CBSN

Facebook knew of illicit user profile harvesting for 2 years, never acted

Facebook knew for two years that a data firm harvested data from more than 50 million profiles of U.S. voters without their permission but did nothing to protect its users, Guardian reporter Carole Cadwalladr told CBSN on Saturday. Cadwalladr said Facebook threatened to sue in a bid to prevent The Guardian publishing an exposé on the data harvesting. She believes Facebook didn't inform users of the misuse of data because it wasn't in the company's best interest. The Guardian story, based on interviews with whistleblower Chris Wylie who worked for the firm, published online on Saturday.

"This continual pattern that we've seen with Facebook -- trying to shut the story down, finally when it has no choice, acknowledge it. They've just really got to do better," she said.

"What we desperately need is for Facebook to finally open up and be as honest and transparent as it can be about the way that their platform was used and manipulated during the U.S. presidential elections, during Brexit in the U.K.," Cadwalladr said, adding that Facebook continually tried to prevent her story from being published.

In a statement released late on Friday, Facebook acknowledged that it learned it had been "lied to" about Cambridge Analytica and an affiliate's activities in 2015, more than two years before suspending the firm from its platform, but did not alert users at the time. Facebook insisted there was no breach of their system.

After speaking with the U.K. Information Commissioner's Office, which promotes the protection of private information, Cadwalladr said it is clear "this is a data breach."

"Facebook has just turned around and blamed a third party," Cadwalladr said. "We are clear this is a data breach, and Facebook's denials in the face of it -- their claim that it's not a data breach because nobody hacked into their system -- well, failing to secure your own data, failing to see how it's being used ... that falls within the definition of a data breach. Accept it, Facebook. Own it."

"In a way it's even more damning that [Cambridge Analytica] got all of this data from Facebook without it being a breach," Wired editor-in-chief and CBS News contributor Nick Thompson said on CBSN.

"It didn't work because somebody hacked in and broke stuff," Thompson added. "It worked because Facebook has built the craziest most invasive advertising model in the history of the world and someone took advantage of it."

Since it was a violation of Facebook's terms of services, Thompson said he's not sure what government agency would be tasked with regulating the platform to prevent a recurrence in the political sphere.

"I'm not sure, though, that you can actually regulate your way out of this problem because on the flip side of this, the reason political advertising on Facebook is so effective is because Facebook is a great tool for advertising," he said. "You can't just shut down all advertising on Facebook or make it harder for people to micro-target on Facebook because in general that's just the way business works and they invented this great tool."

Cadwalladr said Facebook would have needed to inform 58 million people that their personal information was taken and "essentially, there's no way of getting it back."

"Once it's taken, it's out in the world, it can be copied, it can be stored elsewhere -- we just don't know what's happened to that data," Cadwalladr said Saturday. She said she was appalled that Facebook did "almost nothing" to delete or secure the data that was harvested.