or Connect
AppleInsider › Forums › General › General Discussion › Judge dismisses class-action suit against Google for bypassing Safari privacy controls
New Posts  All Forums:Forum Nav:

Judge dismisses class-action suit against Google for bypassing Safari privacy controls

post #1 of 47
Thread Starter 
A Delaware judge has dismissed a class-action lawsuit filed by users of Apple's Safari browser, finding that the plaintiffs could not prove that the search giant had caused any real harm when it circumvented Apple's security measures in order to store cookies in the browser.



Attorneys for Matthew Soble filed suit against Google in February of last year, claiming that Google knowingly sidestepped Safari's built-in privacy settings in order to track users' web activities. The suit came after it was revealed that Google and at least three other web ad networks had placed code into their ads that disguised them as user-initiated form submissions, thereby keeping Safari from blocking cookies from those ads, as the browser does by default.

Now Soble's suit has been struck down by Delaware's Judge Sue Robinson, who ruled [PDF] that the plaintiffs had not sufficiently demonstrated direct harm to them stemming from Google's actions. The plaintiffs had not "shown a loss of money or property from Google's actions," Robinson's opinion read. The personal information collected due to Google's circumvention of Safari's protections, "does not constitute property" according to the ruling.

The ruling looked at the case through the prism of several laws regarding electronic communications, including the Electronic Communications Privacy Act, the California Consumers Legal Remedies Act, The California Computer Crime Law, and The Computer Fraud and Abuse Act, among others. In not a single case did Robinson find Google's activities to be in violation of standing law with regard to the plaintiff's allegations.

While Soble's case was dismissed, Google has already seen discipline from other governing bodies. The Federal Trade Commission slapped the search giant with its largest fine in history over the cookie issue. The FTC called for Google to pay $22.5 million, but the regulatory body allowed Google to deny liability for its actions.

Google all along has maintained that it did nothing wrong. In a statement to AppleInsider, the company said that its actions were meant to allow users of Google services such as Google+ to have access to aspects of those services across the sites they visited.

"However," Google continued, "the Safari browser contained functionality that then enabled Google advertising cookies to be set on the browser. We didn't anticipate that this would happen... It's important to stress that, just as on other browsers, these advertising cookies do not collect personal information."
post #2 of 47
Quote:
Originally Posted by AppleInsider View Post

The ruling looked at the case through the prism of several laws regarding electronic communications

That prism functioned like a fun-house mirror.
post #3 of 47

Quote:

Originally Posted by quinney View Post
Quote:
Originally Posted by AppleInsider View Post

The ruling looked at the case through the prism of several laws regarding electronic communications

 

That prism functioned like a fun-house mirror.

 

Speaking of PRISM's, I wonder if this Matthew Soble has also joined in the class action lawsuit against the NSA for tracking his web activities.

post #4 of 47
Originally Posted by AppleInsider View Post
A Delaware judge has dismissed a class-action lawsuit filed by users of Apple's Safari browser, finding that the plaintiffs could not prove that the search giant had caused any real harm when it circumvented Apple's security measures in order to store cookies in the browser.

 

Okay. So I’ll just come over to this judge’s house, take pictures, sit on the couch… It’s cool, how do you know I’m doing any real harm?


Google just received a license to break every privacy law on the books.

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #5 of 47
Redarded judgement, if only "loss of money or property" constitutes harm.
I guess under this judge's view, the only reason you can't kill someone or beat them into a pulp is because hospital and funeral costs constitute "loss of money"...
post #6 of 47
Not surprised at this. Just like those idiots that are suing Apple over location tracking. It will be difficult to prove any actual harm.

Besides, Google already paid a $22 million fine over this.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #7 of 47

Disagree with the judge on this one.

post #8 of 47
So, Judge Robinson, can I set up a lawn chair out in your backyard and -- so long as you can't prove that I "caused any real harm" -- can I just watch ya'll through your bedroom windows at night whenever I like? Is it just fine for me to do that? I mean, after all, what HARM is there in my INVADING YOUR PRIVACY like that?

