老澳门开奖结果

We learned last weekend that a trove of personal information from 鈥� one in three U.S. Facebook users 鈥� was harvested for an influence and propaganda operation led by Cambridge Analytica, a company later used by the Trump campaign. Was Facebook hacked? Nope. All of this personal information was accessed through the Facebook 鈥渁pp gap,鈥� a major privacy hole in Facebook鈥檚 app platform that the 老澳门开奖结果 had been challenging since 2009, when we how Facebook quizzes posed this threat.

On Wednesday, Facebook promised to to prevent this from happening again. But there is still more it 鈥� and our government 鈥� can do to protect our privacy.

First, let鈥檚 understand what really happened. An organization called Global Science Research (GSR), run by researchers in the U.K., released an online personality quiz app on Facebook. The app collected personal data not only about the 270,000 people who were paid to use the app and agreed to share information, but also about all their Facebook friends without those friends鈥� knowledge.

At the end of the day, the app ended up with data on 50 million U.S. Facebook users, including sensitive information about the articles, posts, and pages 鈥渓iked鈥� by those users. GSR then handed that data to Cambridge Analytica, which used the data to build detailed psychological profiles of the users for political purposes, and whose customers included the presidential campaigns of Sen. Ted Cruz (R-Texas) and Donald Trump.

There鈥檚 been some debate over whether this is a 鈥渄ata breach,鈥� but for the most part that is a red herring. If anything, this is arguably than the result of an inadvertent technical failure. Instead, it was a predictable outcome of the to prioritize the bottom line over user privacy and safety.

Whatever you call it, misuse of data by app developers was hardly an unknown threat. In 2009, the 老澳门开奖结果 :

Even if your Facebook profile is 鈥減rivate,鈥� when you take a quiz, an unknown quiz developer could be accessing almost everything in your profile: your religion, sexual orientation, political affiliation, pictures, and groups. Facebook quizzes also have access to most of the info on your friends鈥� profiles. This means that if your friend takes a quiz, they could be giving away your personal information too.

In 2016, the 老澳门开奖结果 in California also discovered through a public records investigation that social media surveillance companies like Geofeedia were improperly exploiting Facebook developer data access to monitor Black Lives Matter and other activists. We again sounded the alarm to Facebook, publicly to strengthen its data privacy policies and 鈥渋nstitute human and technical auditing mechanisms鈥� to both prevent violations and take swift action against developers for misuse.

Facebook has modified its policies and practices over the years to address some of these issues. Its current app platform . And, after by the 老澳门开奖结果 along with the Center for Media Justice and Color of Change, Facebook .

But Facebook鈥檚 response to the Cambridge Analytica debacle demonstrates that the company still has significant issues to resolve. It knew about the data misuse but did not block the company鈥檚 access to Facebook until . And its initial public response was to hide behind the assertion that with executives conspicuously silent about the issue. It wasn鈥檛 until Wednesday that Mark Zuckerberg surfaced and acknowledged that this was a and promised to take steps to repair that trust and prevent incidents like this from occurring again.

Zuckerberg is absolutely right that Facebook needs to act. In fact, it should have acted long ago. Here are a few steps that Facebook could have taken 鈥� and, in some cases, still should take 鈥� to prevent or address this incident:

1. Put users completely in control over sharing with apps

Facebook users should have complete control over whether any of their information is shared with apps. Right now, that鈥檚 not the case, and it does not appear that the planned changes will fix that.

Facebook has declared some types of information, including users鈥� name and profile picture, 鈥� and has made all of that information available to each user鈥檚 friends鈥� apps as well. The only way to prevent this data sharing is to exercise the 鈥渘uclear option鈥� of turning off all app functionality. As a stern warning from Facebook explains, this prevents you from using Facebook for a whole list of purposes, including logging into other websites or applications.

As a practical matter, this gives privacy-concerned users two lousy options. They can either forego using any apps they personally select and trust or allow any app installed by their friends to access information about them. Facebook should give users a meaningful ability to opt out of sharing all information, including 鈥減ublic information,鈥� with 鈥渁pps others use鈥� without disabling apps entirely.

2. Enhance app privacy settings

Facebook needs to ensure that users truly understand and control how it shares data with apps. The company has promised to do so, but of course the devil is in the details.

One positive step that Facebook is taking is making sure that app permissions expire. Until now, Facebook has granted apps access to information about any user who has EVER accessed the app; now, the company states that it will cut off access if a user does not use the app for three months. In addition, Facebook needs to clarify and redesign its app settings, particularly the 鈥渁pps others use鈥� settings that, frankly, we don鈥檛 understand at all. Whatever those settings do, they should protect privacy by default.

3. Notify users of any misuse of their data

Facebook has promised that it will make sure that users are fully notified of any misuse of their data, past or present. This is a major improvement over the company鈥檚 history, including their initial handling of this incident.

Because Facebook claimed that the Cambridge Analytica incident was not a 鈥渄ata breach鈥� in the legal sense, it has not provided notice to users whose data was accessed; the company has promised to change that and notify all affected users. This is the correct policy. Whether data was inappropriately obtained or misused through a hack, a contractual violation, or some other mechanism is a distinction without a difference from the perspective of a Facebook user. And Facebook should continue to develop and improve tools to help users understand which third parties access their data at all.

4. Build stronger auditing and enforcement to ensure that its developer policies are followed

If Facebook is going to rely on its developer policies to prevent harmful outcomes, it needs to ensure that those policies are actually followed. Facebook has again promised to take steps in this direction, but the company needs to follow through this time.

First and foremost, Facebook needs to invest resources and effort into identifying violations. This is not the first time that a developer has violated Facebook鈥檚 policies, as reports of developers abusing Facebook apps . But far too often, these abuses seem to be detected through whistleblowers or external research rather than by Facebook itself. As we noted to in 2016, the 鈥溊习拿趴�奖结果 shouldn鈥檛 have to tell Facebook 鈥� what their own developers are doing.鈥� Mr. Zuckerberg has that Facebook will 鈥渋nvestigate all apps that had access to large amounts of information鈥� and 鈥渃onduct a full audit of any app with suspicious activity,鈥� which sounds promising but will only be effective with the technical tools and personnel to carry that out. In addition, if Facebook learns of an abuse or violation, it has pledged to ban the offender. This is a much better approach than their response to Cambridge Analytica, which continued to have access to the Facebook Platform until last week.

If Facebook had put these protections into place years ago, the personal information of 50 million Facebook users may never have been exploited. Instead the company is staring down , its , and users are clamoring to . Facebook鈥檚 promised changes are a good start, though there is more they could do voluntarily. But we also need to ensure that government agencies like the Federal Trade Commission (especially companies like Facebook who are already subject to a based on previous privacy violations), and we need Congress and other lawmakers to strengthen privacy protections. We hope that other companies will take this opportunity to learn from Facebook鈥檚 privacy missteps and avoid making the same mistakes.

For real-life case studies and tips for businesses on privacy and speech, see this .