A company called Power Ventures, Inc. recently learned that it is not a good idea to upset the social media giant, Facebook. And Power's CEO, who lost his bid to be dismissed from the case, no doubt learned that lesson twice.
Power is incorporated in the Cayman Islands (editor’s note – this is typically a red flag in itself) but located in California. It solicits customers with a promise to integrate their social media accounts into a single experience.
Power got crosswise with Facebook when Power induced its customers to provide their Facebook login information, which allowed Power to “scrape” Facebook’s proprietary material. To make matters worse, Power obtained lists of their users’ Facebook friends and sent those folks unsolicited e-mail messages “from” “@facebookmail.com.”
Facebook sued Power and its CEO, Steve Vachani, in a California federal court, alleging that Power and Vachani violated the Computer Fraud and Abuse Act and the CAN -SPAM Act. Power and Vachani filed motions for summary judgment, which the court denied.
The CFAA prohibits a person from accessing another person’s computer and obtaining information. To sustain a CFAA claim, the victim has to show that damage or loss resulted from the unauthorized access. Power and Vachani argued Facebook was required to show that the scraped information had inherent “value.” They claimed Facebook failed to produce any evidence on this point. But the court disagreed. It found that the applicable section of the CFAA did not require the information to have “value.” And the court found that Facebook established it suffered a “loss” by virtue of its spending money to investigate and stop the activity.
The court also rejected the motions to dismiss the CAN -SPAM claims. That statute prohibits a person from sending a materially misleading commercial e-mail. Facebook argued that identifying the sender as “@facebookmail.com” met that standard since, you know, Facebook had nothing to do with the e-mail. Power and Vachani countered that the body of the e- mail clarified any confusion created by the sender line, and so the messages were not materially misleading.
The court was not sympathetic. It noted that the CAN -SPAM act considers an e-mail materially misleading if “the alteration or concealment of header information” would impair the ability of an Internet Service Provider (“ISP”) or the recipient of the email to “identify, locate, or respond to a person who initiated the electronic mail message.” Given the specific reference to "header information," the court had an easy time rejecting Power’s arguments.
The court also dismissed Power’s contention that Facebook lacked “standing” to bring the claim because it was not a recipient of the e-mails. Under CAN -SPAM, anyone “adversely affected” by a “pattern or practice” that violates the Act may bring suit. Facebook qualified.
The court rejected Vachani’s effort to escape liability because Vachani admitted that he controlled and directed Power’s Facebook related activities. Vachani’s active participation in the scheme meant he couldn’t rely on the law that protects corporate officers from liability for the acts of the corporation. Here it wasn’t Vachani’s title that got him into trouble – it was his active participation.
The lesson? Be careful about messing with Facebook. And don’t assume there’s no personal liability if you do.