The public is set to hear from Mark Zuckerberg soon to address the latest company crisis. Given how Facebook has mishandled its response so far, the company’s boss could use some advice.
Here’s what no one needs from Zuckerberg: A pledge to “do better” or an attempt to recast Facebook as the victim of the political consulting firm Cambridge Analytica. The former is Facebook’s preferred verbal tic when it trips into a pothole of its own making. The promise has worn thin. If Zuckerberg says, “We need to do better” again, he has failed.
As for the victim tactic, it’s a completely inexplicable strategy. In a statement to news organizations, the company said it was “outraged” that it was “deceived” by Cambridge Analytica or its executives. Nope. Nope. Nope.
This Cambridge Analytica firestorm was a result of Facebook’s own permissive rules, which until a few years ago allowed outsiders to obtain permission to access Facebook information from some people and then also harvest data from those users’ friends without their explicit knowledge or permission.
Not surprisingly and not for the first time, one of those outsiders abused Facebook’s data harvesting systems. Yes, Cambridge Analytica or people working with the organization acted irresponsibly. But Facebook cannot pretend to be the wronged party. The company is too powerful and too complicit in Cambridge Analytica’s abuses.
Here is what would actually be helpful from Facebook. First, a fuller accounting of when and how often outsiders sucked up Facebook user data en masse before the company changed its rules to bar developers from tapping information from Facebook users’ friends. And second, an end to features that allow apps and websites to permit people to log into non-Facebook
services with their Facebook user names and passwords.
On the fuller accounting, remember that starting in Facebook’s earliest days, it opened access to its “social graph” — users’ friends, what posts they “liked” and other data — to outside use. That’s how the world got viral Facebook games like “FarmVille.”
Researchers, news organizations and privacy advocates for years sounded the alarm about the ability of companies to create seemingly innocuous apps and then access a potential gold mine of information on Facebook users. Facebook ended that policy in 2015, but not before an academic issued a personality test to a few hundred thousand people and then used that to tap information on perhaps 50 million Facebook users. Facebook has said the academic breached the company’s rules by sharing that information with Cambridge Analytica.
It’s now time for Facebook to commit to identify and publicly disclose all the circumstances at least since 2012 in which developers used its permissive data policies to accumulate bulk information on Facebook users. The Wall Street Journal reported that after a 2010 controversy, Facebook built a way to tag developers’ information so it could trace that data to the original source. Facebook should put that tagging to use and create a public database of times when developers siphoned information on more than 5 million users at a time under its former data collection policies.
Disclosure isn’t a cure-all. And it certainly won’t end the crisis merry-go-round that Facebook finds itself on with no ability to get off. But at least it would show that Facebook is trying to account for its past. And it’s far better than a hollow promise to “do better.”
The second proposed change is about Facebook’s future rather than its past. Many websites and apps, including popular ones such as the dating app Tinder and karaoke app Musical.ly, let people use their Facebook user names and passwords to log into non-Facebook services.
This is convenient for many people who don’t want to create yet another internet account and password, and it’s handy for apps that want to make it as easy as possible for newcomers to start using their digital hangouts.
But the developer option to log in with Facebook user information is another hose through which Facebook data can seep out, and it’s another way that people can lose control of the personal information they share on Facebook, including email addresses, lists of friends and other details. The company and its developers no longer deserve to be trusted, and this Facebook login feature needs to die.
Many companies, particularly small app developers, will be collateral damage. And it will hurt Facebook by giving the company less information about what its users do when they’re shopping online, tracking their meals or doing other activity away from Facebook. But really, isn’t it a good thing if Facebook knows a little less about us?
—Bloomberg
Shira Ovide is a Bloomberg Gadfly columnist covering technology. She previously was a reporter for the Wall Street Journal