Could Accessing Your Own Data On Facebook Make You Criminally Liable?

from the hopefully-a-court-says-otherwise dept

We've been following the rather bizarre and dangerous lawsuit filed by Facebook against Power.com, an online service that tries to let users aggregate various social networking activity into a single service. All Power.com does is let a willing user have Power.com's tools log into Facebook and reuse/reformat the data within its own framework. From a user's perspective, this could be quite useful. From Facebook's perspective this is both a violation of copyright law and a violation of computer hacking laws. Why? Because Facebook says so. That is, it says so in its terms of service, and it's arguing that in ignoring the terms of service, Power.com is criminally hacking.

The EFF has filed a new amici brief in the case pointing out the logical problems with this argument. It's saying that if a user chooses to access his or her own data that is stored in Facebook, using a tool of his or her own choice... that can open themselves up to criminal liability, just because it violates some random term in Facebook's terms of service. That clearly seems to go way beyond the purpose of anti-computer hacking laws:
This is not an esoteric business issue, because the legal theories Facebook is pushing forward would make it a crime not to comply with terms of service. People have already faced criminal charges for violating a site's terms of use policy. For example, in United States v. Lori Drew, a woman was charged with violating the federal computer crime law for creating a false profile that was used to communicate inappropriately with a teenager who eventually committed suicide. EFF filed an amicus brief in that case arguing that terms of service do not define criminal behavior, and the charges were eventually dismissed. We also defended Boston College computer science student Riccardo Calixte, whose computers, cellphone and iPod were seized by local police who claimed that he violated criminal law by giving a fake name on his Yahoo account profile. A justice of the Massachusetts Supreme Judicial Court ordered police to return the property after finding there was no probable cause to search the room in the first place.

Using criminal law to enforce private website operators' terms of use puts immense coercive power behind measures that may be contrary to the interests of consumers and the public. EFF believes that users have the right to choose how they access their own data, and that services like Power's give users more options. So long as the add-on service does not access off-limits information and is not harmful to server functionality, authorized users who choose add-on technologies like Power's commit no crime. Frighteningly, under Facebook's theory, millions of Californians who disregard or don't read terms of service on the websites they visit would risk criminal liability.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hacking, terms of service
Companies: facebook, power.com


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    ChurchHatesTucker (profile), 23 Jun 2010 @ 10:52pm

    Well of course

    If you want to redact data, you've obviously got something to hide.

    link to this | view in thread ]

  2. identicon
    Nic, 24 Jun 2010 @ 12:12am

    You don't own your data

    Well, I'm not surprised. Facebook phrases it differently, but basically the ToS say that if you put your data on Facebook, they own it. It's not your data anymore. So if you try to get at what you think is your data, you're in fact trying to steal Facebook's data. Makes perfect sense to me.

    Not that it's right, of course, but it's so logical if you put yourself in Facebook's shoes...

    I am *so* happy I deleted my account with them... And I realise they still own my data there...

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 24 Jun 2010 @ 2:00am

    Criminally liable ?

    Why does the title contain an adverb: 'criminally liable' instead of simply 'criminal liable' ?

    link to this | view in thread ]

  4. icon
    RT Cunningham (profile), 24 Jun 2010 @ 2:14am

    Show me the money!

    It's obvious that Facebook put those terms into place so that you can only access your data via their interface. If you don't, then they don't make money off the advertisements.

    Facebook makes a lot of money off those advertisements.

    link to this | view in thread ]

  5. icon
    grumpy (profile), 24 Jun 2010 @ 2:25am

    Erm... how is logging in through power.com different from using a browser with plugins for e.g. remembering passwords and stripping/changing certain features? I don't see the difference. But then again, I'm still stuck in Web 1.0 and quite happy about it.

    link to this | view in thread ]

  6. icon
    PaulT (profile), 24 Jun 2010 @ 4:22am

    Re: Criminally liable ?

    Wouldn't that be criminal liability?

    link to this | view in thread ]

  7. identicon
    John Doe, 24 Jun 2010 @ 4:41am

    Similar but different situation...

    If you check out the geocaching site, there is a 3rd party Android app that scrapes the site to let users geocache with Android phones. The geocaching site erases all mention of this software in their forums. Obviously this app is an immense help to the users of the site, but as we see so often, rather than compete, they try to stop them. We can only hope someday that website operators will realize that either they provide the tools users want or someone else will.

    link to this | view in thread ]

  8. identicon
    Radjin, 24 Jun 2010 @ 4:42am

    Google too

    So the millions using Google's gadget on their Google home page to watch and comment on their Facebook account along with Google are criminally libel too. Good, Google against Facebook, bring it on... See how Facebook will bully someone a whole lot bigger.

    link to this | view in thread ]

  9. identicon
    Inquisitive, 24 Jun 2010 @ 4:47am

    So make a false statement about yourself, then sue them for libel, if they own the information.

    link to this | view in thread ]

  10. identicon
    abc gum, 24 Jun 2010 @ 5:40am

    Re:

    Yes - and following along that same line of thought ...
    Since they own the data, does that remove any safe harbor protection ?

    link to this | view in thread ]

  11. icon
    MD (profile), 24 Jun 2010 @ 6:35am

    Re: Re:

    Wow, I never thought about that. Facebook may be in violation of the EU Privacy Directive if they are transmitting data that the directive seeks to protect.

