Facebook chief Mark Zuckerberg apologized to US lawmakers Tuesday for the leak of personal data on tens of millions of users as he faced a day of reckoning before a Congress mulling regulation of the global social media giant.

In his first-ever US congressional appearance, the Facebook founder and chief executive sought to quell the storm over privacy and security lapses at the social network that have angered lawmakers and Facebook’s two billion users.

Swappping his customary tee-shirt for a business suit and tie, Zuckerberg faced tough questions over how a US-British political research firm, Cambridge Analytica, plundered detailed personal data on 87 million users to be used in the 2016 US presidential election.

Facebook also became the platform of choice for a stunning Russian campaign of online misinformation that US intelligence says was designed to tilt the 2016 vote toward Donald Trump.

“It was my mistake, and I’m sorry,” Zuckerberg said in prepared testimony. “I started Facebook, I run it, and I’m responsible for what happens here.”

“It’s clear now that we didn’t do enough to prevent these tools from being used for harm,” he said. “That goes for fake news, foreign interference in elections, and hate speech, as well as developers and data privacy.”

Lawmakers questioned whether the election meddling and poor controls on personal data requires the government to step in to regulate Facebook and other social media companies which generate revenue from user data.

“The tech industry has an obligation to respond to widespread and growing concerns over data privacy and security and to restore the public trust. The status quo no longer works,” said Senator Chuck Grassley, chair of one of the committees holding the hearing.

“Congress must determine if and how we need to strengthen privacy standards to ensure transparency and understanding for the billions of consumers who utilize these products.”

“You have a real opportunity this afternoon to lead the industry and demonstrate a meaningful commitment to protecting individual privacy,” Democratic Senator Diane Feinstein told Zuckerberg at the rare joint committee hearing, to be followed by a similar hearing in the House of Representatives on Wednesday.

– ‘#DeleteFacebook’ protests –

Cardboard cutouts of Facebook CEO Mark Zuckerberg stand outside the US Capitol, placed by advocacy group Avaaz to call attention to what the group says are fake accounts still spreading disinformation on Facebook

Cardboard cutouts of Facebook CEO Mark Zuckerberg stand outside the US Capitol, placed by advocacy group Avaaz to call attention to what the group says are fake accounts still spreading disinformation on Facebook

Dozens of protestors gathered outside Congress before the hearing wearing Zuckerberg masks and #DeleteFacebook T-shirts.

Inside the jammed hearing room, activists from the Code Pink group wore oversized glasses with the words “STOP SPYING” written on the lenses, and waved signs that read “Stop corporate lying.”

Testifying was a new step forward for the 33-year-old Zuckerberg, who started Facebook as a Harvard dropout in 2004, and built it into the world’s largest social media company worth $470 billion.

In the past he has left it to top lieutenants to answer questions from legislators.

But after the largest scandal yet for Facebook, Zuckerberg has seen it as imperative to speak out himself and try to prevent the company from bogging down in questions about its core business model, which is to share user data with advertisers.

The lawmakers delivered plenty of warnings that Zuckerberg needs to take action — though they were thin on concrete proposals.

Exposed to Facebook

Exposed to Facebook

“If you and other social media companies do not get your act in order, none of us are going to have any privacy anymore,” said Senator Bill Nelson.

Zuckerberg called Facebook “an idealistic and optimistic company” and said: “We focused on all the good that connecting people can bring.”

But he acknowledged that “it’s clear now that we didn’t do enough to prevent these tools from being used for harm as well. That goes for fake news, foreign interference in elections, and hate speech, as well as developers and data privacy.”

Zuckerberg added: “I want to be clear about what our priority is: protecting our community is more important than maximizing our profit.”

– ‘Investigating every app’ –

The Facebook CEO recounted a list of steps aimed at averting improper use of data by third parties like Cambridge Analytica, and noted that other applications were being investigated to determine if they did anything wrong.

On Friday, Facebook sought to allay concerns over political manipulation of its platform by announcing support for the “Honest Ads Act” that requires election ad buyers to be identified, and to go further by verifying who sponsors ads on key public policy issues.

Zuckerberg vowed to “hire thousands of more people” to get the new system in place ahead of US midterm elections in November, starting the process in the United States and taking it global in the coming months.

My Facebook Was Breached by Cambridge Analytica. Was Yours?

