Class Action Fishing: Apple Sued Over Third Party User Tracking

from the seems-like-a-stretch dept

One of those class action specialist lawsuit firms, who seem to file lawsuits mostly designed to make the lawyers money, rather than correct any sort of improper actions, has sued Apple and some app makers over supposed privacy violations. At issue is the fact that some apps pass on the unique UDID code that is associated with each iPhone to advertisers. This lets advertisers track the same user across multiple apps -- similar, in some sense, to a browser cookie. The "difference" is that a browser cookie is deletable, while you're stuck with your UDID. This all came out a couple weeks ago in a WSJ article, and since these kinds of lawyers are opportunists, they're always quick to jump on any lawsuit opportunity whenever the press highlights a story like this.

Not surprisingly, it appears this case is yet another attempt to abuse the CFAA (Computer Fraud and Abuse Act), which is generally thought of as an anti-hacking law, but which is continulously stretched and abused to pull in other situations. In this case, the lawyers are claiming that accessing the UDID without permission is the equivalent of accessing a computer without authorization. Think about that for a second and then realize how silly this is. No one is hacking anything to get this info. The info is made available, and so it's been shared. Using the CFAA here is ridiculous. They also seek to use a similar California anti-hacking law in a similar way. This is clearly not what those laws are intended for.

Furthermore, it seems silly to blame Apple for the way that some app providers are sharing data. To get around this issue, the lawyers rely on two key points. First, that Apple itself recently changed its terms to ban apps from sending data to third parties such as ad networks. Of course, most people realized this was not about protecting privacy, but about forcing developers to use Apple's own ad platform. Second, the fact that Apple approves each of the apps in the marketplace. I know that some people assume this automatically adds liability to Apple for anything those apps do, but that seems like a bit of a stretch as well. It's ridiculous to assume that Apple tests all aspects of an app, and thus becomes liable for anything those apps do.

All in all this looks like yet another attempt by some lawyers to take some fear mongering and make some money out of it. It's not going to do anything to protect anyone's actual privacy.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ads, apps, class action, iphones, privacy
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 29 Dec 2010 @ 2:51am

    Seems to me that this has the potential to prevent apps from UDID, which would in fact improve privacy, if only in this case. Apple in fact does examine many aspects of what apps do, as it has rejected many apps for far less invasive practices. It would be trivial to have an app detected as requesting this unique ID.

    While this country is beyond suit-happy, does techdirt have another option in terms of changing corporate behavior rather than threat of monetary loss?

    link to this | view in thread ]

  2. icon
    cm6029 (profile), 29 Dec 2010 @ 4:40am

    I'm afraid I disagree on this one. If Apple didn't take the heavy handed approach to app approval, then you could make a case for absolving them of responsibility in this. However, I think they are in it up to their eyeballs having put their stamp of approval on these invasive apps. I believe Android would have a stronger case for being absolved of liability because of their 'you choose' approach.

    Perhaps I'm not quite as trusting of companies mining my data in a way that I don't have oversight on, and I think I still prefer an 'opt-in' choice rather than 'opt-out', and I personally have found Apple's attitude a bit too invasive to make me comfortable. Granted, their corporate policy is their choice, by my choice not to agree with it is mine.

    link to this | view in thread ]

  3. identicon
    Michael, 29 Dec 2010 @ 4:41am

    Re:

    Competition seems like it could solve this one. It seems like a much better option than abusing an anti-hacking law.

    As a consumer, you have the ability to select the apps you buy. Don't buy the ones that use your information in ways you are uncomfortable with. If that does not suit you - don't buy an iPhone.

    link to this | view in thread ]

  4. icon
    The Mighty Buzzard (profile), 29 Dec 2010 @ 4:57am

    Re: Re:

    Agreed. There's no need to criminalize stupid business decisions on either side of the equation. Whether the decision is sticking with models that are being harmed by foolish resistance to change or making changes that piss off the customers. The market can and will sort out almost any instance of uncommon stupidity if simply left alone.

    link to this | view in thread ]

  5. icon
    Jimmy The Geek (profile), 29 Dec 2010 @ 5:42am

    If you create a walled garden

    Then you are taking responsibility for everything that happens inside the garden.

    If Apple was just providing a space for vendors to use, like a street for any vendor to set up shop, then common carrier status would protect them.

    But since they are looking at every product and vendor that enters the market they accept full responsibility for everything, good or bad.

    link to this | view in thread ]

  6. icon
    Berenerd (profile), 29 Dec 2010 @ 5:54am

    I had a link...

    I will try and post it from home. i can't access it from here at work. Some of the issue is that part of making an app for that, was Apple actually states that for a program to be accepted it must follow guidelines, the guidelines state that no information should be passed onto 3rd parties unless that information is needed for the app to function. (such as my roommate has an app for him to get information on items she buys to see if there are coupons or sales going on anywhere nearby simply by scanning a barcode. the barcode can be sent to 3rd parties such as stores who participate in this app but her personal info such as her ID or her current location cannot be passed along). The problem is Apple is doing a piss-poor job of policing this and can end up causing more security issues (such as location spam and the like). The makers of some of these things are also listed as defendants such as the weather channel APP and some app where you can pet some cat in the belly and punch him knocking him out...There were a few others listed in the article (I think it was on CNET but not positive)

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 29 Dec 2010 @ 7:19am

    I think Apple is on the hook because they specifically made this possible, and approved apps that take advantage of the "feature". It would be something that could possibly be changed in the OS that would no longer expose this critical information so easily to apps. It is an entirely unique identifier that makes the phone "tracked for life". Combine that in an app with perhaps a user signup for a site, and you could have all of their personal information and make each phone personally identifiable.

    Apple could fix it with an OS update, I am sure.

    link to this | view in thread ]

  8. icon
    kemcha (profile), 29 Dec 2010 @ 8:23am

    Techdirt, Get Your Facts Straight

    Techdirt, don't you guys ever do research on your articles before you publish them? I'm a repeat visitor and I love your articles but this is one time where your writer forgot to do his or her homework.

    First, the lawsuit was filed by the co-founder of Microsoft, Paul Allen, who is NOT a patent troll.

    Second, he filed the lawsuit against "several" companies who are violating the same patents that Paul Allen owns. Aol, Apple, eBay, Facebook, Google, Netflix, Office Depot, OfficeMax, Staples, Yahoo and YouTube are all companies who are named in the lawsuit.

    Third: The lawsuits involved:

    -- U.S. Patent No. 6,263,507, for "Browser for Use in Navigating a Body of Information, With Particular Application to Browsing Information Represented By Audiovisual Data."

    -- U.S. Patent No. 6,034,652, for "Attention Manager for Occupying the Peripheral Attention of a Person in the Vicinity of a Display Device."

    -- U.S. Patent No. 6,788,314, for "Attention Manager for Occupying the Peripheral Attention of a Person in the Vicinity of a Display Device."

    -- U.S. Patent No. 6,757,682, for "Alerting Users to Items of Current Interest."

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 29 Dec 2010 @ 9:06am

    Re: Techdirt, Get Your Facts Straight

    You need to look back. TD has long since declares Paul Allen a patent troll, because he has the unmitigated gall to actually apply patents he received.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 29 Dec 2010 @ 9:09am

    Wideband GSM Sniffing

    http://events.ccc.de/congress/2010/Fahrplan/events/4208.en.html

    http://srlabs.de/research/decrypt ing_gsm/

    I wonder if they will sue the phone companies too since GSM now can be broken with 4 disposable cellphones and a laptop and they still didn't upgrade or secure GSM.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 29 Dec 2010 @ 9:13am

    Re: Re: Techdirt, Get Your Facts Straight

    He received but actually don't produce anything, he failed to come to the market and want to extract a rent for more successful entrepreneurs which makes him a patent troll.

    That aside not sure why he is bringing this to this thread since what he posted here has nothing to do with what is being discussed, it is not about patents, it is about privacy or did I miss something.

    link to this | view in thread ]

  12. icon
    kemcha (profile), 29 Dec 2010 @ 9:21am

    Techdirt, Get Your Facts Straight

    Fact is, that it really doesn't matter whether he's a patent troll or not. He received his patents back in the 90's, which, according to Slashdot articles and Google searches, benefited Microsoft and Google.

    Now that multiple companies are abusing his patents, without paying for the right to use those patents, everyone's saying he doesn't have a right to request compensation from the courts?

    That's akin to saying that if I'm in my yard and the neighbor's dog broke free from his yard and came over iinto my property and bit me that I don't have the right to sue.

    Believe what you want, but a patent is akin to property. If you want to use that "property" then you have to ask permission to use it. If you use that "property" without permission or without compensation then you accept the responsibility that comes from the illegal use of that "property."

    The one thing that Paul Allen might have going for him is his connection to Microsoft and the fact is that there's a likely possibility that he's going to win.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 29 Dec 2010 @ 9:24am

    Re: Techdirt, Get Your Facts Straight

    uh, no, you are mixing two lawsuits up completely.

    Paul Allen is not suing Apple regarding privacy protections, which is what this article is about.

    link to this | view in thread ]

  14. identicon
    Michael, 29 Dec 2010 @ 9:35am

    bias much?

    This articel would not be written as such if it were anyone but Apple being sued... the bias is apparent.

    link to this | view in thread ]

  15. icon
    Mike Masnick (profile), 29 Dec 2010 @ 9:58am

    Re:

    I'm afraid I disagree on this one. If Apple didn't take the heavy handed approach to app approval, then you could make a case for absolving them of responsibility in this. However, I think they are in it up to their eyeballs having put their stamp of approval on these invasive apps. I believe Android would have a stronger case for being absolved of liability because of their 'you choose' approach.

    I agree that Apple has a higher likelihood of liability because they do take on some responsibility for approving apps. But I'm troubled by the suggestion that if you review *some* aspects of an app, you've now taken on liability for *all* aspects of that app.

    In the case law around things like Section 230, this sort of argument has generally been rejected. That is, in the case law, if you (for example) moderate comments on an email list, it does not make you responsible for libelous messages that others wrote, but which you approved.

    I would think the same thing applies here.

    Perhaps I'm not quite as trusting of companies mining my data in a way that I don't have oversight on, and I think I still prefer an 'opt-in' choice rather than 'opt-out', and I personally have found Apple's attitude a bit too invasive to make me comfortable. Granted, their corporate policy is their choice, by my choice not to agree with it is mine.

    I agree, but that's a market choice. I'm not sure this lawsuit should apply.

    link to this | view in thread ]

  16. icon
    Mike Masnick (profile), 29 Dec 2010 @ 10:00am

    Re: If you create a walled garden

    But since they are looking at every product and vendor that enters the market they accept full responsibility for everything, good or bad.

    Again, as I stated above, I don't believe this makes sense, and I don't believe it's how the law views things. If you look at the caselaw on Section 230, it does say that if you're a service provider who reviews *some* aspects of content that you moderate, it does not make you liable for everything in that content.

    I think it's a leap to say because Apple reviews apps to make sure they work, it means they also take responsibility for sneaky things the apps do. Think through the implications of that.

    link to this | view in thread ]

  17. icon
    Mike Masnick (profile), 29 Dec 2010 @ 10:01am

    Re: Techdirt, Get Your Facts Straight

    Techdirt, don't you guys ever do research on your articles before you publish them? I'm a repeat visitor and I love your articles but this is one time where your writer forgot to do his or her homework.

    Kinda funny to call us out on not doing our research when your comment is about an entirely unrelated lawsuit.

    Thanks for playing.

    link to this | view in thread ]

  18. icon
    Mike Masnick (profile), 29 Dec 2010 @ 10:03am

    Re: bias much?

    This articel would not be written as such if it were anyone but Apple being sued... the bias is apparent.


    This may be the funniest comment of the day. I'm almost always accused of hating on Apple. So suddenly you think I'm siding with them? How does that make any "bias" apparent?

    Furthermore, if you read this site (hell read just the links in this post), you'll note that I've condemned lots of similar class action lawsuits.

    link to this | view in thread ]

  19. icon
    Marcus Carab (profile), 29 Dec 2010 @ 10:04am

    Re:

    Consumer pressure on Apple and on developers could certainly minimize the use of UDIDs, and Apple would likely eventually add a developer guideline banning the practice, and then they would add that check to their standard roster of tests (though whether or not there really is a consistent standard for the app store is debatable)

    The point is not that accessing the UDIDs is a good thing, but that it's probably not an illegal thing - and it's definitely not in violation of anti-hacking laws. If these lawyers want to pore over all the contracts and licenses and EULAs involved and show that a law actually was broken, then they are free to do so - but they should not twist a law that was clearly never intended to apply to situations like this just so they can launch a class-action.

    Abuse of the law can sometimes bring desirable short-term effects, but in the long run it is always bad.

    link to this | view in thread ]

  20. icon
    Marcus Carab (profile), 29 Dec 2010 @ 10:12am

    Re: If you create a walled garden

    I do see your point, but I think Mike is right that liability doesn't just become absolute.

    Lets say you run a market, and you check every product and vendor. You check them against your health and safety standards, and to ensure they aren't selling counterfeit goods or stolen property, then you let them in.

    Certainly you could be liable if they violated the things you specifically checked for. But are you also liable if they turn out to be doing something else entirely? Maybe constructing an illegal mailing list of their customers, or making unauthorized recordings of their conversations with them? It wouldn't make sense for your liability to extend to something you never took any responsibility for in the first place.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 29 Dec 2010 @ 11:24am

    Re: Re: If you create a walled garden

    Apple by design makes the ID number available to third party apps. By design, the phone is allowing this sort of violation. That Apple approved apps inside their walled garden that obtained this number and distributed it to others is a clear violation of privacy rights.

    It would appear that Apple's flawed design allowed this to happen. Their walled garden approach on Apps only makes this worse, because they would be aware of what each app was doing. So they set up the situation to allow for violation of privacy, and then did nothing to stop it (and appear to have approved it on a number of apps).

    Sort of hard for the to wiggle out of this one.

    link to this | view in thread ]

  22. identicon
    Monica, 4 Jan 2011 @ 3:58pm

    I think apple had this one coming, why should they be tracking third parties.

    Free iTunes Codes
    iPod Redeem Codes

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.