The plaintiffs have alleged through the lawsuit that Facebook routinely scans private messages. While the company does that to scan for URLs for malware protection and industry-standard searches for child pornography, the lawsuit claims that Facebook also uses this data for advertising and other purposes. Campbell and his team also alleged that Facebook also saves the scanned results in a database which is stored in searchable form. Campbell claims that Facebook is violating the Electronic Communications Privacy Act and the California Invasion of Privacy Act by doing so. The lawsuit was filed in 2013 however since the hearing was held recently, the same was certified by a US judge for class action suit. In the lawsuit, Campbell alleged that Facebook misrepresented the privacy of its messages. He said it scanned messages from one user to another in search of URLs to third-party sites, and used the information to drive up the number of Facebook “likes” on third-party pages. At a hearing in March, Campbell sought certification of a class of “all natural-person Facebook users located within the United States who have sent, or received from a Facebook user, private messages that included URLs in their content (and from which Facebook generated a URL attachment), from within two years before the filing of this action up through the date of the certification of the class.” Facebook has responded that the company scans private data in bulk and maintains this data in anonymized form. The social network has said that the data from the private messages is stored and retrieved in a way which is “more akin to The New York Times publishing a list of bestselling books…the anonymized and aggregated data is used to indicate the popularity of information.“ The plaintiffs have apparently gained access to Facebook’s source code and have claimed that the technical analysis performed contradicts Facebook’s response. Research done on behalf of plaintiffs shows that each URL sent in a private message is stored in a database which shows both the data, time, and the user IDs of the sender and the recipient. The analysis further provides information that a Facebook employee could search this database to identify anyone who sent or received a URL-added private message. While the social networking site is no longer using private messaging data to boost Like counts, the plaintiffs claimed Facebook hasn’t stopped collecting URLs from private message Facebook lawyers have called this analysis as “speculative” and have sought dismissal of the lawsuit.
