Still reeling from news that President Trump's consultancy, Cambridge Analytica, obtained data from as many as 87 million Facebook users, CEO Mark Zuckerberg is vowing to do a better job of protecting users' privacy. But promises of a new approach may not be enough to stave off official action.
On Wednesday, Zuckerberg held an extraordinary hour-long call with reporters, during which he admitted to making mistakes -- including not anticipating the ways that people could take advantage of the platform's features for questionable purposes.
"We didn’t focus enough on preventing abuse and thinking through how people could use these tools to do harm," he said. "That goes for fake news, foreign interference in elections, hate speech, in addition to developers and data privacy. We didn’t take a broad enough view of what our responsibility is, and that was a huge mistake. It was my mistake."
Zuckerberg also addressed the need to ensure that developers protect information they garner from users. "It’s not enough to have rules requiring they protect information, it’s not enough to believe them when they tell us they’re protecting information," he said. "We actually have to ensure that everyone in our ecosystem protects people’s information."
The company also announced one concrete step Wednesday: It will no longer allow people to search for users by entering their email addresses and phone numbers. That move is expected to make the information less available to data harvesters, who previously were able to scrape the site for data by entering emails or phone numbers. But the policy change is only coming after hackers scraped the data of most of the service's 2 billion users.
Despite Zuckerberg's mea culpa, plenty of people are still angry at the attitudes that allowed Cambridge Analytica and others to obtain data about unsuspecting users.
Senator Richard Blumenthal (D-Connecticut) on Thursday urged the Federal Trade Commission to "show wronged consumers its mettle and seek meaningful monetary damages and other remedies."
Blumenthal also is calling for new laws regulating Silicon Valley. He tweeted that next week's Senate hearing -- at which Zuckerberg is expected to testify -- will be "a good first step toward instituting some vitally necessary rules of the road for Big Tech."
Georgetown University Law Center professor David Vladeck, former consumer protection head for the FTC, contends that Facebook apparently violated a 2012 consent decree by allowing app developer Alexandsr Kogan to access information from not only the 270,000 users who downloaded his "thisisyourdigitallife" personality-quiz app, but from their 87 million friends as well. (Kogan reportedly sold the data to Cambridge Analytica; for its part, the consultancy says only received information about 30 million Facebook users.)
"The FTC’s investigation will focus on a user’s reasonable expectations -- that is, what did users and their friends understand their 'privacy' settings to mean?" Vladeck writes in a post on the Harvard Law Review's blog. "Were users clearly and unmistakably informed that permitting sharing with friends meant broad and virtually unrestricted access to their data by third parties?"
He adds that Facebook also may have violated a condition of the settlement that requires the company to take "reasonable measures" to counteract potential privacy risks.
"So far we’ve heard contrition of Mark Zuckerberg," Vladeck writes. "But we’ve heard all of that before, and contrition does not bring about change."