5000万用户数据泄露，扎克伯格沉默五天后首度发声

近日，Facebook遭遇了公司创立以来的最大隐私危机。在沉默了五天之后，CEO马克·扎克伯格终于公开发声，并表示Facebook以后将做得更好。

他在上周五的一篇文章中表示：“好消息是，为了防止此类事件再次发生的一些最重要的措施，我们其实几年前就已经采取了。但是我们也犯了一些错误，我们还有很多事情要做，而且我们需要加大力度做好。”

最近几天，关于一家名叫坎布里奇分析公司（Cambridge Analytica）的英国数据挖掘公司获取5000万Facebook用户数据用于2016年为特朗普大选造势的报道不断见诸报端。据称，2013年，一名研究人员开发了一款性格测试小软件，从而获取了Facebook的相关用户信息，之后他将相关用户数据违规拷贝给了坎布里奇分析公司。

这款性格测试软件只有30万名用户，但它同时也收集了这些用户的所有好友的信息。

得知坎布里奇分析公司在未经Facebook用户允许的前提下违规获取用户数据后，大量用户都对Facebook的隐私保护力度表示声讨。有些用户表示要删除他们的Facebook账户，这对Facebook的业务或将带来灾难性的后果。与此同时，政府监管部门和立法部门也表示将就此事进行调查，而且未来可能将从法律层面进一步加强隐私监管。

目前，Facebook公司一边忙着四处救火，一边尽力避免公司高管陷入此次公关风暴，这种做法也使人们对Facebook的领导层提出质疑，人们纷纷表示Facebook高层在逃避责任。与此同时，Facebook的公关团队和中层领导则不遗余力地给公司洗地，他们披露了很多技术细节，表示当前的风波与一般的黑客攻击并不是一回事，并且指出从2014年开始，Facebook已经大大削减了分享给应用制造商的用户数据量。

为了挽救一落千丈的形象，扎克伯格在上周五发文称，当前的局势说明，亚历山大·科根（就是那个性格测试小软件的开发者）和坎布里奇分析公司（事发后该公司CEO已被停职）辜负了Facebook的信任。不过他同时也承认，“Facebook辜负了那些向我们分享数据、并希望我们能保护这些数据的用户的信任”。他还表示：“我们要弥补这个问题。”

扎克伯克计划对2014年Facebook修改其数据分享政策之前，所有曾大量获取过Facebook数据的应用软件进行调查，并对任何有可疑行为的应用软件进行审计。他承诺道：“我们会将所有不接受彻底审计的开发者从平台上屏蔽。”同时，Facebook还将屏蔽那些不当使用可能追溯到用户身份的信息的应用软件，并通知受影响的用户。

此外，扎克伯格表示，Facebook将进一步严控对开发者的数据分享。如果用户在三个月内没有使用某款应用，Facebook将切断应用开发者对该用户数据的访问权限。此外Facebook对应用开发者可获取的用户数据量也做了限制，当用户登录某款应用时，应用开发者将仅能获取其用户名、头像照片和电邮地址。

Facebook用户还将在他们的新闻推送中看到一个新工具，它能显示用户已使用的应用，并能以“一种简单的方法”阻止这些应用访问用户的个人数据。Facebook已经在个人设置里赋予了用户控制个人数据分享的一些权限，但很多用户懒得调整设置，还有不少用户根本不知道有这个功能。

虽然扎克伯格在文中大谈保护用户数据的重要性，但他并没有解释为什么Facebook一开始就明知这一点，却还要无视潜在风险，给予开发者获取大量用户数据的渠道。他只是表示，Facebook的政策本意是想让Facebook变得“更加社交化”。

“我们将从这件事中吸取教训，进一步保护平台安全，未来使我们的社区变得更加安全。”扎克伯格说。

这些表态是否能令用户和监管机构满意，还是一个未知数。（财富中文网）

译者：朴成奎 

After five days of silence during one of Facebook’s biggest privacy crises, CEO Mark Zuckerberg has finally spoken publicly about it by vowing to do better.

“The good news is that the most important actions to prevent this from happening again today we have already taken years ago,” he said in a Facebook post on Friday. “But we also made mistakes, there’s more to do, and we need to step up and do it.”

In recent days, a series of reports have detailed how Cambridge Analytica, a British data mining firm, gained access to personal data on 50 million Facebook users and relied on it as part of its work for Donald Trump’s presidential campaign in 2016. A researcher who had access to the data after creating an app for taking personality quizzes in 2013 had handed Cambridge Analytica a copy of that data, in violation of Facebook’s policies.

The app itself had only 300,000 users. But it also collected information about all of its users’ friends.

News about Cambridge Analytica’s access to the information, which Facebook users had never consented to, set off a chorus of criticism about Facebook’s privacy safeguards. Some users have responded by saying they would delete their accounts, a potential business catastrophe for Facebook, while government regulators and lawmakers promised to investigate and possibly toughen privacy laws.

Until now, Facebook has tried to weather the PR storm without putting its top executives in the crossfire, generating questions about their leadership and whether the social network was really taking responsibility. Instead, Facebook’s PR team and lower ranking leaders have led the company’s defense by drawing technical distinctions between what happened and more common breaches by hackers, and by pointing out that Facebook curtailed the amount of user data it shared with app makers in 2014.

In his post on Friday, Zuckerberg tried to get out in front of the growing problem by calling the situation a “breach of trust” between the researcher, Aleksandr Kogan; Cambridge Analytica, which has since suspended its CEO; and Facebook. But he also acknowledged that it was “a breach of trust between Facebook and the people who share their data with us and expect us to protect it” while adding, “we need to fix that.”

Zuckerberg’s plan is to investigate all apps that had access to large amounts of information before Facebook changed its data sharing policies in 2014 and to conduct an audit of any app that shows suspicious activity. “We will ban any developer from our platform that does not agree to a thorough audit,” he promised, along with banning those that Facebook finds misused personally identifiable information and notifying users who were impacted.

Additionally, Zuckerberg said Facebook would further restrict the data it shares with developers. That includes cutting off developer access to data for users who have not used their apps in three months and limiting the amount of data shared with apps when users sign in to only names, profile photos, and email addresses.

Facebook users can also expect to see a new tool at the top of their News Feeds that show the apps they’ve used and “an easy way” to block those apps from accessing personal data. Facebook already gives users the ability to control some of their data sharing in their privacy settings, but many users don’t bother to adjust the settings or don’t realize they can.

Although Zuckerberg talked a lot about protecting user information, he did not mention why Facebook overlooked the potential problems inherent in giving developers such broad access to user data in the first place. Instead, he said the policy was merely intended made to make Facebook “more social.”

“We will learn from this experience to secure our platform further and make our community safer for everyone going forward, Zuckerberg said.

Whether that’s enough for users and regulators is an open question.