Facebook CEO Mark Zuckerberg sat for 10 hours of questioning before House and Senate committees this week. Most of his answers were versions of those already found in official Facebook statements. But when he received a tough question, rather than answer on the spot, he vowed to get to the bottom of it. We’ve made a simple worksheet to help him remember all the points his team needs to follow up on.
Sometimes the questions Zuckerberg didn’t answer seemed to speak volumes, while in other circumstances he was just being asked a convoluted or very specific question. On several occasions it appeared that the 33-year-old CEO has become disconnected from the exact ways his system is operating these days.
The two public hearings this week gave us a chance to hear the man himself speak at length on the issues Facebook is dealing with, and in keeping with Facebook’s promise of greater transparency, we’re sure all these answers will be made public as soon as possible.
- Other improperly used data, Senator Chuck Grassley: “Number one, besides Professor Kogan’s transfer and now, potentially, Cubeyou, do you know of any instances where user data was improperly transferred to a third-party in breach of Facebook’s terms? If so, how many times has that happened, and was Facebook only made aware of that transfer by some third party?” and “Have you ever required an audit to ensure the deletion of improperly transferred data? And, if so, how many times?”
- Propaganda bots, Senator Dianne Feinstein: Sen. Feinstein wanted to know how many automated bot accounts that spread disinformation have been taken down by Facebook.
- Facebook involvement with Cambridge Analytica and Trump, Senator Maria Cantwell: “During the 2016 campaign, Cambridge Analytica worked with the Trump campaign to refine tactics. And were Facebook employees involved in that?”
- Data collection of minors and browser history tracking, Senator Roger Wicker: Sen. Wicker wanted to know if Facebook’s account-syncing process collects the call and text history of minors. He also wanted confirmation “that Facebook can track a user’s internet browsing activity, even after that user has logged off of the Facebook platform,” and if that’s true, how Facebook discloses that activity.
- Russian Facebook pages, Senator Patrick Leahy: Sen. Leahy displayed a large poster with images of what he described as “unverified, divisive pages” that are active on Facebook today. He asked Zuckerberg if he could “confirm whether they’re Russian-created groups.” This line of questioning was in reference to Facebook’s promise to take steps to prevent the preservation of “an unwitting co-conspirator in Russian interference.”
- Proposed regulations, Senator Lindsey Graham: Sen. Graham asked Zuckerberg to submit proposed regulations that Facebook considers necessary in its industry. The request followed a series of questions regarding what type of company Facebook is and whether Zuckerberg believes he operates a monopoly.
- Location of users affected by Cambridge Analytica and breach notification rules, Senator Amy Klobuchar: “Now on the subject of Cambridge Analytica, were these people, the 87 million people, users, concentrated in certain states? Are you able to figure out where they’re from?” and “Would you support a rule that would require you to notify your users of a breach within 72 hours?”
- Off-Facebook data collection, Senator Roy Blunt: Sen. Blunt asked if Facebook collects user data through cross-device tracking and if so, does it collect offline data or data that is not necessarily linked to Facebook.
- Facebook neutrality, Senator Ted Cruz: “The predicate for Section 230 immunity under the CDA is that you’re a neutral public forum. Do you consider yourself a neutral public forum, or are you engaged in political speech?” Mr. Cruz added that it’s Mr. Zuckerberg’s First Amendment right to engage in political speech if he so chooses.
- Kogan’s Facebook account, Senator Sheldon Whitehouse: Sen. Whitehouse wanted to know if Aleksandr Kogan, the professor who built the This Is Your Digital Life app that supplied Facebook user data to Cambridge Analytica, still has a Facebook account. Zuckerberg said he believes Facebook is preventing Kogan from building any more apps, but he would have to check with his team on whether Kogan still has a personal account.
- User data categories, Senator Deb Fischer: Sen. Fischer wanted to know how many categories of data about its users Facebook collects and stores.
- Consent Act support, Senator Ed Markey: “Would you support the Consent Act to make it a national standard for not just Facebook, but for all the other companies out there?” Sen. Markey asked, referencing his newly introduced legislation that would require companies to ask users to opt-in to having their data collected and sold, and notify users anytime their data is shared, sold, or otherwise used. Zuckerberg agreed with certain principles that were cited as examples but insisted that he would want to talk out details.
- Facebook’s bug bounty program, Senator Jerry Moran: Sen. Moran wanted to know how Zuckerberg sees Facebook’s newly bolstered bug bounty program will help resolve the problem of third-parties gaining unauthorized access to third-party data. For the record, this question was unclear, and that’s our best understanding of it.
- Third-party audits, Senator Corey Booker: “I’m wondering if you’d be open to opening your platform for civil rights organizations to really audit a lot of these companies dealing in areas of credit and housing, to really audit what is actually happening and better have more transparency in working with your platform.”
- Nevadans’ privacy, Senator Dean Heller: Sen. Heller asked how many Nevada residents had their personal data included in the Cambridge Analytica dump, and how long it takes Facebook to delete a user’s data after they’ve indicated they want to close their account.
