Class Action Fishing: Apple Sued Over Third Party User Tracking

from the seems-like-a-stretch dept

One of those class action specialist lawsuit firms, who seem to file lawsuits mostly designed to make the lawyers money, rather than correct any sort of improper actions, has sued Apple and some app makers over supposed privacy violations. At issue is the fact that some apps pass on the unique UDID code that is associated with each iPhone to advertisers. This lets advertisers track the same user across multiple apps -- similar, in some sense, to a browser cookie. The "difference" is that a browser cookie is deletable, while you're stuck with your UDID. This all came out a couple weeks ago in a WSJ article, and since these kinds of lawyers are opportunists, they're always quick to jump on any lawsuit opportunity whenever the press highlights a story like this.

Not surprisingly, it appears this case is yet another attempt to abuse the CFAA (Computer Fraud and Abuse Act), which is generally thought of as an anti-hacking law, but which is continulously stretched and abused to pull in other situations. In this case, the lawyers are claiming that accessing the UDID without permission is the equivalent of accessing a computer without authorization. Think about that for a second and then realize how silly this is. No one is hacking anything to get this info. The info is made available, and so it's been shared. Using the CFAA here is ridiculous. They also seek to use a similar California anti-hacking law in a similar way. This is clearly not what those laws are intended for.

Furthermore, it seems silly to blame Apple for the way that some app providers are sharing data. To get around this issue, the lawyers rely on two key points. First, that Apple itself recently changed its terms to ban apps from sending data to third parties such as ad networks. Of course, most people realized this was not about protecting privacy, but about forcing developers to use Apple's own ad platform. Second, the fact that Apple approves each of the apps in the marketplace. I know that some people assume this automatically adds liability to Apple for anything those apps do, but that seems like a bit of a stretch as well. It's ridiculous to assume that Apple tests all aspects of an app, and thus becomes liable for anything those apps do.

All in all this looks like yet another attempt by some lawyers to take some fear mongering and make some money out of it. It's not going to do anything to protect anyone's actual privacy.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Dec 29th, 2010 @ 2:51am

    Seems to me that this has the potential to prevent apps from UDID, which would in fact improve privacy, if only in this case. Apple in fact does examine many aspects of what apps do, as it has rejected many apps for far less invasive practices. It would be trivial to have an app detected as requesting this unique ID.

    While this country is beyond suit-happy, does techdirt have another option in terms of changing corporate behavior rather than threat of monetary loss?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Michael, Dec 29th, 2010 @ 4:41am

      Re:

      Competition seems like it could solve this one. It seems like a much better option than abusing an anti-hacking law.

      As a consumer, you have the ability to select the apps you buy. Don't buy the ones that use your information in ways you are uncomfortable with. If that does not suit you - don't buy an iPhone.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        The Mighty Buzzard (profile), Dec 29th, 2010 @ 4:57am

        Re: Re:

        Agreed. There's no need to criminalize stupid business decisions on either side of the equation. Whether the decision is sticking with models that are being harmed by foolish resistance to change or making changes that piss off the customers. The market can and will sort out almost any instance of uncommon stupidity if simply left alone.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Marcus Carab (profile), Dec 29th, 2010 @ 10:04am

      Re:

      Consumer pressure on Apple and on developers could certainly minimize the use of UDIDs, and Apple would likely eventually add a developer guideline banning the practice, and then they would add that check to their standard roster of tests (though whether or not there really is a consistent standard for the app store is debatable)

      The point is not that accessing the UDIDs is a good thing, but that it's probably not an illegal thing - and it's definitely not in violation of anti-hacking laws. If these lawyers want to pore over all the contracts and licenses and EULAs involved and show that a law actually was broken, then they are free to do so - but they should not twist a law that was clearly never intended to apply to situations like this just so they can launch a class-action.

      Abuse of the law can sometimes bring desirable short-term effects, but in the long run it is always bad.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    cm6029 (profile), Dec 29th, 2010 @ 4:40am

    I'm afraid I disagree on this one. If Apple didn't take the heavy handed approach to app approval, then you could make a case for absolving them of responsibility in this. However, I think they are in it up to their eyeballs having put their stamp of approval on these invasive apps. I believe Android would have a stronger case for being absolved of liability because of their 'you choose' approach.

