Facebook doubtlessly hoped forcing open user profiles would help the social network compete more profitably with open systems like Twitter. But there could well be a multi-million-dollar price to pay for the aggressive change, particularly if Facebook broke the law.

There's been a complaint to the Federal Trade Commission, after all, as True/Slant's Kashmir Hill has written. Facebook altered its Privacy Policy to strip protections from data like friends lists and profile pictures. But it turns out you're not allowed to do that by fiat, you need to explicitly get permission from users, something Facebook's "transition tool" failed to do, even as it allowed users to keep other types of data private. Writes Hill, a sometime legal blogger:

In 2004, Gateway did something similar, changing its privacy policy to make it okay to sell information it had gathered for Hooked On Phonics users to third parties. It got into trouble for that. It had to revert to its old privacy policy, and pay a fine. (A little one, just $4,000.)

And then there are the private lawsuits. They're inevitable, right? Facebook is already on the hook for $9.5 million it agreed to pay to settle a class-action suit over its Beacon advertising system. The lawyer who prosecuted that case is busily milking this new legal field; he's now suing Netflix for upwards of $2.5 billion for allegedly violating its privacy policy.

Facebook's last payment of $9.5 million is not a huge dent in a company that will make more than $500 million this year. It looks like the next payout one should be bigger — or it's just a cost of doing business (as usual).