Could Accessing Your Own Data On Facebook Make You Criminally Liable?

from the hopefully-a-court-says-otherwise dept

We've been following the rather bizarre and dangerous lawsuit filed by Facebook against Power.com, an online service that tries to let users aggregate various social networking activity into a single service. All Power.com does is let a willing user have Power.com's tools log into Facebook and reuse/reformat the data within its own framework. From a user's perspective, this could be quite useful. From Facebook's perspective this is both a violation of copyright law and a violation of computer hacking laws. Why? Because Facebook says so. That is, it says so in its terms of service, and it's arguing that in ignoring the terms of service, Power.com is criminally hacking.

The EFF has filed a new amici brief in the case pointing out the logical problems with this argument. It's saying that if a user chooses to access his or her own data that is stored in Facebook, using a tool of his or her own choice... that can open themselves up to criminal liability, just because it violates some random term in Facebook's terms of service. That clearly seems to go way beyond the purpose of anti-computer hacking laws:
This is not an esoteric business issue, because the legal theories Facebook is pushing forward would make it a crime not to comply with terms of service. People have already faced criminal charges for violating a site's terms of use policy. For example, in United States v. Lori Drew, a woman was charged with violating the federal computer crime law for creating a false profile that was used to communicate inappropriately with a teenager who eventually committed suicide. EFF filed an amicus brief in that case arguing that terms of service do not define criminal behavior, and the charges were eventually dismissed. We also defended Boston College computer science student Riccardo Calixte, whose computers, cellphone and iPod were seized by local police who claimed that he violated criminal law by giving a fake name on his Yahoo account profile. A justice of the Massachusetts Supreme Judicial Court ordered police to return the property after finding there was no probable cause to search the room in the first place.

Using criminal law to enforce private website operators' terms of use puts immense coercive power behind measures that may be contrary to the interests of consumers and the public. EFF believes that users have the right to choose how they access their own data, and that services like Power's give users more options. So long as the add-on service does not access off-limits information and is not harmful to server functionality, authorized users who choose add-on technologies like Power's commit no crime. Frighteningly, under Facebook's theory, millions of Californians who disregard or don't read terms of service on the websites they visit would risk criminal liability.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    ChurchHatesTucker (profile), Jun 23rd, 2010 @ 10:52pm

    Well of course

    If you want to redact data, you've obviously got something to hide.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Nic, Jun 24th, 2010 @ 12:12am

    You don't own your data

    Well, I'm not surprised. Facebook phrases it differently, but basically the ToS say that if you put your data on Facebook, they own it. It's not your data anymore. So if you try to get at what you think is your data, you're in fact trying to steal Facebook's data. Makes perfect sense to me.

    Not that it's right, of course, but it's so logical if you put yourself in Facebook's shoes...

    I am *so* happy I deleted my account with them... And I realise they still own my data there...

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      MD (profile), Jun 24th, 2010 @ 6:46am

      Re: You don't own your data

      Here's a hypothetical - You post some awesome pictures up on Facebook. Someone sees these pictures and offeres you money for them b/c they are so great. Since you use Facebook to store your pics, you download it from the album, and send a copy, digital or otherwise, to this person who in turn sends you money.

      Did you just steal your own picture from Facebook and sell it?

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Chuck Norris' Enemy (deceased) (profile), Jun 24th, 2010 @ 8:07am

      Re: You don't own your data

      Just because they have a ToS doesn't make it legally enforceable. Think about the battle in court that will need to be done if there was a squirmish over a picture you store on Facebook and sell to somebody else to use. You own the copyright on the photo, Facebook can't take that from you just because their ToS says they can.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jun 24th, 2010 @ 10:58pm

        Re: Re: You don't own your data

        "You own the copyright on the photo, Facebook can't take that from you just because their ToS says they can."

        Says who?

        At any rate, Facebook's ToS are clear that you retain copyright in pics posted on FB, but if they said "a condition to using our awesome site is that you assign us all rights in your photos," what makes you think that would be unenforceable?

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 24th, 2010 @ 2:00am

    Criminally liable ?

    Why does the title contain an adverb: 'criminally liable' instead of simply 'criminal liable' ?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    RT Cunningham (profile), Jun 24th, 2010 @ 2:14am

    Show me the money!

    It's obvious that Facebook put those terms into place so that you can only access your data via their interface. If you don't, then they don't make money off the advertisements.