None at all, right? No harm done?
post #9 of 47
So, Judge Robinson, can I set up a lawn chair out in your backyard and -- so long as you can't prove that I "caused any real harm" -- can I just watch ya'll through your bedroom windows at night whenever I like? Is it just fine for me to do that? I mean, after all, what HARM is there in my INVADING YOUR PRIVACY like that?

None at all, right? No harm done?
post #10 of 47
Quote:
Originally Posted by AdonisSMU View Post

Disagree with the judge on this one.

Nope, I think she did the right thing here.

For one thing, Google has already been found guilty and fined for this particular crime.

This is another case of scummy lawyers finding people to fight a frivolous lawsuit, in the hope that The company they're suing will just hand over a pot of cash to make them go away. Most of the time, the lawyers take most of the money anyway.

She is wrong that no harm was done, but Google has already paid for that.
post #11 of 47
Quote:
Originally Posted by Rayz View Post
 
Quote:
Originally Posted by AdonisSMU View Post

Disagree with the judge on this one.

Nope, I think she did the right thing here.

For one thing, Google has already been found guilty and fined for this particular crime.

This is another case of scummy lawyers finding people to fight a frivolous lawsuit, in the hope that The company they're suing will just hand over a pot of cash to make them go away. Most of the time, the lawyers take most of the money anyway.

She is wrong that no harm was done, but Google has already paid for that.

 

If the reasoning for the decision is faulty, the decision is faulty, even if different and potentially correct reasoning could have led to the same conclusion which then would potentially be a correct conclusion.

 

In particular anglo-saxon common law is MASSIVELY dependent on case law and legal precedent. In other words a judgement like that, which essentially seems to establish that no harm is done, unless it results in loss of money or property, sets precedents for future cases and totally undermines the idea that people's privacy has an inherent worth, which if violated per se constitutes harm done.

 

The law is not about "overall justice", it's about the nitty, gritty detail, and if these details are wrong, it doesn't matter if a superficially just outcome has been achieved.

 

If the judge had argued double jeopardy or had found Google guilty, but denied further penalties in reference to the SEC fine paid, that would have been a totally different issue, but that's not how the court decided to reason, if the article reports anywhere close to the truth.

post #12 of 47

So, I guess that it's ok if somebody breaks into a bank, but leaves without taking anything?:err:

 

This is a bad decision by the judge, and their thought process is all messed up.

post #13 of 47
Quote:
Originally Posted by Rayz View Post

She is wrong that no harm was done, but Google has already paid for that.

If you say that Google has done harm, shouldn't they pay again? It's not like they've paid for it in the past so they don't need to in future and continue to get away with such shenanigans.

"We're surrounded by anonymous, poorly made objects. It's tempting to think it's because the people who use them don't care -- just like the people who make them." - Jony Ive, 2014
Reply
"We're surrounded by anonymous, poorly made objects. It's tempting to think it's because the people who use them don't care -- just like the people who make them." - Jony Ive, 2014
Reply
post #14 of 47
Quote:
Originally Posted by Tallest Skil View Post
 


Google just received a license to break every privacy law on the books.

With this judgement? LOL, a class action lawsuit doesn't mean jack sh!t and you know it. Google was already fined an FTC record $22.5MM. If that's not enough for Google to learn a lesson, this judgement means absolutely nothing either way.

Why does Apple bashing and trolling make people feel so good?

Reply

Why does Apple bashing and trolling make people feel so good?

