Facebook outage shows need for infrastructure regulation

A phone showing Facebook failing to load and computer server cords. Graphic by Sie Douglas-Fish.
Graphic by Sie Douglas-Fish.

On Monday, Oct. 4, billions of Facebook, Instagram, and WhatsApp users from every corner of the world reached for their phones — only to find that they could not access their accounts. What seemed like a minor technical issue turned into a global outage of Facebook and the platforms it owns, spanning over five hours, the longest Facebook has ever seen.

In a blog post, Santosh Janardhan, Facebook’s vice president of infrastructure, later explained that the outage was caused when an employee, carrying out a routine maintenance job, issued a command that was supposed to assess the availability of global backbone capacity. 

“[The] configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication,” said Janardhan. “This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.”

The hours-long social media blackout cast a shadow of doubt over the infallible light that Facebook once stood in. As our communication, relationships, and business practices are continually weaving tighter around these ever evolving tech giants, my fears surrounding these technologies are becoming realized. 

While there has been a growing discussion over the past decade around what regulations should be imposed on social media platforms, those conversations often focus on data privacy and content moderation. Conversations around regulations on internet infrastructure (i.e., the physical and software engineering that creates the internet) and what that would look like have taken a backseat. 

However, the Facebook outage exemplifies just how urgent the need for this conversation is. 

Why did Facebook shut down?

Put simply, the outage had to do with two concepts: Domain Name System (DNS) and Border Gateway Protocol (BGP). DNS acts like an address book, allowing you to receive an IP address from a web browser. Essentially, you communicate with the computer where you would like to go and DNS finds the address. BGP ensures reliable operations. It has been compared to an air traffic controller system that routes the best path from point A to B. 

In the case of the outage, when the update occurred, it essentially disconnected all of Facebook’s centers from the internet. Meaning, for the people wanting to be routed to Facebook, the address no longer existed. When this happened, DNS stopped sending out BGP advertisements as BGP cannot route to a place that is not recognized. 

And usually, while Facebook’s infrastructure is designed to check commands to ensure that a domino-effect mistake like this would be stopped, a bug within that auditing tool meant it was not caught. 

The matter was exacerbated by the fact that the tools Facebook uses to deal with these matters exist on their own platform, so they couldn’t access them. The fact that Facebook’s entire software infrastructure was inaccessible due to one glitch shows just how vulnerable the apps we center our daily lives around are — and the need for regulation on this issue.

Forbes estimates that the outage cost the company around $65 million in revenue. For a company as large as Facebook, that loss is hardly significant. However, the impact of the outage on small businesses and creators was palpable. 

Over 200 million businesses currently rely on Facebook. For these small businesses, profit losses were substantial due to the inability to run ads and have traffic on platforms. The outage was also significant for people who use any of the three platforms as their primary means of communication. 

Criticism of Facebook

The outage came at a difficult time for the social media giant as Frances Haugen, a data scientist and whistleblower from the company, appeared the next day in front of the U.S. Congress to provide details on how Facebook has prioritized profit over user wellbeing.

“I’m here today because I believe Facebook’s products harm children, stoke division and weaken our democracy,” testified Haugen. An internal study showed that the Instagram platform was contributing to anxiety, depression, suicidal thoughts, and poor self-esteem in teens. 

Congress is currently attempting to reform Section 230 of the Communications Decency Act, which shields companies from liability for user-generated content as long as they carry out their due diligence. 

The lack of regulations governing Facebook has been a growing conversation in the past decade. Previously, people have focused on the social and political sway these companies possess as the combined total number of users across the family of platforms reaches into the billions. In 2012, Facebook bought Instagram for $1 billion and in 2014 they bought WhatsApp for $19 billion. Both of these apps have over a billion users each. Over the years, people have raised concerns about the amount of data collected by Facebook and how it is used. 

Legitimately so, as the dangers of misusing so-called “big data” were shown in 2018, when Christopher Wylie, a whistleblower from Cambridge Analytica testified that Facebook user data was collected without consent and used for targeted political advertising. 

Facebook was penalized for exposing the data of its approximately 80 million users in the UK to “serious risk of harm.” The UK Information Commissioner’s Office collected 500 000 pounds from Facebook. 

While data privacy and content moderation are topics deserving of the attention and criticism they receive, internet infrastructure regulations are just as worthy and urgent. 

The need for infrastructure regulation 

Regulations on internet infrastructure do not just pertain to issues such as bugs in software, as the Facebook outage showed. Matters of cybersecurity are closely related as cybersecurity is the protection of internet infrastructure and the data it contains. 

Take for instance what happened on April 29, when Colonial Pipeline was hacked due to a single compromised password. The technical disruption led to long lines at gas stations, gas stations running out altogether, and high fuel prices. In order to end the hijacking, Colonial Pipeline paid $5 million in cryptocurrency as ransom to the hackers. The company could only begin resuming practices on May 12. 

Mandates on cybersecurity measures are critically overlooked and the Colonial Pipeline hacking shows how devastating the impacts can be from a single vulnerability in the system. 

While a substantial amount of media coverage is focused on the psychological impacts and lack of regulation of social media platforms, less attention is given to the technological infrastructure that upholds them in the first place. 

Internet infrastructure has so insidiously permeated societal needs and wants that has become a fulcrum to our emotional comfort, physical safety, and national security, not just through the collection and manipulation of our personal data or the bombardment of misinformation but also by disrupting human-machine interactions and controlling government, industry and businesses.  

While the Facebook outage was passed off as human error, the fact that the entire system was taken down by one mistake is alarming and should prompt governments and regulatory bodies to consider implementing stronger and more robust technological infrastructure regulations on the social media providers. Regulations on technology and infrastructure are not a new concept. 

When you step onto an airplane, you are trusting that the technology will deliver you safely from point A to B. Why shouldn’t social media platforms be governed by the stringent set of rules and regulations to ensure emotional and physical safety for all and seamless government and business operations?