So Whose Data Is It?

An interim decision was issued this week in the Facebook v. Power case in the US federal court for the Northern District of California that disposed of some of the claims, but left others open because facts are still disputed. aggregates users’ social network updates, e-mail, instant messages and contact lists together in one place after authorization by the user. The dispute is whether Power violated Facebook’s terms of service by acting as an agent for the user when logging into FB, as the user and with the user’s permission, instead of using Facebook Connect. Reports indicate that FB had initially encouraged Power to use the publicly available Connect program as a means to resolve the dispute.

In the decision, Judge Ware denied FB’s motion to find Power criminally liable under the California computer crime statute (section 502), at least at this point.  This case is far from final, however,  and the ultimate question of whether Power violated the TOS is still open.

To determine whether there was criminal liability as alleged by FB, the Court had to first define the term “access without permission” for the purposes of section 502.  Judge Ware reasoned that “interpreting the statutory phrase “without permission” in a manner that imposes liability for a violation of a term of use or receipt of a cease and desist letter would create a constitutionally untenable situation in which criminal penalties could be meted out on the basis of violating vague or ambiguous terms of use.”  The Court found that the ultimate issue of whether Power engaged in activities that would constitute evading technical barriers is still a disputed question of fact; thus, summary judgment in favor of FB was not appropriate.  The decision suggests that knowingly evading technical barriers to help users access their own data may be construed as access without permission. Unfortunately, what constitutes  “evading technical barriers” is still undefined precisely.

Underlying the host of legal claims and counter-claims in this case, lurks the quintessential issue of whose data is it, and what rights do users have to access, move, manipulate their own data directly or via 3rd parties.  Conversely, what rights do publishers have to restrain access to UGC and the incremental value added by the networks they facilitate.  For lack of better legal mechanisms, this battle is being played out under the guise of copyright, DMCA, anti-trust, and criminal computer crime statutes – a sure way to get a bad result.

Applying first principles of user centricity, choice, and control (UC3), it would in my opinion seem the outcome in this particular case  should be that retrieving your own data about you and your social graph (in its complete form) should not run afoul of civil or criminal law, regardless of whether you do it directly or via an authorized 3rd party.  Ofcourse this is only my personal opinion and is not meant to be a comprehensive policy statement because there are many exceptions, edge cases, and other interests that would have to be reflected.  Would this mean you have rights to hack into a system to get your data, absolutely not. Would it mean that data hosts would offer reasonable and complete access – which many do – for authorized extraction of your data, yes.  Power thinks so clearly, and has articulated an Internet user bill of rights based on principles of data portability that calls for in part “The right to access, disseminate, transfer or aggregate their content on any platform, or to authorize third-parties to do so for them.

No doubt this case underscores the importance of  data freedoms enabled by “access” in the same way publishing source code helps to enable the FLOSS freedoms.  Marcia Hofmann of the EFF summarized it stating “If the measure seeks to control access to or use of data, then evasion of it is almost certainly criminal. But if the restriction merely seeks to impose owner preferences or terms of service on otherwise authorized users, bypassing it should not be a crime.”

None of this is settled right now ofcourse, but releasing the data unlocks even more utility from your network and makes possible innovative services that we can’t even imagine.  This suggests that there will be even more pressure, reason, and value from access and use of your own network data in multiple environments and applications.

It will be interesting to see how this develops, but Judge Ware’s decision so far is a positive step.

Related Links:

17 Responses to So Whose Data Is It?

  1. Pingback: Revolutionary New Data Recovery Tool Package | Internet News

  2. Matic says:

    So this Power site wants to use data that is hosted by large social networks and use it on their own site to provide an experience to their users without paying the social networks anything. Facebook has to host the data, provide access to it, keep redundant copies, provide high availability and integrity and pay for bandwidth when delivering the data to it’s users. Power should pay the social networking sites for the data they use, after all Power probably makes money aggregating the data, otherwise they wouldn’t be doing it. If Facebook TOS says 3rd party cannot provide access to the data hosted by FB, it’s illegal for Power to do so.

  3. Pingback: Latest Data Recovery, Data, Tech, Technology, Computer Auctions | Internet News

  4. Johnny says:

    It’s not Facebook’s data, it’s the user’s data. FB also objects to people using a tool to comprehensively and easily remove their account (check out the cease and desists letter they sent ). As a user you should have the right to delete or retrieve your data any way you see fit. You always use tools for accessing FB, your computer, a browser, etc… What’s the difference that this tool is another service?

