For the past month or so, Facebook has been embroiled in controversy concerning the theft of users’ data by Cambridge Analytica, a U.K. data and marketing firm.
The scandal grew larger last Wednesday, when the social media giant announced on its own platform that 87 million Facebook users may have had their data stolen. This was an increase from the previous estimate of 50 million, and it came just a week before Facebook CEO Mark Zuckerberg’s scheduled appearances before Congress this Tuesday and Wednesday.
Though Facebook’s privacy policies — or lack of them — have been the subject of concern among online privacy advocates for years, the conflict emerged fully in mid-March, when the FTC opened an investigation into the stolen data. Since then, public outcry has grown exponentially, sparking the #deletefacebook Twitter campaign, and more tangibly prompting a massive drop in stock value.
So Zuckerberg’s testimony comes at a perfect time. The public deserves answers — whether the outcome of the hearings will be good or bad for the company.
Zuckerberg has done his best to spin the bad news. In an interview with CNN shortly after the FTC probe began, he described actions to “make sure there are no other Cambridge Analyticas out there.”
“We are going to go, now, and investigate every app that has access to a large amount of information from before we locked down our platform. And if we detect any suspicious activity, we are going to do a full forensic audit,” said Zuckerberg.
Meanwhile, things at Facebook appear to be evolving. The company last Wednesday announced a slew of changes to the site’s privacy policies. The changes amount to an overall belt-tightening with third-party apps that individuals can access, including separate Facebook-controlled apps like Instagram.
While the advances are welcome, the tone of the announcements was hardly apologetic. The messages even referenced some of the conveniences that will be “lost” in the belt-tightening: easy communication between apps and user-created events or pages, or the ability to find users by emails or phone numbers. According to Wednesday’s statement, “Malicious actors have also abused [some] features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.”
While the changes are intended to prevent malicious third parties from obtaining user data, they do nothing to address internal misuses by the company itself. For example, Zuckerberg let slip in a Vox interview that Facebook actively monitors Messenger conversations in order to combat fake news and incitement. Regarding Messenger conversations in Myanmar that were intended to generate violence between Buddhists and Muslims, Zuckerberg said, “In that case, our systems detect that that’s going on. We stop those messages from going through.”
What he failed to mention was that this is surveillance of private conversations. While preventing violence may be a high-minded use of private user data — Zuckerberg hasn’t shied away from using it for more nefarious reasons in the past.
Facebook doesn’t seem to make internal changes without serious pressure, considering Thursday’s revelation that Zuckerberg and other high-level executives are able to expunge their own communications from Messenger, thus giving them more privacy controls in their communication than regular users have. Facebook then announced its intention to extend this capability to regular users the very next day, after a public outcry.
If history is any guide, it will take more than momentary pressure to undo years of disrespect to user data.
Amid the controversy, it’s hard not to see the admissions and changes by the company as an airing of dirty laundry and a hasty cleanup before the trial by fire. After its sins, Facebook and Zuckerberg are asking the public for forgiveness, with a promise of improved external security going forward — and, when called out on it, better internal privacy. If these promises are not empty, they could mean a brand new Facebook.
If history is any guide, though, it will take more than momentary pressure to undo years of disrespect to user data.
If the current outrage proves to be merely momentary, then Facebook will likely barely change. After all, most of its users haven’t complained until now. Only when users make clear that they expect privacy by default — and, most importantly, are willing to leave the platform if their concerns are not addressed — will online platforms offer more than shallow change.
Garrin Bufo is a freelance writer based in Maine and an alumnus of the University of Iowa.