[johnnyg]

Many have posted to this thread with complaints that boil down to "this is a slap on the wrist because they are well connected". If you were the FTC, what would you do to Facebook in this case, how would it be supported in law and what long term change for the better would your action create?

Privacy is a civil good but it is a fine line to walk indeed to punish an innovator during a recession. Where's the happy medium?

[lemming]

...to punish an innovator during a recession.

This is not even close to a fine line. The fact that Facebook may be an innovator or the fact that we may be in a recession have nothing to do with their legal responsibilities to their users. If they have violated those responsibilities they should be punished appropriately regardless of the current economic situation, and them being an "innovator" is totally irrelevant. Should we allow innovative companies to dump toxic waste or employ racist hiring policies, for example?

[daed]

It's likely that few HNers have a strong enough grasp of the various laws to state how they would pursue Facebook based on law, but all of us have a sense of justice. Whether or not the two coincide is a different discussion.

My happy medium, based on my own sense of justice: give Facebook a year to implement systems that actually protect users' privacy (what that would entail is yet another discussion). If they don't comply, hit them with a hefty fine. We get our privacy, Facebook gets to keep its money - some of which was earned by neglecting our privacy.

[click170]

Facebook has repeatedly demonstrated that it has no qualms about infringing on privacy, so I would suggest that further changes to Facebook's Privacy Policy be made opt-in only.

Opt-outs should be a privilege that is lost when you repeatedly and intentionally violate federal law.

[brudgers]

>"If you were the FTC, what would you do to Facebook"

Or Google, Apple, Twitter, Microsoft, Adobe, and thousands of smaller companies who data mine user accounts and change terms of service every day.

I used to have a subscription to The Economist. Recently I purchased an issue at Kroger. Two weeks later a special subscription offer appears in my mailbox - the first marketing material in they have sent in at least three years.

What Facebook did is the bread and butter of today's business - even if it sucks.

[click170]

Data mining is one thing. Deceptive business practices and intentionally lying to your users is another.

[1010100101]

The problem here is the personal information is being voluntarily given to Facebook. And the FTC can do nothing about that.

As far as I can tell, most people using FB are trying to communicate with their friends (as they previously did via letter, telephone and email), not broadcast every personal detail and thought to potentially any person or organization connected to the web.

Alas they are not well informed that by sending all their communications through Zuckerberg's website, this is in effect what they are doing.

That lack of understanding is something the FTC can address.

So to comply with the FTC's requests, FB will make more disclosures.

But the problem remains. FB, whether intentionally or not, is receiving far too much private information and private conversation, and it's all being channeled over the web.

[sunchild]

Wrong. The FTC said very clearly that it thinks Facebook lured consumers in under false pretenses. That's punishable by criminal and civil penalties, in theory. The FTC usually settles these kind of cases, AFAIK. Sometimes there's money involved, sometimes not. Anyone who isn't in compliance with their own published privacy policy should be worried about the FTC; they can (again, in theory) do serious harm to a business – even one as big as Facebook.

[1010100101]

So are you suggesting that despite FB's rather sizeable legal budget and level of investment they will _still_ not be able to bring themsleves into compliance and stay that way? At least until the IPO. If Facebook even exists 20 years let alone 5 years from now I would be shocked. The data they've collected will of course probably have an infinite lifetime.

[sunchild]

In the US, given that they're not in a regulated industry (except to the extent they qualify as a site aimed at children), they really only need to comply with their own stated privacy policies. The question is: will they?

[1010100101]

I got a -1 on this comment, my worst score ever, but I still stand by it. I simply do not believe that anything one voluntarily submits to Facebook can be kept "private".

The value Facebook gets from the data is _sharing_ it with others: advertisers, various organisations devoted to catching bad guys, app developers, etc. It is not "private" by any stretch of the imagination.

Even if they purport to restrict access to a profile to certain users, a determined hacker can get around that.

This is a company that is trying to get into your email inbox at every possible opportunity. The concepts of "Facebook" and "privacy" are irreconcilable in my view. Even regardless of their ethics, there is an underlying architectural problem.

The successor to Facebook, which will offer real privacy, not the imaginary kind FB is pitching, will not be another centralised public website.