9th Cir. Tosses $3M Award in Facebook Spam Case

     (CN) – A now-defunct social media aggregator didn’t break the law when it solicited Facebook login information from users, the Ninth Circuit ruled, but it did when it continued to after getting a cease-and-desist letter.
     The panel reversed in part a district court decision ordering aggregator Power.com to pay Facebook $3 million for alleged illegal use of Facebook’s servers and users’ login information. The panel also vacated the damages award and remanded the case.
     Facebook claimed in a 2009 lawsuit that Power.com solicited Facebook login information to display data on its own website. It then allegedly sent unsolicited messages from Facebook’s servers to users’ friends.
     The social media giant alleged Power Ventures and its CEO Steve Vachani violated the Computer Fraud and Abuse Act, or CFAA, as well as the Controlling the Assault of Non-Solicited Pornography and Marketing Act, otherwise known as CAN-SPAM.
     In 2012, U.S. District Judge James Ware found in favor of Facebook, and Judge Lucy Koh later refused to reconsider Ware’s findings that Power Ventures violated both laws.
     Koh ordered Power Ventures to pay $3 million in damages and also ordered an injunction against the company.
     After appealing the district court decision, attorneys for Power Ventures told a Ninth Circuit panel that the case is about ownership, not access.
     “Facebook doesn’t have any ownership of the data, so there’s no standing and no impairment whatsoever, and Facebook never offered that there is,” attorney Amy Anderson told the panel last December.
     On Tuesday, the Ninth Circuit reversed in part and affirmed the decision in part.
     Power Ventures did not violate the CAN-SPAM Act, the panel held, because the messages the company sent through Facebook’s servers “were not materially misleading.”
     “Power users consented to Power’s access to their Facebook data,” Judge Susan Graber wrote for the panel. “In clicking ‘Yes, I do!,’ users gave Power permission to share its promotion through event invitations.”
     The judge continued, “Power did not use false pretenses or fraudulent representations to obtain users’ consent.”
     However, the company did violate the CFAA when it continued to access Facebook’s computers after receiving a cease-and-desist letter, the panel found.
     “In clicking the ‘Yes, I do!’ button, Power users took action akin to allowing a friend to use a computer or to log on to an e-mail account. Because Power had at least arguable permission to access Facebook’s computers, it did not initially access Facebook’s computers ‘without authorization’ within the meaning of the CFAA,” Graber wrote. “But Facebook expressly rescinded that permission when Facebook issued its written cease and desist letter to Power.”
     The panel affirmed the part of the district court’s ruling involving the CFAA, but vacated both the injunction and damages award. The case was remanded to the Northern California district court.
     Judges Kim McLane Wardlaw and Mary Murguia rounded out the three-judge panel.

%d bloggers like this: