Tech Law

Meta Lowers Legal Hammer on Law Enforcement Data Scraper

gavel in courtroom

Meta is taking to court a law enforcement intelligence company for gathering data about users of its Facebook and Instagram properties.

The lawsuit, filed in a federal court in California, alleges that Voyager Labs, an international scraping and surveillance service, improperly collected data from those properties through fake accounts, which is a violation of the terms and conditions for use of the platforms.

In a January 12 post at Meta’s Newsroom site, Director of Platform Enforcement and Litigation Jessica Romero explained that Voyager’s proprietary software uses fake accounts to scrape data accessible to a user logged onto Facebook.

She added that Voyager used a diverse system of computers and networks in different countries to hide its activity and foil Meta’s attempts to verify the fake accounts.

Romero wrote that Voyager did not compromise Facebook; instead, it used fake accounts to scrape publicly viewable information.

“Web scraping is legal — if you are scraping publicly available information,” observed Liz Miller, vice president and a principal analyst with Constellation Research, a technology research and advisory firm in Cupertino, Calif.

“In Meta’s case against Voyager Labs, the issue is the creation of fake Facebook accounts that were used for the purpose of data collection,” Miller told EmergTechNews.

Scraping Industry

Romero wrote that Meta is seeking a permanent injunction against Voyager to protect people against scraping-for-hire services.

“Companies like Voyager are part of an industry that provides scraping services to anyone regardless of the users they target and for what purpose, including as a way to profile people for criminal behavior,” she continued.

“This industry covertly collects information that people share with their community, family, and friends, without oversight or accountability, and in a way that may implicate people’s civil rights,” she noted.

“These services operate across many platforms and national boundaries and require a collective effort from platforms, policymakers, and civil society to deter the abuse of these capabilities,” she added.

Voyager was not immediately available for comment on this story. However, a spokesperson told The Guardian in the past: “As a company, we follow the laws of all the countries in which we do business. We also have confidence that those with whom we do business are law-abiding public and private organizations.”

Meta’s Business Considerations

While Meta emphasized its efforts to protect people, it also has business considerations that need protecting.

“Sadly, the problem from Meta’s point of view really isn’t about data scraping. It’s that Voyager didn’t pay Meta to do it,” argued Roger Grimes, a defense evangelist with KnowBe4, a security awareness training provider in Clearwater, Fla.

“If Voyager had paid, Meta would have been plenty happy,” Grimes told EmergTechNews.

Vincent Raynauld, an associate professor in the Department of Communication Studies at Emerson College in Boston, explained that data is at the center of the business model for social media companies.

“The data that users produce is reused by these platforms for advertising,” Raynauld told EmergTechNews. “It’s at the core of their business models.”

“With this lawsuit,” he continued, “they’re trying to protect their business model. They want to keep control of the data they have and prevent other companies from using the data.”

“When they see researchers or other companies scraping data, they see business opportunities go away,” he said.

“There is clear intent here by Meta to protect their assets,” Raynauld added. “It’s a shot across the bow of marketers and researchers.”

Common Practice, Common Problem

Scraping social media sites for data is a common practice.

“It is common to scrape publicly available and viewable data on social media sites from Facebook and Instagram to Twitter or LinkedIn,” Miller said.

“Advertisers and marketers commonly use it to track trends, target audiences, or build out audience profiles,” she continued. “If you have ever compared prices on a site so you can get a product at the best price, you’ve likely benefited from bot-based web scraping.”

Miller added that most social scraping is for rather benign uses, but exceptions exist, such as bots deployed for ad fraud, traffic scams, identity takeovers, and account hacking.

“Scraping is probably a lot worse than anyone realizes, including Meta,” Grimes said. “I’m sure hundreds if not thousands of data scraping operations are targeting social media sites every day.”

“It’s probably so bad,” he continued, “that Meta only has time to be worried about the biggest and most revenue-damaging instances.”

Minimizing Unethical Scraping

Combating shady data scraping is a huge problem, Grimes added. “It’s like phishing and password-guessing,” he said. “The vendors can’t hope to stop it. The best they can try to do is stop the easiest to recognize and most flagrant instances.”

Miller noted that most social media platforms have put roadblocks in place through their terms and conditions for use to curtail malicious scraping.

“But what some also want to curtail is non-malicious scraping to force organizations to only go through, for example, Meta, for some of the insights that social scraping can deliver,” she added.

Romero wrote that litigation is just one of the tools Meta uses to combat scraping. “We’ve also invested in technical teams and tools that monitor and detect suspicious activity and the use of unauthorized automation for scraping,” she explained.

“This focus on scraping is part of our ongoing work to protect people’s privacy,” she added. “In the coming months, we plan to discuss some of the other measures we’re using to proactively stop scraping.”

Legal Whack-A-Mole

Until those additional measures to counter malicious scraping are revealed, litigation may be the most effective means of putting a damper on the practice.

“Being sued is a big motivator not to do it,” Grimes observed. “Who wants to be sued by a tech giant? You can spend millions just getting to day one of a court hearing, even if you’ve done nothing wrong and are completely in the right.”

“That’s the nature of lawsuits, especially in the U.S., where the loser often doesn’t have to pay winner’s fees,” he added.

“Lawsuits are akin to getting a bigger mallet when playing whack-a-mole,” said Miller. “You might knock one out of the game, but another malicious mole will likely pop right back up.”

“But, in the absence of legislation or a ruling that scraping publicly available data is illegal,” she continued, “the goal is to wear them down with the cost of litigation.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Tech Law

How will consumers react to Apple's WWDC 2023 announcements?
Loading ... Loading ...

EmergTechNews Channels