Meta is suing the London-based “scraping-for-hire” Voyager Labs for using surveillance software to automatically scrape information from 600,000 user profiles on Facebook and Instagram.
The lawsuit alleges the surveillance firm violated Facebook’s and Instagram’s terms and conditions and California Law. In this instance, information obtained through automated scraping included likes, comments, friends, and users’ photos. Voyager’s surveillance software also scraped information from Twitter, YouTube, Medium, Pinterest, Vimeo, Tumblr, LinkedIn, and Telegram.
The information Voyager scraped was sold to law enforcement agencies, including the LA Police Department, for profit. Marketing its surveillance software to law enforcement agencies for clandestine intel gathering, the company boasted that its data-scraping activities were untraceable.
However, in 2017, Meta gave Voyager a warning to cease and desist its scraping activities. These activities had been going on since it first became active on the Facebook platform back in 2016, according to the exhibits of the case released.
The surveillance software, which cost USD 705,000, created over 38,000 fake Facebook profiles for data scraping purposes. It also tracked COVID-19 victims and their connections.
AI-Backed Surveillance Software
Voyager designed its AI surveillance software to be untraceable. It then marketed it to law enforcement agencies and departments as an intel gatherer. The surveillance software blatantly disregarded users’ rights and indiscriminately profiled users for criminal behavior.
Voyager’s website states that the software is “designed to analyze massive amounts of data” and “to uncover social whereabouts and hidden connections between entities.”
Its marketing materials further state that “Voyager’s unique collection methods enable traceless collection from social media networks” and claim that the “collection process cannot be associated with clients servers by any third party or by the social network itself.”
Meta recently announced its fight against scraping-for-hire, explaining that a data scraper “covertly collects information that people share with their community, family, and friends, without oversight or accountability, and in a way that may implicate people’s civil rights.”
No Regard for Individual Privacy
In another transgression, Voyager Labs used COVID-19 tracing as a public-interest cover-up for its illegal data-scraping policies and surveillance activities. Its surveillance software targeted individuals, pubs, and religious organizations.
For instance, followers of Shincheonji’s Church in South Korea were tracked and monitored through the organization’s Facebook page. Through the scraping operation, the firm obtained information on infection rates and individual connections.
These activities were carried out with intent. As such, they violate both individual privacy and Facebook’s policies, not to mention the sovereignty of individual states whose citizens they monitor. Hyping up its software’s appeal, Voyager claimed it provided near real-time data that was “untraceable” and “completely anonymous”. It achieved this by employing multiple proxies from different vendors and locations.
The Voyager surveillance software case comes after Meta sued another scraping-for-hire company, Octopus, in July 2022. Similar to Voyager, Octopus used automated accounts to scrape data from the profiles of over 350,000 Instagram users.
However, despite Meta’s best efforts to put itself in a favorable light for protecting users’ rights, its own data-scraping activities are well-known. In 2018, reports on Meta (then Facebook) emerged, alleging it collected SMS and voice data from Android mobile devices.
The Ongoing Data Scraping Question
Whether or not data scraping is legal is a much-debated question. It largely depends on the context and, chiefly, on what purposes the data will serve later on. Social media sites typically discourage data scraping, because users who feel their data isn’t protected would be incentivized to leave the platform.
Voyager’s agents on Facebook and Instagram platforms used the data to aid law enforcement and COVID-19 tracking. As such, they might argue they used scraping for the general good.
Certain jurisdictions, like the EU and California state, enforce users’ rights and privacy with stricter regulations. Data scrapers consider any publicly available information as open-to-scraping, arguing that any private information shouldn’t be public in the first place.
In April 2022, in a case involving LinkedIn and a data-scraping company, hiQ, an appeals court ruled that data scraping of public information for presentation to corporate companies is perfectly legal. This ruling dealt a serious blow to the fight against data scraping. But the LinkedIn and hiQ case is different from this current lawsuit. In this case, hiQ hadn’t agreed to LinkedIn’s terms and conditions before scraping user information.
Protection Against Data Scraping
Data scraping is concerning for individuals and businesses. Cybercriminals who gain access to personal information online may later use it in phishing scams and other social engineering attacks. Using scraped personal information, they can contact victims, pretending to be officials from the government.
Many victims end up giving up more sensitive information via email or phone during such interactions. This is because people generally trust that anyone with access to such personal information must belong to the government. But, such information, culled from LinkedIn, Facebook, and Twitter databases is easily accessible on darknet forums.
That said, steps and protections are available for those who take their privacy seriously. Users should take care when posting online. They could also minimize the number of social media accounts that they use and adjust their privacy settings to protect their information from prying eyes. Facebook, Instagram, WhatsApp, and Twitter have all experienced multiple hacks recently. This should put those worried about their individual privacy on alert.
Since these platforms have added more privacy controls over the years, users should strive to put them to good use. Some measures that users can take to protect their privacy are requesting data, setting profiles to private, and refusing to upload any Personally Identifiable Information (PII) in a public way.
A Silver Lining for Public Surveillance Operations
Voyager Labs is a well-backed surveillance software firm that intentionally violated Facebook’s and Instagram’s terms and conditions. Covering up its data-scraping activities under noble causes, it tracked and monitored individuals using sophisticated AI analysis. It did this for purposes it couldn’t disclose to the public without incurring condemnation and ire.
But, despite repeated violations of digital privacy, many see a silver lining. With these incidents becoming public knowledge, the general public will be inspired to exercise care when online. Moreover, data regulation policies within the states are shifting. These policies are starting to align closely with those enshrined in General Data Protection Regulation (GDPR), providing victims with comprehensive and retributive legal recourses against illicit data scraping.