Campbell et al v. Facebook Inc.
Filing
149
RESPONSE (re 138 MOTION to Certify Class ) Opposition to Plaintiffs Motion for Class Certification (Redacted) filed byFacebook Inc.. *** ATTACHMENTS 1, 7 LOCKED AT FILER'S REQUEST. SEE DOCUMENT 162 *** (Attachments: # 1 Declaration Declaration of Christopher Chorba In Support of Defendant Facebook, Inc.s Opposition to Plaintiffs Motion for Class Certification (Redacted), # 2 Declaration Declaration of Alex Himel In Support of Defendant Facebook, Inc.s Opposition to Plaintiffs Motion for Class Certification (Redacted), # 3 Declaration Declaration of Dan Fechete In Support of Defendant Facebook, Inc.s Opposition to Plaintiffs Motion for Class Certification (Redacted), # 4 Exhibit Expert Report of Dr. Benjamin Goldberg (Redacted), # 5 Exhibit Exhibit BBB to Expert Report of Dr. Benjamin Goldberg, # 6 Exhibit Exhibit CCC to Expert Report of Dr. Benjamin Goldberg, # 7 Exhibit Expert Report of Dr. Catherine Tucker (Redacted), # 8 Exhibit Exhibit DDD to Expert Report of Dr. Catherine Tucker, # 9 Exhibit Exhibit EEE - Expert Report of Dr. Catherine Tucker, # 10 Exhibit Exhibit FFF - Expert Report of Dr. Catherine Tucker, # 11 Exhibit Exhibit GGG - Expert Report of Dr. Catherine Tucker, # 12 Exhibit Exhibit HHH - Expert Report of Dr. Catherine Tucker, # 13 Exhibit Exhibit III - Expert Report of Dr. Catherine Tucker, # 14 Exhibit Exhibit JJJ - Expert Report of Dr. Catherine Tucker)(Chorba, Christopher) (Filed on 1/15/2016) Modified on 1/22/2016 (ewn, COURT STAFF). Modified on 1/22/2016 (vlkS, COURT STAFF).
UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF CALIFORNIA
MATTHEW CAMPBELL and MICHAEL
HURLEY, on behalf of themselves and all
others similarly situated,
Plaintiffs
Case No. C 13-05996 PJH
v.
Expert Report of Dr. Benjamin Goldberg
FACEBOOK, INC.,
Defendant
REDACTED VERSION OF DOCUMENT(S) SOUGHT TO BE SEALED
Table of Contents
I.
QUALIFICATIONS ........................................................................................................... 1
II.
SUBJECT MATTER OF OPINIONS ................................................................................ 2
III.
MATERIALS REVIEWED ................................................................................................ 2
IV.
SUMMARY OF OPINIONS .............................................................................................. 3
V.
TECHNOLOGY OVERVIEW ........................................................................................... 8
VI.
THE FACEBOOK SOCIAL NETWORKING SERVICE ............................................... 10
VII.
THE FACEBOOK SOFWARE/SOURCE CODE ........................................................... 16
A.
URL Previews
B.
VIII.
.............................................................................. 16
.......................................................................... 24
RESPONSE TO THE GOLBECK REPORT ................................................................... 26
A.
The Alleged “Interceptions” .................................................................................... 26
1.
......................... 27
2.
................................................................. 30
3.
............................................................................ 31
4.
Code-Based “Devices”.................................................................................... 31
B.
C.
Variability in the Alleged “Uses” of “Intercepted” Data ......................................... 37
D.
Continuing Conduct ................................................................................................. 41
E.
Lack of Ascertainability of Class Members............................................................. 41
F.
IX.
Variability in the Purported “Interceptions” ............................................................ 32
Variability in Operation of the Source Code Across Senders and Recipients ......... 44
COMPUTER STORAGE ................................................................................................. 44
A.
Computer Storage Technology ................................................................................ 44
B.
The Incorrect Distinction Between “Memory” and “Storage” ................................ 47
X.
ORDINARY COURSE OF BUSINESS........................................................................... 49
XI.
RESERVATION OF RIGHTS ......................................................................................... 51
I.
QUALIFICATIONS
1.
I am a tenured Associate Professor in the Department of Computer Science of the
Courant Institute of Mathematical Sciences, New York University (“NYU”), in New York, NY.
I have held this position since September 1994. From 1987 to 1994, I was an Assistant Professor
in the Department of Computer Science at NYU. Since September 2014, I have been the
Director of Graduate Studies for the MS programs in the Department of Computer Science,
having previously served in that role from September 2009 through August 2012. I served as the
Director of Undergraduate Studies for the Department of Computer Science from September
1995 through August 1998 and from September 2003 through August 2006. In addition, I have
held a one-year visiting professorship at the Institut National de Recherche en Informatique et en
Automatique (INRIA), a national laboratory in France, and was twice appointed to a month-long
position as an invited professor at the Ecole Normale Supérieure, a university in Paris.
2.
I received my Doctoral degree in Computer Science from Yale University, New
Haven, Connecticut in 1988, having previously received Master of Science and Master of
Philosophy degrees in Computer Science from Yale in 1984. My undergraduate degree from
Williams College in 1982 was a Bachelor of Arts degree with highest honors in Mathematical
Sciences.
3.
I have taught courses at the undergraduate and graduate level in, among other
things, software development, programming languages, object oriented programming, hardware
design, and operating systems (including networking). I have also published extensively in the
areas of memory management and distributed and parallel computing, which involves computers
connected by networks and data transmission between computers.
