Before the

Federal Trade Commission

Washington, DC

In the Matter of )
)
Facebook, Inc. )
)
____________________________________)

Supplemental Materials in Support of Pending Complaint and Request for

Injunction, Request for Investigation and for Other Relief

INTRODUCTION

1. On December 17, 2009, the Electronic Privacy Information Center (“EPIC”), the
American Library Association (“ALA”), The Center for Digital Democracy (“CDD”),
the Consumer Federation of America (“CFA”), FoolProof Financial Education,
Patient Privacy Rights, Privacy Activism, Privacy Rights Now Coalition, The Privacy
Rights Clearinghouse, and the U.S. Bill of Rights Foundation (the “Petitioners”), filed
a Complaint with the Federal Trade Commission (“FTC” or “Commission”)
requesting an injunction and investigation.1 The Complaint concerned the practices
of Facebook.com, specifically the recent changes to the company’s privacy settings
and privacy policy. As Petitioners stated in the original complaint:

This complaint concerns material changes to privacy settings made by

Facebook, the largest social network service in the United States, which
adversely impact users of the Facebook service. Facebook’s changes to
users’ privacy settings disclose personal information to the public that was
previously restricted. Facebook’s changes to users’ privacy settings also
disclose personal information to third parties that was previously not
available. These changes violate user expectations, diminish user privacy,
and contradict Facebook’s own representations.2

2. The Petitioners stated that “Facebook’s representations regarding its changes to users’
privacy settings and associated policies are misleading and fail to provide users clear

1
EPIC et al FTC Complaint, In re Facebook (Dec. 17, 2009), available at
http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf.
2
Id. at 1.
1
and necessary privacy protections.”3 Furthermore, “[w]ide opposition by users,
commentators, and advocates to the changes to Facebook’s privacy settings and
associated policies illustrate that the changes injure Facebook users and harm the
public interest.”4

3. The Petitioners described the importance of privacy protection, the impact of

Facebook in the social networking context, the privacy practices of Facebook, user
opposition to the recent changes in Facebook’s privacy settings and privacy policy,
the violations of Section 5 of the FTC Act, including Facebook’s deceptive and unfair
trade practices, as well as the consumer injury that would result from continuing to
expose user information to the public and to third-party application developers. The
Petitioners concluded:

Facebook’s actions injure users throughout the United States by invading

their privacy; allowing for disclosure and use of information in ways and
for purposes other than those consented to or relied upon by such users;
causing them to believe falsely that they have full control over the use of
their information; and undermining the ability of users to avail themselves
of the privacy protections promised by the company.5

4. The Petitioners requested the Commission to provide relief and specifically to:

Compel Facebook to restore its previous privacy settings allowing users to

choose whether to publicly disclose personal information, including name,
current city, and friends;

Compel Facebook to restore its previous privacy setting allowing users to

fully opt out of revealing information to third-party developers;

Compel Facebook to make its data collection practices clearer and more
comprehensible Facebook users meaningful control over personal
information provided by Facebook to advertisers and developers; and

Provide such other relief as the Commission finds necessary and

appropriate.6

3
Id. at 28.
4
Id.
5
Id. at 25.
6
Id. at 28.
2
5. The Petitioners stated, “Absent injunctive relief by the Commission, Facebook is
likely to continue its unfair and deceptive business practices and harm the public
interest.”7 Further, “Absent injunctive relief by the Commission, the privacy
safeguards for consumers engaging in online commerce and new social network
services will be significantly diminished.”8

6. EPIC received a letter from Mr. David Vladeck, head of the FTC Bureau of
Consumer Protection, regarding Petitioners’ complaint on January 14, 2010. In that
letter, Mr. Vladeck stated, “Your most recent complaint raises issues of particular
interest for us at this time.”

7. In the original complaint, Petitioners reserved the right to “supplement this petition as
other information relevant to this proceeding becomes available.”9

8. This supplement to the original Complaint presents new evidence that Facebook is
engaging in unfair and deceptive trade practices.

ADDITIONAL FACTS

Facebook’s Public Statements Demonstrate Unfair and Deceptive Trade Practices.

9. Over 100 million Americans signed up for Facebook accounts while the default
setting for user information was private.10

10. On January 9, 2010, Facebook founder and CEO Mark Zuckerberg announced that
Facebook had determined that privacy is no longer a “social norm.” He further said:

We view it as our role in the system to constantly be innovating and be

updating what our system is to reflect what the current social norms are. 11

7
Id.
8
Id.
9
Id. at 29.
10
Facebook, Statistics, http://www.facebook.com/press/info.php?statistics (last visited Dec. 14, 2009); see
also Eric Eldon, Facebook Reaches 100 Million Monthly Active Users in the United States,
InsideFacebook.com, Dec. 7, 2009, http://www.insidefacebook.com/2009/12/07/facebook-reaches-100-
million-monthly-active-users-in-the-united-states (last visited Dec. 15, 2009).
11
Marshall Kirkpatrick, Facebook’s Zuckerberg Says the Age of Privacy is Over, N.Y. Times (Jan. 10,
2010), available at http://www.nytimes.com/external/readwriteweb/2010/01/10/10readwriteweb-
facebooks-zuckerberg-says-the-age-of-privac-82963.html?pagewanted=1.
3
11. In a recently published interview, an anonymous Facebook employee described
Facebook’s ability to access users’ account information. She stated:

See, the thing is — and I don’t know how much you know about it — it’s
all stored in a database on the backend. Literally everything. Your
messages are stored in a database, whether deleted or not. So we can just
query the database, and easily look at it without every logging into your
account. That’s what most people don’t understand. 12

12. The employee went on to describe Facebook’s data retention practices: “We track
everything. Every photo you view, every person you’re tagged with, every wall-post
you make, and so forth.”13

Facebook’s Policies and Practices for Access to

Users’ Passwords are Unfair and Deceptive.

13. As detailed in Petitioners’ original Complaint, Facebook transfers users’ data to third-
party application developers without the knowledge or consent of the user.14

14. Recently, two third-party developers have launched applications to help users
deactivate their Facebook accounts. Seppukoo.com, a site produced by an Italian
group called Les Liens Invisibles, helps Facebook users commit “virtual suicide.”15
A second site, called the Web 2.0 Suicide Machine, performs a similar function with
Facebook and other social networking sites.16

15. Both of these applications allow users to input login credentials, at which point the
sites log in to the users’ accounts and make various changes and posts to users’
profiles before disabling the accounts.17

16. These applications are a way for Facebook users to (1) deactivate their accounts and
(2) publicly express their decision to close a Facebook account. As such, they allow a
more robust expression of consumer preference than Facebook otherwise permits.

12
Phil Wong, Conversation About the Internet #5: Anonymous Facebook Employee, The Rumpus (Jan. 11,
2010), http://therumpus.net/2010/01/conversations-about-the-internet-5-anonymous-facebook-
employee/?full=yes.
13
Id.
14
Petitioners’ FTC Complaint, supra note 1.
15
Seppukoo, About, http://www.seppukoo.com/about (last visited Jan. 12, 2010).
16
Web 2.0 Suicide Machine, http://suicidemachine.org (last visited Jan. 12, 2010).
17
Seppukoo, How it Works, http://www.seppukoo.com/how-it-works (last visited Jan. 12, 2010); Web 2.0
Suicide Machine, FAQ, http://suicidemachine.org/#faq (last visited Jan. 12, 2010).
4
17. In December 2009, Facebook took legal and technical action against these third-party
account-deactivation sites, claiming that their operation was in violation of
Facebook’s Statement of Rights and Responsibilities. Facebook stated that these
Terms exist to protect “its users’ privacy and the security of their data.”18

18. However, Facebook requests the email passwords of Facebook users to enable the
transfer of users’ personal information to Facebook.19 Facebook also encourages
users to provide screen names and passwords to Facebook for AOL Instant
Messenger, ICQ Chat, and Windows Live Messenger.20

19. Facebook’s concern about “its users’ privacy and the security of their data” is not
uniform; it favors Facebook’s commercial interests over the privacy and security of
users.

Facebook’s Representations Regarding Facebook Connect

are Unfair and Deceptive Trade Practices.

