NebuAd Deep Packet Inspection Lawsuits Sputter — Deering v. CenturyTel & Green v. Cable One
[Post by Venkat Balasubramani]
The alleged monitoring and use of ISP subscribers’ internet activity for advertisement targeting purposes by NebuAd spawned a slew of class actions. NebuAd shut down, leaving plaintiffs to go after the individual ISPs who partnered with NebuAd. (“Turning Out The Lights: NebuAd.”) Plaintiffs have not had much luck with their claims against the ISPs.
In Mortensen v. Bresnan, the court dismissed the ECPA and state law privacy claims but left the Computer Fraud and Abuse Act claims intact. (“Deep Packet Inspection (NebuAd) Litigation: Court Dismisses ECPA Claim but CFAA Claim Continues.”) As an update to that case, the court ruled that the claims were not subject to arbitration, but the defendant-ISP moved for reconsideration of this ruling in light of AT&T Mobility LLC v. Concepcion, the recent Supreme Court case where the Court held that the Federal Arbitration Act preempts state law unconscionability arguments which are applied disproportionately to invalidate arbitration agreements. You can access the motion for reconsideration here.
Deering v. Centurytel, Inc.: In Deering, the court came to the same conclusion as it did in Bresnan, dismissing the privacy and ECPA claims on the basis of the end user agreement. The court notes that as in Bresnan, the ISP here:
also provided notice of the NebuAd agreement. Specifically, an email to its subscribers was sent informing them that the Privacy Policy had been updated and providing a link to the updated Privacy Policy. Under the heading, “Online Advertising and Third Party Ad Servers,” CenturyTel customers were notified that “CenturyTel partners with a third party to deliver or facilitate delivery of advertisements to our users while they are surfing the web. This delivery of advertisements may be facilitated by the serving of ad tags outside the publisher’s existing HTML code. These advertisements will be based on those users [sic] anonymous surfing behavior while they are online.” . . . CenturyTel customers were further notified of their right to opt out of receiving targeted advertisements by clicking on an imbedded link. The “Online Advertising and Third Party Ad Servers” section also contained a link to NebuAd’s website.
I’m a little stumped by the court’s reliance on the language in the privacy policy. The court cites to CenturyTel’s privacy policy which at the time said that:
personal information collected [by CenturyTel] may include, without limitation, name, address, telephone number, personal computer specifications, e-mail address, user IDs and passwords, billing and transaction information, credit card information, and contact preferences.
It looks like this describes information collected by CenturyTel, as well as information provided to CenturyTel by its users. But it still doesn’t come out and say that CenturyTel or a third party track the contents of users’ communications. As described by the court, the policy also had standard “cookies and web beacons” language which made clear that CenturyTel used cookies and web beacons to target. This would put users on notice that their clickstream would be used for targeting purposes, but would not alert them to the fact that their traffic is being routed through a third party server or that the contents of their web surfing activity would be exposed to a third party (which is what NebuAd is accused of doing).
CenturyTel sent an email to its users alerting them of an update to CenturyTel’s privacy policy, but the email only said that “advertisements will be based on . . . [the] anonymous surfing behavior” of end users.” The court does not cite to the NebuAd agreement, but nothing in the CenturyTel disclosures look like they clearly state that the contents of users’ communications would be viewable and accessible by a third party. The use of “anonymous surfing” language if anything would tend to minimize the effect of any disclosures in the NebuAd agreement or would create a conflict between the two. How exactly NebuAd was monitoring and targeting is not clear, but the disclosure could have certainly been much clearer, and the court doesn’t delve into the details here.
More than anything, this ruling seems to reflect the court’s antipathy towards privacy class actions or the motivations behind them. The subtext of the ruling is that there is no “there” there. The notice provided by the ISPs and NebuAd may not have been perfect, but the court had to be influenced by the fact that the plaintiffs were told about some monitoring and given the ability to opt-out. No one took advantage of this or alleged that they followed up.
The court also has harsh words for plaintiff’s counsel, finding that it is “telling, and somewhat troubling” that the plaintiff did not mention the Bresnan case, “even though the same lawyers appear to have filed very similar complaints in these cases.”
Green v. Cable One: In addition to Bresnan and CenturyTel there’s another NebuAd case where plaintiff’s claim went sideways (this happened in late February and I missed it at the time). In Green v. Cable One, plaintiff brought claims against Cable One based on alleged monitoring by NebuAd. According to a post at Wildman Harrold, here’s what happened next:
Plaintiff filed a motion for class certification in August 2010. Cable One served a demand to copy and inspect plaintiff’s computer. The plaintiff then voluntarily dismissed with prejudice three of the four claims that depended upon allegations of harm/damage, leaving only the claim for violations of the ECPA remaining. (Dkt 43, October 2010). On November 9, 2010, the named plaintiff Green was deposed. During that deposition, he testified that he only accessed his Cable One account from one computer/IP address located in Alabama. Cable One’s records revealed that the Internet subscription had been canceled for that home address on November 19, 2007, one day before the NebuAd ad serving technology went into use by Cable One.
Cable One filed a motion to dismiss for lack of standing. In response, plaintiff filed a “non-opposition” with a curious explanation:
Plaintiff conferred with Defendants in effort to reach a stipulation on the Motion to Dismiss in an effort to minimize the use of judicial resources. Defendants requested the Plaintiffs file a Notice of Non-Opposition instead. Therefore, Plaintiff submits this Notice of Non-Opposition to Defendant’s Motion to Dismiss.
Say what? The fact that the named plaintiff dismissed a chunk of the claims in response to a request to inspect plaintiff’s computer is telling. The fact that plaintiff agreed to dismiss the claims in their entirety when Cable One argued that plaintiff cancelled his Cable One subscription the day before NebuAd filtering was implemented just demonstrates that (assuming what Cable One says its true), there was no way that plaintiff could have suffered any harm as a result of the alleged filtering. This points in the direction that courts’ skepticism towards these lawsuits may be entirely warranted.