Customers Sue ISP For Installing NebuAd 'Spyware,' Offering Defective Opt-Outs
Two Embarq customers have filed a new privacy lawsuit against the Internet service provider for allegedly funneling information about their Web activity to defunct behavioral targeting company NebuAd.
Embarq was one of six ISPs that allowed NebuAd to use deep packet inspection technology in 2007 and 2008 to monitor subscribers' Web activity and serve targeted ads based on the data collected.
The subscribers allege that Embarq's arrangement with NebuAd violated their privacy because it marked an "intrusion upon the solitude and seclusion of users' private affairs that would be highly offensive and objectionable to a reasonable person." The lawsuit also alleges that Embarq violated a federal wiretap law and an anti-hacking law.
Embarq, along with CenturyTel, Knology, Cable One, Bresnan and Wide Open West, previously convinced U.S. District Court Judge Thelton Henderson in the northern district of California to dismiss a similar lawsuit against them because they had no ties to that state. The new case against Embarq was brought in Kansas, where the company is headquartered.
Last month, Illinois resident Dan Valentine filed a similar lawsuit against Wide Open West.
NebuAd's entry into behavioral targeting spurred a privacy backlash that culminated in congressional hearings in 2008. After the controversy erupted, ISPs suspended deals with NebuAd, which shuttered last year. Privacy advocates say that ISP-based ad targeting threatens privacy more than older forms of targeting because broadband companies have access to users' entire Web histories -- including search queries, activity at non-commercial sites and the like. Older behavioral targeting companies only track users at a limited number of sites within a network.
NebuAd, which also faces a class-action privacy lawsuit, consistently denied infringing on users' privacy. The company said that all data collected was anonymous because it didn't know users' names or phone numbers or keep copies of the IP addresses associated with users. NebuAd also said that it did not collect sensitive data, and that users could opt out of the platform.
The latest lawsuit against Embarq alleges that the company misled Congress by denying that NebuAd collected personally identifiable information. The complaint argues that the identifiers used by NebuAd to track users can be used to identify individuals, similar to telephone numbers, street addresses, or signals from global positioning systems.
The lawsuit also alleges that Embarq's mouseprint notice to consumers informing them about the NebuAd program and allowing them to opt out was deficient for several reasons, including that Embarq didn't offer users a way to prevent NebuAd from monitoring their Web activity. Instead, the opt-out allegedly "only affected whether users saw ads delivered by NebuAd."