Facebook has been dealing with revelations of large privacy intrusions into its data. In fact, according to Bloomberg, the company confirmed that nearly all of its users — 2 billion total — may have had their data scraped by hackers.
The most famous data breach, a smaller one on roughly 87 million Facebook users, was shared with a research firm, Cambridge Analytica, and used to send political information to the users. The company arrived at the 87 million figure by estimating the number of people who downloaded the doorway to the hack, an innocent-seeming quiz, and their friend network.
The company originally estimated the number of users who had data compromised by Cambridge Analytica at 50 million.
The revelations have damaged Facebook’s reputation — it has been subject to a public “delete Facebook” campaign that the company says is largely unsuccessful — and raised many privacy concerns.
CEO Mark Zuckerberg testified before Congress about the breaches.
Consumers are concerned with many privacy issues.
First, Facebook’s acknowledgment of the fact that most of its user base may have had data scraped apparently occurred because of the ability of users to find other users on Facebook by searching for their e-mail address or phone number.
Although the company indicated that this feature is now eradicated from Facebook, it’s unclear whether users are more protected now, where their data now is, and even if they should change their e-mail or phone numbers.
It also raises the issue, of course, of whether Facebook is aware of the parameters of its security prior to incidents being actively looked for.
Second, although Facebook has acknowledged that “bad actors” made its way into their user base, it’s unclear what protections users have against malicious actors going forward.
The Cambridge Analytica hack was carried out via a personality quiz; Facebook users who took it were unwittingly compromising their security and that of their Facebook network. While the Cambridge Analytica scandal is now widely known, whether the full scope of malicious actors on Facebook is known is unclear.
It also isn’t clear if organizations who took data still have it. Wired indicates that Cambridge Analytica may have been less than truthful to Facebook about whether it still had the data.
Is Regulation in the Offing?
As a result of the data breaches, Facebook founder and chief executive officer Mark Zuckerberg testified this week before a joint hearing of the Senate Judiciary and Commerce Committee. The questions ranged widely, from user agreements to Facebook’s cultural role and its privacy concerns.
Notably, Zuckerberg seemed to indicate that regulation to prevent illicit data-gathering was a possibility, and even one he welcomed.
But the form of any regulation is unclear. To some extent, any regulation likely depends on how much and how quickly Facebook fixes its own house.
It also depends on what any regulation will actually do. The Facebook business model provides a service to consumers, but its revenue is driven directly by advertisers who want access to those consumers. Strict privacy controls may erode its revenue.
Worries about business model impact perhaps drove many of Mark Zuckerberg’s responses, as he didn’t fully answer many questions about Facebook’s capacity to track users across other sites and multiple devices — information valuable to the company’s advertisers.
Hacks of Facebook and the response of the company, its users, and the government are likely to influence digital companies and their policies going forward. Stay tuned.