Blog

Special Counsel Robert Mueller’s investigation into interference in to 2016 election interference has interviewed at least one employee of Facebook, CEO Mark Zuckerberg confirmed today during his testimony before the Senate. Zuckerberg confirmed that he himself had not been interviewed, then declined to elaborate, citing the confidentiality of the investigation.

Senator Leahy asked “I assume Facebook has been served with subpoenas from the special counsel’s office?” Zuckerberg replied “yes”, but then noted that “I have to clarify that I’m not sure that there are subpoenas, there may be.”

Leahy then asked if Zuckerberg or anyone at Facebook had been contacted by the special counsel, and Zuckerberg responded “Yes”. When asked if he specifically had been interviewed, the CEO replied “I have not”. Leahy followed up, asking “Others have?” Zuckerberg responded “I believe so.”

Zuckerberg then got cagey, explaining that “I want to be careful here because our work with the special counsel is confidential and I want to make sure that in an open session I’m not revealing something that’s confidential.”

You can watch this part of the testimony below:

Wired reported in January that at least one Facebook staffer employee had been interviewed by Mueller, and that they were associated with the Trump campaign. Facebook provided assistance to both the Trump and Clinton campaigns in using Facebook’s tools.

Now, given information that’s come to light about the Trump campaign working with Cambridge Analytica to optimize its campaigns, and about how Cambridge Analytica attained that data improperly from a Facebook app built by researcher Dr. Aleksandr Kogan, Mueller’s investigation may have been interested to know if the Facebook staffer was aware of the improperly-attained data. Alternatively, Mueller may have simply been interested in whether the Facebook staffer knew of any Russian connection to the campaign.

You can follow TechCrunch’s coverage of the Zuckerberg testimony here:

In his opening statement in today’s Senate hearing with Mark Zuckerberg, Senator Thune (R-SD) noted that Cambridge Analytica, the company most associated with the ongoing privacy debacle, will be examined separately at another time.

“There are plenty of questions about the behavior of Cambridge Analytica and we expect to hold a future hearing on Cambridge and similar firms,” the Senator said.

Thune chairs the Commerce, Science & Transportation Committee, which is one of several that combined for today’s hearing, but he did not indicate whether it would be that or another committee, or another group of them, that will talk to Cambridge Analytica and whichever other companies are deemed to be alike to it.

Facebook founder Mark Zuckerberg will be questioned by US lawmakers today about the “use and abuse of data” — following weeks of breaking news about a data misuse scandal dating back to 2014.

The Guardian published its first story linking Cambridge Analytica and Facebook user data in December 2015. The newspaper reported that the Ted Cruz campaign had paid UK academics to gather psychological profiles about the US electorate using “a massive pool of mainly unwitting US Facebook users built with an online survey”.

Post-publication, Facebook released just a few words to the newspaper — claiming it was “carefully investigating this situation”.

Yet more than a year passed with Facebook seemingly doing nothing to limit third party access to user data nor to offer more transparent signposting on how its platform could be — and was being — used for political campaigns.

Through 2015 Facebook had actually been ramping up its internal focus on elections as a revenue generating opportunity — growing the headcount of staff working directly with politicians to encourage them to use its platform and tools for campaigning. So it can hardly claim it wasn’t aware of the value of user data for political targeting.

Yet in November 2016 Zuckerberg publicly rubbished the idea that fake news spread via Facebook could influence political views — calling it a “pretty crazy idea”. This at the same time as Facebook the company was embedding its own staff with political campaigns to help them spread election messages.

Another company was also involved in the political ad targeting business. In 2016 Cambridge Analytica signed a contract with the Trump campaign. According to former employee Chris Wylie — who last month supplied documentary evidence to the UK parliament — it licensed Facebook users data for this purpose.

The data was acquired and processed by Cambridge University professor Aleksandr Kogan whose personality quiz app, running on Facebook’s platform in 2014, was able to harvest personal data on tens of millions of users (a subset of which Kogan turned into psychological profiles for CA to use for targeting political messaging at US voters).