    Perhaps I'm not quite as trusting of companies mining my data in a way that I don't have oversight on, and I think I still prefer an 'opt-in' choice rather than 'opt-out', and I personally have found Apple's attitude a bit too invasive to make me comfortable. Granted, their corporate policy is their choice, by my choice not to agree with it is mine.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Dec 29th, 2010 @ 9:58am

      Re:

      I'm afraid I disagree on this one. If Apple didn't take the heavy handed approach to app approval, then you could make a case for absolving them of responsibility in this. However, I think they are in it up to their eyeballs having put their stamp of approval on these invasive apps. I believe Android would have a stronger case for being absolved of liability because of their 'you choose' approach.

      I agree that Apple has a higher likelihood of liability because they do take on some responsibility for approving apps. But I'm troubled by the suggestion that if you review *some* aspects of an app, you've now taken on liability for *all* aspects of that app.

      In the case law around things like Section 230, this sort of argument has generally been rejected. That is, in the case law, if you (for example) moderate comments on an email list, it does not make you responsible for libelous messages that others wrote, but which you approved.

      I would think the same thing applies here.

      Perhaps I'm not quite as trusting of companies mining my data in a way that I don't have oversight on, and I think I still prefer an 'opt-in' choice rather than 'opt-out', and I personally have found Apple's attitude a bit too invasive to make me comfortable. Granted, their corporate policy is their choice, by my choice not to agree with it is mine.

      I agree, but that's a market choice. I'm not sure this lawsuit should apply.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Jimmy The Geek (profile), Dec 29th, 2010 @ 5:42am

    If you create a walled garden

    Then you are taking responsibility for everything that happens inside the garden.

    If Apple was just providing a space for vendors to use, like a street for any vendor to set up shop, then common carrier status would protect them.

    But since they are looking at every product and vendor that enters the market they accept full responsibility for everything, good or bad.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Dec 29th, 2010 @ 10:00am

      Re: If you create a walled garden

      But since they are looking at every product and vendor that enters the market they accept full responsibility for everything, good or bad.

      Again, as I stated above, I don't believe this makes sense, and I don't believe it's how the law views things. If you look at the caselaw on Section 230, it does say that if you're a service provider who reviews *some* aspects of content that you moderate, it does not make you liable for everything in that content.

      I think it's a leap to say because Apple reviews apps to make sure they work, it means they also take responsibility for sneaky things the apps do. Think through the implications of that.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Dec 29th, 2010 @ 11:24am

        Re: Re: If you create a walled garden

        Apple by design makes the ID number available to third party apps. By design, the phone is allowing this sort of violation. That Apple approved apps inside their walled garden that obtained this number and distributed it to others is a clear violation of privacy rights.

        It would appear that Apple's flawed design allowed this to happen. Their walled garden approach on Apps only makes this worse, because they would be aware of what each app was doing. So they set up the situation to allow for violation of privacy, and then did nothing to stop it (and appear to have approved it on a number of apps).

        Sort of hard for the to wiggle out of this one.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Marcus Carab (profile), Dec 29th, 2010 @ 10:12am

      Re: If you create a walled garden

      I do see your point, but I think Mike is right that liability doesn't just become absolute.

      Lets say you run a market, and you check every product and vendor. You check them against your health and safety standards, and to ensure they aren't selling counterfeit goods or stolen property, then you let them in.

      Certainly you could be liable if they violated the things you specifically checked for. But are you also liable if they turn out to be doing something else entirely? Maybe constructing an illegal mailing list of their customers, or making unauthorized recordings of their conversations with them? It wouldn't make sense for your liability to extend to something you never took any responsibility for in the first place.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Berenerd (profile), Dec 29th, 2010 @ 5:54am

    I had a link...

    I will try and post it from home. i can't access it from here at work. Some of the issue is that part of making an app for that, was Apple actually states that for a program to be accepted it must follow guidelines, the guidelines state that no information should be passed onto 3rd parties unless that information is needed for the app to function. (such as my roommate has an app for him to get information on items she buys to see if there are coupons or sales going on anywhere nearby simply by scanning a barcode. the barcode can be sent to 3rd parties such as stores who participate in this app but her personal info such as her ID or her current location cannot be passed along). The problem is Apple is doing a piss-poor job of policing this and can end up causing more security issues (such as location spam and the like). The makers of some of these things are also listed as defendants such as the weather channel APP and some app where you can pet some cat in the belly and punch him knocking him out...There were a few others listed in the article (I think it was on CNET but not positive)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 29th, 2010 @ 7:19am

    I think Apple is on the hook because they specifically made this possible, and approved apps that take advantage of the "feature". It would be something that could possibly be changed in the OS that would no longer expose this critical information so easily to apps. It is an entirely unique identifier that makes the phone "tracked for life". Combine that in an app with perhaps a user signup for a site, and you could have all of their personal information and make each phone personally identifiable.

