Supreme Court Says Facebook Text Alerts Aren't Illegal Robocalls (theverge.com) 108
The Supreme Court has unanimously decided that Facebook text message alerts don't violate laws against unwanted auto-dialed calls. The court ruled that a lower court defined illegal "robocalls" too broadly and that the term should only apply to systems that generate lists of numbers and call them indiscriminately, not a system that simply stores numbers and automatically calls them. From a report: The lawsuit involves text messages that notify Facebook users of an attempted login. Its plaintiff, Noah Duguid, sued after receiving unwanted, erroneous notifications despite not having a Facebook account. Duguid argued that Facebook was violating the 1991 Telephone Consumer Protection Act (TCPA). An appeals court agreed, but the Supreme Court interpreted the law's definitions differently. Closely parsing the TCPA's grammar, the court concluded that an illegal auto-dialing system "must use a random or sequential number generator," and this definition "excludes equipment like Facebook's login notification system, which does not use such technology."
WTF? (Score:5, Insightful)
Re:WTF? (Score:4, Interesting)
Pretty sure you have to give Facebook your number in order for it to send you login notifications.
Re: (Score:2, Troll)
Re: (Score:1)
We seriously need a bill of rights type amendment explicitly limiting rights you can contractually give up. There are some of those recognized by courts by not many. Corporations are artificial constructs legally created by the state, there is no reason we shouldn't limit them when
Re: (Score:2)
Re: (Score:2)
I have not given Facebook my phone number and can still use it, the very few login alert messages I got were in email. Don't know why that particular helpful advice was a problem, I got far more "you haven't logged in for awhile", or "Joebob posted an update!", which have dried up mostly in the last couple of years (or maybe I changed some settings).
Labelling an automatic notification the same as a robocall is a bit of a stretch. The person creating the suit sounds like an overly pedantic slashdotter to b
Re: (Score:2)
Sounds like he was fishing to be a test case and the center of a class action lawsuit, worth millions. When the settlement is done, the lawyers get millions. The first few lawsuit principles get tens of thousands or more in damages, and everyone else gets a coupon for a dollar off something advertised through facebook.
Re: (Score:2)
What should people get then? They weren't inconvenienced much for the random texts - even if you paid for each of them, at 25 cents each, it's going to take a lot to justify small claims ($40-
Re:WTF? (Score:5, Informative)
Pretty sure you have to give Facebook your number in order for it to send you login notifications.
Apparently this guy didn't have a Facebook account and got the texts anyway. I'm guessing the number was entered incorrectly or used previously by another person who had a FB account.
Re:WTF? (Score:4, Interesting)
Re: (Score:2)
in which case, Facebook should respect the "STOP" keyword, and stop sending them.
Ya. Historically I've avoided this as the general recommendation is to not respond as doing so confirms a valid number/delivery, but I've tried "STOP" with several seemingly above-board but unwanted texts (mostly political stuff) and have gotten good results not getting any more texts from that number, except for an immediate confirmation of the STOP request. Obviously, shadier outfits could simply start using a new number, but I guess that's the risk. Unwanted calls usually end up as voice mails that I re
Re: (Score:2)
In the UK some numbers are very expensive to text to so replying with a STOP could cost a couple of dollars. It shouldn't be allowed and it's as clear as mud which numbers cost a lot to text, I have no idea. Everything to do with what calls cost is a complete arcane mess in the UK IMO, some numbers are free but only if you call them with the right mobile company, some are local rate but again they'll be free if you have the right contract, some numbers are 'national rate', fuck knows what that'll cost from
Re: (Score:2)
My guess is the person who had the cellphone number before him registered it to their Facebook account. But didn't change it when they gave up the number.
The plaintiffs definition of what an autodialer was didn't make sense. His lawyers wanted every system that memorized numbers, and then called them when triggered to be classified as an autodialer.
With their definition, anyone who used their cell phone contact list to call someone, would be using an autodialer.
Re: (Score:2)
So no it wasn't a terrible decision. It was the only decision possible which allowed reasonable legitimate pract
Re: (Score:3)
No, this is not a good reasoning for their ruling. They way the SC worded it, as long as you have a list you can't violate the law, regardless of how you acquired that list.
Part of the law is that a company can contact you if you gave them your number - if they had ruled that a company who in good faith believes you gave it to them mistakenly contacts you that it doesn't violate the law it would have worked just as well. This would have kept 2FA workable, but not made every robocaller who buys a list of num
Re: (Score:2)
But phone number's aren't ID's. And if you give up or stop paying for a line, the number will eventually be given to someone else. Locking accounts to a phone number isn't great practice.
Re: (Score:2)
Phone numbers aren't IDs but you americans keep refusing a centralized ID system.
Re: (Score:1)
How long since your nation had a dictator, assuming it doesn't have one at the moment.
We have one ID system, social security, and it is forbidden by law from being used for anything else.
Re: (Score:2)
"Papers, please!"
Re: (Score:3)
Almost 40 years.
How long since your last mass shooting?
Re: (Score:1)
"The lawsuit involves text messages that notify Facebook users of an attempted login. Its plaintiff, Noah Duguid, sued after receiving unwanted, erroneous notifications despite not having a Facebook account. "
Re: (Score:1)
Yeah imagine that. Have someone enter "their" phone number incorrectly and it turns out to be yours, and then sue facebook for "robocalling".
Then you can slip on wet floor at the supermarket, from a bottle you carried in your pocket.
Sue disneyland for a bee sting while we're at it too.
Re: (Score:2)
OK. I gave them my phone number. But how do they send notifications to this [staticflickr.com]?
Re: (Score:2)
Re: (Score:2)
If it's a real landline, then all someone would have to do to steal the code is open up the demarc box - usually outside and unprotected - and plug a phone in instead of the house wiring. Once they are done, they can close up and leave no trace. SIM jacking is actually harder.
Re: (Score:2)
Once they are done, they can close up and leave no trace.
Which requires them to physically travel to the victim's neighborhood. And as far as leaving no trace: Wave at all the Ring doorbells as you drive by.
Re: (Score:2)
Nope. RTFA! Person texted did NOT have FB (Score:2)
every robocaller can use this loophole by simply mixing their list of numbers so that are not in sequence!
Supreme Court fails us again!
Re: (Score:2)
>"every robocaller can use this loophole by simply mixing their list of numbers so that are not in sequence!"
I don't think that is what was interpreted.
>" Supreme Court fails us again!"
Then change the laws/rules to be more precise.
Re: (Score:2)
They can just use this loophole by use lists of numbers that they buy or collect.
Re: (Score:2)
Re: (Score:2)
And if you had read the article, or the summary: the people complaing have no FB account.
Re: (Score:2)
That's a terrible interpretation... Lot's of robocallers use lists of numbers. To get rid of illegitimate calls you need to eliminate the ability to "buy" lists
Exactly. From my understanding, robocallers build lists after randomly calling numbers, and if/when someone answers the call the robocaller adds that number to their list as a valid active number.
The number should be required to have been given to you by the consumer, and the consumer should have to opt in to receiving those calls/texts...
His number could have been owned by another person who had a Facebook account and he obtained this disconnected/unused number when he set up new phone service.
Facebook and other service providers that ask for or, as is becoming more common, require a contact number need to have a way to remove numbers too.
Re: (Score:2)
Not true anymore. Turns out keeping a list doesn't work too well because people block or block unknown callers so you end up with a small list that only gets smaller over time.
