• by Wendy Davis , Staff Writer @wendyndavis, March 11, 2011

Four U.S. senators warned Facebook this week that the company could expose users to identity theft by following through on a controversial plan to allow app developers to access users' phone numbers and addresses.

"Anyone with 10 minutes, $25, and a Facebook user's phone number and address and no other information can obtain a breathtaking amount of information about that Facebook user," the lawmakers say. "Combined with a targeted Google search, these two pieces of information can allow someone to obtain almost all of the information necessary to complete a loan or credit card application."

Signing the letter were Sens. Al Franken (D-Minn), Chuck Schumer (D-N.Y.), Sheldon Whitehouse (D-R.I.), and Richard Blumenthal (D-Conn). They asked Facebook to reconsider launching the feature for all users. Alternatively, they are asking Facebook to block the feature for users under 18. Additionally, they say, if Facebook goes ahead with the feature, the company should allow users to access apps even when they turn down a request to share their contact information with developers.

The lawmakers were responding to Facebook's recent statement that it intends to relaunch a feature that enables outside developers to obtain users' mobile phone numbers and addresses, provided the users consent. In January, Facebook began allowing developers to glean this data, but quickly suspended the feature when faced with privacy concerns. The major criticism was that users would sign up for apps so quickly that they might not realize that they were also consenting to allow their information to be accessed by third parties.

That fear is hardly unrealistic. On the contrary, it appears that many Web users unwittingly agree to terms they didn't intend to. Consider the now-outlawed "datapass" marketing strategy, or the practice of online retailers passing along consumers' credit card data to third parties. For years, people who made purchases at certain retail sites were subsequently asked if they wished to pay for subscriptions to discount clubs. Many Web users who clicked yes said later that they didn't realize that they were signing up for a paid service, or that the retail site would disclose their credit card numbers.

While that situation obviously differs from Facebook sharing users' contact information with third parties, the datapass complaints show that people don't always take the time to read the fine print online. Instead, Web users appear to rely on what they assume are standard business practices.

Facebook says that it won't relaunch the feature until it can figure out how to better notify people that app developers are requesting mobile phone numbers and addresses. Hopefully the company can find a way to do that. But even so, Facebook also allows privacy-sensitive users to download apps while refusing to disclose their contact info.