Feeds

Netizens sue NebuAd, data pimping ISPs

More woe for American Phorm

Top 5 reasons to deploy VMware with Tegile

Fifteen American netizens have sued behavioral ad targeter NebuAd and several of its data pimping ISP partners, alleging wiretapping, packet forgery, and browser hijacking.

Filed Monday in a California federal court, the class action accuses NebuAd and its partners of violating the US Electronic Communications Privacy Act, the US Computer Fraud and Abuse Act, California’s Invasion of Privacy Act, and California’s Computer Crime Law. And that's just a start.

Using deep packet inspection, NebuAd's ISP-level hardware tracks a web surfer's search and browsing activity and shuttles it to various advertising networks, where it's used to target ads. If you search for, say, French vacations, you'll soon see ads for French vacations.

By the late spring, NebuAd had deployed its hardware inside several mid-sized American ISPs. The Silicon Valley outfit claimed these partners explicitly notified customers before turning the system on, but this wasn't always this case. NebuAd did provide a cookie-based opt-out and claimed to anonymize all user data with a one-way hash, but the law may require an opt-in.

In mid-May, after weeks of press coverage, Congress publicly questioned the legality of ISP-level ad targeting, and lawmakers eventually asked all American ISPs to put their data pimping plans on hold. By August, NebuAd had downsized its workforce, and in September, after Congressman Ed Markey accused him "beating consumers," CEO Bob Dykes declined to go down with the ship.

Monday's lawsuit names NebuAd, its Fair Eagle subsidiary, and six ISPs: Bresnan Communications, Cable One, CenturyTel, Embarq, Knology, and WOW (formerly WideOpenWest).

"The collection of data by the NebuAd device was wholesale and all-encompassing," the suit reads. "Like a vacuum cleaner, everything passing through the pipe of the consumer's internet connection was sucked up, copied, and forwarded to the California processing center.

"Regardless of any representations to the contrary - all data - whether sensitive, financial, personal, private, complete with all identifying information, and all personally identifying information, was recorded and transmitted to the California NebuAd facility."

The suit goes on to question whether user data was actually anonymized and claims that even if it was anonymized, it was done so too late. "Any alleged anonymization of subscriber’s identity during any phases after the point of initial interception of the online communication," the suit continues, "did not 'anonymize' the intentional initial interception of online communication."

The complaint, which seeks class action status, also cites research from net crusader Robb Topolski in alleging packet forgery and browser hijacking. ®

Internet Security Threat Report 2014

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.