20. Facebook Connect is a way for Facebook users to log in to third party websites using
their Facebook credentials.21

21. After Facebook users login to a third-party Facebook Connect site, developers can
access a user’s identity, including names, photos, and events; social graphs, including
friends and connections; and stream, including activity within Facebook.22

22. On December 21, 2009, Caroline McCarthy of CNET News wrote an article
regarding the privacy controls for Facebook Connect. She stated, “you can’t modify
privacy controls for a Facebook Connect app.”23 McCarthy wrote that Facebook
Connect activity is automatically posted to a user’s wall and news feed, without the
ability to control who views the information.24

18
Letter from Leota Bates on behalf of Facebook to Seppukoo.com (Dec. 16, 2009), available at
http://www.seppukoo.com/docs/seppukoo_cease_desist.pdf.
19
Facebook, Find your Friends on Facebook, http://www.facebook.com/find-friends/ (last visited Jan. 12,
2010).
20
Id.
21
Facebook Connect, http://developers.facebook.com/connect.php.
22
Id.
23
Caroline McCarthy, Big Facebook Privacy Void: Controls on Connect, CNET News (Dec. 21, 2009),
http://news.cnet.com/8301-13577_3-10419950-36.html.
24
Id.
5
23. Facebook has offered conflicting accounts of the amount of control users have over
their information, with respect to wall posts.

24. Facebook claims the recent privacy changes offer “even greater control over the
information you share.”25 Furthermore, Facebook stated that users will have control
over everything they post on their walls: “Once you’ve completed the transition tool,
you’ll be able to choose an audience for each piece of content you post at the time
that you post it.”26

25. On December 22, 2009, after discussions with Facebook, McCarthy wrote a second
article about the Facebook Connect privacy controls.27 The article clarifies that even
after Facebook’s privacy changes, the privacy settings for Facebook Connect do not
allow for granular control of such activity, as is the case with other types of wall
posts. Users must either choose to share Facebook Connect activity with everyone or
with no one:

Everything on the wall [is] treated as a single unit. Except not quite: With
status messages and content posted directly through Facebook, as part of
Facebook’s new privacy controls there’s now a drop-down menu that lets
me choose exactly who can see that message – the public Web, friends of
friends, only my friends or “networks,” or stratified groups of friends. . . .
For third-party apps, I’m not so lucky. But when it comes to information
that’s local, sensitive, or otherwise private, I’d like to be able to restrict
it.28

Facebook’s Representations Regarding its iPhone Syncing

Application are Unfair and Deceptive Trade Practices.

26. Facebook publishes an application for the iPhone that transfers data between a user’s
iPhone and Facebook. The application has over 23.5 million active users monthly,
and more than one million active users daily.29

25
Ruchi Sanghvi, Facebook Blog Post, New Tools to Control your Experience (Dec. 9, 2009),
http://blog.facebook.com/blog.php?post=196629387130.
26
Id.
27
Caroline McCarthy, Facebook App Privacy: It’s Complicated, CNET News (Dec. 22, 2009),
http://news.cnet.com/8301-13577_3-10420499-36.html.
28
Id.
29
Nick O’Neill, New Facebook iPhone Application Launches, Adds Notifications and Contact Sync, All
Facebook (Jan. 6, 2010), http://www.allfacebook.com/2010/01/new-facebook-iphone-application-launches-
adds-notifications-and-contact-sync/.
6
27. On January 6, 2010, Facebook introduced Version 3.1 of its iPhone application. The
application contains a function that

examines the contacts that you already have on your iPhone, trying to
match it to a Facebook user. If it finds a match it pulls down that person’s
profile picture, making [that] his or her photo on your iPhone. It also adds
other information, such as a link that takes you to that person’s profile in
Facebook’s app.30

28. When the user first runs the updated application, a notification appears, alerting the
user to the sync function. This notification does not disclose to the user that it will
transfer the user’s iPhone contact list to Facebook:

29. If the user clicks the “View” button, the next screen, allowing the option to activate
the sync functionality, also fails to disclose this transfer of information:

30
Harrison Hoffman, Facebook iPhone app gets address sync, push, CNET News (Jan 6, 2010), available
at http://news.cnet.com/8301-13515_3-10427058-26.html.
7
30. Only after the user has elected to activate the syncing functionality does the
application finally disclose the transfer:

8
31. This notice does not provide information on how contact information will be used or
retained by Facebook.

