Class Action Targets LinkedIn; Did Company Hijack Users' Email?
Anyone else greatly annoyed by the flood of LinkedIn email that arrives in their inboxes daily?
While most of us just ignore the messages, or feed them to our spam filters, four plaintiffs in California took things one step further and filed a class-action lawsuit, alleging not that they received too many messages, but that the company's email practices included sending too many messages on their behalf, and without their knowledge.
In short, they claim that the company hijacked their email accounts in order to harvest contact information and spam their contacts with LinkedIn invitations and endorsements.
Factual Allegations
According to the complaint, when users sign up for LinkedIn, they are required to use an external email address. If that account is currently logged-in in the same browser, the company "hacks" into that account and harvests the email addresses. Multiple emails, with the user's name and likeness, are sent, advertising LinkedIn's services and implying endorsement of those services by the original user.
The complaint points out that during the signup process, an asterisk alerts users (in small grey print) that they agree to the User Agreement, Privacy Policy, and Cookie Policy. "LinkedIn, contrary to industry practice, does not require members to view its Terms documents nor does it display its terms documents in such a way that a party would have sufficient notice."
Those terms, accessible via the small print, presumably allow LinkedIn to engage in the controversial email practices. LinkedIn also has a "Grow your network" screen where it asks for your email address. Using just the address, it "hacks," sans password, an open email account's contacts list. If no other account is logged in on the computer, it requests that the user verify his or her identity by entering an email address and its associated password.
It also promises to not send email without your permission (though permission is almost certainly found in those asterisk'd terms of service).
The company denied all of the lawsuit's allegations on its blog over the weekend.
Procedural Basis
The suit was brought as a class action in the United States District Court for the Northern District of California, and filed in San Jose. The suit alleges violations of:
- California's Common Law Right of Publicity;
- California's Unfair Competition Law (Cal. Bus. & Prof. Code § 17200, et. seq.);
- Federal Electronic Communications Privacy Act, 18 U.S.C. §§ 2510, et seq.;
- Federal Stored Communications Act, 18 U.S.C. §§ 2701, et seq.;
- California's Comprehensive Data Access and Fraud Act, Penal Code § 502;
- California's Invasion of Privacy Act, Penal Code § 631;
- California Consumer Remedies Act, Cal Civ. Code. § 1770
Quite the laundry list of complaints, isn't it? We'll have more on the case as it develops.
Related Resources:
- LinkedIn Accused of Hacking Users' Email Accounts. Here's the Complaint. (AllThingsD)
- FTC Investigates Facebook's Proposed Privacy Policies (FindLaw's Technologist Blog)
- 9th Cir: Google's Wifi Sniffing May Have Violated Wiretap Laws (FindLaw's Technologist Blog)