Two members of the House Energy and Commerce Committee on Wednesday called on the Federal Trade Commission to investigate whether Facebook had acted unfairly and deceptively when it inadvertently enabled mechanisms that allowed the company to track its users’ activities across the Web even when they thought that they had logged out.
“As co-Chairs of the Congressional Bi-Partisan Privacy Caucus, we believe that tracking user behavior without their consent or knowledge raises serious privacy concerns,” wrote Reps. Joe Barton, (R-TX) and Ed Markey, (D-MA) in a letter the two sent to FTC Chairman Jon Leibowitz on Wednesday.
“When users log out of Facebook, they are under the expectation that Facebook is no longer monitoring their activities. We believe this impression should be the reality. Facebook users should not be tracked without their permission.”
The two congressmen, who are long-time privacy hawks, were responding to recent news that Facebook places “cookies,” in their users’ browsers with uniquely identifying information that keep tracking users even after they’ve logged out of their Facebook accounts.
The flaw was first reported and documented by Australian entrepreneur Nik Cubrilovic in a Sunday blog post about the matter.
Facebook says that it has since fixed the problem. Commenting on Cubrilovic’s findings, Facebook engineer Gregg Stefancik noted that the cookies aren’t meant to “track” users because Facebook doesn’t operate an ad network. Rather, he argued, they’re used to try and customize content on the web for an individual.
Andrew Noyes, Facebook’s manager of public policy communications, admitted that “three of these cookies on some users’ computers inadvertently included unique identifiers when the user had logged out of Facebook. However, we did not store these identifiers for logged out users.”
He added that when Cubrilovic “provided us with additional information that allowed us to identify these three cookies, we moved quickly to fix the cookies so that they won’t include unique information in the future when people log out.”
“There was no security or privacy breach–Facebook did not store or use any information it should not have,” he said.
