Feeds

EFF fights Facebook bid to outlaw one-stop social apps

Opposes power play against aggregator site

Reducing security risks from open source software

A civil liberties watchdog has challenged Facebook's legal claims that an unauthorized third-party site that helps users login automatically violates criminal laws.

In a friend-of-the-court brief filed Monday, the Electronic Frontier Foundation said Facebook users have a legal right to choose how they access their accounts. It went on to argue that Facebook attorneys were misapplying California's criminal hacking statutes to prevent account holders from using alternative methods of accessing their data.

The brief comes in a lawsuit Facebook filed against Power Ventures, which offers a service that aggregates friends, messages and other data from a variety of social networking sites. In private communications and in court filings, Facebook has accused Power of violating California's criminal hacking law because Facebook's terms of service bar users from accessing their information through "automatic means."

"If Facebook's proposed construction of section 502(c) in this case is correct, millions of otherwise innocent internet users would potentially be committing frequent criminal violations of the law through ordinary, indeed routine, online behavior," EFF attorneys wrote.

"Similarly, allowing a private party to define criminal conduct merely by sending a letter complaining about a competitor's computer usage puts far too much power in the hands of private entities that in doing so may or may not have consumer rights and the public interest at heart."

Using Power's web-based service, a user can automatically view all his content from Twitter, LinkedIn, Orkut and Hi5 on a single screen. That eliminates the hassle of logging in to each account separately and sifting through messages and friend requests for each individual service.

While most social networking sites are willing to work with Power, Facebook objected. After its attorneys sent cease-and-desist letters and filed a complaint in federal court, Power stopped making its service available to Facebook users.

It's worth noting that Facebook's attempts to stop users from accessing their content through alternate means isn't much different than Apple deciding what apps can run on its iPhones and iPads. What sets the social networking site apart here is its invocation of criminal statutes to control the way people access content that per Facebook terms of service belong to the users who created it.

Facebook's legal theory is also notable because, taken to extremes, it threatens anyone who skirts any terms of service, such as requirements to include a person's true age, birth date or occupation in user profiles. Federal prosecutors pursued a similar track when they filed felony charges against a woman involved in creating a fake MySpace profile. The judge overseeing the case, noting fundamental problems with that strategy, eventually acquitted her.

Facebook spokesman Barry Schnitt defended the action on the grounds that Power "scrapes" user content, in violation of its terms. By then making the data available through Power's own website, the service can violate user privacy by airing restricted pictures and messages to world+dog.

"Facebook believes Power subverts privacy settings and choices people have made on Facebook by scraping their data and taking it somewhere else," he told The Reg.

In a statement, Facebook went on to say the site had no intention of criminalizing user access through automated means.

"We have sued Power to prevent Power - a third party with unknown security safeguards and data use practices - from accessing user data without adhering to the safeguards that apply to all developers and are intended to enforce the privacy decisions people make on Facebook."

A hearing on motions for summary judgment filed by both sides in the case is scheduled for June 7 before US District Judge James Ware in San Jose, California. A PDF of the EFF's Amicus Curiae filing is here. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.