In a mixed decision, a federal judge has ruled that Bresnan Communications subscribers can proceed with a lawsuit alleging that the Internet service provider's partnership with behavioral targeting company NebuAd violated the federal computer fraud law. But U.S. District Court Judge Richard Cebull in Montana also dismissed the consumers' allegations that Bresnan violated federal wiretap law, ruling that subscribers consented to NebuAd's platform by failing to opt out of the program.
"Plaintiffs did know of the interception and through their continued use of Bresnan's Internet service, they gave or acquiesced their consent to such interception," Cebull wrote in an opinion quietly issued last week. Cebull specifically noted that Bresnan made information about NebuAd available online, along with a link for people to opt out of the platform.
Bresnan was one of six ISPs that allowed NebuAd to use deep-packet inspection technology to monitor subscribers' Web activity and serve targeted ads based on the data collected. Privacy advocates and lawmakers criticized the company, saying that its technology was more intrusive than older forms of behavioral targeting because ISPs could provide data about everything consumers did online -- including their search activity and visits to non-commercial sites. Older forms of behavioral targeting only collected information from a network of commercial sites.
NebuAd said its data collection was anonymous and that consumers could opt out of the program.
Nonetheless, complaints from lawmakers and privacy advocates spurred other ISPs to cancel tests of NebuAd's platform. The company eventually shuttered. After the details of the tests emerged in congressional hearings, a group of consumers sued all six ISPs and NebuAd for allegedly violating federal and state laws with the program.
Most of the ISPs that tested NebuAd's service only provided notice of the program by quietly revising their online privacy policies -- a method that critics called inadequate, given that consumers had no reason to suspect the change in terms.
Cebull, however, specifically rejected the consumers' arguments that they weren't aware of NebuAd's behavioral targeting platform and therefore, couldn't have consented to it.
He ruled that the company's online subscriber agreement and its privacy notice both put consumers on notice that the company and its agents might monitor people's Web use. In addition, he ruled that Bresnan placed information about NebuAd on its site and a link for users to opt out of the program.
However, Cebull also ruled that the consumers could proceed with their computer fraud claims on the theory that NebuAd's activities on Bresnan's network went beyond what consumers had authorized.
Cebull found that the consumers sufficiently alleged that Bresnan violated the federal computer fraud statute because they argued that the device installed by NebuAd "altered the character of plaintiffs' computers' privacy and security control protocols."
Cebull also ruled that a property-trespass claim could go forward because the consumers sufficiently alleged that Bresnan "interfered with the possession of their personal property."
Lawsuits against other ISPs that worked with NebuAd are pending in various federal courts; a potential class-action case against the defunct behavioral targeting company also remains pending in the Northern District of California.