Facebook has a new policy: http://www.facebook.com/note.php?note_id=10150162286770301
The comment period is now closed, after I went through it in detail. So, here are my thoughts.
Section 2, paragraph 1 interprets “intellectual property” solely to include such things as photos and videos. I believe that this should be expanded to include text; in particular because IP law does include text.
Section 2, paragraph 1 states that intellectual property may be sub-licensed. Please clarify what you intend by transferring this right to Facebook.
Section 2, paragraph 2 stipulates that “…removed content may persist in backup copies for a reasonable period of time” and “…will not be available to others.” Please clarify what “reasonable” may be interpreted to mean, as it seems reasonable that someone would want to know how long a particular photo might be lingering in your systems. Also, please clarify to whom the word “others” refers; specifically, does this also include law enforcement and/or governmental agencies? Only via the subpoena process? If not via subpoena only, please provide some explanation as to the relationship you maintain with such agencies.
Section 4, paragraphs 1 and 2 should be stricken from the agreement entirely. Their intent may be to ensure that everyone is relating to a “real” person, but they are unnecessarily restrictive, and disallow certain anonymous / pseudonymous behavior. For example, persons transitioning from one gender to another may find it immensely valuable to be able to “live” as their intended gender via Facebook. This is, perhaps, quite a valuable means of them doing so. There are other cases in which people use the freedom of anonymity / pseudonymity which are not illegal or nefarious; this is one of the most valued features of the world wide web. By legally marginalizing this use, you are undermining one of the fundamental pieces of our society.
Section 9, paragraph 6 states that “You will provide customer support for your application.” This places an unreasonable burden upon application developers, who are contributing to the environment of Facebook for no charge, in their spare time, and for the pleasure of providing an application. If an application is poorly written or executed, the users of the application may choose not to participate, and this should be enough of an incentive to provide some level of customer support. To mandate that customer support be provided may reduce the number of applications available, and is removing some of the pleasure of developing applications: application development, for many on Facebook, is not a job; to throw a requirement out here like this is to make it seem more like work and less like participating in a social experience. This paragraph should be removed.
Section 9, paragraph 17 needs to be expanded to describe what type of analysis you are intending to perform. Does this include reverse-engineering an application? What will be done with the analysis? Should you reverse-engineer an application, who owns the code? Certainly, it is standard practice in software development to prohibit such behavior; one would think that Facebook should be prohibited from such theft of intellectual property.
Section 9, paragraph 19 states that you reserve the right to develop applications in competition with user-developed applications. Will these, perhaps, be the product of any “analysis” and/or “audit” as laid out in paragraphs 17 and 18? If so, how is this fair to application developers, and how does it not infringe upon their intellectual property?
Section 10, paragraph 3 should be removed. Essentially, you are stating that (as per Section 3, paragraph 1) users of Facebook are prohibited from unsolicited commercial use of Facebook, yet not only is Facebook allowed to engage in such activity, but Facebook also reserves the right to disguise such spam.
Section 16 needs to be expanded to provide information about whether the data retained by Facebook will be kept in accordance with such laws as the UK Data Protection Act 1998. Specifically, after what time period will personal information be destroyed (when no longer needed)?