The Wall Street Journal
Two House members asked Facebook Inc. for more details about the way applications on the social network handle user information, following revelations of new privacy concerns.
U.S. Reps. Edward Markey (D., Mass.) and Joe Barton (R., Texas) sent Facebook Chief Executive Mark Zuckerberg a letter expressing concerns that "third-party applications gathered and transmitted personally identifiable information about Facebook users and those users' friends." The two representatives are co-chairmen of the House Bipartisan Privacy Caucus.
Their letter follows an article in Monday's Wall Street Journal highlighting a potential privacy loophole in many of the most popular applications on Facebook. The Journal reported apps were transmitting identification numbers for users and their friends to dozens of advertising and Internet tracking companies. The ID numbers can be used to look up a user's real name, and sometimes other information users have made public, and potentially tie it to their activity inside the apps.
Given Facebook's 500 million users and the amount of information they post on the site, "this series of breaches of consumer privacy is a cause for concern," the lawmakers wrote.
The letter asked Mr. Zuckerberg how many users had been affected by the breach, when Facebook became aware of it, and what changes Facebook plans in order to deal with the problem, among other questions. Facebook must respond by Oct. 27.
In August, Reps. Markey and Barton requested information about data-collection practices from 15 websites identified by the Journal as installing the most tracking technology on visitors' computers.
A Facebook spokesman said the company looked forward "to addressing any confusion" and working with the congressmen. "The suggestion that the passing of a user ID to an application, as described in Facebook's privacy policy, constitutes a 'breach' is curious at best," he said.
In a blog post Sunday night, Facebook executive Mike Vernal said that passing along user IDs violated the company's policies. "In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work," he wrote.
Still, he said Facebook was "committed to ensuring that even the inadvertent passing of (user IDs) is prevented and all applications are in compliance with our policy."
Mr. Vernal played down the potential risks, writing that knowing a user's ID "does not enable anyone to access private user information without explicit user consent."
Privacy watchdogs called on Facebook to improve privacy controls regarding applications. "Facebook needs to stop addressing this problem with secret 'policy enforcement' and start putting choices and control" in users' hands, wrote Chris Conley, a fellow at the American Civil Liberties Union of Northern California.
At least some of the apps that Facebook shut down after Journal queries into privacy breaches were reinstated by Monday.
"We're back!" wrote Arjun Sethi, the CEO of LOLapps Media Inc., in a blog post. LOLapps makes applications like Gift Creator, which has 3.5 million monthly active users. His company's apps were shut down Friday, after the Journal had found that some LOLapps applications were transmitting users' Facebook ID numbers to a company called RapLeaf Inc., which then sent them with other personal details to a dozen other advertising and data firms. RapLeaf said the transmission was inadvertent.
LOLapps' Mr. Sethi said the company didn't intend to pass along user IDs. He didn't say that the problem was what led to the apps being shut down.
He also wrote that LOLapps had "immediately dissolved" the relationship that had caused it to run afoul of Facebook. He didn't specify whether that relationship was with RapLeaf.
U.S. Reps. Edward Markey (D., Mass.) and Joe Barton (R., Texas) sent Facebook Chief Executive Mark Zuckerberg a letter expressing concerns that "third-party applications gathered and transmitted personally identifiable information about Facebook users and those users' friends." The two representatives are co-chairmen of the House Bipartisan Privacy Caucus.
Their letter follows an article in Monday's Wall Street Journal highlighting a potential privacy loophole in many of the most popular applications on Facebook. The Journal reported apps were transmitting identification numbers for users and their friends to dozens of advertising and Internet tracking companies. The ID numbers can be used to look up a user's real name, and sometimes other information users have made public, and potentially tie it to their activity inside the apps.
Given Facebook's 500 million users and the amount of information they post on the site, "this series of breaches of consumer privacy is a cause for concern," the lawmakers wrote.
The letter asked Mr. Zuckerberg how many users had been affected by the breach, when Facebook became aware of it, and what changes Facebook plans in order to deal with the problem, among other questions. Facebook must respond by Oct. 27.
In August, Reps. Markey and Barton requested information about data-collection practices from 15 websites identified by the Journal as installing the most tracking technology on visitors' computers.
A Facebook spokesman said the company looked forward "to addressing any confusion" and working with the congressmen. "The suggestion that the passing of a user ID to an application, as described in Facebook's privacy policy, constitutes a 'breach' is curious at best," he said.
In a blog post Sunday night, Facebook executive Mike Vernal said that passing along user IDs violated the company's policies. "In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work," he wrote.
Still, he said Facebook was "committed to ensuring that even the inadvertent passing of (user IDs) is prevented and all applications are in compliance with our policy."
Mr. Vernal played down the potential risks, writing that knowing a user's ID "does not enable anyone to access private user information without explicit user consent."
Privacy watchdogs called on Facebook to improve privacy controls regarding applications. "Facebook needs to stop addressing this problem with secret 'policy enforcement' and start putting choices and control" in users' hands, wrote Chris Conley, a fellow at the American Civil Liberties Union of Northern California.
At least some of the apps that Facebook shut down after Journal queries into privacy breaches were reinstated by Monday.
"We're back!" wrote Arjun Sethi, the CEO of LOLapps Media Inc., in a blog post. LOLapps makes applications like Gift Creator, which has 3.5 million monthly active users. His company's apps were shut down Friday, after the Journal had found that some LOLapps applications were transmitting users' Facebook ID numbers to a company called RapLeaf Inc., which then sent them with other personal details to a dozen other advertising and data firms. RapLeaf said the transmission was inadvertent.
LOLapps' Mr. Sethi said the company didn't intend to pass along user IDs. He didn't say that the problem was what led to the apps being shut down.
He also wrote that LOLapps had "immediately dissolved" the relationship that had caused it to run afoul of Facebook. He didn't specify whether that relationship was with RapLeaf.
