In re Google Referrer Header Privacy Litigation
Filing
39
AMENDED COMPLAINT (SECOND) against All Defendants. Filed byPaloma Gaos. (Aschenbrener, Michael) (Filed on 5/1/2012)
<![CDATA[
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page1 of 43
1
2
3
4
5
6
7
8
9
10
KASSRA P. NASSIRI (215405)
(knassiri@nassiri-jung.com)
CHARLES H. JUNG (217909)
(cjung@nassiri-jung.com)
NASSIRI & JUNG LLP
47 Kearny Street, Suite 700
San Francisco, California 94108
Telephone: (415) 762-3100
Facsimile: (415) 534-3200
MICHAEL J. ASCHENBRENER (277114)
mja@aschenbrenerlaw.com
ASCHENBRENER LAW, P.C.
795 Folsom Street, First Floor
San Francisco, California 94107
Telephone: (415) 813-6245
Fax: (415) 813-6246
ATTORNEYS FOR PLAINTIFFS AND THE PUTATIVE CLASS
11
UNITED STATES DISTRICT COURT
12
NORTHERN DISTRICT OF CALIFORNIA
13
14
15
16
SAN JOSE DIVISION
PALOMA GAOS and ANTHONY
ITALIANO, individually and on behalf of all
others similarly situated,
Plaintiff,
17
18
v.
19
GOOGLE INC., a Delaware corporation,
20
Defendant.
21
)
)
)
)
)
)
)
)
)
)
)
)
Case No. 5:10-CV-4809-EJD
SECOND AMENDED COMPLAINT
CLASS ACTION
JURY TRIAL DEMANDED
Original Complaint filed: October 25, 2010
22
23
24
25
26
27
28
SECOND AMENDED COMPLAINT
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page2 of 43
1
Plaintiffs Paloma Gaos and Anthony Italiano bring this suit on behalf of themselves
2
and all others similarly situated, and make the following allegations on information and
3
belief, except as to allegations pertaining to Plaintiffs, which are based on their personal
4
knowledge:
INTRODUCTION
5
6
1.
Plaintiffs bring this class action complaint against Google Inc. (“Google”) for
7
intentionally, systematically and repeatedly divulging its users’ search queries to third
8
parties. This practice adversely impacts billions of searches conducted by millions of
9
consumers.
10
2.
Google, the largest search engine in the United States, has repeatedly touted
11
the numerous ways in which it protects user privacy, particularly with regard to the terms that
12
consumers search for using the company’s search engine. Over protests from privacy
13
advocates, however, Google has consistently and intentionally designed its services to ensure
14
that user search queries, which often contain highly-sensitive and personally-identifiable
15
information (“PII”), are routinely transferred to marketers, data brokers, and sold and resold
16
to countless other third parties.
17
3.
The user search queries disclosed to third parties contain, without limitation,
18
users’ real names, street addresses, phone numbers, credit card numbers, social security
19
numbers, financial account numbers and more, all of which increases the risk of identity
20
theft. User search queries also contain highly-personal and sensitive issues, such as
21
confidential medical information, racial or ethnic origins, political or religious beliefs or
22
sexuality, which are often tied to the user’s personal information.
23
4.
In many instances, the information contained in disclosed search queries does
24
not directly identify the Google user. Through the reidentification (explained below) or
25
deanonymizing of data, however, the information contained in search queries can and, on
26
information and belief, are associated with the actual names of Google users. Computer
27
28
SECOND AMENDED COMPLAINT
1
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page3 of 43
1
science academics and privacy experts are calling for the reexamination of privacy concerns
2
in light of the growing practice and power of reidentification.
3
5.
Google has acknowledged that search query information alone may reveal
4
sensitive PII. And Google has demonstrated that it could easily stop disclosing search query
5
information to third parties, without disrupting the effectiveness of its service to its users, if it
6
wished to do so. But because the real-time transmission of user search queries increases
7
Google’s profitability, it chooses not to utilize the demonstrated technology that would
8
prevent the disclosure of its users’ PII.
9
6.
Moreover, in October 2011, Google confirmed that it is, in effect, selling
10
individual user search queries to advertisers. In October 2011, Google started proactively
11
scrubbing user search queries from the information it passes on to third parties when some
12
users click on regular, organic search results, but would continue sending search queries to
13
third parties when all users click on paid listings. While this is, in a way, a small win for
14
privacy advocates, it also demonstrates just how valuable the search queries are to Google
15
and others: Google no longer gives away this precious data for free, but will do so when it
16
gets paid for it.
PARTIES
17
18
19
20
7.
Plaintiff Paloma Gaos is a resident of San Francisco County, California.
Plaintiff has at all material times been a user of Google’s search engine services.
8.
Plaintiff Anthony Italiano is a resident of Pasco County, Florida. Plaintiff has
21
at all material times been a registered Google Accounts user and a user of Google’s search
22
engine services.
23
9.
Defendant Google Inc. (“Google”) is a Delaware corporation that maintains
24
its headquarters in Mountain View, Santa Clara County, California. Google conducts
25
business throughout California and the nation from California. Google makes and
26
implements all relevant decisions, including those at issue in this case, in California. Its
27
Terms of Service and Privacy Policy were decided on and implemented in California.
28
SECOND AMENDED COMPLAINT
2
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page4 of 43
JURISDICTION AND VENUE
1
2
10.
This Court has personal jurisdiction over Google because (a) a substantial
3
portion of the wrongdoing alleged in this complaint took place in this state, (b) Google is
4
authorized to do business here, has sufficient minimum contacts with this state, and/or
5
otherwise intentionally avails itself of the markets in this state through the promotion,
6
marketing and sale of products and services in this state, and (c) in its Terms of Service, to
7
which all users of Google Search, including Plaintiffs, must assent, Google consents to the
8
personal jurisdiction of this Court:
9
The laws of California, U.S.A., excluding California’s conflict of
laws rules, will apply to any disputes arising out of or relating to
these terms or the Services. All claims arising out of or relating to
these terms or the Services will be litigated exclusively in the
federal or state courts of Santa Clara County, California, USA, and
you and Google consent to personal jurisdiction in those courts.
10
11
12
13
14
15
16
17
18
19
11.
This Court has subject matter jurisdiction pursuant to 28 U.S.C. § 1331, 18
U.S.C. § 2702 and 18 U.S.C. § 2707. This Court has supplemental jurisdiction over the
California state law claims pursuant to 28 U.S.C. § 1367.
12.
Venue is proper in this District under 28 U.S.C. § 1391(b) and (c). A
substantial portion of the events and conduct giving rise to the violations of law complained
of herein occurred in this District.
INTRADISTRICT ASSIGNMENT
20
21
22
13.
Pursuant to Civil Local Rule 3-2(e), this case shall be assigned to the San Jose
Division.
STATEMENT OF FACTS
23
24
A.
1.
25
26
27
Google’s Search Business
14.
Google’s Dominance in Search
“Searching” is one of the most basic activities performed in the Internet. Most
everyone with access to the Internet uses search engines to find information on the Internet.
28
SECOND AMENDED COMPLAINT
3
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page5 of 43
1
When using a search engine, users formulate a search query using keywords and phrases
2
reflecting the information sought by the user. The search engine then matches the search
3
query with websites matching the query and provides a list of those matching websites to the
4
user. The user clicks on the link in the resulting list and is redirected to the website
5
containing the sought-after information.
6
15.
Google’s core service centers on its proprietary search engine. Google runs
7
millions of servers in data centers around the world and processes over one billions user-
8
generated search requests every day. On information and belief, Google is the most-used
9
search engine in the world and enjoys a market share of over 50% in the United States.
10
16.
Google generates substantial profits from selling advertising. The revenue it
11
generates is derived from offering search technology and from the related sale of advertising
12
displayed on its site and on other sites across the web. On information and belief, over 99%
13
of Google’s revenue is derived from its advertising programs, with total advertising revenues
14
estimated at $28 billion in 2010 and $36.5 billion in 2011. Google has implemented various
15
innovations in the online advertising market that helped make it one of the biggest
16
advertising platforms in the world.
17
17.
Google AdWords is Google’s main advertising product and source of
18
advertising revenue. The AdWords program allows advertisers to select a list of words that,
19
when entered by users in a search query, trigger their targeted ads. When a user includes
20
words that match an advertiser’s selections within a search query, paid advertisements are
21
shown as “sponsored links” on the right side of the search results screen. Accordingly, much
22
of Google’s advertising revenue depends directly on the search queries that its users run on
23
Google search.
24
18.
Using technology from its wholly-owned subsidiary DoubleClick, Google can
25
also determine user interests and target advertisements so they are relevant to their context
26
and the user that is viewing them. Google’s Analytics product allows website owners to track
27
where and how people use their website, allowing in-depth research to get users to go where
28
SECOND AMENDED COMPLAINT
4
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page6 of 43
1
you want them to go.
19.
2
Third-party search engine optimization (“SEO”) companies help businesses
3
design their websites so that users conducting internet search using search engines like
4
Google get search results containing their business at or near the top of the search results
5
page. SEOs accomplish this task by ensuring that a business’s relevant pages are designed to
6
work with Google’s search algorithms. Google has a symbiotic relationship with SEOs.
7
Google wants relevant results at the top of their search results page, and SEOs want their
8
customers’ relevant webpages to appear at the top of Google’s search results. To the extent
9
that SEOs are successful in getting their clients’ relevant pages to appear at or near the top of
10
Google’s search results page, users are more likely to return to Google next time they want to
11
search for information on the internet. And the more people use Google for search, the more
12
revenue Google derives from its advertising business.
2.
13
20.
14
Google’s Privacy Promises
Leading thinkers in the privacy community have long argued that consumers
15
“treat the search [engine] box like their most trusted advisors. They tell the Google search
16
box what they wouldn’t tell their own mother, spouse, shrink or priest.”1 Peer reviewed
17
academic studies confirm this fact, particularly regarding the use of search engines to look up
18
sensitive health information.2
21.
19
20
Google has always recognized that user trust is paramount to its search
business success. To that end, Google adopted “Don’t be evil” as its motto, and Google states
21
22
23
24
25
26
27
1
Christopher Ketchum & Travis Kelly, The Cloud Panopticon (April 9, 2010),
http://www.theinvestigativefund.org/investigations/rightsliberties/1274/the_cloud_panoptico
n (last visited October 24, 2010).
2
Gunther Eysenbach and Christian Köhler, How do consumers search for and appraise health
information on the world wide web? Qualitative study using focus groups, usability tests, and
in-depth interviews, BMJ 2002; 324:573, available at
http://www.bmj.com/cgi/content/full/324/7337/573.
28
SECOND AMENDED COMPLAINT
5
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page7 of 43
1
that its Code of Conduct is one of the ways it puts that motto into practice.3 Google’s Code of
2
Conduct recognizes that it is “asking users to trust [it] with their personal information.
3
Preserving that trust requires that each of us respect and protect the privacy of that
4
information. Our security procedures strictly limit access to and use of users’ personal
5
information.”4
22.
6
Because Google’s success depends on gaining the trust of its users, Google’s
7
Privacy Policy sets forth representations intended to foster the safety and privacy protection
8
offered by Google’s search services. As of October 14, 2005, Google’s Privacy Policy5 stated
9
as follows:
10
Google only shares personal information with other companies or individuals outside
of Google in the following limited circumstances:
11
12
•
We have your consent. We require opt-in consent for the sharing of any
sensitive personal information.
•
We provide such information to our subsidiaries, affiliated companies or other
trusted businesses or persons for the purpose of processing personal
information on our behalf. We require that these parties agree to process such
information based on our instructions and in compliance with this Policy and
any other appropriate confidentiality and security measures.
•
We have a good faith belief that access, use, preservation or disclosure of such
information is reasonably necessary to (a) satisfy any applicable law,
regulation, legal process or enforceable governmental request, (b) enforce
applicable Terms of Service, including investigation of potential violations
thereof, (c) detect, prevent, or otherwise address fraud, security or technical
issues, or (d) protect against imminent harm to the rights, property or safety of
Google, its users or the public as required or permitted by law.
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
3
Google’s Code of Conduct, http://investor.google.com/corporate/code-of-conduct.html (last
visited April 26, 2012).
4
Id.
5
Google’s October 14, 2005 Privacy Policy,
http://www.google.com/intl/en/privacy_archive_2005.html (last visited April 26, 2012).
28
SECOND AMENDED COMPLAINT
6
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page8 of 43
1
23.
2
3
4
5
6
7
8
information” as “information that [the user] provide[s] to us which personally identifies you,
such as your name, email address or billing information, or other data which can be
reasonably linked to such information by Google” and “Sensitive Information” as
“information we know to be related to confidential medical information, racial or ethnic
origins, political or religious beliefs or sexuality and tied to personal information. As of April
2012, Google no longer defines “Personal Information” at all in its Privacy Center FAQ.
24.
9
10
11
12
13
14
15
18
19
of users who searched for a particular term, for example, or how many users clicked on a
particular advertisement. Such information does not identify you individually.”6 Google
defined “aggregated, non-personal information” as “information that is recorded about users
and collected into groups so that it no longer reflects or references an individually
identifiable user.”7
25.
22
Google’s privacy policy was unchanged until October 3, 2010, when it was
revised to exclude any statement about how Google shares search queries with third parties.
The representations that Google shares information only in “limited circumstances” remained
unchanged.
26.
20
21
Google also stated in its October 14, 2005 Privacy Policy that “We may share
with third parties certain pieces of aggregated, non-personal information, such as the number
16
17
In October 2010, Google defined in its Privacy Center FAQ “Personal
On March 1, 2012, Google implemented a new, singular privacy policy for all
Google products.8 While the new policy has broad implications for how Google shares user
data internally, Google makes the following representations regarding how it shares data with
23
24
25
26
27
6
Google’s October 14, 2005 Privacy Policy, supra, n.5 (emphasis supplied).
Google’s October 14, 2005 Privacy FAQs,
http://web.archive.org/web/20070113102317/www.google.com/intl/en/privacy_faq.html (last
visited October 24, 2010) (emphasis supplied).
7
8
http://www.google.com/intl/en/policies/privacy/ (last visited April 26, 2012).
28
SECOND AMENDED COMPLAINT
7
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page9 of 43
1
third parties:9
2
Information we share
3
We do not share personal information with companies, organizations and individuals
outside of Google unless one of the following circumstances apply:
4
5
•
6
With your consent
We will share personal information with companies, organizations or individuals
outside of Google when we have your consent to do so. We require opt-in consent
for the sharing of any sensitive personal information.
7
8
•
9
With domain administrators
If your Google Account is managed for you by a domain administrator (for
example, for Google Apps users) then your domain administrator and resellers who
provide user support to your organization will have access to your Google Account
information (including your email and other data). Your domain administrator may
be able to:
10
11
12
13
o
14
o
o
15
o
16
o
17
o
view statistics regarding your account, like statistics regarding applications
you install.
change your account password.
suspend or terminate your account access.
access or retain information stored as part of your account.
receive your account information in order to satisfy applicable law,
regulation, legal process or enforceable governmental request.
restrict your ability to delete or edit information or privacy settings.
