Facebook's latest privacy gaffe has caught the attention of Congressmen Edward Markey (D., Mass.) and Joe Barton (R., Texas) leaders of the House Bi-Partisan Privacy Caucus. The two Congressmen have asked Facebook to answer questions regarding a privacy breach unearthed by a report in The Wall Street Journal on Monday. The Journal said that third-party Facebook applications, such as Farmville, were transmitting Facebook user IDs (UID) to advertising and Internet tracking firms.
UIDs are uniquely identifying numbers assigned to every Facebook user that can be used to identify a user's real name and any publicly available Facebook profile information. Facebook's developer policies forbid applications to share Facebook user data, including UIDs, with third parties.
What the Congressmen Want
Markey and Barton have asked Facebook CEO Mark Zuckerberg to respond to their inquiries by Wednesday, October 27, according to The Wall Street Journal. The Congressmen want to know how many people were affected by the reported data breach, when Facebook was aware of the problem and how Facebook plans to remedy the problem. The Journal's report claims that "tens of millions of users" were affected by the privacy leak. At the time of this writing, the Congressmen had not made their letter to Zuckerberg publicly available.
Where's the breach?
Unlike previous Facebook privacy problems, such as the Instant Personalization flap and Facebook's loosening of privacy controls, there is some debate about whether leaking Facebook user names is a serious privacy concern.
Blogger, author and professor of journalism Jeff Jarvis said via Twitter that learning that someone is using Facebook is no different than finding someone's name in the phone book. Forbes writer Kashmir Hill said, "using "breach" to describe this strikes me as overwrought. The applications reveal your name, that you are on Facebook, and possibly which application(s) you've downloaded. Is that something that we should be freaking out about?"
Some privacy groups and consumer advocacy groups disagree. The Electronic Frontier Foundation said, "earlier this year, Facebook was caught leaking the exact same data to advertisers. At the time, Facebook promised to fix the problem...[Facebook] apps are the weakest link in the Facebook privacy ecosystem, and this report from the Wall Street Journal overwhelmingly validates that concern."
In a blog post addressing the issue Facebook said, "Press reports have exaggerated the implications of sharing a UID. Knowledge of a UID does not enable anyone to access private user information without explicit user consent." The social network promised to do better stating that Facebook is "committed to ensuring that even the inadvertent passing of UIDs is prevented and all applications are in compliance with our policy."
The real question here may not be the seriousness of this specific privacy breach, but whether Facebook needs to do a better job of policing how its partners are treating, storing and transmitting Facebook user data.