4.
I have testified numerous times as an expert in computer science at trial in U.S.
District Court, including in the U.S. District Court for the Northern District of California. I have
1
also provided two technology tutorials to the Court in the U.S. District Court for the Northern
District of California. Additional information concerning the computer science courses that I
have taught, my professional publications and presentations in the field of computer science, and
cases in which I have testified as an expert at trial or deposition in the past four years are set
forth in my current Curriculum Vitae, a copy of which is attached as Exhibit BBB.
II.
SUBJECT MATTER OF OPINIONS
5.
I have been retained by Gibson Dunn, counsel for Facebook, to form opinions
regarding the operation of the Facebook social networking service, to explain the meaning of
computing terminology related to this matter, and to respond to certain assertions made by Dr.
Jennifer Golbeck in her November 13, 2015 Report in Support of Plaintiff’s Motion for Class
Certification (“the Golbeck report”). (Dkt. No. 137-6.)
6.
I am being compensated at a rate of $450 per hour for my work in this matter.
My compensation is in no way conditioned on the nature of my opinions or on the outcome of
this matter.
III.
MATERIALS REVIEWED
7.
A complete list of the materials that I reviewed in forming my opinions set forth
in this report is attached hereto as Exhibit CCC. As detailed further below, I also reviewed
portions of Facebook’s source code from the period of September 2009 to December 2012,
which I understand to be the same source code to which Dr. Golbeck had access. Consequently,
unless otherwise specified, my opinions are limited to the operation of Facebook’s messaging
service during that period.
2
IV.
SUMMARY OF OPINIONS
8.
I disagree with Dr. Golbeck’s conclusions that Facebook’s implementation of
what I or any other skilled computer scientist would consider routine programming functions are
“interceptions” of message content using what she calls “code-based devices” (a term I have
never heard before). Dr. Golbeck concludes that
, is an “interception,” but she does not draw the
same conclusion about any of the other objects that are generated when a message is sent.
not unusual in object-oriented programming, and here,
9.
Dr. Golbeck also claims that
also constitute interceptions. However,
processes
performed by nearly all software systems to track error rates, resource usage or congestion, and
security concerns, among other things.
10.
Even if Dr. Golbeck’s characterization of these standard programming practices
as “interceptions” were credited, an individual, message-by-message inquiry would be required
to determine whether
3
11.
Similarly, to determine whether
Facebook’s “Insights” feature (an interface for website owners to view data about engagement
with their sites); aggregate, anonymous Plugin Counters (numbers that website owners can
display with Facebook’s social plugins that reflect the level of engagement with those sites);
aggregate, anonymous counters in the
Graph API (publicly available
counts that reflect the level of engagement with a given URL); and Recommendations and
Activity Feeds (which displayed a list of pages for a given website that the viewer may be
interested in seeing). However, determining whether
i.
The date the message was sent,
4
v.
12.
Dr. Golbeck cannot validly opine on the current operation of the messages
product since she, like I, could have examined, and at most did examine, only Facebook source
code operational until December 31, 2012 (per the agreement of the parties). Accordingly, while
her report expresses conclusions about the current operation of Facebook software, I do not
believe she has a factual basis for these conclusions since there is no way for her to have reliably
determined the behavior of Facebook’s software for any date after December 31, 2012. Her
attempt to interpret internal Facebook emails allegedly bearing on potential practices (most or all
of which appear to be written long before the beginning of the Class Period) does not form a
valid basis for these conclusions about the operation of the current source code (or source code
from any time period).
13.
Dr. Golbeck also provides “sample” code for a database query of her own design,
which she claims would yield a list of the Facebook IDs of everyone whose actions had
and she has stated that this would identify the members
of Plaintiffs’ proposed class. However, her proposed query is both under- and over-inclusive in
a number of ways (all of which I understand she has conceded). First, it will be under-inclusive
in that it will not identify:
iii.
Senders and recipients whose accounts were deleted;
5
Dr. Golbeck’s proposed query will also be over-inclusive in that it will include:
vii.
Senders whose messages did not contain URLs in their text;
viii.
ix.
Senders and recipients outside the United States;
x.
Senders of messages outside the Class Period; and
xi.
Senders that were not subject to the challenged “uses.”
Her proposed query also cannot identify senders:
14.
As discussed below in further detail,
15.
I disagree with Dr. Golbeck’s distinction between “memory” and “storage,” in
which she claims that, when a
1
6
, they are held in memory, not storage. I have never encountered such a
distinction in my decades of experience as a computer scientist. Computer systems use different
forms of electronic storage, including but not limited to CPU storage, CPU cache memories,
random access memory (or RAM), and disk or flash memory; indeed, memory in computing is a
form of storage. But even under Dr. Golbeck’s unique definition of storage (with which I do not
agree),
16.
Finally, I disagree with Dr. Golbeck’s conclusion that Facebook’s alleged
interception,
was not necessary for the messaging
functionality on Facebook. First, while I do not offer an opinion on illegality as a legal
conclusion, I note that Dr. Golbeck appears to use an incorrect inquiry for determining whether
any interception was performed in the ordinary course of Facebook’s business. Dr. Golbeck
assessed whether the alleged interception was “necessary.” However, I understand the Court has
instead stated that the relevant inquiry is whether there exists any nexus between the alleged
interception and Facebook’s ultimate business, which is to allow people to share information and
connect with other people in a safe, efficient online space. Since my review of the source code
and reliance on sworn testimony of Facebook’s engineers indicate that Facebook’s
both necessary and also have a clear nexus to Facebook’s messaging service and its ultimate
business.
