Skip to main content

Facebook sued for reading users' private inboxes

New Year may be the time for new starts, but old habits (like suing big tech companies for all they're worth) die hard.

Facebook is the latest firm to face a class action lawsuit after being accused of violating state and federal privacy laws by reading the private messages of its users.

The social network’s New Year celebrations were dampened after two men filed a complaint on the 31 December in San Francisco. The claim accuses Facebook of covertly scanning users’ private message inboxes for any links to external websites. By doing so, Facebook allegedly increases traffic to those sites through ads and thus ingratiates itself with advertisers.

Not only that, the filing accuses Mark Zuckerberg’s sprawling social media empire of supplying information it finds in users' confidential correspondence to big data brokers. This information may then be used to discriminate against the user in question, for instance by refusing credit to people who have visited certain websites.

But where’s the proof, you cry? According to gigaOM, it lies with the Swiss. The lawsuit reportedly cites recent research by a Switzerland-based security company that revealed the number of “Likes” a web page receives is bumped up every time users send the page as a private link.

In other words, Facebook has been accused of being not entirely truthful when it says messages sent via private inbox are only viewed by the sender and recipient. The company vehemently denies the suppositions of the indictment.

“We believe the allegations are without merit and we will defend ourselves vigorously,” a Facebook spokesperson asserted.

The allegations do seem rather dystopian. The likelihood that a hard-nosed Facebook employee scans every one of its 1.11 billion users’ inboxes with a giant magnifying glass is pretty slim. Instead, the Swiss security researchers suggest that Facebook is not reading messages so much as remotely scanning them.

Such a practice can have, as security expert Graham Cluley said in a blog post, positive ramifications.

"I don't see anything necessarily wrong in principle with online services automatically scanning messages between individuals, and examining the links that they are sharing," he says. "Indeed, if Facebook's security team didn't have such systems in place I would believe them to be disturbingly lax in their duty of care for users. After all, if you didn't properly scan and check links there's a very real risk that spam, scams, phishing attacks, and malicious URLs designed to infect recipients' computers with malware could run rife."

Facebook is not the only web-based tech company to engage in such practices. Both Yahoo and Google faced similar lawsuits for scanning emails in order to target relevant ads at their users. All three of these companies have been prosecuted under the same allegation that they violated the Electronic Communications Privacy Act by tapping into confidential messages without permission.

Last month, a research paper published findings revealing that Facebook also gathers information about the text you delete in messages, so the latest allegation is sure to point many security-minded fingers in the social media giant's, well, face.

Updated 16:00 on 03/01/13 after ITProPortal was approached with a quote from Graham Cluley.