A recent class action lawsuit brought in federal court in San Francisco alleges that Twitter may be reading, and potentially altering, the direct messages of its users. Direct messages are non-public messages that users can send privately on the site which "can only be seen between the people included."
The lawsuit claims that the exception to this is when users include a hyperlink in a message:
Twitter surreptitiously eavesdrops on its users' private Direct Message communications. As soon as a user sends a Direct Message, Twitter intercepts, reads, and, at times, even alters the message. For example, should a user write a Direct Message and include a hyperlink (i.e., a link to a website such as www.nytimes.com), Twitter's algorithms will read through the Direct Message, identify the hyperlink, and replace it with its own custom link, thereby sending the person clicking on the link to Twitter's analytics servers before passing them on to the original linked-to website.
Therefore, when users include a hyperlink in a message, Twitter changes the link into its own format, with the prefix "t.co," for the purpose of tracking how links are used across the site.
This policy is stated in Twitter's privacy policy, although the language is kind of blurry. According to Mashable:
Twitter discloses that it may keep track of how users interact with links, so it will be interesting to see if the courts consider this sufficient to cover its bases. "We do this to help improve our Services, to provide more relevant advertising, and to be able to share aggregate click statistics such as how many times a particular link was clicked on," Twitter writes.
The policy may betray California's Electronic Communications Privacy Act, as well as its own privacy laws. The suit is claiming damages of $100 per day.
Although the actual matter at hand - Twitter changes its links simply to improve its advertising algorithms - is somewhat usual, and perhaps small, California legislation doesn't draw a line between this type of behavior and actual surveillance.
The Boston Herald spoke with the president of the Electronic Privacy Information Center:
"The service provider doesn't really get to peek into the message unless it's for the purpose of providing the service," said Marc Rotenberg, president of the Electronic Privacy Information Center. "It appears that Twitter was doing more than just providing its service."
A similar lawsuit brought against Google in 2013 successfully deterred the company from mining student emails for data that would be helpful in advertising.