Lawsuit Alleges Online Cookies Violate the Federal Wiretap Law

By Kerrie Spencer, staff writer – October 18, 2011

For those that rarely, if ever, log out of Facebook and go to other sites from their profile page, they may get to see what their friends are reading thanks to browser cookies. One wonders if this is creepy or convenient. And is this matter just interesting or is it illegal?

To begin with, there is not a whole lot of privacy left anywhere on the Internet. In fact, if you do not want your face, vital statistics, likes, dislikes, employment woes and family issues broadcast all over the web, then it is best to not join social media sites. While the older crowd may appreciate their privacy, and approach social media and websites with some degree of caution, it seems the younger crowd does not care if their privacy is breached or not, which is a frightening thing given the number of security breaches and predators online these days.

The overarching question at the end of the day is will there be a legal issue about cookies and the latest super cookies. Furthermore, does the use of browser tracking cookies contravene federal wiretap laws? While the answer to this question might logically be no, the courts sometimes rule differently.

The lawsuit has been filed by a regular Facebook user and claims a class of 150 million people. With 150 million people, the damages range from hundreds to thousands of dollars per member of that class. And the reason for this lawsuit? The reason is that Facebook allegedly violated wiretap laws by recording the plaintiff’s online browsing history when he was not logged into the site. [1]

The lawsuit, filed in Kentucky, says in part that Facebook puts tracking cookies on its users’ browsers that follow their Internet activity. This might not come as much of a surprise to veteran computer users who know full well that many sites have tracking cookies to follow what they do online to provide them with other sites they may be interested in.

Whether the individual is shopping for music or law books, the site the surfer is on will record what they look at. This should come as no surprises, as privacy while shopping often does not exist either. But is this illegal? Is it any more intrusive than your favorite brick and mortar bookstore keeping an e-record of the kind of books you like?

The Kentucky plaintiff, David Hoffman, is not only asking for class action status, but a preliminary and temporary injunction restraining Facebook from capturing e-information when users are not online and from revealing any of the information it already has. The plaintiff is also seeking $100 a day for every member of the class, or $10,000 per violation and punitive damages. To be clear, the lawsuits filed in this and other similar cases are filed under a provision of the federal Wiretap Act that bans intercepting wire, verbal or e-communications. [2]

The issue of privacy online is starting to become a hot button, as the Kentucky case is not the only one filed within the last month or so. There are others to be found in Louisiana, California and Kansas. [3] The only slightly different thing about the Kansas lawsuit is that the lead plaintiff happens to be an attorney. And here is where things get a bit questionable.

Legal pundits have been watching these cases take shape and are somewhat doubtful that they will get much traction, largely because the courts have already looked at the issue of whether or not browser cookies are wiretaps. The court’s findings have been that browser cookies are not wiretaps. Furthermore, in the few cases that did make their way to a trial, the plaintiffs could not prove any harm and therefore lost their case.

Up to this point, the issue has been about online browsing. The Kentucky suit makes a distinction and says the browser cookies tracked users’ histories while they were not logged into the site. In other words, they were offline. This may well be a differentiating factor, and it seems the plaintiff in the Kentucky case feels it is a relevant distinction and shows how the site is breaching wiretap laws. However, the plaintiff here may have the same struggle as others have had, should the courts rule that cookies are not wiretaps and they do no harm.

What does Facebook have to say about these lawsuits? Facebook did admit that three of their cookies on some people’s computers “inadvertently included unique identifiers” when the users logged out, but that they did not keep the identifiers for tracking or anything else. [4] One wonders why there are cookies with unique identifiers and how they get included on some computers but not all. Only time will tell in these cases if this issue creates new laws.

What people seem to be missing is that there are a huge number of retailers, governments, social media sites and the like that are watching people’s online activities. They can read what people write, vicariously look at purchases, reading and music habits, and see what bad habits or vices you engage in online. If that does not scare Internet users, it should. There is such a thing as too much information being given to complete strangers without the knowledge of what will be done with this data. Instances of potential identify theft or blackmail can only increase.

The final question then becomes whether these creepy cookies that track browser history while users are offline violate federal wiretap laws. And to be clear, there is a distinction between the cookies mentioned in this article and the latest super cookies that provide another way to track what people are doing while in the privacy of their home or office, except all privacy is now gone.

These super cookies cannot be detected by users, which should really make every Internet surfer uneasy as these cookies have the ability to recreate users’ profiles after they have cleared their caches and deleted the regular cookies. [5] Just imagine for a moment what this could mean.

Two sites that are already using super cookies are Hulu and MSN. When these sites are loaded, a super cookie file keeps your personal information even when erased. Just about everyone uses MSN or has the site as their home page.

And therein is the irony of the lack of privacy that so many seem to take for granted. Rather than standing up for our right to privacy, millions have ceded their right to electronic, faceless giants with hardly any clue about what those firms or entities are doing with their information. Many do not seem to care.

Nine privacy groups, including the American Civil Liberties Union, have sent a joint missive to the Federal Trade Commission strongly suggesting that it needs to investigate how Facebook gathers online user data, particularly because of the latest round of changes on the site. Our ever-increasing need to being online for socializing, shopping, and reading could end up compromising our privacy rights otherwise.

Sources
[1] http://abovethelaw.com/2011/10/did-facebook-illegally-wiretap-150-million-people-maybe-probably-not/

[2] http://online.wsj.com/article/SB10001424053111903480904576508382675931492.html#ixzz1amNaPEIj

[3] http://abcnews.go.com/US/wireStory/kan-man-sues-facebook-privacy-issues-14684683 and http://abovethelaw.com/2011/10/did-facebook-illegally-wiretap-150-million-people-maybe-probably-not/

[4] http://abovethelaw.com/2011/10/did-facebook-illegally-wiretap-150-million-people-maybe-probably-not/ and http://online.wsj.com/article/SB10001424053111903480904576508382675931492.html#ixzz1amNaPEIj

[5] http://abcnews.go.com/US/wireStory/kan-man-sues-facebook-privacy-issues-14684683

Background Research
http://www.monnat.com/Publications/Wiretap.pdf

http://www.cdt.org/privacy/20080708ISPtraffic.pdf

The SEO | Law Firm™ Legal News Center extends editorial freedom to their staff writers; thus the views expressed in this column may not reflect the views of SEO | Law Firm, Seolawfirm.com, Adviatech Corp., or any of its holdings, affiliates, or advertisers.