Cambridge Analytica has claimed it only licensed data on no more than 30M Facebook users — and has also claimed it didn’t actually use any of the data for the Trump campaign.

But this month Facebook confirmed that data on as many as 87M users was pulled via Kogan’s app.

What’s curious is that since March 17, 2018 — when the Guardian and New York Times published fresh revelations about the Cambridge Analytica scandal, estimating that around 50M Facebook users could have been affected — Facebook has released a steady stream of statements and updates, including committing to a raft of changes to tighten app permissions and privacy controls on its platform.

The timing of this deluge is not accidental. Facebook itself admits that many of the changes it’s announced since mid March were already in train — long planned compliance measures to respond to an incoming update to the European Union’s data protection framework, the GDPR.

If GDPR has a silver lining for Facebook — and a privacy regime which finally has teeth that can bite is not something you’d imagine the company would welcome — it’s that it can spin steps it’s having to make to comply with EU regulations as an alacritous and fine-grained response to a US political data scandal and try to generate  the impression it’s hyper sensitive to (now highly politicized) data privacy concerns.

Reader, the truth is far less glamorous. GDPR has been in the works for years and — like the Guardian’s original Cambridge Analytica scoop — its final text also arrived in December 2015.

On the GDPR prep front, in 2016 — during Facebook’s Cambridge Analytica ‘quiet period’ — the company itself told us it had assembled “the largest cross functional team” in the history of its family of companies to support compliance.

Facebook and Zuckerberg really has EU regulators to thank for forcing it to do so much of the groundwork now underpinning its response to this its largest ever data scandal.

Below is a quick timeline of how Facebook has reacted since mid March — when the story morphed into a major public scandal…

March 16, 2018: Just before the Guardian and New York Times publish fresh revelations about the Cambridge Analytica scandal, Facebook quietly drops the news that it has finally suspended CA/SCL. Why it didn’t do this years earlier remains a key question

March 17: In an update on the CA suspension Facebook makes a big show of rejecting the notion that any user data was ‘breached’. “People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked,” it writes

March 19: Facebook says it has hired digital forensics firm Stroz Friedberg to perform an audit on the political consulting and marketing firm Cambridge Analytica. It subsequently confirms its investigators have left the company’s UK offices at the request of the national data watchdog which is running its own investigation into use of data analytics for political purposes. The UK’s information commissioner publicly warns the company its staff could compromise her investigation

March 21: Zuckerberg announces further measures relating to the scandal — including a historical audit, saying apps and developers that do not agree to a “thorough audit” will be banned, and committing to tell all users whose data was misused. “We will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity. We will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps. That includes people whose data Kogan misused here as well,” he writes on Facebook.

He also says developers’ access to user data will be removed if people haven’t used the app in three months. And says Facebook will also reduce the data users give to an app when they sign in — to just “your name, profile photo, and email address”.

Facebook will also require developers to not only get approval but also “sign a contract in order to ask anyone for access to their posts or other private data”, he says.

Another change he announces in the post: Facebook will start showing users a tool at the top of the News Feed “to make sure you understand which apps you’ve allowed to access your data” and with “an easy way to revoke those apps’ permissions to your data”.

He concedes that while Facebook already had a tool to do this in its privacy settings people may not have seen or known that it existed.

These sorts of changes are very likely related to GDPR compliance.

Another change the company announces on this day is that it will expand its bug bounty program to enable people to report misuse of data.

