Lawsuit accuses comScore of extensive privacy violations
Online tracking firm surreptitiously siphons personal data, changes security settings on computers, suit alleges
Computerworld - A proposed class-action lawsuit filed in federal court in Chicago on Tuesday accuses online tracking and analytics firm comScore of surreptitiously collecting Social Security numbers, credit card numbers, passwords and other data from consumer systems.
The lawsuit also accuses comScore of a wide range of other misdeeds, including changing security settings and opening backdoors on end-user systems, stealing information from word processing documents, emails and PDFs, redirecting user traffic, and injecting data collection code into browsers and IM (instant messaging) applications.
The suit was filed on behalf of two individuals, one from Illinois and the other from California, who claimed their privacy rights were violated by comScore's data collection software. It seeks an injunction against the company's practices and damages for comScore's alleged violations of the Stored Communications Act, the Computer Fraud and Abuse Act and other statutes.
"The scope and breadth of data that comScore collects from unsuspecting consumers is terrifying," the 30-page complaint alleges.
In an emailed statement, comScore spokesman Andrew Lipsman called the lawsuit meritless. "We have reviewed the lawsuit and find it to be without merit and full of factual inaccuracies," he said. "ComScore intends to aggressively defend itself against these claims."
A publicly traded company, comScore is one of the largest online audience measurement and customer tracking companies in the industry. Its 1,800 customers include numerous marquee electronic commerce sites, retailers, advertising agencies and publishers.
The company offers a range of services designed to allow its customers to track and profile Internet users for audience measurement and targeted advertising purposes.
The software that the company uses to do such tracking is typically downloaded on user systems along with free software products such as screens savers and music sharing software. In other cases, users are encouraged to download the software in exchange for a chance to enter free sweepstakes and similar incentives.
The lawsuit characterized comScore's software as intrusive surveillance tools that allowed the company to monitor every keystroke and every action taken by a user on the Internet. To collect data, comScore's software modifies a computer's firewall settings, redirects Internet traffic, and can be upgraded and controlled remotely, the complaint alleges.
The software is largely impervious to user attempts to uninstall it. And when a user does manage to delete the software it still leaves behind an untrusted "root certificate" that exposes the user to various security threats, the plaintiffs claim.
To provide its service, comScore "constantly collects, monitors, and analyzes every online move, no matter how private, of over two million persons," the suit alleges.
This is the second time in the past few days that the issue of online tracking and user profiling has come into the spotlight. A few days ago, a researcher from Stanford University released a report exposing Microsoft's use of highly persistent "supercookies" to track users on its MSN and other networks.
After the report was published, Microsoft claimed that the cookies were used inadvertently and said it had disabled them immediately.
Another recent report from researchers at the University of California at Berkeley showed how hundreds of sites are using the so-called supercookies to track users.
The recent developments are likely to add urgency to efforts by lawmakers to introduce Do Not Track legislation that would give consumers the choice of opting out of online tracking and targeted advertising.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
Read more about Privacy in Computerworld's Privacy Topic Center.
- Combating Identity Theft in a Mobile, Social World Offering identity theft protection and remediation allows businesses to give their workforce the confidence to efficiently engage while bringing financial reward to the...
- After a Breach: Managing Identity Theft Effectively This white paper from LifeLock Business Solutions notes that FIs in addition to managing fraud should strive to turn a negative event for...
- Combating Identity Fraud in a Virtual World This slide presentation reveals findings from the Javelin Strategy & Research 2012 Identity Fraud Report about mobile and social trends, the real risks...
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Accelerate your innovation with IBM Bluemix™ Join us for a webcast introducing the new IBM BluemixTM. IBM Bluemix (www.bluemix.net) is a developer oriented Platform as a Service (PaaS) environment... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!