LinkedIn users who are suing the company for allegedly “hacking” into their email are asking a judge to reject the social-networking service’s contention that it obtained users' permission to access their email contacts.
In new court papers, the users say LinkedIn made only “cryptic disclosures” before harvesting email addresses and sending invitations to those contacts. They argue that those minimal disclosures didn't alert them to LinkedIn's plan to send solicitations to their contacts.
“Accepting LinkedIn’s theory of consent -- that a few cryptic disclosures on a Web site provide LinkedIn the right to harvest users' email addresses and broadcast users’ persona to hundreds of people -- offends the principles enunciated in privacy laws,” the users argue in papers filed last week with U.S. District Court Judge Lucy Koh in San Jose, Calif.
The lawsuit dates to September, when a group of users sued LinkedIn for allegedly “hacking” into their email accounts and accessing their contacts. The users, including a former ad sales executive for The New York Times, allege that LinkedIn asked them to provide an email address when they signed up for the service, and then proceeded to harvest the email addresses of everyone they had ever exchanged messages with. The consumers -- all Gmail users -- say LinkedIn never requested their passwords, but was nonetheless able to retrieve addresses of thousands of their contacts.
Last month, LinkedIn asked Koh to dismiss the case on the grounds that the users consented to the company's actions. LinkedIn said in
its court papers that users must click through two different “permission screens” -- one of which says “allow” and one of which says “add connections” -- before it
imports information about their address books.
“Any reasonably prudent Internet user who reviewed these screens would understand that, by clicking buttons labeled 'Allow' and 'Add Connections,' they were consenting to the challenged actions,” the company said in a recent motion to dismiss the lawsuit. The consumers say LinkedIn violated federal wiretap laws, as well as California state laws.
LinkedIn acknowledged in its papers that users who are signed in to Gmail don't have to provide their passwords for LinkedIn to access their email contacts. But the company said that those signed-in users are “presented with a second permission screen from Google,” which tells them that LinkedIn is requesting information from their accounts.
The LinkedIn users counter in papers filed last week that the company deceived them by promising not to “email anyone without your permission.” They add that the service never said it would access external email accounts. “A reasonable person would not find LinkedIn’s welcome screens evidence consent for LinkedIn to download data on everyone a user has ever emailed or been emailed by,” the users argue.