7
V.
TECHNOLOGY OVERVIEW
17.
The technology at issue in this matter relates to the messaging feature of the
Facebook social networking platform. The specifics of the Facebook platform are described
below in a subsequent section of this report. This section provides a general overview of the
technology and defines various technical terms used throughout my report.
18.
Facebook, like most services found on the Internet, utilizes a client-server
architecture. In a client-server architecture, people on “client” devices, usually personal
computers and mobile devices such as smart phones and tablets, interact with a user interface
supported by software—generally referred to as “client software”—running on their client
devices. More demanding computations, storage of larger amounts of data, and communication
between different people are supported by server computers, which are larger, more powerful
computers with large amounts of storage capacity. The software that the server computers run,
generally referred to as “server software”, usually responds to requests from numerous client
devices, generates the data to be provided to the clients (often specifying the format of the
display of the data), interacts with database management systems to store and retrieve data, and,
in many cases, communicates with other server computers. The terms “client” and “server” are
used to refer either to the client and server software or to the client and server machines—or
both. In this report, unless stated otherwise, I will use “client” and “server” to refer to the
software and hardware together. For example, when I discuss a “Facebook server”, I am
speaking of Facebook server software running on a Facebook server computer.
19.
Clients and servers in many modern client-server systems use HTTP, the
Hypertext Transport Protocol defined by the World Wide Web consortium (see
http://www.w3.org/Consortium/) to communicate with each other, almost always over the
Internet. Services provided by servers to clients using the HTTP protocol are usually referred to
8
as “web-based” services. Clients request resources, such as documents (e.g. web pages, audio
files, and videos) and services (for shopping, travel, etc.), by issuing HTTP requests. An HTTP
request is directed to the proper server—and specifies the desired document or service on that
server—using a uniform resource locator (URL). Examples of URLs include
https://www.google.com/, http://www.ford.com/new-cars/, and
https://en.wikipedia.org/wiki/Webserver_directory_index.
20.
People on client devices can communicate with each other in numerous different
ways, such as via electronic mail (email), video chat, texting, and messaging. In each of these
media, the data being transmitted is generally sent from a client to a server, which then may
forward the data to another server, and so on, until the data is sent from a final server to the
receiving client (of course, in some instances, there may only be a single server involved). When
the data arrives at a server, it is stored on that server at least temporarily until it is forwarded to
the next server or to the receiving client. In many cases, a server only forwards the data to the
receiving client when the receiving client requests the data. For example, in many email and
messaging systems, the email or message data is stored in the recipient’s “inbox” on a server
until the email or messaging software on the client requests the data. The process of storing
transmitted data on a server and forwarding the data to the next server or to a client is known as
“store-and-forward”.
21.
In most email systems and some messaging systems, the text of a message that
someone has typed can be augmented by an “attachment.” An attachment is additional data that
is transported to the recipient along with the main text of the email or message, but is often not
visible within the display of the text of the email or message. Attachments are often in a
different format from the text of the email or message, such as when the text is in plain text or
9
HTML format and the attachment is a document in PDF format, an image, or an audio or video
file. In some cases, the attachment only becomes visible (or audible) when the sender or
recipient clicks or taps on an icon or link displayed along with the message. In other cases—as
in the Facebook messaging feature described below—the attachment may be displayed
automatically when the text of the message is displayed.
22.
In most web-based email and messaging systems, even when an email or message
is forwarded to the client for display to the sender or recipient, the email or message (along with
any attachment) remains in the “inbox” on the server. This way, emails or messages can be
accessed by the senders and recipients at a later time or from a different client device and does
not require a substantial amount of storage on the client devices. In such cases, the email or
messaging service is said to be “hosted” on the server(s) supporting the service, because the
server(s) provides the long-term storage for the emails and messages.
VI.
THE FACEBOOK SOCIAL NETWORKING SERVICE
23.
Facebook is a free social networking service. The main purpose of the service, as
stated in Facebook’s mission statement, is to give people the power to share and make the world
“more open and connected.” When people join the service, they create a profile by providing
Facebook with a variety of information such as Name, Age, Profile Picture, City, Education, and
Work experience. As an example, below is an image of my profile on Facebook.
10
24.
As individuals continue to use the service, they may post additional information
that they wish to share. Some of this information may be user-generated, such as photos, videos
or posts, and some of it may be information from other sources, such as web articles that
someone finds interesting. People who use Facebook can also define other people on Facebook
as “friends,” and they can control who else on and off Facebook can see what they post (such as
“friends,” “friends of friends,” the general public, and so on). These privacy settings can be
configured individually by each person who uses Facebook.
25.
In addition to posting and viewing information, people who use Facebook can
interact with each other and with information in many different ways, for example:
11
•
Pages: Companies or businesses can create pages on Facebook, which enables them to
communicate information to people who follow them.
•
Groups: People who use Facebook can create groups on Facebook around specific
interests or affiliations, which enables communication between members of the group,
whether they are Facebook friends or not.
•
Applications: Third-party developers can create applications that run on the Facebook
platform; many of the most popular applications are games that people play with their
friends on Facebook.
26.
