CBSN

Mark Zuckerberg: "One of the biggest mistakes" of Facebook is not digging deeper into Cambridge Analytica

Last Updated Mar 22, 2018 1:08 AM EDT

Facebook CEO Mark Zuckerberg is speaking publicly for the first time since a whistleblower described how a data firm exploited a loophole to access data from 50 million Facebook users. Hours after releasing a statement (on Facebook), Zuckerberg spoke to Wired editor-in-chief Nick Thompson about what he called "one of our biggest mistakes."

Thompson spoke to CBSN about his interview with Zuckerberg, who revealed "there are probably 15 changes" it will take "to further restrict data." He also told CBSN's Elaine Quijano that Facebook isn't so great at worst case scenarios and that it's inevitable Zuckerberg testifies in front of Congress.

Both Zuckerberg and Facebook chief operating officer Sheryl Sandberg remained silent amid reports political consulting firm Cambridge Analytica, which has links to President Trump's 2016 campaign, exploited a loophole in Facebook that allowed it to access data using an app created by a third-party research firm. Facebook suspended Cambridge Analytica last week, saying the firm had not deleted the data in 2015, as it had claimed to. 

180321-nick-thompson-cbsn.jpg

Nick Thompson

CBS News

Facebook (FB) learned about the Cambridge Analytica incident in late 2015 and had the firm sign a legal undertaking that the data would be deleted, Thompson wrote in his article. But this week's reports cast doubt on that set of circumstances. Thompson questioned Zuckerberg about not digging deeper into Cambridge Analytica in his Wired magazine article titled: "Mark Zuckerberg talks to Wired about Facebook's privacy problem."

"The first action that we now need to go take is to not just rely on certifications that we've gotten from developers, but actually need to go and do a full investigation of every single app that was operating before we had the more restrictive platform policies -- that had access to a lot of data -- and for any app that has any suspicious activity, we're going to go in and do a full forensic audit," Zuckerberg said. "And any developer who won't sign up for that, we're going to kick off the [Facebook] platform."

Zuckerberg added: "That's the step that I think we should have done for Cambridge Analytica ... we're now going to go do it for every developer who is on the platform who had access to a large amount of data before we locked things down in 2014."

Zuckerberg spoke to CNN's Laurie Segall, saying he would "be happy to" answer questions before Congress. 

"What we try to do is send the person at Facebook who will have the most knowledge," Zuckerberg said. "If that's me, then I am happy to go." 

Facebook had come under increasing fire for failing to protect users' data early enough and strongly enough, and also for how it pushed back on the misuse of 50 million users' data, seemingly focusing on the semantics of whether or not it amounted to a "data breach" in the strictest sense.

On CNN, Zuckerberg shifted blame to Cambridge Analytica for providing what it said was formal certification that it had deleted the data.

"I don't know about you, but I'm used to when people legally certify that they are going to do something, that they do it. But I think this was clearly a mistake in retrospect," Zuckerberg said. "We need to make sure we don't make that mistake ever again."  

"Facebook was just built in and for a world that was different from the world in which Cambridge Analytica operates," Thompson said Wednesday night. "You can call it idealism, you can call it naïveté, certainly [Facebook] misread the situation. What they should have done in 2015 when they learned what Cambridge Analytica had done -- they should have audited -- they should have pushed and got every computer Cambridge Analytica had ... and they should have searched them." 

"I think the feedback that we've gotten from our community and from the world is that privacy and having the data locked down is more important to people than maybe making it easier to bring more data and have different kinds of experiences," Zuckerberg said.

Thompson said he asked Zuckerberg: "'Do you know [if Russian operatives got a hold of Facebook data]?' And he said, 'Look we don't, we can't.' There wasn't a watermark on the data that Cambridge Analytica got."

Zuckerberg's earlier statement noted there was a "breach of trust between Facebook and the people who share their data with us" and said the company "made mistakes" on what he referred to as the "Cambridge Analytica situation."

Zuckerberg said the company made changes in 2014 to restrict the amount of data app developers can access. He said Facebook will now take additional steps, such as removing developers' access to your data if you haven't used their app in three months, and reducing the amount of personal information an app gets when you sign in. Other than via apps, Zuckerbeg's statements made no mention of dialling back the amount of data gathered on users, or giving the user any additional control over the amount of data they surrender to the platform. 

To help users understand which third-party apps have access to their data, Zuckerberg said, "In the next month, we will show everyone a tool at the top of your News Feed with the apps you've used and an easy way to revoke those apps' permissions to your data. We already have a tool to do this in your privacy settings, and now we will put this tool at the top of your News Feed to make sure everyone sees it."

You can read his full statement here:

I want to share an update on the Cambridge Analytica situation -- including the steps we've already taken and our next...

Posted by Mark Zuckerberg on Wednesday, March 21, 2018

Changes Facebook says it will take in wake of data scandal

  • Will investigate all apps that had access to large amounts of information
  • Will conduct a full audit of any app with suspicious activity
  • Will ban any developer that does not agree to a thorough audit
  • Will restrict developers' data access further to prevent other abuse
  • Will reduce the data consumers give an app when they sign on
  • Will show tool at top of the News Feed with apps used and way to revoke access

Facebook backlash

Facebook is facing a growing backlash on Capitol Hill as more lawmakers demand that Zuckerberg testify. Some are calling for increased regulations on big tech companies.

"Mark Zuckerberg needs to testify under oath in public before the Judiciary Committee. He owes it to the American people who ought to be deeply disappointed by the conflicting and disparate explanations that have been offered," Sen. Richard Blumenthal, D-Connecticut, told reporters Monday. The former Connecticut attorney general warned, "Zuckerberg ought to be subpoenaed to testify if he won't do it voluntarily."

After Zuckerberg's statement on Wednesday, Sen. Amy Klobuchar, D-Minnesota, said the committee still wants to question him. "The steps Facebook has laid out to protect its user data are a start but Mark Zuckerberg still needs to come testify before the Senate Judiciary Committee," Klobuchar said in a statement. "In addition, Facebook should show good faith by supporting the Honest Ads Act and the company will have to deal with the FTC investigation and other legal proceedings as a result of this breach."