Feeds

Zuckerberg submits privacy mea culpa after FTC ruling

'We've made a bunch of mistakes'... bitch

Boost IT visibility and business value

"We've made a bunch of mistakes" on privacy, Facebook CEO Mark Zuckerberg has admitted.

It turns out Facebook is just as bad as Google when it comes to data-handling. And the result is to sit next to Mountain View on the Federal Trade Commission's naughty step by agreeing to a bi-annual privacy review for the next 20 years.

In a lengthy blog post, Zuckerberg responded to the FTC proposed settlement – which is now subject to public comment for the next 30 days before any consent from the Commission can be finalised – by listing a number of privacy screw-ups at the social network.

"In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done," he wrote.

"I also understand that many people are just naturally skeptical of what it means for hundreds of millions of people to share so much personal information online, especially using any one service.

"Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected. It's important for people to think about this, and not one day goes by when I don't think about what it means for us to be the stewards of this community and their trust."

The FTC noted in its statement that Facebook had agreed to settle with the commission on charges that the dominant social network "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public".

Zuckerberg, unsurprisingly, was at pains to insist that his privately-held company – which could be worth as much as £100bn according to some estimates – was "committed to being transparent" about the user data it stores.

From now on in, under the agreement with the FTC, Facebook will be required to be clear about changes it makes to the website, including providing "prominent notice" to users.

The outfit will also be expected to obtain "express consent" before a user's information is shared beyond privacy settings already established by an individual connected to the network, the commission said.

An eight-count complaint (PDF) issued by the FTC against Facebook, held that the company "was unfair and deceptive, and violated federal law."

Here's a list of instances in which Facebook allegedly failed to keep promises it had made to its users about their data:

  • In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn't warn users that this change was coming, or get their approval in advance.
  • Facebook represented that third-party apps that users had installed would have access only to the user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.
  • Facebook told users they could restrict sharing of data to limited audiences – for example with 'Friends Only'. In fact, selecting 'Friends Only' did not prevent their information from being shared with third-party applications their friends used.
  • Facebook had a 'Verified Apps' program, which claimed it certified the security of participating apps. It didn't.
  • Facebook promised users that it would not share their personal information with advertisers. It did.
  • Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
  • Facebook claimed that it complied with the US - EU Safe Harbor Framework that governs data transfer between the US and the European Union. It didn't.

Zuckerberg, in his mea culpa, said that "privacy principles" recently developed by the company were "written very deeply into our code."

He added: "We do privacy access checks literally tens of billions of times each day to ensure we're enforcing that only the people you want see your content."

The Facebook boss, whose story was dramatised in the Hollywood movie The Social Network, said that the company had already fixed many of the privacy cock-ups users had complained about.

"Even before the agreement announced by the FTC today, Facebook had already proactively addressed many of the concerns the FTC raised. For example, their complaint to us mentioned our Verified Apps Program, which we canceled almost two years ago in December 2009," Zuckerberg defensively noted.

"The same complaint also mentions cases where advertisers inadvertently received the ID numbers of some users in referrer URLs. We fixed that problem over a year ago in May 2010."

The Facebook co-founder and CEO said that he would have two existing employees on his books who would focus on his commitments to protect information shared on the site "better than any other company in the world".

Erin Egan will become chief privacy policy officer, he said, and Michael Richter gets the chief privacy products officer job title.

Zuckerberg said he was looking forward to working with the FTC on implementing terms of the proposed settlement.

In the early days of Facebook, it was a very different story. Zuckerberg once described his then fledgling stalkerbase as "dumb fucks" for trusting him with sharing their data online. How things have changed, right? ®

The Essential Guide to IT Transformation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.