The Questions Congress SHOULD Ask Mark Zuckerberg About the Facebook Data Breach

I will start off by saying that I am a fan of Facebook, both as a consumer and as a marketer — its ability to connect friends and strangers is unquestionable, and their ad tools are hands-down one of the best ways to find your target audience.

HOWEVER, with that said, Facebook is not being forthright about the size and the severity of the data breach. In fact, it may be some time before they understand how much information was accessed by others, largely unchecked in the past ten years.

I have appeared on CNN International to discuss this a couple times, but I figured it best to lay out a series of questions that will help Congress understand the scope of the data breach, and really push Zuckerberg & co to lay bare the size of this problem, plus lay out what steps is Facebook taking to stop a decade’s worth of data from being used against its users in the years ahead:

How many other Cambridge Analytica situations are there that we *don’t* know about?

How many similar data breaches are you aware of, and to what scale?

Was info collected / compromised in a similar fashion by others?

Do you not have a top-level team in place for the past decade who would utilize game theory to think about, and prevent, the worst possible ways in which the heart of your service, user data, could be stolen and compromised by others?

Can you explain to us exactly how information on 30 / 50 / 87 million Facebook users was extrapolated from a subset of 250k who took a quiz from a third party ?

Can you give us detailed examples of the ads and sites built to influence voter behavior based on said breached data?

What efforts are you taking to police the collection, extrapolation, use, and non-transfer of such data by third parties?

Why did you not actively police the transfer of such data, and what are you doing to monitor / prevent such reselling of user data?

Can you explain your app review process? How do you decide which apps can access which pieces of information from your users? How rigorous is this process, and what gaps could have created more info leaked than was needed for each app?

And what about simple-looking posts that play into users’ vanity onsite, yet are clearly data mining (scan your face to see what you look like as the opposite sex, what is your wrestling name based on x criteria, pick the pic that matches your birth month) — how do you police those?

You recently ended contracts in which you were paying third party data providers such as Experian to match FB users’ offsite activities & purchases to their profiles. Why did you need this data to begin with? Isn’t the data users provide onsite enough for proper ad targeting?

Why do you keep call & text logs of users’ Android devices, and what are you doing with said data? Isn’t this practice overreaching, and is there a reason why Google allows you to do this with Android devices, yet Apple does not allow you to do so with iPhones & tablets?

Explain to us your efforts with your smart speaker Portal, as well as your forays into collecting medical data — both programs which have been reported as stalled or cancelled. Truly, what were you planning on doing with the data collected?

You left the backdoor to the hen house open for a decade, allowing any number of bad players to come in and ransack user data, even with just the use of their phone number or email address. How long have you known about these breaches, why should we trust you to self-regulate?

What other ways are you collecting information on users that the general public does *not* already know about, even when they are not on Facebook? This thing about ads appearing after someone just *talks* about a product, is there any truth to that? (Hey, never hurts to get a response On the Record)

Clearly, there are great social (and marketing) benefits to using Facebook. But what other steps will you be taking to fix all these leaks, regain the trust of your users, and prevent this avalanche of data from being used against users in the coming decade?