Facebook's Profile Is in Trouble: Congress Investigates Facebook Leaks
Published in gazeta.ru
(Russia) on 12 May 2011
by Igor Bakharev (link to original)
(Russia) on 12 May 2011
by Igor Bakharev (link to original)
Translated from
by Maria Shendrick Frank.
Edited by Gillian Palmer.
The U.S. Congress is investigating a possible leak of personal information of millions of users of Facebook. By June 2, the co-owner of the social network, Mark Zuckerberg, must name the causes of the security flaws in the systems and prove that the problem will not recur. Lawyers are awaiting class action suits against Facebook and its partners.
The scandal with the possible leakage of personal data of millions of users of the social networking site Facebook has gotten to the level of Congress. Congressmen Edward Markey and Joe Barton are demanding an explanation from co-owner of Facebook Mark Zuckerberg. The CEO is expected to analyze the causes of the social networking site’s security flaws. The site's audience has reached 600 million. In the inquiry, published on Markey’s website, the congressmen report that because of system errors, users’ confidential data could leak out to advertisers and "third parties."
“…This issue is one that cannot be ignored and our concerns about Facebook's privacy policies are continuously increasing," say the authors of the inquiry.
On Tuesday [May 10] it became known that advertising companies had access to personal data of all users of Facebook. This was discovered by the corporation Symantec, which specializes in development of antiviurs software. Employees of the company Nishant Doshi and Candide Wueest found that for several years through an element of IFRAME, which allows applications to be loaded onto Facebook, millions of authentication keys to the profiles of the network’s users leaked to advertisers. With these keys, advertisers could access the user’s profile, read his/her "wall" and instant messages, see profiles of "friends," leave messages on the user’s "wall" and on "friends’” walls, and invite Facebook users to events on his/her behalf.
On Tuesday, representatives of Facebook confirmed that they know about the problem, adding that the outdated application programming interface referenced in Symantec’s report has already been deleted. “…We have conducted a thorough investigation which revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties,” said a representative of the social network. Also, the company representatives pointed out that advertisers and developers of software for the network are prohibited under the terms of their contract with Facebook from retrieving information about users.
“We remain concerned about how the problem arose in the first place, was allowed to persist undetected for such a long period of time, and could recur some time in the future...”
The congressmen posed the following questions to Zuckerberg: “…What is Facebook’s estimate of the duration of this problem? Is this data access for third parties a violation of Facebook’s privacy policy? What is Facebook doing to inform users of this problem? Has Facebook informed users that they can change their Facebook passwords to invalidate leaked access tokens, as recommended by Symantec? If not, why not?” The congressmen gave the businessman until June 2 to prepare his responses to the inquiry.
Facebook has reported that they received the inquiry from Congress and released a statement saying, “We welcome the opportunity to talk this through with Reps. Markey and Barton.”
An analyst for the company SearchInform, Roman Idov, is sure that this Facebook scandal is not the last one. He further states, “This leak is not just an intrinsic part of this system, it is very characteristic of our time. All social networks, in one way or another, use the users’ data to display advertising to them.
“The best advice for users of social networks — less personal information on your profile,” sums up the expert.
"According to the agreement on the use of Facebook, which each user has to accept (available on the official social network site), Facebook aims to ensure the security of the network, but the company cannot guarantee it," reminds senior company attorney of Art de Lex Yaroslav Kulik.
Symantec argues that the applications used in Facebook contained an error. However, the rules contain a condition for Facebook application developers: they must comply with the privacy policy, which prohibits unauthorized disclosure of information to third parties. "A complaint could be made against them," says the attorney.
The scandal with the possible leakage of personal data of millions of users of the social networking site Facebook has gotten to the level of Congress. Congressmen Edward Markey and Joe Barton are demanding an explanation from co-owner of Facebook Mark Zuckerberg. The CEO is expected to analyze the causes of the social networking site’s security flaws. The site's audience has reached 600 million. In the inquiry, published on Markey’s website, the congressmen report that because of system errors, users’ confidential data could leak out to advertisers and "third parties."
“…This issue is one that cannot be ignored and our concerns about Facebook's privacy policies are continuously increasing," say the authors of the inquiry.
On Tuesday [May 10] it became known that advertising companies had access to personal data of all users of Facebook. This was discovered by the corporation Symantec, which specializes in development of antiviurs software. Employees of the company Nishant Doshi and Candide Wueest found that for several years through an element of IFRAME, which allows applications to be loaded onto Facebook, millions of authentication keys to the profiles of the network’s users leaked to advertisers. With these keys, advertisers could access the user’s profile, read his/her "wall" and instant messages, see profiles of "friends," leave messages on the user’s "wall" and on "friends’” walls, and invite Facebook users to events on his/her behalf.
On Tuesday, representatives of Facebook confirmed that they know about the problem, adding that the outdated application programming interface referenced in Symantec’s report has already been deleted. “…We have conducted a thorough investigation which revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties,” said a representative of the social network. Also, the company representatives pointed out that advertisers and developers of software for the network are prohibited under the terms of their contract with Facebook from retrieving information about users.
“We remain concerned about how the problem arose in the first place, was allowed to persist undetected for such a long period of time, and could recur some time in the future...”
The congressmen posed the following questions to Zuckerberg: “…What is Facebook’s estimate of the duration of this problem? Is this data access for third parties a violation of Facebook’s privacy policy? What is Facebook doing to inform users of this problem? Has Facebook informed users that they can change their Facebook passwords to invalidate leaked access tokens, as recommended by Symantec? If not, why not?” The congressmen gave the businessman until June 2 to prepare his responses to the inquiry.
Facebook has reported that they received the inquiry from Congress and released a statement saying, “We welcome the opportunity to talk this through with Reps. Markey and Barton.”
An analyst for the company SearchInform, Roman Idov, is sure that this Facebook scandal is not the last one. He further states, “This leak is not just an intrinsic part of this system, it is very characteristic of our time. All social networks, in one way or another, use the users’ data to display advertising to them.
“The best advice for users of social networks — less personal information on your profile,” sums up the expert.
"According to the agreement on the use of Facebook, which each user has to accept (available on the official social network site), Facebook aims to ensure the security of the network, but the company cannot guarantee it," reminds senior company attorney of Art de Lex Yaroslav Kulik.
Symantec argues that the applications used in Facebook contained an error. However, the rules contain a condition for Facebook application developers: they must comply with the privacy policy, which prohibits unauthorized disclosure of information to third parties. "A complaint could be made against them," says the attorney.