    Apple could fix it with an OS update, I am sure.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    kemcha (profile), Dec 29th, 2010 @ 8:23am

    Techdirt, Get Your Facts Straight

    Techdirt, don't you guys ever do research on your articles before you publish them? I'm a repeat visitor and I love your articles but this is one time where your writer forgot to do his or her homework.

    First, the lawsuit was filed by the co-founder of Microsoft, Paul Allen, who is NOT a patent troll.

    Second, he filed the lawsuit against "several" companies who are violating the same patents that Paul Allen owns. Aol, Apple, eBay, Facebook, Google, Netflix, Office Depot, OfficeMax, Staples, Yahoo and YouTube are all companies who are named in the lawsuit.

    Third: The lawsuits involved:

    -- U.S. Patent No. 6,263,507, for "Browser for Use in Navigating a Body of Information, With Particular Application to Browsing Information Represented By Audiovisual Data."

    -- U.S. Patent No. 6,034,652, for "Attention Manager for Occupying the Peripheral Attention of a Person in the Vicinity of a Display Device."

    -- U.S. Patent No. 6,788,314, for "Attention Manager for Occupying the Peripheral Attention of a Person in the Vicinity of a Display Device."

    -- U.S. Patent No. 6,757,682, for "Alerting Users to Items of Current Interest."

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Dec 29th, 2010 @ 9:06am

      Re: Techdirt, Get Your Facts Straight

      You need to look back. TD has long since declares Paul Allen a patent troll, because he has the unmitigated gall to actually apply patents he received.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Dec 29th, 2010 @ 9:13am

        Re: Re: Techdirt, Get Your Facts Straight

        He received but actually don't produce anything, he failed to come to the market and want to extract a rent for more successful entrepreneurs which makes him a patent troll.

        That aside not sure why he is bringing this to this thread since what he posted here has nothing to do with what is being discussed, it is not about patents, it is about privacy or did I miss something.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Dec 29th, 2010 @ 9:24am

      Re: Techdirt, Get Your Facts Straight

      uh, no, you are mixing two lawsuits up completely.

      Paul Allen is not suing Apple regarding privacy protections, which is what this article is about.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Dec 29th, 2010 @ 10:01am

      Re: Techdirt, Get Your Facts Straight

      Techdirt, don't you guys ever do research on your articles before you publish them? I'm a repeat visitor and I love your articles but this is one time where your writer forgot to do his or her homework.

      Kinda funny to call us out on not doing our research when your comment is about an entirely unrelated lawsuit.

      Thanks for playing.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 29th, 2010 @ 9:09am

    Wideband GSM Sniffing

    http://events.ccc.de/congress/2010/Fahrplan/events/4208.en.html

    http://srlabs.de/research/decrypt ing_gsm/

    I wonder if they will sue the phone companies too since GSM now can be broken with 4 disposable cellphones and a laptop and they still didn't upgrade or secure GSM.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    kemcha (profile), Dec 29th, 2010 @ 9:21am

    Techdirt, Get Your Facts Straight

    Fact is, that it really doesn't matter whether he's a patent troll or not. He received his patents back in the 90's, which, according to Slashdot articles and Google searches, benefited Microsoft and Google.

    Now that multiple companies are abusing his patents, without paying for the right to use those patents, everyone's saying he doesn't have a right to request compensation from the courts?

    That's akin to saying that if I'm in my yard and the neighbor's dog broke free from his yard and came over iinto my property and bit me that I don't have the right to sue.

    Believe what you want, but a patent is akin to property. If you want to use that "property" then you have to ask permission to use it. If you use that "property" without permission or without compensation then you accept the responsibility that comes from the illegal use of that "property."

    The one thing that Paul Allen might have going for him is his connection to Microsoft and the fact is that there's a likely possibility that he's going to win.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Michael, Dec 29th, 2010 @ 9:35am

    bias much?

    This articel would not be written as such if it were anyone but Apple being sued... the bias is apparent.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Dec 29th, 2010 @ 10:03am

      Re: bias much?

      This articel would not be written as such if it were anyone but Apple being sued... the bias is apparent.


      This may be the funniest comment of the day. I'm almost always accused of hating on Apple. So suddenly you think I'm siding with them? How does that make any "bias" apparent?

      Furthermore, if you read this site (hell read just the links in this post), you'll note that I've condemned lots of similar class action lawsuits.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Monica, Jan 4th, 2011 @ 3:58pm

    I think apple had this one coming, why should they be tracking third parties.

    Free iTunes Codes
    iPod Redeem Codes

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This