Lawsuit Alleges Interclick 'History Sniffing' Violates Fed Computer Fraud And Wiretap Laws
- by Wendy Davis @wendyndavis, December 9, 2010
A New York resident sued behavioral targeting network Interclick for allegedly using Flash cookies and history-sniffing techniques to thwart her attempts to prevent online tracking.
"Interclick invaded Plaintiff's privacy, misappropriated her personal information, and interfered with the operability of her computer," Sonal Bose alleges in a complaint filed in U.S. District Court in New York on Wednesday. Bose alleges that Interclick violated federal computer fraud laws as well as wiretap laws. She is seeking class-action status.
Her lawsuit -- the latest in a series of recent court cases alleging privacy violations -- comes one week after Federal Trade Commission consumer protection head David Vladeck criticized ad networks for "history sniffing" by exploiting a vulnerability in browsers to discover the Web sites users previously visited.
Researchers from the University of California, San Diego recently brought the history-sniffing technique to light when they published a paper explaining the technique and naming 46 Web sites where history-sniffing technology was being deployed. In at least some cases, ad company Interclick reportedly used the technology without the publishers' knowledge. Late last week, two other Web users brought the first history-sniffing lawsuit -- a case against YouPorn.
Bose says in her complaint that she believes she was subject to history-sniffing by Interclick based on reports about Interclick's activities, its role as "a major online ad network," and the existence on her computer of an Interclick.com Flash cookie.
Bose also alleges that Interclick "monitored her web browsing in ways she would not expect or detect" by recreating HTTP cookies with Flash cookies -- which are stored in a different place in the browser, and therefore, require additional effort to control. Interclick did so in order to "track, profile, and serve targeted advertisements to consumers without being subject to the controls consumers reasonably expected to have over such third-party interactions on the Internet," she alleges.
Measurement company Quantcast and widget maker Clearspring recently agreed to pay $2.4 million to settle two class-action lawsuits alleging that they violated people's online privacy by using Flash cookies for tracking.
The use of Flash cookies to track users who delete HTTP cookies appears to date to 2005, when ad technology company United Virtualities publicly said it could track Web users through a "pie," or persistent identification element," that would remain on people's computers regardless of whether they shed HTTP cookies.
But the technique didn't draw much public notice until last year, researchers at the University of California, Berkeley and other schools published a report outlining the practice. Shortly afterward, some Federal Trade Commission officials said they were concerned about the use of Flash for tracking purposes.
Bose's lawyers include Dallas-based lawyer Joseph Malley and New York-based attorney Scott Kamber, both of whom have filed other high-profile privacy lawsuits against a variety of Web companies.
I don't understand why marketing has to be such an adversarial pasttime? Asking users for permission and providing some kind of incentive for them to do so would avoid problems like this and may work much better.
Why keep treating consumers like cattle to be herded and slaughtered? Well, that image may have been carried a little too far, but really; users get no respect or consideration in most marketing and then agencies wonder why everyone is upset about a browser cookie?
IMO, partnering with users and sharing with them some of the funds used for advertising would be a very positive move that should lead to much more targeted promotions and greatly reduced ad spend by reducing waste.
Whether they stopped it in October or not DOES NOT excuse them from their activities...it seems entirely too convenient that they stopped their "test" so recently and in such a close timeframe to these lawsuits. While they aren't the only one (ad network) to deploy such underhanded practices, obviously they are the most public.
And wasn't one of their platform's core technologies based on using flash "cookies" to track user's trends and habits? I remember reviewing some of their materials regarding obtaining funding awhile ago (a friend showed them to me) and one of their key points that their funding depended was use of such technology for exactly this purpose.
I think a full audit needs to be performed on behavioral ad networks as a whole. Just as emails are now an "opt-in" medium, so should online advertising. Using our information without our consent is not only a violation of privacy but in many ways illegal. Ad networks must be held accountable for their actions.
They (interclick) has already admitted to using these practices without anyones permission for over 8 months, thus admitting guilt. Now comes the restitution. Make an example of them so that others know just how much trouble they can get into. (settlement should be no less than in the mid 8 figures and a class action lawsuit filed on behalf of web surfers)
Then go after the other networks.