Too little too late? Facebook to now audit developers for data abuse

By Published on .

Facebook CEO Mark Zuckerberg.
Facebook CEO Mark Zuckerberg. Credit: Guillermo Gutierrez/Bloomberg

Mark Zuckerberg on Wednesday finally broke his silence about the abuse of data on the platform by Cambridge Analytica, promising to redouble efforts to safeguard user privacy after the exposure of the massive data breach.

Since Friday, Facebook has been on the defensive over reports that Cambridge Analytica improperly obtained data on 50 million users, information that it tried to use to influence the 2016 U.S. elections and Brexit referendum.

"We have a responsibility to protect your data, and if we can't then we don't deserve to serve you," Zuckerberg said in a post on the social network he founded. "I've been working to understand exactly what happened and how to make sure this doesn't happen again."

Don't worry. There is "good news," per Zuckerberg.

"The good news is that the most important actions to prevent this from happening again today we have already taken years ago," the Facebook CEO said, referring to a 2014 rule that prohibited developers from accesing data on users' friends. The Cambridge Analytica breach before that. "But we also made mistakes, there's more to do, and we need to step up and do it."

Zuckerberg and Facebook second-in-command Sheryl Sandberg, the chief operating officer, have faced criticism for going somewhat AWOL by not commenting publicly sooner or addressing an all-hands meeting at Facebook on Tuesday. His Facebook post outlined a few steps the company would take to lock down privacy on the platform:

First, we will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity. We will ban any developer from our platform that does not agree to a thorough audit. ...

Second, we will restrict developers' data access even further to prevent other kinds of abuse. For example, we will remove developers' access to your data if you haven't used their app in 3 months. We will reduce the data you give an app when you sign in -- to only your name, profile photo, and email address. We'll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. ...

Third, we want to make sure you understand which apps you've allowed to access your data. In the next month, we will show everyone a tool at the top of your News Feed with the apps you've used and an easy way to revoke those apps' permissions to your data.

But as Zuckerberg said, the most important change may have come in 2014, when Facebook limited developers' access to data on users' friends. Before that, a researcher employed by Cambridge Analytica was able to reach 300,000 Facebook users with a quiz app and, using the data yielded from that quiz, build profiles on 50 million Facebook users.

Facebook said that the researcher, Aleksandr Kogan, claimed his work was academic. In 2015, when Facebook learned that Kogan had passed the data to Cambridge Analytica, he was banned from the social network and Cambridge Analytica promised to delete the data. Now, of course, there are reports the data was never deleted.

Facebook is facing pressure from the British Parliament and the U.S. Congress to explain how the data was handled, and could face regulatory scrutiny from the Federal Trade Commission.

Most Popular