of users were paid to take a personality test and agreed to have their data collected for academic use.

However, the app also collected the information of the test-takers’ Facebook friends, leading to the accumulation of a data pool tens of millions-strong. Facebook’s “platform policy” allowed only collection of friends’ data to improve user experience in the app and barred it being sold on or used for advertising.

Initially, Facebook’s reaction was one of outrage and finger-pointing. “This was a scam — and a fraud,” said Paul Grewal, Facebook’s deputy general counsel, told the New York Times last Friday. “We will take whatever steps are required to see that the data in question is deleted once and for all — and take action against all offending parties,” Mr. Grewal continued, and indeed, Facebook immediately suspended Cambridge Analytica, and sent forensic auditors to its London offices.

But as more details emerged, it became increasingly clear that this wasn’t a technical data security breach, but rather a baked-in problem for Facebook. “Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time,” Facebook wrote in a statement Friday. The company contends that the data was misused after it was taken from Facebook’s servers, but the question emerging is why Facebook let the data be harvested in the first place.

The company pointed out that since 2014, it has changed its security policies, and in theory, a similar data breach couldn’t happen again. “In the past five years, we have made significant improvements in our ability to detect and prevent violations by app developers,” Facebook said in a statement. “Now all apps requesting detailed user information go through our App Review process, which requires developers to justify the data they’re looking to collect and how they’re going to use it – before they’re allowed to even ask people for it.”

In his statement, Zuckerberg said that the platform will go farther in its agreements with developers in the future. “We will restrict developers’ data access even further to prevent other kinds of abuse,” Zuckerberg said. “For example, we will remove developers’ access to your data if you haven’t used their app in 3 months. We will reduce the data you give an app when you sign in — to only your name, profile photo, and email address. We’ll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data.”

Since the initial reports emerged about Facebook’s data leak, Cambridge Analytica has been rocked by a separate scandal. An investigative journalist for the UK’s Channel 4 news secretly filmed meetings with Cambridge Analytica executives, in which they claimed to have used bribery, entrapment, and ‘fake news’ campaigns to help control the outcomes of elections worldwide. The CEO, Alexander Nix, also claimed a much bigger role for Cambridge Analytica in the Trump presidential campaign than was previously realized.

Comments