Facebook Lawsuit Over Scanning Of Private Messages Moves Forward, But Plaintiffs Will Receive No Money

Image courtesy of Great Beyond

Way back in late 2013, a lawsuit accused Facebook of scanning links in users’ private messages and turning them into public “Likes,” from which the company earned revenue. This week, a federal court certified the class action, giving it the green light to move forward, but none of the plaintiffs should expect to see any money if they prevail at trial.

According to the complaint, which was amended in April 2014 [PDF], when someone pasted a URL into a private message with another user, “Facebook treated the content of Plaintiffs’ private messages as an endorsement of the website, adding up to two ‘Likes’ to the page’s count.”

So even if you wrote your buddy, “Hey, check out this awful website!” Facebook might still consider the sharing and any subsequent clicking on that link as an endorsement.

In a court order [PDF] granting class certification to the lawsuit, more details have come out on why and how Facebook uses this information from private messages.

Through the discovery process, the plaintiffs point to internal Facebook emails to support their claims. One email refers to the “acknowledged problem” that “a shortage of likes is limiting the number of users that can be targeted by their interests and thereby affecting revenue.” A second employee email more explicitly states that the motivation behind including private-message data in “Like” counts was to make the counts “as big as possible.”

Yet another employee wrote in an email that “we have intentionally not proactively messaged what this [Like] number is since it’s kind of sketchy how we construct it.”

Even Facebook CEO Mark Zuckerburg chimed in on the issue in an email, complaining that the “Like” equivalents on Twitter were higher than what you’d see on Facebook, and that “we should be showing the largest number we can rationalize showing.”

In addition to racking up potentially bonus “Likes” for web pages, the plaintiffs claimed that Facebook scrapes the data from these private messages to create profiles of users, which are then used to deliver targeted advertising.

The plaintiffs originally sought to define the offended class as all Facebook users located within the U.S. “who have sent or received private messages that included URLs in their content, from within two years before the filing of this action up through and including the date when Facebook ceased its practice.”

Then, when it came time to file the motion to certify the plaintiff class, the description became simultaneously more generous — removing a reference to Facebook having ended the practice — and more specific, adding the requirement that Facebook must have “generated a URL attachment” from the link shared in the private message.

The plaintiffs say that both changes to the class description were based on things they learned during the discovery process.

Speaking of which, they also claim that having access to proprietary Facebook info has turned up other alleged violations of federal law.

First, they allege that Facebook is using info scraped from private messages not just to generate recommendations for those involved in the message itself, but also for third-party users. According to their review of Facebook’s inner workings, your friends recommendations are based, in part, on the links you share. So the collection of this data has an impact on more than the two people involved in the private conversation.

Finally, the plaintiffs claim that Facebook is sharing the data collected from private messages with third parties so that they can generate targeted recommendations.

Facebook’s lawyers and the plaintiffs’ experts have gone back and forth about whether or not it’s possible to ascertain which users may have been affected by Facebook’s data-scraping. Ultimately, the court came down on the side of the plaintiffs, finding that the class of plaintiffs was identifiable, that it was so large in scale that the plaintiffs need not provide specific numbers, and that they all involve the same common legal questions.

While the plaintiffs allege that Facebook’s scraping and sharing of the URLs from private messages constitutes a violation of the anti-wiretapping prohibitions in the Electronic Communications Privacy Act, the company contends that the ECPA only applies to the interception of the content of messages, and that all Facebook is doing is sharing the “record information” about the message, which they believe would be allowable under the law.

Facebook argues that the only way to determine if it truly scraped the content of these messages would be to perform a “URL-by-URL, message-by-message, sender-by-sender analysis” of the potentially billions of messages sent by the presumably hundreds of millions of plaintiffs in the class.

What’s more, Facebook’s position is that the URLs in these private messages do not constitute content. However, the court disagreed.

“In the messages at issue in this case, the sender is affirmatively choosing to share a certain webpage with the recipient, and the webpage itself is the ‘substance, purport, or meaning’ of the message,” writes the court. “The fact that the substance of the message happens to be in the form of a URL does not transform it from ‘content’ to ‘record information.'”

The judge notes that Facebook undermines its own argument by its practice of creating URL preview for the links that are shared in these messages.

“If the URL represented only ‘record information,’ then why would Facebook create a “preview” of it for the recipient to view?” asks the court.

However, because it will effectively be impossible to prove that the members of the class actually suffered any damage as a result of the alleged wrongdoing, the court certified the class of plaintiffs in such a way that they will not receive any monetary relief.

That means that, if the plaintiffs prevail, Facebook could be stopped from this sort of practice, but don’t expect to get any sort of payment out of it.

Facebook, in a statement to The Verge, seemed pleased with that decision.

“We agree with the court’s finding that the alleged conduct did not result in any actual harm and that it would be inappropriate to allow plaintiffs to seek damages on a class-wide basis,” explains Facebook, which contends that the “remaining claims relate to historical practices that are entirely lawful.”

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.