Facebook: We didn't do it, but we promise not to do it again
The Federal Trade Commission on Tuesday announced a proposed settlement in the lawsuit it was preparing to bring against Facebook for a series of privacy violations. These included failing to tell users that information shared with friends was also being shared with the applications their friends installed, even if they themselves hadn't installed those apps; unilaterally making every user's list of Facebook friends available to the public; and disclosing personal information to advertisers despite repeated pledges not to do so.
The centerpiece of the settlement is a consent order that would impose a series of mandates on the social network, among them a requirement to submit independent audits of its privacy controls for the next 20 (count 'em, 20) years. One thing you won't find in the settlement, however, is any admission by Facebook that it had done anything wrong. In fact, it offers this boilerplate denial:
This agreement is for settlement purposes only and does not constitute an admission by proposed respondent [Facebook] that the law has been violated as alleged in the draft complaint, or that the facts as alleged in the draft complaint, other than the jurisdictional facts, are true. Proposed respondent expressly denies the allegations set forth in the complaint, except for the jurisdictional facts.
The closest Facebook came to an admission of fault Tuesday was in a blog post by Chief Executive Mark Zuckerberg, who wrote:
Overall, I think we have a good history of providing transparency and control over who can see your information.
That said, I'm the first to admit that we've made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done.
The "poor execution" he mentioned would be Facebook's unilateral move in December 2009 to expose to the entire world every user's profile photo, including those of roughly 2.5 million people who had chosen to share their pictures only with a small group of family members or friends. Oh and yes, their list of friends as well. These steps may fit into the category of "poor execution," but a more precise description would be "bait and switch."
Kurt Opsahl, a senior staff attorney with the Electronic Frontier Foundation, said the we-admit-nothing clause is a very common feature in settlements. "What is really important is to get good privacy practices," Opsahl said. Whether Facebook admits to mistakes or not, he added, the company has agreed to a series of requirements that will yield better privacy practices.
I'll concede that. Nevertheless, I find myself wondering the same thing U.S. District Judge Jed Rakoff did recently when he refused to approve the Securities and Exchange Commission's proposed settlement with Citigroup. That settlement would have required Citigroup to pay $285 million for allegedly misleading investors about the quality of the mortgage-backed securities it sold, but the bank would not have admitted that any of the allegations against it were true.
In the end, the court concludes that it cannot approve it because the court has not been provided with any proven or admitted facts upon which to exercise even a modest degree of independent judgment....
Purely private parties can settle a case without ever agreeing on the facts, for all that is required is that a plaintiff dismiss his complaint. But when a public agency asks a court to become its partner in enforcement by imposing wide-ranging injunctive remedies on a defendant, enforced by the formidable judicial power of contempt, the court, and the public, need some knowledge of what the underlying facts are: for otherwise, the court becomes a mere handmaiden to a settlement privately negotiated on the basis of unknown facts, while the public is deprived of ever knowing the truth in a matter of obvious public importance.
-- Jon Healey
Credit: Associated Press / dapd, Joerg Koch