    Facebook makes a lot of money off those advertisements.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    grumpy (profile), Jun 24th, 2010 @ 2:25am

    Erm... how is logging in through power.com different from using a browser with plugins for e.g. remembering passwords and stripping/changing certain features? I don't see the difference. But then again, I'm still stuck in Web 1.0 and quite happy about it.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Josiah, Jun 24th, 2010 @ 6:40am

      Re:

      Thank you. You're either the smartest one here, or you stumbled upon the most important point of this case. It's sort of a what "is" is issue.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    John Doe, Jun 24th, 2010 @ 4:41am

    Similar but different situation...

    If you check out the geocaching site, there is a 3rd party Android app that scrapes the site to let users geocache with Android phones. The geocaching site erases all mention of this software in their forums. Obviously this app is an immense help to the users of the site, but as we see so often, rather than compete, they try to stop them. We can only hope someday that website operators will realize that either they provide the tools users want or someone else will.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Radjin, Jun 24th, 2010 @ 4:42am

    Google too

    So the millions using Google's gadget on their Google home page to watch and comment on their Facebook account along with Google are criminally libel too. Good, Google against Facebook, bring it on... See how Facebook will bully someone a whole lot bigger.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Inquisitive, Jun 24th, 2010 @ 4:47am

    So make a false statement about yourself, then sue them for libel, if they own the information.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      abc gum, Jun 24th, 2010 @ 5:40am

      Re:

      Yes - and following along that same line of thought ...
      Since they own the data, does that remove any safe harbor protection ?

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        MD (profile), Jun 24th, 2010 @ 6:35am

        Re: Re:

        Wow, I never thought about that. Facebook may be in violation of the EU Privacy Directive if they are transmitting data that the directive seeks to protect.

        As far as Safe Harbor, its more a set of loose guidelines than hard rules. Just say you have the proper security measures in place and that's all - poof, you comply with Safe Harbor.

        This case reminds me of the iPad pulse app and the crime data cases. All this thing does is scrape the data and rearrange it.

        I can't believe people are still naieve enough to continue using Facebook when they own everything you do on there.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    MrWilson, Jun 24th, 2010 @ 10:50am

    Criminally liable

    "Criminally" is an adverb. Adverbs modify adjectives (among other things). "Liable" is an adjective.

    "Criminal liable" is incorrect. Adjectives don't modify other adjectives. "Criminal liability" would be incorrect in the context of the title because accessing your data cannot transform a person in to a conceptual idea such as "criminal liability."

    So the title is correct.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 24th, 2010 @ 8:39pm

    "a violation of computer hacking laws."

    Faster than a broadband download. More powerful than a mainframe. Able to hack corporate firewalls in a single click. It's a proxy. It's a botnet. It's SUPERHACKER.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 24th, 2010 @ 8:54pm

    Funny

    Proxy servers does cache images from Facebook. So every single company in the region that has proxy server as security measure are liable.

    I guess that'd be yet another reason to block Facebook from work.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 24th, 2010 @ 11:01pm

    Nit to pick. Should be "amicus" instead of "amici" when referring to a single entity/brief.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Blamer .. (profile), Jul 1st, 2010 @ 7:55pm

    choose your own ToS adventure

    When we're clicking on an OK / AGREE / NEXT button, please understand that we're just trying to get on to your software or website.

    We aren't PROMISING you anything or WAIVING any rights or in ANY WAY caring to spead time reading whatever verbose legal ass-covering paranoid mumbo jumbo you felt the need to assert in preparation for that day when your empire begins to crumble.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Balenciaga Handbags paypal, Oct 13th, 2010 @ 10:57pm

    Balenciaga Handbags paypal

    Searching for Balenciaga Handbags paypal? Plenty of replica Balenciaga Handbags paypal online sale at discount price, if you like, come and choose which you want.We specialize in Balenciaga Handbags paypal,the quality of the fake Balenciaga Handbags paypal is maintained to high standards such that they last for a long time as the original handbags.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Balenciaga Handbags paypal, Oct 13th, 2010 @ 10:57pm

    Balenciaga Handbags paypal

    Searching for Balenciaga Handbags paypal? Plenty of replica Balenciaga Handbags paypal online sale at discount price, if you like, come and choose which you want.We specialize in Balenciaga Handbags paypal,the quality of the fake Balenciaga Handbags paypal is maintained to high standards such that they last for a long time as the original handbags.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This