The US Federal Trade Commission (FTC) has finally agreed its settlement with Facebook.
In November 2011, The FTC published its investigation findings, listing eight issues that raised privacy and security concerns.
One issue in particular seems to have caught the security media’s eye.
The FTC say that Facebook invited developers to submit their apps to its verification program, which promised to review and certify that apps were secure.
Facebook of course charged developers for this service. Fees were between $175 and $375 per application submitted. The social media comonay awarded the badge to approximately 254 platform applications, according to the FTC.
Facebook received up to $95,000 USD from developers who wanted their apps certified, reported The Guardian.
One tiny niggle that the FTC uncovered in its investigation [PDF]: Facebook took the cash, but never verified any of the apps.
...before it awarded the Verified Apps badge, Facebook took no steps to verify either the security of a Verified Application’s website or the security the Application provided for the user information it collected, beyond such steps as it may have taken regarding any other Platform Application.
Among the terms of that settlement, which was finalised this past Friday, Facebook agreed undergo third-party privacy audits certifying that it meets or exceeds the FTC’s requirements for the next 20 years. Other conditions include
- Stop misrepresenting security and privacy policies regarding users’ personal information
- Obtain express consent when changing the handling of existing personal information
- Prevent people from accessing information from deleted/deactivated accounts after 30 days
- Establish and maintain a comprehensive privacy program addressing both new and existing products.
Oh, were you expecting some big financial penalty as well? Hmmm, so was I.
Update: I must stand corrected. The FTC got in touch and explained that it does not have the general authority to impose fines when it enters into an initial Order. However, now that Facebook is under FTC Order for the next 20 years, the social media company could face civil penalties of $16,000 USD per violation per day for any future violations.
naughty boy image courtesy of Shutterstock
6 comments on “Facebook slapped by FTC for failing to meet security promises”
What an appalling fraud by a leading internet corporation.
There is nothing like having the taxpayer-funded FTC to consult and help guide a mega corporation, like Facebook under the guise of a 'settlement'.
What assurance do users have that Facebook will actually follow the FTC's conditions just because they've 'agreed' to them? Or will any penalties resulting from sort-of-but-not-entirely implementing them simply be Facebook's cost of doing business?
The FTC has always been a lame-duck consortium. At least they should have required a document that document how they were going to correct these problems. Along with a requirement that the apps be tested (really this time) and properly certified. Many have wondered for a long while how much data we are hemorrhaging via code written out of shop.
But why does ANYONE have a Facebook or Twitter account anyway??? Vanity, vanity – all is vanity
"Oh, were you expecting some big financial penalty as well? Hmmm, so was I."
Your anger against Facebook for swindling app developers is understandable, but it won't repair the injustice. Who would benefit from the "big financial penalty" you were expecting? It likely would do little to change Facebook's scumbaggery, and it would only enrich the coffers of yet another faceless bureaucracy. True justice would provide compensatory restitution to the victims of Facebook's crime.
This notion that punishing criminals (revenge) is equivalent to providing justice to their victims is one of the hallmarks of our perverse society…a civilization that doesn't know how to prevent its own decline.