    As far as Safe Harbor, its more a set of loose guidelines than hard rules. Just say you have the proper security measures in place and that's all - poof, you comply with Safe Harbor.

    This case reminds me of the iPad pulse app and the crime data cases. All this thing does is scrape the data and rearrange it.

    I can't believe people are still naieve enough to continue using Facebook when they own everything you do on there.

    link to this | view in thread ]

  12. identicon
    Josiah, 24 Jun 2010 @ 6:40am

    Re:

    Thank you. You're either the smartest one here, or you stumbled upon the most important point of this case. It's sort of a what "is" is issue.

    link to this | view in thread ]

  13. icon
    MD (profile), 24 Jun 2010 @ 6:46am

    Re: You don't own your data

    Here's a hypothetical - You post some awesome pictures up on Facebook. Someone sees these pictures and offeres you money for them b/c they are so great. Since you use Facebook to store your pics, you download it from the album, and send a copy, digital or otherwise, to this person who in turn sends you money.

    Did you just steal your own picture from Facebook and sell it?

    link to this | view in thread ]

  14. icon
    Chuck Norris' Enemy (deceased) (profile), 24 Jun 2010 @ 8:07am

    Re: You don't own your data

    Just because they have a ToS doesn't make it legally enforceable. Think about the battle in court that will need to be done if there was a squirmish over a picture you store on Facebook and sell to somebody else to use. You own the copyright on the photo, Facebook can't take that from you just because their ToS says they can.

    link to this | view in thread ]

  15. icon
    Chuck Norris' Enemy (deceased) (profile), 24 Jun 2010 @ 8:09am

    Re: Re: Criminally liable ?

    And still wrong!

    link to this | view in thread ]

  16. identicon
    MrWilson, 24 Jun 2010 @ 10:50am

    Criminally liable

    "Criminally" is an adverb. Adverbs modify adjectives (among other things). "Liable" is an adjective.

    "Criminal liable" is incorrect. Adjectives don't modify other adjectives. "Criminal liability" would be incorrect in the context of the title because accessing your data cannot transform a person in to a conceptual idea such as "criminal liability."

    So the title is correct.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 24 Jun 2010 @ 8:39pm

    "a violation of computer hacking laws."

    Faster than a broadband download. More powerful than a mainframe. Able to hack corporate firewalls in a single click. It's a proxy. It's a botnet. It's SUPERHACKER.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 24 Jun 2010 @ 8:54pm

    Funny

    Proxy servers does cache images from Facebook. So every single company in the region that has proxy server as security measure are liable.

    I guess that'd be yet another reason to block Facebook from work.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 24 Jun 2010 @ 10:58pm

    Re: Re: You don't own your data

    "You own the copyright on the photo, Facebook can't take that from you just because their ToS says they can."

    Says who?

    At any rate, Facebook's ToS are clear that you retain copyright in pics posted on FB, but if they said "a condition to using our awesome site is that you assign us all rights in your photos," what makes you think that would be unenforceable?

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 24 Jun 2010 @ 11:01pm

    Nit to pick. Should be "amicus" instead of "amici" when referring to a single entity/brief.

    link to this | view in thread ]

  21. icon
    Blamer .. (profile), 1 Jul 2010 @ 7:55pm

    choose your own ToS adventure

    When we're clicking on an OK / AGREE / NEXT button, please understand that we're just trying to get on to your software or website.

    We aren't PROMISING you anything or WAIVING any rights or in ANY WAY caring to spead time reading whatever verbose legal ass-covering paranoid mumbo jumbo you felt the need to assert in preparation for that day when your empire begins to crumble.

    link to this | view in thread ]

  22. identicon
    Balenciaga Handbags paypal, 13 Oct 2010 @ 10:57pm

    Balenciaga Handbags paypal

    Searching for Balenciaga Handbags paypal? Plenty of replica Balenciaga Handbags paypal online sale at discount price, if you like, come and choose which you want.We specialize in Balenciaga Handbags paypal,the quality of the fake Balenciaga Handbags paypal is maintained to high standards such that they last for a long time as the original handbags.

    link to this | view in thread ]

  23. identicon
    Balenciaga Handbags paypal, 13 Oct 2010 @ 10:57pm

    Balenciaga Handbags paypal

    Searching for Balenciaga Handbags paypal? Plenty of replica Balenciaga Handbags paypal online sale at discount price, if you like, come and choose which you want.We specialize in Balenciaga Handbags paypal,the quality of the fake Balenciaga Handbags paypal is maintained to high standards such that they last for a long time as the original handbags.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.