Correction to This Article
The article incorrectly suggested that Facebook provided information about a user for a civil court case without that user's consent. While the user disagreed with and fought the subpoena in question, she complied with a court order and authorized Facebook to release the information. Facebook officials say that they do not release user-generated content in civil cases without the authorization of the user and that they routinely oppose efforts to obtain user information without users' consent.

What sites such as Facebook and Google know and whom they tell

Mark Zuckerberg, chief executive of the social networking site, said in a Washington Post op-ed that Facebook will try to simplify its privacy settings.
By Ariana Eunjung Cha
Washington Post Foreign Service
Saturday, May 29, 2010

When Disa Powell's husband and brother were badly burned in an electrical explosion while conducting maintenance at a Wal-Mart store and the family sued, the defense went after something she never expected: her online life.

Through a subpoena seeking information about the men's injuries, Wal-Mart was able to gain full access to her Facebook and MySpace social-networking accounts -- every public and private message, contact and photo for the previous 2 1/2 years.

There were the pictures of Powell's newborn baby lying in a hospital bed after heart surgery (Label: "The hardest day of Mommy and Daddy's life"). The messages detailing problems with her pregnancy ("I got a bladder infection, which has moved to my kidneys"). And the messages dissing on friends ("Brad is a big fat BABY, and can't do anything by himself. The whole issue is that he's lazy").

"I was livid," said Powell, 35, a former hospital administrator who a few years ago moved from Maryland's Eastern Shore back to her home town in Oklahoma. "I felt like I had been seriously violated."

The case, which was settled out of court in January, offers a window into an issue that in recent weeks has riled members of Congress, consumer advocacy groups and tens of thousands of account holders: what your social-networking sites know about you and whom they share it with.

Many online service providers over the past few years have been building huge dossiers with minute details of each user's online activities -- a practice that isn't usually mentioned in privacy policies. Some companies anonymize the data, while others do not. Some store detailed data for a month, while others keep it for years.

At the same time, the ease with which outsiders can access the data is increasing, as corporations, insurance companies and parties in divorces or employment disputes make widespread use of subpoenas.

David Hersh, the attorney who represented the Powells and Disa's brother Joel Ledbetter, said such subpoenas have become standard practice in litigation and are "meant to discover information that would be embarrassing or might be used adversely even if it has nothing to do with the claim."

Companies own the data

Because your account information is stored on a company's servers, on the "cloud" that is the Internet rather than on your personal laptop, the company owns the right to share it, not you. While accessing your laptop may require a difficult-to-obtain search warrant, getting certain data on Facebook, MySpace, Meetup, LinkedIn and other social-networking sites' servers may require only a simple subpoena.

"The law in this area is really outdated. It's pre-'www,' " Christopher Calabrese, legislative counsel for the American Civil Liberties Union, said of the 1986 act that was designed to introduce privacy controls to electronic communications. "Back then nobody could even figure out whether an e-mail was more like a letter or a phone call."

Efforts to give consumers more control over their private information have accelerated in Washington over the past month, in the wake of a furor over privacy policy changes at Facebook in particular. (Washington Post Co. Chairman Donald E. Graham is on the board of directors at Facebook.) Facebook chief executive Mark Zuckerberg tried to quell the outcry this week by making it easier for users to control how they share data.

On Friday, Rep. John Conyers Jr. (D-Mich.), chairman of the House Judiciary Committee, wrote to Facebook and Google to demand that they cooperate with congressional investigators looking into privacy practices. Google has drawn scrutiny for accessing information including e-mails and surfing from open WiFi networks while photographing streets for its mapping service.

CONTINUED     1        >

© 2010 The Washington Post Company