Scammers and such don't even bother - they just have a list of numbers they go through. If they answer, they try to figure out if the person
Re: (Score:2)
Courts interpreted this properly. More laws are needed to prohibit other misuses and abuses. The purpose of the TCPA law that was ruled about is to prevent hammering dialers causing technical disruptions of phone systems and emergency numbers - Not to prohibit automated calling to known numbers; Not to stop annoyances; Not to stop telemarketers, etc. Again more FCC regulations may be necessary to mandate technical measures to prevent callers from spoofing or hiding Caller ID, and laws may be needed
Re: (Score:3)
Agreed. The ruling is a simple one, interpretation of the meaning of a single sentence in the definition. This isn't a ruling about constitutional powers or authority of government, merely interpreting the meaning of a single sentence.
47 U. S. C. 227(a)(1) [cornell.edu]: The term "automatic telephone dialing system" means equipment which has the capacity -- (A) to store and produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.
That's it. Everything else f
Re: (Score:2)
It's like Frobnicator said.
You can read it yourself if you (wrongly) don't trust Frobnicator:
https://www.supremecourt.gov/o... [supremecourt.gov]
It's kind of a fun read because it's mostly about grammar, and who doesn't enjoy a good grammar augument?
The big mystery to me is how did the lower court (9th circuit court of appeals) come to the decision in the way that seems to be opposite of the law as written and opposite to common sense. Alito's concurring judgement talks about that.
BTW, the 9th circuit is in what some people c
Re: (Score:2)
If legislators don't like it they can amend the law. The easiest would be to amend the single sentence with an item "(C)", or they could take a more comprehensive form to add an additional section.
Agreed, in principle, though I'd suggest a simple edit to (A), rather than introducing a (C)
47 U. S. C. 227(a)(1) [cornell.edu]: The term "automatic telephone dialing system" means equipment which has the capacity -- (A) to store and produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.
(A) to store existing telephone numbers, or produce telephone numbers to be called using a random or sequential number generator, and...
Either way this doesn't need to be a complex issue. This kind of thing is often slipped in as one of a hundred little items inside those 1000-page bills.
Again, agreed, in principle, though I'm generally not in favour of tacking unrelated items into other bills, as it makes voting (especially considering cross party support) for them much ... harder to justify, shall we say...
I seriously don't really see the problem with a specific b
Re: (Score:2)
For this case, it is Facebook sending you a message targeted meant for you in particular. Vs a list of numbers, where it isn't personal, but just to some person.
Re: (Score:2)
And at worst, they made a mistake on the number, or whether he was a member, which is also not a reason robocall lists were made, which was to handle computerized spam calls.
Re:WTF?: Even better... (Score:2)
Re: (Score:2)
Re: (Score:2)
That's a terrible interpretation...
There are various types of SCOTUS rulings, this one is the interpretation of the wording of an existing law. They aren't deciding on constitutionality, they aren't deciding on societal guidelines or morality or any hard-to-define element. This is just the wording of a law as it happens to exist today. The entire lawsuit was about the interpretation of a single sentence with three parts: 47 U. S. C. 227(a)(1) [cornell.edu].
If politicians want to change it they can simply include a few words to add it to the definition. T
Re: (Score:2)
Re: (Score:2)
It's not a terrible interpretation. It's an accurate interpretation of what the law says. It is, however, a terrible way for the law to define it. Blame congress for writing it that way, not the court for honestly following the law.
Okay ... (Score:2)
They'll just get one system to generate the numbers, and another system to call them -- thanks SCOTUS.
Re: (Score:2)
IANAL, but you might be able to argue that the two systems taken together make up a single system that violates the law. You could perhaps still get around it by buying a randomly generated list from a different company.
In any case, the law explicitly says: "'automatic telephone dialing system' means equipment which has the capacity—
(A)to store or produce telephone numbers to be called, using a random or sequential number generator; and
(B)to dial such numbers."
I don't see how one could stretch (A) to
Thoughts (Score:2)
2. This kind of crap prevents 2-factor authentication from catching on.
Re: (Score:3)
Re: (Score:2)
SMS two factor is ridiculously insecure - to the point of being practically useless for security. If you're going to do 2 factor, use an RSA authenticator app, or a fob....
