Agentless Backup is Not a Myth

A civil liberties watchdog has challenged Facebook's legal claims that an unauthorized third-party site that helps users login automatically violates criminal laws.

In a friend-of-the-court brief filed Monday, the Electronic Frontier Foundation said Facebook users have a legal right to choose how they access their accounts. It went on to argue that Facebook attorneys were misapplying California's criminal hacking statutes to prevent account holders from using alternative methods of accessing their data.

"If Facebook's proposed construction of section 502(c) in this case is correct, millions of otherwise innocent internet users would potentially be committing frequent criminal violations of the law through ordinary, indeed routine, online behavior," EFF attorneys wrote.

"Similarly, allowing a private party to define criminal conduct merely by sending a letter complaining about a competitor's computer usage puts far too much power in the hands of private entities that in doing so may or may not have consumer rights and the public interest at heart."

Using Power's web-based service, a user can automatically view all his content from Twitter, LinkedIn, Orkut and Hi5 on a single screen. That eliminates the hassle of logging in to each account separately and sifting through messages and friend requests for each individual service.

While most social networking sites are willing to work with Power, Facebook objected. After its attorneys sent cease-and-desist letters and filed a complaint in federal court, Power stopped making its service available to Facebook users.

It's worth noting that Facebook's attempts to stop users from accessing their content through alternate means isn't much different than Apple deciding what apps can run on its iPhones and iPads. What sets the social networking site apart here is its invocation of criminal statutes to control the way people access content that per Facebook terms of service belong to the users who created it.

Facebook's legal theory is also notable because, taken to extremes, it threatens anyone who skirts any terms of service, such as requirements to include a person's true age, birth date or occupation in user profiles. Federal prosecutors pursued a similar track when they filed felony charges against a woman involved in creating a fake MySpace profile. The judge overseeing the case, noting fundamental problems with that strategy, eventually acquitted her.

Facebook spokesman Barry Schnitt defended the action on the grounds that Power "scrapes" user content, in violation of its terms. By then making the data available through Power's own website, the service can violate user privacy by airing restricted pictures and messages to world+dog.

"Facebook believes Power subverts privacy settings and choices people have made on Facebook by scraping their data and taking it somewhere else," he told The Reg.

In a statement, Facebook went on to say the site had no intention of criminalizing user access through automated means.

"We have sued Power to prevent Power - a third party with unknown security safeguards and data use practices - from accessing user data without adhering to the safeguards that apply to all developers and are intended to enforce the privacy decisions people make on Facebook."

A hearing on motions for summary judgment filed by both sides in the case is scheduled for June 7 before US District Judge James Ware in San Jose, California. A PDF of the EFF's Amicus Curiae filing is here. ®

Steps to Take Before Choosing a Business Continuity Partner