Mark Zuckerberg testified before three congressional committees this week to discuss how Facebook allowed a political data firm to collect the personal information of 87 million users.
The hearings came after weeks of scrutiny from lawmakers and concerned customers who fear the company isn’t doing enough to protect user data. Zuckerberg fielded dozens of questions from senators and House representatives for more than seven hours. While most of his responses offered little we didn’t already know, others included critical pieces of information on Facebook’s data policies and the changes it’s making to prevent another attack.
Here are the most important things we learned during Zuckerberg’s testimony before Congress.
What happened with Cambridge Analytica?
Zuckerberg didn’t say anything groundbreaking about the data scandal, but it’s worth revisiting Facebook’s current story on exactly what happened.
In 2013, Cambridge University researcher Aleksandr Kogan created a personality test app called “This is Your Digital Life.” It was downloaded by around 300,000 people who gave it permission to legally collect personal information about them and their friends, including the city they set on their profile and content they liked. Zuckerberg maintains the app collected data on 87 million people, himself included.
Mark #Zuckerberg just said his personal data was sold to malicious third parties.
— Rogue Wulf (@Wulfkat) April 11, 2018
How does that feel, Mark? I bet that’s a hard pill to swallow.#KarmaIsABitch #DeleteFacebook#TheResistance
That mass of information was then sold—in violation of Facebook’s policies—to Cambridge Analytica, a voter-profiling data firm working with then-presidential candidate Donald Trump. The company’s intention was to use the information to influence worldwide elections. By the end of 2015, Facebook had discovered its users’ information had been exploited and demanded that Cambridge Analytica and its parent company, SCL Group, delete everything they’d harvested.
During the testimony, Zuckerberg revealed Facebook even made the two groups sign a legal contract certifying the data was deleted. But Cambridge Analytica didn’t delete the data, and, as Zuckerberg confirmed in front of lawmakers, Facebook failed to tell users their data had been exploited. It also chose not to tell the Federal Trade Commission because it considered the breach of trust a “closed case.”
“In retrospect, that was clearly a mistake. We shouldn’t have taken their word for it,” Zuckerberg admitted before the Senate.
It wasn’t until the publication of recent reports from the New York Times and the Observer when Facebook learned Cambridge Analytica had hoarded the data.
What is Facebook doing about it?
Facebook’s first action was to delete Cambridge Analytic and SCL Group, which Zuckerberg said he regrets not doing years ago. The social network also deleted the account of whistleblower Christopher Wylie; AggregateIQ, a Canadian data firm linked to Cambridge Analytica; and CubeYou, another company that allegedly harvested user info much like Cambridge.
Zuckerberg told Congress Facebook is conducting an investigation into every app that has permission to large amounts of data. It will look into “tens of thousands of apps” and conduct a full audit of those that seem suspicious. If they’re found to be violating its terms, they will be banned. Facebook will also supposedly tell users if their data was stolen. Zuckerberg told senators it “makes sense to me” for rules to be in place that force Facebook to notify users of a data breach within 72 hours.
When asked how long it would take Facebook to sift through all its apps, Zuckerberg said “months… hopefully not” years.
Facebook is also restricting the amount of data app developers have access to, continuing an effort it started in 2014. Developers will no longer have access to data when members stop using their app and won’t be allowed to ask for as many permissions.
When asked how Facebook plans to prevent another breach of privacy from happening, Zuckerberg continually turned to artificial intelligence, which he reminded senators didn’t exist when he built the site out of his dorm room almost 15 years ago. However, Zuckerberg admitted it would take between five to 10 years before automated systems could effectively police the popular site.
Are other third-party companies harvesting my data?
Apart from Eunoia, Zuckerberg was unable to provide specific examples of apps that are exploiting user data. However, Sheryl Sandberg, the company’s chief operating officer, recently said she expects to come across more data breaches.
In his testimony before the House, Zuckerberg claimed he doesn’t believe the number of apps that harvested user data is large. He estimates Kogan sold the same data he gave to Cambridge Analytica to less than “a handful” of other companies.
On the related subject of Russian interference, Zuck gave a more bleak outlook, explaining there is an “ongoing arms race” and that Russian troll farms are going to “keep getting better” at exploiting the social network.
Is Zuckerberg OK with government regulation?
