Twitter faces lawsuit for reading and “altering” private messages

September 16, 2015

Twitter LogoOnline privacy is a big concern today, what with all of the financial data breaches and large-scale government surveillance.  In fact, one is almost always liable to find stories about data theft or electronic spying in a given day’s headlines.

Yesterday, for example, saw some pretty substantial coverage of a recently-filed lawsuit against Twitter, which alleged that the social media giant was “eavesdropping” on direct messages.  Specifically, Twitter is reported to “intercept[], read[], and, at times, even alter[]” direct messages sent by users.

Sounds pretty nefarious, no?

After reading through the full complaint, though, it isn’t nearly as bad as it sounds: Rather than there being some degenerate Twitter employee who peruses through everyone’s private conversations, it’s a Twitter algorithm that scans for and essentially “auto-corrects” any URLs contained in the direct message (DM).

By “auto-correct,” I mean that Twitter will replace a URL contained in a DM to its own “t.co” link forwarding service.  The link still points to the original destination, but the user clicking on the link is first directed to Twitter’s “t.co” server before then being redirected to the original intended destination.  According to the lawsuit, Twitter does this to get credit for referring visitors to various websites so that they would see Twitter as a more valuable source of online traffic.

Despite the lawsuit exaggerating the egregiousness of Twitter’s transgressions to a degree, the social media site could still face some legal problems from this action.  As the complaint notes, Electronic Communications Privacy Act (ECPA) prohibits any person from “intentionally intercept[ing]…any…electronic communication” and from “intentionally us[ing]… the contents of any electronic communication while knowing or having reason to know that the information was obtained through the interception of an electronic communication.”

Does it matter that this “intentional interception” was accomplished by automation, with no human intervention, and with no regard given to any content besides hyperlinks?  Well, it depends.  A 2013 federal ruling in the same district found that Google’s scanning of its Gmail users’ message content for keywords to be used for custom advertising wasn’t entitled to an ECPA exception that would have released Google from liability.

Under that exception,

any telephone or telegraph instrument, equipment or facility, or any component thereof…being used by a provider of wire or electronic communication service in the ordinary course of its business

isn’t a “device.”  Accordingly, the use of such an instrument is outside of the definition of “intercept.”  In the Gmail case, the court found that “the ordinary course of business exception” to be narrow, only offering shielding from liability “where an electronic communication service provider’s interception facilitates the transmission of the communication at issue or is incidental to the transmission of such communication.”

Since Google’s activity wasn’t an instrumental part of the sending of emails in its Gmail service, the “ordinary course of business” exception didn’t apply (though the action later failed to secure class action certification, which essentially doomed the case).

What about with Twitter?  Assuming that this court applies the same standard as was applied in the Gmail litigation, it’s difficult to say for sure.  Twitter isn’t scanning the actual content of the message, and a stronger case can be made that changing all of the hyperlinks present in any DMs is “instrumental” to the entire process.  At the same time, Twitter is also admittedly doing this for its own benefit – even though it is also for more accurate analytics reporting.  The controlling federal law here, the ECPA, was passed almost 30 years ago, making it woefully ill-equipped for governing these types of technological questions – not to mention how difficult its age makes it for courts to interpret and apply it with any semblance of uniformity.

To be sure, Twitter will be taking some kind of remedial action regardless of how this litigation is resolved.  But considering how integral to its business model its receiving referral credit is, the practice will likely continue, but with Twitter simply informing its users about it going forward.

In any case, don’t fret too much about any headlines warning you that Twitter is reading your private messages, unless you consider adding redirects into your hyperlinks “reading your private messages.”