Feeds

Zuckerberg submits privacy mea culpa after FTC ruling

'We've made a bunch of mistakes'... bitch

Intelligent flash storage arrays

"We've made a bunch of mistakes" on privacy, Facebook CEO Mark Zuckerberg has admitted.

It turns out Facebook is just as bad as Google when it comes to data-handling. And the result is to sit next to Mountain View on the Federal Trade Commission's naughty step by agreeing to a bi-annual privacy review for the next 20 years.

In a lengthy blog post, Zuckerberg responded to the FTC proposed settlement – which is now subject to public comment for the next 30 days before any consent from the Commission can be finalised – by listing a number of privacy screw-ups at the social network.

"In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done," he wrote.

"I also understand that many people are just naturally skeptical of what it means for hundreds of millions of people to share so much personal information online, especially using any one service.

"Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected. It's important for people to think about this, and not one day goes by when I don't think about what it means for us to be the stewards of this community and their trust."

The FTC noted in its statement that Facebook had agreed to settle with the commission on charges that the dominant social network "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public".

Zuckerberg, unsurprisingly, was at pains to insist that his privately-held company – which could be worth as much as £100bn according to some estimates – was "committed to being transparent" about the user data it stores.

From now on in, under the agreement with the FTC, Facebook will be required to be clear about changes it makes to the website, including providing "prominent notice" to users.

The outfit will also be expected to obtain "express consent" before a user's information is shared beyond privacy settings already established by an individual connected to the network, the commission said.

An eight-count complaint (PDF) issued by the FTC against Facebook, held that the company "was unfair and deceptive, and violated federal law."

Here's a list of instances in which Facebook allegedly failed to keep promises it had made to its users about their data:

  • In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn't warn users that this change was coming, or get their approval in advance.
  • Facebook represented that third-party apps that users had installed would have access only to the user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.
  • Facebook told users they could restrict sharing of data to limited audiences – for example with 'Friends Only'. In fact, selecting 'Friends Only' did not prevent their information from being shared with third-party applications their friends used.
  • Facebook had a 'Verified Apps' program, which claimed it certified the security of participating apps. It didn't.
  • Facebook promised users that it would not share their personal information with advertisers. It did.
  • Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
  • Facebook claimed that it complied with the US - EU Safe Harbor Framework that governs data transfer between the US and the European Union. It didn't.

Zuckerberg, in his mea culpa, said that "privacy principles" recently developed by the company were "written very deeply into our code."

He added: "We do privacy access checks literally tens of billions of times each day to ensure we're enforcing that only the people you want see your content."

The Facebook boss, whose story was dramatised in the Hollywood movie The Social Network, said that the company had already fixed many of the privacy cock-ups users had complained about.

"Even before the agreement announced by the FTC today, Facebook had already proactively addressed many of the concerns the FTC raised. For example, their complaint to us mentioned our Verified Apps Program, which we canceled almost two years ago in December 2009," Zuckerberg defensively noted.

"The same complaint also mentions cases where advertisers inadvertently received the ID numbers of some users in referrer URLs. We fixed that problem over a year ago in May 2010."

The Facebook co-founder and CEO said that he would have two existing employees on his books who would focus on his commitments to protect information shared on the site "better than any other company in the world".

Erin Egan will become chief privacy policy officer, he said, and Michael Richter gets the chief privacy products officer job title.

Zuckerberg said he was looking forward to working with the FTC on implementing terms of the proposed settlement.

In the early days of Facebook, it was a very different story. Zuckerberg once described his then fledgling stalkerbase as "dumb fucks" for trusting him with sharing their data online. How things have changed, right? ®

Internet Security Threat Report 2014

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.