A former Facebook operations manager told a British parliamentary committee on Wednesday that data harvesting of member profiles by outside software developers was once routine and that the company took years to clamp down on the practice.
Sandy Parakilas, who was in charge of policing Facebook's data handling procedures in 2011 and 2012, shed fresh light on business practices that are alleged to have enabled Cambridge Analytica to gain unauthorised access to the personal data of tens of millions of US voters.
The social networking giant has been rocked this week after a whistleblower said Cambridge Analytica, which US President Donald Trump hired for his 2016 election campaign, improperly accessed information on Facebook users to build detailed profiles on American voters.
"There was very little detection or enforcement," Parakilas said in testimony via videolink before the House of Common's Digital, Culture, Media and Sport Committee. "During my 16 months (at Facebook), I don't remember a single physical audit of a developer" who was storing users' data from the social network.
Parakilas highlighted vast potential abuses of a little-understood feature known as "friend permissions", which enabled software developers to connect their apps up to the friends of users, and even the friends of friends, the so-called "social graph" at the heart of Facebook's network of connections.
"You are likely talking about tens of thousands of apps that got 'friend permissions' and some of those apps had tens - it was huge - or hundreds of millions of users, so there was a vast (amount) of data that passed out the door," Parakilas said.
Facebook turned off the friend permissions feature in 2015.
Asked by a parliamentary committee member whether there were incidents where this data-sharing feature was misused, Parakilas said: "There may well have been. However, Facebook did not investigate deeply enough to determine exactly."
Facebook declined to comment directly on the testimony of the ex-employee. In announcing the suspension of Cambridge Analytica and related researchers from Facebook late last week, it said it now requires app developers to justify any data they collect and how they are going to use it: "In the past five years, we have made significant improvements in our ability to detect and prevent violations by app developers."
Parakilas, who now works as a product manager at Uber, said he had warned senior executives at Facebook. He said in a Guardian interview this week that he left in frustration over the company's failure to exercise more oversight on privacy issues.
One committee member pointedly asked whether Mark Zuckerberg, Facebook's founder and chief executive, was aware of the issue. Parakilas said he did not know first-hand, but he added: "I don't think it was a secret that this was a problem."
"It was well understood both internally and externally that there were risks with respect to the way the Facebook platform was handling data," he said.
© Thomson Reuters 2018