[LINK] And Facebook taketh away

[Kim Holburn]

http://arstechnica.com/business/news/2011/04/facebook-shoots-first-ignores-questions-later-account-lock-out-attack-works.ars

> Facebook shoots first, ignores questions later; account lock-out attack works (Update X)
> 
> By Ken Fisher | Last updated about 20 hours ago
>        
> Got enemies on Facebook? Facebook is so eager to protect copyright that the mere accusation of copyright infringement is enough to get an account locked. Ars found this out the hard way Thursday morning when our own Facebook page became inaccessible, with no warning, no explanation, and no clear appeal process.
> 
> To make matters worse, Facebook is not responsive to inquiries about account lockout, and the company provides absolutely zero useful direction on how to rectify a complaint.
> 
> We have removed or disabled access to the following content that you have posted on Facebook because we received a notice from a third party that the content infringes or otherwise violates their rights:
> 
> Fbpage: Ars Technica
> 
> We strongly encourage you to review the content you have posted to Facebook to make sure that you have not posted any other infringing content, as it is our policy to terminate the accounts of repeat infringers when appropriate.
> 
> If you believe that we have made a mistake in removing this content, then please visit http://www.facebook.com/help/?page=1108 for more information.
> 
> This is a rather useless notice. No details about the alleged infringement are given; all Facebook can do is muster a link to a generic help page which provides no additional clarification as to the real cause of the account lockout. At least the help page has a contact e-mail address, but we have received no response as of yet.
> 
> Prior to the account lockout, we had received no notices of infringement or warnings. Truly, we awoke to find that Facebook had summoned a judge, jury, and executioner and carried out its swift brand of McJustice all without bothering to let us know that there was even a problem.
> 
> Further investigation has revealed just how flawed Facebook's infringement reporting system is. To begin with, someone making a complaint can provide any third-party e-mail address they choose. So it is rather easy to spoof the origin of a complaint, while giving Facebook and the accused no chance for a direct rejoinder.
> 
> Everyone who uses Facebook is on some level a Facebook partner. A thoroughgoing social site, it is nothing without its users. That  Facebook would so harshly judge and move against its most valuable assets without any semblance of fairness or evenhandedness is disappointing.
> 
> We will update this story throughout the day as we work to find some resolution. As of now, no one at Facebook has bothered to respond to our inquiries.
> 
> (Jacqui Cheng is providing the updates to this story.)
> 
> Update 10:29am CDT: In our attempt to find more information about this phenomenon (since we are still waiting on any sort of response from Facebook), we have found that this problem has been snowballing for other sites as well over the last month or so. Neowin's Facebook page was removed several times for alleged infringement and it seems the only way to resolve the issue is to get the original complaintant to retract the claim. But what happens if that person did so maliciously, or put in bogus contact info? Too bad, because that mystery person can apparently file a fake claim and never check the Internet again, leaving you with no Facebook page.
> 
> And if you think it's just Neowin, you're wrong. Redmond Pie was also hit with this issue as recently as this morning. Additionally, sex blogger and rights activist Violet Blue has posted some particularly damning details about the process on ZDnet, pointing out that her own women's group was removed from Facebook last year after anti-porn crusaders filed faux infringement claims—the group even openly celebrated it on their own site. If it has been this easy to file a malicious claim and take down an entire brand's page, why hasn't Facebook done anything about it?

....

> ReadWriteWeb also recounts another horror story from a Facebook page administrator:
> 
> "In one case, with Hamard Dar's Rewriting Technology site, the page went down for over a month. Dar says he was targeted for money. 'He wanted me to pay him...to get the page back,' he told us. Dar didn't go for that option, however, because there was no guarantee the scammer would return the page once paid. Instead, Dar ran his own personal investigation until he discovered the person involved and threatened him to withdraw the complaint, saying he would report him to U.S. cyber crime enforcement (the scam artist lives in Chicago). The page was then returned."

http://www.readwriteweb.com/archives/anyone_can_take_down_facebook_pages_with_a_fake_email_address.php

> Anyone Can Take Down Facebook Pages with a Fake Email Address
> 
> By Sarah Perez / April 28, 2011 10:23 AM / 14 Comments
> 
> Something strange has been happening to several popular Facebook pages in recent weeks: they've disappeared. According to the affected page owners, they're victims of bogus DMCA claims. The DMCA, or Digital Millennium Copyright Act, is a piece of (arguably broken) legislation which allows copyright owners to protect their copyrighted works from infringement. Over the years, it's been used to remove content from Google's search index, from YouTube and Yahoo Video, and by entities like Major League Baseball, record labels, doctors who don't like bad reviews, software companies, and many, many others, in opposition to what most would claim is "fair use" of such content.
> 
> But while the DMCA has a long history of misuse, or perhaps, heavy-handed use, the law itself is not the main concern here with these Facebook pages' takedowns - it's Facebook's process for handling such complaints. Because the social network does not validate the identity of anyone submitting a DMCA takedown notice, nor does it check to see if the report was sent from a legitimate email address, anyone with an ax to grind can fill out a form with bogus information to see a Facebook Page disappear, sometimes for good.
> 
> Tech Blogs are Latest Victims
> 
> This has happened recently to several websites, including some which may be familiar to ReadWriteWeb readers: RedmondPie, Neowin and Ars Technica. We've come across others, too, like the Pakistan-based Rewriting Technology, for example, which proves that this is not just a U.S.-based problem. In many cases, the pages have been taken down multiple times.

......

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request