Congress Demands Details On Facebook Privacy Leak

Congress is scrutinizing social networking giant Facebook for a privacy loophole that allowed third party apps to access and aggregate users' social networking identification numbers.

The new wave of Facebook privacy issues piqued the interest of Congress following a report by The Wall Street Journal Monday revealing that users' social networking ID numbers were exposed to third party applications such as Farmville, Mafia Wars and others. The ID numbers could be linked to users' profiles and the profiles of their Facebook friends, which could potentially be used to track online behavior, according to the report.

Two House members, U.S. Reps. Edward Markey (D., Mass.) and Joe Barton (R.,Texas) issued a letter to Facebook CEO Mark Zuckerberg expressing concerns that the "third-party applications gathered and transmitted personally identifiable information about Facebook users and those users' friends."

Markey's and Barton's letter underscored that the privacy breach was a "cause for concern" in light of the fact that Facebook now touts more than 500 million users.

Facebook has until Oct. 27 to respond to the letter, which asked Zuckerberg to provide the number of users affected by the ongoing breach, when Facebook became aware of it, and how the social networking plans to repair the loophole and further address the problem with customers, among other things.

Next: Facebook In Violation Of Privacy Policy

The privacy loophole was exposed after The Wall Street Journal analyzed Facebook code in order to determine if and what information was leaked to third party applications on the site. The WSJ found that third party applications were aggregating users' Facebook ID numbers, which they could link to a user's personal profile. The ID number could then be associated with users' names, regardless of their level of privacy settings, enabling third parties and their advertisers to track individuals' Web surfing behavior.

However, the problem is relegated to third party apps added onto Facebook and not directly with the social networking site.

Accessing and tracking users' online behavior is a direct violation of Facebook's stated privacy policy, and subsequently has elicited a firestorm of criticism from privacy and consumer rights groups.

Facebook executive Mike Vernal acknowledged the ongoing breach and policy violation in a blog post Sunday night, maintaining that developers did not intentionally build the platform to expose users' information, but downplaying the potential privacy impact to users.

"In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work," Vernal said. "Press reports have exaggerated the implications of sharing a UID. Knowledge of a UID does not enable anyone to access private user information without explicit user consent. Nevertheless, we are committed to ensuring that even the inadvertent passing of UIDs is prevented and all applications are in compliance with our policy."