People who use Facebook to share what they are interested in can also use social
plugins, which appear on third-party websites, to share these interests. Plugins like the “Share,”
“Like,” and “Send” buttons let people seamlessly tell friends what has caught their attention,
what is important to them, or what they enjoy, even when they are on third-party sites, so they
can engage and connect with others on those topics, and so that they can receive other
information tailored to their interests and preferences. This helps bring together what is
otherwise a sprawling, disjointed network of activity across the Internet and allows people who
use Facebook to have a richer, more meaningful connection to other people, ideas, and
information. When someone is logged in to Facebook, Facebook can display personalized
streams of information from her friends, such as life events, reviews, and comments, anywhere a
site has incorporated Facebook plugins. Even when people who use Facebook are not logged in
to Facebook, social plugins allow website owners to present information about aggregate
engagement with different kinds of information, which can help people identify information that
is popular and that they might find interesting. A list of the current Facebook social plugins can
be found at https://developers.facebook.com/docs/plugins.
12
27.
While most content on Facebook is a form of “one-to-many” communication,
Facebook also provides means for “one-to-one” or “one-to-few” communication. Initially, this
was performed through a function called “inbox” which behaved similarly to e-mail, enabling
people to send messages to other people directly. This changed over time, and ultimately
evolved into “Messages,” which is Facebook’s integrated communications platform. It enables
people who use Facebook to send messages directly to other people, or to groups of people. This
platform can currently be accessed through the Facebook website or through its standalone
messaging application (Messenger). In addition to sending text, people can send documents and
pictures, among other things. If the recipient of the message is currently browsing the Facebook
website, the message will appear onscreen and enable her to respond, which can lead to a
conversation with messages being sent and received in real time. If the recipient is not online,
the message will appear the next time the recipient accesses Facebook. This can lead to
asynchronous communication similar to e-mail, where messages are sent and received by the
client device at different times. Messages are stored on Facebook servers, which enables people
who use Facebook to conduct conversations seamlessly on multiple devices, for example, by
beginning a conversation on a PC, and continuing it on a smartphone. It also enables senders
and recipients to view messages they have sent or received in the past.
28.
For a message sent from the Facebook website that contains a URL,
For example, if a sender types a URL for a webpage into a draft message, Facebook
will sometimes generate a small preview of the webpage (referred to in this report as a “URL
preview”), including both an image and some text from the web page. This process is done
before a sender sends the message, giving the sender the option to remove the attachment if the
13
sender wishes. Below is an image of a messaging conversation that I had with my wife (though
this one was created for the purposes of this report). Two of the shown messages contain URL
previews, and one does not.
29.
As mentioned above, a URL preview is displayed and the corresponding URL
. However, if the sender deletes the URL preview by clicking on an
“x” in the corner of the displayed preview while the message is being composed,
. The URL preview display for a message being
drafted, along with the “x” to click on to remove the preview, is shown below.
14
30.
Similarly, if the sender decides to delete the text of the URL from the draft
message, the URL preview
remain (unless the sender deletes it). Below is a
message to my wife in which I originally typed a URL, but then deleted the URL. The URL
preview for that deleted URL remains,
. Shown on the left is how the message, after being sent, appears in my inbox and on the
right is the message as it appears in my wife’s inbox.
This example shows that the URL
gets sent with the message, even though the URL
is not in the message itself.
15
VII.
THE FACEBOOK SOFTWARE/SOURCE CODE
A.
URL Previews
31.
The Facebook source code that I examined in this matter, which was also
available to Dr. Golbeck and was cited in her report, included code from September 2009 to
December 2012 and was primarily written in two programming languages:
JavaScript, and
PHP. Both of these languages provide
support for what is known to programmers as “object-oriented programming.” Although a
detailed discussion of object-oriented programming is beyond the scope of this report, a core
feature of all object-oriented languages is the creation of “objects,” which are data structures that
both contain the data and specify the operations that can be applied to the data. A data structure
is simply a way of aggregating distinct pieces of data so that they can be treated as a unit. For
example, a data structure representing a personnel record may include fields for an employee’s
name, social security number, department, office address, phone, and salary. If that data
structure were created in an object-oriented language, the data structure would be called an
“object” and, in addition, might specify the operations that can be performed on a personnel
record, such as “contact the employee,” “adjust the salary of the employee,” “change the
employee’s department,” etc.
32.
I describe here the functionality of Facebook messaging that is relevant to this
matter, based on the source code that I examined and other documents provided to me (including
deposition testimony, witness declarations, interrogatory responses, etc.). However, as discussed
in subsequent sections of this report, I note that Facebook is a huge system comprising tens of
millions of lines of code,
and handling an average of over
supporting over 1.5 billion people,
requests each day. (See January 14, 2016 Declaration
16
of Alex Himel (“January 14 Himel Decl.”) ¶ 28 n.3.) In such a huge system with that level of
demand, there are bound to be software errors that lead to inconsistencies in the behavior of the
system and
. Thus,
my description below of the functionality of the Facebook code, particularly the code supporting
Facebook messaging, reflects how the system was designed to operate generally—not
necessarily how it actually operated at any given moment.2
33.
Beginning in or around August 2010, Facebook
2
I understand that certain Facebook engineers have submitted declarations in connection with this matter that
explain and discuss variation among the practices and functionality challenged by Plaintiffs. Much of that
variation is also discussed below.
17
Web scraping is
a normal technique used to extract data from websites for various reasons.
Declaration of Alex Himel being
submitted simultaneously in support of Facebook’s Opposition to Plaintiffs’ Motion for
Certification. (See id. ¶¶ 13-15; id. at Ex. B (Facebook’s Supplemental Responses and
Objections to Plaintiffs’ First Set of Interrogatories (“Supp. Resp. to First Interrog.”)) at 17-18.)
34.
