Two plaintiffs sued comScore for using highly aggressive tactics to collect large amounts of user information, often from people unaware they are being tracked.
Internet audience tracking and analytics firm comScore is
being accused of surreptitiously collecting Social Security numbers, credit
card information and passwords from consumers.
The company is also accused of using its data collection
software to tamper with user systems and stealing information from saved
documents, according to a proposed class-action
filed in the United States District Court, Northern District of
Illinois on Aug. 23. Filed on the behalf of two people, one from Illinois and
one from California, the lawsuit claimed comScore allegedly violated the Stored
Communications Act, the Electronic Communications Privacy Act, the Computer
Fraud and Abuse Act and Illinois Consumer Fraud and Deceptive Practices Act.
The privacy violations include comScore allegedly changing
security settings on the user's firewall and opening backdoors, redirecting
user traffic online, and injecting data collection code into browsers and
instant messaging applications without user permission, according to court
The plaintiff claimed the software could monitor keystrokes
and every action taken online as well as scanning all saved documents, emails
and PDF files on the user's computer in order to transmit the data gleaned from
the files. The software may even scan visible files belonging to other users on
the same network.
"The scope and breadth of data that comScore collects
from unsuspecting consumers is terrifying," the lawsuit said.
An online audience measurement and customer tracking
company, comScore bundles its tool with free products such as screensavers and
music-sharing software or with chances to enter sweepstakes and other
incentives. Once the tracking software has been installed, comScore collects
information from the participants and distributes it to its client roster of
approximately 1,800 customers including e-commerce sites, retailers,
advertising agencies and publishers. The comScore statistics are frequently
used by news outlets to discuss online behavior
and Website analytics.
One of comScore's Websites warns users that the software
monitors all Internet activity, including filling a shopping basket,
an application form or checking online accounts. The fact that it is
keystrokes and all online activity means it would be easy for someone
at comScore, or someone who hacked comScore's data, to grab sensitive
The software is distributed under various names such as
RelevantKnowledge, OpinionSpy, PremierOpinion, OpinionSquare,
PermissionResearch and MarketScore, according to the lawsuit. It is often
embedded in free screensavers, games and other applications without proper
notice, so users aren't even aware they are sending data to comScore, according
to the lawsuit.
The software is difficult to uninstall, and even after the
user manages to remove it, an untrusted "root certificate" is left
behind that potentially exposes the user to online security threats, the
plaintiffs said. comScore's software can also be updated and controlled
remotely without user intervention, the plaintiffs said.
comScore "constantly collects, monitors and analyzes
every online move, no matter how private, of over two million persons,"
the suit said.
comScore spokesman Andrew Lipsman
called the lawsuit meritless. "We have reviewed the lawsuit and find it to
be without merit and full of factual inaccuracies," he said.
"comScore intends to aggressively defend itself against these
have grown more concerned about data
collection, and there's a lot of interest among Congressional lawmakers
Internet users more control over what kind of data is being collected and how
to opt-out of tracking
On its Website, comScore claimed to try to filter out
confidential and personally identifiable information from the data or purge it
from the database if such data was "inadvertently" stored. The company
claimed to "make commercially viable efforts" to clean the data.