Facebook Engineers Working on Privacy Features
Facebook engineers are regularly innovating around privacy and security to protect their users, according to Egan. An example is the social authentication feature rolled out last year. Whenever there is a hint that the user may not be who he or she claims to be, it's important to ask for more information. Social authentication requires users to identify photos of their Facebook "friends" that are mixed in with other photos in order to verify their identity. The person trying to break into a Facebook account may know the password, but "they probably don't know your friends," Egan said.Privacy is a "shared responsibility" between users and the company, according to Egan. The company needs to be upfront about what it will do with the data it collects, but users also need to think about what they want to do with the data. The new profile page Timeline that Facebook is planning to roll out to all users is a good example of how the company uses data. The information is laid out and presented so that users have a record of events and can create a scrapbook easily. But if people don't want the information out there, they can easily decide to get rid of that piece of data. The control remains in the user's hands, she said. Facebook has worked hard to simplify the privacy policies on its site and explain to users how the data being collected is being used. The site provides a download tool that allows users to see exactly what Facebook has about them, Egan said. Inline controls also allow people to adjust who can see their information on an item-by-item basis. Finally, the company knows it is accountable to the users because if it is not viewed as being trustworthy, users won't use the service, Egan said. Accountability also extends to the government, and Egan said Facebook is embracing its responsibilities as outlined under the recent settlement with the Federal Trade Commission on how it should handle user data and obtain consent.
Before any product is launched at Facebook, a cross-functional team sits down and reviews its privacy and security implications, Egan said. Decisions made to safeguard user privacy, such as how long to keep the data, are implemented by security and back-end teams, she said.