Just in time as Mark Zuckerberg said his final words in front of the US Congress on 10 April 2018, Facebook announced their bounty program to reward anyone who reports on data abuse on their platform. The company said that that this is a fulfillment on a promise they made several weeks ago to implement measures to help them protect people's data on Facebook.
The timing of the announcement, however, is rather interesting given it was made on the same day when Zuckerberg was appearing before the US Congress to answer questions around the saga involving Cambridge Analytica harvesting Facebook users' data.
" This program will reward people with first-hand knowledge and proof of cases where a Facebook platform app collects and transfers people’s data to another party to be sold, stolen or used for scams or political influence. Just like the bug bounty program, we will reward based on the impact of each report. While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to our attention," said Collin Greene, Head of Product Security at Facebook, in a statement announcing the Data Abuse Bounty program.
The Facebook Data Abuse Bounty program is not much different to its existing bug bounty program meant to help it address any security issues with their platform. The main difference is that instead of reporting a bug, you would be reporting a developer or organization responsible for developing an app that abuses Facebook data.
"We’ll review all legitimate reports and respond as quickly as possible when we identify a credible threat to people’s information. If we confirm data abuse, we will shut down the offending app and take legal action against the company selling or buying the data, if necessary. We’ll pay the person who reported the issue, and we’ll also alert those we believe to be affected," said Greene.