Evidence of meeting #100 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was platform.
A video is available from Parliament.
10:35 a.m.
Conservative
Jacques Gourde Conservative Lévis—Lotbinière, QC
We were in a period of calm. Let us hope that it will not be the calm before a storm. When there is a nice warm breeze, everything is fine. But in a hurricane, all kinds of things can happen.
We have no arrows in our quiver to help you. If you were to ask governments all around the world to come to your assistance if you lost control of your platform, the assistance would be very limited. So your responsibility is so great that failure is not an option.
Thank you.
10:35 a.m.
Deputy Chief Privacy Officer, Facebook Inc.
Thank you. I agree, and we certainly understand that.
10:35 a.m.
Conservative
The Chair Conservative Bob Zimmer
Thank you, Mr. Gourde.
There's another five minutes for Mr. Erskine-Smith.
10:35 a.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
Thanks very much.
Now, you've spoken about this being a breach of trust, and you've really highlighted the importance of building up the trust of your user base. That's fair, yes?
10:35 a.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
Okay, so is it also fair to say that, in building up the trust of your users, it's incredibly important—perhaps most important—to be as open and honest as possible. Do you think that's fair? Yes?
10:35 a.m.
Global Directeur and Head of Public Policy, Facebook Canada, Facebook Inc.
Yes, sir. That's right.
10:35 a.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
I asked about personal information being shared without consent previously, and what the most personal and most sensitive information might be that was shared without users' consent, and Mr. Sherman, you gave an example of likes. You didn't mention private messages, though, and I have a notice in front of me from an individual who did not access This Is Your Digital Life but a friend did, and it indicates that for a small numbers of users—it doesn't indicate what percentage or how many—their posts, timelines, and also messages may have been shared.
Can you comment on that?
10:35 a.m.
Deputy Chief Privacy Officer, Facebook Inc.
We're still in the process of investigating and looking into the records that we have with regard to what was shared with This is Your Digital Life. As I've said previously, we want to undertake a forensic audit to look at the information that's in Cambridge Analytica's possession and make sure we understand that. It's possible that private messages were shared in small numbers as part of that. That's something that was allowed on the platform at the time.
10:35 a.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
In your opinion, based on the evidence you've reviewed to date, do you think private messages were shared without users' consent?
10:35 a.m.
Deputy Chief Privacy Officer, Facebook Inc.
I believe it's possible, but I think it's something we need to confirm.
10:35 a.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
Okay. Who's confirming that, and when are we going to get confirmation?
10:35 a.m.
Deputy Chief Privacy Officer, Facebook Inc.
We have engaged forensic auditors who would look at that question. We've been asked by the U.K. government, which is conducting its investigation, to wait until they're at a point when they're ready for us to do that, so we're co-operating with government investigations, but we also want to do our own review.
10:40 a.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
I would like your undertaking, then, to provide this committee with a list, an example, of all kinds of personal information of individuals that would have been shared without those individuals' consent.
10:40 a.m.
Deputy Chief Privacy Officer, Facebook Inc.
We are still in the process of developing that information, but we will follow up.
10:40 a.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
You will follow up with us, okay. That's great.
Now, in the interest of being as open and honest with Canadians as possible, why haven't you mentioned LocalBlox today?
10:40 a.m.
Deputy Chief Privacy Officer, Facebook Inc.
I'm sorry, can you explain what you mean?
10:40 a.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
We had Chris Vickery before us earlier this week, who discussed 48 million additional users who had their information shared in some improper fashion. Are you familiar with the context of that?
10:40 a.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
Are you also familiar with LocalBlox being the company that was scraping user profiles?
10:40 a.m.
Deputy Chief Privacy Officer, Facebook Inc.
As I mentioned before, the problem of scraping is one we deal with at Facebook and that any Internet service deals with. It's one of the things we announced this past week as part of a series of changes we're making dealing with situations where public information that's just generally available on the Internet is acquired in large scale. This is sort of the practice we refer to as scraping. We have technical measures in place to deal with that and to identify when that happens. For example, large-scale automated efforts to collect information is a violation of our rules. Many of the times when people try to engage in it, we detect it, but it's very clear from that example you've given that we need to do more. I think I referred earlier to some of the—
10:40 a.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
Isn't it also clear, though, that you should be...? You've indicated the importance of building the trust of your user base, but the only reason you're talking about LocalBlox and 48 million users having their information scraped is that I asked you about it. It's really curious to me, when you've already indicated that being open and honest is so very important.
Are you also looking at the idea of privacy by design, which is that privacy is a default setting? If you're so concerned about the scraping of user profiles, have you gone down this road of examining what privacy by default might look like, to avoid the scraping of user profiles?
10:40 a.m.
Deputy Chief Privacy Officer, Facebook Inc.
Thank you for the question. Privacy by design is extraordinarily important at Facebook. We have a cross-functional privacy program that includes experts from around the company who, as we're building products, think about data collection and data use and how we can communicate with people and put them in control.
One example is that several years back, we changed our default for sharing so that when you post something on Facebook as a new user, we'll ask you if you want this information to be made public or if you want this information to be shared only with your friends. People have the ability to change that an any time.
We've also done privacy checkups to reconfirm that with people so that people can let us know. By default, when you post on Facebook, information is shared with your friends, but we also want to give people the ability to share publicly, and unfortunately, one of the challenges is that if you post something publicly on the Internet, anyone can see it, and sometimes that includes people who are scraping—
10:40 a.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
The only other undertaking I would ask is that when you have reconciled the number of applications that have improperly shared information without users' consent, and you've assessed the number of users who have been affected, you also provide that information to this committee.