WASHINGTON (CN) – Facebook CEO Mark Zuckerberg apologized to a joint congressional committee Tuesday for his company’s allowing Cambridge Analytica, a data-mining firm affiliated with Donald Trump’s presidential campaign, to gather the personal information from 87 million users to try to influence elections.
Zuckerberg’s first-ever public appearance on Capitol Hill came a day after he met privately with some senators on what has become something of a mea culpa tour for the tech exec.
In addition to testifying before a joint hearing of the Senate Judiciary and Commerce committees on Tuesday, Zuckerberg will appear before a House panel on Wednesday.
In prepared remarks, Zuckerberg said Facebook was founded in a spirit of idealism, but Cambridge Analytica took advantage of the firm, lying to Facebook executives at “every turn.”
But Zuckerberg said the blame for what happened must fall squarely on him “because it’s my company” and he vowed to take definitive steps to ensure that user data is never again used for nefarious goals.
Facebook’s day of reckoning has been a long time coming and the day was punctuated by a moment of irony launched by Senator Dick Durbin, D-Illinois.
At one point the senator asked Zuckerberg if he would be comfortable testifying publically about what hotel he checked into while staying in D.C.
The CEO faltered for a moment, eventually admitting he would not want to share the information.
“I think this is what this is all about. It’s about privacy and what information you give away to the world and when,” Durbin said.
The focus of Tuesday’s questioning began with events that unfolded in 2013.
Aleksandr Kogan, then a researcher at Cambridge University, developed a quiz app for Facebook. It relied on user profile data, but also compiled data on a user’s network of family and friends, unbeknownst to them.
Facebook, a year later, developed new standards to stymie potential privacy abuses, Zuckerberg said. But the company’s efforts were too late.
In 2015, according to whistleblower Christopher Wylie, Kogan sold the data to Cambridge Analytica, the election campaign consulting firm founded by Republican billionaire Robert Mercer and Breitbart founder Steve Bannon.
The firm crunched the data and eventually supplied it as research on prospective voters to President Donald Trump’s 2016 campaign team.
Cambridge Analytica’s collection of private information on 87 million users made it “clear … that we didn’t do enough to prevent [the platform] from being used for harm,” Zuckerberg said in prepared remarks.
Sen. Patrick Leahy, D-Vermont, pressed the CEO, asking him why Facebook delayed banning Cambridge Analytica as soon as they found out about the firm in 2015.
Zuckerberg first told the senator that Cambridge Analytica wasn’t an advertiser then.
“They weren’t running pages, so we had nothing to ban,” he said.
He would later correct himself after a break in testimony, telling the committee indeed Cambridge was an advertiser that could and should have been banned and that it was “a mistake.”
Widespread reports circulating last month by the Guardian and the New York Times indicate Cambridge Anlaytica may not have deleted the collected user data.
Zuckerberg had no answers to the committee on Tuesday, saying once a full audit was completed, he would be able to report his findings back to Congress.
Though Zuckerberg promised Facebook would continue to remove developer access to data if the app isn’t used after three months and promised to restrict the amount of data developers ask users to provide up front when they download an application, at least one lawmaker wasn’t entirely convinced these types of efforts would be enough.
Sen. Maria Cantwell, D-Wash., asked Zuckerberg if he was familiar with “total informational awareness,” or the use of “geopolitical forces that data mine in order to influence,” she explained.
“When looking at [other social media platforms] like Palantir or WhatsApp, I wonder if they are going to eventually be where you are now,” the senator said.
“Is this guy outfoxing the foxes,” Cantwell said. “Or is he going along with what is a major trend in the information age in order to harvest information for political forces?”
Controls to the platform’s privacy settings were only part of the day’s priorities. Lawmakers also pressed the CEO for information about Facebook’s role in providing a platform to Russian operatives bent on interfering in the 2016 election.
In the run up to the election, Facebook’s security team was aware of Russian cyber threats and had detected activity by APT28, a group with known connections to Russian military intelligence services.
Offshoots of APT28, known as DC Leaks, were also detected. DC Leaks created phony online personas and were often used as a conduit to supply stolen information to journalists.
Similar disinformation campaigns were also run by the Russian propaganda arm, the Internet Research Agency. Roughly 470 accounts and pages were linked to IRA, amassing some 80,000 posts on the platform in two years. The accounts were eventually closed permanently in August 2017.
This, according to Zuckerberg, resulted in the exposure of 126 million people to the IRA’s disinformation campaign.
A substantial increase in the number of individuals hired to review and research cyber threats is high among the company’s priorities, Zuckerberg said.
There are currently 15,000 employees who work on security and content review, Zuckerberg said. He promised that more than 20,000 will be on board by the end of 2018.
In anticipation of the 2018 midterms, Zuckerberg pledged to support legislation which will help make political advertising spending online more transparent.
Unlike ad purchases in 2016, advertisers will now need to confirm their identities and location. Much like televised political ads, digital political ads must also come with disclaimers about who purchased the ad space.
“This is an important area for the whole industry to move on … It brings advertising online to an even higher standard than what you would have in print or TV media. Whether a campaign or third party is sending different messages to different types of people is an important element to transparency,” Zuckerberg said.
He also offered his commitment to support Klobuchar’s Honest Ads Act.
Zuckerberg also showed support for new privacy rules offered by Klobuchar including alerts that will notify users of a security breach within their account in no more than 72 hours.
“That makes sense to me and we should have our team follow up to discuss details around that,” Zuckerberg said.