Judge awards class action status in privacy lawsuit vs. comScore
Suit alleges that online tracking firm secretly collected and sold Social Security Numbers, passwords other personal data collected from user systems
A federal court in Chicago this week granted class action status to a lawsuit accusing comScore, one of the Internet's largest user tracking firms, of secretly collecting and selling Social Security numbers, credit card numbers, passwords and other personal data collected from consumer systems.
The court's decision paves the way for what a lawyer for the two named plaintiffs in the case claimed could be the largest privacy case to ever go to trial in terms of class size and potential damages.
ComScore did not respond to a request for comment.
Publicly traded comScore, a Reston Va.-based company that collects Internet user data and sells it to more 2,000 firms for use in online marketing and targeted advertising. The company said it monitors and measures what people do on the Internet and then turns that information into actionable data for its clients.
The company claims that it captures more than 1.5 trillion user-interactions monthly, or roughly 40% of the monthly page views of the Internet. Its clients include some of the world's largest e-commerce sites, online retailers, advertising agencies and publishers.
ComScore uses OSSProxy software to track users. The software is typically bundled along with free software products like screen savers and music sharing software and is downloaded to the systems of end users that install them.
Once installed, the software is designed to constantly collect and send to comScore servers a wide range of data, such as the names of every file on the computer, information entered into a web browser, the contents of PDF files and other data.
ComScore maintains that all of the data it collects is purged of identifying information and personal data before it's sold.
However, in August 2011, two Internet users, one from Illinois and the other from California filed a lawsuit against Comscore alleging various violations of the federal Stored Communication Act (SCA), the Electronic Privacy Communication Act (ECPA) and the Computer Fraud and Abuse Act (CFAA).
In the lawsuit, the pair accused comScore of changing security settings and opening backdoors on end-user systems, stealing information from word processing documents, emails and PDFs, redirecting user traffic, and injecting data collection code into browsers and instant messaging applications.
The lawsuit called comScore's software an intrusive surveillance tool that monitors every keystroke and every action taken by a user on the Internet. The suit charged that the company rifled through the iPod playlists and web browsing histories of smartphone users.
To collect data, comScore's software modifies computer firewall settings, redirects Internet traffic, and can be upgraded and controlled remotely, the complaint alleged. The suit challenged comScore's assertions that it filtered out personal information from data sold to third parties, and of intercepting data it had no business to access.
In a 20-page ruling on Tuesday, District Judge James Holderman of the United States District Court for the Northern District of Illinois granted the two plaintiffs the class action status they had been seeking. The ruling means that any individual who downloaded and installed comScore's tracking software on their systems after 2005 now has a claim against the company.
"We sought certification of two classes," said Jay Edelson, the lawyer representing the two named individuals. "The larger class consists of essentially all of the millions of people who downloaded comScore software since 2005. The subclass consists of a subset of the primary class who downloaded comScore software during a specific time frame and but were never provided a functional hyperlink to the user agreement describing how the software worked."
The court granted class certification with regard to all of the primary claims pertaining to violations of the SCA, ECPA and CFAA he said. Under the SCA and ECPA each class member would be entitled to a maximum of $1,000 in statutory damages, he said.
The judge, however, denied class action status for a third claim relating to unjust enrichment against comScore.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have. All Privacy White Papers | Webcasts