Facebook (FB) has some explaining to do.
On late Friday, The New York Times published a report sparking the social network’s latest scandal. In 2015, Cambridge Analytica, the data analytics firm that worked for Donald Trump’s presidential campaign, harvested the Facebook login data of 270,000 people to also access data and information about many of their friends. It’s a violation of Facebook’s terms of service that ultimately affected roughly 50 million users and their data, which could have included information about their locations and interests, as well as photos, status updates and check-ins. To make matters worse, the social network is also investigating ties between one of its current researchers, who previously worked at Cambridge Analytica.
The fallout from this latest scandal has been swift and severe. Two former federal officials who drafted the consent decree governing how Facebook handles user privacy say the social network may have violated that decree, which could result in millions of dollars of fines against Facebook.
But what has been most disappointing is how Facebook handled the situation. When the news broke on Friday, Facebook approached it in the same diffuse way it handled revelations that Russia had used the platform to help sway the presidential election: denied it. The social network contended this was not, in fact, a “data breach,” and that its platform performed precisely as Facebook had always intended. Instead it was an outside party — Cambridge Analytica, in this case — that violated the company’s terms of service. Translation: Facebook’s security remained intact during this incident, and none of this was Facebook’s fault.
While Facebook may not have been “hacked” in the technical sense, there’s no denying that the personal data of some 50 million people was harvested unknowingly and unwillingly for means other than what those people intended, indicating there was some sort of breach, if not of the Facebook platform, then surely of those users’ privacy.
“Protecting people’s information is at the heart of everything we do, and we require the same from people who operate apps on Facebook,” Facebook VP & Deputy General Counsel said in a statement. “If these reports are true, it’s a serious abuse of our rules.”
Facebook’s biggest failure
Equally as egregious is the argument that Facebook is somehow not at fault here. While the social network had already updated its terms of service since 2015 so as not to enable developers to do what Cambridge Analytica did, Facebook failed to disclose the incident until it was reported two years or so later, which has many wondering. Would Facebook have suspended the whistleblower’s Facebook account if the report had not surfaced? Would the social network have disclosed the incident at all? Doubtful.
Facebook’s real failing here — a mistake it has made time and again — is that it shirks responsibility for its shortcomings. When critics assailed the social network for the inadvertent role it played in the 2016 U.S. presidential election, Facebook was extremely slow to accept culpability. It wasn’t a “media company” — it was a nonpartisan technology platform that just so happened to distribute real and fake news. And its eventual response to fulfilling that mantra was de-emphasizing national news in users News Feeds.
Now as Facebook stumbles through its latest controversy, more people are calling for regulation of the social network. If the social network can’t police itself, critics argue that perhaps the government should step in.
Senator Amy Klobuchar of Minnesota, a Democratic member of the Senate Judiciary Committee, captured much of the sentiment via Twitter Saturday:
Facebook breach: This is a major breach that must be investigated. It’s clear these platforms can’t police themselves. I’ve called for more transparency & accountability for online political ads. They say “trust us.” Mark Zuckerberg needs to testify before Senate Judiciary.
— Amy Klobuchar (@amyklobuchar) March 17, 2018
It’s too early to say whether the Cambridge Analytica snafu will have any material impact on Facebook’s top and bottom line in the short term. My gut as a longtime tech reporter tells me it won’t. Like it or not, Facebook remains the No. 3 most visited website in the U.S. and the world with 2.13 billion-plus monthly users — those are tantalizing stats many marketers will continue to find almost impossible to overlook.
But Facebook’s latest controversy has sewn more seeds of distrust in the public eye, at least those discerning people who care enough about what data websites collect about them, what they do with it, and what they fail to do if their data is abused for other purposes. Surely, that’s hardly what its idealistic CEO Mark Zuckerberg intended.
More from JP