Feeds

EFF fights Facebook bid to outlaw one-stop social apps

Opposes power play against aggregator site

Protecting against web application threats using SSL

A civil liberties watchdog has challenged Facebook's legal claims that an unauthorized third-party site that helps users login automatically violates criminal laws.

In a friend-of-the-court brief filed Monday, the Electronic Frontier Foundation said Facebook users have a legal right to choose how they access their accounts. It went on to argue that Facebook attorneys were misapplying California's criminal hacking statutes to prevent account holders from using alternative methods of accessing their data.

The brief comes in a lawsuit Facebook filed against Power Ventures, which offers a service that aggregates friends, messages and other data from a variety of social networking sites. In private communications and in court filings, Facebook has accused Power of violating California's criminal hacking law because Facebook's terms of service bar users from accessing their information through "automatic means."

"If Facebook's proposed construction of section 502(c) in this case is correct, millions of otherwise innocent internet users would potentially be committing frequent criminal violations of the law through ordinary, indeed routine, online behavior," EFF attorneys wrote.

"Similarly, allowing a private party to define criminal conduct merely by sending a letter complaining about a competitor's computer usage puts far too much power in the hands of private entities that in doing so may or may not have consumer rights and the public interest at heart."

Using Power's web-based service, a user can automatically view all his content from Twitter, LinkedIn, Orkut and Hi5 on a single screen. That eliminates the hassle of logging in to each account separately and sifting through messages and friend requests for each individual service.

While most social networking sites are willing to work with Power, Facebook objected. After its attorneys sent cease-and-desist letters and filed a complaint in federal court, Power stopped making its service available to Facebook users.

It's worth noting that Facebook's attempts to stop users from accessing their content through alternate means isn't much different than Apple deciding what apps can run on its iPhones and iPads. What sets the social networking site apart here is its invocation of criminal statutes to control the way people access content that per Facebook terms of service belong to the users who created it.

Facebook's legal theory is also notable because, taken to extremes, it threatens anyone who skirts any terms of service, such as requirements to include a person's true age, birth date or occupation in user profiles. Federal prosecutors pursued a similar track when they filed felony charges against a woman involved in creating a fake MySpace profile. The judge overseeing the case, noting fundamental problems with that strategy, eventually acquitted her.

Facebook spokesman Barry Schnitt defended the action on the grounds that Power "scrapes" user content, in violation of its terms. By then making the data available through Power's own website, the service can violate user privacy by airing restricted pictures and messages to world+dog.

"Facebook believes Power subverts privacy settings and choices people have made on Facebook by scraping their data and taking it somewhere else," he told The Reg.

In a statement, Facebook went on to say the site had no intention of criminalizing user access through automated means.

"We have sued Power to prevent Power - a third party with unknown security safeguards and data use practices - from accessing user data without adhering to the safeguards that apply to all developers and are intended to enforce the privacy decisions people make on Facebook."

A hearing on motions for summary judgment filed by both sides in the case is scheduled for June 7 before US District Judge James Ware in San Jose, California. A PDF of the EFF's Amicus Curiae filing is here. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.