Lawsuit accuses comScore of extensive privacy violations
Online tracking firm surreptitiously siphons personal data, changes security settings on computers, suit alleges
Computerworld - A proposed class-action lawsuit filed in federal court in Chicago on Tuesday accuses online tracking and analytics firm comScore of surreptitiously collecting Social Security numbers, credit card numbers, passwords and other data from consumer systems.
The lawsuit also accuses comScore of a wide range of other misdeeds, including changing security settings and opening backdoors on end-user systems, stealing information from word processing documents, emails and PDFs, redirecting user traffic, and injecting data collection code into browsers and IM (instant messaging) applications.
The suit was filed on behalf of two individuals, one from Illinois and the other from California, who claimed their privacy rights were violated by comScore's data collection software. It seeks an injunction against the company's practices and damages for comScore's alleged violations of the Stored Communications Act, the Computer Fraud and Abuse Act and other statutes.
"The scope and breadth of data that comScore collects from unsuspecting consumers is terrifying," the 30-page complaint alleges.
In an emailed statement, comScore spokesman Andrew Lipsman called the lawsuit meritless. "We have reviewed the lawsuit and find it to be without merit and full of factual inaccuracies," he said. "ComScore intends to aggressively defend itself against these claims."
A publicly traded company, comScore is one of the largest online audience measurement and customer tracking companies in the industry. Its 1,800 customers include numerous marquee electronic commerce sites, retailers, advertising agencies and publishers.
The company offers a range of services designed to allow its customers to track and profile Internet users for audience measurement and targeted advertising purposes.
The software that the company uses to do such tracking is typically downloaded on user systems along with free software products such as screens savers and music sharing software. In other cases, users are encouraged to download the software in exchange for a chance to enter free sweepstakes and similar incentives.
The lawsuit characterized comScore's software as intrusive surveillance tools that allowed the company to monitor every keystroke and every action taken by a user on the Internet. To collect data, comScore's software modifies a computer's firewall settings, redirects Internet traffic, and can be upgraded and controlled remotely, the complaint alleges.
The software is largely impervious to user attempts to uninstall it. And when a user does manage to delete the software it still leaves behind an untrusted "root certificate" that exposes the user to various security threats, the plaintiffs claim.
To provide its service, comScore "constantly collects, monitors, and analyzes every online move, no matter how private, of over two million persons," the suit alleges.
This is the second time in the past few days that the issue of online tracking and user profiling has come into the spotlight. A few days ago, a researcher from Stanford University released a report exposing Microsoft's use of highly persistent "supercookies" to track users on its MSN and other networks.
After the report was published, Microsoft claimed that the cookies were used inadvertently and said it had disabled them immediately.
Another recent report from researchers at the University of California at Berkeley showed how hundreds of sites are using the so-called supercookies to track users.
The recent developments are likely to add urgency to efforts by lawmakers to introduce Do Not Track legislation that would give consumers the choice of opting out of online tracking and targeted advertising.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- 3 privacy violations you shouldn't worry about
- U.S. commercial drone industry struggles to take off
- Snowden leaks erode trust in Internet companies, government
- NSA phone metadata collection program renewed for 90 days
- NSA isn't evil, says noted civil libertarian
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
Read more about Privacy in Computerworld's Privacy Topic Center.
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Privacy White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!