Facebook finally wins $3 million payout in Power Ventures spam lawsuit

Filed Under: Facebook, Featured, Law & order, Spam

Fireworks and Facebook logo courtesy of Shutterstock and PromesaArtStudioAfter a five-year on-and-off court battle, Facebook has won $3 million in damages from social networking integration firm Power Ventures, and its CEO Steve Vachani.

Power Ventures lured Facebook users into handing over access to their contact lists, then spammed everyone they knew with emails urging them to join their site, the now-defunct power.com, which aimed to merge content from users' various social networks in one central system.

The mails they spammed out to over 60,000 targets had spoofed header details so they appeared to come from facebookmail.com, and claimed to come from "The Facebook Team", in clear violation of openness requirements in the US CAN-SPAM act.

The case was initially brought in December of 2008, and has dragged on for some time. Some additional charges including copyright infringement claims brought by Facebook were dismissed in early 2011, but the spammers were found to have violated both the CAN-SPAM act and part of California's Computer Fraud and Abuse Act (CFAA) at another stage of the case in February 2012.

Later the same year Vachani tried to dodge a fine by filing for bankruptcy, which put the case on hold. This claim fell through earlier this year; the case came live again and has finally been put to rest with Facebook the victor to the tune of $50 per spammed email.

The cash will be unlikely to make a significant difference to Facebook's coffers, but the CFAA violation makes an interesting precedent. The defence lawyers argued that the California statute covers accessing computers without the proper authorization and causing "damage or loss", terms which are defined specifically for the context. They claimed the defendant's actions hadn't caused damage or any significant loss.

Another section of the act, however, includes prohibition of merely obtaining information, with no requirement that the information is of value. Although lawyers will doubtless go on arguing the point, this could perhaps be used to cover just about any hacking case, as "obtaining information" could include simply catching sight of something you shouldn't have access to, let alone copying or downloading any "tangible" data.

Of course, this is only a California law, but as so many internet firms are based or do business there the local laws have some serious weight. Full details of the case can be found in the court documents covering all the proceedings.

The case highlights the problem of the huge amounts of data that social networking sites hold on their members and the complexity of who can do what with that information. Facebook itself is frequently criticised for iffy privacy rules and making inappropriate use of user data.

A study released a few weeks ago found that social networks are rife with spamming and general nastiness, with Facebook one of the most badly hit.

The report from social media brand protection firm Nexgate claims that 5% of all social media apps are "spammy", that Facebook and YouTube see 100 times as much spam as other social systems, and that Facebook is hit by 4 times the number of phishing attacks seen elsewhere.

Overall, 1 in every 200 messages sent over social networks contains spam, and, of those, 15% contain URLs linking to other spammy content, porn or malware, according to the study.

With all this spamming going on, there's clearly a burden of effort on everyone involved to minimise the harm it does.

Users need to make sure they're cautious with their accounts, not deliberately granting access to their details and contact lists to third-party firms like Power Ventures.

They also need to be wary of the messages being spammed out, ignoring too-good-to-be-true offers and avoiding handing over the cash or personal details that makes spamming worthwhile.

Social networking firms need to ensure their rules are well-designed and firmly policed, covering their own use of information as well as how other firms may try to abuse it. They also need to make sure devious apps and scams can't trick users into granting access to their information unintentionally.

Facebook has done well here, in showing that people can't go around taking advantage of its members. It will need to go a good way further to prove to its users that it itself can be trusted though.


Image of fireworks courtesy of Shutterstock.com. Facebook logo courtesy of PromesaArtStudio / Shutterstock.com

, , , ,

You might like

4 Responses to Facebook finally wins $3 million payout in Power Ventures spam lawsuit

  1. Jim · 356 days ago

    "The cash will be unlikely to strain Facebook's coffers much".. Why would it potentially strain them, if they are the victor? :

    • Paul Ducklin · 355 days ago

      Thanks for pointing that out.

      I presume John meant "strain" as in "stretch to bursting point." But I reworded it to avoid the ambiguity, since "financial strain" usually implies you are running low, not brimming with bucks :-)

  2. Joe · 355 days ago

    "Facebook...will need to go a good way further to prove to its users that it itself can be trusted though."

    That's easy...make everything opt-in. But they will never do that...which means they can never be trusted.

  3. Jona · 355 days ago

    Do not trust facebook or linkedIn also. And don't be a twit.

    Just do not trust any social media site such as these.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.