Sep. 29, 2011 at 6:14 PM ET
The co-chairmen of Congress's Bi-Partisan Privacy Caucus want the Federal Trade Commission to investigate Facebook for potential privacy violations. The new interest is due to a researcher's discovery of how Facebook has collected information, confirmed by the social networking site itself.
"According to findings recently published by an Australian technology blogger, Facebook had been gathering information about the websites its users visited even after users logged out of Facebook," wrote Reps. Edward Markey and Joe Barton, co-chairs of the privacy caucus.
"While Facebook now claims that it has stopped this practice, we remain concerned about the privacy implications for Facebook's 800 million subscribers."
Msnbc.com's Helen A.S. Popkin wrote earlier this week that "every time you visit a site that features a Facebook 'Like' button, your Web wanderings are sent back to the social network, even after you log off your account. This discovery — made by technologist Nik Cubrilovic and confirmed by Facebook — caused quite a kerfuffle ... Now, the privacy-bedeviled social network says it'll have those cookie problems fixed by Wednesday, according to Cubrilovic."
The congressmen, in their letter, said there are an estimated 950,000 websites that have Facebook's "like" button.
"As co-chairs of the Congressional Bi-Partisan Privacy Caucus, we believe that tracking user behavior without their consent or knowledge raises serious privacy concerns," they said. "When users log out of Facebook, they are under the expectation that Facebook is no longer monitoring their activities. We believe this impression should be the reality. Facebook users should not be tracked without their permission."
In a statement, Facebook said Thursday that there was "no security or privacy breach. Facebook did not store or use any information it should not have," and in fact has worked with Cubrilovic on the matter.
Like every site on the internet that personalizes content and tries to provide a secure experience for users, we place cookies on the computer of the user. Three of these cookies on some users' computers inadvertently included unique identifiers when the user had logged out of Facebook. However, we did not store these identifiers for logged out users.
Therefore, we could not have used this information for tracking or any other purpose. Even though we weren't using this information, it's important to us that we address even potential issues, and we appreciate the issue was brought to our attention.
When Nik provided us with additional information that allowed is to identify these three cookies, we moved quickly to fix the cookies so that they won't include unique information in the future when people log out.
Facebook said it established a White Hat program for those in the security community "to provide a direct line of communication" to Facebook about issues, and has also set up a Bug Bounty program "that provides financial incentives and rewards for researchers to report potential security issues."