Skip to main content

Is Congress Letting Mark Zuckerberg Off the Hook?

A cybersecurity expert weighs in on this week's Capitol Hill testimonies.
Facebook Chief Executive Officer Mark Zuckerberg testifies during a U.S. House Committee on Energy and Commerce hearing about Facebook on Capitol Hill in Washington, D.C., on April 11th, 2018.

Facebook Chief Executive Officer Mark Zuckerberg testifies during a U.S. House Committee on Energy and Commerce hearing about Facebook on Capitol Hill in Washington, D.C, on April 11th, 2018.

Mark Zuckerberg is facing lawmakers on Capitol Hill this week as he endures two days of testimony related to Facebook's Cambridge Analytica scandal.

The Senate Judiciary and Senate Commerce Committees questioned Zuckerberg Tuesday, and he faces the House Energy and Commerce Committees today.

Zuckerberg's testimony brings up many questions about cybersecurity and which regulations social media companies like Facebook should—or should not—be forced to abide by.

In a conversation with Pacific Standard, Raj Goel, a cybersecurity and privacy law expert, talked about Zuckerberg's testimony in front of Congress and Facebook's Honest Ads Act, the need for robust reform of our online platforms, and much more.


Given your background in cybersecurity and past commentary on the Facebook issue, were you satisfied with Mark Zuckerberg's responses in yesterday's testimony?

I am not satisfied with Zuckerberg's testimony. He kept reiterating three themes almost robotically and consistently. One is that he started Facebook in his dorm at Harvard University—OK, that's great, but that has no bearing on today's reality.

Second, for every problem they pushed him on, he kept saying "We'll invest in AI." He said that AI will solve classification, AI will solve hate speech, AI will solve foreign interference, and no one really pushed back on him on what he's going to do about it today. AI is not a silver bullet. Every solution he presented was, "We're investing in AI, it will be ready in 10 years."

The third thing, he played a wonderful game of verbal judo where he said, "Users control what they post and what they share." That is a wonderful turn of phrase but completely detached from reality. The user policies are opaque. Most importantly, yes, [Zuckerberg] is legally correct that users opted in to share contacts, but if the default button is to suck in all my contacts, well, yes I technically opted in. In practice, developers have made it so that the default option is to click "next" and an alternative is usually hidden in fine print or a smaller print option.

What would fix some of these issues?

What would fix Facebook and the tech industry at large is for Facebook to have its "Microsoft moment." Yesterday, Zuckerberg came across very much like Bill Gates in the '90s, pre-Microsoft consent decree. Microsoft had no culture of user protection. It was only after Gates got his moment of reckoning, his moment of awakening, that Microsoft pivoted and went from "security is not our problem" to "security is our No. 1 threat to our business." They went from poster child of software tricks to being a vendor that is highly regarded for their security expertise and doing right by the user. The Microsoft of 2018 is not the Microsoft of 1994.

Yesterday, my impression was that all the senators wanted to adopt [Zuckerberg] as their grandkid. The guy runs a massive company, he's 33 years old. Stop treating him like a child and start treating him like the threat to society that he is.

Raj Goel.

It seemed like a lot of senators were asking questions that betrayed their lack of knowledge on this topic. What questions should they have asked yesterday or should ask Zuckerberg today?

Some of the questions sounded dumb or pandering, but I don't think the senators came unprepared; senators don't go on fishing exercises with no data. The questions that they asked were baited traps to see where [Zuckerberg] would bite. They're not afraid to ask tough questions. Yesterday was a game of Minesweeper—they wanted to see which commitments [Zuckerberg] could make, and there are a couple of places where he toed the line.

One thing that the senators should ask him is, "Why do German and Austrian and other European citizens get more privacy rights from Facebook than Americans do?" They also talked about protecting security of elections, and that's fantastic to hear, but they need to ask, "Why [has Zuckerberg] been asleep at the wheel for over 10 years?"

Zuckerberg mentioned vaguely in yesterday's testimony that Facebook would  support the "right" kind of regulation. What would be the "right" sort of regulation for Facebook and other social media companies moving forward?

First, I'll tell you the wrong regulation: Self-regulation is wrong. Facebook or Internet advertising media creating their own rules is not the right regulation. Facebook is trying to have it both ways. They want the power and revenue of a media company without the responsibility of a media company. There are ads on Facebook right now that they will take money for and happily deliver that you could never get on Fox News, CNN, or ABC without the [Federal Communications Commission] coming down on you.

One regulation to be applied to Facebook is subjecting it to the same advertising rules that other media are subject to. Another would be to treat Facebook as a conglomerate—which it is legally—for its advertising division. Whatever division takes ad dollars within Facebook should be subject to the same rules as a media player. We have far too many toothless and meaningless regulations. We need one or two federal standards that everybody can meet. We've done it with taxes, clean air, etc., and we need a similar federal standard that everyone can stand for.

This interview has been edited for length and clarity.