After five days of silence from Facebook’s top management over issues arising from misappropriation of Facebook user data by outside sources, CEO Mark Zuckerberg said the company plans to audit all apps that had access to user information prior to a company change of policy in 2014.
In a Facebook post, Zuckerberg today addressed the ongoing crisis facing the company since the British firm Cambridge Analytica and a team of researchers reportedly accessed information from as many as 50 million Facebook users several years ago without consent. Facebook on Friday announced it had suspended the firm—which has been credited with helping Donald Trump’s presidential campaign—from accessing its advertising platform until an investigation is complete.
The revelation and a related report from The Guardian and The New York Times sparked widespread outrage from users, U.S. and European lawmakers and privacy watchdogs. Cambridge Analytica said it did not violate Facebook’s policies. However, the company’s board of directors on Tuesday suspended its chief executive until it completes its own investigation.
Zuckerberg said the company made changes years ago to prevent other groups from gaining the same kind of access. In his post, he provided a timeline from when Facebook first opened its platform to outside apps (“with the vision that more apps should be social”) to when a researcher in 2013 used one of those apps to gain information from users, which was then reportedly sold to Cambridge Analytica. He said the company “dramatically limited” access to the platform in 2014—prior to learning a year later that Cambridge Analytica had received data from its users.
Facebook had experienced a “breach of trust” between the company and third parties that used the platform, Zuckerberg wrote. He also admitted that it was a “breach of trust” between Facebook and the more than 1 billion people who use it. However, he never directly apologized for allowing the user information to be accessed without consent.
“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” he wrote. “I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there’s more to do, and we need to step up and do it.”
According to Zuckerberg, Facebook plans to investigate and audit all apps that had access to large amounts of information prior to the changes in 2014. He said any developer who doesn’t agree to an audit will be banned from the platform. If an audit reveals any misuse, he said, the developers will be banned, adding that Facebook will inform any users affected by the app’s collection of identifiable information.
In addition to the audit, Facebook plans to restrict developer access, including cutting off access to a user’s data if a person hasn’t used an app within three months.
“We will reduce the data you give an app when you sign in—to only your name, profile photo, and email address,” he wrote. “We’ll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. And we’ll have more changes to share in the next few days.”
Next month, Facebook plans to roll out a tool that will help users better understand which apps they’ve provided access to in case they want an “easy way” to revoke access. The tool, which will appear at the top of a user’s news feed, already exists. However, its current location is buried deep within Facebook’s privacy settings.
Facebook also wants to further crowdsource how it discovers vulnerabilities on the platform. In a separate post, the company said it plans to expand its “bug bounty program,” which rewards users that find and report misuses of data.
“I started Facebook, and at the end of the day I’m responsible for what happens on our platform,” Zuckerberg wrote. “I’m serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn’t change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward.”