A US federal appeals court says the maker of an online spying tool can be sued on accusations of wiretapping. The federal lawsuit was brought by a man whose e-mail and instant messages to a woman were captured by the husband of the woman. That husband used that data as a “battering ram” as part of his 2010 divorce proceedings.
It’s the second time in a week that a federal court has ruled in a wiretapping case—in favor of a person whose online communications were intercepted without consent. The other ruling was against Google. A judge ruled that a person not using Gmail who sent e-mail to another person using Gmail had not consented to Gmail’s automatic scanning of the e-mail for marketing purposes. Hence, Google could be sued (PDF) for alleged wiretapping violations.
For the moment, the two outcomes are a major victory for privacy. But the reasoning in the lawsuit against the makers of the WebWatcher spy program could have ramifications far beyond the privacy context—and it places liability on the producers of spyware tools.
Plaintiff said he was not aware of the terms and never clicked on the terms when he ordered or when he received the email. The court says that enforceability of so-called “browsewrap” agreements is something yet to be addressed by California appellate courts. (!) It looks to Specht and Nguyen, from the Second and Ninth Circuits respectively. The key question under those cases is whether the presentation of the website (the user experience) would put a reasonable consumer on inquiry notice. One way to do this is to include a hyperlink in close proximity to where the user must take action. (See Fagerstrom.) Even assuming proximity of the hyperlink to where the user must take action, courts finding these contracts enforceable have typically required something to advise the users to click on the terms. ProFlowers failed that test here. The court says:
Case citation: Long v. Provide Commerce, Inc., B257910 (Cal. Ct. App. Mar. 17, 2016) [pdf].
Amy Abeloff & Robert B. Milligan
On October 20, 2015, a Ninth Circuit panel consisting of Chief Judge Sidney Thomas and Judges M. Margaret McKeown and Stephen Reinhardt heard oral argument from the U.S. Department of Justice and counsel for David Nosal on Nosal’s criminal conviction arising under the Computer Fraud and Abuse Act (CFAA). In 2013, Nosal was found to have violated the CFAA by allegedly conspiring to obtain access to company information belonging to his former employer, executive search firm Korn Ferry, through the borrowing of another employee’s login password. He was also convicted of trade secret misappropriation under the Economic Espionage Act.
Millions of websites used in e-commerce and other sensitive industries are vulnerable to remote take-over hacks made possible by a critical vulnerability that has affected the Joomla content management system for almost two years.
The SQL-injection vulnerability was patched by Joomla on Thursday with the release of version 3.4.5. The vulnerability, which allows attackers to execute malicious code on servers running Joomla, was first introduced in version 3.2 released in early November 2013. Joomla is used by an estimated 2.8 million websites.
“Because the vulnerability is found in a core module that doesn’t require any extensions, all websites that use Joomla versions 3.2 and above are vulnerable,” Asaf Orpani, a researcher inside Trustwave’s Spiderlabs, wrote in a blog post. The vulnerability, and two closely related security flaws, have been cataloged as CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858.
This lawsuit against Google alleges that Google unfairly benefits from deploying a CAPTCHA process when users sign up for free gmail accounts. Specifically, the complaint alleged that Google unnecessarily included a second image in the CAPTCHA, and it relies on users who sign up to freely transcribe “scanned images of books and newspapers, and also to decipher addresses found in images captured as part of [Google’s] Street View project.” The user is not compensated for having to transcribe the second image, but the complaint alleged that Google profited from its various digitization and transcription initiatives.
There was no dispute that the user signed up and clicked on the “I agree” to the terms of service in the process. The terms of service contain a forum selection clause, requiring disputes to be brought in the Northern District of California.
Plaintiff argued that the terms only applied to the Gmail service and the claims on the other hand arise from the reCAPTCHA service. The court rejects this argument, saying that the terms (and forum selection clause) apply to claims “arising out of or relating to” the services, and this includes the reCAPTCHA process as well.