Zuckerberg welcomed broad suggestions for imposing government regulation on Facebook and other social media companies but didn’t endorse specific laws.
He cautiously supported the Honest Ads Act, a bipartisan bill that would require social media companies to publicly disclose who pays for political ads. When urged to metaphorically come to Washington, D.C., to campaign in its favor, Zuckerberg deflected, saying he “doesn’t come to D.C. too often” but would make sure his team follows up.
When bluntly asked whether he wants the government to enact privacy laws for social networks, Zuckerberg said as long as they are the right ones because “everyone in the world deserves good privacy protections.”
https://twitter.com/MikeIsaac/status/983789515532677120
On the strict privacy rules Europe recently approved, Zuckerberg said he thinks Europe gets some things right but a General Data Protection Regulation-level of enforcement in the U.S. wouldn’t be the same because of “different sensibilities.”
Ahead of Zuckerberg’s testimony, Senate Democrats introduced an online “privacy bill of rights” that would shift data collection from being opt-out to opt-in. That is, social networks would require explicit consent. Zuckerberg said he would comply under the right conditions.
“In principle,” he would support the bill, Zuckerberg said, “but we need to work out details.”
Does Facebook listen to my calls?
Zuckerberg firmly denied an urban legend raised by Sen. Gary Peters (D-Mich.) that Facebook taps into users’ phone microphones and listens to their conversations, “Does Facebook use audio obtained from mobile devices to enrich data about its users?” Peters asked.
“You’re talking about this conspiracy theory,” Zuckerberg said. “We don’t do that.”
Is Facebook a monopoly?
In perhaps the most entertaining moment of the testimony, Sen. Lindsey Graham (R-S.C.) attacked Zuckerberg by making a case that his social network was a monopoly. Zuckerberg predictably denied the accusation but seemed to struggle when asked who Facebook’s main competitors were.
Lindsey Graham is asking #Zuckerberg “who is Facebook’s biggest competitor?”
— Mike (@Fuctupmind) April 10, 2018
Zuckerberg can’t give a straight answer, because his platform is a monopoly.
“If I buy a Ford and it doesn’t work well and I don’t like it, I can buy a Chevy,” Graham said during the hearing. “If I’m upset with Facebook, what’s the equivalent product that I can go sign up for?”
GOP Congressman Fred Upton essentially calls Facebook a monopoly, says the company doesn’t have any true competitors. Asks about the needs of startups versus incumbents. Zuckerberg says the average American uses eight apps a day, lots of competition. #AskZuck
— Matt Stoller (@matthewstoller) April 11, 2018
After a brief pause, Zuckerberg explained many services overlap with Facebook, but he didn’t name any that provide the same level of functionality. The exchange brings up the question of whether Facebook buys out social media startups before they can become competitive. Answering to the House Energy and Commerce Committee, Zuckerberg said the average American uses eight different social media apps and claimed Facebook does feel pressure from rival services.
Will Facebook let you pay to stop seeing ads?
Probably not. Sen. Bill Nelson (D-Fla.) fired a barrage of heated questions toward Zuckerberg regarding comments made by Sheryl Sandberg, the company’s chief operating officer. She had said last week that if Facebook gave users an option to not have their data collected, it would be forced to become a “paid product.”
“What Sheryl was saying was that in order to not run ads at all, we would still need some sort of business model,” Zuckerberg said. “We don’t offer an option today for people to pay to not show ads. We want to offer a free service that everyone can afford.”
The question was brought up again later in the hearing. This time, Zuckerberg seemed more open to creating a subscription-based ad-free service. While he insisted a free service better aligns with the company’s mission to connect everyone, Zuck did say he’d “consider” implementing a small fee.
The 2018 elections are coming. Is Facebook ready?
In one of few seemingly genuine moments of the testimony, Zuckerberg said protecting users against election interference was a “top priority” this year. The revelation came after Zuckerberg admitted allowing the Kremlin-backed Internet Research Agency to manipulate American votes was “one of [his] biggest regrets in running the company.”
Zuckerberg cited recent success in policing his site during elections in Germany, France, and Alabama, but cautioned it was not a realistic expectation for Facebook to prevent all instances of tampering.
“I have more confidence that we’re going to get this right,” he said.