New Lawsuit Says ISP Installed 'Spyware,' Misled Congress
An Illinois resident has re-filed a privacy lawsuit against the Internet service provider Wide Open West, which worked with now-defunct behavioral targeting company NebuAd.
In papers filed last week in federal district court in Illinois, Dan Valentine alleges that Wide Open West violated a federal wiretapping law and various other statutes by allowing NebuAd to monitor users' Web activity in order to send them targeted ads.
Valentine, who is seeking class-action status, alleges that Wide Open West allowed NebuAd to install "spyware devices" on its network.
"The devices funneled all users' Internet communications -- inbound and outbound, in their entirety -- to a third-party Internet advertisement-serving company, NebuAd," the lawsuit says. "Offering its users little warning and less choice, WOW gave them only tardy and misleading notices and an ineffective opt-out opportunity."
The new case comes two months after U.S. District Court Judge Thelton Henderson in the northern district of California dismissed a similar potential class-action lawsuit against Wide Open West and five other ISPs on the ground that the companies did not have enough ties to California to be hauled into court there. One of the consumers' lawyers, Scott Kamber of KamberEdelson, said at the time that he planned to re-file against the other broadband companies, including Bresnan, CenturyTel, Embarq, Knology, and Cable One.
NebuAd, which also faces a class-action lawsuit, recently shuttered in the face of privacy concerns.
Consumer advocates say that NebuAd's ISP-based presented a far more significant privacy threat than older forms of targeting because broadband companies have access to users' entire Web histories -- including search queries and activity at non-commercial sites. Older behavioral targeting companies only track users at a limited number of sites within a network.
The company's emergence spurred congressional hearings last year, following which NebuAd suspended plans for further tests.
The latest lawsuit alleges that Wide Open West misled Congress last year by denying that NebuAd collected personally identifiable information. The complaint argues that the "unique and persistent" identifiers used by NebuAd to track users are personally identifiable.
"Regardless of whether NebuAd eventually discarded the personally identified content in users' 'raw data,' it identified individual users and maintained behavioral profiles on them," the complaint alleges. "The unique and persistent identifiers NebuAd used to track Users and link their online behavior to its profiles constituted personally identifying information, just as a telephone number constitutes personally identifying information used to contact an individual."
The new lawsuit also charges that for at least one month, Wide Open West deployed NebuAd's technology without providing users any notice.
Internet law expert Venkat Balasubramani of Seattle said he thought a judge might take a dim view of Wide Open West's alleged activities. "I can see courts thinking that these allegations are egregious," he says. He adds that judges might be inclined to believe users' privacy was compromised by virtue of the large volume of data collected. "When you have a situation where an ISP is monitoring every single piece of activity, people view the risk as much greater."
NebuAd consistently denied infringing on users' privacy. The company said that all data collected was anonymous because it didn't know users' names or phone numbers or keep copies of the IP addresses associated with users. NebuAd also said that it did not collect sensitive data, and that users could opt out of the platform.