Risk
9/12/2013
11:58 AM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Facebook Privacy Changes: FTC Steps In

Regulators will probe whether Facebook's privacy changes violate an agreement as part of routine compliance monitoring.

10 Facebook Features To Help You Get Ahead
10 Facebook Features To Help You Get Ahead
(click image for larger view)
The Federal Trade Commission confirmed Wednesday that it will review Facebook's latest changes to its privacy policies to determine whether they violate a 2011 agreement with federal regulators.

The changes, which Facebook announced August 29, provide more information about its advertising policies and facial recognition feature. According to the updated document, Facebook users now agree to permit businesses to pay the social network to display your name and profile picture with your content or information without any compensation to you. The updated wording of the policy states that by using Facebook, you are agreeing to these terms.

The updates also describe how the company uses facial recognition technology to identify you in your friends' photos and to suggest that friends tag you. It's this photo tagging feature that the FTC plans to investigate, according to FTC spokesman Peter Kaplan.

[ How can your privacy settings protect you from nosy Facebook searchers? Read Three Facebook Privacy Settings to Check. ]

Kaplan said the FTC had no reason to believe that the company had violated the 2011 agreement but that it was "monitoring compliance with the order and part of that involves interacting with Facebook." He said that Facebook never approached the FTC beforehand about the proposed changes.

Facebook said that the FTC was informed of the new language just before it was posted to its blog, and that it complied with both the 2011 agreement and this year's class-action settlement. Facebook is not required to submit changes to its privacy and data use policy to the FTC.

According to the 2011 agreement, the social network is required to get the explicit consent of its users before exposing their private information to new audiences. Privacy advocates say that the Tag Suggest feature violates that agreement. Facebook spokeswoman Jodi Seth said in a statement to InformationWeek that the updates were intended to better explain its policies. "We were not required to change our policies and we have not done so. The updates to our Data Use Policy were language clarifications to better explain our policies," she said.

Facebook's new policy proposal came after a San Francisco judge approved a $20 million settlement that resolved claims that Facebook featured users' images in its Sponsored Stories advertisements without payment or permission.

Shortly after Facebook announced the proposed changes, a group of six privacy advocates sent a letter to the FTC requesting that it block the changes because they violated Facebook's current policies. The privacy groups that signed off on the letter included the Electronic Privacy Information Center, the Center for Digital Democracy and the Privacy Rights Clearinghouse, among others.

"The right of a person to control the use of their image for commercial purposes is the cornerstone of modern privacy law," the groups wrote. "It requires 'Alice in Wonderland' logic to see this as anything but a major setback for the privacy rights of Facebook users."

Facebook announced late last week that it had decided to delay the proposed policy changes, and that it anticipated the new date would be "in the coming week." The FTC's new involvement suggests the date may be pushed further back.

"We are taking the time to ensure that user comments are reviewed and taken into consideration to determine whether further updates are necessary and we expect to finalize the process in the coming week," the social network said in a statement.

The Interop New York Conference and Expo, Sept. 30-Oct. 4, 2013, provides the knowledge and insight to help IT and corporate decision-makers bridge the divide between technology and business value. Through three days of educational conference sessions, two days of workshops, real-world demonstrations on the Expo Floor and live technology implementations in its unique InteropNet program, Interop New York provides the forum for the most powerful innovations and solutions the industry has to offer.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
9/12/2013 | 6:20:14 PM
re: Facebook Privacy Changes: FTC Steps In
While I am not usually a proponent for government getting involved in something like this, I am glad to see the FTC step in here and at least review the changes and possibly try to protect users to the best of its ability.
chrisp114
50%
50%
chrisp114,
User Rank: Apprentice
9/12/2013 | 6:41:59 PM
re: Facebook Privacy Changes: FTC Steps In
Everyone should know that it doesn't really matter what changes facebook makes to its privacy agreement. The very nature of fb means that they will always violate our privacy. This is why I use Ravetree, DuckDuckGo, and other sites that don't violate my privacy.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
9/12/2013 | 8:59:53 PM
re: Facebook Privacy Changes: FTC Steps In
Let's hope the FTC entered the fray with its dentures affixed firmly. All too often it departs toothless.
radkoaleks
50%
50%
radkoaleks,
User Rank: Apprentice
9/14/2013 | 11:23:14 PM
re: Facebook Privacy Changes: FTC Steps In
Sure this will be a long story and Facebook owners don't care at all about what some people thinking about privacy.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3341
Published: 2014-08-19
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVE-2014-3464
Published: 2014-08-19
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers ...

CVE-2014-3472
Published: 2014-08-19
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

CVE-2014-3490
Published: 2014-08-19
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have...

CVE-2014-3504
Published: 2014-08-19
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.