Handing a victory to LinkedIn, a federal judge has dismissed a potential class-action lawsuit alleging that the social networking service failed to deploy adequate
measures to secure users' log-in credentials.
U.S. District Court Judge Edward Davila ruled on Tuesday that the users couldn't proceed with their case against LinkedIn because they hadn't
shown any economic injury. The dismissal was without prejudice, meaning that the users can revise their complaint and file it again.
The case dates to last year, when users Katie Szpyrka
and Khalilah Wright alleged that the service didn't use basic encryption techniques to secure personally identifiable information. Last June, hackers breached the company's servers, and then posted 6
million users' passwords online.
Szpryka and Wright argued that LinkedIn violated its privacy policy by using sub-par encryption methods. The company says in its privacy policy that it
protects users' information using "industry standard protocols and technology," according to the complaint.
The consumers, who both say they paid for premium accounts, argued that they
wouldn't have done so if they had known about LinkedIn's "substandard security procedures." They argued that they suffered an economic loss as they didn't receive the security features they assumed
were purchased with their membership fees.
But Davila disagreed with their contention that they paid membership fees in exchange for security measures, noting that LinkedIn's privacy policy
was the same for paying and non-paying members.
"Any alleged promise LinkedIn made to paying premium account holders regarding security protocols was also made to non-paying members," he
wrote. "Thus, when a member purchases a premium account upgrade, the bargain is not for a particular level of security, but actually for the advanced networking tools and capabilities to facilitate
enhanced usage of LinkedIn's services."
Wright also alleged that she is at risk of future harm because her password was among the ones posted online. But Davila rejected that theory, ruling
that Wright didn't show she had suffered a "legally cognizable injury," such as identity theft.