Risk
9/12/2013
11:58 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Facebook Privacy Changes: FTC Steps In

Regulators will probe whether Facebook's privacy changes violate an agreement as part of routine compliance monitoring.

10 Facebook Features To Help You Get Ahead
10 Facebook Features To Help You Get Ahead
(click image for larger view)
The Federal Trade Commission confirmed Wednesday that it will review Facebook's latest changes to its privacy policies to determine whether they violate a 2011 agreement with federal regulators.

The changes, which Facebook announced August 29, provide more information about its advertising policies and facial recognition feature. According to the updated document, Facebook users now agree to permit businesses to pay the social network to display your name and profile picture with your content or information without any compensation to you. The updated wording of the policy states that by using Facebook, you are agreeing to these terms.

The updates also describe how the company uses facial recognition technology to identify you in your friends' photos and to suggest that friends tag you. It's this photo tagging feature that the FTC plans to investigate, according to FTC spokesman Peter Kaplan.

[ How can your privacy settings protect you from nosy Facebook searchers? Read Three Facebook Privacy Settings to Check. ]

Kaplan said the FTC had no reason to believe that the company had violated the 2011 agreement but that it was "monitoring compliance with the order and part of that involves interacting with Facebook." He said that Facebook never approached the FTC beforehand about the proposed changes.

Facebook said that the FTC was informed of the new language just before it was posted to its blog, and that it complied with both the 2011 agreement and this year's class-action settlement. Facebook is not required to submit changes to its privacy and data use policy to the FTC.

According to the 2011 agreement, the social network is required to get the explicit consent of its users before exposing their private information to new audiences. Privacy advocates say that the Tag Suggest feature violates that agreement. Facebook spokeswoman Jodi Seth said in a statement to InformationWeek that the updates were intended to better explain its policies. "We were not required to change our policies and we have not done so. The updates to our Data Use Policy were language clarifications to better explain our policies," she said.

Facebook's new policy proposal came after a San Francisco judge approved a $20 million settlement that resolved claims that Facebook featured users' images in its Sponsored Stories advertisements without payment or permission.

Shortly after Facebook announced the proposed changes, a group of six privacy advocates sent a letter to the FTC requesting that it block the changes because they violated Facebook's current policies. The privacy groups that signed off on the letter included the Electronic Privacy Information Center, the Center for Digital Democracy and the Privacy Rights Clearinghouse, among others.

"The right of a person to control the use of their image for commercial purposes is the cornerstone of modern privacy law," the groups wrote. "It requires 'Alice in Wonderland' logic to see this as anything but a major setback for the privacy rights of Facebook users."

Facebook announced late last week that it had decided to delay the proposed policy changes, and that it anticipated the new date would be "in the coming week." The FTC's new involvement suggests the date may be pushed further back.

"We are taking the time to ensure that user comments are reviewed and taken into consideration to determine whether further updates are necessary and we expect to finalize the process in the coming week," the social network said in a statement.

The Interop New York Conference and Expo, Sept. 30-Oct. 4, 2013, provides the knowledge and insight to help IT and corporate decision-makers bridge the divide between technology and business value. Through three days of educational conference sessions, two days of workshops, real-world demonstrations on the Expo Floor and live technology implementations in its unique InteropNet program, Interop New York provides the forum for the most powerful innovations and solutions the industry has to offer.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
radkoaleks
50%
50%
radkoaleks,
User Rank: Apprentice
9/14/2013 | 11:23:14 PM
re: Facebook Privacy Changes: FTC Steps In
Sure this will be a long story and Facebook owners don't care at all about what some people thinking about privacy.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
9/12/2013 | 8:59:53 PM
re: Facebook Privacy Changes: FTC Steps In
Let's hope the FTC entered the fray with its dentures affixed firmly. All too often it departs toothless.
chrisp114
50%
50%
chrisp114,
User Rank: Apprentice
9/12/2013 | 6:41:59 PM
re: Facebook Privacy Changes: FTC Steps In
Everyone should know that it doesn't really matter what changes facebook makes to its privacy agreement. The very nature of fb means that they will always violate our privacy. This is why I use Ravetree, DuckDuckGo, and other sites that don't violate my privacy.
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
9/12/2013 | 6:20:14 PM
re: Facebook Privacy Changes: FTC Steps In
While I am not usually a proponent for government getting involved in something like this, I am glad to see the FTC step in here and at least review the changes and possibly try to protect users to the best of its ability.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3971
Published: 2014-12-25
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

CVE-2014-7193
Published: 2014-12-25
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site ...

CVE-2004-2771
Published: 2014-12-24
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVE-2014-3569
Published: 2014-12-24
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...

CVE-2014-4322
Published: 2014-12-24
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.