Open Letter to the FTC: Put Up or Shut Up on Facebook!

Published on Author Eli Fennell

To FTC Chairman Jon Liebowitz:

Facebook is out of control and needs to be stopped and only your agency can do it.  You should have already, in fact, long ago.

Facebook controls its users “Likes”.  That’s the latest news, although it’s not really news, Facebook has been doing this for a while and everyone who’s paid any attention knows it, though Facebook of course denies it (because we all know vegetarians make a routine habit of Liking McDonalds).

So where does this involve your agency?  Everywhere.  After all, you investigated Facebook long before this happened, and eventually reached a settlement, described in this way on your website:

Specifically, under the proposed settlement, Facebook is:
  • barred from making misrepresentations about the privacy or security of consumers’ personal information;
  • required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;
  • required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;
  • required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and
  • required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.

Take a close look at that first part, the part about being barred from misrepresenting the privacy or security of personal information.  A Like is certainly something any thinking person considers part of their “privacy” on Facebook, something over which they should have some reasonable control.

Showing their Likes to people in their Lists is one thing (and users have been given some control over this), or showing anonymous aggregate Like data.  But deciding on behalf of the user that they Liked something based on whether they shared from a Page (even though they may have been doing so to voice opposition), or whether they have Liked something Facebook deems relevant (and making it hard to distinguish the two)?  If that’s not misrepresentation of the Like signal, then every dictionary in the world is defining that word incorrectly and only Facebook and yourselves know what it really means.

Of course, this isn’t the first infraction of your settlement with Facebook that you have overlooked.  Let’s not forget that recently, Facebook overwrote user’s email contact information with Facebook email addresses, you know, the ones they couldn’t actually sell people on?  Thus requiring those users to fix the problem themselves.  Perhaps Facebook can argue this improves their product, but they can’t argue that it isn’t a misrepresentation of the user’s control over their privacy (in this case, their contact settings).

Worse, this problem (via contact syncing) actually overwrote many user’s contact info on their smartphones!  To say this was a misrepresentation of how Facebook’s contact sync would function is like saying World War 2 was a minor military conflict.  So it’s safe to assume you did something about it, right?  Because that was a gross violation of the terms of settlement.  Right?   sounds of crickets chirping

Of course, they’ve done far more than that since the settlement.  They also changed many user’s political preferences, in what can only be seen as a naked attempt to force you to choose Republican or Democrat, Liberal or Conservative for ad targeting purposes.  Some have even argued that their Timeline violates the terms of your settlement (though admittedly I’m less convinced by this argument; still, it should have been a clear warning sign that Facebook regarded the terms of the settlement as pure recommendations).

Now of course they’re rolling out Graph Search.  Even if we are to believe Graph Search changes no privacy settings, and isn’t a misrepresentation of how your data could be used, taken in conjunction with the aforementioned “fake Likes” issue, it is certain to misrepresent to the user what will likely be exposed by search queries (if your Lists were already seeing fake Likes, this will only make the problem worse).

Maybe I’m being too hard.  Maybe you’re just trying to be reasonable and give Facebook benefit of the doubt.  Except, of course, there’s what you did to Google, settling for $22.5mn with the Search Engine Company for an ill-considered workaround to restrictions on Apple’s Safari browser.  These restrictions have since been worked around to your satisfaction.

Let’s be realistic, though: the workaround Google was nailed for may not have exposed any significant aspects of user privacy.  Even if it did, it only functioned if a user was on Safari while logged into a Google+ account and was served an adsense ad.  Even then, it only mattered if they used desktop Safari (hardly the biggest player in the browser market).  According to some in the media, Google+ is a “ghost town”, but even if Google’s numbers are believed (130mn active Stream users, 500mn registered users), when this demographic is sliced down to desktop Safari users, it’s pretty miniscule.

So congratulations, FTC, you probably protected the privacy rights of a dozen G+ users (who likely didn’t even care) for $22.5mn dollars.  Apparently that’s more important than a billion active users of Facebook across platforms, all being affected relatively equally by these clear violations of your settlement agreement.  At this point I’m tempted to demand a survey of how many FTC employees use Facebook while at work.

So, you apparently made a toothless settlement with Facebook that you have no intention of following up on, a “show settlement” you can point to and say, “See, we did our jobs!” while ignoring every violation of this settlement by a company that has in no way earned any benefit of the doubt (unlike Google, whose track record for privacy is one of the best in the industry, and for whom no rational argument can be made that they deliberately violated the privacy of Safari users).

If the FTC doesn’t act now, and take corrective action that is genuinely painful to both Facebook’s unrestrained ambitions and their bottom line, then we will know just how little your settlement actually meant, and how much of a double-standard is involved in enforcing it.  The choice is yours, but nothing short of your credibility as an agency is on the line.  I hope you’re thinking carefully, right now, about how to restore it.