Latest in Gear

Image credit: Getty Images

FTC-mandated audit cleared Facebook's privacy policies in 2017

And it happened after it knew about the Cambridge Analytica breach.
231 Shares
Share
Tweet
Share
Save

Sponsored Links

Getty Images

When Facebook struck a deal with the Federal Trade Commission in 2011 following an investigation into its privacy practices, it was required to undergo an external audit every two years. That's why it was a mystery how the fact that Cambridge Analytica harvested millions of users' information remained hidden until recently. Turns out it was because the latest audit conducted in 2017 failed to detect that something was going on behind the scenes. The Electronic Privacy Information Center found a (heavily redacted) copy of the audit after submitting a Freedom of Information Act request. It reads:

"In our opinion, Facebook's privacy controls were operating with sufficient effectiveness to provide reasonable assurance to protect the privacy of covered information and that the controls have so operated throughout the Reporting Period, in all material respects for the two years ended February 11, 2017, based upon the Facebook Privacy Program set forth in Management's Assertion.

As described above, Facebook has identified reasonably foreseeable, material risks, both internal and external, that could result in Facebook's unauthorized collection, use, or disclosure of covered information, and assessed the sufficiency of any safeguards in place to control these risks as required by Part IV of the [consent decree]. PwC performed test procedures to assess the effectiveness of the Facebook privacy controls implemented to meet or exceed the protections required by Part IV of the [consent decree]."

The audit covered the period from February 12th, 2015 to February 11th, 2017. Facebook first discovered that the "thisisyourdigitallife" app's developer sold the millions of users' info it harvested -- a violation of the website's terms -- to Cambridge Analytica in late 2015. The app collected users' info in 2014 when Facebook still allowed the practice, but the social network changed its rules to prohibit third-party applications from harvesting data within the same year.

EPIC chief Marc Rotenberg told Wired: "After Cambridge Analytica, PricewaterhouseCoopers, on behalf of Facebook, reported to the FTC that privacy compliances at Facebook were fine and there were no problems... That's extraordinary! That's, 'How could that have happened?' stuff."

As Wired noted, this raises a lot of questions about the thoroughness of the audits and whether Facebook's agreement with the FTC in 2011 is even effective. Since the external auditor didn't catch wind of the issue, it might not have asked the right questions to coax it out of Facebook, which obviously didn't volunteer the info. Senator Richard Blumenthal now wants the FTC to consider evidence that Facebook violated their 2011 consent decree and is pushing for stronger oversight.

When asked why Facebook didn't disclose the Cambridge Analytica issue to the external company that did the audit, the company pointed us to an exchange between US Representative Bob Latte and Mark Zuckerberg during the House hearing, wherein the Facebook chief responded:

"[O]ur view is that this -- what a developer did -- that they represented to us that they were going to use the data in a certain way, and then, in their own systems, went out and sold it -- we do not believe is a violation of the consent decree."

Facebook Deputy Chief Privacy Officer Rob Sherman also said in a statement: "We remain strongly committed to protecting people's information. We appreciate the opportunity to answer questions the FTC may have."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
231 Shares
Share
Tweet
Share
Save

Popular on Engadget

'Minecraft' now has 112 million players per month

'Minecraft' now has 112 million players per month

View
Central banks to question Facebook over Libra cryptocurrency

Central banks to question Facebook over Libra cryptocurrency

View
Verizon will launch home 5G everywhere mobile service is available

Verizon will launch home 5G everywhere mobile service is available

View
Initial Creative Emmy winners include Apple, Netflix and NASA

Initial Creative Emmy winners include Apple, Netflix and NASA

View
New York state bans sales of flavored e-cigarettes

New York state bans sales of flavored e-cigarettes

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr