Facebook sued for violating wiretap laws with tracking cookies

By Emil Protalinski | October 14, 2011 Brooke Rutledge of Mississippi has joined a growing number of Facebook users who are suing the social networking giant over allegations that it violates federal wiretap laws. Facebook may not be a phone company, but it has been accused multiple times of using cookies to track users even after they log out of the service. [Facebook] has since twice denied the allegations, and has also twice fixed the issue. In addition to this one, several similar lawsuits have been filed in other states, including Kansas, Kentucky, and Louisiana. The Mississippi lawsuit, which seeks class action status for millions of Facebook users, was filed this week at the US District Court in Mississippi. Brooke asserts claims for breach of contract, unjust enrichment, trespassing, and invasion of privacy. "Leading up to September 23, 2011, Facebook tracked, collected, and stored its users' wire or electronic communications, including but not limited to portions of their internet browsing history even when the users were not logged-in to Facebook," the complaint states. "Plaintiff did not give consent or otherwise authorize Facebook to intercept, track, collect, and store her wire or electronic communications, including but not limited to her internet browsing history when not logged-in to Facebook." Last week, John Graham filed a federal lawsuit in US District Court in Kansas against the social networking giant. Graham is asking the federal court to decide whether the interception was intentional, the extent of communications intercepted and stored, and whether the court should prohibit Facebook from intercepting such communications when a user is not logged in. He is also seeking a preliminary and temporary injunction restraining Facebook from intercepting electronic information when users are not logged in and from disclosing any of the information already acquired on its servers. Last but not least, the lawsuit seeks statutory damages of $100 per day for each of the class members or $10,000 per violation, punitive damages along with attorney fees and court costs. Also last week, Facebook user David Hoffman filed a federal lawsuit in US District Court in Kentucky against the social networking giant. Hoffman is asking a judge to grant the suit class-action status. Hoffman's lawsuit also seeks an injunction restraining Facebook from intercepting electronic information when users aren't logged in and from disclosing any of the information already acquired. Last but not least, it seeks damages of $100 per day for each of the class members or $10,000 per violation, along with an undisclosed amount in punitive damages. Each of these lawsuits has been filed under a provision of the federal Wiretap Act that prohibits interception of wire, oral, or electronic communications. Facebook is being accused of violating said wiretap laws with tracking cookies that records users' online activity even when they are not logged into the service. Similar cases against Facebook and others filed under the wiretap law have been thrown out because browser cookies are simply not considered wiretaps and plaintiffs have difficulty proving any harm. Last month, self-proclaimed hacker Nik Cubrilovic accused Facebook of tracking its users even if they log out of the social network. He explained that even after logging out of the service, whenever he visited a website that had a Facebook plugin, information including his account ID was still being sent to Facebook headquarters. The company responded by denying the claims and offering an explanation as to why its cookies behave the way they do. They explained that it does not track users across the Web and its cookies are used to personalize content. As for the logged-out cookies, Facebook said they are used for safety and protection. After a long technical discussion, Cubrilovic confirmed Facebook made changes to the logout process, and that the cookies in question now behave as they should. They still exist, but they no longer send back personally-identifiable information after you log out. The company also took the time to explain what each cookie is responsible for. [] http://www.zdnet.com/blog/facebook/facebook-sued-for-violating-wiretap-laws-with-tracking-cookies/4687