Feeds

Zuckerberg submits privacy mea culpa after FTC ruling

'We've made a bunch of mistakes'... bitch

Security for virtualized datacentres

"We've made a bunch of mistakes" on privacy, Facebook CEO Mark Zuckerberg has admitted.

It turns out Facebook is just as bad as Google when it comes to data-handling. And the result is to sit next to Mountain View on the Federal Trade Commission's naughty step by agreeing to a bi-annual privacy review for the next 20 years.

In a lengthy blog post, Zuckerberg responded to the FTC proposed settlement – which is now subject to public comment for the next 30 days before any consent from the Commission can be finalised – by listing a number of privacy screw-ups at the social network.

"In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done," he wrote.

"I also understand that many people are just naturally skeptical of what it means for hundreds of millions of people to share so much personal information online, especially using any one service.

"Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected. It's important for people to think about this, and not one day goes by when I don't think about what it means for us to be the stewards of this community and their trust."

The FTC noted in its statement that Facebook had agreed to settle with the commission on charges that the dominant social network "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public".

Zuckerberg, unsurprisingly, was at pains to insist that his privately-held company – which could be worth as much as £100bn according to some estimates – was "committed to being transparent" about the user data it stores.

From now on in, under the agreement with the FTC, Facebook will be required to be clear about changes it makes to the website, including providing "prominent notice" to users.

The outfit will also be expected to obtain "express consent" before a user's information is shared beyond privacy settings already established by an individual connected to the network, the commission said.

An eight-count complaint (PDF) issued by the FTC against Facebook, held that the company "was unfair and deceptive, and violated federal law."

Here's a list of instances in which Facebook allegedly failed to keep promises it had made to its users about their data:

  • In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn't warn users that this change was coming, or get their approval in advance.
  • Facebook represented that third-party apps that users had installed would have access only to the user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.
  • Facebook told users they could restrict sharing of data to limited audiences – for example with 'Friends Only'. In fact, selecting 'Friends Only' did not prevent their information from being shared with third-party applications their friends used.
  • Facebook had a 'Verified Apps' program, which claimed it certified the security of participating apps. It didn't.
  • Facebook promised users that it would not share their personal information with advertisers. It did.
  • Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
  • Facebook claimed that it complied with the US - EU Safe Harbor Framework that governs data transfer between the US and the European Union. It didn't.

Zuckerberg, in his mea culpa, said that "privacy principles" recently developed by the company were "written very deeply into our code."

He added: "We do privacy access checks literally tens of billions of times each day to ensure we're enforcing that only the people you want see your content."

The Facebook boss, whose story was dramatised in the Hollywood movie The Social Network, said that the company had already fixed many of the privacy cock-ups users had complained about.

"Even before the agreement announced by the FTC today, Facebook had already proactively addressed many of the concerns the FTC raised. For example, their complaint to us mentioned our Verified Apps Program, which we canceled almost two years ago in December 2009," Zuckerberg defensively noted.

"The same complaint also mentions cases where advertisers inadvertently received the ID numbers of some users in referrer URLs. We fixed that problem over a year ago in May 2010."

The Facebook co-founder and CEO said that he would have two existing employees on his books who would focus on his commitments to protect information shared on the site "better than any other company in the world".

Erin Egan will become chief privacy policy officer, he said, and Michael Richter gets the chief privacy products officer job title.

Zuckerberg said he was looking forward to working with the FTC on implementing terms of the proposed settlement.

In the early days of Facebook, it was a very different story. Zuckerberg once described his then fledgling stalkerbase as "dumb fucks" for trusting him with sharing their data online. How things have changed, right? ®

New hybrid storage solutions

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Forget silly privacy worries - help biometrics firms make MILLIONS
Beancounter reckons dabs-scanning tech is the next big moneypit
Microsoft's Office Delve wants work to be more like being on Facebook
Office Graph, social features for Office 365 going public
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.