How to find out if you are one of the 87 million victims

Cardboard cutouts of Mark Zuckerberg's face dominate the foreground, while the dome of the U.S. Capitol looms in the background.
Life-size cutouts of Facebook CEO Mark Zuckerberg are displayed by a progressive advocacy group on the lawn of the U.S. Capitol on Tuesday.Carolyn Kaster / Reuters
Facebook has begun to notify users who were affected by the Cambridge Analytica data breach. If you or one of your friends installed the personality-quiz app “This Is Your Digital Life” prior to 2015, then some of your data illicitly made it to the servers of the voter-profiling company.If your data was ensnared in the breach, you’re not alone. I’m also one of Cambridge Analytica’s victims. (If you’re not sure whether you were affected, you can go to this Facebook page, which will tell you if your information was shared.)I know I was affected by the breach because I saw a big text box when I opened the Facebook app on my phone this morning. Under a bolded headline reading “Protecting Your Information,” the notice read:

We understand the importance of keeping your data safe.

We have banned the app “This Is Your Digital Life,” which one of your friends used Facebook to log into. We did this because the app may have misused some of your Facebook information by sharing it with a company called Cambridge Analytica. In most cases, the information was limited to public profile, Page likes, birthday, and current city.

You can learn more about what happened and how you can remove apps and websites anytime if you no longer want them to have access to your Facebook information.

There is more work to do, but we are committed to confronting abuse and to putting you in control of your privacy.

Contrary to some media reports, the message did not appear in the app’s “Notification” pane. The notice appeared only once: When I closed the app and reopened it, it disappeared.

Last week, Facebook revised its estimate of the size of the breach, saying that it affected about 87 million people. The company had originally estimated that only about 50 million people were affected. According to The InterceptCambridge Analytica used that harvested data to make about 30 million “psychographic” profiles of voters in total.While Facebook says that most users only had their public profile and a few other pieces of data disclosed to Cambridge Analytica, its notice suggests that the company does not know which users had more significant information, such as private status messages or wall posts, sucked up during the lapse.“A small number of people who logged into ‘This Is Your Digital Life’ also shared their own News Feed, timeline, posts, and messages, which may have included posts and messages from you. They may also have shared your hometown,” says Facebook’s help page for victims of the breach.There is not much you can do if you were affected by the breach—your data, after all, has already left Facebook’s control. Mark Zuckerberg, the company’s chief executive, is testifying to the Senate Judiciary and Commerce Committees at 2:15 p.m. on Tuesday in response to questions about this leak, larger privacy issues, and the platform’s role in the 2016 election.Lawyers in the United States and the United Kingdom have also launched a pair of class-action lawsuits against Facebook, Cambridge Analytica, and two other companies involved in the breach.
“Overall, this is a big breach of trust, and I’m sorry that it happened,” he told me.“The most important thing is to make sure that this doesn’t happen again going forward. So we’re taking a number of steps. We’re investigating every single app that had access to this data. We’re going to do audits on anyone who we find is doing something suspicious, and we’re going to tell people about that. We’ve taken steps to lock down the platform in the past, and we’re continuing to do that to just make sure it can’t happen again,” he said.If you’re having trouble understanding the Cambridge Analytica debacle, I wrote a brief summary of the story last month. In short, the voter-profiling firm harvested Facebook user data through “This Is Your Digital Life,” a third-party app that appeared to be a personality quiz. Cambridge Analytica later used this data to inform purchases made during the Brexit “Leave” campaign, Senator Ted Cruz’s campaign in the 2016 presidential primary, and President Trump’s campaign during the 2016 general election.

Cambridge Analytica’s chief executive, Alexander Nix, was later captured on a hidden camera offering to use Ukrainian sex workers to bribe and blackmail politicians in Sri Lanka. He has since been suspended. Cambridge Analytica also has close ties to key figures in Republican politics: Rebekah Mercer, a major GOP donor and a co-owner of Breitbart news, sits on its board. Her father, Robert Mercer, also invested $15 million in Cambridge Analytica.

Some conservatives have alleged that the official app of the 2012 Obama campaign scanned data from people’s friends in a manner similar to the app used by Cambridge Analytica. But people who installed the Obama app knew they were surrendering information to a political campaign, though their friends did not. Meanwhile, users who installed “This Is Your Digital Life,” the app used by Cambridge Analytica, had no idea that its aims were political.

Still, the ease with which the Obama app scanned users’ friend lists without their consent raises an important point. While the Cambridge Analytica scandal leads the news, experts do not believe it was alone in harvesting large amounts of Facebook data between 2008 and 2014.

Even the developers of rudimentary Facebook apps—like my colleague Ian Bogost, who built a satirical video game on the platform called Cow Clicker—accumulated a massive amount of information about their users, whether or not they intended to. “If you played Cow Clicker, even just once, I got enough of your personal data that, for years, I could have assembled a reasonably sophisticated profile of your interests and behavior,”