Reply
post #15 of 47

So it's OK if someone breaks into a bank and leaves without stealing anything because he already went to jail for the same crime before then??

post #16 of 47
Nah - that's wrong, I agree.
Dickprinter and this judge (cough) thinks it's ok because they've already paid a fine, oh wait it was a real big one !
Next time they should receive a lesser fine - hell, maybe they need counselling .... ¿
post #17 of 47
Quote:
Originally Posted by Dickprinter View Post

With this judgement? LOL, a class action lawsuit doesn't mean jack sh!t and you know it. Google was already fined an FTC record $22.5MM. If that's not enough for Google to learn a lesson, this judgement means absolutely nothing either way.

Actually, the Class Action allows the ruling to benefit the USERS, the ones who were actually hurt by Googles actions.

I don't remember getting a cut from the 22.5m
post #18 of 47
At first I thought what a bad ruling but after thinking about it, I'm not so sure. As for what Google did, I think they are scum. Clearly it was intentional and an invasion of privacy but did users suffer a monetary loss which is required in a class action lawsuit? They suffered a trespass (e.g. Setting up a lawn hair in one's backyard) but not necessarily a monetary loss.

That disturbs me because although users, including myself, suffered a loss of privacy (which I highly value otherwise I wouldn't have gone through the effort to set my browser to be more private) and Google profited from their scummy ways, did I suffer a monetary loss? No.

What I would like to see is some local district attorneys take Google to court for hacking. A $22 million fine is probably only a fraction of the profits Google made from their scummy activities. Google will only learn when the pain is more than the profit.

Edit: I take that back. I haven't read the ruling but the stry quote the judge as saying "no loss of money or property". I would argue that privacy is property as it has value. One measure of its value is the difference in revenue received by Google for ignored ads versus the revenue received from users where the privacy is trespassed on.
Edited by DaveN - 10/11/13 at 4:25am
post #19 of 47
Quote:
Originally Posted by Rayz View Post


Nope, I think she did the right thing here.

For one thing, Google has already been found guilty and fined for this particular crime.

This is another case of scummy lawyers finding people to fight a frivolous lawsuit, in the hope that The company they're suing will just hand over a pot of cash to make them go away. Most of the time, the lawyers take most of the money anyway.

She is wrong that no harm was done, but Google has already paid for that.

 

Oh, really? When do I get my check?

post #20 of 47
I find it hard to believe that cookies were enabled "by accident" . Poor showing by Google IMO. Curious too if Facebook is still doing the same. Initially they and a few hundred others were said to also bypass Safari 3rd-party cookie settings. Is it still being done by some of those?

EDIT: A quick search finds that at least three other advertising companies are in the midst of setting complaints that they also bypassed Safari user settings (which isn't what Google got in trouble for oddly). Besides Pointroll, Media Innovation and Vibrant Media there are probably others. Pointroll got off particularly easy with simply paying the complainant's attorneys $115K and in return getting those lawyers to promise to "publicly praise PointRoll for its new privacy practices and commitments." 1bugeye.gif

AI failed to note that this wasn't a lawsuit against Google specifically (I was unaware until reading other news reports at other sites) but also included three other companies in the complaint, none of them related to Google. Nor was the class-action suit dismissed only because of a lack of monetary harm to consumers. There were also no grounds for claiming a violation of Federal Wiretap laws in the first place according to the ruling.

According to Judge Robinson "even if the allegations were true, the companies didn't violate the federal wiretap law, which prohibits companies from intercepting the “content” of a communication. “While URLs may provide a description of the contents of a document, e.g., www.helpfordrunks.com, a URL is a location identifier and does not 'concern the substance, purport, or meaning' of an electronic communication..."
Edited by Gatorguy - 10/11/13 at 5:54am
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #21 of 47
Oh, this is sneaky. . .

