Advertisement

Another huge data breach, another stony silence from Facebook

Half a billion Facebook users’ accounts stolen. Personal information compromised. Telephone numbers and birth dates drifting across the internet being used for God knows what. And for four days, from Facebook’s corporate headquarters, nothing but silence.

If this sounds familiar, it’s because it is. This week saw reports of a massive new Facebook breach and everything about it, from Facebook’s denials of the words “data” and “breach” to its repeated refusal to answer journalists’ questions, has been uncannily reminiscent of the Cambridge Analytica scandal.

Three years on, “Cambridge Analytica” is a byword for mass-data abuse, Facebook has been fined billions of dollars for failing to protect users’ data and... not a thing has changed. If ever there were a moment to understand how profoundly all systems of accountability have failed, and continued to fail, it is this.

Last week Nick Clegg, vice president of global affairs at Facebook, admitted on The Verge website that the Cambridge Analytica scandal had “rocked Facebook right down to its foundations”. And yet it has learned nothing. It has paid no real price (the record $5 billion fine it paid to the Federal Trade Commission (FTC) is literally no price at all to Facebook), suffered no real consequences, and failed to answer any questions over the involvement of its executives.

Nick Clegg, Facebook’s vice president of global affairs.
Nick Clegg, Facebook’s vice president of global affairs. Photograph: Hannah McKay/Reuters

That impunity was in full sight this week. The news of the latest breach, of 533 million people’s data, dropped over a holiday weekend; Facebook responded only by saying it was “old data” and the problem had been “found and fixed in August 2019” – an absurd statement given that the data had only just been dumped on the internet, and clearly that hadn’t been fixed at all.

These are the actions of a company that knows it can get away with it. And repeatedly does. On Tuesday morning I submitted a set of questions to its press office: when was the issue first discovered? Did Facebook inform the regulators (as it is required to under US, UK and EU law)? If so, when? Had it informed users? But Facebook didn’t respond. It still hasn’t responded. It uses silence to throttle reporting, a strategy that works. It passes “exclusive” scoops to favourite reporters, and stonewalls the rest. Not just me. At an impromptu event on the data breach, journalists from Wired, Politico and Business Insider revealed that it refused to answer their questions too.

Instead it published a blogpost, The Facts on News Reports About Facebook Data, saying it wasn’t hacked, the data was “scraped”. It later confirmed that it had no intention of informing users because it wasn’t “confident” who they were, users “could not fix the issue”, and anyway, “the data was publicly available”. What do you do when a trillion-dollar company with 2.8 billion users treats the public with brazen contempt? When it won’t answer basic journalistic inquiries? When it ignores even the regulator? Ireland’s Data Protection Commission – its lead regulator in Europe – released a pointed statement saying that it received “no proactive communication” from Facebook.

Related: Behind Cambridge Analytica lay a bigger threat to our democracy: Facebook | Jennifer Cobbe

It’s this culture of impunity that makes Facebook such a dangerous company. Even where there are laws, it operates above them. There will be mass class actions that arise from this breach. But so what? It’ll take years and anyway, it’s only money. Money! As if Facebook cares. The Irish Data Protection Commission could act. But will it? Enforcements are hard, regulators respond to pressure, and in a news cycle that every day brings fresh new reports of Facebook enabling Nazis or driving teenagers to suicide, this story barely broke through.

The US Congress has finally woken up to the danger of disinformation, but the disinformation from Facebook about Facebook is toxic and continues unabated – from its shiny new Oversight Board, a $130m exercise in evading responsibility, to the estimated $7m a year it invests in its own pet Lord Haw Haw, aka Sir Nick Clegg.

War is not Peace. Love is not Hate. And the “facts” Facebook published this week about the data breach aren’t. They’re dangerous, irresponsible, at best half-truths designed to enable it to get away with it, as it does again and again.