The fresh disclosures about the Cambridge Analytica affair are dismaying for Facebook Inc., and they were getting a lot of deserved attention on Wednesday. But what happened at the shadowy political consulting firm is largely about Facebook’s past. The company made other changes on Wednesday that highlighted how lax it is currently being in allowing access to information from the social network’s 2 billion users.
The big news, of course, was that Facebook gave its first estimate of the number of accounts that may have fallen into the hands of Cambridge Analytica, a firm that worked on Donald Trump’s presidential campaign. Facebook said that number was as high as 87 million people, mostly in the US, which was larger than previous media reports that suggested the firm had harvested private information from Facebook profiles of more than 50 million people. (Even the 87 million figure is just an estimate. Cambridge Analytica denied on Wednesday that it had received data on that many people.)
Remember that all this started because an academic obtained permission to access the Facebook accounts of a few hundred thousand people in 2014, leveraged that to harness account information from tens of millions more people and shared the information improperly with Cambridge Analytica. Facebook changed its data-collection policies a few years ago, and in theory a Cambridge Analytica-type situation couldn’t happen again. However, many more improperly obtained troves of Facebook user information could be floating out in the world from the era of lax Facebook policies. Facebook has said it will do a full analysis to root out other outsiders that harvested large volumes of Facebook user data as Cambridge Analytica did.
The fresh revelation escalates Facebook’s nearly three-week-long crisis, which has cost the company about $90 billion in lost market capitalization. There’s a broader revelation, however, from Facebook’s amendments to its policies disclosed Wednesday. It shows how much account information Facebook still allows outsiders to harness, and it makes me wonder why Facebook is just now closing some of its endless series of data barn doors.
For example, Facebook said in a post that it was ending a feature that had permitted someone to enter another person’s phone number or email address into a Facebook search to find a friend or colleague. The company said it found people abused that feature to hoover the public profile information by submitting emails or phone numbers they already had.
You can imagine farms of shady data collection firms typing in your mother’s phone number, finding her Facebook profile and sucking into its databases more information about her favourite TV shows, home town and political affiliations. Needless to say, few Facebook users have ever thought about this particular misuse of information. And like many things about Facebook, this misuse may have been extremely widespread. “We believe most people on Facebook could have had their public profile scraped in this way," Facebook’s chief technology officer wrote in his post. How is it possible that Facebook didn’t close this data loophole before now?
And the same perplexed attitude applies to Facebook’s actions to tighten access to information for third parties, like what private events people have indicated on Facebook that they plan to attend and access to Facebook user information from apps or websites that allow people to log in using their Facebook user names and passwords. Developers will howl about these changes, and the many outside companies that rely on Facebook to reach their customers or users will be justifiably upset. But the real question is why hasn’t Facebook made these changes before now?
The more disturbing fact is that in some cases Facebook itself will decide whether to approve third parties’ ability to harness this social network data. Already there are questions about whether Facebook can manage these approvals case by case. And Facebook users need to ask whether the company should even make those decisions on its own.
The result of the last 18 months of repeated Facebook scandals, including the Cambridge Analytica fracas, is that Facebook has more power than ever. Mark Zuckerberg (understandably) has made his company responsible for securing elections in the United States and many other countries from improper interference. Zuckerberg has said Facebook was responsible for preventing potential ethnic violence in Myanmar. And Facebook will now be responsible for reviewing requests from third parties that want access to troves of information on 2 billion users.
That’s a lot of responsibility for a company that has repeatedly behaved irresponsibly and consistently reacted with arrogance when it has been questioned. Bloomberg Gadfly