  5. Matic says:

    I agree with your principles of freedom, but we live in a monetary system where money is at the center of everything. Everyone must do what he must to survive in this system. I don’t like it either, but that is the way it is (for now).

    You’re saying the user has the right to walk into a datacenter, hook up his USB key to a server and download his posts, comments and files. There are many things wrong with that.

    If you put some valuables into a safe at a bank, for them to keep, the only way you can access those valuables is to follow the exact procedure the bank set up for retrieval. The valuables are yours, but the bank is their guardian. When you put the valuables into the safe, you agreed to those procedures. You agreed that you will access the valuables through their procedure, because failing to do that might put your valuables (and those of others) in danger.

    When you upload your files to Facebook and post content on it, you agree to access those files and content through the Facebook Interface, as that is the procedure Facebook has set up for retrieval. This way you can be sure the data has not been modified or misused in any way by a 3rd party.

  6. Pingback: Offline Data Recovery Solutions | Internet News

  7. Jack says:


    “I agree with your principles of freedom, but we live in a monetary system where money is at the center of everything.”

    No, we live in the world we choose! Facebook is trying to define it, if we don’t agree we should oppose it!

    Contracts can’t have terms that violate others laws. That’s why there are consumers laws in EU. Put simply, just because Facebook defines that something is illegal that doesn’t mean that’s legal or that the users has no others rights.

    “This way you can be sure the data has not been modified or misused in any way by a 3rd party.”

    And here you’re again wrong. You’ve have said that Facebook has the right to define the rules, as such and according to their terms of service, they can do anything to your/their data. That means that your data is far from safe. It’ll be misused or modified by any third party as long that satisfies Facebook’s monetary objectives.

    Aren’t you glad that you defended that right for Facebook!

    If you put any information in Facebook they own you! You’re their slaves!

    And you’re clearly analyzing this problem badly: gives power to the user, Facebook on the other hand removes power from the user, the user can’t even make use of their own data. How then can their data be safe?

    How can an individual defend such a despicable company as Facebook is beyond me…

    Sad little world where accountability and responsibility are worthless…

  8. Johnny says:

    “You’re saying the user has the right to walk into a datacenter, hook up his USB key to a server and download his posts, comments and files.”

    I don’t know where I said that.

    The rest of your arguments don’t fly, because these services are using the interface Facebook set up to access the data, and they are doing that as instructed by you providing you a level of automation as a service. In fact no one is talking about accessing the data in other was than through the interface supplied by Facebook.

    The fact is Facebook is being anal, trying to prevent users from easily deleting their accounts or using other services to aggregate their data. All the rest are just excuses and smoke screens motivated by the urge to monetize their user’s personal data.

  9. Pingback: Data Entry Home Business | Internet News

  10. Matic says:

    The fact that Facebook can misuse the data is a problem, but that applies to everything you store/post to online services. Without Power between you and Facebook the chance of that decreases. I agree with you that Facebook should limit itself to what they are doing to your data. I believe the data I post to Facebook should stay there, not be sold to and analyzed by a 3rd party. The fact that Facebook doesn’t let you delete your account and all the data you posted is a bad decision on their part. You should be able to delete your account and everything you posted.

    @Johhny you said “As a user you should have the right to delete or retrieve your data any way you see fit.” That would include walking into a datacenter if you see it fit.

    I’m not explicitly defending Facebook, the company has done many bad things with user’s data. It’s used as an example of a website where you post data. What I am defending is the right of website administrators to limit access to the data they host the way they feel fit.

    I’ve just looked up Facebook API and I see they easily enable 3rd parties access to all sort of information, even more if you log in. I didn’t know this. I’ve also read their terms of service and it doesn’t limit 3rd parties from running ads along with data fetched from Facebook API, except for Facebook Applications. Therefore, Power can aggregate user data from Facebook and provide the functionality that Facebook API exposes. If Facebook’s interface is lacking and causing people to use 3rd party services to delete their account and data, it’s Facebook’s fault. They haven’t communicated their intentions right. Their API is very liberal and a cause of concern to me.

  11. Pingback: Ntfs Data Recovery Tool To Recover Ntfs Partition | Internet News

  12. Pingback: Different methods of data recovery | Internet News

  13. Pingback: – Data Recovery Software–Deleted or Lost Files | Internet News

  14. Pingback: Latest Data Recovery, Data, Tech, Technology, Computer Auctions | Internet News

  15. alamin says:

    Where did you got this much info on your blog from?? Also can i take the
    initiave to take the feeds from your blog for my yoga website?? But cant
    find the RSS feeds link here!!

  16. Audel says:

    9se7WS Home run! Great slugging with that answer!