Microsoft, Facebook, Apple and Google aren't going to worry too much about 3rd party cookie blocking much longer. Besides, cookies aren't useful on mobile devices anyway. They're all moving to " advertising identifiers" as a way to track users across applications and platforms. That cookie setting in Safari and Firefox may soon only keep the little guys at bay. The big guys are already putting a bypass in place, making it really tough if not impossible to avoid tracking.

http://adage.com/article/digital/microsoft-cookie-replacement-span-desktop-mobile-xbox/244638/
http://gigaom.com/2013/10/10/microsoft-plans-to-drop-cookies-embrace-cross-device-tracking-tools/
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #22 of 47
Quote:
Originally Posted by Tallest Skil View Post

Okay. So I’ll just come over to this judge’s house, take pictures, sit on the couch… It’s cool, how do you know I’m doing any real harm?


Google just received a license to break every privacy law on the books.

That's total nonsense.

The judge is absolutely correct. The plaintiffs filed a civil case which means that they have to prove harm. They were unable to do so. Harm doesn't need to be financial, although it usually is. In this case, they couldn't show any harm. Seeing an ad that's relevant for your interests rather than an unrelated ad isn't something that is, per se, harmful.

However, that doesn't mean that they have a license to break privacy laws as you claim. They received the largest fine in FTC history over this matter. If they are charged with breaking other laws and it can be proven, they would lose those, as well.

The fundamental problem is that you apparently don't understand the difference between a civil case, a criminal case, and an administrative action.

Now, if you want to argue that the fines in the criminal and administrative cases are too small to make a difference, I'd agree. But equating civil and criminal cases does nothing to further intelligent discussion.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #23 of 47
The Google shills rejoice.
post #24 of 47
Originally Posted by Dickprinter View Post
Google was already fined an FTC record $22.5MM. If that's not enough for Google to learn a lesson, this judgement means absolutely nothing either way.

 

It wasn’t. THEY STILL DO IT. $22,500,000 is NOTHING to them.

 

Originally Posted by jragosta View Post
The plaintiffs filed a civil case which means that they have to prove harm. They were unable to do so. Harm doesn't need to be financial, although it usually is. In this case, they couldn't show any harm. Seeing an ad that's relevant for your interests rather than an unrelated ad isn't something that is, per se, harmful.

 

I was going to pose a rhetorical question, asking if you believed their inability to show harm meant that no harm had been done, but apparently you do actually think that, given the last sentence there.

 

Not a big fan of “the means justify the ends”, myself.

 

“Hey, I broke into your house last month and saw you liked R. Atkinson Fox prints, so I got you a new one for your birthday!”

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #25 of 47
Quote:
Originally Posted by RobM View Post

Nah - that's wrong, I agree.
Dickprinter and this judge (cough) thinks it's ok because they've already paid a fine, oh wait it was a real big one !
Next time they should receive a lesser fine - hell, maybe they need counselling .... ¿

The judge never said any such thing. The judge said that the plaintiffs didn't prove any significant harm. That's not the same as saying it's OK.
Quote:
Originally Posted by Tallest Skil View Post

I was going to pose a rhetorical question, asking if you believed their inability to show harm meant that no harm had been done, but apparently you do actually think that, given the last sentence there.

Not a big fan of “the means justify the ends”, myself.

“Hey, I broke into your house last month and saw you liked R. Atkinson Fox prints, so I got you a new one for your birthday!”

I never said that no harm had been done. I said that the plaintiffs apparently failed to prove any harm, or if they did, it was de minimis.

Personally, I think they should have the book thrown at them and that the sanctions and fines should be several orders of magnitude higher than they were. But that doesn't change the fact that the plaintiffs did not meet the legal requirements for winning a civil suit.

And please stop with the stupid analogies. Breaking and entering is a criminal violation.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #26 of 47
Originally Posted by jragosta View Post
Breaking and entering is a criminal violation.

 

Breaking (the rules set by the browser) and entering (cookies, onto the computer) is a criminal violation, you say… Hmm.

 

Thank you for the previous clarification, though.

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #27 of 47
Quote:
Originally Posted by jragosta View Post
The judge is absolutely correct. The plaintiffs filed a civil case which means that they have to prove harm. They were unable to do so. Harm doesn't need to be financial, although it usually is. In this case, they couldn't show any harm. Seeing an ad that's relevant for your interests rather than an unrelated ad isn't something that is, per se, harmful.