32. The application transfers information without the knowledge or consent of the phone
contacts or Facebook users whose information is being synced. The application will
sync Facebook information even if a phone contact is not Facebook friends with the
iPhone owner. CNET reports, “if one of your phone contacts is not your Facebook
friend, it will (in most cases) still pull down their info from Facebook if it finds a
match.”31

33. In the process of syncing iPhone contacts with Facebook users, users have reported
that the application has matched the wrong Facebook profile picture with a phone
contact. In other words, random Facebook users’ profile pictures are being
downloaded to an iPhone device without their knowledge. In a review of Facebook
for iPhone on the application’s Facebook fan page, user Ingvar Moseley complains,
“Im getting random peoples pictures in my address book. Im not even friends with
some of them.”32 Another user, Dave Lamothe-Gagnon commented, “I just sync and
a certain number of pictures appeared in my contact list that don’t match the actual
person!”33

34. Graphic designer and Apple enthusiast Aaron Hirst, who runs technology website
148apps.com, describes the functionality of the new sync function: “This new sync
function allows you to add both profile pictures and link data (which already resides
on Facebook) to contacts that already exist on your iPhone. In order to do this the app
will take contact information from your iPhone, and upload it to Facebook . . . .”34

35. One software developer, Kien Tran explains how the transfers of data actually occur
from a user’s iPhone to Facebook, when using the application’s sync function:

Facebook simply takes your entire contact list and matches it first name-
last name to your Facebook contacts. . . . The app . . . compare[s]
registered phone numbers in your contact lists, even if the name is totally
wrong. What this means is it will link contacts based on phone numbers
registered with Facebook mobile, even if you are not friends! So beware
31
Id.
32
Facebook for iPHone Reviews, http://www.facebook.com/iphone#/iphone?v=app_6261817190.
33
Id.
34
Aaron Hirst, Facebook 3.1 Arrives for iPhone. Brings Push Notifications and Contact Sync.,
148apps.com (Jan. 6, 2010), http://www.148apps.com/news/facebook-31-arrives-iphone-brings-push-
notifications-contact-sync/.
9
giving out fake or wrong numbers because you can link to someone
else!35

36. One user described the questionable benefit of syncing with non-Facebook friends:

Anyone else noticed that it ran the rest of your phone numbers through
facebook and associated them with a profile, picture, and alt-numbers,
even if you’re not their friend? I didn’t mind it. Helped me get the names
and photos of girls I had hit on years ago . . . .36

37. Blogger Drake Martinet posted about the sync function and the implications of the
warning notice iPhone users must agree to before enabling the function:

Syncing grants Facebook full access to your address book. If you already
sync your Gmail contacts with your iPhone address book, that means you
will also be handing over the email addresses and names of everyone you
have ever emailed.

....

They don’t tell you what they might be doing with all this new data, just
that you should make sure its cool with your friends. That’s like asking
your friend to lend someone they don’t know their car. But don’t worry,
this guy is cool. He’ll either wash it for you or sell it.37

38. Social media expert Dean Browell discussed his problem with Facebook’s lack of
transparency and the inadequacy of the application’s warning notice:

That warning is where I have a problem. While I know the concept of

“syncing” means I’ll have to share information between at least two points
what this warning suggests, without any explanation, is that my Contacts
on my iPhone will be sent up to Facebook. It doesn’t just say, “your
contacts who you are currently friends with” but broadly just says,
“contacts from your device.” That’s a little odd and potentially
disconcerting. If they aren’t my friends on Facebook but I have them in
35
Kien Tran, Blog Post, Facebook iPhone App 3.1 Push Notification, Contact Syncing (Jan. 6, 2010),
http://blog.kientran.com/facebook-iphone-app-31-push-notification-cont. .
36
Rosa Golijan, Facebook 3.1 iPhone App Brings Push Notifications and Contact Sync, Gizmodo (Jan. 6,
2010), http://gizmodo.com/5441863/facebook-31-iphone-app-brings-push-notifications-and-contact-sync.
37
Drake Martinet, Blog Post: “What Fresh New Hell is This? – Facebook Adds Pickpocketing Feature to
its iPhone App“ (Jan. 7, 2010), http://www.withdrake.com/newsite/media/facebooktheft/.
10
my Contacts, does it suggest them as friends? Does it ping or bug them?
Does it try and contact people who are friends to tell them their phone
number is wrong? The truth is it may do none of those things and might
just harmlessly confirm that yes, they are my friends but I don’t know that
for sure and with just that simple phrasing in there, I’m not inclined to try
it just to have some people tapped on the shoulder by me when I don’t
mean them to.38

39. Some Facebook users and non-Facebook users have consciously chosen not to
provide Facebook with their contact information. This choice is rendered meaningless
with the sync function of the application, because information from all phone contacts
will be transferred to Facebook if the sync function is enabled on an iPhone. Not
only will information be transferred, but the phone contacts are left unaware of the
information transfer, unless the iPhone user personally notifies his contacts.

