STE WILLIAMS

Social networking giant Facebook is being sued in California by two users who allege that the company intercepts “content of …users’ communications.”

According to the class action lawsuit, instigated by Matthew Campbell and Michael Hurley, Facebook has allegedly violated the Electronic Communications Privacy Act in addition to several California state laws.

The basis of the plaintiffs’ complaint is that Facebook’s use of the word “private” is misleading when applied to its own internal messaging system.

Campbell and Hurley claim that the company scans private messages in order to detect any URLs within them. The plaintiffs further claim that the company follows links that it discovers as part of the crawling process, which is something it has not explicitly disclosed to users of its service.

If Facebook discovers a ‘Like’ button on one of these pages then the system will record the private message itself as a ‘Like’ on that website, and increase the Like count by one, thereby making a public declaration out of a private communication. As point #5 of the complaint says:

Contrary to its representations, “private” Facebook messages are systematically intercepted by the Company in an effort to learn the contents of the users’ communications. In the course of the last year, independent security researchers discovered that Facebook reviews the contents of its users’ private Facebook messages for purposes unrelated to the facilitation of message transmission. When a user composes a Facebook message and includes a link to a third party website (a “URL”), the Company scans the content of the Facebook message, follows the enclosed link, and searches for information to profile the message-sender’s web activity.

The lawsuit claims that Facebook does this in order to mine data and make money from it by sharing information with third parties such as advertisers, marketers and data brokers.

While the plaintiffs do acknowledge the fact that Facebook has a data usage policy that discloses how the company receives information when users interact with the site, they argue that its wording does not make it clear that Facebook “scans, mines, and manipulates the content of its users’ private messages… in direct conflict with the assurances it provides to its users regarding the privacy and control they should expect.”

As part of their claim the plaintiffs are seeking compensation of $100 for each day of violation or $10,000 per class member, or damages of either $5,000 per class member, or three times the actual amount of damages, whichever result is greater, as well as the cost of their legal fees.

We previously wrote about the topic of Facebook scanning private messages back in October 2012. At the time, the company said:

Absolutely no private information has been exposed and Facebook is not automatically Liking any Facebook Pages on a user’s behalf.

Many websites that use Facebook’s ‘Like’, ‘Recommend’, or ‘Share’ buttons also carry a counter next to them. This counter reflects the number of times people have clicked those buttons and also the number of times people have shared that page’s link on Facebook. When the count is increased via shares over private messages, no user information is exchanged, and privacy settings of content are unaffected. Links shared through messages do not affect the Like count on Facebook Pages.

It will be interesting to see how things pan out.

For now, it may be worth remembering that Facebook, among a great number of other large corporations, places a value on your personal data so think carefully about what you share wherever you are on the web.

Follow @Security_FAQs
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/_xDMDmxxG1I/