Zuckerberg: Delayed Response To User Privacy Concerns Was Facebook's 'Biggest Mistake'

MENLO PARK, Calif. (CBS News) – Facebook CEO Mark Zuckerberg spoke publicly Wednesday for the first time since a whistleblower described how a data firm exploited a loophole to access data from 50 million Facebook users.

Hours after releasing a statement (on Facebook), Zuckerberg spoke to Wired editor-in-chief Nick Thompson about what he called "one of our biggest mistakes."

Thompson spoke to CBS News about his interview with Zuckerberg, who revealed "there are probably 15 changes" it will take "to further restrict data." He also told CBSN's Elaine Quijano that Facebook isn't so great at worst case scenarios and that it's inevitable Zuckerberg testifies in front of Congress.

Both Zuckerberg and Facebook chief operating officer Sheryl Sandberg remained silent amid reports political consulting firm Cambridge Analytica, which has links to President Trump's 2016 campaign, exploited a loophole in Facebook that allowed it to access data using an app created by a third-party research firm. Facebook suspended Cambridge Analytica last week, saying the firm had not deleted the data in 2015, as it had claimed to.

Facebook learned about the Cambridge Analytica incident in late 2015 and had the firm sign a legal undertaking that the data would be deleted, Thompson wrote in his article. But this week's reports cast doubt on that set of circumstances.

"I wish we'd taken those steps earlier," Zuckerberg told CNN in a televised interview Wednesday regarding Facebook not pursuing whether Cambridge had destroyed the data. "That... is probably the biggest mistake that we made here."

Thompson questioned Zuckerberg about not digging deeper into Cambridge Analytica in his Wired magazine article titled: "Mark Zuckerberg talks to Wired about Facebook's privacy problem."

"The first action that we now need to go take is to not just rely on certifications that we've gotten from developers, but actually need to go and do a full investigation of every single app that was operating before we had the more restrictive platform policies -- that had access to a lot of data -- and for any app that has any suspicious activity, we're going to go in and do a full forensic audit," Zuckerberg said. "And any developer who won't sign up for that, we're going to kick off the [Facebook] platform."

Zuckerberg added: "That's the step that I think we should have done for Cambridge Analytica ... we're now going to go do it for every developer who is on the platform who had access to a large amount of data before we locked things down in 2014."

Zuckerberg told CNN Wednesday he would "be happy to" answer questions before Congress.

"What we try to do is send the person at Facebook who will have the most knowledge," Zuckerberg said. "If that's me, then I am happy to go."

Facebook had come under increasing fire for failing to protect users' data early enough and strongly enough, and also for how it pushed back on the misuse of 50 million users' data, seemingly focusing on the semantics of whether or not it amounted to a "data breach" in the strictest sense.

On CNN, Zuckerberg shifted blame to Cambridge Analytica for providing what it said was formal certification that it had deleted the data.

"I don't know about you, but I'm used to when people legally certify that they are going to do something, that they do it. But I think this was clearly a mistake in retrospect," Zuckerberg said. "We need to make sure we don't make that mistake ever again."

"Facebook was just built in and for a world that was different from the world in which Cambridge Analytica operates," Thompson said Wednesday night. "You can call it idealism, you can call it naïveté, certainly [Facebook] misread the situation. What they should have done in 2015 when they learned what Cambridge Analytica had done -- they should have audited -- they should have pushed and got every computer Cambridge Analytica had ... and they should have searched them."

"I think the feedback that we've gotten from our community and from the world is that privacy and having the data locked down is more important to people than maybe making it easier to bring more data and have different kinds of experiences," Zuckerberg said.

Thompson said he asked Zuckerberg: "'Do you know [if Russian operatives got a hold of Facebook data]?' And he said, 'Look we don't, we can't.' There wasn't a watermark on the data that Cambridge Analytica got."

Zuckerberg's earlier statement noted there was a "breach of trust between Facebook and the people who share their data with us" and said the company "made mistakes" on what he referred to as the "Cambridge Analytica situation."

Zuckerberg said the company made changes in 2014 to restrict the amount of data app developers can access. He said Facebook will now take additional steps, such as removing developers' access to your data if you haven't used their app in three months, and reducing the amount of personal information an app gets when you sign in. Other than via apps, Zuckerbeg's statements made no mention of dialling back the amount of data gathered on users, or giving the user any additional control over the amount of data they surrender to the platform.

To help users understand which third-party apps have access to their data, Zuckerberg said, "In the next month, we will show everyone a tool at the top of your News Feed with the apps you've used and an easy way to revoke those apps' permissions to your data. We already have a tool to do this in your privacy settings, and now we will put this tool at the top of your News Feed to make sure everyone sees it."

Mark Zuckerberg

Featured Local Savings

More from CBS News

Homeless woman found shot and killed in Los Angeles, LAPD investigating

Public health officials warn Los Angeles area public of measles exposure

Profar's tiebreaking 3-run double in 7th inning lifts Padres to 6-3 victory over Dodgers

101 Freeway to experience overnight closures for construction on wildlife crossing