A few hours after the introduction of Facebook's newly launched Data Abuse Bounty program – an admission the social ad network has no idea what's become of its illicitly harvested data – CEO Mark Zuckerberg reprised his long-running mea culpa show before America's lawmakers.
His appearance in Washington DC on Tuesday follows revelations last month that in 2013 a researcher obtained millions of user profiles through Facebook's developer program and then sold the info to data analytics firm Cambridge Analytica, which was employed by the Trump campaign.
Zuckerberg, a veteran apologist for Facebook data dissemination, weathered the widely anticipated and mostly cordial grilling before a joint meeting of the Senate Committee on the Judiciary and the Senate Committee on Commerce, Science, and Transportation. Some of the politicians posing the questions receive thousands in campaign contributions from Facebook and its staff.
In a sorry state again: Zuckerberg dusts off apology playbook in mea culpa to CongressREAD MORE
Commerce Committee Chairman Senator John Thune (R-SD) set the stage by both celebrating Zuckerberg's accomplishment in building Facebook as the American dream while cautioning, "At the same time you have an obligation to ensure that dream does not become a privacy nightmare."
"We didn’t take a broad enough view of our responsibility, and that was a big mistake. It was my mistake, and I’m sorry," said Zuckerberg in his mildly robotic manner. "I started Facebook, I run it, and I’m responsible for what happens here."
That responsibility however does not appear to imply consequences – Zuckerberg has dismissed the suggestion he might step aside. He's responsible, but won't pay a personal price. Instead, his company will hire more people to screen content and apps, and will pay a small sum to those who report rule-breaking developers.
It is also investing in AI as a way to catch problems. In a few years, Zuckerberg said, he expects AI will be helping filter hate speech.
That's an intriguing possibility, but not a guarantee.
Zuckerberg's prepared words arrived amid weary skepticism from privacy advocates. "Facebook has known about this privacy sh*t show for a long time – they refer to it internally as their 'business model,'" observed technologist Ashkan Soltani, a security researcher who previously served as the CTO of America's Federal Trade Commission.
Soltani recounted a few of the previous data grabs documented at Facebook, such as developer Pete Warden's collection of 210 million Facebook public profiles in 2010 (which brought a Facebook lawsuit), the release of data on 100 million Facebook users that same year by security researcher Ron Bowes, and marketing biz Rapleaf's sale of Facebook user data.
And don't forget Max Schrems' complaint over shadow profiles, which were silently built up by Facebook on people who didn't even have an account.
The lawmakers in attendance, thankfully, some showed awareness of the sordid saga of abuse and regret.
"After more than a decade of promises to do better, how is today's apology different?" asked Senator Thune, once the reading of statements concluded.
Zuckerberg responded by acknowledging that mistakes have been made running the company and by arguing that mistakes are inevitable. "We try not to make the same mistakes multiple times," he said, without really addressing the sense of deja vu.
Zuckerberg then suggested the social network he founded has gone through a philosophical shift away from just building tools and hoping for the best.
"It's not enough to just build tools, we need to make sure they're used for good," he said.
Facebook dynamites its own APIs amid data slurp scandals, wrecks data slurp applicationsREAD MORE
Facebook in other words has committed to doing more policing, but cannot say for certain that its methods will be effective.
To ensure results, lawmakers floated the possibility of regulation, which Zuckerberg did his best to humor without making any commitments.
Senator Richard Blumenthal (D-CT) also expressed skepticism of Zuckerberg's contrition, taking a more confrontational tone than most of his peers. He suggested Facebook had violated its 2011 consent decree with America's Federal Trade Commission, a charge Zuckerberg denied – to do otherwise would be to invite further fines.
"We're seen the apology tours before," Blumenthal said, before asking Zuckerberg whether he'd support opt-in for data usage rather than opt-out.
"That's certainly makes sense to discuss," said Zuckerberg.
The regulation road looks set
The discussion train, however, has already left the station. Blumental, along with Senator Edward Markey (D-MA) on Tuesday introduced a bill called the CONSENT Act which requires companies like Facebook to get opt-in consent for data sharing, among other privacy protections.
That would mirror the standard in Europe's pending GDPR data rules, and when asked about whether he would support the opt-in, Zuckerberg agreed in principle, while allowing room for refusal if the details are not suitable. As with other difficult questions posed during the hearing, Facebook's CEO made future commitments depend upon future discussions.
Senator Lindsey Graham (R-SC) suggested Facebook executive Andrew Bosworth's 2016 remarks about prioritizing growth over human life would get him fired if Graham were in charge. He also asked whether Facebook is a monopoly.
"It certainly doesn't feel like that to me," responded Zuckerberg – despite Facebook being number one, two, and three in social media in the US, number two being its Instagram biz and three being Facebook Messenger.
Senator Maria Cantwell (D-WA) asked whether data analytics outfit Palantir had scraped Facebook data. Zuckerberg said, "Not that I'm aware of," which isn't quite the same thing as a denial. She also asked whether Facebook would embrace the GDPR in the US.
Again, Zuckerberg demurred by suggesting further discussion is necessary. A good percentage of his responses were a mix of "that's a great question, senator," "in general," and "my team will get back to you on that." Another question he declined to answer there and then was whether Facebook kept a note of people's web activities even when they were logged out.
Mark #Zuckerberg couldn't answer a simple question – does Facebook continue to track people's internet activity even when they are logged out. When pushed: Something something cookies.— The Register (@TheRegister) April 10, 2018
Senator Ted Cruz (R-TX) challenged Zuckerberg over allegations of left-leaning bias at Facebook. He teased the possibility that Facebook might not qualify for the Digital Millennium Copyright Act's Section 230 immunity, upon which internet service providers depend, because it might not be a neutral public forum.
"It was not because of a political view," said Zuckerberg, insisting that he wants Facebook to be a place for a broad spectrum of viewpoints.
Zuck also ignored a question about which hotel he stayed at the night before, an attempt to demonstrate how creepy Facebook feels to others.
Several hours of quizzing by US senators, and yet no one has asked #Zuckerberg:— The Register (@TheRegister) April 10, 2018
One other bit of political intrigue: Zuckerberg confirmed Facebook has interacted with special counsel Robert Mueller's ongoing investigation of the 2016 election, but stopped short of acknowledging the service of a subpoena.
Several times Zuckerberg emphasized that Facebook does not directly sell user data, which is true enough. It profits from people's information without directly selling it... although there was that one time it let public profiles be scraped by parties unknown. The company sells ad space on Facebook based on the personal information of those viewing the site – such as, it shows ads for dog food to people with dogs – and it stopped giving private data away to developers in 2014, or so we're told.
Eventually, the session collapsed in the following cycle:
#Zuckerberg Senate grilling is running out of steam because the Q&A is boiling down to this:— The Register (@TheRegister) April 10, 2018
Q. Why are you amassing all this info?
A. People give us this info.
Q. What about the internet tracking?
A. You can switch that off.
Q. Why didn't you warn about this?
A. It's in the EULA
And at the end of several hours of testimony, Senator John Kennedy (R-LA) summed up Facebook's privacy problem thus: "Your user agreement sucks."
His point being that that even though the site's terms and conditions allow Facebook to process people's private information pretty much as it sees fit, and people agree to these conditions, netizens most likely are unaware of exactly what access they are signing away.
"Mr #Zuckerberg, your end-user agreement sucks," says a senator. And that is what it is going to come down to. Facebook is going to have to be crystal clear on its use of personal data. All of it.— The Register (@TheRegister) April 10, 2018
Zuck even went as far to suggest that if Facebook made its terms and conditions even more verbose, certainly no one would read them.
If we told people exactly how much information we collect and share, it would be so long, people wouldn't read it.— The Register (@TheRegister) April 10, 2018
That's Mark Zuckerberg's answer to why Facebook doesn't disclose all the data it collects, stores and disseminates #Zuckerberg
And the sad thing? None of this, none of any of this, should be a surprise. ®
PS: You can cop an eyeful of Zuck's notes here, thanks to AP.