Campbell et al v. Facebook Inc.
Filing
214
RESPONSE (re 206 MOTION to Compel Production of Source Code ) Defendant Facebook, Inc.s Opposition to Plaintiffs Motion to Compel Production of Source Code filed byFacebook Inc.. (Attachments: # 1 Poole Declaration in Support of Facebooks Opposition to Plaintiffs Motion to Compel Production of Source Code)(Jessen, Joshua) (Filed on 8/19/2016)
1
2
3
4
5
6
7
8
9
10
11
12
13
GIBSON, DUNN & CRUTCHER LLP
JOSHUA A. JESSEN, SBN 222831
JJessen@gibsondunn.com
JEANA BISNAR MAUTE, SBN 290573
JBisnarMaute@gibsondunn.com
PRIYANKA RAJAGOPALAN, SBN 278504
PRajagopalan@gibsondunn.com
ASHLEY M. ROGERS, SBN 286252
ARogers@gibsondunn.com
1881 Page Mill Road
Palo Alto, California 94304
Telephone: (650) 849-5300
Facsimile: (650) 849-5333
GIBSON, DUNN & CRUTCHER LLP
CHRISTOPHER CHORBA, SBN 216692
CChorba@gibsondunn.com
333 South Grand Avenue
Los Angeles, California 90071
Telephone: (213) 229-7000
Facsimile: (213) 229-7520
Attorneys for Defendant
FACEBOOK, INC.
14
UNITED STATES DISTRICT COURT
15
NORTHERN DISTRICT OF CALIFORNIA
16
OAKLAND DIVISION
17
18
19
20
21
22
MATTHEW CAMPBELL and MICHAEL
HURLEY,
Plaintiffs,
v.
FACEBOOK, INC.,
Case No. C 13-05996 PJH (SK)
DECLARATION OF NEAL POOLE IN
SUPPORT OF DEFENDANT
FACEBOOK, INC.’S OPPOSITION TO
PLAINTIFFS’ MOTION TO COMPEL
PRODUCTION OF SOURCE CODE
Defendant.
23
24
25
26
27
28
Gibson, Dunn &
Crutcher LLP
DECLARATION OF NEAL POOLE IN SUPPORT OF DEFENDANT FACEBOOK, INC.’S OPPOSITION TO PLAINTIFFS’
MOTION TO COMPEL PRODUCTION OF SOURCE CODE; Case No. C 13-05996 PJH (SK)
1
2
I, Neal Poole, declare as follows:
1.
I am an employee of Defendant Facebook, Inc. (“Facebook”). My job title is Security
3
Engineer. My duties include investigating potential security risks that impact Facebook and its
4
infrastructure, assessing our overall architecture and the architecture of individual products from a
5
security perspective, and performing various security assessments on existing and newly developed
6
products. I submit this Declaration in support of Facebook’s Opposition to Plaintiffs’ Motion to
7
Compel Production of Source Code. Unless otherwise indicated, I have personal knowledge of the
8
facts stated below and could competently testify to them in a court of law.
9
2.
I provide this Declaration to explain certain facts regarding Facebook’s “Graph API”
10
feature as it relates to “global share objects” (also known as “EntGlobalShares”). I understand that
11
Plaintiffs in this case are requesting that Facebook produce additional source code. In support of this
12
request, Plaintiffs assert as follows:
13
14
15
16
17
18
19
20
21
22
Facebook’s sharing of URLs in Private Messages with third parties appears to be
ongoing. Shortly after Plaintiffs amended their complaint, a security researcher
revealed one manifestation of this ongoing practice. As recently disclosed in a blog
post by the researcher . . . Facebook makes the specific URLs shared in Private
Messages freely available to any developer with access to the Facebook API. . . .
Facebook never disclosed this practice through discovery, and analysis of Facebook’s
up-to-date source code is necessary to understand how this functionality operates, the
scope of Facebook’s ongoing sharing of users’ Private Message content with third
parties, and the appropriate injunctive relief associated with this practice.
(Mot. at 7-8 (footnotes and emphases omitted).)
3.
As explained below, Plaintiffs’ misapprehend the nature of Facebook’s tools and the
practice discussed by the blog post they reference.
4.
The blog post Plaintiffs reference is titled “Why you shouldn’t share links on
23
Facebook,” Quartz, June 29, 2016, http://qz.com/715019/why-you-shouldnt-share-links-on-facebook/
24
(“Quartz post”). The Quartz post refers to Facebook’s “Crawler” and “Sharing Debugger” tools,
25
both of which are explained on Facebook’s publicly available webpages. Regarding the Facebook
26
“Crawler,” Facebook’s website explains that “[t]he first time someone shares a link, the Facebook
27
crawler will scrape the HTML at that URL to gather, cache and display info about the content on
28
Facebook like a title, description, and thumbnail image.” See The Facebook Crawler, available at
Gibson, Dunn &
Crutcher LLP
1
DECLARATION OF NEAL POOLE IN SUPPORT OF DEFENDANT FACEBOOK, INC.’S OPPOSITION TO PLAINTIFFS’
MOTION TO COMPEL PRODUCTION OF SOURCE CODE; Case No. C 13-05996 PJH (SK)
1
2
https://developers.facebook.com/docs/sharing/webmasters/crawler.
5.
Through this process, the Crawler obtains information from a third-party website to
3
construct the “URL preview” that may be created when someone using Facebook types a URL into a
4
Facebook post, message, or otherwise. The following is an example:
5
6
7
8
9
10
11
12
13
6.
