By Trisha Thadani San Francisco Chronicle
WWR Article Summary (tl;dr) Zuckerberg's long-awaited statement stopped short of an apology, instead outlining some steps the company will take to protect users' data.
San Francisco Chronicle
After days of silence, Facebook CEO Mark Zuckerberg finally responded to revelations that a rogue partner misused millions of users' personal data and admitted that his company -- which runs the biggest social network in the world -- violated its users' trust.
"We need to fix that," he wrote in a 937-word Facebook post.
Facebook has spent the last few days enmeshed in controversy over revelations that Cambridge Analytica, a political firm connected to Donald Trump's 2016 presidential campaign, gained access to data about millions of users.
Zuckerberg's long-awaited statement stopped short of an apology, instead outlining some steps the company will take to keep that data out of the hands of those who would violate users' trust.
The 33-year-old CEO said the company had made changes to its privacy settings in 2015, in an attempt to give people more control over their profiles. But, he added, "We also made mistakes, there's more to do, and we need to step up and do it."
Zuckerberg did not say when some of these changes will occur, and it was not clear how Facebook's compliance might be monitored. In 2014, Zuckerberg promised developers that the company would give them two years' warning before making major changes to their access. Facebook didn't immediately respond to a request for comment.
In an interview with CNN, the 33-year-old CEO apologized and said he would testify in front of Congress -- as lawmakers have asked him to do -- if it is "the right thing to do."
Central to the whirlwind of criticism surrounding the Menlo Park company are concerns from users about how their information is shared with other businesses. Millions of people log on to countless apps using the social network every day, while companies -- from dating networks to car-sharing services -- rely on Facebook to verify their users' identities.
But what many people don't realize is the extent to which they have voluntarily shared their data with dozens, if not hundreds, of app makers.
In response to the criticism, the company will place a link at the top of News Feeds to a tool that lists the apps members have shared data with. There will also be an option to revoke that access. This tool currently exists, but it is buried in the social network's privacy settings.
Zuckerberg said the company will also put "stronger protections in place" to prevent abuse by developers. Some of those steps include:
--Restricting developers' access to prevent abuse. This means if a user hasn't logged onto an app in three months, Facebook will remove developers' access to their data.
--Providing only name, profile photo and email address when someone uses Facebook to sign in to an app. Some apps currently can gain access to lists of people's friends and the pages they have liked.
--Auditing any app with suspicious activity, and ban any developer that does not agree to a thorough audit.
On CNN, Zuckerberg said the company needs to make sure that there "aren't any other Cambridge Analyticas out there." He said the company is going to do a comprehensive audit of the thousands of apps that have access to Facebook's data.
He admits that this is an enormous endeavor, and something the company should have done already: "In 2016, we were not as on top of the issue as we should have -- whether it was Russian interference or fake news."
Rep. Ro Khanna, D-Fremont, applauded Zuckerberg for taking accountability for the data sharing and his apparent willingness to testify in front of Congress. But, he said, it should be up to lawmakers, not tech companies, to regulate such behavior.
"It is not for Zuckerberg or entrepreneurs to solve an issue of how to protect the privacy of Americans and our national security," he said. "This is the responsibility of the United States Congress to have the right framework."
The changes announced Wednesday came too late for people like Chris Oxford, 52, of Spokane, Wash., who decided to delete his Facebook account after the revelations of how data could be used.
"I'm still deleting it," Oxford said, after reading Zuckerberg's statement. "I'm just feeling free from this thing, and I'm excited to get back to normal interactions with people."
On the other hand, some developers who integrate Facebook's data in their services said they are trusting the company to come up with a solution so they can continue using the data in good faith.
Mike Janes, chief marketing officer of Vacatia, a resort marketplace tailored toward families, said companies like his are "counting on Facebook's innovation to solve the bad actor problem," referring to developers who deliberately break Facebook's rules.
Janes said new Vacatia customers typically use Facebook as a way to quickly sign up, and then they share pictures of their trips on the social network.
"This is an example of the positive value of Facebook that businesses certainly hope remains pristine amidst the drama," he said.
Getaround, the person-to-person car-sharing service, requires a Facebook account to verify users' identities, the company said, making the service safer to use.
"We hope Facebook can restore confidence in its platform so developers can continue building applications that benefit the community without fear of data breaches," said John Marshall, vice president of product and engineering, in an email. (Facebook has objected to characterizations of the misuse of data as a "breach.")
But Michael Cusumano, a professor at the MIT Sloan School of Management, warned that Facebook needs to toe a careful line between protecting users and preserving the significant revenue it gets from ads that make use of their data.
"If you control it too tightly, it becomes difficult to use, and then people won't use it," Cusumano said, "He has to be very careful not to kill the golden goose, so to speak. But I don't think he has any other choice at this point."