The last two weeks have brought two important decisions in the ongoing litigation over behavioral advertising firm NebuAd’s alleged use of a device to intercept data from ISP networks. Several ISPs allegedly permitted NebuAd to install an “appliance” on their networks in order to collect and analyze subscriber data for ad targeting purposes. In lawsuits that began to be filed in 2008, plaintiffs have alleged that NebuAd–and the ISPs with which it allegedly partnered– violated Title I of the Electronic Communications Privacy Act (i.e., the Wiretap Act) as well as other federal and state laws. Plaintiffs have sued the ISPs in separate suits around the country. Two of these suits–against ISPs Embarq and WideOpen West (“WOW”)–yielded decisions in favor of the ISPs last week.
The Northern District of California issued two key rulings last week in denying in part a motion to dismiss in In re Google Inc. Street View Electronic Communications Litigation, a consolidated action arising out of Google’s acknowledged interception of “payload data,” including emails, usernames, password, and other private data, from unencrypted home wireless networks using technology installed on Google’s Street View vehicles.
First, in a matter of first impression Judge Ware rejected Google’s argument that its interception of Wi-Fi communications content was not restricted by the Wiretap Act (Title 1 of the Electronic Communications Privacy Act or ECPA), due to a “readily accessible to the general public” exception contained in the statute. Instead, the court held that this exception applies only to communications using traditional radio broadcast technology. Significantly, Judge Ware distinguished Wi-Fi technology from traditional radio services, which presumptively are intended to be public, instead likening Wi-Fi to cellular technology, in that both are designed to send communications privately. The court also held that plaintiffs’ Wiretap Act claim was plausibly pleaded, meaning that the litigation will continue beyond Google’s motion to dismiss.
In a recent order, Judge Henderson of the District Court for the Northern District of California denied NebuAd Inc.’s motion to dismiss in Valentine v. NebuAd Inc., No. C08-05113 TEH, finding that plaintiffs had sufficient statutory standing to assert claims under the California Invasion of Privacy Act (“CIPA”) and the California Computer Crime Law (“CCCL”) and that these claims were not preempted by the federal Electronic Communications Privacy Act (“ECPA”).
With respect to standing, the Court found that the California Legislature did not intend to limit the right of action under CIPA and CCCL to in-state plaintiffs, and, thus, the out-of-state plaintiffs in this action could bring suit again a California defendant (NebuAd). (Notably, this analysis pertained to standing under these specific California statutes, not the Article III constitutional standing that was at issue in the recent RockYou decision, which we wrote about here). On the preemption issue, the Court rejected the Central District of California’s holding in Bunnell v. Motion Picture Ass’n of Am. that ECPA preempted a CIPA claim. Instead, the Court said it was more persuaded by the California Supreme Court’s contrary holdings that ECPA does not preempt CIPA in People v. Conklin and Kearney v. Salomon Smith Barney.
Today the District Court for the Northern District of Alabama dismissed the class action lawsuit filed against our client, Cable One, Inc., for lack of subject matter jurisdiction because the named plaintiff lacked standing. The litigation arose out of a limited test of NebuAd Inc.’s “deep packet inspection” technology, which was used to…
The United States District Court for the District of Montana has dismissed [PDF] several class action claims against the Internet service provider Bresnan Communications arising out of its partnership with the controversial (and now defunct) online advertising firm NebuAd.
Bresnan subscribers alleged that the ISP allowed NebuAd to test a system to profile subscribers’ online activity using deep packet inspection (“DPI”) for the purpose of serving targeted ads. The system allegedly enabled NebuAd to (1) intercept and read essentially all subscriber communications transmitted over Bresnan’s network and (2) set cookies by forcing users’ browsers to send requests to a NebuAd server. The plaintiffs pleaded claims under the Wiretap Act and the Computer Fraud and Abuse Act (“CFAA”) as well as several state law claims. The court dismissed the Wiretap Act and a state law claim, finding that the plaintiffs had impliedly consented to any interception and had no reasonable expectation of privacy in the contents of their communications. The court pointed to statements in Bresnan’s privacy notice and subscriber agreement that disclosed the possibility of tracking.