On the Facebook server,
18
35.
Below is an example of preview images being
displayed after the message was sent (see also paragraph 29 for an image of the preview being
displayed before being sent).
19
36.
37.
I understand from Facebook’s interrogatory responses that
20
(See Supp. Resp. to First Interrog. at 17.)
38.
The use of
has many benefits.
(See January 14 Himel Decl. ¶ 14.)
39.
In the case of Facebook messaging,
(See January 14 Himel Decl. ¶¶ 15-16; Supp.
Resp. to First Interrog. at 18.)
21
40.
When the sender had completed typing the message, she could send the message
by clicking on or tapping a “Send” button or hitting the enter key.
in the inboxes of the sender and recipient so that they
could view the message text as well as the URL attachment. (January 14 Himel Decl. ¶¶ 16-18;
Supp. Resp. to First Interrog. at 18-19; January 14, 2016 Declaration of Michael Adkins
(“Adkins Decl.”) ¶¶ 10-14.)
(See January 14 Himel Decl. at Ex. A (Facebook’s Second
Supplemental Responses and Objections to Plaintiffs’ Narrowed Second Set of Interrogatories
(“Sec. Supp. Resp. to Sec. Interrog.”)) at 18.)
41.
22
(See also January 14 Himel Decl. ¶¶ 16-18.)
42.
23
B.
43.
Like other complex websites,
Facebook must store the information shared on
its site, at the very least in order to display that information when people use features that require
it (e.g., viewing your messages inbox or a social plugin counter). Complex websites also log
activity on their sites (with varying frequency and degree of detail) for other purposes, including
maintaining site integrity and operability and detecting and deterring abuse.
44.
45.
24
I understand
25
from the Facebook engineers that it was in fact changed over time.
46.
see also January 14 Himel Decl. ¶ 54.)
VIII. RESPONSE TO THE GOLBECK REPORT
47.
I have been asked by counsel to respond to certain portions of the Golbeck report
as augmented by Dr. Golbeck’s deposition testimony. In this section, I provide my responses as
well as the bases for my disagreements with Dr. Golbeck. I understand that the opinions I
express in this report will be considered by the Court for class certification purposes; thus, it is
not my intent to exhaustively respond to Dr. Golbeck with respect to topics that are unrelated to
class certification. I reserve the right to respond to the Golbeck Report on such topics in the
future if asked to do so.
A.
The Alleged “Interceptions”
48.
Dr. Golbeck refers to several routine computer programming functions as
“interceptions.” I offer no opinion at this time on whether the practices Dr. Golbeck discusses
could be deemed “interceptions” for purposes of wiretapping law (though it would seem odd to
26
me if they could be). As discussed below, however, there was considerable variation in these
practices and in my opinion it would be necessary to conduct a message-by-message analysis to
determine whether the purported “interceptions” occurred for any given message.
1.
49.
Dr. Golbeck characterizes as an “interception” or “redirection” the creation of a
data structure,
) As
someone who has been working and teaching in the field of computer science for more than 30
years, I disagree with these conclusions and the use of this terminology. As discussed above, the
creation of “objects” is a standard part of object-oriented programming, and there is nothing
unusual about
If
Dr. Golbeck’s characterization of an “interception” or “redirection” based on the creation of data
structures (objects) were correct, there would be no way for the provider of a service involving
communication between people to know when it was or was not performing an “interception.”3
50.
At her deposition, Dr. Golbeck attempted to
(Golbeck Deposition Transcript (“Golbeck Dep.”)
3
In her report, Dr. Golbeck says,
27
51.
At her deposition, Dr. Golbeck also stated that
•
collecting statistics about the geographical locations of senders and recipients to
improve performance and reduce failures, e.g. by adding computing and
4
28
communication resources to best reduce network congestion and balance the
computing load on servers;
•
saving web page images referred to in messages so that the web pages do not have
to be repeatedly accessed at a cost of network congestion and server load; and
•
for security by analyzing and saving patterns in the message content and traffic
patterns to detect malevolent communications.
52.
To the extent that Dr. Golbeck is characterizing the creation of an object (as
opposed to other types of data structures) as an “interception” or “redirection,” the creation of
objects is a fundamental operation in all programs written in commonly used object-oriented
languages, such as Java, C++, PHP, and JavaScript—
53.
Indeed, during her deposition, Dr. Golbeck could not identify
54.
Dr. Golbeck also states that she considers the
it would strike one of skill in the
29
field of computer science as odd to characterize
2.
55.
Dr. Golbeck also opines that Facebook’s
logging is a process performed by virtually all software systems and occurs for many
reasons, including the recording of errors, interactions, resource usage, security issues, etc. If
simply logging various aspects of person-generated data as part of providing a service to people
can be considered an “interception,” service providers would not be able to determine which
logging might be considered an interception and which might not be.
56.
Dr. Golbeck’s report cites to a source code file
after that date. (Id.)
57.
Dr. Golbeck’s report also points to
30
3.
58.
I understand that Plaintiffs have previously referred to
therefore it cannot even be accused of being an interception.
4.
59.
Code-Based “Devices”
Dr. Golbeck’s Report also refers to portions of Facebook code as “code-based
devices” or simply “devices.” (Golbeck Report ¶¶ 17.b., 55). According to Dr. Golbeck, the
above-referenced “interceptions” are accomplished through the use of these “code-based
devices.” In my 33 years as a computer scientist, I have never heard the term “device” used to
refer to software. Within the field, “device” is used to refer to hardware—and I note that Dr.
