How Facebook has reacted since the data misuse scandal broke

How Facebook has reacted since the data misuse scandal broke
From TechCrunch - April 10, 2018

Facebookfounder Mark Zuckerberg will be questioned by US lawmakers today about the use and abuse of datafollowing weeks of breaking news about a data misuse scandal dating back to 2014.

The Guardian published its first story linking Cambridge Analytica and Facebook user data in December 2015. The newspaper reported that the Ted Cruz campaign had paid UK academics to gather psychological profiles about the US electorate using a massive pool of mainly unwitting US Facebook users built with an online survey.

Post-publication, Facebook released just a few words to the newspaperclaiming it was carefully investigating this situation.

Yet more than a year passed with Facebook seemingly doing nothing to limit third party access to user data nor to offer more transparent signposting on how its platform could beand was beingused for political campaigns.

Through 2015 Facebook had actually been ramping up its internal focus on elections as a revenue generating opportunitygrowing the headcount of staff working directly with politicians to encourage them to use its platform and tools for campaigning. So it can hardly claim it wasnt aware of the value of user data for political targeting.

Yet in November 2016 Zuckerberg publicly rubbished the idea that fake news spread via Facebook could influence political viewscalling it a pretty crazy idea. This at the same time as Facebook the company wasembedding its own staff with political campaigns to help them spread election messages.

Another company was also involved in the political ad targeting business. In 2016 Cambridge Analyticasigned a contract with the Trump campaign. According to former employee Chris Wyliewho last month supplied documentary evidence to the UK parliamentit licensed Facebook users data for this purpose.

The data was acquired and processed by Cambridge University professor Aleksandr Koganwhose personality quiz app, running on Facebooks platform in 2014, was able to harvest personal data on tens of millions of users (a subset of which Kogan turned into psychological profiles for CA to use for targeting political messaging at US voters).

Cambridge Analytica has claimed it only licensed data on no more than 30M Facebook usersand has also claimed it didnt actually use any of the data for the Trump campaign.

But this month Facebook confirmed that data on as many as 87M users was pulled via Kogans app.

Whats curious is that since March 17, 2018whenthe Guardian and New York Times published fresh revelations about the Cambridge Analytica scandal, estimating that around 50M Facebook users could have been affectedFacebook has released a steady stream of statements and updates, including committing to a raft of changes to tighten app permissions and privacy controls on its platform.

The timing of this deluge is not accidental. Facebook itself admits that many of the changes its announced since mid March were already in trainlong planned compliance measuresto respond to an incoming update to the European Unionsdata protection framework, the GDPR.

If GDPR has a silver lining for Facebookand a privacy regime which finally has teeth that can bite is not something youd imagine the company would welcomeits that it can spin steps its having to make to comply with EU regulations as an alacritous and fine-grained response to a US political data scandal and try to generate the impression its hyper sensitive to (now highly politicized) data privacy concerns.

Reader, the truth is far less glamorous. GDPR has been in the works for years andlike the Guardiansoriginal Cambridge Analytica scoopits final text also arrived in December 2015.

On the GDPR prep front, in 2016during Facebooks Cambridge Analytica quiet periodthe company itself told us it had assembled the largest cross functional team in the history of itsfamily of companies to support compliance.

Facebook and Zuckerberg really hasEU regulators to thank for forcing it to do so much of the groundwork now underpinning its response to this its largest ever data scandal.

Below is a quick timeline of how Facebook has reacted since mid Marchwhen the story morphed into a major public scandal

March 16, 2018:Just before the Guardian and New York Times publish fresh revelations about the Cambridge Analytica scandal, Facebook quietly drops the news that it has finallysuspended CA/SCL. Why it didnt do this years earlier remains a key question

March 17: In an update on the CA suspension Facebook makes a big show of rejecting the notion that any user data was breached. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked, it writes

March 19: Facebook says it has hired digital forensics firm Stroz Friedberg to perform an audit on the political consulting and marketing firm Cambridge Analytica. It subsequently confirms its investigators have left the companys UK offices at the request of the national data watchdog which is running its own investigation into use of data analytics for political purposes. The UKs information commissioner publicly warns the company its staff could compromise her investigation

March 21: Zuckerberg announces further measures relating to the scandalincluding a historical audit, saying apps and developers that do not agree to a thorough audit will be banned, and committing to tell all users whose data was misused. We will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity. We will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps. That includes people whose data Kogan misused here as well, he writes on Facebook.

He also says developers access to user data will be removed if people havent used the app in three months. And says Facebook will also reduce the data users give to an app when they sign into just your name, profile photo, and email address.

Facebook will also require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data, he says.


Continue reading at TechCrunch »