Software // Social
05:24 PM
Connect Directly
File Sharing - Is Your Company at Risk?
May 12, 2016
According to Secure Sharing of Intellectual Property, a January 2016 commissioned study conducted ...Read More>>

Facebook Faces Congressional Privacy Interrogation

The co-chairmen of the House Privacy Caucus want Facebook CEO Mark Zuckerberg to explain his company's plans for enabling the sharing of user phone numbers and addresses.

When Facebook in January announced plans to enable developers, with permission, to access users' addresses and phone numbers, the company took it on the chin. Facebook users, perhaps recalling revelations late last year that Facebook user ID numbers were being shared by third-party applications, complained and the company backtracked, stating that it agreed with some of the concerns raised and that it would delay access until some changes have been made.

The incident got the attention of two members of Congress, Edward Markey (D-Mass) and Joe Barton (R-Texas), co-chairmen of the House Bi-Partisan Privacy Caucus. On Wednesday, the two U.S. Representatives sent a letter to Facebook CEO Mark Zuckerberg seeking answers about the company's plans.

"Facebook needs to protect the personal information of its users to ensure that Facebook doesn’t become Phonebook," said Rep. Markey, in a statement. "That's why I am requesting responses to these questions to better understand Facebook's practices regarding possible access to users’ personal information by third parties. This is sensitive data and needs to be protected."

Markey's worst case scenario -- that Facebook could become Phonebook -- is an odd one. Phone numbers and addresses are already widely available through phone books, not to mention on the Internet, for better or worse. Information that's far more sensitive is also readily available to Facebook developers, with user permission, through the Facebook Graph API. From consenting users, Facebook API queries can access a user's Facebook ID number, first and last name, Facebook profile URL, "About" blurb, birthday, work history, education, e-mail, Web site URL, hometown, location, biography, favorite quotes, gender, interests, significant other (if any), religion, politics, friends' names, and a few other factoids.

Facebook for its part is stressing that users themselves are the ones authorizing the release of this information.

"As an innovative company that is responsive to its users, we believe there is tremendous value in giving people the freedom and control to take information they put on Facebook with them to other Web sites," the company said in an e-mailed statement. "We enable people to share this information only after they explicitly authorize individual applications to access it. This system of user permissions was designed in collaboration with a number of privacy experts. Following the rollout of this new feature, we heard some feedback and agree that there may be additional improvements we could make. Great people at the company are working on that and we look forward to sharing their progress soon."

What Markey and Barton should have questioned -- but didn't -- is the extent to which seemingly innocuous information, made accessible with permission, can be used to construct a cookie-like tracking mechanism that spans the Web. Cookies, the source of much privacy angst, are simply identification numbers. And a few Facebook data points -- say, name plus location plus birthday -- can serve as a unique identifier just as easily as a long string of numbers.

They should also have delved into whether data permission requests from Facebook, not to mention other Web sites, truly meet the standard of informed consent.

Chances are the bulk of the data made available through Facebook flows from misinformed consent: Most users don't understand, or just don't care about, the ramifications of clicking "I Agree," whether for software licenses or data sharing notifications.

The question that should be asked is whether regulation is necessary to protect Internet users from themselves.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Social is a Business Imperative
Social is a Business Imperative
The use of social media for a host of business purposes is rising. Indeed, social is quickly moving from cutting edge to business basic. Organizations that have so far ignored social - either because they thought it was a passing fad or just didnít have the resources to properly evaluate potential use cases and products - must start giving it serious consideration.
Register for InformationWeek Newsletters
White Papers
Current Issue
2016 InformationWeek Elite 100
Our 28th annual ranking of the leading US users of business technology.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.