Nearly a week after Facebook has been under the scanner for a massive data breach of over 50 million profiles for political purposes by a political data analytics firm Cambridge Analytica (CA), Mark Zuckerberg broke his silence on the issue.
“We have a responsibility to protect your data, and if we can't then we don't deserve to serve you,” Zuckerberg said in a Facebook post on Wednesday.
The founder of the social media giant said that he has been working to understand what exactly happened and that the most important steps to prevent this from happening again have been taken years ago, adding that there is more to do.
Zuckerberg says that when Facebook was launched in 2007, the idea was to have apps that are social and hence enabled people to log into apps and share some information about their friends.
One such app, was a personality quiz created by a Cambridge University researcher named Aleksandr Kogan in 2013.
“It was installed by around 300,000 people who shared their data as well as some of their friends' data. Given the way our platform worked at the time this meant Kogan was able to access tens of millions of their friends' data,” Zuckerberg said.
A timeline of events
In 2014, Facebook changed its policies to limit the data that could be accessed by the apps to prevent abusive apps and these changes ensured that apps like Kogan’s could no longer ask for data about a person's friends unless their friends had also authorized the app.
“We also required developers to get approval from us before they could request any sensitive data from people. These actions would prevent any app like Kogan's from being able to access so much data today,” Zuckerberg added.
He says that the social media giant learnt in 2015 that Kogan shared that data with CA, which is against its policies for developers and immediately banned Kogan’s app from Facebook and demanded that Kogan and CA formally certify that they deleted all improperly acquired data. They provided these certifications, Zuckerberg says.
However, it came to light last week that CA may not have deleted the data as they has certified and were immediately banned by Facebook from using any of its services.
Zuckerberg says that CA, however, claims that they have deleted the data and has agreed to a forensic audit by a firm we hired to confirm this. Facebook is also working with regulators as they investigate what happened.
“This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that,” Zuckerberg admitted.
Further steps to be taken by Facebook
All apps that had access to large amounts of information before the policy change in 2014 will be investigated and a full audit of any app with suspicious activity will be conducted. Any developer that does not agree to a thorough audit will be banned from the platform
If Facebook finds developers that misused personally identifiable information, they will be banned and everyone affected by those apps will be notified. That includes people whose data Kogan misused here as well.
Facebook will restrict developers' data access even further to prevent other kinds of abuse. For example, it will remove developers' access to user data if the app hasn’t been used in 3 months.
The social media platform will reduce the data a user gives an app when signing in -- to only name, profile photo, and email address.
Facebook will require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data.
Next month onwards, Facebook will show everyone a tool at the top of your News Feed with the apps they have used and an easy way to revoke those apps' permissions to your data.
“I started Facebook, and at the end of the day I'm responsible for what happens on our platform. I'm serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn't change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward,” Zuckerberg added.