US Congressmen Take Closer Look at Certain Facebook Privacy Issues

Facebook launched new ways for developers to reach its users last week at its f8 devleoper conference, and following more recent  government attention to privacy and data security issues in general, the company is now in the political spotlight. Four US senators, Charles Schumer of New York, Michael Bennet of Colorado, Mark Begich of Alaska and Al Franken of Minnesota have sent a letter to Facebook declaring their concern over changes, and they’re staging a press conference about it now, where they’re expected to call social networks “the Wild West of the Internet.”

There are other parts of the internet that are more Wild-West-y than Facebook — such as portions of the online advertising industry. We and others have also been hearing whispers about third parties breaking Facebook’s terms of service and using applications to scrape sensitive user data for resale on the black market. That data can then be used for anything, from targeting behavioral banners ads to cross-referencing users with other data for fraud purposes.

But that sort of purely illegal activity is not the senators’ focus right now. Instead they have a problem with the specific features that Facebook launched. Their concern is that users do not understand the interfaces that Facebook is presenting to them. Here are the three issues they’ve brought up — basically an extension of a broader call by Schumer for closer oversight of social network data sharing. Facebook has said it will be meeting with the government to talk through the issues.

Instant personalization: The feature lets special partner sites access user data without making the process clearly opt-in. The point is to make signing on and using social features as simple and easy as possible. When users go to a partner site, they’ll see a blue bar at the top that tells them that the site is being personalized with Facebook data. It includes a link taking them to more information about the service, and a link that will make them immediately opt out. The senators want the feature to be fully opt-in — as it stands, these sites are using Facebook data without receiving explicit permission from the user. Facebook’s design here is aggressive, but it’d mostly likely have to change only if the Federal Trade Commission provides clearer guidelines about what is or isn’t acceptable in the emerging field of cross-site sign ons.

Data storage: Facebook also began letting applications store user data indefinitely last week, a move that from a developer perspective makes sense. The technical alternative — what Facebook has had — is requiring developers to only store data for a limited amount of time (Facebook had required 24 hours). That means third parties must be constantly pinging Facebook servers for user data. The company is trying to manage the technical limitations by not requiring developers to redownload the data every day. While that means developers have indefinite access to some user data, users can still determine which applications get what by removing them or limiting data sharing in their privacy settings. Section III 5.-9. deals explicitly with these issues in Facebook’s policies for developers — developers are required to delete any data that users tell them to, for example.

The senators may or may not understand how the technical aspects of this policy work. What they should be focusing on here, but don’t seem to be, is the fact that some people are breaking Facebook’s terms of service. Data “theft” is potentially a law enforcement issue that all web companies face, and congress should be working to help them fight it.

Connections: Facebook has been trying to get users to make more personal profile information publicly available. It forced open a basic set of information, like user names, over the course of this past last winter. Then, last Monday, it funneled users into changing all their personal profile data into links to Pages. Pages are public, so if users went through with that process, then all their Pages are public too — including things like their education, workplace and musical tastes. Facebook wants as much data to be public as possible, because that makes its social graph more valuable to third parties. Now, there is no way to state interests without creating a Page — however, users can hide most of this information from other users via their privacy settings.

However, many people have real-world risks that come with making this data public. The transition tool from Monday walked users through how to add Pages, but it included relatively little information on how to keep that information private. The senators have a point here, although it’s not clear what they think the alternatives should be to what Facebook has done.