Facebook Defends Privacy Practices To Congress

Facebook has sent a detailed letter defending its privacy practices to two members of the US Congress, in the wake of the "exposé" published by the Wall Street Journal.

Marne Levine HeadshotFacebook has sent a detailed letter defending its privacy practices to two members of the US Congress, in the wake of the “exposé” published by the Wall Street Journal.

Marne Levine, vice president – global public policy at Facebook, sent the letter last Friday to Democrat Edward J. Markey and Republican Joe Barton of the House of Representatives in response to their questions in a letter of October 18. Markey is co-chairman of the Bi-Partisan Privacy Caucus and Barton is a ranking member of the Committee on Energy and Commerce.

The two Congressman were reacting to a 18 October WSJ article titled “Facebook in privacy breach”. After publication of this article, Markey and Barton wrote to Facebook with a series of 18 questions, including asking for details of how many people were affected by the “privacy breaches” and how Facebook intended to force applications to tow the line on privacy.

In her response, Levine, a former White House economic adviser, sought to correct the perception left by the WSJ article before addressing the 18 specific questions. Her 13-page missive of October 29 is available as a PDF for anyone who is interested in reading it.

She explained that Facebook’s privacy policy specifically states that user IDs [UIDs] would be shared with applications and game developers and that users are also reminded of this in real time when they use the application for the first time. She wrote: “The sharing of UIDs by Facebook with third-party applications does not involve the sharing of any private user data and is in no sense a privacy ‘breach’.”

She also pointed out that the information contained in a UID was limited. “A Facebook UID at most enables access only to information that a user has already chosen to share and make publicly available,” she states in the letter. “No information that a user has restricted using Facebook’s privacy controls is available solely with a Facebook UID, including to applications or any third parties providing services or content to applications. Furthermore, Facebook employs technical measures to prevent third parties from using UIDs to obtain even the publicly available information of significant numbers of users.” However, she does not mention the fact that Facebook UIDs are linked to real names and that Facebook users do not have the option of restricting their name as private information

Levine argued that the issue highlighted by the WSJ is a function of how internet browsers work and therefore affects a number of companies, not just Facebook. However, she said that in light of Facebook’s leadership position, the company was working on a technical solution to prevent UIDs being transmitted via the URL of the page, which would prevent any accidental sharing of UIDs by third parties. She said the company was also working on an industry-wide initiative to equip browsers with privacy controls that would prevent such inadvertent passing of information.

Photo Credit: Profile pic from Marne Levine’s Facebook page.