Zuckerberg’s slow response reveals long-standing disregard for privacy

The Facebook chief executive was evasive when he finally emerged to make a statement about the Cambridge Analytica crisis

Facebook CEO Mark Zuckerberg says that his company is investigating every app with access to the Facebook platform in the wake of the Cambridge Analytica scandal. Video: CNN

Finally he spoke. Until Wednesday, Facebook founder and chief executive Mark Zuckerberg had been notably absent and officially silent on Facebook's role in the Cambridge Analytica crisis.

Incredibly, not even the most anodyne acknowledgement of concern, or pledge to better understand how so many user profiles ended up going Awol, had come from the company leader.

Zuckerberg finally broke silence after watching – some would certainly say, allowing – more than $50 billion to be wiped off the company’s value. He began by issuing a statement via a post on his Facebook profile, then. Interviews with CNN, the New York Times and Wired followed.

While Zuckerberg broadly addresses some key issues, overall, he remains evasive and disingenuous.


For a start, there’s not a single direct apology for what has happened at any point in his 935-word post. Instead, Zuckerberg poses his first public utterance on this global story with potentially far-reaching political ramifications as a shared “update” on the Cambridge Analytica “situation”, as if discussing a frustrating software glitch, not the exposure of 50 million user profiles.

Of course, an “update” also suggests he’s been hands-on in dealing with this issue publicly, when, despite international criticism, including scathing comments from former adviser and early Facebook investor Roger McNamee (http://iti.ms/2ueZbMa) – he hadn’t said anything. You need to have said something previously to provide an “update”.

Then he dives into the crux of the matter with the kind of statement that could and should have been made last week by the chief executive of even a small data-driven start-up, much less one of the world’s largest and most powerful companies. Even if only as a placeholder for more to come, because the whole world expected you to say something, Mr Zuckerberg.

What we get: “We have a responsibility to protect your data and, if we can’t, then we don’t deserve to serve you.”

It’s a start, and easily the strongest sentiment in his post. However, this seems a very late realisation and, as with other statements, is an acknowledgement, but not the also-needed apology.

‘More to do’

He then notes “the most important actions to prevent this from happening again today we have already taken years ago” while also acknowledging “we also made mistakes, there’s more to do, and we need to step up and do it”.

The latter is another necessary statement – good for Zuck. But the first bit is total prevarication. For even though he spends most of the rest of the post setting out a timeline of events, what he doesn’t admit is how slowly Facebook dealt with initial news of the profile leaks in 2015. Or that Facebook never audited or seriously sought in any other way to ensure the company had destroyed the profiles, as its lawyers (after many months) requested.

Nor did they conduct the requisite back-audits on other developers that they only now are preparing to do. Nor have adequate safeguards in place to begin with.

A careful reader might also note the long-standing disregard for user privacy and data control revealed in his timeline, which states that in 2007, Facebook opened up its platform to allow apps used by one person to, in essence, surreptitiously obtain their friends’ data without their permission.

And that then, despite privacy advocates repeatedly criticising this practice, it took seven years – until 2014 on the timeline – for Facebook to close this particular stable door, “to prevent abusive apps”. Seven. Years.

No doubt because access to such data was a critical lure offered to third party developers, whose apps could help grow Facebook’s platform and tie users into its ecosystem.

‘Bad actors’

Zuckerberg outlines some necessary actions the company plans to take to protect data and give users more privacy control, and makes some expected closing comments about trying hard, must do better.

The interviews he then gave largely repeat and expand on the Facebook post. Although with CNN, Zuckerberg did finally say he was sorry, the interviews – like his Facebook post – aim to frame the entire episode, as well as potential manipulations of the platform in the parallel voter-meddling scandal, as a problem of “bad actors” and “abusive apps”. Not of Facebook itself, a breathtakingly large, secretive company, whose business model is based on parsing, and allowing third parties to parse, the personal data of its billions of users, and having – as one ex-employee has noted (http://iti.ms/2pwyw8Vs) – little serious regard for data privacy or security for years upon years.

The evidence is right there in Zuckerberg’s post and interviews. Only now, in response to a global company crisis, is he moving to put in the kinds of responsible structures and policies that should have been there from his timeline’s start.