-In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn't warn users that this change was coming, or get their approval in advance.
- Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.
- Facebook told users they could restrict sharing of data to limited audiences – for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.
- Facebook had a "Verified Apps" program & claimed it certified the security of participating apps. It didn't.
- Facebook promised users that it would not share their personal information with advertisers. It did.
- Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
- Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn't.
Nothing came of it besides an unwanted "please call me" message from him, but it's not a far reach from there to actually being located physically and confronted. We sent this man to jail and changed our names to keep away from him, and Facebook, in spite of their "privacy" settings, let him get a glimpse back into our lives.
Privacy/ethics issues aside, from a pure developer standpoint, isn't this just a feature? Where do we draw the line between functionality and privacy?
User A allows user B to see her data via "Friends only." User B runs app X, whose functionality includes interacting with friends. Let's say it shows on a map where each of your friends lives. App X can see the said data for the purposes of providing functionality.
Yes, I know that by strict definition this conflicts with "friends only." You now have "friends and the application executable code only." But how is this different from, say, Gmail auto-scanning my e-mail to show ads? Is it because I trust Google and don't trust $random_fb_app_developer?
Likely one concern is that this third-party developer can disrespect (or actually, not even know about) that "friends only" setting and inadvertently make the data visible to other parties.
(Disclaimer: Don't get me wrong, I loathe/distrust most FB apps as much as the next person. Just trying to think from an honest developer's shoes here.)
I'm somewhat sympathetic to Facebook on the other app-related claim as well, "Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate." Yes, Facebook could've done better on that, but fine-grained security is something nearly nobody has solved.
This is a reasonable question. Where I personally would draw the line is, "functionality" implies to me that the app would only access user info when it needs to do so for some FUNCTIONAL purpose. If the app does not need the data and is not doing anything legitimate with it, then obviously, the user's privacy should be respected and said info should not be accessed.
They've just been found, in a formal investigation, to have broken numerous fundamental privacy laws across several continents, and been punished with... absolutely nothing, as far as I can tell.
All this has done is teach them that they are above the law and should feel free to continue doing whatever they like without regard to the consequences for the hundreds of millions of real people who are counting on them to behave responsibly.
Face-palm. That's an oxymoron by definition.
Privacy is more important than a lot of shallow people imagine.
nothing. Zero. The FTC has investigated, and the settlement is zero money and zero penalties. Not one dollar. Whew! I'm glad they were punished! They won't do THAT again!
The U.S. is really in late-stage empire breakdown. I don't think there is any significant enforcement of any laws whatsoever against companies and people that are reasonably well connected. The only thing keeping the society from total breakdown is inertia.
Perhaps the problem isn't that there's no one to watch the watchmen, but that we're over-reliant on watchmen.
You don't need the FTC to keep Facebook from sharing your private information.
I'm not saying Facebook did nothing wrong, and I'm not saying the FTC is doing nothing wrong now. I'm saying that none of it matters if you delete your own account.
You don't need to worry about who's watching the watchmen when you watch out for yourself. (Can anyone translate that to Latin?)
"Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful."
The FTC exists to enforce that. Now, it's fashionable nowadays for the ill-informed to insist that government is worthless, but in fact this law and similar ones underly every aspect of American society and you owe everything to have to their existence. Without government anti-fraud efforts, commerce does not exist, full stop.
Private enterprise are the applications. Government is the operating system.
But let's take another look at your point: your argument is that I should right now go and delete my account a couple years ago because I know today that Facebook was lying a couple years ago. For everyone who has a time machine, that is a good remedy - it will solve the problem for those people admirably. For those that don't, we need effective government enforcement of anti-fraud laws.
Noli loqui et non servant custodibus
or "Watch your mouth instead of the watchmen".
I guess this was a very complex way of disagreeing with you that "none of it matters".
The FTC is empowered to enforce that with a variety of penalties, including extensive fines.
