After days of silence, Facebook chief executive Mark Zuckerberg apologized Wednesday for lax privacy policies that permitted a political research firm unauthorized access to information on millions of Facebook users that it used to assist Republican Donald Trump during the 2016 presidential election.
“This was a major breach of trust, and I’m really sorry that this happened. You know, we have a basic responsibility to protect people’s data and if we can’t do that then we don’t deserve to have the opportunity to serve people,” he said in a rare live interview on CNN Wednesday night.
In the interview, and in an earlier message on his own Facebook page, Zuckerberg vowed that the company would improve privacy protections.
Zuckerberg told CNN that he is willing to testify before Congress about his company. He also said he is open to certain government regulations, such as one that would require the disclosure of the identities of Facebook advertisers and their sources of funding.
The remarks were Zuckerberg’s first public responses to perhaps the worst crisis the giant social network has faced in the 14 years since it was founded in a Harvard University dorm. The firestorm was triggered by reports last weekend in The New York Times and British newspaper The Observer that the British firm Cambridge Analytica exploited data from an academic who had received permission from Facebook to conduct a research project with its users.
The newspapers reported that the academic, Aleksandr Kogan, provided the data he collected to Cambridge Analytica, without permission from Facebook.
In his post Wednesday, Zuckerberg said Facebook learned of the breach in 2015 and then banned Kogan’s app from its platform. Zuckerberg said it had received assurances Cambridge Analytica destroyed the data.
Zuckerberg said Facebook only learned from the newspaper accounts that its users’ data may not have been destroyed after all.
“This was a breach of trust between Kogan, Cambridge Analytica, and Facebook,” he wrote. “But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.”
The disclosures have spawned furious denunciations of Facebook’s privacy policies, triggered investigations by government agencies in the United States and United Kingdom, and spurred calls from politicians of both countries for Zuckerberg to testify before Congress and Parliament.
On Wednesday, Zuckerberg described a series of new policies designed to clean up the fallout from the company’s past business practices and to prevent future abuses. Facebook will begin to restrict access by outside apps to a user’s data if the app hasn’t been activated in the previous three months. App developers will have to sign a contract with Facebook to offer apps that seek more sensitive information, like access to the messages a user posts.
Facebook will audit all apps that had access to user data prior to a Facebook change in 2015 that limited their reach. “And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps,” Zuckerberg wrote.
In the CNN interview, Zuckerberg said that review would be extensive.
“It’s hard to know what we’ll find, but we’re going to review thousands of apps. This is going to be an intensive process, but this is important,” he said.
From shopping sites, entertainment providers, and game makers, many companies want customers to allow their apps to access Facebook accounts — so they can personalize their features to customers’ interests, for example, or to identify friends and acquaintances who share the same interests.
Finally, Zuckerberg said that, in the future, Facebook will feature an easy way for users to see which apps they have allowed to access their accounts and make it simpler to turn off their data collection features.
Justin Brookman, director of privacy and technology policy at Consumers Union, which publishes Consumer Reports magazine, said Zuckerberg’s proposed solutions were too narrowly restricted to issues involving outside apps.
The social media company collects sensitive information about its users through many other channels, Brookman said, such as tracking cookies that trace Facebook users’ activity on thousands of other Internet sites.
The company’s smartphone app constantly monitors a user’s movements, even detecting the places where people shop and comparing that information with the ads the user has seen on Facebook.
“I think we need to have a broader conversation about a lot of the ways that Facebook collects information and uses it,” Brookman said.
Zuckerberg said Facebook is conducting a “forensic audit” of Cambridge Analytica to determine what happened to the data it claimed in 2015 to have destroyed, and added the company is also “working with regulators as they investigate what happened.”
A former Cambridge Analytica employee, Christopher Wylie, told the Times and Observer newspapers that, far from being destroyed, the information was used by the company to develop advertising strategies for the political campaigns of unsuccessful Republican presidential contender Ted Cruz, and later for Trump.
Cambridge Analytica was created by SCL Group, a British research firm, funded in part by Robert Mercer, a wealthy US investment executive and contributor to conservative causes, and former Trump strategist Steve Bannon was involved in its early operations. Staffed by researchers from Cambridge University in the United Kingdom, the company uses “psychometric” systems to predict human behavior based on their Internet activities.
Kogan, meanwhile, was himself a researcher at the British college and created a personality-profiling app that was based on work at the school’s Psychometrics Centre. It was that app that provided the millions of Facebook records to Cambridge Analytica.
On Wednesday, Kogan told the BBC in an interview that he had no idea his work would be used for the Trump campaign.
‘‘My view is that I’m being basically used as a scapegoat by both Facebook and Cambridge Analytica,’’ he said. ‘‘Honestly, we thought we were acting perfectly appropriately, we thought we were doing something that was really normal.’’
Also Wednesday, a former Facebook employee told a British parliamentary committee that the company was lax about protecting users’ data.
‘‘The real challenge here is that Facebook was allowing developers to access the data of people who hadn’t explicitly authorized that,’’ said Sandy Parakilas, who worked in data protection for Facebook in 2011 and 2012.
Meanwhile, the head of Cambridge Analytica, Alexander Nix, was suspended by the company’s board after being secretly recorded by British
television bragging that the company uses bribery and entrapment against political targets.
Zuckerberg’s lengthy statement Wednesday was the latest in a string of apologies for various privacy lapses at Facebook. Ben Edelman, an associate professor at the Harvard Business School, said Zuckerberg seemed especially contrite this time out, noting, “He’s in a lot of trouble on this one.”