It confirms that some of the changes it’s announced were already in the works as a result of the EU’s GDPR privacy framework — but adds: “This week’s events have accelerated our efforts”

March 25: Facebook apologizes for the data scandal with a full page ad in newspapers in the US and UK

March 28: Facebook announces changes to privacy settings to make them easier to find and use. It also says terms of services changes aimed at improving transparency are on the way — also all likely to be related to GDPR compliance

March 29: Facebook says it will close down a 2013 feature called Partner Categories — ending the background linking of its user data holdings with third party data held by major data brokers. Also very likely related to GDPR compliance

At the same time, in an update on parallel measures it’s taking to fight election interference, Facebook says it will launch a public archive in the summer showing “all ads that ran with a political label”. It specifies this will show the ad creative itself; how much money was spent on each ad; the number of impressions it received; and the demographic information about the audience reached. Ads will be displayed in the archive for four years after they ran

April 1: Facebook confirms to us that it is working on a certification tool that requires marketers using its Custom Audience ad targeting platform to guarantee email addresses were rightfully attained and users consented to their data being used them for marketing purposes — apparently attempting to tighten up its ad targeting system (again, GDPR is the likely driver for that)

April 3: Facebook releases the bulk app deletion tool Zuckerberg trailed as coming in the wake of the scandal — though this still doesn’t give users a select all option, but it makes the process a lot less tedious than it was.

It also announces culling a swathe of IRA Russian troll farm pages and accounts on Facebook and Instagram. It adds that it will be updating its help center tool “in the next few weeks” to enable people to check whether they liked or followed one of these pages. It’s not clear whether it will also proactively push notifications to affected users

April 4: Facebook outs a rewrite of its T&Cs — again, likely a compliance measure to try to meet GDPR’s transparency requirements — making it clearer to users what information it collects and why. It doesn’t say why it took almost 15 years to come up with a plain English explainer of the user data it collects

April 4: Buried in an update on a range of measures to reduce data access on its platform — such as deleting Messenger users’ call and SMS metadata after a year, rather than retaining it — Facebook reveals it has disabled a search and account recovery tool after “malicious actors” abused the feature — warning that “most” Facebook users will have had their public info scraped by unknown entities.

The company also reveals a breakdown of the top ten countries affected by the Cambridge Analytica data leakage, and subsequently reveals 2.7M of the affected users are EU citizens

April 6: Facebook says it will require admins of popular pages and advertisers buying political or “issue” ads on “debated topics of national legislative importance” like education or abortion to verify their identity and location — in an effort to fight disinformation on its platform. Those that refuse, are found to be fraudulent or are trying to influence foreign elections will have their Pages prevented from posting to the News Feed or their ads blocked

April 9: Facebook says it will begin informing users if their data was passed to Cambridge Analytica from today by dropping a notification into the News Feed.

It also offers a tool where people can do a manual check

April 9: Facebook also announces an initiative aimed at helping social science researchers gauge the product’s impact on elections and political events.

The initiative is funded by the Laura and John Arnold Foundation, Democracy Fund, the William and Flora Hewlett Foundation, the John S. and James L. Knight Foundation, the Charles Koch Foundation, the Omidyar Network, and the Alfred P. Sloan Foundation.

Facebook says the researchers will be given access to “privacy-protected datasets” — though it does not detail how people’s data will be robustly anonymized — and says it will not have any right or review or approval on research findings prior to publication.

Zuckerberg claims the election research commission will be “independent” of Facebook and will define the research agenda, soliciting research on the effects of social media on elections and democracy

April 10: Per its earlier announcement, Facebook begins blocking apps from accessing user data 90 days after non-use. It also rolls out the earlier trailed updates to its bug bounty program

Today at Mark Zuckerberg’s first of two hearings with Congress, the meme maker formerly known as the Monopoly Man made a surprise cameo in troll form to troll the Facebook founder.

The Monopoly Man, a.k.a. Amanda Werner, made their first splash as a mascot of corporate greed during a Senate hearing with Equifax’s CEO Richard Smith. Werner, dressed as Monopoly’s Rich Uncle Pennybags, sat just behind Smith for the entirety of his testimony, fiddling with a monocle and mopping their brow with oversize one hundred dollar bills.

“Since Zuckerberg allowed millions of Russian trolls to undermine our democracy, I assume he won’t mind if one Russian troll undermines his credibility,” Werner said in a statement on the stunt.

