Facebook filed a lawsuit last week against frequent spam-defendant Sanford Wallace (Via Wendy Davis).  Access a copy of the complaint [pdf] here. 

Facebook vigilantly protects the privacy and security of its users.  User privacy is a top priority for the company....Facebook leads the industry in giving people tools to control what information they share and which whom they share it.

130,000+ people may disagree about that.

Computer Fraud and Abuse Act?  I guess this is an obvious one that a social network will bring up any time they perceive someone as engaging in harmful activity on the network.  The Computer Fraud and Abuse Act claim is, of course, premised on use and access by defendants of the network without permission – i.e., contrary to the terms set forth in the terms of service.  Which terms of service?  Good question.  (I jest, but it’s something to keep in mind here.)  Ultimately, networks have been, and will continue to be, successful in using the Computer Fraud and Abuse Act as a tool to police the network. 

CAN-SPAM?  Probably the most interesting part of the lawsuit is whether the “Wall messages” fall under CAN-SPAM in the first place?  This issue came up before when MySpace sued Mr. Wallace in a previous lawsuit.  MySpace was able to convince a judge that “in-network” messages are subject to CAN-SPAM.  (Previous post here.)   Here’s the discussion from the MySpace court on this issue:

In opposition to Plaintiff's claims under the Act, Defendant first argues that messages sent from MySpace.com  member accounts do not qualify as "electronic mail messages" as defined in the Act, and therefore, Defendant cannot be liable under any of the Act's provisions. The Act defines an "electronic mail message" as "a message sent to a unique electronic mail address." Id. § 7702(6). An "electronic mail address" is "a destination, commonly expressed as a string of characters, consisting  of a unique user name or mailbox  (commonly referred to as the 'local part') and a reference to an Internet domain (commonly referred to as the 'domain part'), whether or not displayed, to which an electronic mail message can be sent or delivered." Id. § 7702(5). A "domain name" is "any alphanumeric designation which is registered with or assigned by any domain name registrar, domain name registry, or other domain name registration authority as part of an electronic address on the Internet." Id. § 7702(4).

Defendant argues that MySpace.com messages do not fall within the Act's definitions of "electronic mail message" and "electronic mail address" because the addresses to which those messages are sent lack a "domain name" and have no route, instead remaining within the MySpace.com  system. The Court rejects these contentions. The Court must assume that Congress expressed the legislative purpose of a statute through the ordinary meaning of the words used. . . . The plain language of the definition of "electronic mail address" entails nothing more specific than "a  destination . . . to which an electronic mail message can be sent," and the references to "local part" and "domain part" and all other descriptors set off in the statute by commas represent only one possible way in which a "destination" can be expressed. Indeed, the word "commonly" precedes the description of an address with a domain part and local part, indicating that this formulation is only one among many possible examples, rather than the exclusive way in which the Act recognizes the expression of an address. As Defendant himself points out, at the time the Act was passed in 2003, electronic messages could be sent in many ways, including through "instant messaging," and the Court must presume that Congress was well-aware of these various forms of electronic communications when it drafted the Act. The plain language of "electronic mail address" encompasses these alternate forms while also recognizing that the most commonly used form of electronic address was the traditional "email" address with a local part and domain part (i.e., "[email protected]"). This expansive interpretation of the Act supports the stated purpose of the Act, namely, curtailing the rapid and detrimental growth of commercial electronic mail that has overburdened electronic mail systems. 15 U.S.C. § 7701(a); see MySpace, Inc. v. The Globe.com, Inc., Case No. 06-3391, 2007 U.S. Dist. LEXIS 44143, 2007 WL 1514783, *4 (C.D. Cal. February 27, 2007) ("[T]he overarching intent of this legislation is to safeguard the convenience and efficiency of the electronic messaging system, and to curtail overburdening of the system's infrastructure."). To interpret the Act in the limited manner as advocated by Defendant would conflict with the express language of the Act and would undercut the purpose for which it was passed.

Tom O’Toole (BNA Tech Blog) describes the MySpace decision as follows [emphasis added]:

MySpace.com and two of its litigation counsel, Ian C. Ballon and Wendy M. Mantell, at Greenberg Traurig, appear to have found a winning recipe for keeping spammers off MySpace.com's social network: Start with a creative interpretation of federal and state anti-spam provisions, top off with an aggressive terms of service agreement that demands liquidated damages for violations.

Affiliate Issues?  One intriguing possibility raised by the SEO Backlinking blog here is that the defendants could have an affiliate relationship.  As the Impulse Media case and other affiliate cases demonstrate, it's not so easy to impose liability based on the conduct of an affiliate [link].  It's tough to say one way or the other here, because this is a complaint and because the complaint is fairly silent on the relationship between the various defendants.

****

Ultimately, Facebook is just suing to keep defendants “off the network”.  It will probably obtain an injunction, along with a judgment which it will never collect. Time will tell.

NB:  Gary Warner (at the CyberCrime and Doing time blog) posts a piece of data linked from the Inside Facebook blog about various domains registered to one of the defendants.