Lawsuit accuses comScore of extensive privacy violations
Online tracking firm surreptitiously siphons personal data, changes security settings on computers, suit alleges
Computerworld - A proposed class-action lawsuit filed in federal court in Chicago on Tuesday accuses online tracking and analytics firm comScore of surreptitiously collecting Social Security numbers, credit card numbers, passwords and other data from consumer systems.
The lawsuit also accuses comScore of a wide range of other misdeeds, including changing security settings and opening backdoors on end-user systems, stealing information from word processing documents, emails and PDFs, redirecting user traffic, and injecting data collection code into browsers and IM (instant messaging) applications.
The suit was filed on behalf of two individuals, one from Illinois and the other from California, who claimed their privacy rights were violated by comScore's data collection software. It seeks an injunction against the company's practices and damages for comScore's alleged violations of the Stored Communications Act, the Computer Fraud and Abuse Act and other statutes.
"The scope and breadth of data that comScore collects from unsuspecting consumers is terrifying," the 30-page complaint alleges.
In an emailed statement, comScore spokesman Andrew Lipsman called the lawsuit meritless. "We have reviewed the lawsuit and find it to be without merit and full of factual inaccuracies," he said. "ComScore intends to aggressively defend itself against these claims."
A publicly traded company, comScore is one of the largest online audience measurement and customer tracking companies in the industry. Its 1,800 customers include numerous marquee electronic commerce sites, retailers, advertising agencies and publishers.
The company offers a range of services designed to allow its customers to track and profile Internet users for audience measurement and targeted advertising purposes.
The software that the company uses to do such tracking is typically downloaded on user systems along with free software products such as screens savers and music sharing software. In other cases, users are encouraged to download the software in exchange for a chance to enter free sweepstakes and similar incentives.
The lawsuit characterized comScore's software as intrusive surveillance tools that allowed the company to monitor every keystroke and every action taken by a user on the Internet. To collect data, comScore's software modifies a computer's firewall settings, redirects Internet traffic, and can be upgraded and controlled remotely, the complaint alleges.
The software is largely impervious to user attempts to uninstall it. And when a user does manage to delete the software it still leaves behind an untrusted "root certificate" that exposes the user to various security threats, the plaintiffs claim.
To provide its service, comScore "constantly collects, monitors, and analyzes every online move, no matter how private, of over two million persons," the suit alleges.
This is the second time in the past few days that the issue of online tracking and user profiling has come into the spotlight. A few days ago, a researcher from Stanford University released a report exposing Microsoft's use of highly persistent "supercookies" to track users on its MSN and other networks.
After the report was published, Microsoft claimed that the cookies were used inadvertently and said it had disabled them immediately.
Another recent report from researchers at the University of California at Berkeley showed how hundreds of sites are using the so-called supercookies to track users.
The recent developments are likely to add urgency to efforts by lawmakers to introduce Do Not Track legislation that would give consumers the choice of opting out of online tracking and targeted advertising.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
Read more about Privacy in Computerworld's Privacy Topic Center.
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- Magic Quadrant for Data Masking Technology IBM is a leader in Gartner Inc's Magic Quadrant for Data Masking Technology. Read the full report to learn about IBM.
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!