 

The problem with your reasoning is simple: in civilized countries, privacy is considered a good in itself, and personal information and identity are considered property. Therefore someone who has possession of private information without consent stole something from you. 

 

Therefore the loss of privacy automatically, without further proof, constitutes harm. Privacy should be treated like a civil right. I mean, what "harm" is done to some person when they denied the right to vote? No financial loss, no pain, no nothing... False: the person was denied their right to exercise participation as a citizen, they were violated in their civil rights, and thus the entity obstructing their ability to vote is liable.

 

Even if the value of that information is only $0.000001, multiply that by hundreds of millions of users and billions of clicks, and it adds up.

Further, at least in European law, there's the concept of "unjustified enrichment", which would certainly apply. An example: you enter the wrong bank account number, and the money goes to the wrong person. That person can't just keep it and say "though luck for the sender", because that would be unjustified enrichment. So even if Google claims this was all accidental, they earned money with that accident that they shouldn't have earned, and that money needs to be paid back, one way or the other.

 

In short: the problem here is, that privacy is not considered a good in itself by this court, meaning the loss of privacy has to lead to some derived harm which then has to be proven to have occurred, instead of recognizing privacy as a good, the loss of which constitutes harm in itself.

post #28 of 47
Quote:
Originally Posted by rcfa View Post

Redarded judgement, if only "loss of money or property" constitutes harm.
I guess under this judge's view, the only reason you can't kill someone or beat them into a pulp is because hospital and funeral costs constitute "loss of money"...

From a "civil law" perspective that is fairly close.  However there are some pretty harsh consequences under criminal law.

In this case Google was found guilty by the FTC and fined.  The civil case required damages to be shown.  In the absence of those the Judge was correct.

post #29 of 47
Quote:
Originally Posted by rcfa View Post

The problem with your reasoning is simple: in civilized countries, privacy is considered a good in itself, and personal information and identity are considered property. Therefore someone who has possession of private information without consent stole something from you.

I don't think the claim was that Google stole personal information. Instead it was that they set a third-party cookie against the default Safari settings or specific users wishes.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #30 of 47
Quote:
Originally Posted by rcfa View Post

The problem with your reasoning is simple: in civilized countries, privacy is considered a good in itself, and personal information and identity are considered property. Therefore someone who has possession of private information without consent stole something from you. 

First, Google was not in possession of something they stole from you. They put a cookie on YOUR computer, they didn't take anything.

Regardless, what you are describing is handled as a criminal trespass, not a civil case.

Quote:
Originally Posted by Tallest Skil View Post

Breaking (the rules set by the browser) and entering (cookies, onto the computer) is a criminal violation, you say… Hmm.

Except that it's not breaking and entering. Look up the law instead of posting stupid things.

If you want to make an analogy, it's closest to criminal trespass - which is why it is best handled via criminal or administrative action - as it was.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #31 of 47
Originally Posted by jragosta View Post
Except that it's not breaking and entering.

 

‘Course not.

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #32 of 47
Quote:
....The plaintiffs had not "shown a loss of money or property from Google's actions....

 

So it's OK to break into someone's house by stuffing paper towels in the door-jam-locks so that when the "user" locks the door, it doesn't lock; unknown to them.

 

Then you can rummage around inside the house to your hearts content.

 

No harm done.

post #33 of 47
Quote:
Originally Posted by aelegg View Post

So it's OK to break into someone's house by stuffing paper towels in the door-jam-locks so that when the "user" locks the door, it doesn't lock; unknown to them.

Then you can rummage around inside the house to your hearts content.

The analogies are really out of control on this thread.

Do you think that if you tried a little harder that you might come up with an even more ridiculous analogy?
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #34 of 47
Quote:
Originally Posted by jragosta View Post


The analogies are really out of control on this thread.

