Facebook Whistleblower Sandy Parakilas Says Company Knew Risks Of Data Breaches But Had ‘Little Detection’

Sandy Parakilas appeared before MPs via video link

Facebook knew about the risks of data policy violations but had “little detection” and no policy of informing users, a former employee has said.

Whistleblower Sandy Parakilas, who worked in data protection and policy compliance for Facebook third party apps between 2011 and 2012, told MPs on Wednesday the company only became aware of breaches from the press or their competitors.

“The real challenge here is that Facebook was allowing developers to access the data of people who hadn’t explicitly authorised that,” he told MPs.

He added Facebook had “lost sight” of what developers did with the data once it had left the company.

“The other thing to know is that Facebook had relatively little detection of policy violations,” he said. 

“Most of the reports about policy violations were either from the press or other developers who were competitors of a particular company.”

Parakilas appeared before the government’s culture committee on Wednesday as part of its investigation into fake news, after he blew the whistle on Facebook on Tuesday.

His intervention came after a former Cambridge Analytica employee, Chris Wylie, accused the company of using Facebook to harvest data from 50 million people. Undercover journalists from Channel 4 news also captured senior figures in the company boasting about their role in helping Donald Trump’s presidential campaign

Parakilas agreed with MP Julian Knight that Facebook’s approach to data was like “the Wild West”. He also agreed with committee chair Damian Collins when he said Facebook “turned a blind eye” to the third parties approach to its data.

The Digital, Culture, Media and Sport Committee suggested to Parakilas that Facebook's approach to data was like something from 'the Wild West'

Parakilas said Facebook’s security to protect against hacking or other attacks was strong, unlike its protections for users’ data.

He said: “The unofficial motto of Facebook is ‘move fast and break things’… It was about getting people onto the platform… it was a concern to me about the volume of data that was being brought in.”

Under questioning, Parakilas said there was no vetting for any outside parties who used Facebook to acquire people’s data. “Anyone can make a Facebook app. There’s no background check,” he said.

Cambridge Analytica is alleged to have obtained the details of millions of Facebook users via an app that granted it access to those who used it – including details such as such as the cities they live in, preferred content and some details about friends – and all their friends on the social media site.

Committee member Ian Lucas called Parakilas’ evidence “extraordinary”, saying it amounted to Facebook knowing about Cambridge Anayltica breaching its data rules but taking no action for two years.

Facebook banned Cambridge Analytica from its site on Saturday, the day before Wylie’s accusations were reported in UK’s Observer newspaper.

Cambridge Anayltica suspended its chief executive Alexander Nix on Tuesday evening, saying it would be investigating what happened. The company denies any wrongdoing.