18
Please refer to your domain administrator’s privacy policy for more information.
19
•
20
For external processing
We provide personal information to our affiliates or other trusted businesses or
persons to process it for us, based on our instructions and in compliance with our
Privacy Policy and any other appropriate confidentiality and security measures.
21
22
•
23
For legal reasons
We will share personal information with companies, organizations or individuals
outside of Google if we have a good-faith belief that access, use, preservation or
disclosure of the information is reasonably necessary to:
24
25
26
27
9
Id.
28
SECOND AMENDED COMPLAINT
8
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page10 of 43
1
o
2
o
3
o
o
4
meet any applicable law, regulation, legal process or enforceable
governmental request.
enforce applicable Terms of Service, including investigation of potential
violations.
detect, prevent, or otherwise address fraud, security or technical issues.
protect against harm to the rights, property or safety of Google, our users
or the public as required or permitted by law.
5
We may share aggregated, non-personally identifiable information publicly and with
our partners – like publishers, advertisers or connected sites. For example, we may
share information publicly to show trends about the general use of our services.
6
7
If Google is involved in a merger, acquisition or asset sale, we will continue to ensure
the confidentiality of any personal information and give affected users notice before
personal information is transferred or becomes subject to a different privacy policy.
8
9
10
11
12
27.
Google makes similar representations about the privacy of its users’ search
queries on its video “Privacy Channel” on YouTube. In October 2010, Google showcased a
video on its Privacy Channel that starts with the statement “at Google, we make privacy a
13
priority in everything we do.”10 Google also stated in another privacy video from 2010 that
14
“We don’t sell user information to other companies.”11 In a 2011 video on its Privacy
15
16
17
Channel called “What is a search log?,” Google explains that it keeps logs of user search
queries for a short period of time, but does not disclose that it shares those search logs with
any third parties.12
18
19
20
21
28.
In 2010, Google reiterated its commitment to user privacy to the Federal
Trade Commission. In a letter to the FTC, Google wrote that it “supports the passage of a
comprehensive federal privacy law that … build[s] consumer trust … enact[s] penalties to
deter bad behavior ... include[s] uniform data safeguarding standards, data breach notification
22
23
24
10
Google’s Privacy Principles, http://www.youtube.com/watch?v=5fvL3mNt1g (January 26,
2010) (last visited October 25, 2010) (not available as of April 26, 2012).
11
26
Google’s Privacy Principles, http://googleblog.blogspot.com/2010/01/googlesprivacyprinciples.html at 1:44 (January 27, 2010, 7:00 p.m.) (last visited October 23, 2010)
(not available as of April 26, 2012).
27
http://www.youtube.com/watch?v=PIdfBUm0CPo&list=UUsB_OLJA28Nc47BihG2_Ww&index=6&feature=plcp (October 18, 2011) (last visited April 26, 2012).
25
12
28
SECOND AMENDED COMPLAINT
9
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page11 of 43
1
procedures, and stronger procedural protections relating to third party access to individuals’
2
information.”13 Google also wrote that it “acts every day to promote and expand free
3
expression online and increase global access to information. As new technology empowers
4
individuals with more robust free expression tools and greater access to information, we
5
believe that governments, companies, and individuals must work together to protect the right
6
to online free expression. Strong privacy protections must be crafted with attention to the
7
critical role privacy plays in free expression. The ability to access information anonymously
8
or pseudonymously online has enabled people around the world to view and create
9
controversial content without fear of censorship or retribution by repressive regimes or
10
disapproving neighbors … If all online behavior were traced to an authenticated identity, the
11
free expression afforded by anonymous web surfing would be jeopardized.”14
3.
12
29.
13
Google Admits Search Queries Contain Sensitive, Personal Data
In 2006, the Department of Justice sought to compel Google to produce
14
thousands of users’ individual search queries.15 As set forth in the Government’s subpoena, it
15
sought only “anonymized” data, namely, the text of the search string entered by Google
16
users, and not “any additional information that may be associated with such a text string that
17
would identify the person who entered the text string into the search engine, or the computer
18
from which the text string was entered.”16
30.
19
To its credit, Google fought the government’s request. In a declaration
20
submitted to the court describing the kind of personal information that can end up in the
21
company’s search query logs, Matt Cutts, a Senior Staff Engineer who specializes in search
22
23
24
25
13
Google’s April 14, 2010 letter to Donald S. Clark,
http://www.scribd.com/doc/30196432/FTCRoundtable-Comments-Final (last visited October
24, 2010).
14
26
Id.
15
Gonzales v. Google, 234 F.R.D. 674 (N.D. Cal. 2006) (No. 5:06-mc-80006-JW).
27
16
Id. at 682.
28
SECOND AMENDED COMPLAINT
10
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page12 of 43
1
optimization issues at Google, stated as follows:17
2
•
Google does not publicly disclose the searches [sic] queries entered into its
search engine. If users believe that the text of their search queries could
become public knowledge, they may be less likely to use the search engine for
fear of disclosure of their sensitive or private searches for information or
websites.
•
There are ways in which a search query alone may reveal personally
identifying information. For example, many internet users have experienced
the mistake of trying to copy-and-paste text into the search query box, only to
find that they have pasted something that they did not intended. Because
Google allows very long queries, it is possible that a user may paste a
fragment of an email or a document that would tie the query to a specific
person. Users could also enter information such as a credit card, a social
security number, an unlisted phone number or some other information that can
only be tied to one person. Some people search for their credit card or social
security number deliberately in order to check for identity theft or to see if any
of their personal information is findable on the Web.
3
4
5
6
7
8
9
10
11
12
13
31.
14
15
Similarly, in its Opposition to the Government’s Motion to Compel the
disclosure of Google users’ search queries, the company argued that:
16
•
Google users trust that when they enter a search query into a Google search
box, not only will they receive back the most relevant results, but that Google
will keep private whatever information users communicate absent a
compelling reason.18
•
The privacy and anonymity of the service are major factors in the attraction of
users – that is, users trust Google to do right by their personal information and
to provide them with the best search results. If users believe that the text of
their search queries into Google's search engine may become public
knowledge, it only logically follows that they will be less likely to use the
service.19
17
18
19
20
21
22
23
24
25
26
27
17
Declaration of Matt Cutts at 9, Gonzales v. Google, 234 F.R.D. 674 (N.D. Cal. 2006) (No.
5:06-mc-80006-JW).
18
Google’s Opposition to the Government’s Motion to Compel at 1, supra, n.12.
19
Id. at 18.
28
SECOND AMENDED COMPLAINT
11
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page13 of 43
1
•
2
3
4
5
6
32.
This is no minor fear because search query content can disclose identities and
personally identifiable information such as user-initiated searches for their
own social security or credit card numbers, or their mistakenly pasted but
revealing text.”20
In its order21 denying the Government’s request to discover Google users’
search queries, the Court shared Google’s concern that disclosing search queries would raise
serious privacy issues:
7
The Government contends that there are no privacy issues raised
by its request for the text of search queries because the mere text of
the queries would not yield identifiable information. Although the
Government has only requested the text strings entered … basic
identifiable information may be found in the text strings when
users search for personal information such as their social security
numbers or credit card numbers through Google in order to
determine whether such information is available on the Internet.
The Court is also aware of so-called ‘vanity searches,’ where a
user queries his or her own name perhaps with other information.