- AI development principles, Senator Gary Peters: Sen. Peters asked Zuckerberg to provide details on the principles guiding Facebook’s development of AI and how those principles will help mitigate the potential for discrimination.
- Other data buyers, Senator Tammy Baldwin: In response to Zuckerberg’s admission that Aleksandr Kogan also sold user data to Eunoia and “possibly a couple of others,” Sen. Baldwin asked to be given the names of the other buyers. Zuckerberg also agreed to supply further information on how Facebook can be confident that it has excluded foreign actors from buying political ads related to elections in the United States.
- West Virginia broadband, Senator Shelley Moore Capito: Zuckerberg promised to follow up with Sen. Capito on an initiative to bring broadband to rural areas in West Virginia.
- User data deletion, Senator Cory Gardner: Sen. Gardner wanted to know what user data resides on backup servers, how long it stays there after a user has asked for it to be deleted, and if there’s ever been a failure to wipe the backup servers.
- Facebook changes to protect privacy, Senator Todd Young: Sen. Young said that he’s working on legislation “to create a stronger property right” for online users that “states unequivocally users own their data.” He also wants to stronger opt-in requirements when a user signs up for Facebook. He asked Zuckerberg if he would “have to fundamentally change the Facebook architecture to accommodate those policies?”
- Privacy by default, Representative Frank Pallone: “Will you make the commitment to change all the user—to changing all the user default settings to minimize, to the greatest extent possible, the collection and use of users’ data?”
- Political censorship, Representative Fred Upton: Rep. Upton wanted to know why his friend, a former Michigan Lottery commissioner, had his political advertisement rejected by Facebook’s team.
- Business model changes, Representative Anna Eshoo: “Are you willing to change your business model in the interest of protecting individual privacy?”
- Detection of foreign ad buyers, Representative Eliot L. Engel: “Does Facebook have the ability to detect when a foreign entity is attempting to buy a political ad? And is that process automated? Do you have procedures in place to inform key government players when a foreign entity is attempting to buy a political ad or when it might be taking other steps to interfere in an election?” Zuckerberg said, for the sake of time, he would follow up with a more thorough answer later.
- Opt-out option for marketing, Representative Gene Green: Citing Zuckerberg’s commitment to extend the new European privacy protections globally, Rep. Green wanted to know if Facebook will give “users the right to object to the processing of their personal data for marketing purposes.”
- BROWSER Act, Representative Marsha Blackburn: “Will you commit to working with us to pass privacy legislation, to pass the BROWSER Act?” The BROWSER Act, introduced by Rep. Blackburn, would require companies to obtain explicit consent from users before collecting certain “sensitive” personal data.
- Security vs. money, Representative Steve Scalise: “Is that data that is mined [when users aren’t logged in] for security purposes also used to sell as part of the business model?”
- Diamond and Silk censorship, Representative Steve Scalise: Rep. Scalise also wanted to know if the person who made a mistake in suspending Diamond and Silk’s Facebook page was held accountable for the mistake.
- Additional data-sharing, Representative Janice Schakowsky: Rep. Schakowsky wanted to know which other parties were supplied with the data a third-party developer sold to Cambridge Analytica. Specifically “how many are there total? And what are their names?”
- How Facebook prevents religious and political censorship, Representative Cathy McMorris Rodgers: Zuckerberg promised to follow up and explain the steps Facebook takes to prevent blocking and censoring of religious and conservative political content.
- Racial diversity committee, Representative GK Butterfield: Zuckerberg promised to follow up on making a commitment to convene a meeting with his fellow CEOs in the tech sector to develop a strategy to increase racial diversity in the technology industry.
- Diversity transparency, Representative GK Butterfield: Zuckerberg also promised Rep. Butterfield that he would talk to his team about the possibility of releasing more data relating to retention of employees, disaggregated by race.
- Disclosures about Russians during 2016 election, Representative John Sarbanes: Sarbanes brought up the point that representatives for the Clinton and Trump campaigns have disputed Zuckerberg’s claims that Facebook notified them about Russian hacking attempts and unusual activity. Bizarrely, Zuckerberg wanted to discuss it but Sarbanes insisted on following up later.
- User data clarity, Representative Jerry McNerney: Rep. McNerney said that he would follow up for more details on Zuckerberg’s claim that it’s his “understanding” all the data Facebook has obtained about a user is included when using the “download your information” tool.
- Handing over user information to Russia, Representative Adam Kinzinger: Zuckerberg promised to find out if Facebook has ever given any user information over to Russian authorities following a request from law enforcement or an intel agency.
- Number of user data points, Representative Ben Luján: “So the average [number of data points collected] for non-Facebook platforms is 1,500. It’s been reported that Facebook has as many as 29,000 data points for an average Facebook user. [Do] you know how many points of data that Facebook has on the average non-Facebook-user?”
- Off-Facebook data-collection, Representative Debbie Dingell: Rep. Dingell wanted to know how many Facebook like buttons, share buttons, and chunks of pixel code are on non-Facebook web pages.