Facebook CEO Mark Zuckerberg has finally apologized in response to the controversy over a massive data breach by Trump-aligned data firm Cambridge Analytica which sparked an online movement to #DeleteFacebook.
"We have a responsibility to protect your data, and if we can't then we don't deserve to serve you," he wrote in a post on Facebook on Wednesday afternoon. In the post he outlines a timeline of events that lead up to the data breach where information from over 50 million Facebook user profiles were compromised.
How far Zuckerberg will actually go to fulfill that promise is anyone’s guess; since Facebook’s business model is essentially to monetize your digital life for advertisers, the company has a strong disincentive to users’ data flowing to marketers.
Though Zuckerberg avoided a direct apology in his statement, he told CNN later on Wednesday evening: "This was a major breach of trust, and I'm really sorry that this happened."
He said that in 2014 Facebook took major steps to mitigate the situation and prevent a similar breach, however moving forward the company will implement three additional procedures to prevent bad actors from accessing people's information.
The first step is for Facebook to conduct an audit of all apps that were able to access large amounts of information and ban any developers who have used data improperly.
The second is reducing the amount of data developers are able to access. Facebook will remove developers' access to your data if you haven't used their app in three months.
The third measure is making it easier and simpler for users to restrict the number of apps authorized to pull their data. Facebook will be rolling out a tool at the top of the News Feed to make removing apps even easier.
"I'm serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn't change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward," Zuckerberg wrote.
The portion of Zuckerberg's plan related to restricting developer's access to data is what some in the intelligence business refer to as a minimization procedure. The company has, in the past, shied away from such restrictions, prioritizing developer's abilities to harvest and monetize user data. That lack of safeguards is at the heart of Facebook's scandal prompted by the latest Cambridge Analytica revelations.
Had Facebook restricted Cambridge researcher Aleksandr Kogan's ability to access data from the unsuspecting friends of Facebook users who downloaded Kogan's app, Cambridge Analytica would not have been able to collect substantial data from an estimated 50 million Facebook users—and accordingly, Cambridge Analytica wouldn't have had the tools for the "psychographic" profiling it billed to business and political clients.
And that speaks to something central to Facebook's business model. For Facebook to ensure users "understand which apps you've allowed to access your data"—Zuckerberg's latest version of a privacy promise the company has made for years—is to put its business under stress.
Facebook's clientele is unprecedented in human history. Were its 2.2 billion monthly users their own country, Facebook Nation would be nearly a billion people more populous than China. Facebook uses this previously unimaginable scale of data collection to leverage to advertisers, app developers and other commercial services—which helps explain why the service is free to use. How far Facebook actually goes to restrict its data pool remains to be seen.
This is also the first time Facebook has admitted that the current set of user controls related to privacy and data are confusing and difficult to access. Whether or not that same set of controls will be easier to understand when bolted to the top of user News Feeds is unclear. Again, a substantial portion of Facebook's business model still depends on users not understanding the broad access they may be giving the platform and apps, so that it can monetize the scale of that data collection.
Facebook COO Sheryl Sandberg shared Zuckerberg's post shortly after it went live appending her own statement where she expressed "deep regret."
"You deserve to have your information protected—and we'll keep working to make sure you feel safe on Facebook. Your trust is at the core of our service. We know that and we will work to earn it," she wrote on Wednesday afternoon.
Sandberg and Zuckerberg faced signficant pushback after failing to appear at an all-hands meeting at Facebook headquarters on Tuesday afternoon to discuss the Cambridge Analytica fallout and the social network's role in the 2016 election. As The Daily Beast revealed, yesterday's briefing was instead conducted by Facebook attorney, Paul Grewal.
Prominent users—including WhatsApp co-founder Brian Acton who sold his company to Facebook for $16 billion in 2014—called for people to delete Facebook. The hashtag #DeleteFacebook trended on Twitter earlier this week as users expressed concern that the company was untrustworthy. The company lost billions in market capitalization as the scandal has built, with shares off Facebook by nearly 10 percent.
The stock recovered a bit after Zuckerberg’s statement. But the Cambridge Analytica scandal is just one in a series of interlocking imbroglios faced by the company is recent months.
In the aftermath of the 2016 election Zuckerberg was repeatedly criticized for glossing over or ignoring his platform's role in Trump's rise and Russian election interference. Zuckerberg finally attempted to broach the issue in September 2017, nearly a year after the vote took place, in a post where he outlined Facebook's plan to "protect election integrity and make sure that Facebook is a force for good in democracy."
—with additional reporting by Spencer Ackerman