Facebook to fight privacy complaint with help of former FTC chairman

Update ribbon (small)

2:15 pm EDT May 10, 2010 · Facebook has indicated to press sources that it has not brought on former FTC chairman Timothy Muris as an employee, as has been reported elsewhere. Muris is an attorney with O'Melveny & Myers, LLP.


In a signal that Facebook is taking the messages of last week seriously -- messages that included a privacy complaint filed last week with the US Federal Trade Commission by the Electronic Privacy Information Center (EPIC) (PDF available here) -- the San Jose Business Journal broke the news that it has hired Timothy Muris, the former chairman of the FTC under President Bush, presumably as its privacy point man.

According to his current biography from his Washington law firm, Muris has devoted nearly four decades as a prominent defender of consumers' rights, including a three-year stint as director of the FTC's Bureau of Consumer Protection under President Reagan. One of his crowning achievements as FTC Director was the creation and implementation of the National Do Not Call Registry, which protects individuals against repeated, unwanted calls by telemarketers. Just last week, Muris was the recipient of a nationally recognized award for his lifelong contributions to antitrust law and enforcement.

EPIC is the organization which last year filed an FTC complaint against Google for its apparently inadvertent disclosure of Google Docs users private information. It then followed up with a complaint last February against Google Buzz, whose social network setup tended to reveal users' most common Gmail recipients before they realized it would do so. Neither complaint has made much traction with the FTC itself, although public awareness of the existence of those complaints did appear to impact Google's public policy.

But whereas Google's response was to make changes and fixes to its software, Facebook's plan seems to be to mount a stern public defense against the notion that it doesn't care about privacy -- a notion made more relevant by reports by Wired and others citing sources close to Facebook CEO Mark Zuckerberg as "not believing" in privacy.

EPIC's latest complaint concerns how Facebook has loosened its privacy policy over the years, most recently with respect to the implementation of Zuckerberg's Graph API and its cross-site "Like" system, without giving existing users who had been protected by stronger privacy settings the option of opting out.

In a demonstration of recent privacy changes revealed only after a deep drilling down through Facebook's settings' description, EPIC's May 5 complaint states, "After the material changes made by Facebook, a user is now forced to 'link' or 'connect' personal profile items that were previous protected under the Facebook privacy policy. As a consequence, these items become viewable by everyone. This is because Facebook made these pages 'public' that 'can be accessed by applications.' Facebook states that 'if you don't link to any pages, these sections on your profile will be empty. By linking your profile to pages, you will be making these connections public.' Facebook states that now Web sites and applications will have access to 'publicly available information. This includes your Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages.' Thus, Facebook has designated as made "publicly available" information that had previously been protectable under users' privacy settings. This includes information about users' hometown, education, work, activities, likes and interests, and, in some cases, likes and recommendations from non-Facebook pages around the Web.

"Facebook's privacy settings and privacy policy are inconsistent with the site's information sharing practices," EPIC continues, "and Facebook misleads users into believing that users can still maintain control over their personal information."

Last week, TechCrunch Europe's Steve O'Hear reported on his discovery of a security hole that enabled any Facebook user to tap into the live chats of friends of other Facebook users. The security hole has since been plugged, at least mostly; but so has some of the evidence of its existence, as YouTube removed TechCrunch's video showing how the exploit worked.

That same week, IBM researcher Matt McKeon posted a series of graphs depicting the dissemination of information through the Internet as a kind of onion, radiating from the center ("you") through to the Internet at large. The graph evolves to show how much personal information shared with Facebook is now revealed by default, based on the service's loosened privacy policies, over the last five years. The graph was inspired by a commentary by Electronic Frontier Foundation staff attorney Kurt Opsahl citing Facebook's six different privacy policies over that same period.

"No personal information that you submit to Thefacebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings," read the original service's policy (and its original name) in 2005. That policy was replaced last month with a paragraph that begins: "When you connect with an application or website it will have access to General Information about you."

© 1998-2014 BetaNews, Inc. All Rights Reserved. Privacy Policy.