Facebook has been accused of intercepting private messages of its users to provide data to marketers, according to a class-action lawsuit filed in a federal court in California.
The social networking company scanned plaintiffs' private messages containing URLs (uniform resource locators) and searched the website identified in the URL for "purposes including but not limited to data mining and user profiling," according to the complaint in the U.S. District Court for the Northern District of California.
[ For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]
The company does not engage in the practice to facilitate the transmission of users' communications via Facebook, but to enable it to mine user data and profit by sharing the data with third parties such as advertisers, marketers, and other data aggregators, the complaint said.
Facebook is said to have violated the Electronic Communications Privacy Act and California privacy laws by its intentional interception of electronic communications.
The complaint cites third-party research to back its claim that Facebook is intercepting and scanning the content of private messages. Swiss firm High-Tech Bridge, for example, reported in August it used a dedicated Web server and generated a secret URL for each of the 50 largest social networks, Web services and free email systems it was testing for their respect of user privacy.
HTB then used the private messaging function of each of the services, embedding a unique URL in each message, and monitored its dedicated Web server's logs for all incoming HTTP (Hypertext Transfer Protocol) requests, in order to see whether any of the services would "click" on the test URLs that had been transmitted via private message, the complaint said.
"Facebook was one of the Web Services that was caught scanning URLs despite such activity remaining undisclosed to the user," according to the complaint.
The lawsuit has been brought by Facebook users Matthew Campbell and Michael Hurley on behalf of all Facebook users in the U.S. who have sent or received private Facebook messages that included a URL in the content of the message.
On Nov. 15, 2010, Facebook announced a new, integrated email and messaging service for its users, that combined the functionality of email, chat, SMS, and in- service messaging. Facebook took special pains to tout the privacy features of its new private messaging service, stressing unprecedented user control and privacy, according to the complaint.
In its communications about the service, the social network is said to have made representations that "reflect the promise that only the sender and the recipient or recipients will be privy to the private message's content, to the exclusion of any other party, including Facebook."
The lawsuit asks for class-action status, an injunction against Facebook's practices and damages from the company to class members. It claims the greater of either $100 a day for each day of alleged violation or $10,000, for each user claimed to be affected, besides damages under California law.
"We believe the allegations are without merit and we will defend ourselves vigorously," Facebook said in an emailed statement.