October 14, 2010
“Tracking user behavior without their consent or knowledge raises serious privacy concerns. When users log out of Facebook, they are under the expectation that Facebook is no longer monitoring their activities.”
— Reps. Edward Markey and Joe Barton
Letter to FTC Chairman
“We believe this complaint is without merit and we will fight it vigorously.”
— Andrew Noyes,
Since 1949, George Orwell’s “Big Brother” has been watching you. Today, the thing watching you may be right in your living room, office or briefcase. Already taking heat over their most recent site redesign, Facebook has now been sued, not over their site operation, but with a claim that the site violates federal wiretapping laws.
The law in question is the Wire and Electronic Communications Interception and Interception of Oral Communications Act. It traditionally applied to the interception of telephone communications but in recent years has been expanded to cover some data transmissions as well. Generally, in order to intercept these communications one must show that a crime is being or is about to be committed and obtain a valid court order to undertake the wiretap.
Two class action lawsuits have been filed in recent weeks — one in California and one in Missouri — claiming that Facebook is watching what its users do, not just when they’re on the site, but even after the users log off. The suits claim that this violates the wiretapping laws and that Facebook should be ordered to cease the activity and should be required to pay damages.
At issue are “cookies” — information about your browsing activity that is stored on your computer. Sometimes those cookies are helpful in that they remember login information or allow frequently visited web sites to load more quickly. Facebook has always used cookies, just as other websites do.
According to the magazine PC World, some of Facebook’s helpful cookies allow the site to determine if your account has suspicious login activity and to protect your login information if you’re using a public computer. On the flip side blogger and hacker Nik Cubrilovic revealed about a week ago that some of Facebook’s cookies could continue to track your activity on the web even after you had logged off of the site.
Partly because the site derives its income from advertisements and partly because Facebook has been very adept at gathering information to target advertising to individual users, the plaintiffs in the lawsuit concluded that the tracking was intentional. They weren’t the only ones. In a comment to Computerworld, analyst Dan Gabriel commented that he believed the cookies were likely, “a “feature” in their code that perhaps they weren’t using yet, but could use to generate revenue in the future.”
For its part, Facebook not only denies that the cookies were a wiretapping violation, they also acted on Cubrilovic’s post and issued a “fix” to remove the cookies. That wasn’t good enough for the plaintiffs who want a court order to prevent the cookies from returning and monetary damages for Facebook’s users.
This is not the first instance of the use of these kinds of cookies. Last year a Texas resident sued Google over a similar collection of data. Other companies, including SpecificMedia, Quantcast, Clearspring and Say Media have paid monetary settlements over similar claims.
The current suits have just been filed and the FTC has not decided whether to open an investigation or not but the story bears watching. While you’re watching it, who’ll be watching you?
David Hejmanowski is a magistrate and court administrate of the Delaware County Juvenile Court and a former assistant prosecuting attorney.