That is exactly the opposite of what I have heard. Companies are dropping RSA because it's not as secure as SMS.
Re: (Score:2)
In what world is generating the code on a server and sending it to you over text message more secure than you simply having the algorithm locally generate the code?
Re: (Score:3)
SMS two factor is ridiculously insecure - to the point of being practically useless for security. If you're going to do 2 factor, use an RSA authenticator app, or a fob....
That is exactly the opposite of what I have heard.
Then whatever you heard is from a bad source.
Companies are dropping RSA because it's not as secure as SMS.
I have no idea if companies are dropping RSA authenticators or not, but if they are it is not because they are less secure than SMS.
To access accounts protected by 2FA someone has to steal my authenticator from me, at which point I know my account is compromised. If an account is protected by SMS, they do a SIM spoof and I won't know what happened until it is too late. My phone number is not a very hard secret, since I am listed, but knowing what device I have my
Re: (Score:2, Informative)
I have no idea if companies are dropping RSA authenticators or not, but if they are it is not because they are less secure than SMS.
I think companies are dropping RSA because the salespeople at Microsoft are convincing them their Azure MFA SMS solution is better than RSA. They may even be spreading misinformation that the Microsoft SMS solution is more secure than RSA. Of course, we now know about all of the breaches to Microsoft security infrastructure. [wikipedia.org]
I don't work in IT, but the Fortune 500 company I work for told everyone they are dropping RSA for Microsoft SMS 2-factor to improve security.
Re: (Score:2)
The Fortune 500 company I work for told everyone they are dropping RSA for Microsoft SMS 2-factor to improve security.
Massive security breach in a fortune 500 company in 3... 2... 1...
Re: (Score:2)
they do a SIM spoof and I won't know what happened until it is too late
It should be noted that this is not as trivial an undertaking as you imply here.
Re: (Score:2)
they do a SIM spoof and I won't know what happened until it is too late
It should be noted that this is not as trivial an undertaking as you imply here.
Where did I imply that it was trivial? Please enlighten us how your reading skills unearthed that.
Note that a SIM spoof either comes down to social engineering or having an accomplice within the telco. So compared to the act of theft/pickpocketing/robbery of a device protected by passcodes and/or biometric security (harder, requiring physical interaction with a victim) or attacking the infrastructure of the authentication system (much harder, technically) I would say that it is easier. It all boils down to
Re: (Score:2)
Where did I imply that it was trivial?
Here:
If an account is protected by SMS, they do a SIM spoof and I won't know what happened until it is too late
You're contrasting it with stealing an RSA token or phone w/ authenticator app. Your second phrase also implies a quick, easy and done operation.
(You also forget that you may be unaware of the stolen RSA token for a while)
Neither method is terribly effective if someone is specifically targeting you. But both methods are effective to prevent attacks from someone targeting anyone they can compromise.
If someone wants your account, they'll probably be able to get it through a variety of attacks. If some
Re: (Score:2)
Where did I imply that it was trivial?
Here:
If an account is protected by SMS, they do a SIM spoof and I won't know what happened until it is too late
That boils down to your reading comprehension. Nothing in that sentence claims it is trivial. That the sentence imply is trivial is your claim based on your interpretation. I have now explicitly said that I never claimed nor claim it is trivial, just that one is harder from other perspectives. One thing being harder does not make the other trivial. Is that clear or do I need to spell it out in simpler words for you?
You're contrasting it with stealing an RSA token or phone w/ authenticator app.
So, wasn't that the whole point of this discussion?
Your second phrase also implies a quick, easy and done operation.
Nope. See above. Or do you expect me to ex
Re: (Score:2)
Companies are dropping tokens/authenticator apps because of support costs.
A new phone or lost fob causes problems. Either you create a large hassle to properly identify the user, or you've got a very large hole in your security.
SMS is much more likely to follow the user to new devices, even with the user being an idiot.
