They are all excellent questions—bright spots in a session that was not so much a triumph for the embattled CEO as a shameful defeat for the U.S. Senate. Dozens of senators seemed not to understand the basic functions of Facebook. In one case, Zuckerberg had to tell Senator Orrin Hatch, a Republican of Utah, that Facebook makes money by running ads. (Hatch was first elected to the Senate eight years before the 33-year-old Zuckerberg was born.) Individual senators often had skillfully written questions in front of them, and they even asked them of Zuckerberg, but they then failed to ask the right follow-up or understand his answer. Sometimes, a senator even caught the chief executive in a pretzel, but didn’t seem to understand that he had done so.
Zuckerberg has another day of testimony in front of him. On Wednesday, he will address the House Energy and Commerce Committee. If members of that body want to ask smarter questions of Facebook, they could start with these.
What did Mark Zuckerberg know about Cambridge Analytica and when did he know it? Who in the company was empowered to sanction developers like Cambridge Analytica?
Harris tried to get at this in her testimony. “I’m going to assume you personally, as CEO, became aware in December 2015 that Dr. Kogan and Cambridge Analytica misappropriated data from 87 million Facebook users. That is, 27 months ago that you and Facebook became aware. However, a decision was made not to notify the users,” she said. “My question is: Did anyone at Facebook have a conversation at the time that you became aware of this breach ... wherein the decision was made not to contact the users?”
Zuckerberg said he wasn’t aware of any such conversation and called the failure to do so a “mistake.” But larger questions remain about exactly how the company dealt with the Cambridge Analytica mess. Senator Richard Blumenthal, a Democrat of Connecticut, tried to get Zuckerberg to admit that a legal agreement used by a Cambridge Analytica–associated developer violated Facebook’s consent agreement with the Federal Trade Commission.
But we still don’t know much about how Facebook reacted to the Cambridge Analytica breach after it was first discovered in December 2015. What employee first learned of the breach? How high up the management chain did news of the breach travel? And who in the company was empowered to sanction rogue developers of third-party apps?
These questions do more than just establish a legal fact pattern. They give us a sense of how many breaches like this Facebook encountered and how ready its management was for reacting to rogue developers.
In October 2016, ProPublica found that Facebook let advertisers discriminate by race when displaying housing ads, in violation of the Fair Housing Act. Facebook vowed to fix the issue through artificial intelligence, but in November 2017, ProPublica found it was still able to run much the same kind of ad in the same kind of ethnically discriminatory way. A Facebook vice president blamed the lapse on a “technical failure.”