Los Angeles Times

Facebook’s execs keep low prof ile

Facebook entrusted app developers with a trove of personal data

- By David Pierson

CEO Mark Zuckerberg and COO Sheryl Sandberg are staying mum on the data scandal. A good PR strategy?

Facebook had only 20 million users when it opened up its budding platform to outside app developers in 2007, giving them much-needed access to the social network’s growing web of friends and family.

The developers built online games, quizzes and dating apps that gave people even more reasons to join Facebook.

“Until now, social networks have been closed platforms. Today, we’re going to end that,” Facebook founder Mark Zuckerberg told a gathering of hundreds of developers at a company conference at the time.

It proved a turning point for the company, sparking runaway growth that saw Facebook add an average of 200 million users a year en route to becoming the world’s biggest and most powerful social network. It also entrusted outside developers with Facebook’s treasure trove of personal data, showing where users lived, where they went to school and what, if any, political affiliatio­ns they had.

The consequenc­es of that shift are now coming into sharper view amid a growing scandal over Cambridge Analytica, a data analytics firm tied to the Donald Trump presidenti­al campaign that accessed details from 50 million Facebook users without their knowledge in an attempt to influence voters.

Revelation of the scandal, which was first reported by the New York Times and the British newspaper the Observer over the weekend, resulted in news Tuesday that the chief executive of Cambridge Analytica, Alexander Nix, had been suspended. Facebook is also the subject of a new investigat­ion by the U.S. Federal Trade Commission to see if it mishandled private user data and a joint investigat­ion from attorneys general Maura Healey of Massachuse­tts and Eric Schneiderm­an of New York.

Authoritie­s will likely want to know how much data Facebook provides to outside app developers and what role, if any, the social network has in enabling unauthoriz­ed third parties to gain access to that informatio­n, experts say.

“App integratio­n allowed people to do things like play Scrabble online with their old high school friends on the other side of the country and it allowed user growth to increase a lot,” Heather Antoine, a Beverly Hills attorney who specialize­s in internet and privacy law, said of the company’s new tack in 2007. “It didn’t start with a malicious intent, and I still don’t know if Facebook has any malicious intent, but other people did and they found loopholes to get data.”

Cambridge Analytica, a company owned by conservati­ve billionair­e Robert Mercer, is accused of getting the data from University of Cambridge psychology professor Aleksandr Kogan. He had developed a personalit­y quiz app for Facebook called “this is your digital life” that was downloaded 270,000 times by Facebook users in 2013. At the time, Kogan could glean informatio­n from those users’ contacts, leading to data from millions more accounts.

Kogan had permission to obtain the informatio­n, but is accused of violating Facebook rules when he passed it to a third party, Cambridge Analytica, for money.

Facebook knew about the access in 2015 and ordered Cambridge Analytica to destroy the data — something the firm says it did. However, former employees of Cambridge Analytica say the company still has some of the data and that Facebook never bothered to verify that it had been deleted.

Their claims, if proved correct, suggest there are few consequenc­es to ignoring Facebook’s terms of service about receiving data. Cambridge Analytica was only suspended from Facebook on Friday, two years after the social media giant knew about the violation.

The controvers­y has raised suspicions that more Facebook data have been passed to third parties than the company is willing to acknowledg­e — a potentiall­y vast market that has spread to the so-called dark web, where stolen informatio­n and identities are exchanged. Facebook accounts were selling for $5.20 apiece on the dark web last month, more than three times the price for Twitter accounts, according to Top10VPN, a site that tracks online secuity tools.

Sandy Parakilas, a former Facebook employee whose job used to entail policing data breaches by third-party developers, said the spread of ill-gotten user informatio­n was rampant.

“Once the data left Facebook servers, there was not any control, and there was no insight into what was going on,” Parakilas, who served at his position for two years starting in 2011, told the Guardian.

“It has been painful watching,” he added, “because I know that they could have prevented it.”

Parakilas alleges that Facebook turned a blind eye because the company felt willful ignorance of the problem would diminish legal liability. Despite that, it was becoming increasing­ly apparent that a black market existed for Facebook user data, he said.

In November, the company’s vice president for global operations, Justin Osofsky, acknowlege­d that Facebook had been lax about defending user data in the past. But he said the company has since introduced more stringent rules requiring developers to explain what data they need and how they’re going to use it.

“We also do a variety of manual and automated checks to ensure compliance with our policies,” a Facebook spokespers­on said in an e-mailed statement Tuesday. “These include steps such as random audits of existing apps along with the regular and proactive monitoring of apps.”

Had Kogan introduced his app a little more than a year later, he wouldn’t have been able to access users’ contact lists. That’s because Facebook reduced how much data it shared with developers in 2015, including details about work histories and relationsh­ip statuses.

Now that Facebook has amassed more then 2 billion users, it has less incentive to share its most valuable user data. By keeping that informatio­n close, the company can bolster its own ad business and reduce the risk of security breaches.

The shift was necessary because Facebook had been under fire for sharing data with third parties long before the Cambridge Analytica scandal.

In 2011, Facebook settled with the FTC and entered a consent decree after the regulator ruled the company had deceived its users about privacy claims. “Facebook had a ‘Verified Apps’ program and claimed it certified the security of participat­ing apps. It didn't,” the FTC said at the time.

The action came not long after the Wall Street Journal reported widespread misuse of Facebook user informatio­n by app developers and third-party companies. In one case, an online tracking firm called RapLeaf was found to be collecting user data and selling it to advertiser­s and political consultant­s. Facebook later banned the company.

While the breadth of data now available to app developers has diminished, experts say it has only increased for Facebook. That includes tracking users’ locations, their payments and “activities on and off Facebook from third-party partners,” according to the company’s data policy.

“They’re still collecting tons of informatio­n from us,” said Betsy Sigman, a professor at Georgetown’s McDonough School of Business. “And they’re sharing it all over the place and making money. It’s the greatest registry the world has ever seen.”

?? Marcio Jose Sanchez Associated Press ?? ALLOWING access by third-party apps led to Facebook adding an average of 200 million users a year. Above, CEO Mark Zuckerberg.
Marcio Jose Sanchez Associated Press ALLOWING access by third-party apps led to Facebook adding an average of 200 million users a year. Above, CEO Mark Zuckerberg.
?? Facundo Arrizabala­ga EPA/Shuttersto­ck ?? A DEPICTION of Alexander Nix behind bars. The Facebook data scandal led to news of the suspension of the Cambridge Analytica chief executive.
Facundo Arrizabala­ga EPA/Shuttersto­ck A DEPICTION of Alexander Nix behind bars. The Facebook data scandal led to news of the suspension of the Cambridge Analytica chief executive.

Newspapers in English

Newspapers from United States