Re: (Score:2)
SMS is much more likely to follow the user to new devices, even with the user being an idiot.
This makes sense.
Re: (Score:2)
Re: (Score:2)
How does that person get the new one?
How do you ensure that only that person gets the new one, including situations where they no longer have access to the old one?
Those add costs. Some employee has to be involved in authenticating the user and distributing the new seed.
Re: (Score:2)
Challenge-response should be necessary as well, except that this would require more smarts in an app rather than having to read off numbers in a text.
And that's why BookFace (Score:2)
will never get my phone number. Well that and I don't use it.
If they actually require one, I'd just get one of those throwaway SMS accounts....
Re: (Score:2)
Re: (Score:2)
Get a free Google Voice phone number and use that. Only check it when you're expecting the text.
dump FB (Score:2)
give them area code 867-5309 or area code 634-5789 (Score:2)
give them area code 867-5309 or area code 634-5789
Re: (Score:2)
So I can now make robocalls provided i... (Score:1)
This is the reason... (Score:2)
... I click past Facebook's suggestion that I give them my phone number.
I get all the phone spam I can handle now. I can hardly imagine how badly Facebook would abuse having my phone number.
Idiots (Score:3)
Unanimously wrong. Brilliant.
Sack the lot of them.
SCOTUS blueprint for legal robocalls (Score:2)
Closely parsing the TCPA's grammar, the court concluded that an illegal auto-dialing system "must use a random or sequential number generator," and this definition "excludes equipment like Facebook's login notification system, which does not use such technology."
Thanks, SCOTUS! So, as an aspiring robocaller, I just need to create two companies, one that generates random numbers and a second that buys/uses that list of numbers to make calls. Wonderful!
Hmm, on second thought, what if I use a broken PSRNG that doesn't pass tests of uniform randomness? It would be neither random nor sequential! Good thing the SCOTUS is encouraging innovation!
Re: (Score:1)
Even less random would be to use images from the Internet as source material for your non-random dialer. You got the numbers from animated GIFs.
Re: (Score:2)
I have a better argument (Score:2)
Text messages don't apply to TCPA because text messages are not phone calls or faxes.
Maybe we should all read the opinion (Score:2)
before calling for an armed revolt. This is not the end of the world. This does not announce open season for telemarketers. The decision does not affect unsolicited text messages, regardless of how they are sent, which are still prohibited by by the TCPA.
https://www.supremecourt.gov/o... [supremecourt.gov]
Sotomayor's opinion is only barely over 2 pages. I'm sure everyone here can handle reading that. In it she essentially says that congress was overly specific in their definition of "autodialer". The rest is additional
Woohoo (Score:2)
Re: (Score:3)
The vote was unanimous - regardless of political slant they all saw the case the same way . . .
Re: (Score:1)
See... crap like this is why we reserved the right to bear arms. Sure, this one thing might not be worth that, but all the anti-'the people' decisions that shift power to central authorities and state created entities like corporations may well be.
Re: (Score:1)
Really? Over this one decision which seems logical and not controversial? You have to voluntarily give your phone number to Facebook. The info you are getting in the text is a helpful notification about a possible security issue, it is not an advertisement, political push-poll, or other nonsense. The only problem is that it had a bug and notified the wrong person who got pissy about it. Does fit the common definition of a robocoll. No different than the local fire or police calling residents of a neigh
Re: (Score:2)
You: "Over this one decision"
In what way does a ruling that pretends robocalling with a list isn't robocalling 'logical and not controversial?' It doesn't matter what poster child case was used.