Golbeck does not identify any hardware device as performing the interception such that the
device (such as a Facebook server) is not used in the ordinary course of Facebook’s business. At
her deposition, Dr. Golbeck admitted she had never used the term “code-based device.”
(Golbeck Dep. 206:21-207:2):
Q. Have you ever used the term “code-based devices” in your academic
career?
A. I don’t think so.
31
Q. Why not?
A. This is not the kind of thing I study. I don’t write about code at all, I
don’t think, yeah.
As someone whose publications have all been about code and programming, I can confirm that
“code-based device” is not a term of art used to refer to code alone.5
B.
Variability in the Purported “Interceptions”
60.
While I find Dr. Golbeck’s characterizations of routine and unremarkable
computer science practices as “interceptions” and “redirections” to be unusual, I do not offer any
opinion at this time regarding whether these practices could be deemed to constitute illegal
wiretapping. However, even if Dr. Golbeck were correct in her characterization of routine
programming practices, such as
, as “interceptions,”
determining whether such alleged interceptions actually occurred would require a message-bymessage analysis, in the following sense:
•
•
5
Additionally, I performed a web search for “code-based device” and, in all the references I found, the “device” is
a hardware device that executed code.
32
•
(See
supra paragraph 30, 39; January 14 Himel Decl. ¶ 15.)
•
The Facebook code—
33
Adkins Decl. ¶¶ 8-12, 1623.)
•
As stated in Facebook’s interrogatory responses (see Supp. Resp. to First Interrog. at
35; Sec. Supp. Resp. to Sec. Interrog. at 16) and the testimony of Facebook witnesses
(see January 14 Himel Decl. ¶¶ 28, 40; September 25, 2015 Deposition of Ray He
77:10-78:23, 156:15-157:1),
34
•
The same variability exists for Facebook’s
Graph API.
Graph API count would have been
incremented.
Graph API. (See January 14 Himel
Decl. ¶¶ 27-29, 69, 73-78.)
or Graph API. (Id. ¶ )
35
•
(Id. ¶¶ 46-49.)
•
. (See supra ¶¶ 55, 57; January 14 Himel Decl. ¶¶ 52-57.)
•
Moreover, as stated above, Dr. Golbeck has not examined any Facebook source code
later than December 31, 2012, so she cannot tell from the Facebook code she
examined
36
61.
In summary, because of the various scenarios under which an
C.
Variability in the Alleged “Uses” of “Intercepted” Data
62.
For the reasons discussed in the Facebook fact declarations I have reviewed, the
same variability that exists for the “interception” issue also exists for the “use” issue. For a
variety of reasons, including changes of practices over time, it would be necessary to conduct a
message-by-message inquiry to determine whether
and even then such a determination likely would not be possible.
Further, I understand Dr. Golbeck acknowledged at her deposition that, other than one
(Golbeck Dep. 310:22-314:22.)
37
63.
Examples of the variability inherent in any inquiry concerning each of the alleged
“uses” include:
•
Insights, Related APIs, and Real-Time Analytics: I understand that
visible to domain
owners through Insights until October 11, 2012.
the Insights counter at all.
the owner of that domain might never
have authenticated ownership and accessed Insights
RealTime Analytics – a specialized system designed to provide Insights data even more
rapidly.
Insights counter. (See January 14 Himel Decl. ¶¶ 58-65.)
•
Plugin Counts: The
between August 16, 2010 and December 19, 2012. (See id.
¶¶ 37-43.) First,
38
(See id. )
& Graph API:
•
API queries
would have reflected
Graph API
query.
Graph API query.
Graph API,
39
. (See id. ¶¶ 7379.)
•
Recommendations and Activity Feeds: There likewise was considerable variability
over time, during certain periods,
For most of the proposed class period (from December 2011 to
July 9, 2014) Recommendations and Activity Feeds, at most,
both the Recommendations and Activity Feeds were discontinued
altogether on June 23, 2015. (See Fechete Decl. ¶¶ 23-34, 43-45.)
40
D.
Continuing Conduct
64.
Dr. Golbeck and I had access to the same Facebook source code produced in this
matter, namely source code from the period of September 2009 to December 2012. However,
the Golbeck report opines on the current operation of the Facebook software—without ever
having reviewed current Facebook source code. One of skill in computer science would know
there is no way to reliably determine the behavior of software—particularly when it comes to
internal operations that are not visible to the sender or recipient, as is the case with the accused
functionality—without examining source code. Thus, I do not believe Dr. Golbeck has a factual
basis for the conclusions she reaches in Section V of the Golbeck report, entitled “ Facebook’s
Conduct Continues to the Present” (Golbeck Report ¶¶ 94-97).
65.
I also note that, in opining on several of Facebook’s practices, Dr. Golbeck relies
not on source code but on e-mails about potential practices. (See, e.g., id. ¶¶ 46-49, 52-53, 6671, 76-78, 86-93.) This is not a scientifically reliable manner on which to base conclusions
about the operation of source code.
E.
Lack of Ascertainability of Class Members
66.
In her report, Dr. Golbeck says that “to retrieve a list of class members, the Code
process should be relatively straightforward.” (Id. ¶ 103.) In the next two paragraphs of her
report, she provides “example” code that she contends would return a list of “Facebook user IDs
of everyone
” and, in her
deposition, she said that such a list would identify the class members. (Golbeck Dep. 331:2-8.)
67.
That is incorrect. This query would return a list of people that is both under- and
over-inclusive of the proposed class. In her deposition, Dr. Golbeck conceded each of these
flaws in her proposed query:
41
68.
