Mark Duckerberg: Second Congressional grilling sees boss dodge questions like a pro

Zuck shows curious amnesia about his own business

Facebook CEO Mark Zuckerberg used today’s grilling in Congress to point the finger at dodgy app developers and Cambridge academics – but appeared to expose huge holes in his knowledge of the way his own business works.

Making his second appearance in front of US lawmakers this week – appearing before the House of Reps' Energy and Commerce Committee – Zuckerberg quickly settled into the swing of looking sombre, stressing just how much more he wished he’d done in retrospect, and promising he'd have his people reply to that tough question in more detail after the session.

But, despite many of the panel members’ openers praising Zuck and his all-American entrepreneurship, the CEO had a tougher time than at yesterday’s outing before the Senate.

Perhaps the biggest sticking point came when he was put under pressure about how Facebook tracks users across the web - especially what data it gathers on non-users and how people can find out what Facebook knows.

Facebook CEO Mark Zuckerberg

Nervous Facebook CEO Mark Zuckerberg passes Turing Test in Congress


On the first point, he repeated that, yes, non-users are tracked, but only for security reasons, so non-users don't scrape masses of content.

"Even if someone isn’t logged in, we track certain info like how many pages they’re accessing as a security measure," he said. "People not signed into Facebook... can see things that are public... but we don't want someone to be able to go through and access every piece of information" on the site.

However, on the second - how users can get access to their data - he was less confident, and revealed an apparent lack of understanding of his business. Throughout the majority of the session, Zuckerberg insisted that all of the information gathered on users would be handed to them in a ZIP file if they used the ‘download your data’ tool.

“Yes, we’ve had that tool for years,” he responded when asked about how users can get their information.

Would that include all the data Facebook has collected on you, even the information accessible to Facebook only, like your browsing data? asked Representative Gene Green (D-TX).

“I believe that all of your information is in your file,” Zuck replied.

Er, no it's not

This is - in short - incorrect. Because that file won’t include, for a start, the tracking data slurped up by Facebook’s advertising tool, Pixel, which is slurped up as you browse the web - and has even been banned by a Belgian court.

The phenomenon has been well-documented by Paul-Olivier Dehaye, who has been battling to get hold of all the data Facebook holds on him, and was recently told that, yes it has this Pixel information, but it’s not stored in a way that allows the biz to access and provide it to users.

Of course, at this point Twitter was awash with angry privacy activists, academics and journos shaking their fists in the air at either Zuckerberg’s mistruths or lack of understanding of his firm’s business models, or both.

Apparently, Zuck’s team got wind of this, as after one of the short breaks he interjected at the first opportunity to offer a “correction” to his testimony.

“In fact, the web logs are not in the download you data,” he said “We only store it temporarily and convert data into a set of ad interests that you might be interested in.”

He said that those ad interests go into the download your dataset, before adding “you have control over that” - meaning your ad preferences.

'I'll get back to you on that'

Such imprecision was not uncommon - he seemed blind-sided by questions about two lawsuits against the company, stating that he wasn’t “familiar with the details”, while obfuscating about “shadow profiles” of non-Facebook users and exactly what information is used for advertising.

Representatives tried to unpick his points, but ultimately failed to pin him down - in part because the complexity of the subject matter allowed Zuckerberg to ask for clarification and then hem and haw over the specifics just enough to filibuster to the strict four-minute time limit.

This frustration was perhaps best exemplified by representative Joseph P Kennedy (D-MA)’s efforts to get a straight answer on data sharing with advertising in a way that wouldn’t let Zuck worm out of it by first countering out that Facebook doesn’t sell data, or simply referring to “inline privacy controls”.


Facebook admits: Apps were given users' permission to go into their inboxes


“Can advertisers either directly or indirectly access or use the metadata that Facebook collects in order to more specifically target advertisement?” he said, only to be told Zuck didn’t quite understand.

“Advertisers that are using your platform, do they get access to information that the user doesn’t actually think is either, one, being generated or two, is public?” Kennedy went on, followed by this caveat-laden sentence:

“Understanding that yes, if you dive into the details of your platform, users might be able to shut that off, but I think one of the challenges about trust here is that an awful lot of information [users are] generating without realising that they’re generating… or that ads able to target because Facebook is collecting it.”

As a reward for his doggedness, Zuckerberg offered up more of an insight into the system. His “understanding”, he said, was that the targeting options for advertisers are based on what users share, but that Facebook does then “help rank” what ads might work, using metadata or behaviours gathered from for instance newsfeed. Of course, that’s all “in order to make that more useful” to us humble users.

As for all that metadata, well, we're never going to see it.

Other stories you might like

  • Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
    Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

    Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.

    In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February after the crooks publicly sided with Russia during the illegal invasion of Ukraine.

    What Prodaft found was a gang sitting on assets worth hundreds of millions of dollars funneled from multiple sophisticated malware variants. Wizard Spider, we're told, runs as a business with a complex network of subgroups and teams that target specific types of software, and has associations with other well-known miscreants, including those behind REvil and Qbot (also known as Qakbot or Pinkslipbot).

    Continue reading
  • Supreme Court urged to halt 'unconstitutional' Texas content-no-moderation law
    Everyone's entitled to a viewpoint but what's your viewpoint on what exactly is and isn't a viewpoint?

    A coalition of advocacy groups on Tuesday asked the US Supreme Court to block Texas' social media law HB 20 after the US Fifth Circuit Court of Appeals last week lifted a preliminary injunction that had kept it from taking effect.

    The Lone Star State law, which forbids large social media platforms from moderating content that's "lawful-but-awful," as advocacy group the Center for Democracy and Technology puts it, was approved last September by Governor Greg Abbott (R). It was immediately challenged in court and the judge hearing the case imposed a preliminary injunction, preventing the legislation from being enforced, on the basis that the trade groups opposing it – NetChoice and CCIA – were likely to prevail.

    But that injunction was lifted on appeal. That case continues to be litigated, but thanks to the Fifth Circuit, HB 20 can be enforced even as its constitutionality remains in dispute, hence the coalition's application [PDF] this month to the Supreme Court.

    Continue reading
  • How these crooks backdoor online shops and siphon victims' credit card info
    FBI and co blow lid off latest PHP tampering scam

    The FBI and its friends have warned businesses of crooks scraping people's credit-card details from tampered payment pages on compromised websites.

    It's an age-old problem: someone breaks into your online store and alters the code so that as your customers enter their info, copies of their data is siphoned to fraudsters to exploit. The Feds this week have detailed one such effort that reared its head lately.

    As early as September 2020, we're told, miscreants compromised at least one American company's vulnerable website from three IP addresses: 80[.]249.207.19, 80[.]82.64.211 and 80[.]249.206.197. The intruders modified the web script TempOrders.php in an attempt to inject malicious code into the checkout.php page.

    Continue reading

Biting the hand that feeds IT © 1998–2022