Mark Zuckerberg admits Facebook made mistakes on user data, but critics say response doesn't cut it

Bloomberg, Reuters, AFP-JIJI

Facebook Inc. CEO Mark Zuckerberg broke his silence on the crisis over political-advertising firm Cambridge Analytica’s access to user data on the social network, outlining concrete steps the company is taking to make sure such a leak doesn’t happen again. Critics were underwhelmed.

The world’s largest social media network is facing growing government scrutiny in Europe and the United States about a whistleblower’s allegations that London-based Cambridge Analytica improperly accessed user information to build profiles on American voters which were later used to help elect U.S. President Donald Trump in 2016.

The billionaire finally spoke in a series of media interviews, and a blog post, promising to probe the extent to which “rogue apps” are harvesting sensitive data on the social network. Zuckerberg told CNN that Facebook would inform every one of its 2 billion-plus users that may have gotten their personal data compromised.

“I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again,” Zuckerberg wrote in a post on his Facebook profile page. “I promise you we’ll work through this and build a better service over the long term.”

By pledging to investigate whether Cambridge Analytica still holds the information it obtained from a third-party app creator, and broadening the probe to other developers that may have run afoul of Facebook’s rules, Zuckerberg took a step in the right direction, according to lawmakers, investors and users. But it wasn’t enough to end the criticism — some remained skeptical the company is doing enough.

“This isn’t going to cut it,” David Cicilline, a Democratic U.S. representative from Rhode Island, said in a Facebook post responding to the CEO’s statement. “Mark Zuckerberg needs to testify before Congress.”

That sentiment was echoed by other lawmakers, including Senator Amy Klobuchar, Democrat from Minnesota, and Senator Richard Blumenthal, a Democrat from Connecticut. “Mea culpas are no substitute for questions and answers under oath,” Blumenthal, a member of the Judiciary Committee, said. “Congress has failed to hold Facebook accountable, and legislate protections on privacy, which are manifestly necessary.”

Earlier Wednesday in Washington, Facebook officials met privately with House Energy and Commerce Committee staffers from both sides of the political aisle for nearly two hours, according to two people who attended the meeting. One main question was whether there might be others — including other “bad actors” — who might have had access to the same data that Cambridge Analytica obtained from more than 50 million Facebook profiles. Staffers, speaking on the condition they not be identified, said the Facebook officials acknowledged that the company doesn’t know how widely disseminated that information might be, or how many copies were made.

In interviews Wednesday, Zuckerberg said he was “open” to testifying before Congress, if he’s the right person to provide the information lawmakers need. But he stopped short of committing to appear.

Zuckerberg’s solutions focused solely on the outside developers that have accessed Facebook user details through login tools. “They’re not recognizing that they have systemic problems,” Brian Wieser, an analyst at Pivotal Research, said in an interview. “These are just the problems we know about, but they have ongoing problems managing different parts of their business.”

The company came up with steps to resolve the developer problems, but “to garner full appreciation from the public and the market, there should be greater emphasis on why it occurred in the first place,” said James Cakmak, an analyst at Monness Crespi Hardt & Co.

The 33-year-old chief executive officer waited several days to respond to news reports, even as the furor grew. “Everybody is disappointed that he and Sheryl Sandberg didn’t come out with this right away,” said Ivan Feinseth, chief investment officer at Tigress Financial Partners, also referring to the company’s chief operating officer.

Conversation about the issue, including a #deleteFacebook hashtag movement, had already been trending online. And when Zuckerberg did come out to address the public, some users weren’t reassured.

“It has become a recurring affair of reassuring PR in face of being caught,” Sukvheer Singh, who has used Facebook since 2008, said in a message. “I don’t think I trust them anymore so his post is meaningless.”

Cameron Koo, who has used Facebook since 2004 — the year the company was founded — said investigating the spread of information sounds good, but it will be hard for the company to fix what it already broke. “Banning rogue developers for non-compliance sounds great, but it’s a non-starter,” he said. Once information gets in the hands of people who shouldn’t have it, it’s “toothpaste out of the tube.”

Following the calls from lawmakers, there have been broader questions about how Facebook’s management is handling the fallout. “These are operational failures,” Weiser said. “On what basis can you say that management is great, let alone good? You can say they were able to generate a lot of users and a lot of revenue. That’s not what makes a great management team.”

Facebook’s board followed up on Zuckerberg’s statement with its own, responding to critics.

“Mark and Sheryl know how serious this situation is and are working with the rest of Facebook leadership to build stronger user protections,” Sue Desmond-Hellmann, the lead director of Facebook’s board, said in a statement. “They have built the company and our business and are instrumental to its future.”

Some analysts were willing to give Facebook’s leadership the benefit of the doubt. “They are great executives in that they’ve built a huge company,” Feinseth said. “And there is no competition, there is no peer, there is no alternative.”

Facebook shares pared gains on Wednesday after Zuckerberg’s post, closing up 0.7 percent. The company has lost more than $45 billion of its stock market value over the past three days on investor fears that any failure by big tech firms to protect personal data could deter advertisers and users and invite tougher regulation.

On Tuesday, the board of Cambridge Analytica suspended Chief Executive Alexander Nix, who was caught in a secret recording boasting that his company played a decisive role in Trump’s victory.

But the academic who provided the data disputed that on Wednesday.

“I think what Cambridge Analytica has tried to sell is magic, and they’ve made claims that this is incredibly accurate and it tells you everything there is to tell about you. But I think the reality is it’s not that,” psychologist Aleksandr Kogan, an academic at Cambridge University, told the BBC in an interview broadcast on Wednesday.

Kogan, who gathered the data by running a survey app on Facebook, also said that he was being made a scapegoat by Facebook and Cambridge Analytica. Both companies have blamed Kogan for alleged data misuse.

Only 300,000 Facebook users responded to Kogan’s quiz, but that gave the researcher access to those people’s Facebook friends as well, who had not agreed to share information, producing details on 50 million users.

Also on Wednesday, an Austrian privacy campaigner said Facebook was warned in 2011 of the loopholes exploited by Cambridge Analytica but said it saw no need to change its policies.

Max Schrems, an activist who has brought several cases before European courts to strengthen data protection online, said that the controversial data harvesting methods at the center of the current scandal were exactly those he had raised in a complaint before the Irish Data Protection Authority in 2011.

Schrems said that as well as the 2011 case, he had a seven-hour meeting with Facebook representatives in 2012 to discuss concerns around apps operating like the one at the center of the current scandal, but that they said they saw no problems with their policies.
“They explicitly said that in their view, by using the platform you consent to a situation where other people can install an app and gather your data,” Schrems said.

In addition, he said Facebook had no way of knowing whether the companies in receipt of the information would adhere to data protection regulations.

“There are thousands of other apps that have probably done exactly the same thing, the only reason we’re talking about this is because it’s to do with Trump. But it might not be the biggest case.

“I’m surprised that Facebook are now claiming to have been ‘betrayed’ because of this behavior,” Schrems said, adding: “Actually it’s not surprising — it’s more like laughable.

Schrems is now launching a new NGO, NOYB (None Of Your Business) to help individuals enforce their rights under new EU data regulations due to come into effect in May.

The current scandal has wiped billions off Facebook’s market value and had also led to the suspension of CA chief executive Alexander Nix.

In undercover filming captured by the U.K.’s Channel 4 television, Nix was seen boasting about entrapping politicians and secretly operating in elections around the world through shadowy front companies.