Mark Sorryberg 1, Congress 0 – for now

Many of us could probably lay claim to a split personality, but few people are as blatant about it as Mark Zuckerberg.

Facebook doesn’t have one CEO – it has two.

There’s Mark Zuckerberg, the Ultimate Millennial. He wears t-shirt and jeans, is a Harvard dropout, happiest in New York and San Francisco, who talks a good game about connecting the world. He’s an engineer and geek who built perhaps the most remarkable network in human history, innovating his way to astronomical wealth. This guy is shy, but has a public persona that accommodates it.

Then there’s a chap I call Mark Sorryberg – the Big Tech Villain. He wears an ill-fitting suit, squirms when in Washington, is blamed for damaging all we hold dear – from rigging elections (“He’s killing democracy”!) to promoting extremism (“He’s unweaving society”!) and not paying enough tax (“He’s screwing the poor”!). This guy is so shy he comes across as awkward and uncomfortable when he should be projecting authority.

As the excellent Zeynep Tufekci wrote in an entertaining blast for Wired, we’ve seen a lot of this second character since the company was founded. In fact, over the past fourteen years, “sorry” seems to have been the easiest word for Facebook’s leader.

In 2006, after the launch of News Feed annoyed users, Sorryberg wrote in a blog: “This was a big mistake on our part, and I’m sorry for it.” In 2007, failures in the Beacon advertising system prompted another grovelling blog: “We simply did a bad job… and I apologise for it.” As Tufekci notes, by 2008, all of his blogs for Facebook were in effect apologies, and we saw several other examples even before he said about the Cambridge Analytica leak to CNN: “I’m really sorry this happened”.

So Mark Sorryberg is a familiar figure by now. He was on display in Washington this week, following the biggest crisis in the history of his company. There were several open goals in front of his interrogators, and opportunities to make him squirm and wriggle were not in short supply.

Yet, for the most part, they missed. After nearly 10 hours of grilling, Facebook is – for now – a richer company, Zuckerberg’s authority as CEO is re-asserted, and the potential disaster this week might have been was averted. These are all very short-term interpretations. There could be big trouble ahead. But the lawmakers fluffed it.

Ineffective questioning

The format didn’t help. For non-partisan reasons that are laudable in principle but ludicrous in practice, each lawmaker was given a maximum of 5 minutes on Tuesday and 4 minutes on Wednesday. You simply cannot build pressure, interrogate answers, or pursue a line of inquiry in the way necessary over such a short time.

But the representatives didn’t help themselves. In his allotted time, Senator Roy Blunt first told a boring story about his business cards, then gave a shout out to his 13 year-old son Charlie who is “dedicated to Instagram… [and] he’d want to be sure that I mentioned that while I was here”, which was sweet.

I’ve transcribed what followed.

Blunt: “Do you collect user data through cross-device tracking.”

Sorryberg: “Er, Senator, I believe we do link people’s accounts between devices in order to make sure that their Facebook and Instagram and their other experiences can be synced between devices.

Blunt: “And that would also include off-line data? Data that is tracking, that is not necessarily linked to Facebook but linked to one… some device they went through Facebook on?”

Sorryberg: “Senator, I want to make sure we get this right. So I want to have my team follow up with you on that afterwards.

Blunt: “That doesn’t seem that complicated to me. You understand this better than I do. But maybe you can explain to me why that’s complicated. Do you track devices that an individual who uses Facebook…has… that is connected to the device they use for their Facebook connection but not necessarily connected to Facebook?”

Sorryberg: “I’m not, I’m not sure [of] the answer to that question.”

Blunt: “Really.”

Sorryberg: “Yes”.

A work of literature that penultimate question was not. I don’t understand it, Zuckerberg didn’t understand it – and Blunt definitely didn’t understand it. He seemed poorly briefed, despite the gravity of the occasion.

Unfortunately, it was emblematic of the meandering, ineffective mode that dominated Tuesday. Wednesday’s interrogation was better, but still not as good as it should have been, not least because there were many questions that weren’t asked. The Facebook CEO’s weaknesses weren’t really exploited.

