Facebook CEO Mark Zuckerberg on Wednesday admitted mistakes and outlined steps to protect user data in light of the privacy scandal involving a Trump-connected data-mining firm Cambridge Analytica.
"I started Facebook, and at the end of the day I'm responsible for what happens on our platform. I'm serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn't change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward," Zuckerberg said.
Zuckerberg and Facebook's No. 2 executive, Sheryl Sandberg, have been quiet since news broke Friday that Cambridge Analytica may have used data improperly obtained from roughly 50 million Facebook users to try to sway U.S. elections.
Facebook has already taken steps to prevent such a situation from happening again, Zuckerberg said. However, some of the measures didn't take effect until a year later, allowing Cambridge to access the data in the intervening months.
Facebook plans investigate all apps that had access to large amounts of information before the company changed its platform to reduce data access in 2014, and will conduct a full audit of any app with suspicious activity. The company will also ban any developer from the Facebook platform that does not agree to a thorough audit. And if Facebook finds developers that misused personally identifiable information, the company promised to ban them and tell everyone affected by those apps.
Second, Facebook will restrict developers' data access even further to prevent other kinds of abuse. For example, the company will remove developers' access to users' data if they haven't used their app in 3 months. Facebook will reduce the data users give an app when they sign in -- to only user's names, profile photos, and email addresses. Facebook will require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data.
Third, Facebook wants to make sure users understand which apps they've allowed to access their data. In the next month, the company will show everyone a tool at the top of users' News Feeds with the apps they've used and an easy way to revoke those apps' permissions to their data.
Timeline of the events, according to Zuckerberg
In 2013, a Cambridge University researcher named Aleksandr Kogan created a personality quiz app. It was installed by around 300,000 people who shared their data as well as some of their friends' data. Given the way our platform worked at the time this meant Kogan was able to access tens of millions of their friends' data.
Kogan's work involved modeling human behavior through social media. In collaboration with Cambridge Analytica, he developed a Facebook-based personality survey called "This Is Your Digital Life" and paid about 200,000 people to take part. As a result, participants gave the researchers access to the profiles of their Facebook friends, allowing them to collect data from millions more users.
In 2014, to prevent abusive apps, Facebook announced that they were changing the entire platform to limit the data apps could access. Most importantly, apps like Kogan's could no longer ask for data about a person's friends unless their friends had also authorized the app. Facebook also required developers to get approval from the social network before they could request any sensitive data from people. These actions would prevent any app like Kogan's from being able to access so much data today.
In 2015, Facebook says it learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica. It is against Facebook's policies for developers to share data without people's consent, so the company immediately banned Kogan's app from the Facebook, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. According to Zuckerberg, they provided these certifications.
Last week, Facebook says it learned from The Guardian, The New York Times and Channel 4 that Cambridge Analytica may not have deleted the data as they had certified. The company banned them from using any of its services. Cambridge Analytica claims they have already deleted the data and has agreed to a forensic audit by a firm Facebook hired to confirm this.
This is Zuckeberg's side of the story, but Kogan called it a "fabrication."
He said that in 2014 he used an official Facebook platform for developers to change the terms and conditions of his app from "research" to "commercial use," and that at no point then did the social media company object.
Authorities in Britain and the United States are investigating the alleged improper use of Facebook data by Cambridge Analytica, a U.K.-based political research firm. Facebook shares have dropped some 9 percent, lopping more than $50 billion off the company's market value, since the revelations were first published.
The head of Cambridge Analytica, Alexander Nix, was suspended Tuesday after Britain's Channel 4 News broadcast hidden camera footage of him suggesting the company could use young women to catch opposition politicians in compromising positions. Footage also showed Nix bragging about the firm's pivotal role in the Trump campaign.
Nix said Cambridge Analytica handled "all the data, all the analytics, all the targeting" for the Trump campaign, and used emails with a "self-destruct timer" to make the firm's role more difficult to trace.
"There's no evidence, there's no paper trail, there's nothing," he said.
Cambridge Analytica's board said Nix's comments "do not represent the values or operations of the firm."
On Tuesday, the chairman of the U.K. parliament's media committee, Damian Collins, said his group has repeatedly asked Facebook how it uses data, but company officials "have been misleading to the committee."
The committee summoned Facebook CEO Mark Zuckerberg to testify.
Meanwhile, Britain's information commissioner, Elizabeth Denham, said she is pursuing a warrant to search Cambridge Analytica's servers. She has also asked Facebook to cease its own audit of Cambridge Analytica's data use.
Leading Democrats in the U.S. Senate also called on Zuckerberg to testify.
Lauren Price, of Maryland, sued Facebook and Cambridge Analytica in San Jose, California, federal court on behalf of other U.S. Facebook users whose data Cambridge Analytica obtained.
Price sued Tuesday, not long after another lawsuit was filed on behalf of Facebook investors seeking to recoup losses suffered when the stock price fell on reports of the research firm's use of the data.
Price seeks damages for all U.S. Facebook users whose information was harvested without authorization, and asserts claims of negligence and violations of California unfair competition laws.