Privacy groups ask Facebook to back off privacy changes

Facebook wants to remove the ability for users to vote on modifications to data usage and privacy policies

Two consumer interest groups are asking Facebook to withdraw its proposed changes that would, among other issues, remove the ability for users to vote on modifications to Facebook's data usage and privacy policies. The company also wants to change how you filter incoming messages on Facebook, and Facebook wants to freely share user data between companies it owns, such as Instagram.

The Center for Digital Democracy and the Electronic Privacy Information Center said in an open letter to Facebook CEO Mark Zuckerberg that the planned changes "raise privacy risks for users, may be contrary to law, and violate [Facebook's] previous commitments to users about site governance." The social network may have been trying to slip the changes under the radar, announcing them the day before Thanksgiving.

Do you really want the vote?

Facebook was lauded for its decision in 2009 to introduce site governance voting, but the right to vote on policy changes has been largely ignored by the majority of Facebook's members. The most recent vote was in June when 0.1 percent of Facebook's then more than 900 million users bothered to vote on a set of proposed privacy policy changes.

Among those who voted, only 13 percent supported Facebook's new privacy policy. Despite that largely negative reaction, the company only considers a user vote binding if 30 percent of the social network's users participate, a bar the vote fell far short of achieving. "A very very small minority of people that use Facebook voted, which was pretty disappointing from our point of view," Facebook spokeswoman Jaime Schopflin told IDG News in June. "We're realizing that this is a process that doesn't work." It's not clear whether Facebook is particularly proactive in encouraging users to participate in the voting process whenever proposed changes arise.

The Center for Digital Democracy and the Electronic Privacy Information Center say that even though Facebook's voting requirements set an "unreasonably high participation threshold" at least the right to vote was in place. Dumping the vote "raises questions about Facebook's willingness to take seriously the participation of Facebook users," the two groups said. If Facebook does dump the vote it would be particularly damaging for the privacy information center; the group was instrumental in getting Facebook to reverse a set of privacy changes in 2009 that resulted in Facebook instituting the site governance vote for users.

Filtering Facebook's message

Facebook also wants to remove the "Who can send you Facebook messages?" control that lets you decide who can contact you on Facebook. The setting is currently buried in your privacy settings under "How You Connect." The messages setting would be replaced by what Facebook calls "filters for managing incoming messages." The Center for Digital Democracy and the Electronic Privacy Information Center are concerned that changes to Facebook Messages could result in users receiving more spam, a popular method of attack for malware on Facebook. It's not clear whether Facebook's new messaging filters would be part of the newly revamped Facebook Messages window or if the changes would be part of your privacy settings.

Instagram affiliation

Facebook also wants the ability to share user information with "businesses that are legally part of the same group of companies that Facebook is part of." These businesses would be referred to as "Affiliates" and would most certainly include Instagram, the popular photo-sharing service Facebook acquired in 2012, which currently operates independently from Facebook.

The Center for Digital Democracy and the Electronic Privacy Information Center believe the "affiliates" designation in Facebook's data use policy is an attempt to merge user data between Facebook and Instagram. The groups argue merging user data could violate Facebook's recent privacy settlement with the Federal Trade Commission . Facebook's FTC agreement requires that the social network obtain users' express consent before sharing their data beyond what their privacy settings allow.

The privacy groups also argue that Facebook's changes amount to the company reneging on its original intention to operate Instagram independently of Facebook. "We plan on keeping features like...the ability to not share your Instagrams on Facebook if you want, and the ability to have followers and follow people separately from your friends on Facebook," Zuckerberg said in August after Facebook's Instagram buy cleared regulatory hurdles.

But whether users will be bothered by a potential Facebook-Instagram data merge is unclear. Many users already share their Instagram photos on Facebook and Twitter. And a large number of Instagram users have wide open Instagram accounts that are viewable by almost anyone thanks to Instagram's new Web-based profiles. One potential problem would be if your Facebook data began appearing on Instagram without your consent, but it's not clear whether Facebook's new data sharing policy would go that far.

If you'd like to read Facebook's proposed changes, you can find them on the Facebook Site Governancepage.

This is the second time Facebook has introduced a major policy change during a holiday weekend. The first was in early 2011 when the company announced third-party home address sharing on its developer blog right before Martin Luther King Jr. Day. Facebook was forced to reverse its home address sharing plans just days later because of public outrage.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesInstagramsecurityCenter for Digital DemocracyElectronic Privacy Information Centersocial mediainternetprivacyFacebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place