简体中文
Founder says he takes full responsibility for data breaches and will not ‘throw anyone else under the bus’
Mark Zuckerberg has rejected calls for heads to roll at Facebook over the Cambridge Analytica scandal, saying that he takes full responsibility.
Speaking after Facebook’s fullest statement yet about the data breach, which the company now says resulted in 87m profiles being extracted from the platform, Zuckerberg insisted he remained the correct person to run the company.
“At the end of the day, this is my responsibility. So there have been a bunch of questions about [firing staff]. I started this place. I run it. And I am responsible for what happens here.
“I still think that I’m going to do the best job to help run it going forward. I’m not looking to throw anyone else under the bus for mistakes that we’ve made here.”
In a blogpost that preceded Zuckerberg’s statement, the company also admitted “most” of Facebook’s 2 billion users had had their profile data scraped, in a data-harvesting operation entirely separate to the issue that allowed Cambridge Analytica to gather data.
Until Wednesday, users could look up Facebook profiles by entering an email or phone number. However, the company’s chief technology officer, Mike Schroepfer, said, “malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery”.
“Given the scale and sophistication of the activity we’ve seen we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature.”
As Facebook gears up for the introduction of the EU’s general data protection regulation (GDPR), the company is also having to be more careful about how it deals with data-harvesting operations, says Lukasz Olejnik, an independent security and privacy researcher and consultant. “The functionality of uncontrolled and unaccounted siphoning of data is not exactly in line with GDPR in general,” he notes.
“One of the most technical parts of GDPR is its article 25 – privacy by design. So the current privacy cleaning of Facebook mechanisms (APIs) and redesign should be interpreted in this way. Given the recent events, these changes may be seen as reactive, rather than proactive as preferred by GDPR.”
“The description of restrictions associated with ‘search and account recovery’ suggests that this mechanism has been long abused in sophisticated manners to retrieve user data,” Olejnik added.
“Concretely, this abuse is now addressed by disabling the mechanism. It is likely that with GDPR this kind of abuse will need to be – at least – reported to the Data Protection Authority (the Information Commissioner’s Office in the UK), typically within 72 hours of detection.”
If Facebook’s shareholders agree that Zuckerberg should take responsibility for the scandal, but disagree that he will do the best job, they have little chance of ousting him. While the chief executive and co-founder owns 16% of the company, the special class of shares he holds means he has 60% of the voting rights – and he is also chairman of the company’s board.
When asked whether the board has discussed if he should step down from that role, he replied: “Not that I’m aware of!”
As well as calls to step down, Zuckerberg has also faced pressure to offload some decisions about Facebook to an independent body – one empowered to act in the interests of the company’s users, not its shareholders or advertisers.
Writing in the influential technology publication the Information, the technology journalist David Kirkpatrick said: “Facebook needs a partnership for everyday governance, to oversee the news feed algorithms, to ensure every voice is able to be heard, to help decide who can and can’t operate there.”
Zuckerberg has suggested similar, raising the possibility of an independent internet “supreme court” that users could turn to if they disagreed with Facebook’s handling of their accounts.
(The Guardian)
