Lawmakers are once again pressuring Facebook to explain its privacy policies after a report revealed a Facebook security vulnerability mistakenly gave third parties, including advertisers, a way to access to users’ profile information.
Representatives Edward Markey and Joe Barton have sent a letter to Facebook CEO Mark Zuckerberg asking him to explain the security flaw, specifically "how the problem arose in the first place, was allowed to persist for such a long period of time, and [whether it] could recur in some form in the future."
The new letter, the second the two congressmen have sent Facebook this year, highlights the government’s growing crackdown on technology companies’ privacy practices. Amidst other efforts, Senators John Kerry and John McCain have introduced a “privacy bill of rights,” a Senate judiciary subcommittee recently hosted a hearing on mobile privacy, and Google reached a settlement with the FTC over "deceptive" privacy practices involving Google Buzz, a landmark case that required Google to institute a new privacy program.
Symantec, the first to report the Facebook security flaw, found that over the past several years, hundreds of thousands of Facebook applications may have accidentally leaked millions of access tokens, the “spare keys” that allow apps to access user data, including profiles and photos.
Facebook confirmed the issue and took steps to stop the leakage, though a spokesman said there were “inaccuracies” in Symantec’s report and that Facebook’s probe of the flaw uncovered “no evidence of this issue resulting in a user's private information being shared with unauthorized third parties." A Symantec spokesperson countered that “Facebook itself approved the accuracy of the blog before we posted it,” according to the Wall Street Journal.
Symantec has also warned that “the repercussions of this access token leakage are seen far and wide” and that “a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers.”
Markey and Barton's letter asks Facebook to address a number of questions centered around Facebook's operations, such as what team should have prevented the security glitch, what steps the company took to alert users to the data leakage, how Facebook determined that private data was not accessed by third parties via the flaw, and more.
"This issue is one that cannot be ignored and our concerns about Facebook's privacy policies are continuously increasing," the congressmen wrote in their letter.
Facebook, which has until June 2 to respond to the letter, said in a statement, “We welcome the opportunity to talk this through with Reps. Markey and Barton."