Facebook tracking prompts calls for FTC investigation

Facebook’s use of software that enables it to track users’ online activity after they log off of the social-networking site came under scrutiny in Washington this week, with lawmakers and consumer advocacy groups demanding a federal investigation.

In a letter to the Federal Trade Commission, Reps. Edward J. Markey (D-Mass.) and Joe Barton (R-Tex.) wrote that Facebook’s use of “cookie” software should be investigated under the “unfair and deceptive acts” clause of the agency’s mandate.

Gallery

Gallery

More on this Story

View all Items in this Story

“When people log out of Facebook, they are under the expectation that Facebook is no longer monitoring their activities,” wrote the congressmen, who chair the bipartisan Congressional Privacy Caucus. “We believe this impression should be the reality.”

On Thursday, the Electronic Privacy Information Center and nine other consumer and privacy groups made a similar request, voicing concerns about whether the company’s privacy policies cover new Facebook features that highlight user information on profiles and put real-time activity in the spotlight.

The FTC declined to comment on whether it plans to investigate. But the calls for action add to growing criticism of the world’s largest social-networking site and the privacy policies that apply to its 800 million users worldwide.

The cookie-tracking issue was thrust into the spotlight when self-proclaimed Australian hacker Nik Cubrilovic looked into Facebook’s code and discovered that the network was apparently tracking users’ Web consumption after they logged off. He posted this discovery on his blog Sunday.

Cubrilovic said Facebook responded to his concerns, explaining that the company has cookies that persist after log-out to identify outside parties who try to access a user’s account.

As furor built, the Facebook engineer who works on these systems issued a statement acknowledging that Facebook, like other Internet sites that personalize content, uses cookies. The engineer, Gregg Stefancik, said three of these cookies on some users’ computers “included unique identifiers when the user had logged out of Facebook.”

“However, we did not store these identifiers for logged-out users. Therefore, we could not have used this information for tracking or any other purpose,” Stefancik said.

Facebook said the issue has been fixed so the cookies would not retain the identifiers. (The Washington Post Co.’s chairman and chief executive, Donald E. Graham, is a member of Facebook’s board of directors.)

But the letter from EPIC, signed by the American Civil Liberties Union and Consumer Watchdog, raised further issues about Facebook’s new “frictionless sharing” features, which allow applications to post user activity in real time, without requiring permission from account holders for each update. The apps require users to grant permission once to generate updates — when they add an app. Users have the ability to change these settings at any time.

Some apps are already using the new platform, flooding users’ real-time feeds with information on what their friends are reading and listening to through the site.

The groups also raised concerns about the Facebook “Timeline,” or revamped profile, which collects a user’s information on Facebook into a scrapbook-like page, giving anyone who views the page an at-a-glance summary of a user’s entire life.

“These changes in business practices give the company far greater ability to disclose the personal information of its users to its business partners than in the past,” the groups wrote. “Options for users to preserve the privacy standards they have established have become confusing, impractical, and unfair.”

 
Read what others are saying