Updated 12:52 pm ET, Monday, October 3
Another week, another legal headache for the world’s largest social network. Make that at least two legal headaches, to be exact: One regarding the name of Facebook’s new crown-jewel feature, “Timeline,” and the other more serious allegation about its tracking habits.
Facebook’s buzzed-about new profile design, “Timeline,” unveiled at the f8 developers conference on September 22, has come under fire from a Chicago company with the same name.
Timelines.com, which bills itself as “the first web site that enables people like you to collaboratively record, discover and share history,” filed a trademark infringement suit against Facebook on Thursday in the Chicago office of the U.S. District Court of Northern Illinois, requesting a temporary restraining order to prevent Facebook from rolling out its new feature.
One of the arguments Timelines.com makes in the filing is that it already caught Facebook redirecting internet traffic away from the Timelines.com Facebook page over to Facebook’s new feature. As the lawsuit spells out:
“Facebook understands that this has created confusion, because Timelines recently learned that Facebook is re-directing Internet users attempting to access Timelines’ Facebook page to Facebook’s new product offering which Facebook has confusingly named “Timeline.” Put another way, a user who tries to access Timelines’ Facebook page is, instead, redirected to Facebook’s “Timeline” offering.
But as PaidContent.org reports, as of Friday,”Facebook had stopped redirecting users away from Timelines’ own Facebook page.”
And in a win for the social networking giant, the judge in a preliminary hearing on Friday refused to grant Timelines.com its requested restraining order, noting that “Facebook has pledged not to broadly launch the feature before the parties appear in court again on Tuesday…The order means that Facebook’s timeline, which was widely expected to go live this weekend, is for now on hold until at least Tuesday when the parties will make more detailed arguments before another federal judge about whether an injunction should be imposed.”
However, Judge Edmond Chang also forced Facebook to begin making daily disclosures about how many developers have signed on to Facebook’s Timeline service: Right now, they are signing up in droves, between 200,000 and 300,000 a day for a whopping 1.1 million developers in total so far.
However, as PaidContent points out, it’s unclear how many of these are actual developers signing up to test their products with the new service and how many are just regular users logging into it under the developer profile to access the Timeline before it is officially publicly available via an easy work-around first discovered and detailed by TechCrunch.
It would be remiss of us not to note that Facebook has been something of a stickler when it comes to enforcing the constituent parts of its own name, going so far as to trademark “Face” as a company prefix. Facebook is also currently embroiled in another lawsuit in the Northern Illinois District Court against a small company called “Teachbook,” that aims to provide a social network specifically for educators.
But in that case, Facebook is the plaintiff alleging Teachbook’s name is too similar. Things seem to be going well for Facebook in that case: A judge on Thursday refused to grant Teachbook’s request to drop the lawsuit.
Name games aside, Facebook has another, more troubling legal claim against it to deal with this week as well (also originating from Illinois, oddly:) Perrin Aikens Davis, senior vice president of Chicago publishing company Agate, is the lead plaintiff in a complaint against Facebook filed in the U.S. District Court in Northern California on Friday that accuses the social network of “unauthorized interception of electronic communication.”
Specifically, the complaint alleges that Facebook is tracking users without permission across all websites, even after they log out of Facebook, using its cookies.
As the complaint notes, “On September 26, 2011…Facebook publicly admitted that it has installed cookies on users’ computers to track the internet activity of users even after they have logged off of Facebook. The admission came only after an Australian technology blogger exposed Facebook’s practice of monitoring members who have logged out, although he brought the problems to the Defedant’s attention a year ago.” (Emphasis original).
That blogger, Nik Cubrlovic, who has no part in the lawsuit, posted about the matter On September 25, writing “I reported this issue to Facebook in a detailed email and got the bounce around. I emailed somebody I knew at the company and forwarded the request to them. I never got a response. The entire process was so flaky and frustrating that I haven’t bothered sending them two XSS holes that I have also found in the past year. They really need to get their shit together on reporting privacy issues, I am sure they take security issues a lot more seriously.”
But then, once his post got the attention of the blogosphere, Facebook was much quicker on the jump, writing, among other things:
Facebook does not track users across the web. Instead, we use cookies on social plugins to personalize content (e.g. Show you what your friends liked), to help maintain and improve what we do (e.g. Measure click-through rate), or for safety and security (e.g. Keeping underage kids from trying to signup with a different age). No information we receive when you see a social plugins is used to target ads, we delete or anonymize this information within 90 days, and we never sell your information.
Still, the new anti-tracking lawsuit seems to have spooked Facebook enough to issue a terse response.
“We believe this complaint is without merit and we will fight it vigorously,” Andrew Noyes, Facebook’s lead journalist and spokesman, said in a statement to Bloomberg.
The preliminary hearing in that case is set for November 15.
Meanwhile, the legal matters aren’t stopping Facebook from introducing new digital advertising opportunities and web security partnerships. We’ve reached out to Facebook to see how it is handling the lawsuits and will update when we receive a response.
Late update: A Facebook spokesperson responds to TPM Idea Lab via email, writing:
There was no security or privacy breach–Facebook did not store or use any information it should not have. Like every site on the internet that personalizes content and tries to provide a secure experience for users, we place cookies on the computer of the user. Three of these cookies on some users’ computers inadvertently included unique identifiers when the user had logged out of Facebook. However, we did not store these identifiers for logged out users. Therefore, we could not have used this information for tracking or any other purpose. Even though we weren’t using this information, it’s important to us that we address even potential issues, and we appreciate the issue was brought to our attention. When Nik provided us with additional information that allowed is to identify these three cookies, we moved quickly to fix the cookies so that they won’t include unique information in the future when people log out. We value the security community and their willingness to provide feedback on issues that they identify. This is why we established our Whitehat program (http://www.facebook.com/whitehat) to provide a direct line of communication to this community. Since then, we’ve also established a Bug Bounty program that provides financial incentives and rewards for researchers to report potential security issues (http://www.facebook.com/notes/facebook-security/updates-to-the-bug-bounty-program/10150270651335766)
Meanwhile, the spokesperson also disputed claims that the Timeline lawsuit had affected the product’s planned public release date, saying that it will go forward as scheduled, but declined to provide an exact date.