For instance, he should have been pushed harder on how hard it is to retrieve data that has fallen into the wrong hands. He should have been pushed harder about Facebook’s reaction to news that The Observer newspaper was publishing a story on the subject. His claims that something awry may have been going on at Cambridge University – vigorously denied by the institution – deserved more of a probing.

And the long history of errors at the company, plus its initial denial that there had been a data “breach” when it came to Cambridge Analytica, were worthy of a mauling that was never heard.

First do no harm

Given the scale of the recent controversy, and the courtroom theatrics of these cross-examinations, there was much to fear for Facebook this week. It was Zuckerberg’s first time getting grilled by the Senate and Congress, and his awkwardness in such public arenas was clear for all to see.

His facial expressions garnered comment on social media – but it was his body language and garb, over which he exercises more control, that struck me. On Tuesday, Zuckerberg’s tie knot was chunky and loose; and his halting responses and nervous smiles didn’t project much authority.

But he maintained his composure and politeness throughout. Investors gave a clear enough verdict: the two days added $26bn, or 6 per cent, to the company’s value.

There is some gridlock in Congress, and America’s politicians have a range of very big problems on their plate. That means that for the time being, the regulatory threat to Facebook – though of course they would say they welcome the chance to work with regulators – comes from Brussels and GDPR, rather than Washington.

In terms of new law or regulation, the question is: what kind? One of the great intellectual challenges in this field is in devising regulations that can keep pace with technological innovation: a very hard task. It is wrong to think, for instance, that you can just import the kind of regulation that Ofcom do for broadcasters, and apply it to video content on social media platforms.

The interrogation to come

While this week has not been the disaster for Facebook that many anticipated, and some wanted, the medium-term threats certainly haven’t gone away. And events of recent months have fundamentally changed the level of scrutiny the company is getting, while making perhaps hundreds of millions of users aware of the trade-off between their free use of Facebook and the digital footprint they leave behind.

As my esteemed colleague Dave Lee has noted, there are plenty of deferred questions that the CEO and his team will need to address. And the demands of British regulators that he gives evidence here, too, won’t quieten any time soon.

In particular, perhaps Congress members who realise this week was a missed opportunity will invite their guest back to clarify several of the points he made. If they are smart, they should see this as the beginning of a process, rather than the end.

But in adopting his apologetic posture with an efficacy his interrogators sadly lacked, Mark Sorryberg got one over America’s lawmakers when they should have scored an easy win. If he came to Britain, he wouldn’t get such an easy ride – which is the main reason he probably won’t.

‘More than 600 apps had access to my iPhone data’

While Facebook desperately tightens controls over how third parties access its users’ data – trying to mend its damaged reputation – attention is focusing on the wider issue of data harvesting and the threat it poses to our personal privacy.

Data harvesting is a multibillion dollar industry and the sobering truth is that you may never know just how much data companies hold about you, or how to delete it.

That’s the startling conclusion drawn by some privacy campaigners and technology companies.

“Thousands of companies are in the business of harvesting your data and tracking your online behaviour,” says Frederike Kaltheuner, data programme lead for lobby group Privacy International.

“It’s a global business. And not just online, but offline, too, via loyalty cards and wi-fi tracking of your mobile. It’s almost impossible to know what’s happening to your data.”

The really big data brokers – firms such as Acxiom, Experian, Quantium, Corelogic, eBureau, ID Analytics – can hold as many as 3,000 data points on every consumer, says the US Federal Trade Commission.

Ms Kaltheuner says more than 600 apps have had access to her iPhone data over the last six years. So she’s taken on the onerous task of finding out exactly what these apps know about her.

“It could take a year,” she says, because it involves poring over every privacy policy then contacting the app provider to ask them. And not taking “no” for an answer.

Not only is it difficult to know what data is out there, it is also difficult to know how accurate it is.

“They got my income totally wrong, they got my marital status wrong,” says Pamela Dixon, executive director of the World Privacy Forum, another privacy rights lobby group.

