Facebook 'invisible' sharing worries privacy advocates

As Facebook officials unveiled dozens of new applications this week for automatic sharing of profile content, privacy advocates warn that users should worry not only about what is openly shared, but also about what they claim is shared behind-the-scenes to the owners of those applications.

“Our objection is that users generally have no idea how much personal information is being transferred to the application partners and co-hosts,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center. “We are most concerned with the invisible part of the sharing."

Related story:

Facebook Open Graph unleashes auto-sharing

Facebook on Jan. 18 introduced a suite of more than 60 Open Graph applications for Timeline with partners including eBay, TripAdvisor, Zynga, Ticketfly and Ticketmaster. The social media company also invited more partners to develop applications for the site.

The Open Graph applications are being made available through Facebook Timeline, a new profile format that currently is optional for most users, but is expected to be mandatory soon.

Users of Open Graph applications on Facebook will be able to automatically share status updates on what music they are listening to, films they are watching and items they are buying, among other activities. The Open Graph applications are voluntary and are managed with Facebook privacy controls. Nonetheless, concerns are being raised about privacy, mostly about possible inadvertent public sharing or oversharing of information, once the automatic sharing applications are turned on.

The privacy risks of content leaking to third parties applies to all Facebook users, but federal employees and executives need to be particularly watchful of what information they share. Those in sensitive positions, such as in law enforcement or counterterrorism, or with security clearances, face heightened risks.

Initial information available about the Open Graph applications did not specify whether, or how much, user information would be shared with the application providers and how that would be managed. Facebook officials were not immediately available for clarification.

Technical experts and privacy advocates are warning of potential privacy risks because of the possibility of Facebook personal profile content being shared with the application providers. This concern applies to current Facebook applications as well.

“Having ‘apps’ connected to your Facebook, LinkedIn or Twitter profiles provides an open door for the third party behind the
app to access your profile and all of your personal data within,” reported SiteProNews in a Jan. 20 article.

The article also quotes Neil Lathwood, technical director for UKFast, a tech company in the United Kingdom, cautioning that personal information leaked to application providers could be fodder for cyber thieves.

“Facebook acts as a narration of our lives and with the introduction of the new Timeline feature, more people are filling the gaps in their profiles, adding illnesses, significant events and employment details to name a few. This information is incredibly valuable to identity thieves and cyber criminals,” Lathwood said in the article.

Officials in Germany also have expressed privacy concerns about Facebook application providers having access to personal information on the site through the use of the “Like” button, according to a HuffingtonPost article.

In August, a regional data protection commissioner ordered the shutdown of Facebook fan pages for state institutions and removal of “Like” buttons from those pages. The commissioner said the Facebook “Like” button policies violated German and European privacy laws.

While the impact of the new Open Graph features isn't yet clear, Facebook Timeline also has posed privacy risks, related to possible oversharing of sensitive personal information. Timeline is a reformatting of Facebook profiles that provides easier and quicker access to previous status updates and friends' lists.

For federal executives and employees, the risks potentially include the sharing of personal information about associations and friendships, especially for workers in sensitive positions. Even seemingly innocent friend connections or application uses could lead to trouble in some cases. For example, federal security clearance forms require the applicant to disclose associations with foreign nationals. Would Facebook friends count among that group, even if they are only distant acquaintances?

"I had a client who lost her security clearance after using an online chat room," wrote attorney Greg Rinckey in a column published in 2009. "She was seeking advice on how to beat a computer game while attending a gaming convention. The gaming experts she chatted with online were foreign intelligence agents working out of China."

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


Reader comments

Tue, Mar 6, 2012

"There will always be a natural tension between sharing and privacy." True. But, add money to the mix, and the tension rises to a whole different level. What we are experiencing here is sharing by third parties of your information for financial gain -- the more they share your information, the more money thay have an opportunity to make.

Mon, Jan 23, 2012

Is Facebook linked automatically to this article or FCW(without clicking on the "Share" button)? As soon as I submitted my first comment, a window opened inviting me to sign up for Facebook. First time this has happened, when reading FCW articles.

Mon, Jan 23, 2012

Are there any social websites which are reasonably safe, and where the user can control what information he/she wants to share? I keep getting invitations to join /'Linked In' which supposedly come from acquaintances, but am wary of signing up -- for the same reasons not to join Facebook.

Mon, Jan 23, 2012

If people don't like it, don't use Facebook.

Mon, Jan 23, 2012 Johne

There will always be a natural tension between sharing and privacy. It is hard to have any reasonable expectation of privacy when you intentionally post information on an open or unsecured forum. The cautionary tale here is to protect your privacy you must do it before you choose to post. After you post information, that cat is out of the bag and not to be protected or retrieved.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group