Lawyers tried to ruin Mark Zuckerberg’s big day with a sprawling lawsuit that portrays the Facebook founder as a rogue hacker, and accuses the company of tracking users on their computers and iPhones. The lawyers want to collect $15 billion for you and me and nearly everyone else on Facebook.
Here’s a plain english Q&A of what’s going on:
What did Facebook do that was so wrong?
The company placed files on users’ computers called cookies that told the social network which websites they visited.
Is that so unusual? I thought lots of sites do that
The problem is that Facebook appears to have tracked you even after you logged-out. Under the company’s own policy, it promised not to do that and thus violated the limits of your consent when it did.
How exactly did Facebook track me?
Many websites like CNN or Justin Bieber Zone have a “Like” button that acts like an extension of Facebook. The company collects data about your visits to those sites — including, it seems, when you are logged out. The unauthorized tracking reportedly took place across smartphones and tablets too.
Well, maybe this was an honest mistake?
After blogger Nik Cubrilovic called out Facebook for stalking its users, the company awkwardly suggested that the tracking of logged-out users was a “bug” or a narrow technical measure. That claim hasn’t stood up well. Cubrilovic and German regulators soon called BS and suggested Facebook was doing this deliberately for more than a year. The lawsuit also points to a Facebook patent application for cookies that follow users after they log out.
So where did this lawsuit come from?
There are actually more than a dozen cases across the country. They were recently consolidated into one lawsuit in San Jose, California.
Why are the lawyers asking for $15 billion?
It’s a great way to grab headlines during a week the press is already in a Facebook frenzy. The $15 billion itself is loosely based on the Wiretap Act which lets people sue for $10,000 if someone records their conversation without permission. The lawsuit also cites studies that claim an individual’s web history is worth $52. There are also state law penalties. And so on. The lawyers had to pick some number so they chose $15 billion.
Will Facebook actually have to pay that $15 billion?
The short answer is no. The Wiretap Act was written with telephone conversations in mind so it’s no slam dunk that a court will decide the law should apply the same way to computer cookies (Google, HTC and Samsung are facing similar lawsuits under the same legal theory). At the same time, some judges have ruled that Facebook-style “privacy invasions” aren’t worth anything in dollar terms because no one has been harmed.
In this case, however, a judge would likely conclude that Facebook’s behavior (if the allegations are true) was egregious enough to find liability under at least one of the plaintiffs’ 11 claims. But if other tech related privacy suits are anything to go by, the case will settle long before a trial.
I’m on Facebook. Will I get some of that money?
Doubtful. While the class action aspires to cover everyone who was on Facebook from May 2010 to September 2011, a cash payout is unlikely. As noted above, judges have a hard time putting a dollar value on this type of privacy breach. When there has been a privacy settlement in other tech-related cases (like Google Buzz or Facebook Beacon), the money has been divided up between lawyers and non-profit groups that act as privacy activists.
What does Mark Zuckerberg have to do with all this?
The lawsuit paints the Facebook CEO as a creep who has a long history of using his hacking skills to steal people’s personal data. The complaint opens by reproducing this email exchange:
The lawsuit also lists a chronological history intended to show that Zuckerberg and his company have long displayed a systemic disregard for user privacy. This is, of course, just a legal tactic that doesn’t necessarily prove that Facebook is any better or worse than other tech companies on privacy issues. Facebook, which told Bloomberg the complaint is baseless, would likely add that this was an accident that shouldn’t detract from the fact it provides a popular free service to millions of people.
Are lawsuits the best way to solve the privacy problem?
Probably not. But since the government often has a hard time understanding (let alone regulating) the tech industry, the lawsuits can be an effective way of raising awareness and forcing companies to take care about how they handle consumer data.
Here’s the complaint itself: