Tech industry leaders including Apple CEO Tim Cook and Tesla/SpaceX CEO Elon Musk have spoken out about their disappointment in Facebook for not regulating itself more carefully, after it was revealed that up to 87 million Facebook profiles were mined for data by Cambridge Analytica. Congressional lawmakers in the United States called upon Facebook CEO Mark Zuckerberg to testify on Capitol Hill to answer for the breach.
The issue occurred in 2014 with Cambridge Analytica abusing features that Facebook has since disallowed for app developers. What seems to be the general consensus is that users installed an app, which in turn connected to the user’s Facebook profile containing a list of their friends, posts, likes and other personal information. Cambridge Analytica is accused of buying the harvested data and then using it to profile and direct political campaigns to users.
Zuckerberg took to Facebook on March 21 to explain the situation. In 2013, he said, a Cambridge University researcher named Aleksandr Kogan created a personality quiz app. It was installed by around 300,000 people who shared their data as well as some of their friends’ data. Given the way the Facebook platform worked at the time meant Kogan was able to access tens of millions of their friends’ data.
In 2014, to prevent abusive apps, Facebook announced that it was changing the entire platform to limit the data apps could access. Most importantly, apps like Kogan’s could no longer ask for data about a person’s friends unless their friends had also authorized the app. Zuckerberg said Facebook also now requires developers to get approval before they can request any sensitive data from people. These actions would prevent any app like Kogan’s from being able to access so much data today.
In 2015, Facebook learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica. It’s against Facebook’s policies for developers to share data without people’s consent, Zuckerberg said, so Facebook immediately banned Kogan’s app from the platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications.
But recently, Facebook learned from The Guardian, The New York Times and other news sources that Cambridge Analytica may not have deleted the data as they had certified. Facebook immediately banned them from using any of its services, Zuckerberg said. Cambridge Analytica claims it has already deleted the data and agreed to a forensic audit by a firm Facebook hired to confirm this. Facebook is also working with regulators as they investigate what happened.
Whether or not Cambridge Analytica did delete the data it had acquired, it’s still alarming to consider how much data social media platforms have about their users. Speaking to a local news provider in the Middle East, Help AG CTO Nicolai Solling says it’s important to remember as social media users: “If you are not paying for it, you are the product.”
“This was a breach of trust between Kogan, Cambridge Analytica and Facebook,” Zuckerberg said on his Facebook page. “But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.”
Gaining back public trust
Since the Cambridge Analytica story went public, people are now questioning whether or not they can really trust massive platforms like Facebook that have so much access to personal information. Social media analytics company Sysomos’s latest data suggests that as many as 400,000 tweets containing the #DeleteFacebook hashtag were posted in March following the news.
But despite the Cambridge Analytica scandal involving Facebook, as well as the subsequent revelation that the Facebook Messenger app has been logging all calls and messages made on Android phones, not many people are leaving Facebook. Strategic marketing consultancy firm Kepios found that Facebook’s monthly active user data for March 2018 indicates that very few people, if at all, have actually deleted Facebook.
Perhaps this could have something to do with the fact that since 2014, Facebook has prioritized preventing bad actors from accessing people’s information in the way that Cambridge Analytica did. Facebook investigates all apps that had access to large amounts of information before it changed the platform to dramatically reduce data access in 2014, and says it will conduct a full audit of any app with suspicious activity.
Facebook will also ban any developer who does not agree to a thorough audit from the platform. In addition, if Facebook finds developers that misused personally identifiable information, the company says it will ban them and tell everyone affected by those apps. That includes people whose data Kogan misused as well.
Developers’ data access will be restricted even further, Zuckerberg said, to prevent other kinds of abuse. For example, Facebook will remove developers’ access to user data if the user hasn’t used their app in three months.
The social media giant said it will reduce the data users give an app when they sign in — to only their name, profile photo, and email address. “We’ll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data,” Zuckerberg said.
In addition to Zuckerberg’s comments, on March 28, Facebook’s VP and Chief Privacy Officer Erin Egan and Ashlie Beringer, VP and Deputy General Counsel, announced additional steps to put people “more in control of their privacy”. Most of these updates have been in the works for some time, but the recent events underscore their importance, they said in a statement.
Facebook has redesigned its entire settings menu on mobile devices from top to bottom to “make things easier to find”. Instead of having settings spread across nearly 20 different screens, they’re now accessible from a single place. The company has also cleaned up outdated settings so it’s clear what information can and can’t be shared with apps.
The company has also introduced a new feature called ‘Access Your Information’ – a secure way to access and manage information, such as posts, reactions, comments, and things that have been searched. Users can go here to delete anything from timeline posts or profiles that are no longer wanted on Facebook.
It will also be easier for users to download the data they’ve shared with Facebook from now on. Users can download a secure copy and even move it to another service. This includes photos they’ve uploaded, contacts they’ve added to their account, posts on their timeline, and more, the Facebook executives explained.
“We’ve worked with regulators, legislators and privacy experts on these tools and updates,” the statement said. Zuckerberg has taken responsibility for breaching the trust of Facebook users, telling the Facebook community: “I’m serious about doing what it takes to protect our community.”
In a show of strength, Facebook announced it has removed 135 accounts which is believed are linked to the Russia-based Internet Research Agency (IRA), an organization accused of spreading divisive messages across the internet, supporting the Russian government and attempting to undermine its rivals.
The IRA was charged by a US grand jury with conspiracy to defraud the United States. Facebook announced on April 3 that it had removed IRA accounts which have “no place on Facebook” after abusing the service. According to the social media giant, more than a million people followed at least one of the Facebook pages run by the IRA and 500,000 followed at least one of the Instagram accounts.
“The IRA has repeatedly used complex networks of inauthentic accounts to deceive and manipulate people who use Facebook, including before, during and after the 2016 US presidential elections,” said Alex Stamos, Facebook’s chief security officer. “It’s why we don’t want them on Facebook. We removed this latest set of pages and accounts solely because they were controlled by the IRA – not based on the content.”