Lawmakers who questioned Zuckerberg don’t understand Facebook. Do you?

Facebook CEO Mark Zuckerberg takes his seat to testifies before a joint hearing of the Commerce and Judiciary Committees on Capitol Hill in Washington, Tuesday, April 10, 2018, about the use of Facebook data to target American voters in the 2016 election. (AP Photo/Pablo Martinez Monsivais)
This week, Facebook founder and CEO Mark Zuckerberg was grilled by nearly 100 lawmakers for more than 10 hours, in two hearings brought on by the revelation that millions of Facebook users’ personal data had been harvested by a third party, Cambridge Analytica.

Woodrow Hartzog, Northeastern professor of law and computer science, acknowledged the apparent technological literacy gap between lawmakers and Zuckerberg—something that’s become the butt of several jokes. But he advised against being too quick to criticize the elected officials. After all, he said, if they can’t understand the complexities of “the modern data behemoth,” how can we? And without understanding its nuances, how, then, are we able to give informed consent for how our data is used?

Were elected officials asking the right questions of Mark Zuckerberg? If not, what should they have asked?

Some Congress members were clearly prepared and asked a number of good questions. I particularly appreciated when U.S. Sen. Dick Durbin asked Mr. Zuckerberg if he’d feel comfortable revealing which hotel he stayed in last night. This question shines light on a really important point that goes to the heart of what a lot of this is about. That information wasn’t privacy in the “secret” sense of the word. Plenty of people likely knew where Mr. Zuckerberg was staying. But there’s a world of difference between certain people knowing information and announcing it during a congressional hearing. That’s why we should be increasingly critical of the idea that information on our Facebook profiles is “public” and thus undeserving of some sort of protection.

Still, as good as some of these questions were, most members of Congress still seemed to be equating privacy solely in terms of “control” and “informed consent.”

These congressmen don’t usually have technological backgrounds, which makes them just like most of us. And if they can’t fully understand the data ecosystem, then it probably reflects the larger truth that the reasonable user can’t either. Which makes all of this talk about “fully informing” people and giving them “total control” a bit of a canard.

Much has been made of the digital literacy gap between the lawmakers questioning Zuckerberg and Zuckerberg himself. What did you make of it?

Yes, the technological illiteracy of the congressmen seems to have become a trope. But I’m not convinced that narrative is totally fair. The data ecosystem is crazy complex. Even Zuckerberg’s answers show that he probably doesn’t fully grasp 100 percent of its workings. I’d be surprised if anyone does. And by piling on the congressmen because of their technological illiteracy, we are implicitly playing into the narrative that it’s our responsibility for fully understanding all the risks and intricacies of the modern data behemoth.

Still, there are some ways that members of Congress have failed the American people with their technological unsophistication. By not fully realizing how these technologies work and the full extent of the problem, members of Congress were unable to really force Zuckerberg to answer the hard questions.

Additionally, members of Congress kept falling back on the standard requests for control and informed consent. Because of this, Zuckerberg was able to dance around the questions without having to seriously commit to meaningful changes in the design of Facebook. Users continue to get stuck with the risk because they “consented” to certain practices and the narrative around threats to privacy and how to remedy them largely remain the same.

What would you have asked?

First, I would have asked Zuckerberg how he defines the concept of privacy, because that could tell us a great deal.

More importantly, though, I would have tried to get the record to reflect a series of concessions and pledges. Alvaro Bedoya, the executive director of the Georgetown Center of Privacy and Technology and former chief counsel to the Senate Subcommittee on Privacy, has said that there are two kinds of questions ideal for this setting: unanswerable questions and commitments. I would have asked for some firm commitments for privacy protections that involve changing Facebook’s business practices and model and the very design of the service. I would have asked for public promises that protect people regardless of what they “consent” to or what they know. And I would have sought promises to limit corrosive technologies like facial recognition.

It seemed like a few senators were using Zuckerberg as a proxy to address Silicon Valley at large. What, if anything, was revealed about the overall perception of social media, artificial intelligence, and technology through their questioning?

I think it was clear that no one—not even Zuckerberg—has a full grasp on the scope of the problem. That can tell us a number of different things, but in the least it should give us great pause about tying potential remedies to the idea that if we were just fully informed, we’d be able to make all the right choices.

Overall, what, if anything, did we learn from these hearings? What still remains unanswered?

I think we learned that there might be an appetite among those on Capitol Hill to respond to the mounting political pressure to create better privacy rules, but other than that, I’m not sure exactly how much was revealed. Though uncovering information isn’t really the main point of these things anyway. Rather, I think congress needed to assess just how dire the situation is. It’s not clear to me after this what impression they are going to walk away with.