Turn, Verizon Battle Users Over 'Supercookies'

Ad company Turn is urging a federal appellate court to leave in place an order sending a lawsuit over mobile tracking to arbitration.

The legal dispute dates to last year, when Verizon Wireless subscribers Anthony Henson and William Cintron alleged in a class-action complaint that Turn violated a consumer protection law prohibiting deceptive practices.

Henson and Cintron alleged that Turn wrongly used a controversial technology that enabled it to track consumers for online ad purposes, even when people deleted their cookies. The allegations centered on Verizon's "supercookies" -- headers, called UIDHs, that Verizon previously injected into all unencrypted mobile traffic.

Those headers -- 50-character alphanumeric strings -- enabled ad companies to compile profiles of users and serve them targeted ads. The UIDHs also are known as “zombie” cookies, or "supercookies" because they allow ad companies to recreate cookies that users delete.

In March, U.S. District Court Judge Jeffrey White in the Northern District of California sent the matter to arbitration. White said at the time that he agreed with Turn that the consumers' allegations were closely connected to their subscriber agreements with Verizon -- which call for arbitration of all disputes.

Henson and Cintron recently asked the 9th Circuit to reverse that ruling, arguing that their arbitration agreements were with Verizon, not Turn.

Turn opposes that request, arguing that the allegations are based on "interdependent and concerted conduct" by itself and Verizon.

"Verizon cooperated in Turn’s use of the UIDH for the express purpose of delivering tailored advertisements to its subscribers," Turn argues in papers filed Wednesday with the 9th Circuit Court of Appeals. "Indeed, Turn would never have used the UIDH had it not partnered with Verizon to deliver tailored Internet ads to petitioners as part and parcel of petitioners’ Verizon mobile Internet service."

Turn also asserts that Verizon Wireless consumers agreed to the company's ad-targeting program by accepting the subscriber agreements. "Petitioners’ subscriber agreements expressly provided for delivery of tailored advertising programs by third parties like Turn, and that Verizon vetted how its data would be incorporated into Turn’s platform for use in its advertising programs," the company writes.

Verizon, while not a defendant in the case, is also asking the 9th Circuit to leave the arbitration order in place.

"If this litigation persists in federal court, Verizon necessarily will be forced to participate, and the meaning of its terms of service with petitioners will be squarely at issue," the company argued in a friend-of-the-court brief filed Wednesday. "Litigation will thus subject Verizon to precisely the burdens that it contracted with petitioners to avoid."

Verizon used the controversial headers for ad targeting since 2012, but didn't disclose their existence in its privacy policy until last year.

The company has always allowed people to opt out of receiving targeted ads powered by its own ad programs, but didn't initially allow them to avoid header insertions. Last year, Verizon changed its policies to allow people to opt out of the header injections. In October, Verizon again narrowed the program by deciding to only send the header to Verizon companies, including AOL.

Verizon initially said that ad networks weren't likely to draw on the headers in order to compile profiles of Web users. But in January of 2015, researcher Jonathan Mayer -- who is now with the FCC -- reported that the ad network Turn drew on Verizon's headers to collect data and send targeted ads to mobile users who delete their cookies.

When news about Turn's use of the headers first emerged, the company acknowledged drawing on the headers for ad targeting and defended the practice on the grounds that it uses the “most stable identifier” possible.

But several days later, Turn said it had re-evaluated and would stop using Verizon's headers to target ads.

Turn also said it honors the industry's self-regulatory code and doesn't serve targeted ads to users if their cookies reveal that they opted out via links at sites operated by the self-regulatory groups Network Advertising Initiative or Digital Advertising Alliance. But when privacy-conscious users clear their cookies, they also delete the opt-out cookies installed by the DAA and NAI.

The ad company also said it doesn't serve targeted ads to people who opt out via its own link, or Verizon's opt-out mechanism. (Verizon's mechanism can persist even when users delete their cookies, according to Turn.)

Earlier this year, the Federal Communications Commission fined Verizon $1.35 million to settle an investigation surrounding the headers. That investigation focused on whether Verizon violated the Communications Act's privacy provisions -- which require carriers to protect customers' "proprietary information" -- and whether the company violated a 2010 net neutrality rule requiring disclosure of broadband management practices.

Next story loading loading..