Facebook(s fb) is facing a new class action lawsuit that accuses the social network of violating state and federal privacy laws by scanning the content of users’ private messages in order to obtain advertising data.
In a complaint filed Monday in San Francisco, two men claim the company is surreptitiously scanning messages in order to detect websites that Facebook users send to one another in private. The purpose of the scanning is allegedly to increase the number of “Likes” to those websites, and in turn make Facebook more popular with advertisers.
The lawsuit cites recent research by a Swiss security firm that disclosed that the number of “Likes” on a web page goes up whenever a Facebook users send the page as a private link — proof, in other words, that Facebook has not been truthful in stating that such messages are only viewed by the sender and recipient. The company rejects the claims.
“We believe the allegations are without merit and we will defend ourselves vigorously,” said a Facebook spokesperson by email.
The complaint itself accuses Facebook of “reading” the messages in order to supply information to big data brokers, which in turn might use the information to discriminate against consumers by, for instance, refusing credit to people who have visited certain websites.
The facts are likely less sensational. While the security research, first reported in the Wall Street Journal, suggests that Facebook is indeed scanning messages to in order to slap new “Likes” on webpages, the process doesn’t amount to what most people think of as “reading.”
Instead, the process is similar to Google’s(s goog) automated practice of scanning Gmail messages in order to serve relevant ads — a practice that a federal judge appeared to consider a violation of the Wiretap Act (Google is appealing). Yahoo(s yhoo) was also hit with a similar lawsuit last year.
The Facebook case is based on the same law, and amounts to the same accusation: that the company violated the Electronic Communications Privacy Act (a sub-section of the Wiretap Act) by tapping into private messages without permission.
While the allegations suggest Facebook has not been forthcoming, and should perhaps be sanctioned, it’s unclear how well the class action — which seeks $100 per day for each of Facebook’s 166 million US users who sent a webpage by private message — will advance privacy interests.
Prior cases that are similar have resulted in multi-million-dollar settlements that are carved up by class action lawyers and activist groups. Typically, users receive no money at all and the privacy and permission process by which big companies harvest user data remains as opaque as ever.
Here’s a copy of the complaint via CNET’s Jennifer Van Grove. I’ve underlined some of the relevant bits.