40. There is no privacy setting on Facebook that allows Facebook users to prevent having
their information shared in this way. In a review of the application, Patrick Radin
decided to remove the application from his phone because of the failure to provide
privacy settings: “I am also disappointed in the lack of privacy and how this app does
not offer privacy settings and assumes all users are aware of what it is doing. I am
removing it right after this posting.”39

41. Other users have expressed frustration over the inability to control whether their
information is uploaded to an iPhone. One user, Andrew Guzman explained, “Ok. I
am sure that there are some people out there that have me as a iphone contact but not
as a [Facebook] friend. How can I make sure that NO ONE can sync my contact info?
I do not want my coworkers, neighbors, parents of kids I coach to even THINK about
sending me a friend request. I do not want them on my list and I also want to avoid
the awkwardness of running into them after rejecting their request.”40 Another user,
Emma Paaer exclaims, “I really don’t want anybody to load my contact info to fb!
Unacceptable!!!”41

42. In a comment post to a TechCrunch article detailing the application changes, reader
Jane expressed her opinion about “syncing” and described why she was unwilling to
enable the function:

38
http://feedbackagency.com/blog/facebooks-3-1-iphone-app-update-explained/ (Jan. 7, 2010).
39
See supra note 30.
40
Id.
41
Id.
11
I didn’t choose to sync FB friends info to my contacts. This function gives
more to FB than to its users. FB has always been criticized for its privacy
policy. I don’t want to give out hundreds of my contacts’ personal info,
since it’s hard to ask for permission from each of them. Meanwhile, the
likelihood of my info given out by my friends without my permission also
freaks me out.42

43. TechCrunch reader Scott commented, “I don’t know that I’m comfortable sending my
contacts to Facebook after their recent privacy changes. What happens to that data?”43

44. Commenter Espen Antonsen expressed confusion on the TechCrunch website over
why Facebook needed to transfer so much information from the iPhone:

Contact sync: Give all my contacts to Facebook, no thank you. I really do

not see why they need to send that information from the phone.
Apperantly all it does it update contacts with photo and birthday. Im sure
that could be accomplished by matching facebook contacts and phone
contacts on the iPhone instead of doing it on Facebook servers.44

Many Experts Support the Claims Set Out in Petitioners’ Complaint that
Facebook has Engaged in Unfair and Deceptive Trade Practices.

45. Subsequent to the filing of Petitioners’ original Complaint, many privacy experts,
journalists, security specialists, and Facebook users have expressed similar concerns.
Within the first day of the Complaint’s filing, hundreds of news stories appeared.

46. Brad Stone of the New York Times wrote:

The Electronic Privacy Information Center, or E.P.I.C., says that

Facebook’s recent changes “violate user expectations, diminish user
privacy, and contradict Facebook’s own representations.”

I wrote about those changes last week. The most controversial among
them is that a Facebook user’s photo, gender, geographic region, the pages
they are a fan of and their lists of friends are now open and available to the
entire Web public. Facebook made these changes partly to make

42
MG Siegler, Facebook’s iPhone App Finally Gets Push Notifications, Contact Syncing, TechCrunch
(Jan. 6, 2010), http://www.techcrunch.com/2010/01/06/facebook-iphone-push-notifications/.
43
Id.
44
Id.
12
individual users more findable among the massive haystack of 350 million
users. 45

47. Ryan Singel of Wired reported on the potential impact the Complaint has on
Facebook and the FTC:

The challenge raises the stakes for Facebook, the world’s largest social-
networking site, which has been trying to ride out a vocal backlash against
what some see as a blatant attempt to push users into sharing publicly and
often. It will also serve as a test case for the FTC under the Obama
Administration, forcing the agency to show whether it will remain focused
on scams with provable harms, or become a more interventionist player in
the market as the FCC has become with telecommunications companies.46

48. Tim Jones, Activism and Technology Manager for the Electronic Frontier Foundation
(EFF), one of the first groups to provide detailed criticisms of Facebook’s privacy
changes, recognized the importance of Petitioners’ Complaint in a blog post. Jones
wrote, “Considering the many tens of millions of American consumers who use
Facebook, we hope and expect that the FTC will seriously consider the important
questions raised by today’s complaint.”47

49. Mashable editor-in-chief Ben Parr wrote,

There’s been a lot of ruckus about [Facebook] being deceptive about the
changes, but until now it’s just been ruckus. That changed today when a
group of ten Internet privacy groups, led by the Electronic Privacy
Information Center, filed a complaint with the U.S. Federal Trade
Commission (FTC), requesting an investigation into Facebook’s actions.48

50. One Facebook user commented on a Slashdot post about the Complaint, expressing
the importance of EPIC and the FTC as a voice for users:

45
Brad Stone, Privacy Group Files Complaint on Facebook Changes, N.Y. Times (Dec. 17, 2009),
available at http://bits.blogs.nytimes.com/2009/12/17/privacy-group-files-complaint-on-facebook-privacy-
changes/.
46
Ryan Singel, Facebook Privacy Changes Break the Law, Privacy Groups Tell FTC, Wired (Dec.17,
2009), http://www.wired.com/epicenter/2009/12/facebook-ftc-complaint/.
47
Tim Jones, The World Reacts to the New Facebook, EFF News Roundup (Dec. 17, 2009),
http://www.eff.org/deeplinks/2009/12/world-reacts-new-facebook.
48
Benn Parr, FTC Asked to Investigate Facebook’s New Privacy Changes, Mashable, Dec. 17, 2009,
http://mashable.com/2009/12/17/ftc-asked-to-investigate-facebooks-new-privacy-settings/.
13
I’m glad that EPIC, FTC, etc., are interested in our privacy, as they can
exert pressure to change things in ways that we as users cannot. What I’d
really like to see out of all this might be some kind of formal privacy
impact review before changes to social networking policies are made. Any
change that degrades privacy would need to be identified by third parties,
justified or mitigated by the social network, then reviewed again until it’s
clear that users will be better off after the change than they were before. I
think that expecting users to flee a service following troublesome changes
is unrealistic. The users are caught between a rock and a hard place, and
Facebook will continue twisting their arms as long as the users are paying
more attention to their friends and apps than they are to their privacy.49

51. On December 18, 2009, Reuters published an article detailing Petitioners’ complaint,
entitled Facebook Privacy Backlash in FTC’s Hands. The author, Alexei Oreskovic
stated, “The big question now is how the FTC will treat the complaint and what kind
of power it has to act on such Internet privacy issues.”50

52. Analyst Greg Sterling of Sterling Market Research recognizes the Complaint as a
catalyst for change: “We’ve seen this movie before. They do something aggressive
around disclosure of information, and then people come out of the woodwork and
there’s some response of ‘We hear you.’ It has to rise to a certain level, such as this
complaint, before there’s any action.” He adds, “There’s absolutely no benefit to
sharing your personal information with the whole web.”51

Facebook Continues its Unfair and Deceptive Trade Practices and Even
Misrepresents the Role of the Commission in this Matter.

53. On December 17, 2009, following the filing of the Complaint with the FTC,
Facebook made several public statements. Spokesperson Barry Schnitt asserted, “We
discussed the privacy program with many regulators, including the F.T.C., prior to
launch and expect to continue to work with them in the future.”52 Another

49
Commenter Valderost, Formal Review of Changes would Benefit Everyone, Slashdot, Dec. 17, 2009,
http://yro.slashdot.org/comments.pl?sid=1482434&cid=30480696.
50
Alexei Oreskovic, Facebook Privacy Backlash in FTC’s Hands, Reuters (Dec. 18, 2009),
http://blogs.reuters.com/mediafile/2009/12/18/facebook-privacy-backlash-in-ftcs-hands/.
51
Greg Sterling, Sterling Market Research, as quoted in Richard Koman, FTC Complaint Escalates
Facebook’s Privacy Woes, Newsfactor (Dec. 17, 2009),
http://www.newsfactor.com/story.xhtml?story_id=70684.
52
See, e.g., Brad Stone, Privacy Group Files Complaint on Facebook Changes, N.Y. Times (Dec. 17,
2009), available at http://bits.blogs.nytimes.com/2009/12/17/privacy-group-files-complaint-on-facebook-
privacy-changes/; Alexei Oreskovic, Facebook Privacy Backlash in FTC’s Hands, Reuters (Dec. 18, 2009),
14
spokesperson, Andrew Noyes, also stated that the company spoke with the FTC
before the changes. He explained, “We’ve had productive discussions with dozens of
organizations around the world about the recent changes . . . .”53

54. On December 23, 2009, EPIC filed a Freedom of Information Act request with the
FTC.54 EPIC requested documents pertaining to the communications Facebook
spokespersons alleged the company had with the federal agency.

