Four U.S. senators warned Facebook this week that the company could expose users to identity theft by following through on a controversial plan to allow app developers to access users' phone
numbers and addresses.
"Anyone with 10 minutes, $25, and a Facebook user's phone number and address and no other information can obtain a breathtaking amount of information about that Facebook
user," the lawmakers say. "Combined with a targeted Google search, these two pieces of information can allow someone to obtain almost all of the information necessary to complete a loan or credit card
application."
Signing the letter were Sens. Al Franken (D-Minn), Chuck Schumer (D-N.Y.), Sheldon Whitehouse (D-R.I.), and Richard Blumenthal (D-Conn). They asked Facebook to reconsider
launching the feature for all users. Alternatively, they are asking Facebook to block the feature for users under 18. Additionally, they say, if Facebook goes ahead with the feature, the company
should allow users to access apps even when they turn down a request to share their contact information with developers.
The lawmakers were responding to Facebook's recent statement that it
intends to relaunch a feature that enables outside developers to obtain users' mobile phone numbers and addresses, provided the users consent. In January, Facebook began allowing developers to glean
this data, but quickly suspended the feature when faced with privacy concerns. The major criticism was that users would sign up for apps so quickly that they might not realize that they were also
consenting to allow their information to be accessed by third parties.
That fear is hardly unrealistic. On the contrary, it appears that many Web users unwittingly agree to terms they didn't
intend to. Consider the now-outlawed "datapass" marketing strategy, or the practice of online retailers
passing along consumers' credit card data to third parties. For years, people who made purchases at certain retail sites were subsequently asked if they wished to pay for subscriptions to discount
clubs. Many Web users who clicked yes said later that they didn't realize that they were signing up for a paid service, or that the retail site would disclose their credit card numbers.
While
that situation obviously differs from Facebook sharing users' contact information with third parties, the datapass complaints show that people don't always take the time to read the fine print online.
Instead, Web users appear to rely on what they assume are standard business practices.
Facebook says that it won't relaunch the feature until it can figure out how to better notify people that
app developers are requesting mobile phone numbers and addresses. Hopefully the company can find a way to do that. But even so, Facebook also allows privacy-sensitive users to download apps while
refusing to disclose their contact info.