The data structure on Facebook’s system that stores this URL preview is the “global
14
share object” or “EntGlobalShare.” By storing this information in an EntGlobalShare, Facebook can
15
avoid “scraping” or “crawling” the website every time Facebook needs to generate a new preview,
16
thereby reducing traffic and allowing for faster and more efficient and effective preview generation.
17
The EntGlobalShare also allows Facebook to generate previews even when third-party websites have
18
errors or down time.
19
7.
It is important to note that an EntGlobalShare is created for a URL (1) only the first
20
time the URL is “crawled,” and (2) before the URL preview is actually shared by someone using
21
Facebook (i.e., before they hit “enter” or “send” in a post, message, or otherwise). The
22
EntGlobalShare is the “canonical” storage of the URL preview, and does not represent a specific
23
instance of a URL preview being shared on Facebook (through a message or otherwise). In this
24
regard, it is distinct from a “share object” or “EntShare,” which represents an instance of a specific
25
share. To illustrate the point, if I were the first person on Facebook to enter www.nytimes.com, an
26
EntGlobalShare would be created to store the above URL preview. But an EntGlobalShare would
27
not be created when other people shared the same preview in the future. On the other hand, an
28
EntShare would be created each time someone successfully shared the URL preview.
Gibson, Dunn &
Crutcher LLP
2
DECLARATION OF NEAL POOLE IN SUPPORT OF DEFENDANT FACEBOOK, INC.’S OPPOSITION TO PLAINTIFFS’
MOTION TO COMPEL PRODUCTION OF SOURCE CODE; Case No. C 13-05996 PJH (SK)
1
8.
The actual URLs (e.g., www.nytimes.com) are of course public, and can be accessed
2
by anyone typing them into a web browser—in the example above, www.nytimes.com. That same
3
public URL information—www.nytimes.com, here—is displayed if a website developer uses a
4
specific Facebook developer tool (an application programming interface or “API” 1) to “call” that
5
URL from Facebook. Facebook internally assigns each EntGlobalShare an object ID, and in order to
6
call a specific URL using the API, the requester must know the object ID assigned to that
7
EntGlobalShare. If the requester calls for that object ID, the result returned by Facebook’s API is the
8
URL itself (www.nytimes.com). The returned result does not include any information that is not
9
contained in the URL.
10
9.
To take another example, if someone using Facebook typed www.politico.com into a
11
post, message, or comment, and an EntGlobalShare was created, and someone later “called”—
12
through Facebook’s API—that URL using the object ID for that EntGlobalShare, the API would
13
return “www.politico.com.” If the requester did not know (or could not guess) the object ID, she
14
could not “call” that object ID from the API and learn the URL.
15
10.
Furthermore, the API does not indicate whether the URL was shared in a message, or
16
was simply typed into a post or comment or shared in some other way on Facebook, nor does it
17
identify the person whose typing of the URL led to the creation of the EntGlobalShare. Again, the
18
only thing that is returned through the API call is the URL itself.
19
11.
This basic functionality has been available for many years, and it has been reflected in
20
Facebook’s source code for many years (including in 2012). The Quartz post merely discusses this
21
functionality. It does not contend, nor do Plaintiffs, that Facebook’s API can be used to identify
22
specific instances of a URL being shared—in a message or otherwise. It is thus extremely misleading
23
for Plaintiffs to claim that this feature concerns “sharing of URLs in Private Messages with third
24
parties.” It does not.
25
26
27
28
Gibson, Dunn &
Crutcher LLP
1
APIs can be used to integrate information from Facebook into other applications. For example, a
mobile app may use the Facebook API to request information about users’ friend lists so that its
app can notify users when their Facebook friends are also logged into that app.
3
DECLARATION OF NEAL POOLE IN SUPPORT OF DEFENDANT FACEBOOK, INC.’S OPPOSITION TO PLAINTIFFS’
MOTION TO COMPEL PRODUCTION OF SOURCE CODE; Case No. C 13-05996 PJH (SK)
1
I declare under penalty of perjury under the laws of the United States of America that
2
the foregoing is true and correct and that this declaration was executed on August 18, 2016 in
3
London, England.
4
/s/ Neal Poole
Neal Poole
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Gibson, Dunn &
Crutcher LLP
4
DECLARATION OF NEAL POOLE IN SUPPORT OF DEFENDANT FACEBOOK, INC.’S OPPOSITION TO PLAINTIFFS’
MOTION TO COMPEL PRODUCTION OF SOURCE CODE; Case No. C 13-05996 PJH (SK)
1
2
ATTORNEY ATTESTATION
I, Joshua A. Jessen, attest that concurrence in the filing of this Declaration of Neal Poole has
3
been obtained from the signatory. I declare under penalty of perjury under the laws of the United
4
States of America that the foregoing is true and correct. Executed this 19th day of August 2016, in
5
Irvine, California.
6
7
Dated: August 19, 2016
/s/ Joshua A. Jessen
Joshua A. Jessen
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Gibson, Dunn &
Crutcher LLP
5
DECLARATION OF NEAL POOLE IN SUPPORT OF DEFENDANT FACEBOOK, INC.’S OPPOSITION TO PLAINTIFFS’
MOTION TO COMPEL PRODUCTION OF SOURCE CODE; Case No. C 13-05996 PJH (SK)
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?