Facebook Faces Congressional Privacy Interrogation

The co-chairmen of the House Privacy Caucus want Facebook CEO Mark Zuckerberg to explain his company's plans for enabling the sharing of user phone numbers and addresses.

Thomas Claburn, Editor at Large, Enterprise Mobility

February 4, 2011

3 Min Read

When Facebook in January announced plans to enable developers, with permission, to access users' addresses and phone numbers, the company took it on the chin. Facebook users, perhaps recalling revelations late last year that Facebook user ID numbers were being shared by third-party applications, complained and the company backtracked, stating that it agreed with some of the concerns raised and that it would delay access until some changes have been made.

The incident got the attention of two members of Congress, Edward Markey (D-Mass) and Joe Barton (R-Texas), co-chairmen of the House Bi-Partisan Privacy Caucus. On Wednesday, the two U.S. Representatives sent a letter to Facebook CEO Mark Zuckerberg seeking answers about the company's plans.

"Facebook needs to protect the personal information of its users to ensure that Facebook doesn’t become Phonebook," said Rep. Markey, in a statement. "That's why I am requesting responses to these questions to better understand Facebook's practices regarding possible access to users’ personal information by third parties. This is sensitive data and needs to be protected."

Markey's worst case scenario -- that Facebook could become Phonebook -- is an odd one. Phone numbers and addresses are already widely available through phone books, not to mention on the Internet, for better or worse. Information that's far more sensitive is also readily available to Facebook developers, with user permission, through the Facebook Graph API. From consenting users, Facebook API queries can access a user's Facebook ID number, first and last name, Facebook profile URL, "About" blurb, birthday, work history, education, e-mail, Web site URL, hometown, location, biography, favorite quotes, gender, interests, significant other (if any), religion, politics, friends' names, and a few other factoids.

Facebook for its part is stressing that users themselves are the ones authorizing the release of this information.

"As an innovative company that is responsive to its users, we believe there is tremendous value in giving people the freedom and control to take information they put on Facebook with them to other Web sites," the company said in an e-mailed statement. "We enable people to share this information only after they explicitly authorize individual applications to access it. This system of user permissions was designed in collaboration with a number of privacy experts. Following the rollout of this new feature, we heard some feedback and agree that there may be additional improvements we could make. Great people at the company are working on that and we look forward to sharing their progress soon."

What Markey and Barton should have questioned -- but didn't -- is the extent to which seemingly innocuous information, made accessible with permission, can be used to construct a cookie-like tracking mechanism that spans the Web. Cookies, the source of much privacy angst, are simply identification numbers. And a few Facebook data points -- say, name plus location plus birthday -- can serve as a unique identifier just as easily as a long string of numbers.

They should also have delved into whether data permission requests from Facebook, not to mention other Web sites, truly meet the standard of informed consent.

Chances are the bulk of the data made available through Facebook flows from misinformed consent: Most users don't understand, or just don't care about, the ramifications of clicking "I Agree," whether for software licenses or data sharing notifications.

The question that should be asked is whether regulation is necessary to protect Internet users from themselves.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights