When Mark Zuckerberg appeared before Congress in April, the CEO faced a public grilling from lawmakers — and left them with several lingering questions. Now, Facebook has followed up with 500 of pages of answers to written questions from two Senate committees, although some of the responses may be cause for even more digging.
In the documents, Facebook strikes a cautious tone as it answers questions about the Cambridge Analytica scandal, ad targeting, moderation policies, and more, giving a broad, if shallow, look at the company’s policies and practices. The documents seem, by design, to shed little new light — many of the questions are answered by pointing to publicly available policies, or through answers the company has previously offered.
And while Zuckerberg’s in-person testimony was already highly polished, the written questions have reached a flawless sheen. In response to some of the most pointed queries, the company offered replies that obfuscated the issues. Responding to a question about how ads might be used to exclude people with certain characteristics, for example, Facebook explained that it did not offer targeting based on “race” but on “multicultural affinity” — still a controversial practice.
When asked about “shadow profiles” — the idea that Facebook follows non-users, which became one of the most explosive topics during Zuckerberg’s testimony — the company said it does not create “profiles” for non-users but admitted it “may take the opportunity to show a general ad that is unrelated to the attributes of the person or an ad encouraging the non-user to sign up for Facebook.”
Some of the issues where Facebook didn’t quite provide a full response may ultimately provide the biggest revelations. After replying affirmatively to a series of specific questions about what information the company tracks, Facebook did not give a simple yes or no when asked whether it tracks “every IP address ever used when logging into Facebook.” Instead, the company pointed to a vague “retention schedule”:
Facebook automatically logs IP addresses where a user has logged into their Facebook account. Users can download a list of IP addresses where they’ve logged into their Facebook accounts, as well as other information associated with their Facebook accounts, through our Download Your Information tool, although this list won’t include all historical IP addresses as they are deleted according to a retention schedule.
Facebook did provide more information about what kind of data the platform gathers — and the scope of that collection may surprise some. The company notes that it tracks “operations and behaviors” on devices, including “whether a window is foregrounded or backgrounded, or mouse movements (which can help distinguish humans from bots).” Device signals, settings, and “unique identifiers” are also tracked.
Facebook also followed up in areas where Zuckerberg’s testimony was wanting. The CEO struggled to name a single competitor during hearings, but in writing the company rattled off a long list of services such as Snapchat, YouTube, Twitter, Pinterest, Vimeo, and others — though those services are still, at best, partial replacements for the Facebook experience.
Zuckerberg similarly wavered during testimony when asked whether Facebook would extend Europe’s GDPR privacy protections to the United States. In the written response, the company contends that the “controls and settings that Facebook is enabling as part of GDPR are available to people around the world.”
Other written questions veered off-track from privacy issues. During the Zuckerberg hearing, Sen. Ted Cruz asked a line of questions about an alleged anti-conservative bias at Facebook, and followed up in writing with dozens of pages of questions that turned bizarrely specific: “Nathaniel Friedman, an author at GQ magazine, stated that ‘Taylor Swift’s cover of “September” is hate speech.’ Does Facebook agree?” The company responded with a broad answer about its hate speech policy.
In the two months that it took Facebook to deliver these responses, more questions around Facebook’s data sharing policies have emerged. Just last week, a New York Times report suggested that the platform had shared user data with over 60 device makers, and that a bug had potentially set 14 million users’ private Facebook posts to be publicly viewable. The steady stream of bad headlines suggests Facebook’s efforts to address concerns are being outpaced by its own scandals.