Google’s capacity to handle long complex search strings may
prompt users to engage in such searches on Google. Thus, while a
user’s search query reading ‘[username] stanford glee club’ may
not raise serious privacy concerns, a user’s search for ‘[user name]
third trimester abortion san jose,’ may raise certain privacy issues
as of yet unaddressed by the parties’ papers. This concern,
combined with the prevalence of Internet searches for sexually
explicit material — generally not information that anyone wishes
to reveal publicly — gives this Court pause as to whether the
search queries themselves may constitute potentially sensitive
information.
8
9
10
11
12
13
14
15
16
17
18
19
20
21
33.
22
Google’s awareness of the privacy concerns surrounding search queries was
23
also demonstrated in response to a massive disclosure of user search queries by AOL. In
24
August 2006, AOL released an “anonymized” dataset of 20 million search queries conducted
25
26
20
Id.
27
21
Gonzales, 234 F.R.D. at 687.
28
SECOND AMENDED COMPLAINT
12
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page14 of 43
1
by 658,000 AOL users over a three-month period.22 That data included search queries
2
revealing names, addresses, local landmarks, medical ailments, credit card numbers and
3
social security numbers.23
34.
4
In an article about the incident, the New York Times wrote that the AOL
5
dataset “underscored how much people unintentionally reveal about themselves when they
6
use search engines,” and referred to search queries about “depression and medical leave,”
7
“fear that spouse contemplates cheating,” “child porno,” and “how to kill oneself by natural
8
gas.”24
35.
9
Even more surprising, however, was that the New York Times journalists
10
were able to reidentify individual “anonymized” AOL search users due to the vanity searches
11
they had conducted, and then link other, non-vanity search queries in the dataset to those
12
individuals through the crosssession identifiers (cookies) included in the dataset.25 One AOL
13
user who was reidentified said she was shocked to learn that AOL had published her search
14
queries: “My goodness, it’s my whole personal life. I had no idea somebody was looking
15
over my shoulder.”26
36.
16
An AOL spokesman, Andrew Weinstein, apologized on behalf of AOL and
17
said he wasn’t surprised that the New York Times was able to connect the dots and reidentify
18
“anonymous” users in the dataset: “We acknowledged that there was information that could
19
potentially lead to people being identified…”27
20
21
22
22
Complaint at ¶ 16, Doe 1 v. AOL LLC, 2010 WL 2524494 (N.D. Cal. June 23, 2010) (No.
C-06-5866-SBA).
23
23
24
25
Id. at ¶ 18.
24
Michael Barbaro and Tom Zeller Jr., A Face is Exposed for AOL Searcher No. 4417749,
N.Y. Times, August 9, 2006, available at
http://www.nytimes.com/2006/08/09/technology/09aol.html.
25
26
Id.
26
Id.
27
27
Id.
28
SECOND AMENDED COMPLAINT
13
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page15 of 43
37.
1
Soon after the release of the search query data by AOL, Google CEO Eric
2
Schmidt spoke about the AOL privacy breach. He called AOL’s release of user search data
3
“a terrible thing” and reassured Google users that their search queries were safe and private:
4
Well, [this sort of privacy breach is] obviously a terrible thing.
And the data as released was obviously not anonymized enough,
and maybe it wasn’t such a good idea to release it in the first place.
Speaking for Google, we exist by virtue of the trust of our end
users. So if we were to make a mistake to release private
information that could be used against somebody, especially if it
could be used against them in a way that could really hurt them in
a physical way or something like that, it would be a terrible thing.
We have lots and lots of systems in the company to prevent that.
5
6
7
8
9
10
18
It’s funny that we talk about the company being more transparent.
But there are many things inside our company that are important
that we don’t share with everyone, starting with everyone's queries
and all the information that that implies. I’ve always worried that
the query stream was a fertile ground for governments to randomly
snoop on people [for example]. We had a case where we were only
a secondary party, where the government gave us a subpoena,
which was in our view, over-broad. And this over-broad subpoena
we fought in federal court – one of the great things about the
American system is that you can actually have a judge make an
impartial decision. And the judge ruled largely in our favor. So
that’s an example of how strongly we take this point.28
19
4.
11
12
13
14
15
16
17
20
38.
A Brief Primer on “Referrer Headers”
Software engineers are generally familiar with the risk of Referrer Header
21
“leakage” of information companies intended to keep confidential and/or are obliged to keep
22
confidential.
23
24
39.
The HTTP Referrer function is a standard web browser function, provided by
standard web browsers since the HTTP 1.0 specification in May 1996.29 When an internet
25
26
27
28
Conversation with Eric Schmidt hosted by Danny Sullivan,
http://www.google.com/press/podium/ses2006.html (last visited April 26, 2012).
29
http://www.w3.org/Protocols/rfc1945/rfc1945
28
SECOND AMENDED COMPLAINT
14
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page16 of 43
1
user visits a web page using their computer or mobile device, every major web browser (e.g.,
2
Internet Explorer, Firefox, Chrome, Safari) by default reports the last page that the user
3
viewed before clicking on a link and visiting the current page — that is, the page that
4
“referred” them to the current page. This information is transmitted in the HTTP Referrer
5
Header.
40.
6
The current version of the publicly-available HTTP specification, RFC
7
2616,30 provides for HTTP Referrer Headers in its provision 14.36.31 It is well known that if
8
a site places confidential information, such as a username, in a URL, then the site risks
9
releasing this information whenever a user clicks a link to leave the site. Indeed, the HTTP
10
specification specifically flags this risk; in section 15.1.3, the HTTP specification advises
11
developers of substantially the same problem: “Authors of services which use the HTTP
12
protocol SHOULD NOT use GET based forms for the submission of sensitive data, because
13
this will cause this data to be encoded in the REQUESTURI.”32
41.
14
While the HTTP Referrer function is a standard web browser function, Google
15
ultimately determines whether to send referrer header information to third parties and
16
exercises control over the content of the URL that is referred by this function to the owner of
17
the destination web page.
5.
18
42.
19
Google Transmits Individual User Search Queries to Third Parties
Since the service’s launch, and continuing to this day, Google’s search engine
20
has included its users’ search terms in the URL of the search results page. Thus, for example,
21
a search for “abortion clinics in Indianapolis” would return a page with a URL similar to
22
http://www.google.com/search?q=abortion+clinics+in+Indianapolis.
43.
23
24
25
Because the search terms are included in the search results URL, when a
Google user clicks on a link from Google’s search results page, the owner of the website that
30
26
http://www.w3.org/Protocols/rfc2616/rfc2616.html
31
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.36
27
32
http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3
28
SECOND AMENDED COMPLAINT
15
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page17 of 43
1
the user clicks on will receive from Google the user’s search terms in the Referrer Header.
44.
2
Several web analytics services, including SEOs, include and use functionality
3
to automatically parse the search query information from web server logs, or to otherwise
4
collect the search query from the referrer header transmitted by each visitor’s web browser.
5
Google’s own analytics products provide webmasters with this information at an aggregate
6
level (e.g., revealing how many visitors were drawn by particular search terms).
6.
7
45.
8
9
Google’s Transmission of User Search Queries is Intentional
Because Google’s financial success depends on, among other things, the
symbiotic relationship it shares with SEOs and the ability for third parties to engage in web
10
analytics, Google has placed a high priority on revealing individual user search queries to
11
third parties. Notwithstanding its repeated representations to the contrary in its Privacy
12
Policy and to privacy regulators, Google continues to this day to transmit user search queries.
46.
13
Neither Google’s search technology nor the nature of the Internet compels
14
Google to divulge user search queries. Google could easily cease transmission of user search
15
queries to third parties, but chooses not to.
47.
