ISPs Avoid Class Action for ‘Targeted Ad Spyware’

It looks like two Internet service providers accused of installing spyware on their customers' computers in order to serve up ads to them will not have to worry about a class action suit filed against them going any further, according to this Courthouse News report. The 10th Circuit Court has ruled that a class action lawsuit filed by Kathleen and Terry Kirch will not go forward because the plaintiffs failed to prove that two Internet providers secretly installed spyware on their broadband networks to facilitate targeted online advertising.

Kathleen and Terry Kirch sued Embarq Management and United Telephone Co. of Eastern Kansas for violation of the Electronic Communications Privacy Act (ECPA) in 2010. Doing business as CenturyLink, the Delaware-based companies were accused of redirecting Internet users to a third-party advertiser called NebuAd. The spyware, which was tied to users' Internet Service Provider (ISP) addresses, left undeletable tracking cookies and could not be detected through individual privacy or security settings, according to the complaint.

Embarq and United countered that it did not have access to user profiles or data collected by NebuAd and also said that the Kirches consented to any alleged interception by agreeing to its privacy policy. Any acquired user communications would have occurred only in the ordinary course of ISP business activities, the providers said.

A Kansas City federal judge granted the providers summary judgment in 2011, ruling that the companies had not intercepted the Kirches' communications. That court also rejected an argument that the providers could be liable on a theory of aiding and abetting NebuAd, ruling that the Kirches had consented to any interception by agreeing to the terms of their providers' privacy policy. The 10th Circuit affirmed last week.

"Like the district court, we need not address whether NebuAd intercepted any of the Kirches' electronic communications," Judge Harris Hartz wrote for a three-member panel. "Because the ECPA creates no aiding-and-abetting civil liability, Embarq is liable only if it itself intercepted those communications."

"Although NebuAd acquired various information about Embarq users during the course of the technology test, Embarq cannot be liable as an aider and abettor," Hartz wrote. "It was undisputed that Embarq's access to that information was no different from its access to any other data flowing over its network. Because this access was only in the ordinary course of providing Internet services as an ISP, this access did not constitute an interception within the meaning of the statute."

You can read the full judgment here.

Source: Courthouse News

"Eyeball spy character" © 2013 Kar / Shutterstock. All rights reserved, used with permission.

Tweet about this on TwitterShare on FacebookShare on Google+Share on RedditEmail this to someone