The gags are over the top, but they’re meant to draw attention to meaningful consumer causes. Werner’s Equifax appearance, an undertaking by an organization called Public Citizen, was focused on highlighting consumer-hostile forced arbitration clauses.

“Corporate giants like Facebook and Equifax must face serious penalties when they expose our private information,” Werner said. “Without meaningful legislation these hearings are more spectacle than substance — so I will continue to steal the spotlight until Senators stop grandstanding and start lawmaking.”

In the wake of revelations that the personal information of as many as 87 million Facebook users was used by data analysis firm Cambridge Analytica in 2016 for political purposes, reports indicate Facebook will contribute raw, anonymized data to a new Social Data Initiative via what is described as an independent, transparent and peer–reviewed process.

Will greater data sharing place the information of communities of color at greater risk? Or will making aggregated user data available data better inform our understanding of social media’s impact on society? Caught between these questions are activists of color and the vulnerable communities they represent.

Activists of color weren’t surprised by the Cambridge Analytica revelations. This scandal is only the latest in a string of worrisome disclosures about the use of social media by third parties, from foreign governments and electoral candidates to law enforcement agencies, to spy on the activities of users – especially immigrant, Black and other vulnerable communities.

With half of all U.S. adults already in police facial recognition databases and the 2018 midterm election season upon us, the issue of political data mining feels urgent to Black activists. “We are tracked by data mining companies that have contracts with law enforcement that profile and criminalize us. This works in tandem with designations like ‘Black Identity Extremism’, a made up term by the FBI to attack Black organizers,” said Janaya Khan, a Black Lives Matter activist and organizer with the national civil rights group Color of Change.

A supporter of a handful of protesters from the activist group the Raging Nannies who gathered outside of Facebook to demand greater data protection, Electronic Frontier Foundation Organizer Nathan Sheard, also raised concerns, “Facebook has a responsibility to its users.” He goes on to note that, “By default their [user] info should be kept secure.” Yet user information on Facebook remains extraordinarily vulnerable and far too available to third parties, without the consent of Facebook users.

Congress has joined the chorus of voices seeking answers. Mark Zuckerberg, Facebook Founder and CEO will testify at a joint hearing before the Senate Judiciary and Senate Commerce, Science, and Transportation committees on Tuesday, April 10 at 2:15 pm Eastern time. He’ll be back on Capitol Hill the following day for another hearing before the House Energy and Commerce Committee on Wednesday, April 11, at 10 am ET.

Congress’ failure to protect the data of vulnerable users has created real world fears for immigrant rights activists working tirelessly to protect undocumented families facing a wave of deportation under President Trump. Co-founder and Executive Director of United We Dream, Cristina Jimenez explains, “Our movement is led by undocumented immigrants and people of color, and under Trump we’ve seen our members targeted in phishing attacks online and chased by white supremacists out in the streets.”

These conditions have prompted some to delete Facebook, which must be done skillfully to ensure all personal data has actually been removed. Given that two–thirds of Americans get their news from platforms like Facebook, the likelihood that users will delete the social media giant is low. For others, the call to action is for Congress to pass laws that require greater data protection in order for Facebook to operate in the U.S. — which can take time.

Activists from the movements for Black lives, immigrant rights, Muslim freedom, and others protesting to save their lives, protect their families, or defend their environment and land can’t wait for data protection. These activists and the technologists who support them have come together to create a resource for keeping their accounts secure and to protect their critical work: defendourmovements.org.

Activists like Southwest Organizing Project activist Roberto Roibal are already responding to the site.

The site, which includes a help desk and crowd-sourced knowledge base, was built to provide activists at the greatest risk of surveillance with culturally relevant digital safety tips, tools and support, vetted by technologists that understand and are participants in social movements. Its launch is accompanied by ongoing digital security trainings nationwide. Together, these tools and trainings offer a starting place for securing social movements in an increasingly frightening political environment.

