eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Its America, so it was inevitable. Adware and spyware vendors have ended up in court, and the plaintiffs are seeking class certification.
It started several months ago with a suit against DirectRevenue. Now another suit has been filed against 180Solutions (details here in PDF form) for similar reasons.
180Solutions, aka MetricsDirect, has a long and notorious history in the adware business and will make an unsympathetic defendant.
The whole thing makes me uncomfortable because class action cases so often seem to work only to the benefit of the attorneys.
Youve seen it before and its not hard to imagine in this case: The settlement nets 180Solutions victims $17 coupons for some service they dont want and the attorneys get $74 million.
Beyond the basic injustice of it all, it creates incentives for the attorneys, since theyre basically dealing with phony clients, to service their own interests primarily.
At least the suit is being filed in a U.S. District Court as opposed to some out-of-the-way state court.
But all of this has more to do with the class action system than with the spyware problem and with the merits of this case.
Im going to assume, for the sake of argument, that the factual claims of the phony plaintiff are largely accurate, in the sense that spyware was actually surreptitiously installed on his computer and that it impeded his ability to enjoy the use of said computer.
Some of those factual claims are compelling, bearing in mind that we havent yet heard the other side of the story.
The complaint insists that 180Solutions software is installed surreptitiously, without consent. 180Solutions, for its part, insists that all of its software is “permission-based.” Graphics proclaiming “No Spyware,” “No Hiding,” “Privacy Pledge” and similar stuff adorn its Web site.
At the same time, the company says it has sued a bunch of former affiliates abroad for installing its software using botnets and without getting complete user approval.
How did botnets figure into this? I can only assume that the affiliates (all in distant lands like Lebanon and Canada) actually installed the 180Solutions software onto the botnet computers themselves.
Seems to me that this suit concedes the point that 180Solutions software can be installed by an affiliate without user permission.
Next page: What 180Solutions actually does.
What 180Solutions Actually Does
And few, if any, users would consent to the installation of this software if they knew what it was doing.
According to the complaint filed with the court (available here as a PDF), “180Solutions boasts in its marketing literature that it is able to provide advertisers with a 360-degree view of the users behavior—24 hours a day, 7 days a week.”
In other words, it reports on users browsing habits. It also bombards them with ads based on the sites the users are visiting.
The software resists being removed from the system and warns you that unspecified other things will go wrong if you attempt to do so.
As has been demonstrated by researcher Ben Edelman, 180Solutions software does not always behave in the innocent manner the company claims for it.
And Web sites that are responsible for installing the 180Solutions software (180search Assistant, formerly nCase) are paid by 180Solutions for each system on which it is installed (or, to use the term in the complaint, each system that is “infected”).
So its affiliates have every incentive to hide what they are doing.
These disingenuous “marketing” companies really need to be stopped, and neither the regulatory agencies nor the legislative bodies seem to be taking any great action, and perhaps they dont need to.
Fraud, as the complaint notes, is already illegal, so a civil suit is a reasonable course to take.
As obvious as the facts may seem here, I really dont like the idea of leaving this in the hands of a jury. In fact, the 7th amendment notwithstanding, Im tempted to agree with a friend who thinks we shouldnt necessarily have juries in civil cases anymore. Thats the way the ball bounces in our court system.
But need it be a class action suit? This is the part I really dont like; how are people supposed to demonstrate that they are a member of the class? And if its actually true, as 180Solutions claims, that they collect no personally identifiable information, how are they supposed to dispute any particular individuals claims? You really want to leave distinctions like this to a jury?
And how do you measure damages in such cases? The complaint asserts that damages to the named were “well in excess of $5,000.” It describes how the damage from the software comes from slowing the computer down, wasting the users time, forcing him or her to view advertisements and impeding the ability to use the computer effectively. How do you turn that into a dollar figure?
I have no doubt the only meaningful number at the end of it all will be the “award of reasonable attorneys fees, costs and expenses.”
I guess Ill have to sit uncomfortably and say that Ill put my faith in the judicial arm of the Federal government to make sure this case is handled in an up-and-up manner. It bothers me to worry about 180Solutions rights in court, but someone does need to worry about them.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at [email protected].
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.