Of all of the statements, apologies, clarifications, walk-backs, defenses, and pleas uttered by Facebook employees in 2018, perhaps the most inadvertently damning came from its CEO, Mark Zuckerberg. Speaking from a full-page ad displayed in major papers across the US and Europe, Zuckerberg proclaimed, “We have a responsibility to protect your information. If we can’t, we don’t deserve it.”
At the time, the statement was a classic exercise in damage control. But given the privacy blunders that followed, it hasn’t aged well. In fact, it’s become an archetypal criticism of Facebook and the set up for its existential question:
“Why, after all that’s happened in 2018, does Facebook deserve our personal information?”
That question is being asked once again today following Facebook’s disclosure of a security flaw that potentially exposed the public and private photos of as many as 6.8 million users on its platform to developers. The company noted that it first found the flaw two months ago, but did not disclose it publicly in order to assess the impact.
The timing is interesting — Facebook discovered the bug around the time it publicly announced a (different) massive bug that exposed 30 million users’ personal information in late September. In October, the scope of the breach widened with reports that the vulnerability exposed not just some users’ emails and phone numbers, but profile information including gender, location, birth dates, and recent search history. The FBI is now investigating that breach.
That’s two massive vulnerabilities in a matter of months — in the same year as the Cambridge Analytica scandal, which also involved millions of Facebook users. Taken together, the screw-ups are mind-boggling in scope, affecting tens of millions of people. They aren’t mere email address or password leaks — though emails were certainly leaked — these are breaches of highly personal information: location histories, search histories, photos. In some cases, the information was improperly shared with political consultants potentially to manipulate voter sentiment.
If there’s a silver lining to any of this, it’s that the parade of privacy scandals have stripped the scales from the eyes of many regular humans. Plenty of less tech-savvy individuals have realized in 2018 that Facebook and other online companies have robbed us of the agency to control what happens with our most personal information. It’s slow moving, but it feels that more and more citizens of the internet are having a personal privacy reckoning this year.
Facebook is keenly aware of this — so much so that it’s setting up kiosks in green spaces in major cities to answer privacy queries face to face. But the effort, while perhaps admirable in theory, is ludicrous in practice given Facebook’s staggering size, scale, and complexity. Setting up a little shack in a New York City park to troubleshoot privacy issues is, at this point, choosing a lone wet wipe to clean up a septic tank spill.
And so Facebook privacy kiosk employees will likely have their hands full. Each breach of our personal information brings about new, often unanswerable questions: Did my data get passed around to data brokers, states, or other companies? Is it being bought or sold elsewhere? Are there other breaches we don’t know about? Does Facebook sell my data or just sell ads *against* my data? Just how worried should I be about all of this? Don’t you have a responsibility to protect my information?
Facebook will likely have rebuttals for many of these questions. And they will likely be deeply unsatisfying.
But the simplest question at all — the one prompted by Zuckerberg’s own newspaper ad — feels the most vexing. By Zuckerberg’s own admission, if Facebook can’t protect your information, it doesn’t deserve it. So, why should we trust Facebook with our data? Why does it deserve our personal information?
An honest and satisfying answer strains the imagination. Because everyone else is here, so why leave? Because you’ve already given us so much data, why stop now? Or, worse yet: because we’ve squandered your privacy so badly it no longer exists...so what’s the point?