After all, the Cambridge Analytica debacle is far from the first time corporations and government institutions have used Facebook and other social media platforms to spy on the most vulnerable in our society.

Just last month The Intercept reported that the Immigration and Customs Enforcement agency has also been using Facebook to do its “extreme vetting” dirty work, and it’s been confirmed that Russian government officials utilized multiple social media platforms to influence the 2016 election. And in that same year, Facebook, Instagram, and Twitter were forced to update their platforms after providing user’s data to Geofeedia – a social media surveillance company which marketed its tools to police officers nationwide, in order to monitor protesters and activists of color.

The ACLU has outlined immediate steps Facebook should take in response to this latest privacy disclosures, including implementing better auditing procedures and enforcement of its policies for developers, but the fight to preserve our right to resist online will continue regardless. The human rights organization Witness also chimed in with a thoughtful analysis of next steps the company could take.

Beyond the urgent need for digital security, what movement leaders understand is that if they don’t create these tools, no one else will. Activists cannot wait for Facebook and Mark Zuckerberg to change.

Hacker and security specialist Matt Mitchell said, “ All movements have those who secure the fight because they believe in it. They are the ones folks trust, the ones who sacrifice over and over again. They put time and love into the struggle. Belonging is what brings them to this work.  Look, people working for justice and freedom have adversaries who work nine to five to slow things down. We’re being secured 24/7 by our organizing. That’s why we will win.”

We are the ones we’ve been waiting for. In a time when it is hard to tell what’s real and what’s not, digital security grounded in authentic relationships can make all the difference.

Learn more at DefendOurMovements.org or mediajustice.org

Facebook promised it would alert users yesterday who were impacted by the whole Cambridge Analytica mess. No doubt you’ve been waiting on that information since the whole thing crossed your radar. Well, you can either sit around and wait for a notification, or you can go find out yourself, by visiting this Facebook Help Center page.

The link will let you know if you were among the 87 million or so Facebook users who had their information compromised when you or one your friends logged into the “This is Your Digital Life” app. If so, there’s a good chance your profile, city, birthday and the pages you like were also shared.

If you were impacted, the page also notes that “a small number of people who logged in” may have given the service access to their “news need, timeline, posts and messages which may have included posts and messages from you.”

Of course, there’s a lot more information still to come from all off this — some of which will hopefully come to light when Mark Zuckerberg testifies to the Senate today.

This isn’t really surprising if you’ve been following Uber’s legal woes. But the Court of Justice of the European Union has confirmed to Uber France that Uber is operating a transportation company. Member countries can prohibit or punish Uber in their own countries without involving the European Union.

Over the past few years, Uber has asked to CJEU to rule in multiple cases related to UberPOP. With UberPOP, anyone could become a driver without any special professional license — it’s the equivalent of UberX in the U.S. Yes, it’s super confusing because UberX in France is the equivalent of UberBLACK in the U.S.

UberPOP was banned in Brussels, the Netherlands and France. According to a French court, Uber operated an illegal transportation company. The company was fined $900,000 (€800,000).

Uber France appealed the judgement and asked Europe’s top court to overrule the decision. The company said that it was an information society service. And EU member countries need to notify the European Commission about law changes when it comes to information society services.

But Uber has now lost in Spain and in France. It is indeed a transportation company, and the CJEU is making that clear in every press statement. Future cases will most likely consider Uber as a transportation company once again.

Facebook has become the de facto way people today keep up with their friends and family and, at times, their wider network of professional acquaintances and colleagues. But its inattention to user data protection is leading some people looking for an out. A new app called Garden, officially launching today, wants to offer people a more private and personal way to keep up with those who are important to them.

The app was created by Zander Adell, previously the CEO of the package delivery startup Doorman, which shut down last fall. Doorman had tried to solve the problem with last mile delivery by allowing people to schedule when their online orders were actually delivered. The business had taken a lot of work, as many startups do. And that distracted Adell from maintaining his other relationships.

