After 18 months, 73 witnesses, 4,350 questions, and countless hours of evidence, British lawmakers delivered an excoriating verdict on Facebook’s year from hell.
In one of the most comprehensive accounts of the social network’s disastrous 2018, a UK parliamentary committee published a report on Monday accusing Facebook of putting profit over privacy, misleading lawmakers, and being a “digital gangster” that considers itself above the law.
Mark Zuckerberg was singled out for particularly withering criticism. The Facebook CEO showed “contempt” for British Parliament because he failed to give evidence, and, perhaps more stingingly, was said to have displayed a spectacular failure of leadership in gripping Facebook crises.
Nowhere is this better evidenced than in Facebook’s early handling of the enormous Cambridge Analytica data breach, a scandal which hobbled the company in March last year. Lawmakers were shocked at what Zuckerberg didn’t know about the scandal — and said it pointed to structural issues at Facebook.
The Digital, Culture, Media, and Sport Committee’s report revealed that three Facebook executives discussed the data breach over email, which impacted 50 million users, before The Guardian first reported on the issue in December 2015.
There isn’t much more than this tantalising detail, but the report was clear that several Facebook employees were aware of the Cambridge Analytica issue long before the public. The report doesn’t name the employees.
Here’s the relevant paragraph, emphasis ours:
“We were keen to know when and which people working at Facebook first knew about the GSR/Cambridge Analytica breach. The ICO confirmed, in correspondence with the Committee, that three “senior managers” were involved in email exchanges earlier in 2015 concerning the GSR breach before December 2015, when it was first reported by The Guardian. At the request of the ICO, we have agreed to keep the names confidential, but it would seem that this important information was not shared with the most senior executives at Facebook, leading us to ask why this was the case.”
What the unnamed “senior managers” failed to do, by this reading, was escalate the issue to Facebook’s top tier of executives, including Zuckerberg. Instead, he found out around the same time as the rest of us, when Christopher Wylie blew the whistle on the affair last year in explosive interviews with The Observer and New York Times.
The committee wrote: “The scale and importance of the GSR/Cambridge Analytica breach was such that its occurrence should have been referred to Mark Zuckerberg as its CEO immediately.”
Using this as a jumping off point, the lawmakers then launched into a bruising verdict on Facebook’s approach to crisis management. In the committee’s 109-page report, politicians said (emphases ours):
“The fact that it was not is evidence that Facebook did not treat the breach with the seriousness it merited. It was a profound failure of governance within Facebook that its CEO did not know what was going on, the company now maintains, until the issue became public to us all in 2018. The incident displays the fundamental weakness of Facebook in managing its responsibilities to the people whose data is used for its own commercial interests.”
It’s not the first time we’ve heard this charge in recent months.
A blockbuster report by The New York Times in November last year cast light on the way Zuckerberg has dealt with past missteps. It portrayed him as, at times, uninterested in some of the existential issues that have threatened Facebook over the past three years.
The Times said Zuckerberg, and his right-hand woman, the chief operating officer Sheryl Sandberg, were “distracted by personal projects” as Facebook was dragged into danger. As evidence of Russian meddling mounted in 2017, the report said, Zuckerberg was on a “listening tour.” It also said he preferred to focus on “broader technology issues,” leaving the politics to Sandberg.
In Zuckerberg’s defense at the time, Facebook said he was “deeply involved in the fight against false news and information operations on Facebook.”
But the three anonymous executives’ failure to flag the looming Cambridge Analytica scandal also raises questions about Facebook’s reporting systems. This was also hinted at last week by former security chief Alex Stamos, who told CNN it could be difficult for Facebook execs to admit fault.
“The truth is there is a bit of a ‘Game of Thrones’ culture — among the executives,” he said. “One of the problems about having a really tight-knit set of people making all these decisions … if you keep the — the same people in the same places, it’s just very difficult to admit you were wrong, right?”
When you see the words “Game of Thrones” mentioned in connection with company culture, it is not a good thing. It suggests that a toxic current of ambition, politics, profit, and power runs through the company’s veins. And presiding over it all at Facebook is Zuckerberg — untouchable as CEO, chairman, and controlling shareholder.
Damian Collins, the chair of the committee of British lawmakers, said Zuckerberg failed to show the “leadership and personal responsibility” required of the CEO of such a large company. In his remarks last week, Stamos — a senior insider until late last year — put it this way: “Facebook wasn’t measuring the bigger impact and thinking about the ways people could twist it to be misused. And in the end, that is Mark’s responsibility.”