I know, society is breaking down, kids are getting more disrespectful, things are more expensive, the end of the world is upon us, etc :) You taking your lifetime to come to a realization about the state of the world does not make the realization less true before you had it. It's a memory glitch. Jump back 100 years, it's the same shit.
Yep. Jump back 100 years, and you're in the breakdown of the British empire. And look what we became, a pointless, miserable lame-duck nation utterly yoked to the next empire that rose after us, the USA.
Now you guys are gonna be yoked to the next empire, China.
Have fun with that!
I'll maybe catch you on a beach in Brazil, where hopefully things will be cool. Fingers crossed.
In this day and age I think we can let it slide.
Just a guess.
Mind you, I'm not arguing for a lack of regulation. Rather, that this is what much regulation seems to be reduced to, these days. Sadly.
The fact that there was, according to you, no binding contract, has no bearing on the question of whether they lied or not. They did lie. Case closed.
Your comment confuses basic contract legal principles with privacy rules. This isn't a contract matter; it's a matter of public policy.
You can get started learning why here: http://business.ftc.gov/legal-resources/29/35
If I tell you I'll pick you up at 6 and have no intention of doing it, that's a lie. It's not illegal but it is a lie.
When O when will we get regulators with some distance from those they are regulating? (I'm looking at you SEC.)
Also, they settled and all is good between the FTC and Facebook.
Oh, that's an easy one.
You commit fraud if you make any intentional deception in order to benefit yourself, or to harm others. If you intentionally make public commitments that turn out to be false, and you thereby cause some harm to another person, you have committed a fraud.
The FTC is empowered to enforce criminal and civil penalties for fraud on behalf of consumers. From the FTC website: "When the FTC was created in 1914, its purpose was to prevent unfair methods of competition in commerce as part of the battle to bust the trusts. Over the years, Congress passed additional laws giving the agency greater authority to police anticompetitive practices. In 1938, Congress passed a broad prohibition against unfair and deceptive acts or practices.”
From the FTC's Facebook settlement statement, it's perfectly clear that the FTC believes that Facebook is guilty of committing widespread and repeated deceptions in violation of the law.
The settlement itself is tantamount to saying that Facebook has had its last warning, and is on very thin ice with the FTC.
Feel free to complain about whether such a "penalty" is effective. We won't really know until the next time Facebook breaks the law.
Privacy is a civil good but it is a fine line to walk indeed to punish an innovator during a recession. Where's the happy medium?
This is not even close to a fine line. The fact that Facebook may be an innovator or the fact that we may be in a recession have nothing to do with their legal responsibilities to their users. If they have violated those responsibilities they should be punished appropriately regardless of the current economic situation, and them being an "innovator" is totally irrelevant. Should we allow innovative companies to dump toxic waste or employ racist hiring policies, for example?
My happy medium, based on my own sense of justice: give Facebook a year to implement systems that actually protect users' privacy (what that would entail is yet another discussion). If they don't comply, hit them with a hefty fine. We get our privacy, Facebook gets to keep its money - some of which was earned by neglecting our privacy.
Opt-outs should be a privilege that is lost when you repeatedly and intentionally violate federal law.
Or Google, Apple, Twitter, Microsoft, Adobe, and thousands of smaller companies who data mine user accounts and change terms of service every day.
I used to have a subscription to The Economist. Recently I purchased an issue at Kroger. Two weeks later a special subscription offer appears in my mailbox - the first marketing material in they have sent in at least three years.
What Facebook did is the bread and butter of today's business - even if it sucks.
As far as I can tell, most people using FB are trying to communicate with their friends (as they previously did via letter, telephone and email), not broadcast every personal detail and thought to potentially any person or organization connected to the web.
Alas they are not well informed that by sending all their communications through Zuckerberg's website, this is in effect what they are doing.
That lack of understanding is something the FTC can address.
So to comply with the FTC's requests, FB will make more disclosures.
But the problem remains. FB, whether intentionally or not, is receiving far too much private information and private conversation, and it's all being channeled over the web.