She was examining her record with one of the merchants that scoop up and sell data on individuals around the globe.

She found herself listed as a computer enthusiast – “which is a bit annoying, I’m not running around buying computers every day” – and as a runner, though she’s a cyclist.

Susan Bidel, senior analyst at Forrester Research in New York, who covers data brokers, says a common belief in the industry is that only “50% of this data is accurate”.

So why does any of this matter?

Because this “ridiculous marketing data”, as Ms Dixon calls it, is now determining life chances.

Consumer data – our likes, dislikes, buying behaviour, income level, leisure pursuits, personalities and so on – certainly helps brands target their advertising dollars more effectively.

But its main use “is to reduce risk of one kind or another, not to target ads,” believes John Deighton, a professor at Harvard Business School who writes on the industry.

We’re all given credit scores these days.

If the information flatters you, your credit cards and mortgages will be much cheaper, and you will pass employment background checks more easily, says Prof Deighton.

But these scores may not only be inaccurate, they may be discriminatory, hiding information about race, marital status, and religion, says Ms Dixon.

“An individual may never realize that he or she did not receive an interview, job, discount, premium, coupon, or opportunity due to a low score,” the World Privacy Forum concludes in a report.

Collecting consumer data has been going on for as long as companies have been trying to sell us stuff.

As far back as 1841, Dun & Bradstreet collected credit information and gossip on possible credit-seekers. In the 1970s, list brokers offered magnetic tapes containing data on a bewildering array of groups: holders of fishing licences, magazine subscribers, or people likely to inherit wealth.

But nowadays, the sheer scale of online data has swamped the traditional offline census and voter registration data.

Much of this data is aggregated and anonymised, but much of it isn’t. And many of us have little or no idea how much data we’re sharing, often because we agree to online terms and conditions without reading them. Perhaps understandably.

Two researchers at Carnegie Mellon University in the US worked out that if you were to read every privacy policy you came across online, it would take you 76 days, reading eight hours a day.

And anyway, having to do this “shouldn’t be a citizen’s job”, argues Frederike Kaltheuner, “Companies should have to protect our data as a default.”

Rashmi Knowles from security firm RSA points out that it’s not just data harvesters and advertisers who are in the market for our data.

  • How to protect your Facebook data
  • Facebook suspends Brexit data firm
  • Facebook to warn users in data scandal

    “Often hackers can answer your security question answers – things like date of birth, mother’s maiden name, and so on – because you have shared this information in the public domain,” she says.

    “You would be amazed how easy it is to piece together a fairly accurate profile from just a few snippets of information, and this information can be used for identity theft.”

    So how can we take control of our data?  

    There are ways we can restrict the amount of data we share with third parties – changing browser settings to block cookies, for example, using ad-blocking software, browsing “incognito” or using virtual private networks.

    More Technology of Business

    • Meet the gargantuan air freighter that looks like a whale
    • Reaping the wind with the biggest turbines ever made
    • Making deliveries in a badly mapped world
    • Meet the female ‘artpreneur’ making a splash online
    • Virtual reality as sharp as the human eye can see?

      And search engines like DuckDuckGo limit the amount of information they reveal to online tracking systems.

      But StJohn Deakins, founder and chief executive of marketing firm CitizenMe, believes consumers should be given the ability to control and monetise their data.

      On his app, consumers take personality tests and quizzes voluntarily, then share that data anonymously with brands looking to buy more accurate marketing data to inform their advertising campaigns.

      “Your data is much more compelling and valuable if it comes from you willingly in real time. You can outcompete the data brokers,” he says.

      “Some of our 80,000 users around the world are making £8 a month or donating any money earned to charities,” says Mr Deakins.

      Brands – from German car makers to big retailers – are looking to source data “in an ethical way”, he says.

      “We need to make the marketplace for data much more transparent.”

      • Follow Technology of Business editor Matthew Wall on Twitter and Facebook
        • Click here for more Technology of Business features