Two consumers who are suing Turn for allegedly violating the privacy of Verizon subscribers are asking an appellate court to reject the ad company's argument that the case belongs in arbitration.
New York residents Anthony Henson and William Cintron argue in court papers filed Friday that their contract with Verizon -- which calls for arbitration of disputes -- doesn't apply to their dispute with Turn.
The legal battle dates to last year, when Henson and Cintron alleged in a class-action complaint that Turn violated a consumer protection law prohibiting deceptive practices. Henson and Cintron, who say they are Verizon Wireless customers, alleged that Turn wrongly used a controversial technology that enabled it to track consumers for online ad purposes, even when people deleted their cookies. The allegations centered on Verizon's "supercookies" -- headers, called UIDHs, that Verizon previously injected into all unencrypted mobile traffic.
Those headers -- 50-character alphanumeric strings -- enabled ad companies to compile profiles of users and serve them targeted ads. The UIDHs also are known as “zombie” cookies, or "supercookies" because they allow ad companies to recreate cookies that users delete.
In March, U.S. District Court Judge Jeffrey White in the Northern District of California granted Turn's request to send the matter to arbitration. White said at the time that he agreed with Turn that the consumers' allegations were closely connected to their subscriber agreements with Verizon -- which call for arbitration of all disputes.
Henson and Cintron recently asked the 9th Circuit to reverse that ruling, arguing that their arbitration agreements were with Verizon, not Turn.
Turn is opposing that request. The company argued in papers filed last month that the class-action allegations stem from "interdependent and concerted conduct" by itself and Verizon.
Turn added that Verizon's contract with subscribers included information about the company's targeted ad programs.
Henson and Cintron counter that Verizon's subscriber agreement "does not permit, contemplate, or suggest the deployment of [a] zombie cookie scheme."
They add, "Verizon disclosing the use of UIDHs is hardly the same as Turn disclosing that it will repopulate deleted history and cookies on a user’s device."
Initially, Verizon didn't let its subscribers opt out of the header insertions. Last year, faced with pressure from lawmakers, Verizon revised its policies to allow opt-outs. The company later narrowed the program by saying it would only send the header to Verizon companies, including AOL.
Verizon initially predicted that ad networks weren't likely to draw on the headers in order to compile profiles of Web users. But in January of 2015, researcher Jonathan Mayer -- who is now with the FCC -- reported that the ad network Turn drew on Verizon's headers to collect data and send targeted ads to mobile users who delete their cookies.
Turn no longer users the headers for ad targeting.
The company has consistently said it honors the industry's self-regulatory code and doesn't serve targeted ads to users if their cookies reveal that they opted out via links at sites operated by the self-regulatory groups Network Advertising Initiative or Digital Advertising Alliance. But when users clear their cookies, they also delete the opt-out cookies installed by the DAA and NAI.
Turn also said it doesn't serve targeted ads to people who opt out via its own link, or Verizon's opt-out mechanism. (Verizon's mechanism can persist even when users delete their cookies, according to Turn.)
Earlier this year, the Federal Communications Commission fined Verizon $1.35 million to settle an investigation surrounding the headers. That investigation focused on whether Verizon violated the Communications Act's privacy provisions -- which require carriers to protect customers' "proprietary information" -- and whether the company violated a 2010 net neutrality rule requiring disclosure of broadband management practices.
The FCC is now considering rules that would require Verizon and other broadband service providers to obtain users' opt-in consent before sharing or using data about their Web activity to target ads. The agency is expected to vote on those rules later this month.