Feeds

EFF fights Facebook bid to outlaw one-stop social apps

Opposes power play against aggregator site

Choosing a cloud hosting partner with confidence

A civil liberties watchdog has challenged Facebook's legal claims that an unauthorized third-party site that helps users login automatically violates criminal laws.

In a friend-of-the-court brief filed Monday, the Electronic Frontier Foundation said Facebook users have a legal right to choose how they access their accounts. It went on to argue that Facebook attorneys were misapplying California's criminal hacking statutes to prevent account holders from using alternative methods of accessing their data.

The brief comes in a lawsuit Facebook filed against Power Ventures, which offers a service that aggregates friends, messages and other data from a variety of social networking sites. In private communications and in court filings, Facebook has accused Power of violating California's criminal hacking law because Facebook's terms of service bar users from accessing their information through "automatic means."

"If Facebook's proposed construction of section 502(c) in this case is correct, millions of otherwise innocent internet users would potentially be committing frequent criminal violations of the law through ordinary, indeed routine, online behavior," EFF attorneys wrote.

"Similarly, allowing a private party to define criminal conduct merely by sending a letter complaining about a competitor's computer usage puts far too much power in the hands of private entities that in doing so may or may not have consumer rights and the public interest at heart."

Using Power's web-based service, a user can automatically view all his content from Twitter, LinkedIn, Orkut and Hi5 on a single screen. That eliminates the hassle of logging in to each account separately and sifting through messages and friend requests for each individual service.

While most social networking sites are willing to work with Power, Facebook objected. After its attorneys sent cease-and-desist letters and filed a complaint in federal court, Power stopped making its service available to Facebook users.

It's worth noting that Facebook's attempts to stop users from accessing their content through alternate means isn't much different than Apple deciding what apps can run on its iPhones and iPads. What sets the social networking site apart here is its invocation of criminal statutes to control the way people access content that per Facebook terms of service belong to the users who created it.

Facebook's legal theory is also notable because, taken to extremes, it threatens anyone who skirts any terms of service, such as requirements to include a person's true age, birth date or occupation in user profiles. Federal prosecutors pursued a similar track when they filed felony charges against a woman involved in creating a fake MySpace profile. The judge overseeing the case, noting fundamental problems with that strategy, eventually acquitted her.

Facebook spokesman Barry Schnitt defended the action on the grounds that Power "scrapes" user content, in violation of its terms. By then making the data available through Power's own website, the service can violate user privacy by airing restricted pictures and messages to world+dog.

"Facebook believes Power subverts privacy settings and choices people have made on Facebook by scraping their data and taking it somewhere else," he told The Reg.

In a statement, Facebook went on to say the site had no intention of criminalizing user access through automated means.

"We have sued Power to prevent Power - a third party with unknown security safeguards and data use practices - from accessing user data without adhering to the safeguards that apply to all developers and are intended to enforce the privacy decisions people make on Facebook."

A hearing on motions for summary judgment filed by both sides in the case is scheduled for June 7 before US District Judge James Ware in San Jose, California. A PDF of the EFF's Amicus Curiae filing is here. ®

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.