The Facebook FTC Privacy Settlement: What we need to know

The recent settlement that was reached by Facebook and the Federal Trade Commission was the work of ten complainants who filed with the FTC in 2009.

The settlement has started a public buzz...but why? Who even understands what it is that we are supposed to be buzzing about?

Most experienced web surfers are clearly aware that Facebook is an urban legend of egregious, false and deceptive statements, promises, "mistakes" and plots. Facebook users expect their privacy to be violated now and well into the future.

But if anyone expects the recent settlement to make sense, it takes some light reading of the 8 counts and a reminder of the specific problems that occurred between 2008 and 2010.

Here are the specific settlement details:

The FTC can impose a $16,000 fine for every count and every day of settlement violation. Considering that over 800 million users could be affected, this is a powerful incentive to straighten up.

Facebook will be audited for the next 20 years. The first audit will happen in 180 days, barring any stalling or problems.

Facebook cannot misrepresent the privacy or security of consumer's personal information.

The member's "affirmative express consent" must be given before Facebook makes any change that will override their privacy settings or privacy preferences.

When a user deletes their account, Facebook cannot allow anyone to access the material in that account after 30 days have passed.

Facebook has to "establish and maintain" a comprehensive privacy program. The program must be designed to deal with privacy risks on three planes: development and management of existing products and services; development and management of new products and services; and general protection of consumer privacy and confidentiality.

Count One involves Facebook's deceptive privacy settings.

The count gives a thorough description of your Facebook profile page and privacy settings pages. It describes what customers were told about those pages and how they work.

Then the count describes the deception that was used to cover for privacy violations. In other words, customers were told that they had complete control over who accessed their information when Facebook was opening undisclosed back doors or overriding the choices.

Counts Two and Three involve unfair and deceptive privacy changes in 2009.

"As described in Paragraphs 19-26, by designating certain user profile information publicly available that previously had been subject to privacy settings, Facebook materially changed its promises that users could keep such information private.

Facebook retroactively applied these changes to personal information that it had previously collected from users, without their informed consent, in a manner that has caused or has been likely to cause substantial injury to consumers, was not outweighed by countervailing benefits to consumers or to competition, and was not reasonably avoidable by consumers. This practice constitutes an unfair act or practice."

Count Four covers application platforms accesses to Facebook user's information.

"Facebook has disseminated or caused to be disseminated numerous statements to users stating that Platform Applications they use will access only the profile information these applications need to operate,"

In truth, Facebook had been giving the applications full and complete access to profile information.

Count Five covers disclosure of user information to advertisers.

Facebook promised not to share personal information with advertisers. But the personal information was shared, allowing advertisers to use "targeted information" and to send advertising to each person's pages.

What is disturbing is that this is the information that was ultimately shared with advertisers:

Users real name, Location, age, sex, birthday, "interested in", "likes", "status", education and name of employer.

The nasty trick is that the genie is out of the bottle! This information has already been gotten for hundreds of millions of Facebook customers. The FTC claims it has no power to issue fines or sanctions that will ever apply to the past violations.

Count Six covers Facebook's deceptive verified apps program.

During 2009, Facebook collected fees from applications providers that ranged from $375 or a full business to $175 for a student nonprofit program. The applications had a dandy green check mark on them.

Facebook told everyone that the verified apps had been checked to confirm that they had more security than regular apps.

Here is what the FTC found:

"Contrary to the statements set forth in Paragraph 46, before it awarded the Verified Apps badge, Facebook took no steps to verify either the security of a Verified Application’s website or the security the Application provided for the user information it collected, beyond such steps as it may have taken regarding any other Platform Application."

Count Seven covers Facebooks disclosure of users photos and videos.

Each uploaded photo and video was assigned a unique URL by Facebook. There are hundreds of millions of either photos and videos for which Facebook has access via URL.

Facebook told users that they could restrict access to their profile, photos and videos, if they deactivated or deleted their account. The material would be unavailable after 90 days.

Facebook lied and continued to give access to anyone who had the Facebook URL for the photo or video.

Count Eight involves the European Union (EU) Safe Harbor Network.

This is an extensive and detailed part of an agreement that the US Department of Commerce made with the European Commission (EC).

The US-EU Safe Harbor Framework is simply a voluntary agreement,

"...that allows U.S. companies to transfer personal data lawfully from the EU to the U.S. To join the Safe Harbor, a company must self-certify to Commerce that it complies with seven principles and related requirements that have been deemed to meet the EU’s adequacy standard,"

The FTC found that Facebook did not adhere to the conditions of Safe Harbor and that this constituted deceptive trade practice.

The Full Complaint (PDF Format)

SF Gate "Facebook settles with FTC over Privacy Complaints"

Inside Facebook "Ten Privacy Groups File FTC Complaint Against Facebook or Recent Privacy Changes.

Daily Kos "Is Facebook Violating Your Privacy?"

Here are some warnings and tips

Will Facebook be any more safe and sound than it has been? Probably not, since Facebook would have to

1) Be caught at it

2) Be actually sanctioned by the FTC.

3) Not develop new privacy violating schemes that get around the terms or specifics of this FTC settlement.

In an era of corporate pandering, nothing guarantees that Facebook, which is about to go public with an estimated $100 billion capitalization, will have to worry about dealing with government oversight or regulatory agencies.

In fact, Facebook has developed a new program that will be able to track anyone who even visits a Facebook page and to follow them wherever they go on the web. Then Facebook will be able to keep that data for 90 days.

There are even more suits, proposed legislations and problems with Facebook privacy, so no one should forget that the place is not to be trusted.

Do not use Facebook to sign in at other sites.

Those sign ins require full Facebook account access when they have no legitimate reason for demanding that access. You will be exposing yourself and your friends to access and intrusion by that website's management. If your friend signs in at another site using Facebook, the site may be able to get access to you.

Do check your privacy settings every week or two.

Do refuse to load games and other applications that require full account access. Since when does a third party game or cooking application need to access or control your entire Facebook account?

Forget about tying any location application to any Facebook service, application or feature, ever. This may take some investigation of each application, but do you or your children really need for Facebook to record your movements and actual locations?

Bookmark the Facebook Privacy Settings Help Page

Keep up on the news about Facebook privacy issues.