Zuckerberg apologises for Facebook mistakes with user data, vows curbs

Facebook Inc Chief Executive Mark Zuckerberg apologised on Wednesday for mistakes his company made in how it handled data belonging to 50 million of its users and promised tougher steps to restrict developers’ access to such information.

The world’s largest social media network is facing growing government scrutiny in Europe and the United States about a whistleblower’s allegations that London-based political consultancy Cambridge Analytica improperly accessed user information to build profiles on American voters that were later used to help elect US President Donald Trump in 2016.

“This was a major breach of trust. I’m really sorry this happened. We have a basic responsibility to protect people’s data,” Zuckerberg said in an interview with CNN, breaking a public silence since the scandal erupted at the weekend.

Zuckerberg said in a post on Facebook the company "made mistakes, there's more to do, and we need to step up and do it."

He said the social network planned to conduct an investigation of thousands of apps that have used Facebook’s platform, restrict developer access to data, and give members a tool that lets them to disable access to their Facebook data more easily.

His plans did not represent a big reduction of advertisers’ ability to use Facebook data, which is the company’s lifeblood.

Zuckerberg said he was open to additional government regulation and happy to testify before the US Congress if he was the right person.

“I’m not sure we shouldn’t be regulated,” he told CNN. “I actually think the question is more what is the right regulation rather than yes or no, should it be regulated? ... People should know who is buying the ads that they see on Facebook.”

Zuckerberg said Facebook was committed to stopping interference in the US midterm election in November and elections in India and Brazil.

The social media giant's tech-nerd head had been silent on the issue till now.

He went on to say: "We have a responsibility to protect your data, and if we can't then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again. […] But we also made mistakes, there's more to do, and we need to step up and do it."

While some media reports said Zuckerberg wanted to wait until Facebook's own audit was complete before issuing any comment, he nevertheless did so, saying there were three key methods he would like to employ.

First, users whose data was received and illegally saved by Cambridge Analytica would be notified and apps requiring permission for Facebook data would be probed and those with any "suspicious activity" audited.

Second, the developers' access to data would be reduced.

Lastly, a button will be added to the News Feed to route users to an already-existing 'privacy settings' option that shows app permissions and gives an option to revoke access.

The Facebook chief also provided a timeline of changes the company has made in its privacy and security policy.

Repercussions, top executives' 'regret'

Facebook on Tuesday expressed "outraged" over the incident, with its statement attempting to place the blame on Cambridge Analytica, which, according to the company, violated terms of the social network by misusing data from an academic researcher.

"The entire company is outraged we were deceived. We are committed to vigorously enforcing our policies to protect people´s information and will take whatever steps are required to see that this happens," the statement said.

COO Sheryl Sandberg said Wednesday she "deeply regret(ed)" the company's slow-to-non-existent response to the issue.

"I deeply regret that we didn't do enough to deal with it," she wrote. "You deserve to have your information protected — and we'll keep working to make sure you feel safe on Facebook.

"Your trust is at the core of our service. We know that and we will work to earn it."

Interestingly, however, Wednesday brought a host of other important developments as well. An ex-employee — a former Facebook operations manager — told the British House of Common’s Digital, Culture, Media, and Sport Committee that "a vast (amount) of data that passed out the door".

Sandy Parakilas, who was in charge of policing Facebook’s data handling procedures in 2011 and 2012, said data harvesting of member profiles by outside software developers was once routine and that the company took years to clamp down on the practice.

“There was very little detection or enforcement,” Parakilas said in his testimony, before adding: “During my 16 months (at Facebook), I don’t remember a single physical audit of a developer” who was storing users’ data from the social network.

“You are likely talking about tens of thousands of apps that got ‘friend permissions’ and some of those apps had tens — it was huge — or hundreds of millions of users, so there was a vast (amount) of data that passed out the door,” Parakilas said.

Facebook turned off the friend permissions feature in 2015.

$40,000 fine for each violation

Leaders of the European Union (EU) meeting in Brussels this week will discuss the scandal over harvested data from Facebook, President Donald Tusk said Wednesday, linking it to the broader threats, including election meddling.

He said the poisoning of a Russian ex-spy in Britain earlier this month, which London blames on Moscow, shows that "we need to increase our resilience to hybrid threats, such as undermining trust in our democracies through fake news or election meddling".

"This seems to be particularly relevant in view of the recent revelations about Cambridge Analytica," said Tusk, the summit host as head of the European Council, which groups the 28 member states.

"In this context, we will address the need to guarantee transparent practices as well as full protection of citizen privacy and personal data by social networks and digital platforms," Tusk said.

The EU leaders are likely to issue a short statement on the matter, an EU source said. The European Parliament (EP) has invited Zuckerberg to speak to the assembly.

Then, US resident Lauren Price on Tuesday sued Facebook and a British-based political consultancy for obtaining data from millions of the social media site's users without their permission. The complaint seeks unspecified damages, including possible punitive damages.

It marked the first of what may be many lawsuits seeking damages over Facebook's ability to protect user data, and Cambridge Analytica's exploitation of information to help Trump's election campaign.

On the other hand, US Senator Dianne Feinstein, the top Democrat on the Judiciary Committee, said Tuesday Zuckerberg should testify in the Congress about his company’s treatment of users’ data.

“Fifty million people lost their privacy,” Feinstein told reporters at the US Senate, amid mounting calls in Congress for the social media company to account for the mining of its users’ personal data by a political consultancy hired by Trump’s campaign.

“I think that we ought to have the head of Facebook, not their lawyer, not their number two, but their number one, come […] state if they’re really prepared to lead the industry to some controls that prevent all this from happening,” she said.

The US Federal Trade Commission (FTC), a consumer and competition watchdog, also launched a probe into Facebook, US media reported on Tuesday, a move that would add further pressure on the social media giant.

The Washington Post said Facebook could face fines worth $40,000 for each violation if the FTC ultimately finds that it broke that agreement.

Kogan and 'This Is Your Digital Life'

Aleksandr Kogan was the developer of a 2013 app that featured a personality survey — called 'This Is Your Digital Life' — and was installed by approximately 300,000 people who shared their own and friends’ data.

According to the Facebook chief, he “was able to access tens of millions of their friends' data” considering the social media platform’s algorithms at the time.

The data the Cambridge University researcher compiled through his app was the same the Cambridge Analytica used. When this came to Zuckerberg’s knowledge, he “immediately banned Kogan's app from our platform”.

The company “demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications”.

However, the explosive report last week made Facebook’s top brass realise that “Cambridge Analytica may not have deleted the data as they had certified.”

"We immediately banned them from using any of our services.”

However, after he was accused in the Cambridge Analytica-Facebook fiasco, Kogan hit back Wednesday, saying the data firm had assured him his activities were above board.

"I’m being basically used as a scapegoat by both Facebook and Cambridge Analytica," he said. "We thought we were acting perfectly appropriately. We thought we were doing something that was really normal.

"We were assured by Cambridge Analytica that everything was perfectly legal and within the terms of service" of Facebook.

The app’s vast reach beyond its users — around 30 million US Facebook users’ details were harvested, according to Kogan — happened by scooping up data from their friends on Facebook, which says the details were taken without its knowledge.

Kogan said the CA approached him to do the work but he did not know how the firm would use the personal data collected, leaving him "stunned" by the allegations against him. He noted that he strongly regretted not asking more questions about the work he did for CA.

"My motivation was to get a dataset I could do research on; I have never profited from this in any way personally," he added.

Kogan has said he would be prepared to appear before British or US lawmakers if requested.

---

Read Zuckerberg's statement in full here.