16
On September 6, 2010, a former FTC employee, Christopher Soghoian, filed a
17
complaint with the FTC accusing Google of not adequately protecting the privacy of
18
consumers’ search queries. Much of the following information comes from Mr. Soghoian’s
19
complaint.33
48.
20
Starting approximately in November 2008, Google began to test a new
21
method of delivering search results that uses advanced AJAX (Asynchronous JavaScript and
22
XML) technologies.34 AJAX is one of the key pillars of the Web 2.0 experience.35 This pilot
23
33
24
25
26
27
In the Matter of Google, Inc., FTC Complaint, available at
http://online.wsj.com/public/resources/documents/FTCcomplaint100710.pdf.
34
Jesse James Garrett, Ajax: A New Approach to Web Applications (February 18, 2005),
http://www.adaptivepath.com/ideas/essays/archives/000385.php (“Ajax isn’t a technology.
It’s really several technologies, each flourishing in its own right, coming together in powerful
new ways”).
35
Tim O’Reilly, What Is Web 2.0 Design Patterns and Business Models for the Next
28
SECOND AMENDED COMPLAINT
16
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page18 of 43
1
was initially deployed in the Netherlands,36 but in subsequent months, was observed by users
2
in other countries.
3
49.
One of the side effects of the AJAX search page is that the URL of the search
4
results page includes the search query terms after a # symbol in the URL. Thus, on an AJAX
5
enabled search page, the URL listed at the top of the page will be similar to:
6
http://www.google.com/#hl=en&source=hp&q=drug+addiction
50.
7
The addition of the # symbol had a significantly positive, albeit unintentional
8
impact upon Google user privacy. This is because web browsers do not pass on any
9
information after the # symbol in the referrer header. Thus, using the previous example of a
10
search for the query “drug addiction,” if a user clicked on the first result, the owner of that
11
web site would only receive “http://www.google.com/” in the referrer header, rather than the
12
search terms that follow the # symbol.
51.
13
14
This change was immediately noticed by the webmaster and SEO community,
who complained to Google:
15
•
“I'm seeing hundreds of these empty google referrers today and wondered
what was going on.”37
16
17
•
“This means organic searches from Google will now show up as just
18
http://www.google.com/, with no search parameters. In other words, no
19
analytics app can track these searches anymore. I started noticing lots of hits
20
from just ‘http://www.google.com/’ recently in our own search logs. I thought
21
maybe it was just a bug with Clicky. But then one of our users contacted me
22
23
24
25
26
27
Generation of Software (September 30, 2005), http://oreilly.com/web2/archive/what-is-web20.html (“AJAX is also a key component of Web 2.0 applications such as Flickr, now part of
Yahoo!, 37signals’ applications basecamp and backpack, as well as other Google
applications such as Gmail and Orkut.”)
36
Ulco, “Google Search in AJAX?!” (November 19, 2008),
http://www.ulco.nl/gibberish/googlesearch-in-ajax.
37
Posting of sorabji.com to Clicky.blog, http://getclicky.com/blog/150/googles-new-ajaxpoweredsearch-results-breaks-search-keyword-tracking-for-everyone (February 03 2009,
1:05 p.m.).
28
SECOND AMENDED COMPLAINT
17
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page19 of 43
about this article, and my jaw about broke from hitting the floor so hard.”38
1
2
•
“What actually breaks if Google makes this switchover, and is in fact broken
3
during any testing they are doing, is much more widespread. Every single
4
analytics package that currently exists, at least as far as being able to track
5
what keywords were searched on to find your site in Google, would no longer
6
function correctly.”39
52.
7
8
9
10
11
12
13
issued a public statement:
Currently AJAX results are just a test on Google. At this time only
a small percentage of users will see this experiment. It is not our
intention to disrupt referrer tracking, and we are continuing to
iterate on this project and are actively working towards a solution.
As we continue experiments, we hope that this test may ultimately
provide an easier solution for our customers and a faster
experience for our users.40
14
15
16
Responding to complaints from the webmaster community, Google quickly
53.
Google soon ended the test of the AJAX search results page, a fact confirmed
by Google Senior Engineer Matt Cutts, who specializes in search optimization issues at
Google:
17
[T]he team didn’t think about the referrer aspect. So they stopped
[the test]. They’ve paused it until they can find out how to keep the
referrers.41
18
19
20
21
22
23
24
25
26
27
38
Clicky.blog, http://getclicky.com/blog/150/googles-new-ajax-powered-search-resultsbreakssearch-keyword-tracking-for-everyone (February 03, 2009, 9:50 a.m.).
39
Posting of Michael VanDeMar to Smackdown!, What Will *Really* Break If Google
Switches To AJAX…?, http://smackdown.blogsblogsblogs.com/2009/02/02/what-will-reallybreak-if-googleswitches-to-ajax/ (February 2, 2009, 11:26 a.m.).
40
Posting of Matt McGee to Search Engine Land, Google AJAX Search Results = Death To
Search Term Tracking?, http://searchengineland.com/google-ajax-search-results-death-tosearch-termtracking-16431 (February 3, 2009, 5:41 p.m.) (emphasis supplied).
41
Posting of Lisa Barone to Outspoken Media, Keynote Address – Matt Cutts, Google,
http://outspokenmedia.com/internet-marketing-conferences/pubcon-keynote-matt-cutts/
(March 12, 2009).
28
SECOND AMENDED COMPLAINT
18
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page20 of 43
1
54.
2
3
4
5
caused the users’ search terms to be stripped from the referrer header transmitted to web
sites. The following is an example of the format of the new URL that was being tested in
March 2009:
http://www.google.com/url?q=http://www.webmd.com&ei=in66Sc
njBtKgtwfn0LTiDw&sa=X&oi=smap&resnum=1&ct=result&cd=
1&usg=AFQjCNF9RdVC6vXBFOYvdia1s_ZE_BMu8g
6
7
8
9
10
In March 2009, Google again began to test technology that unintentionally
55.
Michael VanDeMar, a prominent member of the SEO community noticed that
he was again seeing AJAX based search results in addition to redirected URLs for every link
in the search results page:
11
Occasionally you will see these Google redirects in the normal
[search engine results pages] as well, although usually not. The
thing is, I was seeing them on every search I performed. It struck
me as odd, until I suddenly realized that every search was being
done via AJAX.42
12
13
14
15
16
56.
Google’s Matt Cutts soon responded to VanDeMar by leaving a comment on
his blog:
17
Hi Michael, I checked with some folks at Google about this. The
redirection through a url redirector was separate from any AJAXenhanced search results; we do that url redirection for some
experiments, but it’s not related to the JavaScript-enhanced
[AJAX] search results.
18
19
20
21
The solution to the referrer problem will be coming online in
the future. It uses a JavaScript-driven redirect that enables us
to pass the redirect URL as the referrer. This URL will contain
a ‘q’ param that matches the user’s query.43
22
23
24
25
26
27
42
Posting of Michael VanDeMar to Smackdown!, Google Re-initiates Testing of AJAX
SERP’s With Faulty Proposed Fix,
http://smackdown.blogsblogsblogs.com/2009/03/13/google-re-initiatestesting-of-ajax-serpswith-faulty-proposed-fix/ (March 13, 2009, 11:14 a.m.).
43
Posting of Matt Cutts to Smackdown!, supra, n.39,
28
SECOND AMENDED COMPLAINT
19
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page21 of 43
1
57.
