Facebook co-founder and chief executive Mark Zuckerberg says that his company will never be able to fully protect its platform from abuse by bad actors no matter what it does and that efforts to improve security will be “never-ending.”
In an hour-long call with reporters on Wednesday, the embattled CEO also took full responsibility for Facebook’s recent scandals even as he said he was still the right person to run the company.
Zuckerberg called the first decade of the company’s growth “idealistic and optimistic.”
“It’s clear now that we didn’t focus enough on preventing abuse,” Zuckerberg said. “We didn’t take a broad enough view of what our responsibility is. That was a huge mistake, and it was my mistake.”
The call came hours after lawmakers announced that Zuckerberg would testify before the House Energy and Commerce Committee next week, and shortly after Facebook revealed that Cambridge Analytica, a data firm with ties to President Trump’s campaign, may have had data on 87 million people.
Zuckerberg described that number as “the maximum amount of people we could calculate” whose data may have been accessed, and said he thought the number could not be higher, but could be lower.
The call was the latest step in Facebook’s ongoing effort to mitigate the crisis over its handling of users data and its role in Russia’s meddling in American politics.
“We’ve faced a lot of important questions,” Zuckerberg said at the beginning of the call. “The first is, can we get our systems under control and can we keep people safe? … The second, can we make sure our systems aren’t used to undermine democracy?”
Zuckerberg acknowledged that fighting bad actors would have to be a perpetual effort.
“This is going to be a never-ending battle,” he said. “You never, ever solve security. It’s an arms race.”
Zuckerberg also said that changes Facebook is putting in place to comply with a stringent new European regulation would be applied globally. That new regulation, the General Data Protection Regulation (GDPR), will among other things aim to make it easier for European users to opt out of having their data collected by Facebook on its platform and on third party sites.
“I think regulations like the GDPR are very positive,” Zuckerberg said. “We intend to make all the same controls available everywhere, not just in Europe.”
Zuckerberg also sought to defend his company’s data collection practices, claiming that “the vast majority” of data that users share is “data you chose to share.” Facebook does track individuals on third-party sites, however.
Zuckerberg also said the company could do a better job of explaining what it does with user data.
“[There are] many misperceptions about what we actually do,” he said.
In recent weeks, Facebook has made changes to the platform and its policies regarding access to user data and transparency. In a blog post Wednesday, Facebook’s chief technology officer announced limits to developers’ access and new restrictions regarding an account recovery feature that could have enabled bad actors to scrape user data.
“But, look, it’s not good,” Zuckerberg added. “It still speaks to people feeling like this was a massive breach of trust and that we have a lot of work to do to repair that.”