“I built Garden because I lost a friend,” he says. “I got so busy running my last startup that I neglected some of my closest personal relationships with the assumption that we’d connect when life calmed down. Years went by and life never got any easier,” Adell admits.

He also believes that social media has tricked users into thinking they have stronger relationships with others than they really do – that “liking” a post is some sort of meaningful experience, for example, when it’s actually not.

“Maintaining a real personal or business relationship that adds value and meaning to your life takes regular and substantive effort,” Adell explains. “Just like you can’t expect the plants in a garden to stay healthy without regularly watering them, you shouldn’t expect your relationships to thrive without putting in the time.”

Garden initially grew out of Adell’s own efforts in better tending to his relationships which took the form of a big spreadsheet where he wrote down when he last caught up with someone. He found it helped him better keep up with both his business contacts and his personal relationships.

When he heard from others who had also built their own spreadsheets for a similar purpose, he thought it may make sense to offer the solution as an app instead.

With Garden, you set a reminder frequency on your contacts in your phone, and indicate how often you want to keep up with the person in question – weekly, monthly, quarterly, every six months, etc. When you do catch up with a friend, you can leave notes in the app and write details about your last conversation. In effect, it’s a personal CRM.

Of course, CRM-in-an-app has been done before, but the focus is almost always on business relationships – not personal ones. Garden could effectively manage both.

The app also plays in the same space as all those Address Book replacement apps once did, few of which have lasted. For example, Tinder bought Humin, Brewster’s team joined RBI, and Cobook sold to FullContact.

But perhaps now people will give new apps that help them maintain their relationships another look.

Garden is well-designed if fairly simple – it’s a contact manager with push notifications. The hard work of actually keeping up will have to be done by you – you can’t just like a few posts and call it day. But this may be what some people want right now as they wean themselves off Facebook.

Given that Garden is a database of your personal relationships, Adell says that data privacy is critical. The data itself is hosted with AWS in the cloud, and transferred securely, he says. It will also not spam your friends as many apps in the past have done, Adell promises.

That said, contacts apps have gotten themselves into trouble before – bugs exposed private information, and people have always been a bit uncomfortable in granting apps permission to their private contacts. Garden, like others, asks for access to your Contacts to do its work. And that will give some people pause.

Adell says the project is something he bootstrapped himself, but is his full-time focus for the time being.

The app is currently a free download on iOS, but may become ad-supported at a later date.

Image credit, top: Georgian Style Flower Garden by ricoeurian on Flickr; others: Garden

It’s hard to #DeleteFacebook with no viable alternative, but at least you can export all your data. There’s no such option on Instagram . That lack of data portability puts users at the mercy of Instagram’s product and policy decisions. And it could even put users at risk, as those who seek to back up their accounts and content are forced to use unofficial third-party apps that require their password.

Facebook launched its Download Your Information tool in 2010, six years after the social network launched. It lets you export a zip file of all your status updates, photos, profile info, messages, friend lists and a whole lot more. The idea is that if you wanted to ditch Facebook, you could take your data with you and get set up on some other social network. The fact that you only get a list of your friends’ names by default, not their email addresses or another way to easily find them on different apps, limits that power. But at least you get all the content you created.

Soon to be eight years old, Instagram still lacks its own version of Download Your Information. When asked about this, an Instagram spokesperson merely said, “Instagram does not currently have a data portability tool.”

Instagram doesn’t even offer a way to download your photos or videos after you share them to its feed. Unlike most apps and websites, you can’t just tap and hold on a photo to save it to your phone. The closest option is to use Instagram’s “share via email” feature, which sends a saveable version of an image. Otherwise, you need to set Instagram to save images when you post them.

Third-party tools have cropped up to fill the gap, but their security and privacy practices can be questionable. Vibbi InstaPort, Insta Saver, 4K Download and Picodash are a few. These services typically require you to log in with your Instagram credentials, which puts your username and password at risk of leaking to hackers. It’s also unclear what else could happen to your images once they export them. And the fact that some of these services, like InstaPort, offer to sell you Instagram followers too shows how scammy they can be. Perhaps the best bet for users is this open-sourced InstaLooter tool, but it requires some technical know-how to retrieve your photos and videos.

