Social media giant Facebook is having a rough week, after Cambridge Analytica, a data analytics firm that worked with US President Donald Trump’s election team, collected millions of Facebook profiles, said to be one of the biggest ever data breaches in Facebook's history.
On Wednesday, the founder of the social media company, Mark Zuckerberg on his Facebook account shared the details of the event and later apologised to CNN for the mistake.
Cambridge Analytica allegedly collected personal information of more than 50 million Facebook accounts. The data were taken without any authorisation, in early 2014, to build a unique system that could profile individual citizens of the US to influence them with personalised political advertisement.
In an exclusive interview with The Observer, Christopher Wylie, who worked with a Cambridge University academic to obtain data said, “We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.”
Amid criticism Facebook’s founder Zuckerberg posted in his Facebook Timeline giving all the details about their tie-ups to the termination of contract with Cambridge Analytica.
Zuckerberg started his post with accepting their responsibility to protect data and informed that his team has been working to protect user’s data safe and secure; but accepted that they have made mistakes.
After the incident was seen taking hype, the COO of the company Sheryl Sandberg too posted an apology in her Facebook timeline which said, “We know that this was a major violation of people's trust, and I deeply regret that we didn't do enough to deal with it. We have a responsibility to protect your data - and if we can't, then we don't deserve to serve you.”
She added, “We've spent the past few days working to get a fuller picture so we can stop this from happening again. Here are the steps we're taking. We're investigating all apps that had access to large amounts of information before we changed our platform in 2014, to dramatically reduce data access. And if we find that developers misused personally identifiable information, we'll ban them from our platform and we'll tell the people who were affected.”
Zuckerberg shared the whole series of incidents from the tie-ups with the data analytics firm and how they parted ways:
Here is how the timeline shared by Zuckerberg looks like:
In 2013, a Cambridge University researcher named Aleksandr Kogan created a personality quiz app. It was installed by around 300,000 people who shared their data as well as some of their friends' data. Given the way our platform worked at the time this meant Kogan was able to access tens of millions of their friends' data.
In 2014, to prevent abusive apps, we announced that we were changing the entire platform to dramatically limit the data apps could access. Most importantly, apps like Kogan's could no longer ask for data about a person's friends unless their friends had also authorized the app. We also required developers to get approval from us before they could request any sensitive data from people. These actions would prevent any app like Kogan's from being able to access so much data today.
In 2015, we learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica. It is against our policies for developers to share data without people's consent. So we immediately banned Kogan's app from our platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications.
Last week, we learned from The Guardian, The New York Times, and Channel 4 that Cambridge Analytica may not have deleted the data as they had certified. We immediately banned them from using any of our services. Cambridge Analytica claims they have already deleted the data and has agreed to a forensic audit by a firm we hired to confirm this. We're also working with regulators as they investigate what happened.
This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.
In this case, we already took the most important steps a few years ago in 2014 to prevent bad actors from accessing people's information in this way. But there's more we need to do and I'll outline those steps here:
First, we will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity. We will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps. That includes people whose data Kogan misused here as well.
Second, we will restrict developers' data access even further to prevent other kinds of abuse. For example, we will remove developers' access to your data if you haven't used their app in three months. We will reduce the data you give an app when you sign in -- to only your name, profile photo, and email address. We'll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. And we'll have more changes to share in the next few days.
Third, we want to make sure you understand which apps you've allowed to access your data. In the next month, we will show everyone a tool at the top of your News Feed with the apps you've used and an easy way to revoke those apps' permissions to your data. We already have a tool to do this in your privacy settings, and now we will put this tool at the top of your News Feed to make sure everyone sees it.
Beyond the steps we had already taken in 2014, I believe these are the next steps we must take to continue to secure our platform.
Later in the post Zuckerberg stated, “I started Facebook, and at the end of the day I'm responsible for what happens on our platform. I'm serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn't change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward.”
Sandberg’s post also said, “We're also taking steps to reduce the data you give an app when you use Facebook login to your name, profile photo, and email address. And we'll make it easier for you to understand which apps you've allowed to access your data. You deserve to have your information protected - and we'll keep working to make sure you feel safe on Facebook. Your trust is at the core of our service. We know that and we will work to earn it.”