Sen. Schumer suggests FTC take charge of Facebook's, others' privacy policies

Amid news yesterday of a discovery by an independent programmer of what appeared to be another door left open for Web apps to access Facebook users' personal data, Sen. Chuck Schumer (D - N.Y.) called upon the Federal Trade Commission to take the next step in forming the equivalent of a US "privacy commissioner."

It was the first step in a one-two punch, as Sen. Schumer later joined three other Democrat senators in penning a letter to Facebook CEO Mark Zuckerberg, calling upon him to make his site's privacy policy clearer and tighter, in order to give the FTC less to scrutinize.

"I am asking the FTC to use the authority given to it to examine practices in the disclosure of private information from social networking sites and to ensure users have the ability to prohibit the sharing of personal information," reads the statement from Schumer's office yesterday. "If the FTC feels it does not have the authority to do so under current regulations, I will support them in obtaining the tools and authority to do just that."

The press office cited recent Facebook issues only made more prominent after last week's unveiling of the Open Graph platform, which enables other Web sites to opt into Facebook's sharing system through the inclusion of codes in their <META> tags and new API function calls. The functionality is being marketed to prospective Facebook partners as instant personalization. As Facebook's updated privacy policy reveals, users can indeed opt out of other sites' or applications' instant personalization...on an app-by-app basis.

That means users of sites where Facebook's "Like" system has just been deployed, will be instantly personalized...until they explicitly report they'd prefer not to be, thank you very much.

"We appreciate that Facebook is attempting to integrate the functionality of several popular Web sites, and that Facebook has carefully selected its initial partners for its new 'instant personalization' feature," reads the Democrat leaders' letter to Zuckerberg, reprinted this morning by Politico. "We are concerned, however, that this feature will now allow certain third party partners to have access not only to a user's publicly available profile information, but also to the user's friend list and the publicly available information about those friends. As a result of the other changes noted above, this class of information now includes significant and personal data points that should be kept private unless the user chooses to share them. Although we are pleased that Facebook allows users to opt-out of sharing private data, many users are unaware of this option and, moreover, find it complicated and confusing to navigate. Facebook should offer users the ability to opt-in to sharing such information, instead of opting out, and should make the process for doing so more clear and coherent."

Also signing their name to this morning's letter were Sens. Michael Bennet (D - Colo.), Mark Begich (D - Ark.), and Al Franken (D - Minn.). The senators closed by saying they look forward to the FTC examining this and the other issues they raised, but would hope Facebook would act in the meantime.
The discovery that some private data may be inadvertently shared by Facebook anyway was made by a Google employee named Ping, who posted to his Web site this Facebook app. Essentially, the app acts as a catalog that reveals every data item that is publicly accessible through Facebook's API (which Ping identifies as the Graph API, but which has actually been a part of Facebook's platform since before last week).

On Monday, Ping wrote, "Yesterday, I discovered something strange while playing with Facebook's new Graph API: The API was showing a list of my events, and it seemed that anyone could get this list. Today, I spent a while checking to make sure I wasn't crazy. I didn't opt in for this. I even tried setting all my Privacy Settings for maximum privacy. But Facebook is still exposing the list of events I've attended, and maybe your events too."

Ping accompanied his post with a screenshot of some of Mark Zuckerberg's personal events, pulled up through his API tool.

Betanews tried using the tool to verify Ping's claims, especially since he later reported that the tool works for some people and not for others. For us, it did not reveal personal data for accounts where personal data was blocked, for any account we tested. In other words, at least for us, Facebook was doing its job.

Early Tuesday morning, Ping reported back that the tool is no longer revealing anyone's events. "Thanks to the Facebook folks for improving their stuff!" he wrote. Commenters to Ping's blog also noted that users' events that were exposed over the weekend, do not appear to be exposed now.

Either a certain someone read that letter, or he may be getting a very interesting visitor. The Hill's Kim Hart reported this morning that Deputy Secretary of Defense William Lynn will convene a special meeting on cybersecurity, at Zuckerberg's office in Palo Alto.