The rest of your profile information, photos you’re tagged in, people you follow or who follow you, your Likes and comments and any other Instagram data is all trapped in the app. The European GDPR privacy law goes into effect on May 25th, so Instagram may need to offer a data portability tool by then. Perhaps Congress should ask Zuckerberg about this during his testimonies over the next two days.

The problem is that without portability, there’s less chance of a legitimate rival to Instagram emerging. Snapchat’s ephemerality makes it too different. That absence means there’s nowhere to go if users are fed up with Instagram’s algorithm or other issues. This is partly why the #DeleteUber campaign peaked much higher in terms of Twitter mentions than #DeleteFacebook, despite having a much smaller user base. Those pissed at Uber could switch to Lyft without changing their behavior much. There’s no equivalent alternative to Facebook or Instagram.

#DeleteUber peaked higher than #DeleteFacebook because apps like Lyft give Uber users a viable alternative. An Instagram Download Your Information tool could promote competition.

The U.S. government may have been shortsighted to let Facebook acquire Instagram in 2012 for $715 million. Now at more than 800 million monthly users, Instagram joining Facebook led to a massive centralization of social networking that gives users fewer options. But even with the backlash against big tech and Facebook, it seems unlikely that the government has the resolve to break up Facebook, Instagram and WhatsApp.

At the very least, Instagram should give users the ability to leave without losing their visual history. If Instagram and Facebook are going to remain united as one company, the same data portability tools should be available to both. That way, if someone actually did build a decent competitor, users could choose where they want to put their windows to the world. At the Download Your Information tool launch in 2010, Facebook CEO Mark Zuckerberg himself said, “Stuff that you put into the site, you should be able to take out.”

Just hours before social media companies face a regulatory reckoning with Facebook’s appearance on the Hill, Twitter is taking a step to get right with Congress.

In a series of tweets from its public policy account, Twitter just announced its decision to back the Honest Ads Act, a piece of legislation introduced last year as a response to mounting evidence that Russia leveraged domestic social media platforms in an attempt to influence U.S. politics during the 2016 presidential election.

After initially avoiding a commitment to the bill, Facebook’s Mark Zuckerberg endorsed the proposal last Friday. “Election interference is a problem that’s bigger than any one platform, and that’s why we support the Honest Ads Act,” Zuckerberg wrote in a Facebook post addressing foreign election influence campaigns. “This will help raise the bar for all political advertising online.”

As the Cambridge Analytica scandal broke, the bill’s supporters saw an opportunity to apply pressure to the generally regulation-averse social media platforms, and that strategy appears to be paying off.

Introduced in October by Democratic Senators Mark Warner and Amy Klobuchar, with endorsement from prominent Republican Senator John McCain, the bill would impose ad transparency requirements on social media platforms, websites and ad networks that see more than 50 million unique visitors a month.

The Honest Ads Act’s proposed reforms are threefold:

• Amending the Bipartisan Campaign Reform Act of 2002’s definition of electioneering communication to include paid Internet and digital advertisements.
• Requiring digital platforms with at least 50,000,000 monthly viewers to maintain a public file of all electioneering communications purchased by a person or group who spends more than $500.00 total on ads published on their platform. The file would contain a digital copy of the advertisement, a description of the audience the advertisement targets, the number of views generated, the dates and times of publication, the rates charged, and the contact information of the purchaser.
• Requiring online platforms to make all reasonable efforts to ensure that foreign individuals and entities are not purchasing political advertisements in order to influence the American electorate.

Warner called Twitter’s decision a “huge step forward” for the Honest Ads Act, adding that he hoped it would encourage Google to follow suit in supporting the bill’s mission to “bring accountability and transparency to online political ads.”