On April 14, 2009, Google announced that it would be deploying the URL
2
redirection tool for all links in the search results. The company described the details in a blog
3
post to the webmaster community:
4
Starting this week, you may start seeing a new referring URL
format for visitors coming from Google search result pages. Up to
now, the usual referrer for clicks on search results for the term
"flowers", for example, would be something like this:
5
6
7
http://www.google.com/search?hl=en&q=flowers&btnG=Google+
Search
8
9
Now you will start seeing some referrer strings that look like this:
10
http://www.google.com/url?sa=t&source=web&ct=res&cd=7&url
=http%3A%2F%2Fwww.example.com%2Fmypage.htm&ei=0Sjd
Sa1N5O8M_qW8dQN&rct=j&q=flowers&usg=AFQjCNHJXSUh7
Vw7oubPaO3tZOzz-F-u_w&sig2=X8uCFh6IoPtnwmvGMULQfw
….
The new referrer URLs will initially only occur in a small
percentage of searches. You should expect to see old and new
forms of the URLs as this change gradually rolls out.44
11
12
13
14
15
16
17
58.
The redirection tool that Michael VanDeMar described in March 2009 did not
18
include the search terms in its URL (and thus, these terms were not subsequently transmitted
19
to webmasters via the browser’s referrer header). However, one month later when Google
20
announced that it would be using the redirection tool for all links, the redirection script was
21
changed to include the search terms in the redirection URL (via a new “q” parameter), thus
22
guaranteeing that webmasters would not lose access to user search query data.
23
24
25
26
27
http://smackdown.blogsblogsblogs.com/2009/03/13/google-re-initiates-testing-of-ajax-serpswithfaulty-proposed-fix/ (March 17, 2009, 10:10 a.m.) (emphasis added).
44
Posting of Brett Crosby to Google Analytics Blog, An upcoming change to Google.com
search referrals; Google Analytics unaffected,
http://analytics.blogspot.com/2009/04/upcoming-change-togooglecom-search.html (April 14,
2009, 2:50 p.m.).
28
SECOND AMENDED COMPLAINT
20
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page22 of 43
59.
1
The new redirection tool also leaks data to web site administrators that had
2
never before been available to anyone but Google: The item number of the search result that
3
was clicked non (e.g., the 3rd link or 5th link from the search results page).45 The leakage of
4
this additional information was confirmed by Matt Cutts, which he described as a benefit to
5
web site administrators:
6
I think if you do experiments, you'll be able to confirm your
speculation … I think this is awesome for webmasters--even
more information than you could glean from the previous
referrer string.46
7
8
9
10
11
60.
A May 2009 video featuring Matt Cutts, posted to the official
GoogleWebmasterHelp YouTube channel, describes the change in the search query
information leaked via the referrer header:
12
16
[T]here is a change on the horizon and it's only a very small
percentage of users right now, but I think that it probably will grow
and it will grow over time where Google's referrer, that is
whenever you do a Google search and you click on a result, you go
to another website and your browser passes along a value called a
referrer. That referrer string will change a little bit.
17
It used to be google.com/search, for example.
13
14
15
18
Now, it will be google.com/url.
19
And for a short time we didn't have what the query was which
got a lot of people frustrated, but the google.com/search, the new
Google referrer string will have the query embedded in it.
20
21
22
And there's a really interesting tidbit that not everybody knows,
which is--it also has embedded in that referrer string a pretty good
23
24
25
26
27
45
Posting of Patrick Altoft to Blogstorm, Google Ads Ranking Data to Referrer String,
http://www.blogstorm.co.uk/google-adds-ranking-data-to-referrer-string/ (April 15, 2009).
46
Posting of Matt Cutts to Blogstorm, Google Ads Ranking Data to Referrer String,
http://www.blogstorm.co.uk/google-adds-ranking-data-to-referrerstring/#IDComment77457344 (April 15, 2009, 7:28 p.m.) (emphasis added).
28
SECOND AMENDED COMPLAINT
21
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page23 of 43
idea of where on the page the click happened.
1
So, for example, if you were result number one, there's a parameter
in there that indicates the click came from result number one. If
you were number four, it will indicate the click came from, result
number four. So, now, you don't necessarily need to go scraping
Google to find out what your rankings were for these queries. You
can find out, "Oh, yeah. I was number one for this query whenever
someone clicked on it and came to my website."
2
3
4
5
6
7
So that can save you a ton of work, you don't need to worry nearly
as much, you don't have to scrape Google, you don't have to think
about ranking reports. Now, we don't promise that these will, you
know, be a feature that we guarantee that we'll always have on
Google forever but definitely take advantage of it for now.
….
[F]or the most part, this gives you a very accurate idea of where on
the page you were, so you get all kinds of extra information that
you can use in your analytics and to compute your ROIs without
having to do a lot of extra work. So, if you can, it's a good idea to
look at that referrer string and start to take advantage of that
information.”47
8
9
10
11
12
13
14
15
16
17
18
19
61.
the Referrer Headers transmitted by a small percentage of browsers. On July 13, 2010,
individuals in the SEO community noticed the change made by Google. One commentator in
a web forum wrote that:
More and more visits from Google in my server log files are
without exact referrer information, and have only
‘http://www.google.com’, ‘http://www.google.com.au’, etc. which
doesn't allow to find out keyword and SERP [search engine
results] page from which this visit was made.48
20
21
22
23
24
25
26
27
In or around July 2010, Google again began stripping the search terms from
47
Matt Cutts, Can you talk about the change in Google's referrer string?,
GoogleWebMasterHelp Channel (May 6, 2009),
http://www.youtube.com/watch?v=4XoD4XyahVw (last viewed October 24, 2010).
48
Posting of at2000 to Webmaster World, More and more referrals from Google are without
exact referrer string, http://www.webmasterworld.com/google/4168949.htm (July 13, 2010,
4:01 a.m.).
28
SECOND AMENDED COMPLAINT
22
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page24 of 43
62.
1
2
On July 13 2010, Matt Cutts posted a message to the same SEO forum:
Hey everybody, I asked folks who would know about this. It turns
out there was an issue a couple weeks ago where some code got
refactored, and the refactoring affected referrers for links opened in
a new tab or window. Right now the team is expecting to have a
fix out in the next week or so. Hope that helps.49
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
63.
https://www.google.com.50 By using the encrypted search service, Google would no longer
pass along search queries via Referrer Headers to unencrypted search links. On or about June
25, 2010, Google moved the encrypted search service to https://encrypted.google.com.
64.
21
Later, on or about October 18, 2011, Google announced a change in policy for
how it handled search queries embedded in Referrer Headers.51 According to its new policy,
Google would proactively scrub out any and all search queries from all searches performed
by users who were logged in to any Google service, such as Gmail or Google Docs, before
sending the Referrer Headers to the sites in the results on which users would click. Thus,
when logged-in users would click on a search result link (whether the results link is
encrypted or unencrypted), Google would no longer pass on the search queries used to find
those results.
65.
19
20
On or about May 21, 2010, Google introduced an encrypted search service at
For users not logged in, Google would still transmit search queries via
Referrer Headers to the results sites on which users would click, unless those users entered
the search at https://encrypted.google.com.
66.
22
Moreover, the new policy only applies to organic sites. For clicks on paid
23
24
25
49
Posting of Matt Cutts to Webmaster World, supra, n.45 (July 13, 2010, 9:46 p.m.)
(emphasis added).
50
26
http://googleblog.blogspot.com/2010/05/search-more-securely-with-encrypted.html (last
visited April 26, 2012).
27
http://googleblog.blogspot.com/2011/10/making-search-more-secure.html (last visited
April 26, 2012).
51
28
SECOND AMENDED COMPLAINT
23
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page25 of 43
1
links or advertisements, Google would still pass on the search queries.
67.
