Facebook reiterated its plan to make users' addresses and phone numbers available to third-party developers in a letter (PDF) to US Representatives Ed Markey (D-MA) and Joe Barton (R-TX). The company wrote that it doesn't require users to grant developers access to the data, but it's still mulling additional measures to make sure users know what they're getting into before they sign their information over.

Facebook announced in January via its Developer Blog that it would soon make it easier for companies to use an API to get users' personal information, such as their home addresses and phone numbers. Developers who choose to do so are required to adhere to Facebook's Platform Policies, which forbid them from misleading or spamming users, and users still have to give each app permission to access the information before it becomes available to anyone.

Still, critics were quick to point out that rogue Facebook app developers have already managed to trick users into giving them personal data, and the move would only make things more dangerous. "You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies," Sophos senior technology consultant Graham Cluley warned at the time.

Public outcry caused Facebook to temporarily back off on its plans the same week. The "feature" was turned off for the time being. Markey and Barton followed up with a letter to Facebook in early February, asking for clarification on how the company plans to handle user privacy.

In its response, Facebook reiterated that users get to make the decision as to whether or not their information gets exposed to third parties. The company added it still hasn't decided how it plans to tweak the rollout to be clearer to its users, but said that those who opt in will be able to revoke permission later on if they choose. Facebook also said that it disabled the feature "not because of any concerns regarding compliance with its privacy policy, but rather because, after reviewing user feedback, we determined that we may [be] able to provide even more effective notice through our permissions screen."

When asked about the risks to children or teenagers who might inadvertently make their addresses available to developers, Facebook said that users under 13 aren't even allowed on the service. Still, the company is "actively considering whether to enable applications to request contact information from minors at all" in order to mitigate any risks to kids.

Markey and Barton immediately issued a response to Facebook's letter. The two representatives emphasized that the personal information of teenagers "require[s] special protection," and that there needs to be a clear way for users to rescind permission. "While permission slips give parents piece of mind, Internet permission ‘slip-ups’ can expose children and teens to dangers online. That's why it's critical that Facebook get this right," Markey said.

Despite this warning, the two seemed pleased with Facebook's position on user privacy. Of course, just because app developers agree to Facebook's terms doesn't mean they will necessarily follow them. Remember when a number of top Facebook apps were found to be collecting and selling user data against Facebook's rules late last year? Facebook ended up suspending those developers for six months, but by that time, the deed was already done.

If you're the paranoid type—which I certainly am after an old high school "friend" used my non-public info for business purposes—you may want to double check your profile to make sure there's no info in there you want to keep private.