This query will be under-inclusive in that it will not reflect recipients of messages
69.
This query will be under-inclusive in that it will not identify
70.
This query will be under-inclusive in that it will not identify senders and
recipients whose accounts were deleted. (Id. at 335:25-336:10.)
71.
This query will be under-inclusive in that it will not identify
72.
This query will be under-inclusive in that it will not identify
73.
This query will be under-inclusive in that it will not identify
74.
This query will be over-inclusive in that it will include senders whose messages
did not contain URLs in their text. (Id. at 339:2-15.)
75.
This query will be over-inclusive in that it will include
76.
This query will be over-inclusive in that it will include senders and recipients
outside the United States. (Golbeck Dep. 340:22-341:1.)
77.
This query will be over-inclusive in that it will include senders of messages
outside the Class Period. (Id. at 341:2-7.)
6
In her deposition, Dr. Golbeck proposed that this flaw could be remedied by looking at each message to
ascertain who the recipient was, a woefully infeasible methodology if done manually, or trying to draft code to do
the same, but does not propose any actual methodology for doing so. She assumes this is feasible. (Golbeck Dep.
334:3-335:18.)
42
78.
Moreover, Dr. Golbeck’s query is overbroad in that it will identify senders that
were not subject to the challenged “uses.” In her deposition, Dr. Golbeck conceded each of these
flaws in her proposed query and said that identifying those that were subject to the challenged
“uses” would be “case-specific:”
79.
This query cannot identify senders
80.
This query cannot identify
81.
This query cannot identify
82.
This query cannot identify
83.
This query cannot identify
84.
This query cannot identify
85.
This query cannot identify
86.
This query cannot identify
87.
Finally, I understand from Facebook engineers that this query would not correctly
writing and executing even a corrected query would
43
be extremely burdensome and resource-intensive, if it were even possible, given the nature and
breadth of Facebook’s databases. (See January 14 Himel Decl. ¶ 8.)
F.
Variability in
88.
As discussed in detail above, the
(See January 14 Himel Decl. ¶¶ 20-22, 27-30, 37-43, 46-50, 55-57, 62-65,
73-79; Fechete Decl. ¶¶ 20-38, 43-44; Adkins Decl. ¶¶ 8-12, 16-23.)
89.
For all the reasons given above, it is my opinion that the Facebook messaging
software did not treat the people identified by Dr. Golbeck as being a “class” substantially the
same.
IX.
COMPUTER STORAGE
A.
Computer Storage Technology
90.
I have been asked to explain the meaning of “storage” in the context of computer
science. Simply put, “storage” refers to the electronic components in a computer system that
hold (store) data so that the data can be (1) processed by the central processing unit (CPU), e.g.
used for arithmetic, image processing, text formatting, etc., (2) held temporarily until the data is
44
sent over a network or is sent to a display device, printer or other output device, or (3) kept for a
longer period of time (perhaps indefinitely) so that it can be accessed in the future. The amount
of data stored on a computer or other computing device (e.g. smartphone or tablet) is measured
in terms of bytes, where a single byte comprises eight bits (each bit being a zero or a 1), which
was the amount of data historically required to represent a single character of text (e.g. letter,
digit, punctuation mark). On modern computing devices, storage capacity is normally multiples
of megabytes (millions of bytes), gigabytes (billions of bytes), or terabytes (trillions of bytes).
Naturally, mobile devices such as smartphones and tablets generally have less storage than
personal computers, which, in turn, have less storage than large servers.
91.
Computer systems have a number of different forms of electronic storage, ranging
from small, fast, and expensive (on a per-byte basis) to large, slow, and inexpensive. Below is a
diagram that I created to illustrate the so-called memory hierarchy, i.e. the different types of
storage found on computer systems, including registers (very fast, very small storage within a
CPU), cache memories (small, fast memories, often within the CPU), RAM (random access
memory, aka “main memory”), and disk drive or flash memory.7
7
Historically, there has been another level at the bottom of the hierarchy, archival storage – generally consisting of
backup tapes or optical media (e.g. DVD-ROMs) – that is not shown.
45
As shown in the diagram, the storage types near the top of the diagram are small and fast, and the
storage types near the bottom are larger and slower.
92.
Storage can also be divided into two categories, “volatile” and “non-volatile.”
The term “volatile” means that the storage only retains the data while power is applied, so if the
computer is turned off, the data is lost. Registers, cache memories, and RAM are examples of
volatile electronic storage. The term “non-volatile” means that data is preserved in the storage
even when no power is applied; thus, non-volatile electronic storage is often used for storing data
for longer periods of time than volatile storage. Examples of non-volatile storage include disk
storage, flash memory, magnetic tapes and optical media (CD-ROMs, etc.).
46
B.
The Incorrect Distinction Between “Memory” and “Storage”
93.
Dr. Golbeck appears to distinguish “memory” from “storage.”
Any information in a computer system is in
memory when it is not in storage; otherwise, it could not be in the computer
at all.
(Golbeck Report ¶117).
94.
Dr. Golbeck also testified about the distinction between “memory” and “storage:”
Q. What’s the difference between memory and temporary storage?
A. Storage is -- so memory allows you to operate on some data if it’s in
memory. Storage, temporary or permanent, is a place where information
is stored that it can’t be operated on.
(Golbeck Dep. 287:3-9.)
95.
