Are Facebook's Privacy Critics Fighting The Right Battle?

Stop if you've heard this one before: consumer privacy advocates are taking Facebook to task for the social networking giant's fast and loose privacy protections.

It's happening again, thanks to a fresh complaint from 15 consumer privacy groups to the Federal Trade Commission (FTC), and it's going to close out a bad, bad week of security holes and public lambasting for Facebook.

But as the scrutiny of Facebook's privacy policies and moves to protect its users' sensitive information continues, it's worth asking whether those privacy watchdogs are focusing too much on the wrong end of the privacy battle.

The limits of where Facebook's privacy controls end and Facebook users' good judgment begins are the crux of an ongoing battle over how tightly Internet platforms should manage consumer privacy -- and whether the government should step in with firmer restrictions.

On Wednesday, Facebook users discovered a security hole through which they could access data such as chats from other Facebook users that was supposedly private. Facebook attributed the hole to an engineering issue and patched it within a few hours, but it was still enough to get Facebook raked over the coals yet again by privacy groups that have had the company in their crosshairs for at least a year.

How much of the issue is growing pains for Internet businesses is a subject of much debate. Elliot Schrage, Facebook's vice president of public policy, told The New York TimesWednesday, "Are we perfect? Of course not."

But the Electronic Privacy Information Center (EPIC) and the 14 other participating privacy watchdogs say that Facebook features like instant personalization -- which lets users share names, photos, friend lists and other items with various tools like Yelp and Pandora -- "violate user expectations and reveal user information without the user's consent," according to the FTC complaint.

"Facebook's opt-out for 'instant personalization' is difficult for users to find, unduly complicated, and deceptive," reads the complaint. "There is no way for users to opt-out with one click. Instead, users must go to each separate application in what will be a universe of ever expanding applications, and opt-out from each individually."

NEXT: How Much Should The Government Step In?

Other privacy observers urge the government to cool its heels when it comes to regulating Internet privacy. To a certain degree, user opt-ins are by their nature the responsibility of users themselves.

"Today, businesses increasingly compete in the development of technologies that enhance our privacy and security, even as we share information that helps us sell the things we want," argued Wayne Crews, vice president of policy for the Competitive Enterprise Institute, in a statement. "The seeming tension between the goals of sharing information and keeping it private is not a contradiction -- it's the natural outgrowth of the fact that privacy is a complex relationship, not a 'thing' for governments to specify for anyone beforehand."

Several security vendors who play in the channel have already begun to market network security solutions with Facebook's privacy issues in mind. Palo Alto Networks, for example, on Wednesday said it had released a new functionality for its firewall offering that lets administrators manage Facebook Social Plug-ins without interrupting employees' access to their Facebook accounts. Continuous use of tools like Facebook, Palo Alto's executives said, can be a security risk, but is also a reality.

The root problem, as security experts continue to point out, is that user behavior itself is to blame for many of of the ways Facebook and other social networking users expose themselves to potential cybercrime. Earlier this week came a new study from Consumer Reports indicating that more than half of all social network users post information that puts them at risk and that Americans have lost $4.5 billion to cybcercrime over the past two years.

Using bad passwords, overlooking privacy controls and mentioning being away from home are user behaviors that even the strictest Facebook administrators just can't easily correct, the study suggested.

Those limits will be a focal point as the draft of a new bill addressing consumer privacy practices makes the rounds of the U.S. House Subcommittee on Communications, Technology and the Internet.

Rep. Rick Boucher (D-Va.), the chairman of the House Subcommittee, said in a statement this week that, "Our goal is to encourage greater levels of electronic commerce by providing to Internet users the assurance that their experience will be more secure."

Consumer watchdogs such as the EPIC publicly tasked the bill for "simply maintain[ing] the status quo," while several technology companies scrutinized for privacy policy, including Facebook, Microsoft and Google, said in various statements to news outlets that the bill reflects a more measured approach to the consumer privacy issue.