Even as Facebook founder CEO Mark Zuckerberg testified during his congressional hearing he wanted to ensure the integrity of elections is protected, the social networking giant announced that it was launching the Data Abuse Bounty to reward people who would report any misuse of data by app developers.
Facing a joint hearing of the Senate Judiciary and Commerce committees over the alleged hijacking of data of millions of Facebook users by British firm Cambridge Analytica for 2016 US presidential election, Zuckerberg said he knew the importance of the upcoming polls in countries, including India, Hungary and Brazil, and his company wanted to ensure protection of integrity in these elections.
Meanwhile, Collin Greene, head of product security at Facebook, wrote in a post about launch of the Data Abuse Bounty programme as part of the company’s efforts towards quicker uncovering of potential abuse of information.
“The Data Abuse Bounty, inspired by the existing bug bounty program that we use to uncover and address security issues, will help us identify violations of our policies,” said Greene.
Facebook says this programme will reward people with first-hand knowledge and proof of cases where an app on Facebook platform “collects and transfers people’s data to another party to be sold, stolen or used for scams or political influence”. “Just like the bug bounty program, we will reward based on the impact of each report. While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to our attention,” said Greene.
Monetary bounties for such reports are entirely at Facebook’s discretion, based on risk, impact and other factors.
“We aim to pay similar amounts for similar issues, but bounty amounts and qualifying issues may change over time. Past rewards do not necessarily guarantee similar results in the future,” Facebook has posted.
In the event of duplicate reports, a bounty will go to the first person to submit an issue. There will be an option for the user to donate the bounty to a recognised charity, and Facebook has said it will double the amounts donated this way.
Facebook says it will review “all legitimate reports” and respond “as quickly as possible” on identifying a credible threat. If data abuse is confirmed, “we will shut down the offending app and take legal action”, if necessary, said the post. The person reporting the issue will be rewarded, says Facebook adding that it will also alert those who might be affected.
The post gives a link to the page with details of the “first-of-its-kind” programme that it says will change with time. There is another page there detailed information can be found on how to report abuse.
Facebook urges the users to first review this page and read on the ‘responsible disclosure policy’, reward guidelines and things that should not be reported.
If an account is sending out suspicious links: https://www.facebook.com/help/hacked
To report abuse: https://www.facebook.com/help/reportlinks
Help Centre: https://www.facebook.com/help
For programme updates and news from bug bounty team: https://www.facebook.com/bugbounty