Do you think that if you tried a little harder that you might come up with an even more ridiculous analogy?

 

I was 100%-sold on my breaking-and-entering analogy rant, but I *am* guilty of not noticing the civil vs criminal court-actions etc etc.

 

Some over-reaction by me?  Maybe.  But the "don't be evil" company deserves some heavy-handedness, I think.

post #35 of 47
Text of the 4th Amendment of the US Constitution: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated..."

Shouldn't private browsing habits be considered part of ones persons or effects? Don't we have a right to not be tracked?
post #36 of 47
Quote:
Originally Posted by leftoverbacon View Post

Don't we have a right to not be tracked?

In the US the answer appears to be a resounding no. Google, Microsoft, Apple, etc. all track much more then just cookies and they also share this info with the government.
post #37 of 47
Quote:
Originally Posted by Tallest Skil View Post
 

 

Breaking (the rules set by the browser) and entering (cookies, onto the computer) is a criminal violation, you say… Hmm.

 

Thank you for the previous clarification, though.

 

It's important to note that this is a civil case. I was going to mention trespassing, but jragosta got that one. The actual outcome of the case here isn't about whether they did anything wrong. It's whether the users can prove damages that would be rectified through monetary compensation. Even in a class action lawsuit, individual plaintiffs can opt out. While they have their place, the lawyers are typically the only ones who are suitably compensated for any loss. I'll find some examples if you like.

post #38 of 47

"Speaking of PRISM's, I wonder if this Matthew Soble has also joined in the class action lawsuit against the NSA for tracking his web activities."

 

Ummm what are you talking about? What a foolish statement. Google is now on equal footing with a government agency?

post #39 of 47
Quote:
Originally Posted by Gatorguy View Post
 
Quote:
Originally Posted by rcfa View Post

The problem with your reasoning is simple: in civilized countries, privacy is considered a good in itself, and personal information and identity are considered property. Therefore someone who has possession of private information without consent stole something from you.

I don't think the claim was that Google stole personal information. Instead it was that they set a third-party cookie against the default Safari settings or specific users wishes.

 

The point of using cookies is to track user's behavior. In other words, Google collects my private web usage habits and preferences, my likes and dislikes being my personal secrets and information, which by means of my preferences I clearly stated that I have no intention sharing with a third party.

Their algorithms thus find a way to steal the information from me, which is the information about my likes, dislikes and browsing habits.

Them having information I don't want them to have is a violation of my privacy, with privacy being a valuable asset in and by itself, which has been taken away from me, which constitutes harm done.

Yes, not monetary harm, but harm nonetheless. The problem with the decision at hand is that it considers only harm something that's monetary or tangible property.

post #40 of 47
Quote:
Originally Posted by rcfa View Post

The point of using cookies is to track user's behavior. In other words, Google collects my private web usage habits and preferences, my likes and dislikes being my personal secrets and information, which by means of my preferences I clearly stated that I have no intention sharing with a third party.
Their algorithms thus find a way to steal the information from me, which is the information about my likes, dislikes and browsing habits.
Them having information I don't want them to have is a violation of my privacy, with privacy being a valuable asset in and by itself, which has been taken away from me, which constitutes harm done.
Yes, not monetary harm, but harm nonetheless. The problem with the decision at hand is that it considers only harm something that's monetary or tangible property.

Right On, rcfa !
It's the individuals privacy that's at stake here. Not Goog's self assumed right to be able to data mine so that it can make money.

I'm not trying to be overly critical here - but sometimes it seems to me that the American legal system gets convoluted like this ruling.
It seems to contradict the original court case that found Goog in breach.
What's the message ? It's ok ? it's not ok ? It's ok if you're prepared to pay ?
Too messy - is it abuse of privacy or not ?
Edited by RobM - 10/12/13 at 1:00am
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Judge dismisses class-action suit against Google for bypassing Safari privacy controls