Facebook Sued For Mining User Data From Private Messaging
Over the past few years, Facebook has been caught handing over user information to advertisers (including names and user IDs, despite promises to anonymize the information). According to the complaint, however, FB has been caught "clicking" on links shared between two users. Let's say you're communicating with a friend on FB and send them a link to a third party website. The complaint states that:
"When a user composes a Facebook message and includes a link to a third party website (a “URL”), the Company scans the content of the Facebook message, follows the enclosed link, and searches for information to profile the message-sender’s web activity."
The complaint goes on to say that this information is generally available to web developers and is part of Facebook's attempt to increase its advertising value by sharing more detailed profiles of what its users do (and discuss) on site. This fits into the pattern we've seen recently with FB taking an interest in what people don't say.
Looking at my own FB account, for example, I write for Hot Hardware, but I share stories from a wide range of sources including Slate, The Atlantic, Tech Report, and a number of other sites. But I don't currently "Like" Slate, The Atlantic, or Tech Report. I do like Hot Hardware. Clearly it's not sufficient for FB to build a profile of my user activity simply by monitoring my "Likes," because I like stories on sites I don't necessarily click on within Facebook.
Why haven't I clicked on those "Like" buttons? Maybe I haven't had time. Maybe I don't want to. Maybe I try to limit the amount of time I spend on FB. But regardless, to FB's mind, that's all useful advertising data I'm generating but haven't been kind enough to put in a form for them to sell. The lawsuit obviously alleges that this activity is illegal because FB positions itself as providing a private service yet has no intention of doing anything of the sort.
The ugly question
The problem with Facebook's approach is that it's the latest in a long line of companies' pushing advertising data in ways consumers probably don't expect. It's one thing to say that when you sign up for an AT&T cell phone, you expect that AT&T will keep a record of those calls. Imagine if AT&T said it also scanned your text messages, browsed websites, and private notes so it could spam you with advertising. Does a relationship with AT&T logically mean you expect AT&T to sell your entire suite of data to a third-party?
So far, in the eyes of the courts, the answer is "Yes." The burden, in the US, has been placed entirely on consumers to understand that by agreeing to use a site like Facebook, you are, in effect, agreeing that everything you do, say, click, don't click, like, don't like, and communicate, in any form, is not private. Even your private messages aren't private.
Just as Google has defended its right to read the email of correspondents who aren't Gmail users, Facebook will undoubtedly defend this as a logical extension of its right to use its own network resources. Left unanswered is the question of what privacy rights users actually possess if every communication over every network can be spied on simply because the carrier that owns it wants to mine it for advertising. So far, the answer to that question (outside of restrictions on the use of medical data) is "None."