If you’re not following or reading Brian Krebs, you should be. He does some of the best investigative reporting in the email, security and internet space. Today’s blog post is a disturbing look into the data selling and identity theft industries. Brian details evidence that shows Experian (yes, that Experian) has been selling consumer data to identity thieves.
Consumer Watch put out a press release yesterday about a court filing made by Gmail that says Gmail users have no expectation of privacy. I pulled a bunch of the docs yesterday, but have had no real time to read or digest them.
For recap users everything I pulled (and stuff other people have pulled) are available at Archive.org.
The initial complaint was filed under seal at the request of Google. The redacted complaint doesn’t tell us a lot, but it’s available for people to read if they’re interested.
The doc everyone is talking about is Google’s Motion to Dismiss. Everyone is up in arms about Google saying, in that filing, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” (page 28, line 9). What no one seems to have mentioned is that this is actually a quote from a case that Google is referencing. The whole paragraph may lead one to a different conclusion.
As if suing themselves out of business by going after Comcast and Spamhaus weren’t enough, e360 is now suing Choicepoint for breach of contract and CAN SPAM violations. As usual, Mickey has all the documents (complaint and answer) up at SpamSuite.
This may actually be an interesting case. On the surface it is a contractual dispute. Choicepoint sold e360 40,000,000 data records containing contact information including email addresses, snail mail addresses and phone numbers. Some of the records were marked “I” meaning they could be used for email. Some of the records were marked “O” meaning they could not be used for email.
Despite these terms being reasonably well defined in the contract, e360 sent email to addresses in records marked “O.” Some of those addresses resulted in e360 being sued by recipients. During the course of the suit, e360 contacted Choicepoint and asked for indemnification. Choicepoint refused for a number of reasons, including the fact that Choicepoint told e360 the addresses were not for mailing. In response, e360 filed suit.
The interesting and relevant part of this case is the CAN SPAM violation that e360 alleges.
I spent yesterday afternoon in Judge Koh’s courtroom listening to arguments on whether or not the class action suit against Google based on their scanning of emails for advertising purposes can go forward. This is the case that made news a few weeks ago because Google stated in their brief that users have “no expectation of privacy” in using online services.
That does appear to be what Google is actually saying, based on the arguments by attorney Whitty Somvichian. He made it clear that Google considers everything that passes through their servers, including the content of emails, covered under “information provided to Google” in the privacy policy. Google is arguing that they can read, scan, and use that content to display ads and anything else they consider to be in the normal course of business.
I have pages and pages of notes but I have some paying work to finish before I can focus on writing up the case. There were multiple reporters and bloggers in the courtroom, but I’ve not found many article. Some I’ve found are: