Facebook fears more Cambridge Analytica-like breaches

6 Apr 2018

Facebook COO Sheryl Sandberg. Image: Krista Kennell/Shutterstock

Facebook COO Sheryl Sandberg admits network probe underway as CEO Mark Zuckerberg is due to appear before US Congress next week.

Facebook chief operating officer Sheryl Sandberg has revealed that the social network is on the hunt for more Cambridge Analytica-style breaches, and wants to find them first.

Sandberg also admitted that the company was slow to react to the news of the Cambridge Analytica affair and could have stepped up to the plate sooner.

‘There are operational things that we need to change in this company and we are changing them … We have to learn from our mistakes and we need to take action’
– SHERYL SANDBERG

On 17 March, both the The New York Times and The Observer revealed the story about how UK-based Cambridge Analytica had used a third-party app to glean data on 50m people on Facebook, and how that data may in turn have played a role in the shock election of US president Donald Trump as well as sparking the UK’s Brexit vote in 2016.

That 50m figure has since been confirmed by Facebook to be higher – more like 87m users.

As a result, Zuckerberg has agreed to testify before Congress next week but has so far demurred in accepting calls to speak before the UK House of Commons.

The crisis has struck at the heart of Facebook’s nervous system, worried advertisers and sparked a #LeaveFacebook campaign on social media.

In recent days, Facebook revealed new privacy controls for third-party apps but has stopped short of committing to deploy GDPR-like privacy changes beyond the EU.

Where does the buck stop?

In a media merry-go-round in Silicon Valley yesterday (5 April), Sandberg appeared to take the whole debacle on her own shoulders.

“I take responsibility for this,” she told BuzzFeed. “The buck stops with us. The buck stops with me. On the things we didn’t do that we should’ve done that are under my purview, that’s my responsibility and I own that.”

She told the Financial Times: “We made mistakes and I own them and they are on me. There are operational things that we need to change in this company and we are changing them … We have to learn from our mistakes and we need to take action.”

Sandberg also told the Financial Times that Facebook still does not know exactly what happened to the data obtained by Cambridge Analytica, because it is not able to conduct its own probe until the UK Information Commissioner finishes its investigation.

“To this day, we still don’t know what data Cambridge Analytica have,” she said.

Particularly noteworthy, however, is the fact that Facebook is hunting through its network to see if another Cambridge Analytica scandal is about to unfold or if other nefarious interests have used holes in its Open Graph app model to take advantage of swathes of its 2.2bn active users.

“As we find more Cambridge Analyticas, we’re going to find a comprehensive way to put them out and make sure people see them,” Sandberg said.

“So far, we don’t have another clear case to share.”

Crucially for Facebook, the Federal Trade Commission (FTC) is investigating whether Facebook violated a 2011 decree that requires the company to get consent from users before sharing information.

Investigators will also consider whether Facebook misled users or violated rules governing data shipments between Europe and the US, the nexus of the long-running case taken by Austrian campaigner Max Schrems.

“I think we’re very confident that that was in compliance with the FTC consent decree,” Sandberg told Bloomberg.

In related news, Facebook could be facing possible criminal sanctions in Indonesia as police in that country investigate if it breached privacy laws by allowing data of Indonesian users to be improperly shared.

Facebook employees in Indonesia could face up to 12 years in prison and a fine of 12 billion rupiah (about $871,000) if the country’s privacy rules are found to have been breached.

Facebook COO Sheryl Sandberg. Image: Krista Kennell/Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com