55. On January 4, 2010, FTC Chairman Jon Leibowitz responded to Facebook’s public
comments concerning the company’s privacy changes. Chairman Leibowitz clarified
that the agency does not approve privacy policies:

We aren’t generally in the business of giving general advisory opinion in

advance. I certainly don’t think anyone would suggest that we would pre-
clear their new privacy policy. It may be good. It may be better or it may

available at http://blogs.reuters.com/mediafile/2009/12/18/facebook-privacy-backlash-in-ftcs-hands/;
Jessica A. Vascellaro, Groups File Facebook Complaint, Wall Street Journal at B7 (Dec. 18, 2009),
available at http://online.wsj.com/article/SB20001424052748704238104574602262735234366.html;
Jacqui Cheng, FTC Complaint Says Facebook’s Privacy Changes are Deceptive, Ars Technica (Dec. 21,
2009), available at http://arstechnica.com/tech-policy/news/2009/12/ftc-complaint-says-facebooks-privacy-
changes-are-deceptive.ars; Robert McMillan, Privacy Groups Bring Facebook Complaints to FTC,
ComputerWorld (Dec. 17, 2009), available at http://news.idg.no/cw/art.cfm?id=9E5BB9A6-1A64-67EA-
E40759B3AFCD4AC7.
53
See, e.g., Barbara Ortutay, Privacy Watchdog Files Complaint against Facebook, Washington Post (Dec.
17, 2009), available at http://www.washingtonpost.com/wp-
dyn/content/article/2009/12/17/AR2009121702842.html; Peter Kafka, Next Step in Facebook Privacy
Blowback: The FTC Complaint. The Real Question: Will Advertisers Care?, All Things Digital (Dec. 17,
2009); available at http://mediamemo.allthingsd.com/20091217/next-step-in-the-facebook-privacy-
blowback-the-ftc-complaint-will-advertisers-care/; John Letzing, Privacy Groups file FTC Complaint
against Facebook, MarketWatch (Dec. 17, 2009), available at http://www.marketwatch.com/story/privacy-
groups-file-ftc-complaint-against-facebook-2009-12-17; Ryan Singel, Facebook Privacy Changes Break
the Law, Privacy Groups Tell FTC, Wired (Dec. 17, 2009), available at
http://www.wired.com/epicenter/2009/12/facebook-ftc-complaint/; Katherine Noyes, Privacy Groups Take
Facebook Quarrel to the Feds, Tech News World (Dec. 18, 2009), available at
http://www.technewsworld.com/story/68939.html; JC Raphael, Facebook Ignites War of Worlds, PC World
(Dec. 17, 2009), available at
http://www.pcworld.com/article/185033/facebook_privacy_complaint_ignites_war_of_words.html.

54
Electronic Privacy Information Center, FOIA Request to FTC, FOIA-2010-00283 (filed Dec. 23, 2009),
available at http://epic.org/privacy/inrefacebook/FTC_Facebook_FOIA.pdf.
15
not be better. But we aren’t the film industry; we don’t greenlight like the
film industry does.55

CONCLUSION

56. Petitioners incorporate by reference the Requests for Relief set forth in the
Complaint.56

57. Further, Petitioners request the Commission investigate the issues raised by the
comments of the anonymous Facebook employee.

Respectfully submitted,

Marc Rotenberg, EPIC Executive Director

Kimberly Nguyen, EPIC Consumer Privacy Counsel
Jared Kaprove, EPIC Domestic Surveillance Counsel

ELECTRONIC PRIVACY INFORMATION CENTER

1718 Connecticut Ave., NW Suite 200
Washington, DC 20009
202-483-1140 (tel)
202-483-1248 (fax)

55
Cecilia Kang, FTC to Facebook: We aren’t in the movie business, we don’t greenlight privacy policies,
Wash. Post (Jan. 4, 2010), available at
http://voices.washingtonpost.com/posttech/2010/01/jon_leibowitz_chairman_of_the.html.
56
Supra note 1, at 28.
16