Symantec hit with class-action lawsuit over auto-renewals

Computerworld - A New York man has sued security software maker Symantec for automatically renewing his subscription to Norton Antivirus, alleging that the company did not notify him before charging $76 to his credit card.

The lawsuit comes seven months after the New York Attorney General's office fined Symantec $375,000 for the practice and ordered it to give notice before renewing any subscription.

According to the lawsuit filed Jan. 19 in a New York County court, Kenneth Elan of Port Washington, N.Y., purchased a copy of Norton Antivirus in 2007. Early in November 2009, Symantec told him that it had automatically renewed his license to the software for one year, and charged his credit card $76.03. Elan said he had not been notified prior to the charge hitting his card.

Symantec's security software typically comes with a one-year license, which includes a subscription to new malware signature updates. When that initial signature subscription expires, consumers must renew to continue to receive anti-malware updates.

Many antivirus vendors enroll customers in automatic renewal programs when they purchase or activate the software, claiming that it's the only way to guarantee that users stay protected against new threats. Symantec started doing so in 2005, while rival McAfee began four years earlier.

But last June, New York Attorney General Andrew Cuomo announced that his office had reached a settlement with Symantec and McAfee over consumer charges that the companies didn't get users' approval to automatically bill them, and had made it difficult for customers to opt out or obtain refunds. Symantec and McAfee paid $375,000 each in penalties, and said they would clarify subscription renewal costs, and refund fees to consumers who asked for them within 60 days of being charged.

Symantec and McAfee also agreed to "provide electronic notification to consumers before and after renewal of the subscription," Cuomo's office said at the time.

The 2009 deal did not ban automatic subscription renewals, however.

Elan's lawsuit claimed that Symantec had not abided by the settlement. "Prior to the automatic renewal, defendant failed to offer plaintiff an opportunity to decline to renew the license for another year," the lawsuit maintained. "If plaintiff had notice of an opportunity to decline the automatic renewal, plaintiff would not have renewed the license."

Last July, Cuomo said the settlement with Symantec and McAfee meant that they could not longer "hide the ball with renewal fees."

Elan charged Symantec with deceptive business practices and unjust enrichment, and asked the court to make the company refund all fees generated by automatic renewals. He also asked the court to grant the lawsuit class-action status, which would open the case to a potential pool of thousands.

Symantec has not yet responded to Elan's lawsuit, according to court records.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

Read more about Security in Computerworld's Security Topic Center.