Facebook CEO Mark Zuckerberg promised Wednesday that many of the issues revealed by the controversy over the Trump campaign’s use of some Facebook users’ profile information without their consent have already been changed to prevent a similar occurrence, but said the company will make additional changes to further safeguard users’ data.
“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Zuckerberg wrote in a post on his own Facebook page. “I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there’s more to do, and we need to step up and do it.”
Over the weekend British media reported on a firm called Cambridge Analytica, which allegedly used data from a personality quiz taken by thousands of Facebook users to create detailed psychological profiles that were then used to try to create targeted messages meant to sway voters during the 2016 election, according to a former employee of the British firm. The personality quiz, however, garnered not only information from the users to voluntarily took the quiz, but also information on those people’s Facebook friends, who hadn’t consented to the use of their data.
Zuckerberg said the personality quiz, created by a university researcher named Aleksandr Kogan, was installed on Facebook by about 300,000 people who shared their own data, and some of their friends’ information.
“Given the way our platform worked at the time this meant Kogan was able to access tens of millions of their friends’ data.”
That data then was given by Kogan to Cambridge Analytica, according to the reports in TheGuardian-Observer, the New York Times and other outlets. Cambridge Analytica then allegedly was hired to do work for Steve Bannon and the Trump campaign.
The way Facebook works was changed in 2014, however, Zuckerberg said, meaning apps like the one Kogan created would no longer be able to ask for data about friends, unless the friend had also authorized the app. He said Facebook also began requiring developers to get approval from Facebook before they could request any “sensitive” data from the platform’s users.
Zuckerberg then, however, laid out some steps Facebook will take starting now to mitigate damage that may have been done before it changed its system.
“We will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity,” he wrote. “We will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps. That includes people whose data Kogan misused here as well.
“Second, we will restrict developers’ data access even further to prevent other kinds of abuse,” Zuckerberg wrote. “For example, we will remove developers’ access to your data if you haven’t used their app in 3 months. We will reduce the data you give an app when you sign in — to only your name, profile photo, and email address. We’ll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. And we’ll have more changes to share in the next few days.”
Finally, Zuckerberg said, Facebook will make it easier for users to know what apps they have used, and make it easier for them to revoke those apps’ permissions to use people’s data.
“I’m serious about doing what it takes to protect our community,” he wrote. “While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn’t change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward.”
Several members of Congress have called on Zuckerberg and the company to appear on Capitol Hill to explain what the company is doing to protect people’s information. On Wednesday, company officials said they’ll be in Washington this week and will meet with Senate and House staff.