Thursday, September 29, 2011

Lawmakers want FTC probe of FACEBOOK

By TONY ROMM | 9/28/11 4:48 PM EDT


Lawmakers are asking the FTC to investigate Facebook following reports that the social network has been collecting data even from users logged out of their profiles.

The concerns from Capitol Hill came Wednesday in a letter by Reps. Ed Markey (D-Mass.) and Joe Barton (R-Texas), who have repeatedly questioned Facebook’s privacy practices.

The duo expressed deep concern with the findings of one Australian security blogger, who discovered this week Facebook was gathering data even from logged out users whenever they visited Web pages that feature the social network’s signature “Like” button.

Facebook has maintained it never tracked its users’ browsing habits and sought only to use information it collected for security and statistical purposes. And even though Facebook has since worked to address users’ concerns, Markey and Barton said in their latest letter they "remain concerned about the privacy implications for Facebook's 800 million subscribers."

They further asked the FTC to detail anything the agency has already done to examine Facebook’s use of cookies.

"As co-chairs of the Congressional Bi-Partisan Privacy Caucus, we believe that tracking user behavior without their consent or knowledge raises serious privacy concerns," the lawmakers wrote.

"When users log out of Facebook, they are under the expectation that Facebook is no longer monitoring their activities. We believe this impression should be the reality. Facebook users should not be tracked without their permission,” they continued.

It was Australian tech expert Nik Cubrilovic who discovered that the recent overhaul of Facebook’s sharing system also brought a change to the way it handles cookies, or the files that remember individual accounts, preferences and other data.

When logging out of a website, those cookies tend to become inactive. But in the case of Facebook, some of those cookies transmitted data when users visited a website that contained a “Like” button, including one tied directly to a user’s identity, according to Cubrilovic.

Some felt that permitted Facebook to collect and store information about the sites its users visited. But a spokesman for the company told POLITICO on Wednesday that set of data was never actually stored, meaning Facebook “could not have used this information for tracking or any other purpose”

“There was no security or privacy breach — Facebook did not store or use any information it should not have,” the spokesman said. “Even though we weren't using this information, it's important to us that we address even potential issues, and we appreciate the issue was brought to our attention.”

In the days following Cubrilovic’s post, Facebook has also revisited its system.

For one, the social giant addressed allegations it had been tracking users by acknowledging that any cookie tied to a user’s identity should have been deleted upon signing off. A company engineer said Facebook has already fixed that bug.

“No information we receive when you see a social plugin is used to target ads, we delete or anonymize this information within 90 days, and we never sell your information,” Facebook said earlier this week.

Yet Markey and Barton on Wednesday expressed dissatisfaction with Facebook’s approach. They seized on a line from a company engineer that suggested it make take Facebook “a while” to fully correct the problem.

“Facebook should consider this problem a top priority and should allocate the resources necessary to safeguard consumers in an expedited fashion,” the members wrote.

This article first appeared on POLITICO Pro at 4:29 p.m. on September 28, 2011.

No comments: