Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Facebook's FTC Deal: 8 Things To Expect

Federal Trade Commission settlement allows Facebook to maintain some privacy policies, but also mandates key changes. Here's what users should know.

How will Facebook's privacy and security settings change?

The Federal Trade Commission (FTC) announced Tuesday a proposed settlement with Facebook. The action stems from allegations that the social network "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public," according to the FTC.

Facebook had labeled some of those privacy changes as its response to consumers who were clamoring for a simpler way to control their privacy settings. But the Electronic Privacy Information Center (EPIC) and other consumer-rights group saw it differently and filed complaints with the FTC, which investigated Facebook and hit it with an eight-count indictment.

"Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users," said Jon Leibowitz, the chairman of the FTC, in a statement announcing the settlement. "Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not."

[ Can consumers' privacy interests be balanced with Web companies' requirements for user data? Learn more in W3C Proposes Do Not Track Privacy Standard. ]

Here, then, are some security and privacy changes to expect from Facebook in the wake of the settlement:

1. Privacy settings won't revert: Privacy groups, including EPIC, had called on the FTC to "restore users' privacy settings to pre-2009 levels," and then obtain explicit consent from users to change those settings. Instead, Facebook gets to keep its most recent privacy settings, which expose most private information by default, in place.

2. Consumers will opt-in to future changes: Going forward, according to the FTC settlement, Facebook will be "required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences."

3. Breaking up will be easier: The FTC settlement also requires that Facebook "required prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account."

4. Little contrition: Commenting on the settlement, "I'm the first to admit that we've made a bunch of mistakes," said Facebook founder and CEO Mark Zuckerberg in a blog post. But he argued that on balance, Facebook had offered a good balance of "transparency and control over who can see your information," despite a few missteps. "In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done," he said.

5. Internal processes get more privacy-centric: "The FTC also recommended improvements to our internal processes," said Zuckerberg in his blog post. "We've embraced these ideas, too, by agreeing to improve and formalize the way we do privacy review as part of our ongoing product development process. As part of this, we will establish a biannual independent audit of our privacy practices to ensure we're living up to the commitments we make." That's necessary, since Facebook must submit to third-party audits beginning in 180 days, followed by once every two years, to ensure that its privacy program complies with the FTC settlement requirements.

6. Facebook faces $16,000 fines: The FTC settlement says that Facebook will be hit with a $16,000 fine for every violation. For a company that's valued at about $100 billion, that's pocket change. But multiplying the number of affected users by the violation could result in steep penalties, not to mention bad publicity.

7. Facebook adds privacy executives: Zuckerberg announced that attorney Erin Egan will fill the company's new "chief privacy officer for policy" role, while Facebook's current chief privacy counsel, Michael Richter, will become its "chief privacy officer for products." According to Zuckerberg, Richter and his team "will work to ensure that our principles of user control, privacy by design, and transparency are integrated consistently into both Facebook's product development process and our products themselves," which paraphrases what the FTC settlement requires.

8. Facebook likely won't stumble again: Did the government get a fair deal out of Facebook? Will Facebook learn to not run afoul of the FTC in the future? In response to both questions, it's interesting that the social network now counts former FTC chair Timothy Muris as a lobbyist, while former FTC commissioner Mozelle Thompson is Facebook's "chief privacy adviser," reported Gawker. The implication: One way or another, don't expect Facebook to get caught over future privacy changes.

In today's uncertain and highly scrutinized financial services industry, achieving effective risk management is vital for survival. The report examines the need for enterprise risk management, the benefits of holistic data management, and ERM best practices. Download the report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
sfcopywriter
50%
50%
sfcopywriter,
User Rank: Apprentice
12/1/2011 | 2:59:44 AM
re: Facebook's FTC Deal: 8 Things To Expect
I don't know if it's a fair deal or not, but having some black and white terms regarding privacy and clear penalties - here's hoping that the $16K will be multiplied per affected user, like you suggest - can only be a good thing when you consider that Facebook may be filing for an IPO in the very near future. Someone has to reign them in. Once they're public, will they be able to resist the lure of short-term profits and continue to think long-term about user experience? I don't know, but it scares me. I just don't want the things mentioned in this article - Will Facebook Be Free Forever? http://blog.sfcopywriter.com/2... - to come true.
ericabritt
50%
50%
ericabritt,
User Rank: Apprentice
12/1/2011 | 1:44:05 AM
re: Facebook's FTC Deal: 8 Things To Expect
There are still important facts left out of this. The settlement doesnGt stop Facebook from talking you all over the internet. I wonGt argue that this isnGt a fair step in the right direction, but what about protecting us everywhere else? More on the tracking side of the story here: http://www.abine.com/wordpress...
Bprince
50%
50%
Bprince,
User Rank: Ninja
11/30/2011 | 8:57:01 PM
re: Facebook's FTC Deal: 8 Things To Expect
Google+ may also put some pressure on Facebook to stay on top of privacy issues as Google builds it out.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.