2
If nothing else, Google’s new policy regarding search queries demonstrates
3
two things: 1) Google is fully capable of determining independently whether to transmit
4
search queries to third parties—transmitting search queries embedded within Referrer
5
Headers is not just how the Internet works; and, 2) Google is now effectively selling search
6
queries to paying advertisers. Stated differently, part of what paying advertisers pay for when
7
they buy AdWords are the search queries users enter.
7.
8
68.
9
The Science of Reidentification
“Reidentification” is a relatively new area of study in the computer science
10
field. Paul Ohm, a professor of law and telecommunications at the University of Colorado
11
Law School, is a leading scholar on how reidentification impacts internet privacy. Much of
12
the following information comes from Professor Ohm’s article entitled “Broken Promises of
13
Privacy: Responding to the Surprising Failure of Anonymizaton” published in the UCLA
14
Law Review in August of 2010.52
69.
15
In a nutshell, reidentification creates and amplifies privacy harms by
16
connecting the dots of “anonymous” data and tracing it back to a specific individual.
17
Professor Ohm describes it as follows:
18
The reverse of anonymization is reidentification or
deanonymization. A person, known in the scientific literature as an
adversary, reidentifies anonymous data by linking anonymized
records to outside information, hoping to discover the true identity
of the data subjects.
...
Reidentification combines datasets that were meant to be kept
apart, and in doing so, gains power through accretion. Every
successful reidentification, even one that reveals seemingly
nonsensitive data like movie ratings, abets future reidentification.
Accretive reidentification makes all of our secrets fundamentally
19
20
21
22
23
24
25
26
27
52
57 UCLA L. REV. 1701 (2010).
28
SECOND AMENDED COMPLAINT
24
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page26 of 43
easier to discover and reveal.53
1
70.
2
3
4
5
6
7
8
9
as links in chains of inference connecting individuals to harmful facts. Reidentification works
by discovery pockets of surprising uniqueness in aggregated data sets. Just as human
fingerprints can uniquely identify a single person and link that person with “anonymous”
information—a print left at a crime scene—so too do data subjects generate “data
fingerprints”—combinations of values of data shared by nobody else. What has surprised
researchers is that data fingerprints can be found in pools of non-PII data, such as the
uniqueness of a person’s search queries in the AOL debacle.54
71.
10
11
12
13
14
15
18
19
20
21
22
23
Once a person finds a unique data fingerprint, he can link that data to outside
information, sometimes called auxiliary information. “Anonymous” search query information
would protect privacy, if only the adversary knew nothing else about people in the world. In
reality, however, the world is awash in data about people, with new databases created, bought
and sold every day. “Adversaries” (as defined above) combine anonymized data with outside
information to pry out obscured identities.55
72.
16
17
Reidentification techniques, like those used in the AOL debacle, can be used
And the amount of information contained in new databases has grown
exponentially. What’s more, the type of available data is increasingly personal and specific.
Take, for example, the phenomenon of Facebook’s growth. The data created by Facebook
users is highly personal, and includes actual names, religious, sexual and political
preferences, identification of friends, pictures, messages intended to be shared with friends,
and more. With the exploding popularity of social network sites like Facebook, and personal
blogs, the information available to adversaries is not only highly-specific to individuals, it is
often user-created, increasing accuracy and veracity of available data. Never before in human
24
25
53
26
Id. at *7-8.
54
Id. at *17.
27
55
Id.
28
SECOND AMENDED COMPLAINT
25
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page27 of 43
1
history has it been so easy to peer into the private diaries of so many people. Some
2
researchers call this the “age of self-revelation.”56
73.
3
4
separate parts into a single whole. As Professor Ohm explains:
5
The accretion problem is this: once an adversary has linked two
anonymized databases together, he can add the newly linked data
to his collection of outside information and use it to help unlock
other anonymized databases. Success breeds further success . . .
once any piece of data has been linked to a person’s real identity,
any association between this data and a virtual identify breaks
the anonymity of the latter. This is why we should worry even
about reidentification events that seem to expose only nonsensitive information, because they increase the linkability of
data, and thereby expose people to potential future harm.57
6
7
8
9
10
11
12
13
14
15
16
17
18
74.
21
22
The accretive reidentification problem is exacerbated by the growing
prevalence of internet “data brokers.” The buying and selling of consumer data is a
multibillion-dollar, unregulated business that’s growing larger by the day.58 Data is
increasingly bought, sold and resold by data brokers, which amplifies the accretion problem.
Advancements in computer science, data storage and processing power, and data accretion by
data brokers make it much more likely that an adversary could link at least one fact to any
individual and blackmail, discriminate against, harass, or steal the identity of that person.
19
20
Reidentification is characterized by accretion, or the growing together of
75.
On October 25, 2010, the Wall Street Journal reported that a highly-
sophisticated data broker, RapLeaf Inc. is accomplishing accretive reidentification of
“anonymous” data with astonishing success.59 According to the report, RapLeaf has been
gathering data, including user names and email addresses, from numerous sources across the
23
24
25
26
27
56
Id. at *17-18.
57
Id. at *29 (emphasis added).
Rick Whiting, Data Brokers Draw Increased Scrutiny (July 10, 2006),
http://www.informationweek.com/news/global-cio/showArticle.jhtml?articleID=190301136.
59
Emily Steele, A Web Pioneer Profiles Users by Name (October 25, 2010), available at
http://online.wsj.com/article/SB10001424052702304410504575560243259416072.html.
58
28
SECOND AMENDED COMPLAINT
26
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page28 of 43
1
internet. Using accretive reidentification techniques, RapLeaf is able to cross-index
2
“anonymous” data with email addresses and thereby associate real names with Web-
3
browsing habits and highly-personal information scraped from social network sites such as
4
Facebook. By 2009, RapLeaf had indexed more than 600 million unique email addresses, and
5
was adding more at a rate of 35 million per month.
76.
6
Data gathered and sold by data brokers like RapLeaf can be very specific.
7
RapLeaf deanonymizes and connects to real names a wide variety of data types, including
8
data regarding demographics, interests, politics, lifestyle, finances, donations, social
9
networks, site memberships, purchases, and shopping habits. RapLeaf’s segments recently
10
included a person’s household income range, age range, political leaning, and gender and age
11
of children in the household, as well as interests in topics including religion, the Bible,
12
gambling, tobacco, adult entertainment and “get rich quick” offers. In all, RapLeaf
13
segmented people into more than 400 categories. This aggregated and deeply personal
14
information is then sold to or used by tracking companies or advertisers to rack users across
15
the Internet.
8.
16
Google’s Systematic Disclosure of Billions of User Search Queries
17
Each Day Presents an Imminent Threat of Concrete and
18
Particularized Privacy Harm
77.
19
One type of anonymization practice is called “release-and-forget,” in which
20
the data administrator will release records, and then forgets, meaning she makes no attempt
21
to track what happens to the records after release.60 To protect the privacy of the users in the
22
released data, prior to releasing the data, the administrator will single out identifying
23
information and either strip that information from the database, or modify it to make it more
24
25
26
27
60
Ohm, supra, n.47 at *9-10.
28
SECOND AMENDED COMPLAINT
27
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page29 of 43
1
general and less specific to any individual.61 Many of the recent advances in the science of
2
reidentification target release-and-forget anonymization in particular.62
78.
3
Google’s transmission of search queries is a type of piecemeal “release-and-
4
forget” anonymization.63 Google transmits a single user search query each time a Google
5
user clicks on a link in Google’s search results page. Over the course of just one day, on
6
information and belief, Google transmits millions of search queries to third parties. Google
7
will likely argue that search query information alone contains no personally-identifiable
8
information. Such an argument is practically equivalent to the data administrator who
9
“anonymizes” data before releasing it to the outside world. But, as repeatedly demonstrated,
10
easy reidentification of “anonymous” highlights the flaws in this thinking.
