Congress Questions Facebook Over Privacy

Two House members asked Facebook for more details about the way applications on the social network handle user information, following revelations of new privacy concerns.

U.S. Reps. Edward Markey (D., Mass.) and Joe Barton (R., Texas) sent Facebook Chief Executive Mark Zuckerberg a letter expressing concerns that "third-party applications gathered and transmitted personally identifiable information about Facebook users and those users' friends." The two representatives are co-chairmen of the House Bipartisan Privacy Caucus.

Their letter follows an article in Monday's Wall Street Journal highlighting a potential privacy loophole in many of the most popular applications on Facebook. The Journal reported apps were transmitting identification numbers for users and their friends to dozens of advertising and Internet tracking companies. The ID numbers can be used to look up a user's real name, and sometimes other information users have made public, and potentially tie it to their activity inside the apps.

Given Facebook's 500 million users and the amount of information they post on the site, "this series of breaches of consumer privacy is a cause for concern," the lawmakers wrote.

The letter asked  Zuckerberg how many users had been affected by the breach, when Facebook became aware of it, and what changes Facebook plans in order to deal with the problem, among other questions. Facebook must respond by Oct. 27.

In August, Reps. Markey and Barton requested information about data-collection practices from 15 websites identified by the Journal as installing the most tracking technology on visitors' computers.

A Facebook spokesman said the company looked forward "to addressing any confusion" and working with the congressmen. "The suggestion that the passing of a user ID to an application, as described in Facebook's privacy policy, constitutes a 'breach' is curious at best," he said.

In a blog post Sunday night, Facebook executive Mike Vernal said that passing along user IDs violated the company's policies. "In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work," he wrote.

Continue reading at The Wall Street Journal