We’ve all seen the videos and memes of Facebook founder and CEO Mark Zuckerberg as he withstood 2 days of questioning by American congress regarding the Cambridge Analytica (CA) and data leak scandal.
What many didn’t notice was that before Zuckerberg entered the building, Facebook had released their newest tool for fighting data leaks in the future.
In a Newsroom post, Facebook’s Head of Product Security, Collin Greene announced the launching of their newest offense against data leaks such as with CA.
The Data Abuse Bounty.
The Data Abuse Bounty
Inspired by their successful million-dollar bug bounty program, which provided bug hunters financial incentives if they were able to find security bugs in the system, the Data Abuse Bounty was created to encourage users and researchers to help Facebook stop unlawful use of their users’ data.
The Bug Bounty program rewarded researchers and hackers for finding security holes in Facebook’s various platforms in order to protect it from malicious attacks.
Although the Bug Bounty goes across Facebook’s various platforms including Instagram, the Data Abuse Bounty is currently only applicable for Facebook’s main platform.
The bounty will focus on “incentivizing anyone to report apps collecting user data and passing it off to malicious parties to be exploited.” To be eligible for a reward, the application you report must affect at least 10k users, have a clear or “definitive” pattern of abuse of data, and is a case that is not currently being investigated by Facebook.
You can learn more about the terms here.
That means payments will be given on a first-come, first served model. The social network has also stated that there will be no retroactive payments, so journalists that brought the CA data leak to light shouldn’t hold their breath for commission.
Not a lot of details have come out on how the social network will be calculating payments, but it has been announced that the minimum will be 500USD. Since it was inspired by the Bug Bounty, it is important to note that bug bounties have been paid up to 40k USD.
Apps that are found to be abusing data, such as selling them to 3rd party buyers may have their apps terminated from Facebook, have an “Initiation of a forensic audit of related systems,” and may have legal action taken against them.
The Data Abuse Bounty is the first of its kind and may change how other social networks and how the internet could find weakness in their systems in the future.
Cracking down on the platform’s abuse
Since CA’s whistleblower came out, Facebook has been trying to boost and heal its reputation with a series of security and other releases.
In a March Newsroom post, Facebook mentioned what developers and users should expect in the future. Last week, Facebook released an infographic detailing what steps have already been taken to improve the platform’s security and the safety of its users’ data.
In the bottom of the post, Facebook does mention an expansion of their Bug Bounty program which has now been revealed as the Data Abuse Bounty.
It is important to note that Facebook is also encouraging more whistle blowers, stating that they will not be subject to legal action if their report is legitimate.
“A door is always open if a whistleblower wants to say there’s something sketchy here,” Stated Greene to CNBC.