Privacy Groups: Facebook Can't Be Trusted
Representatives from several privacy groups put their heads together Thursday to discuss reactions to Facebook's recent privacy overhaul. The general verdict: Thumbs down. The groups characterized the changes as procedural rather than substantive, questioned the honesty of some of the network's claims, and maintained their insistence on an FTC investigation.
May 27, 2010 2:31 PM PT
The new privacy controls Facebook announced Wednesday were met with criticism the following day from privacy groups that called the new policies inadequate.
In a conference call on Thursday, representatives of the groups insisted on a Federal Trade Commission investigation of the social networking giant and regulatory oversight.
They also questioned Facebook's commitment to privacy and its honesty.
What Privacy Controls?
Facebook CEO Mark Zuckerberg announced Wednesday that the social networking site is making its privacy controls simpler. He also expressed his company's desire to make no further changes to its privacy settings in the immediate future.
"The whole process raises questions about Facebook's actual commitment to privacy," said Jeff Chester, executive director of the Center for Digital Democracy. "If you review the press release Facebook put out last December claiming to provide user privacy, you'll see that it in fact let it collect more user information."
Those December changes led the Electronic Privacy Information Center, together with the Center for Digital Democracy, the American Library Association, the Consumer Federation of America and other privacy organizations, to file a complaint with the Federal Trade Commission (FTC).
Facebook must develop privacy controls for its virtual currency and location products, among other features, and install opt-in policies for general information and personalization, Chester said.
"Despite procedural improvements made as a result of Facebook's new privacy rules, the substance remains unchanged," said Joe W. (Chip) Pitts III, president of the Bill of Rights Defense Committee. "They're constant with Mark Zuckerberg's mission to share information more widely."
"If Facebook were sincere about privacy, the default mode for privacy would be minimal information about everything," pointed out John M. Simpson of Consumer Watchdog.
Honesty Is Such a Lonely Word
The participants also questioned Facebook's honesty.
"There are still substantial questions about the deceptiveness of Facebook's approach to these issues, particularly with reference to the latest announcement on privacy controls," Pitts from the Bill of Rights Defense Committee (BORDC) said.
"I don't think we have any reason to trust this company now based on their behavior," Consumer Watchdog's Simpson added. "The whole process shows something of the Silicon Valley mindset that Facebook and Google follow -- you push the envelope as far as you can, grab as much data as you can, and then, when there's pushback, you do something else."
Participants in the conference call also criticized Facebook's stance that people who opt in to its site voluntarily provide their information, and so they implicitly consent to having their information published.
"A large majority of Facebook users are minors, and you can't raise the issue of consent if people don't understand the implications of their actions," pointed out Robert Ellis Smith, publisher of Privacy Journal. "To have meaningful consent, people have to know the consequences of posting their information."
What Do You Mean, Your Personal Information?
In addition, participants questioned Facebook's respect for users' privacy.
"Facebook consistently violates privacy, and that's the core of our complaint to the FTC," Pitts said. "Facebook is very opaque as to the degree to which third party applications can reach into your information, even if you don't use those applications."
Users' data is available to third-party apps if their Facebook friends use those apps.
"Facebook has consciously created an architecture to encourage the transmission of user data so it could be mined without the user understanding it," the CDD's Chester said. "This is where its new approach to instant personalization doesn't work, because ultimately the default will be to let third-party applications collect data."
This access to user data by third-party apps was the focus of EPIC's complaint to the FTC last year, EPIC executive director Marc Rotenberg remarked.
"Much of the user's social graph was going to application developers without users knowing about it," Rotenberg pointed out. "Facebook users have a fair amount of control over what they post, but they can't control what Facebook provides to third parties, and that's where we think the FTC's and regulatory activities need to continue."
Time to Lay Down the Law
"We want opt in to be the model with data minimization, user control, articulation of sensitive data on, for example, finance and health that would have more stringent safeguards," the CDD's Chester insisted. "We want regulation to control the massive stealth data collection that has emerged with Facebook and Google and want the FTC to this fall state what the governing policy should be on collecting consumer data, especially on social networks," he added.
"There are very sound reasons for Federal regulatory action and oversight on an ongoing basis in this area [of Facebook's commitment to privacy]. We know that people treat Facebook as a trusted environment. Unless default settings are changed by the user, they remain more open to the world than in prior incarnations of Facebook," BORDC's Pitts said.
"There's a need for federal oversight, and we need legislation for online privacy rights," Consumer Watchdog's Simpson pointed out.
EPIC is looking to the FTC to crack down on Facebook.
"We did receive an acknowledgement by the FTC in January that said the complaint filed by EPIC and other groups raised issues of particular interest to the Commission," EPIC's Rotenberg said.
The FTC had a representative attend the teleconference.