By Vanessa Blum, From The Recorder

SAN FRANCISCO — Another federal judge has put Silicon Valley on notice that scanning user communications without consent may run afoul of the federal Wiretap Act.

Ruling on Dec. 23, U.S. District Judge Phyllis Hamilton of the Northern District of California refused to dismiss a proposed privacy class action against Facebook Inc. over its screening of users’ private messages. Plaintiffs lawyers at Lieff Cabraser Heimann & Bernstein sued Facebook in 2013, claiming that the company illegally intercepted the content of private messages whenever users included a link to an outside website.

Hamilton wrote that determining whether Facebook violated federal and state privacy laws would require a factual inquiry into its handling of messages. The use of a so-called web crawler to scan the content of users’ messages could constitute an interception under the Wiretap Act, she wrote, considering that Facebook users did not give their express consent for such scanning.

Facebook’s lawyers at Gibson, Dunn & Crutcher have argued that any processing of messages carried out in conjunction with their delivery should not be considered an interception under the Wiretap Act, which carries statutory damages of up to $10,000 per violation. The social network analyzes messages to prevent hacking and detect spam, partner Joshua Jessen told Hamilton at a hearing in October. Additionally, such activity is shielded from liability under the Wiretap Act, Jessen argued, because it falls within Facebook’s “ordinary course of business” as an electronic communication service provider.

The exception has become a critical battleground in online privacy litigation and Hamilton’s order in Campbell v. Facebook, 13-5996, is the third from a Northern District judge to parse its meaning.

Hamilton said that without more specifics on the company’s practices she wasn’t willing to adopt Facebook’s broad interpretation of the “ordinary course of business” exception.

“The statute’s inclusion of the word ‘ordinary’ implies some limits on a company’s ability to self-define the scope of the exception,” she wrote. “An electronic communications service provider cannot simply adopt any revenue-generating practice and deem it ‘ordinary’ by its own subjective standard.”

Ruling in 2013, U.S. District Judge Lucy Koh found Google’s scanning of Gmail to help sell targeted ads wasn’t exempt activity. However, U.S. Magistrate Judge Paul Grewal dismissed a separate suit challenging Google’s collection of user data, finding the exemption bestows broad protection for the “customary and routine” business practices of electronic communication service providers.

Using her colleagues’ decisions as guideposts, Hamilton said there shouldn’t be a “generic, one-size-fits-all approach,” and judges should consider the details of particular businesses to determine whether the exception applies. She offered to reconsider the question with regard to Facebook’s scanning practices based on a more complete evidentiary record.

For now, her order allows illegal interception claims to proceed under the Wiretap Act and California’s analogous Invasion of Privacy Act (CIPA). Hamilton knocked out a separate CIPA claim as well as a claim under the state’s Unfair Competition Law.

IMAGE: U.S. District Chief Judge Phyllis Hamilton, Northern District of California

Jason Doiy / The Recorder

For more on this story go to: http://www.therecorder.com/id=1202713479284/Judge-Gives-GoAhead-to-Facebook-Privacy-Suit#ixzz3NLHIzTms