The United States District Court for the District of Montana has dismissed [PDF] several class action claims against the Internet service provider Bresnan Communications arising out of its partnership with the controversial (and now defunct) online advertising firm NebuAd.
Bresnan subscribers alleged that the ISP allowed NebuAd to test a system to profile subscribers’ online activity using deep packet inspection (“DPI”) for the purpose of serving targeted ads. The system allegedly enabled NebuAd to (1) intercept and read essentially all subscriber communications transmitted over Bresnan’s network and (2) set cookies by forcing users’ browsers to send requests to a NebuAd server. The plaintiffs pleaded claims under the Wiretap Act and the Computer Fraud and Abuse Act (“CFAA”) as well as several state law claims. The court dismissed the Wiretap Act and a state law claim, finding that the plaintiffs had impliedly consented to any interception and had no reasonable expectation of privacy in the contents of their communications. The court pointed to statements in Bresnan’s privacy notice and subscriber agreement that disclosed the possibility of tracking.
However, the court declined to dismiss the CFAA claim, allowing the threshold $5,000 in damage or loss required under the CFAA to be aggregated across the putative class (which the plaintiffs contend consists of “thousands of individuals”). Bresnan is one of six putative class actions that have arisen out of NebuAd’s partnerships with ISPs.