April 11, 2018 // 10:06 a.m.
Social networking giant Facebook has launched a data abuse bounty programme in the face of consumer backlash, while its founder Mark Zuckerberg pledges to do better in front of the US Congress.
Facebook came under fire back in March for its role in a data abuse scandal exposed by whistleblower Christopher Wylie. In statements to press, Wylie claimed that his former employer Cambridge Analytica had misused Facebook's app platform to harvest information from millions of its users without, in the vast majority of cases, active consent, and used that data to build complex psychological profiles which were then fed into targeted advertising on the platform to influence world events including the election of reality TV star Donald Trump to the US Presidency and the supposedly advisory referendum vote on the UK's membership of the European Union.
With further details suggesting that Facebook's default privacy settings are badly explained to its users and that Cambridge Analytica was able to access the private messages of around 1,500 users of the site, Facebook has been in hot political water since the news broke. On the same day that Mark Zuckerberg addressed the US Congress on the matter, his company has announced a bounty programme that will see researchers granted cash payouts in return for 'responsible disclosure'.
To qualify for a bounty payout, researchers must be the first to report active abuse - not, interestingly, merely collection of data which could be abused - affecting more than 10,000 Facebook users, and to give Facebook time to investigate and act upon any reported issue before making any information public. There are also major exemptions to the programme: Data scraped from Facebook's public-facing pages, whether abused or not, malware or 'mass-scale tricking of users to install apps', social engineering attacks, and anything affecting Facebook-owned but non-Facebook platforms including Instagram and WhatsApp are all excluded from the programme.
Following the announcement of the programme Zuckerberg spent five hours testifying on the privacy issues surrounding the Facebook platform before the US Congress, during which time he described his company's decision to trust assurances from Cambridge Analytica that it would not use the information it had harvested from the site 'a mistake,' and admitted that the company had been an active advertiser on the site. An agreement from 2014 granting the publisher of the app which was used to harvest data from the site blanket rights to use and sell said data was also unveiled during the hearing, in the face of Zuckerberg's claims that no such rights were granted. Zuckerberg also stated that his company's failure to quickly respond to disinformation campaigns being run through the website by representatives of the Russian government was 'one of [his] greatest regrets in running the company'. Zuckerberg also indicated that Facebook would be open to deeper regulation on privacy matters, providing it was 'the right regulation'.
Facebook's publicly traded stock rose 4.5 percent during the hearing, though is still trading considerably below its March high prior to Wylie's declarations.