The value Facebook gets from the data is _sharing_ it with others: advertisers, various organisations devoted to catching bad guys, app developers, etc. It is not "private" by any stretch of the imagination.
Even if they purport to restrict access to a profile to certain users, a determined hacker can get around that.
This is a company that is trying to get into your email inbox at every possible opportunity. The concepts of "Facebook" and "privacy" are irreconcilable in my view. Even regardless of their ethics, there is an underlying architectural problem.
The successor to Facebook, which will offer real privacy, not the imaginary kind FB is pitching, will not be another centralised public website.
The independent third-party auditor will give Facebook a stamp of approval, both in the next 180 days and every two years thereafter, because the independent third-party auditor wants the repeat business.
Same thing goes for any regulation that depends on a third party, really. I mean, over the last six years how often is a 409a valuation not to the board's liking? Somehow, magically, the auditors collect their fees from the company and then independently deliver an acceptable answer.
Might as well not have the regulations - or just fine the company something meaningful - instead of engaging in this goofy kabuki theatre.
Accountants supposedly are employed by shareholders, but in practice are employed by executives. This makes auditing problematic, but it does have some value. The bigger problem there is the big four's oligopoly: they are too big to fail.
Not saying it is good or bad (kind of depends on who the contracting company is), but it is very common and pretty much standard business for the government.
"barred from making misrepresentations about the privacy or security of consumers' personal information;"
Is this implying companies are allowed to lie? Seems redundant.
The proposed order also contains standard record-keeping provisions to allow the FTC to monitor compliance with its order.
and then further down:
Each violation of such an order may result in a civil penalty of up to $16,000.
I really hope that's up to $16,000 per person for each violation.
The fix is in.
- required to prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account;
Does this include people that have already deleted their account? Does this also include Government agencies and such from seeing the >30 day deleted data? I'd like to know that after permanently deleting my account all my stuff is gone, but I don't really see anywhere that says that's true. Meaning the site is still destroying my privacy even after I've decided to have nothing to do with the account.
When I created an account with HN using Google account via ClickPass, one of the screen steps before I grant access to ClickPass, Google advised me to not grant it and if I do it I can cancel it any time which it will prevent ClickPass to access to my account information and my password.
This warning statement is not new; it’s there everywhere when you grant any application to use your Facebook, Twitter, Google ... etc accounts.
In the mean time Google Search is nothing without us, because "we are the product", they sell (us to third parties or Governments) or use our "private information" or what they told us it’s private without approval from us.
Facebook is doing same thing and that’s why their entire business model under fire in the EU. http://venturebeat.com/2011/11/28/facebook-advertising-eu/ Do you remember what happened in 2008 with Google’s Evil EULA (http://www.theregister.co.uk/2008/09/03/google_chrome_eula_s...)?
Now, are we "the product" still having any privacy? Are we safe? How far we can trust those businesses?
Should we keep using their services; and later complain about how evil their Terms and conditions or EULA are???
This is assuming Facebook will be around in 20 years.
This binds successor corporations operating Facebook's business and thus changes the potential value of Facebook as an acquisition target (and thus as a retail investment choice when it becomes publicly traded).
the monitoring is facebook telling the ftc - we are all cool over here bro and the ftc taking them at their word
Why do people treat them like contracts?
In Europe, however, privacy policies play a significant legal role in terms of complying with privacy and data protection legislation.
Facebook has its international HQ in Europe and deals with personal data about EU citizens, and is thus subject to EU rules as well as US ones.
FB should not be blamed for sharing information that others freely share with FB. It's ridiculous. It's even more ridiculous to think that government regulation is somehow needed to protect privacy. How absurd.
"I keep using this service and they don't do what I want! But I keep sharing my information with them."
Come on. At a certain point, individuals need to accept that THEY maintain a relationship with FB as well.
Your bank should not be blamed for sharing information that you freely share with your bank?
Your doctor should not be blamed for sharing information that you freely share with your doctor?
Law enforcement should not be blamed for sharing information that you freely share with law enforcement?
