10/18/2010

Feeding the Privacy Beast

The WSJ ran a front page, above-the-fold headline screaming that Facebook has had a privacy breach.

For any business that holds personal data, there’s a mantra that goes,

"Whatever you do, just make sure we’re never the subject of a WSJ story about breach of our customers’ data.”  

Companies are rightfully concerned about a data breach, like losing a laptop or backup tapes, or having some hacker steal credit card or social security numbers.

As an avid Facebook user, I steeled myself to read the story beneath this alarming headline.

But hang on, today’s WSJ "breach" story has nothing to do with that kind of breach.   Instead, the WSJ is saying that some of Facebook’s applications are accidentally sharing the public username on my Facebook page, in violation of the company’s privacy policy. 

Well, I guess that’s a breach of sorts, since somebody broke a privacy promise to users like me.  But this story was nothing like a breach where my credit card numbers or sensitive personal information was leaked or hacked.

A closer look at the issue indicates that there is far mSmoke alarm in a smoky roomore smoke than fire in the WSJ piece. 

First, while details are still forthcoming, it appears that the issue at hand involves external actions between application developers and advertising companies. To be sure, Facebook has stepped-up and is holding third parties accountable to existing privacy requirements.  

Second, it seems that the mechanism used by third parties to serve ads is not unique to Facebook, but an issue of referrer URLs used by all browsers.  In essence, what we are looking at here is an Internet-wide issue, not a Facebook issue. 

That said, this is an important issue. Facebook should step-up to hold third parties accountable if they’ve violated user privacy policies, and it should develop solutions that overcome shortcomings in browser technologies.

Moreover, the WSJ should step-back from using tabloid-style headings to attract eyeballs (and advertising revenue) to their research and writing.  The breathless headline is clearly meant to feed the privacy beast that is increasingly in danger of doing far more harm than good. 

–Steve DelBianco

Next Post NGOs, Law Enforcement and Internet Companies --Coming Together to Fight Commercial Sexual Exploitation