Mark Zuckerberg has a plan to avoid another Cambridge Analytica – will it be enough?


Since the news about Cambridge Analytica allegedly using Facebook data of nearly 50 million users broke over the weekend, there has been a consistent clamour for a response from Facebook senior management, to no avail. However, Facebook CEO Mark Zuckerberg has finally broken his silence on the Cambridge Analytica debacle, and he’s promising to set things right in the future. In a post published on Facebook yesterday, March 21, Mark detailed a timeline of events leading up to the recent exposes and backlash against Facebook and highlighted three key steps and action points the platform is going to focus on going forward to avoid a repeat incident like this.

While one might say that Mark’s response is very late – there has been severe criticism of the silence from him and Facebook COO Sheryl Sandberg in the wake of the scandal – Mark’s post is proof that the social media giant’s top management is aware of the problems highlighted over the last week and is planning concrete steps to combat them.

Image: Flickr

The controversy centres around British data collection and analysis firm Cambridge Analytica and the actions of Cambridge University research Aleksandr Kogan. In 2013, Aleksandr created a personality quiz app (‘This Is Your Digital Life’) that collected user data in response to questions, similar to thousands of other such applications on Facebook. Through the app, Aleksandr collected the data of 270,000 users directly, but a loophole in Facebook’s data collection policy gave him access to the data of the users’ friends as well, finally resulting in a treasure trove of user data from nearly 50 million Facebook accounts. (Facebook closed the loophole with a policy update in 2014, but the damage was already done.)

In 2015, The Guardian reported that Aleksandr had shared the data with Cambridge Analytica in complete violation of Facebook policies which prohibits developers from sharing collected data with third parties. Facebook banned Aleksandr’s app and demanded certification from Aleksandr and Cambridge Analytica that they had deleted the data, which both readily supplied. In fact, as Mark quoted in an interview to Wired yesterday, “When we demanded the certification from Cambridge Analytica, what they came back with was saying: ‘Actually, we never actually received raw Facebook data. We got maybe some personality scores or some derivative data from Kogan, but actually, that wasn’t useful in any of the models, so we’d already deleted it and weren't using it in anything. So yes, we’ll basically confirm that we’ll fully expunge it all and be done with this.’”

Reports last week from The New York Times and The Observer revealed that Cambridge Analytica might actually not have deleted the data, instead using it to influence user behaviour on a large scale and influence the outcome of public events like elections. When the revelations surfaced, they sent a shockwave across various circles around the world, and Facebook has been grappling with the fallout ever since.

In his post, Mark highlights three key action areas for Facebook to focus on in the near future – investigating all apps that had access to large banks of data before 2014’s stricter data policies, restricting developers’ data access even further “to prevent other kinds of abuse”, and informing users clearly which apps they have sanctioned to use their data. Under the first point, Mark elaborates that Facebook will conduct a full forensic audit of any firm found to be conducting a suspicious activity, including Cambridge Analytica. In fact, in his Wired interview, Mark clarified that Facebook has currently put its forensic audit of Cambridge Analytica on hold while the UK’s regulator, the Information Commissioner’s Office (ICO), conducts a government investigation into the firm.

Developers who refuse to be audited will be banned from the platform, as will developers who are found to have misused personal information. Mark has also pledged to inform users who are affected by such data abuse, including those affected by the Cambridge Analytica scandal.

Under the second point, Mark has detailed cases where developer access to data will be severely restricted, such as if users haven’t used their app in over three months. There are also plans to reduce the data provided by users when they sign in on third-party platforms with Facebook Login. Developers will be asked to sign contracts to ask users for access to their personal data, and more changes are expected to be announced in the days to come. Finally, to ensure users know which apps are using their data, Mark revealed that from April, Facebook will display a tool at the top of user News Feeds highlighting the apps using user data and how users can revoke those data access rights.

In interviews to The New York Times, Wired, and CNN yesterday, Mark has talked about how he understands the responsibilities of Facebook as a global community. However, he also highlights a key point – Facebook is a community of two billion users. That’s roughly a third of the entire world’s population, and completely policing and regulating such a huge population that cuts across boundaries of geography, race, culture, and religion is fundamentally impossible. As Mark mentions in the CNN interview, “We’re serving a community of more than 2 billion people. And, when you give people tools to share and connect I think one of the good things is that a lot of good things happen but unfortunately there’s also some bad things that happen – whether that’s fake news or hate speech or people trying to hurt each other. And our responsibility is just to make (sure) that we amplify all the good in human nature that’s out there. But also to mitigate the bad, right, mitigate people who are trying to abuse people’s security or post offensive things that should be against the community standards.”

Unfortunately, there appears to be no sure-shot single solution to the problems highlighted by the Cambridge Analytica saga. As the investigation continues, Mark is likely to spend more than a few sleepless nights coming to grips with the influence and power his mammoth creation wields and finding ways to ensure that that power is used for the benefit of the global community. As he says in his post, “I started Facebook, and at the end of the day, I’m responsible for what happens on our platform. I’m serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn’t change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward.”

You can read Mark Zuckerberg’s full Facebook post here.


Updates from around the world