Former Facebook employee Sandy Parakilas (Sandy Parakilas) spoke about the “hole” in the protection of social networks, which allowed private companies, including Cambridge Analytica, to collect personal data of users without their knowledge. In a conversation with The Guardian, he said that there was a leak of information “hundreds of millions” of users.
In 2011-2012, Parakilas was in charge of searching for “holes” in third-party applications. He claims that he warned the company’s management about the risk of leakage – the company did not know what third-party developers are doing with data from users of the social network who agreed to their processing. According to Parakilas, Facebook did not use its own mechanisms, including the audit of third-party developers, to make sure the security of information.
Since 2007 Facebook has had the function of Friends Permission allowing third-party developers to legally collect user data with their permission. Parakilas noted that the company had “absolutely no control” over this process. He suggests that there was a so-called “black market” of data: where the creators of applications illegally traded data of Facebook users.
In 2014, this access was discontinued, but Parakilas does not know how many companies managed to get data. He believes that such a possibility was with “hundreds or thousands of developers.” According to him, one of the members of the company’s management advised him not to dig too deeply.
It seemed to them that it was better not to know about it. I was shocked by this and was horrified.
Facebook did not respond to the request of The Guardian, but referred to a blog post dated November 2017. There, the company claimed that the protection of personal data had “significantly improved” over the past five years.
“Most” of Facebook users were leaked, Parakilas said. Now the company has stricter rules regarding third-party access to information. However, when Parakilas worked in the company, legal measures were applied “extremely rarely”.
It was obvious to the company that it was taking a risk. Facebook provided other people’s data to those who were not authorized in the application, and also relied on rules and settings that people either did not know or did not understand.
Parakilas noted that he does not know the exact reasons why Facebook stopped giving third-party applications access to user data.
They were worried that the largest application developers could track the connections between these people. And they were worried that they could create their own social networks.
According to Parakilas, he tried to lobby for a more “strict approach” to protecting the data inside the company, but received little support. He also showed the management a presentation with the vulnerabilities of social network users. Disappointed in the absence of reaction, in late 2012, Parakilas left the company: “I had a feeling that the company does not take my fears seriously.”
He noted that for several years he had not stated problems publicly “out of personal interests”. His opinion changed when in 2017 representatives of Facebook appeared in the Senate on the case of Russia’s interference in the presidential elections. According to Parakilas, the company looked as if trying to remove some of the responsibility from itself, rather than help the country with the protection of national interests.
According to the publication Gizmodo, after the publication of the founder of the social network, Mark Zuckerberg was summoned to the UK Parliament, so that he personally explained the “catastrophic failure” in protecting the personal data of users.
On March 19 it became known that the analytical firm Cambridge Analytica got access to the data of 50 million people bypassing the rules of Facebook and on their basis set up advertising for the benefit of US President Donald Trump. The company claims that the analytical firm received data on the rules, because users were previously asked permission to access the information of the account, huskies and friends list