Facebook Faces Congressional Privacy Interrogation - InformationWeek
Software // Social
05:24 PM
Connect Directly
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Facebook Faces Congressional Privacy Interrogation

The co-chairmen of the House Privacy Caucus want Facebook CEO Mark Zuckerberg to explain his company's plans for enabling the sharing of user phone numbers and addresses.

When Facebook in January announced plans to enable developers, with permission, to access users' addresses and phone numbers, the company took it on the chin. Facebook users, perhaps recalling revelations late last year that Facebook user ID numbers were being shared by third-party applications, complained and the company backtracked, stating that it agreed with some of the concerns raised and that it would delay access until some changes have been made.

The incident got the attention of two members of Congress, Edward Markey (D-Mass) and Joe Barton (R-Texas), co-chairmen of the House Bi-Partisan Privacy Caucus. On Wednesday, the two U.S. Representatives sent a letter to Facebook CEO Mark Zuckerberg seeking answers about the company's plans.

"Facebook needs to protect the personal information of its users to ensure that Facebook doesn’t become Phonebook," said Rep. Markey, in a statement. "That's why I am requesting responses to these questions to better understand Facebook's practices regarding possible access to users’ personal information by third parties. This is sensitive data and needs to be protected."

Markey's worst case scenario -- that Facebook could become Phonebook -- is an odd one. Phone numbers and addresses are already widely available through phone books, not to mention on the Internet, for better or worse. Information that's far more sensitive is also readily available to Facebook developers, with user permission, through the Facebook Graph API. From consenting users, Facebook API queries can access a user's Facebook ID number, first and last name, Facebook profile URL, "About" blurb, birthday, work history, education, e-mail, Web site URL, hometown, location, biography, favorite quotes, gender, interests, significant other (if any), religion, politics, friends' names, and a few other factoids.

Facebook for its part is stressing that users themselves are the ones authorizing the release of this information.

"As an innovative company that is responsive to its users, we believe there is tremendous value in giving people the freedom and control to take information they put on Facebook with them to other Web sites," the company said in an e-mailed statement. "We enable people to share this information only after they explicitly authorize individual applications to access it. This system of user permissions was designed in collaboration with a number of privacy experts. Following the rollout of this new feature, we heard some feedback and agree that there may be additional improvements we could make. Great people at the company are working on that and we look forward to sharing their progress soon."

What Markey and Barton should have questioned -- but didn't -- is the extent to which seemingly innocuous information, made accessible with permission, can be used to construct a cookie-like tracking mechanism that spans the Web. Cookies, the source of much privacy angst, are simply identification numbers. And a few Facebook data points -- say, name plus location plus birthday -- can serve as a unique identifier just as easily as a long string of numbers.

They should also have delved into whether data permission requests from Facebook, not to mention other Web sites, truly meet the standard of informed consent.

Chances are the bulk of the data made available through Facebook flows from misinformed consent: Most users don't understand, or just don't care about, the ramifications of clicking "I Agree," whether for software licenses or data sharing notifications.

The question that should be asked is whether regulation is necessary to protect Internet users from themselves.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll