Privacy Controversy Prompts Facebook Changes

By Caroline Young
The recent global outcry over Facebook’s lax privacy controls is forcing the social-networking site to better protect users’ personal information.
Privacy regulators are blaming Facebook for breaking its promise not to release personal information about its more than 400 million members without their permission. In May The Wall Street Journal first reported that a software loophole had allowed advertisers to obtain information about Facebook users, such as their name, hometown, age and occupation.
Although it is not unusual for Web advertisers to receive the Web address where users click on their ads, non-social networking sites only send a scramble of letters and numbers that can’t be connected to a single person. But Facebook and other social networking sites were using members’ names in links to advertisers.
Ben Edelman, an assistant professor at Harvard Business School, studied the computer code of social-networking sites for The Journal and confirmed the exposure of users’ private information. “If you are looking at your profile page and you click on an ad, you are telling that advertiser who you are,” he told The Journal. Facebook creator Mark Zuckerberg admitted the company had erred and promised to create straightforward and safer ways to share personal information. In a column in The Washington Post on May 24, three days after The Journal revealed the glitch, he seemed to be blaming the problem on Facebook’s success. “It’s a challenge to keep that many people satisfied over time, so we move quickly to serve that community with new ways to connect with the social Web and each other,” Zuckerberg said. “Our intention was to give you lots of granular controls, but that may not have been what many of you wanted. We just missed the mark.”
Craig Wills, a professor of computer science at Worcester Polytechnic Institute, studies the privacy dilemma. “Most social networks haven’t bothered to obscure user names or ID numbers from their Web addresses,” he told The Journal. A Facebook spokesman acknowledged the company had erred. “We were recently made aware of one case where if a user takes a specific route on the site, advertisers may see that they clicked on their own profile and then clicked on an ad."
Facebook’s complex way of providing users with information-control options adds to the problem.
While Internet users are in favor of protection policies, most find the settings to be difficult to understand and adjust to their liking. To navigate Facebook’s privacy settings, users are presented with more than 50 privacy buttons followed by over 170 options. Facebook’s written privacy statement is longer than the 4,400-word U.S. Constitution.
Zuckerberg says that easier-to-use privacy controls are in the works. “We are working hard to make these changes available as soon as possible,” he told The Post. “We will also give you an easy way to turn off all third-party services.” While his goal is to help in creating a more connected and open society, he says he knows users have the right to choose and control their level of exposure.
Facebook’s user directory now reveals less searchable information -- only the user’s name, gender and picture. In addition, the computer code that enables ad companies to receive users’ private information is being reconstructed to parallel how advertising functions across the Web.
In the wake of the Facebook controversy, lawmakers in Congress are considering legislation to control the leakage of users’ personal information to advertisers.

For background, see Patrick Marshall, "Online Privacy,"
CQ Researcher, Nov. 6, 2009, and Marcia Clemmitt, “Cyber Socializing,” CQ Researcher, July 28, 2006.

Caroline Young is a summer 2010 CQ Researcher editorial intern. She is a rising senior at Flagler College, where she is co-editor of The Flagler College Gargoyle.