The best questions that senators asked Mark Zuckerberg yesterday

Based on my Twitter feed yesterday, people in Congress were asking some pretty dumb questions of Facebook CEO Mark Zuckerberg yesterday. (One analyst tweeted that her head was going to explode.) So I looked at the transcript. What I found was some excellent questions that don’t have any simple answers.

Here’s a good sampling. (The whole thing was a book-length 45,000 words.)

Informed consent

In my mind, the biggest problem revealed by the entire privacy discussion around Facebook is that people are clueless about how social media works. They don’t realize that when they post things, those things are publicly visible. They don’t understand the difference between “selling my data” (which Facebook doesn’t do . . . and very few companies do) and “using my data for ad targeting” (which Facebook absolutely does . . . where do they think those ads come from?). They don’t think carefully about why Facebook and nearly everything on the Internet is free. Informing people about how this stuff actually works is the biggest challenge, not just for Facebook, but for every free ad-supported site and app out there.

In this context, the senators asked some excellent questions about consent.

Sen. Orrin Hatch: Do users understand what they’re agreeing to — to when they access a website or agree to terms of service? Are websites up-front about how they extract value from users, or do they hide the ball? Do consumers have the information they need to make an informed choice regarding whether or not to visit a particular website? To my — to my mind, these are questions that we should ask or be focusing on.

Sen. Lindsey Graham: [W]hen you look at terms of service, this is what you get. Do you think the average consumer understands what they’re signing up for? . . . Do you — do you agree with me that you better come up with different ways, because this ain’t working?

Sen. Blumenthal: Your business model is to monetize user information to maximize profit over privacy. And unless there are specific rules and requirements enforced by an outside agency, I have no assurance that these kinds of vague commitments are going to produce action. Don’t you agree that companies ought to be required to provide users with clear, plain information about how their data will be used, and specific ability to consent to the use of that information?

Sen. Chuck Grassley: Why doesn’t Facebook disclose to its users all the ways that data might be used by Facebook and other third parties? And what is Facebook’s responsibility to inform users about that information?

Unless Facebook undertakes a major effort to inform consumers, these questions will continue. Clueless people will not distinguish between the use of their information in the aggregate and the sale of their information. Regulating Facebook because people are ill-informed is a heavy-handed response; informing people is a better approach. Because people want their Facebook, and they want it free, which means some sort of ad targeting is necessary to pay for it.

Sen. Bill Nelson: Let me just cut to the chase. If you and other social media companies do not get your act in order, none of us are going to have any privacy anymore. That’s what we’re facing. We’re talking about personally identifiable information that, if not kept by the social media — media companies from theft, a value that we have in America, being our personal privacy — we won’t have it anymore. It’s the advent of technology. . . . And why didn’t Facebook notify 87 million users that their personally identifiable information had been taken, and it was being also used — why were they not informed — for unauthorized political purposes?

Let’s be clear here. The “unauthorized political purposes” meant modeling how people vote and doing everything possible to persuade them. That is what political operatives have done forever. This question connects the dots in a way that glosses over the details.

Is regulation necessary?

When people are at risk of harm, even from their own stupidity, Congress regulates. This is why you see “A.P.R” in every ad about loans — there is a standardized disclosure, to protect the public from deceptive advertising. It is why there are nutrition facts on food that show the truth, even when terms like “low-fat” and “whole grain goodness” are deceptive. The question here is: is it necessary to regulate Facebook to protect the uninformed public?

Sen. John Thune: After more than a decade of promises to do better, how is today’s apology different? And why should we trust Facebook to make the necessary changes to ensure user privacy and give people a clearer picture of your privacy policies?

Sen. Maria Cantwell: Do you believe European regulations should be applied here in the U.S.?

Sen. Roger Wicker: [D]o you think we need consistent privacy protections for consumers across the entire internet ecosystem that are based on the type of consumer information being collected, used or shared, regardless of the entity doing the collecting, reusing or sharing?

Sen. Lindsey Graham: What would you tell people in South Carolina, that given all of the things we’ve just discovered here, it’s a good idea for us to rely upon you to regulate your own business practices?

Sen. John Thune: How will you protect users’ data? How will you inform users about the changes that you are making? And how do you intend to proactively stop harmful conduct instead of being forced to respond to it months or years later?

Facebook has said it would welcome appropriate regulation. I think regulations improving clarity of informed consent make sense. And Facebook has not helped its case by behaving so poorly around privacy in its current nearly unregulated state.

Hate speech

Hate speech is regulated. And it’s a problem on Facebook.

Thune:  . . . [T]he line between legitimate political discourse and hate speech can sometimes be hard to identify, and especially when you’re relying on artificial intelligence and other technologies for the initial discovery. Can you discuss what steps that Facebook currently takes when making these evaluations, the challenges that you face and any examples of where you may draw the line between what is and what is not hate speech?

Sen. Patrick Leahy: How can you dedicate, and will you dedicate, resources to make sure such hate speech is taken down within 24 hours?

It’s very hard to allow people to express themselves freely but attempt to stop them when they incite hate. This is another problem Facebook needs to solve.

Election interference

Sen. Diane Feinstein: [W]hat is Facebook doing to prevent foreign actors from interfering in U.S. elections? Speak for a moment about automated bots that spread disinformation. What are you doing to punish those who exploit your platform in that regard?

What is “election interference?” How can you detect foreign actors attempting to influence American votes? And if it is not a foreign actor, is that interference or advocacy? Is “Pantsuit Nation” election interference? This is not going to be easy to solve.

Pay for privacy

Sen. Bill Nelson: So your chief operating officer, Ms. Sandberg, suggested on the NBC “Today Show” that Facebook users who do not want their personal information used for advertising might have to pay for that protection. Pay for it. Are you actually considering having Facebook users pay for you not to use the information?

Yes, it’s silly that people are shocked — shocked — that targeted ads pay for Facebook. But Facebook should implement a paid, ad-free tier immediately. This would allow people to opt out if they want to.

The soul of Facebook

Sen. Lindsey Graham: [Facebook employee Andrew Boswell] said, “So we connect more people. Maybe someone dies in a terrorist attack coordinated on our tools. The ugly truth is that we believe in connecting people so deeply that anything that allows us to connect more people, more often, is de facto good.” Do you agree with that?

Sen. John Cornyn: [D]uring the time that it was Facebook’s mantra or motto to move fast and break things, do you think some of the misjudgments, perhaps mistakes that you’ve admitted to here, were as a result of that culture or that attitude, particularly as it regards to personal privacy of the information of your subscribers?

Facebook behaved disruptively when it was growing. And it adhered to some principles — like “connection is good” — to too great an extent.

It is certainly possible to swing back too far in the other direction.

I’d rather not see Congress ruin what makes Facebook so effective. But it will, unless Facebook continues to make more mature decisions to regulate itself.

Facebook has two choices.

It can become the cleanest, most locked down application on the Internet, the poster boy for privacy, a true leader in showing the future for ad-supported, free, respectful applications tempered with careful judgment.

Or it can continue to get its feet tangled up in its own messes and prove that it can’t be trusted. If it does this, Congress will step in. And the results are unlikely to be a better experience.