The exploitative sociopaths of this world will ALWAYS set it up so that selling out liberty appears to be the reasonable, logical, kind, thing to do and preserving it is callous and unkind. They will always wait for the perfect edge case where the price of freedom are
Re: (Score:3)
There was no "poster child case" involved in this decision, it isn't an edge case, and the Court didn't have to pretend anything. If you put as much effort into looking at the text of the law as you did into getting yourself frothed up over "exploitative sociopaths", you'd understand that the Supreme Court got this one right. From 47 US Code Section 227:
(a)Definitions
As used in this section—
(1)The term “automatic telephone dialing system” means equipment which has the capacity—
(A
Re:This Surpeme Court sucks ass. (Score:4, Informative)
You have to voluntarily give your phone number to Facebook.
Instead of trying to score internet points and falling on your face, why not at least read the summary before posting?
Re: (Score:1)
Alright, so the issue is that someone else provided a wrong phone number when they signed up for a Facebook account. Possibly such a person is also likely to make a lot of wrong attempts when logging in, prompting a warning message being sent to the registered phone number.
How is a random person's stupidity Facebook's legal responsibility?
Re: (Score:1)
I am not sure how this is anti-"the people"
You are not required to give that info to Facebook, or to use Facebook at all. They are not sending you advertisements but useful information.
Facebook seems to create that feature to help more people than it would harm.
Now the court didn't say this is a good thing, or they liked that Facebook is doing this. But it didn't fall under the definition of the illegal robocalls.
Lets say we get into a car accident, and you sue me under charges of theft. Where there is n
Re: (Score:3)
"I am not sure how this is anti-"the people""
Companies calling from lists being ruled as not counting as illegal robocalls is anti-'the people' I could give a rats ass about specifics of the cherry picked case they selected to sell the court on the idea... this massive loophole opens the floodgates for anti-consumer behavior and robocalling. Moreover, i
Re:This Surpeme Court sucks ass. (Score:4, Insightful)
Jesus Christ you fucking people. What exactly is it that you think the Supreme Court is supposed to do? Protip: It's not to rule based on the way they think things _should_ be, or to make the "best decision for the people". It's to interpret the fucking law and its Constitutionality. Now - they may not always do that, but in this case it appears they did.
If you don't like it don't rant and rave about your guns, instead go bug your representatives to change the fucking law.
Re:This Surpeme Court sucks ass. (Score:4, Informative)
crap like this is why we reserved the right to bear arms.
I found a gun to be pretty useless at stopping unwanted text messages.
Re: (Score:3, Funny)
Re: (Score:1)
That and believe it or not, not all topics are political in nature. And the Most ardent Conservative actually have a lot in common with a left wing liberal than they really car to admit. I get the feeling that for this case the law was rather clear, or one side didn't really do enough work to argue their case.
Re: (Score:1)
Or the bribes from big corporations who wanted this decision were just too lucrative.
Re: (Score:3)
The opinion was delivered by Sotomayor, appointed by Obama.
Re: (Score:2)
The case had no mertis under the law, the courts did the right thing. The lower court decision however was baffling.
Re: (Score:2)
Wrong, the lower courts recognized the merits but the Supreme Court majority are corporate fascists, they need to be removed.
Re: (Score:2)
Fascism includes private ownership of business with heavy government control.
Unrestricted corporate favoritism, whatever else that may mean, is the opposite of it.
Re: (Score:2)
I said "corporate fascism" not fascism, the corporations have government under their control. Two different animals.
Re: (Score:2)
>"Wrong, the lower courts recognized the merits but the Supreme Court majority are corporate fascists, they need to be removed."
Nope. Nope on both.
They interpreted correctly the law/reg as it was written. If we don't like the law, it can be changed.
Re: (Score:2)
This law has a gaping hole in it. The appropriate people to fill that hole is Congress, not the Supreme Court.
Re: (Score:2)
Thanks for the interesting link! I guess everyone wants to ignore the Corporatocracy [wikipedia.org] elephant in the room.
There is also an interesting movie Branded (2012) [wikipedia.org] about excessive advertising. While it isn't a great movie by a long shot it shouldn't be a surprised that "critics" hated this Sci-Fi piece. Guess the foreshadowing hit a little too close to home.