Telephone Numbers as Identity Authenticators–Abrams v. Facebook

By Eric Goldman

I think it’s interesting to read these two developments side-by-side:

Development #1: Abrams v. Facebook, Inc., C07-05378 (N.D. Cal. complaint filed Oct. 22, 2007). A woman initiates a class action lawsuit against Facebook because Facebook’s users send text messages through Facebook to their friends’ outdated cellphone numbers. (Sounds like an easy 47 USC 230 12b6 dismissal to me). The gravamen of Abrams’ complaint–Facebook shouldn’t assume that a cellphone number is still attached to the same owner over time, but instead it should build a system to dynamically check if the phone number has been reassigned.

Development #2: The FTC isn’t planning to purge any phone numbers from the Do Not Call registry despite the longstanding announcement that registrations expire after 5 years–even though, of course, phone numbers are reassigned to new subscribers all the time. The FTC does have a formally announced protocol for dropping phone numbers from the DNC registry when a phone number changes subscribers, but I would love to see some evidence of how well that protocol works (UPDATE: According to Bob Sullivan’s article, “list hygiene” appears to remain an issue). If that protocol isn’t working well, the 5 year expiration could be the main way for the system to acknowledge that a telephone number subscriber, who may have different preferences about the DNC registry, has changed.

I explored the issues associated with using telephone numbers as proxies for identity here.