Dr. Golbeck’s characterization of memory and storage—namely that memory is
not storage—is incorrect for the following reasons:
•
This is not an accepted characterization—in fact, I have never encountered this
distinction between memory and storage before now. Dr. Golbeck seems to be
referring to the fact that the instructions of a CPU (such as those to perform
arithmetic or logical operations) can directly access some forms of storage, e.g.,
registers, cache, and RAM, but can only access other forms of storage, e.g., disk
drives and flash memory, indirectly by first loading the data from disk or flash
memory into RAM. Dr. Golbeck’s distinction between memory and storage has
nothing to do with whether data is stored or not, only how the data is accessed.
•
As evidence that “memory” in the computing field is a form of “storage,” the
Microsoft Computer Dictionary defines memory as follows (emphasis added):
47
memory n. A device where information can be stored and retrieved. In
the most general sense, memory can refer to external storage such as
disk drives or tape drives; in common usage, it refers only to a
computer’s main memory, the fast semiconductor storage (RAM)
directly connected to the processor. See also core, EEPROM, EPROM,
flash memory, PROM, RAM, ROM. Compare bubble memory, mass
storage. (Microsoft Computer Dictionary, 5th Ed., 2002 p. 333)
As the dictionary states, “memory,” used in its general sense, refers to all types of storage and, in
its common narrower sense, “memory” is used to refer to RAM, which is fast semiconductor
storage.8 In either case, of course, memory is a form of storage.
96.
For these reasons, and as discussed extensively above,
message data is in storage as the term
is used in computer science.
97.
I understand that the Electronic Communications Privacy Act (18 U.S. Code
§ 2510) specifically defines “electronic storage” to include “any temporary, intermediate storage
of a wire or electronic communication incidental to the electronic transmission thereof,” and that
communications in electronic storage are governed not by the Wiretap Act (18 U.S. Code
§ 2511) but by another law (the Stored Communications Act, 18 U.S. Code § 2701) not being
asserted in this case.
the “temporary, intermediate storage” defined by
the Act to be “electronic storage.”
98.
As a factual matter, Dr. Golbeck is incorrect when she states that the
– even given Dr.
8
More recently the common use of “memory” is expanded to include “flash memory”, which is a slower and
cheaper form of semiconductor storage than RAM and has replaced disk drives in many computing devices.
48
Golbeck’s definition of “storage” (which I disagree with). Upon reaching
, the data would be in “storage” according to Dr.
Golbeck’s definition.
X.
ORDINARY COURSE OF BUSINESS
99.
Dr. Golbeck’s report also discusses whether Facebook’s alleged “interception”
was “necessary for Facebook to deliver private messages” (Golbeck
Report ¶ 17.b.) and ultimately “conclude[s] that the interception,
is not necessary for the functionality of message sharing in Facebook.” (Id.
at ¶ 109.) However, my understanding is that whether or not the alleged interception of message
content was “necessary” is not relevant to the “ordinary course of business” inquiry.
100.
Rather, for purposes of assessing whether the “ordinary course of business”
exemption to the Wiretap Act should apply, I understand that the Court has stated that it must
determine whether the interception is “related or connected to [the] electronic communication
provider’s service, even if it does not actually facilitate the service…[and whether there is] some
nexus between the need to engage in the alleged interception and the subscriber’s ultimate
business, that is, the ability to provide the underlying service or good.” (Order on Mot. to
Dismiss (Dkt. 43) 11-12.) Accordingly, Dr. Golbeck’s test for assessing whether Facebook’s
alleged “interceptions” fall within the “ordinary course of business” exemption appears to be
inconsistent with the Court’s order, and I think her conclusions are irrelevant. Instead, Dr.
Golbeck should have inquired whether there exists some nexus between the alleged
49
“interceptions” and Facebook’s ultimate business, or its ability to provide its underlying service.
Of course, Facebook’s underlying service is not merely to provide a messaging product but to
provide a massive social network comprising various features allowing people to share
information and ideas and to engage and connect with other people in a safe, efficient online
environment. Based on my review of the source code, I believe any alleged “interception” (if
indeed, one exists, which I do not believe it does) more than qualifies under the “nexus” test set
out by the Court, since it is related to both the messaging feature as well as other features that
make up the Facebook service.
101.
First, as discussed above, my review of the source code indicates that URL share
objects (the creation and storage of which Plaintiffs claim constitutes an illegal interception) are
inboxes. This contradicts Dr. Golbeck’s assumption that share object creation must not be
necessary for sharing URLs in messages because Facebook concedes that share objects are not
always created. (Golbeck Report ¶ 110.) Indeed, if no share object is created for a URL sent in
a message (for any of the reasons explained above), the recipient will not be able to see the URL
102.
Second,
50
103.
Third,
104.
Finally,
by providing data points for internal research and site maintenance, data points for site
integrity analysis, and, in the case of the
Insights
system, contributing to measures of engagement displayed with Facebook’s social plugins and
other features as part of its social platform extending to third-party websites, which help users
identify information they may be interested in viewing and sharing.
XI.
RESERVATION OF RIGHTS
105.
I reserve the right to supplement or amend my opinions in response to opinions
expressed by Plaintiffs’ experts, or in light of any additional evidence, testimony, discovery or
other information that may be provided to me after the date of this report. In addition, I reserve
the right to consider and testify about issues that may be raised by Plaintiffs’ fact witnesses and
51
experts at trial. I also reserve the right to modify or to supplement my opinions as a result of
ongoing expert discovery or testimony at trial.
Dated: January 14, 2016
DR. BENJAMIN GOLDBERG
52
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?