79.
11
Google itself has taken the position that even seemingly benign, “anonymous”
12
information presents serious privacy concerns. For example, in Gonzales v. Google, supra,
13
n.12, even though the Government was requesting search queries stripped of any “identifying
14
information” (such as the user’s IP address), Google argued that releasing such data would
15
nonetheless risk disclosure of user identities.
80.
16
In fact, when a Google user clicks on a link in Google’s search results page,
17
the user’s search query is not the only information revealed. For the vast majority of Google
18
users, the user’s IP address is concurrently transmitted along with the search query. An IP
19
address is similar to a phone number in that it identifies the exact computer being used by the
20
user to search and navigate the internet.
81.
21
In response to an inquiry from Congressman Joe Barton about privacy issues
22
surrounding Google’s acquisition of DoubleClick, Google admitted that “information that
23
can be combined with readily available information to identify a specific individual is also
24
25
61
26
Id. at *11-12.
62
Id. at *10.
27
63
Id. at *9.
28
SECOND AMENDED COMPLAINT
28
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page30 of 43
1
generally considered personal information.”64 But Google has repeatedly downplayed the
2
existence of “readily available information” helpful for tying IP addresses to places and
3
individuals. Professor Ohm highlights Google’s untenable position as follows:
4
For example, websites like Google never store IP addresses devoid
of context; instead, they store them connected to identity or
behavior. Google probably knows from its log files, for example,
that an IP address was used to access a particular email or calendar
account, edit a particular word processing document, or send
particular search queries to its search engine. By analyzing the
connections woven throughout this mass of information, Google
can draw some very accurate conclusions about the person linked
to any particular IP address.
5
6
7
8
9
10
Other parties can often link IP addresses to identity as well. Cable
and telephone companies maintain databases that associate IP
addresses directly to names, addresses, and credit card numbers.
That Google does not store these data associations on its own
servers is hardly the point. Otherwise, national ID numbers in the
hands of private parties would not be “personal data” because only
the government can authoritatively map these numbers to
identities.65
11
12
13
14
15
16
82.
17
18
19
20
privacy found that “The correlation of customer behaviour across different personalised
services of a search engine provider … can also be accomplished by other means, based on
cookies or other distinguishing characteristics, such as individual IP addresses.”66
83.
21
22
Similarly, an independent European advisory body on data protection and
Congressman Barton’s inquiry in connection with the DoubleClick acquisition
also focused on cookies and privacy. Cookies are small data files that store user preferences
23
24
25
26
27
64
Letter from Alan Davidson, Google’s Senior Policy Counsel and Head of U.S. Public
Policy, to Congressman Joe Barton at 12-13 (December 21, 2007), available at
http://searchengineland.com/pdfs/071222-barton.pdf.
65
Ohm, supra, n.47 at *41.
Article 29 Data Protection Working Party at 21 (January 2008), available at
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2008/wp148_en.pdf.
66
28
SECOND AMENDED COMPLAINT
29
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page31 of 43
1
and other information, and allow websites to recognize the user or computer visiting their
2
site. In its response to Congressman Barton, Google wrote that “online ad-serving technology
3
can be used by advertisers to serve and manage ads across the web … the ad server sets a
4
cookie on the user’s computer browser when the user views an ad served through the ad
5
server. That cookie may be read in the future when the ad server serves other ads to the same
6
browser.”67 An ad serving company with any substantial market share would thus be able to
7
readily link the search queries that Google provides to the IP addresses or cookies of internet
8
users visiting the websites they serve.
9
B.
Google Accounts
10
84.
In addition to search, Google operates many services that require users to
11
register for Google Accounts. Google Accounts grant access to services such as Gmail,
12
Google Docs, and Google+, among others. As part of the registration process for a Google
13
Account, each user must provide Google with an email address.
FACTS RELATING TO PLAINTIFFS
14
15
A.
Paloma Gaos
16
85.
Plaintiff Paloma Gaos has a Google Account and has at all material times
17
been a user of Google’s search engine services, including the period prior to November 2008
18
when Google first began to test advanced AJAX technologies that temporarily eliminated
19
user search queries from referrer headers coming from Google search results pages, and for
20
all periods thereafter when Google was disseminating search queries to third party websites.
86.
21
During all time periods in which Google was transmitting user search queries
22
to third parties, Plaintiff Gaos conducted numerous searches, including “vanity searches” for
23
her actual name and the names of her family members, and clicked on links on her Google
24
search results pages.
87.
25
As a result, Google transmitted Plaintiff Gaos’s full search queries to third
26
27
67
Letter from Davidson to Barton, supra, n.58 at 15.
28
SECOND AMENDED COMPLAINT
30
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page32 of 43
1
parties by sending the URLs containing her search queries to third party websites that
2
appeared in Plaintiff Gaos’s Google search results page and which Plaintiff Gaos clicked on a
3
link.
4
88.
In other words, when Plaintiff Gaos clicked on each link on her Google search
5
results pages, the owner of the destination website that Plaintiff clicked on received from
6
Google Plaintiff Gaos’s search terms through the Referral Header function.
7
89.
As a result, Plaintiff Gaos has suffered actual harm in the form of Google’s
8
unauthorized and unlawful dissemination of Plaintiff Gaos’s search queries, which
9
sometimes contained sensitive personal information, to third parties.
10
B.
Anthony Italiano
11
90.
Plaintiff Anthony Italiano has at all material times been a user of Google’s
12
search engine services, including the period prior to November 2008 when Google first
13
began to test advanced AJAX technologies that temporarily eliminated user search queries
14
from referrer headers coming from Google search results pages, and for all periods thereafter
15
when Google was disseminating search queries to third party websites.
16
91.
Plaintiff Italiano has also had a Google Account since at least January 2008.
17
92.
During all time periods in which Google was transmitting user search queries
18
to third parties, including the time period from July 2010 to August 2011, Plaintiff Italiano
19
conducted numerous searches on Google’s unencrypted search service, including:
20
a. His name + his home address;
21
b. His name + bankruptcy;
22
c. His name + foreclosure proceedings;
23
d. His name + short sale proceedings;
24
e. His name + Facebook; and,
25
f. His name + the name of his then soon-to-be ex-wife + forensic accounting.
26
27
93.
These searches and the timeframe during which he conducted them are
particularly memorable to Plaintiff Italiano because it was during this time that he was going
28
SECOND AMENDED COMPLAINT
31
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page33 of 43
1
through formal divorce proceedings. Moreover, many of his searches related directly or
2
indirectly to his divorce proceedings—exactly the sort of personal, confidential searches that
3
he did not want disclosed to third parties without his knowledge or consent, and exactly the
4
sort of personal, confidential searches Google described to the federal government in the
5
Gonzales matter.
6
94.
As a result, Google transmitted Plaintiff Italiano’s full search queries to third
7
parties by sending the URLs containing his search queries to third party websites that
8
appeared in Plaintiff Italiano’s Google search results page and which Plaintiff Italiano
9
clicked on a link.
10
95.
In other words, when Plaintiff Italiano clicked on each link on his Google
11
search results pages, the owner of the destination website that Plaintiff clicked on received
12
from Google Plaintiff Italiano’s search terms through the Referral Header function.
13
96.
As a result, Plaintiff Italiano has suffered actual harm in the form of Google’s
14
unauthorized and unlawful dissemination of Plaintiff Italiano’s search queries, which
15
sometimes contained sensitive personal information, to third parties.
CLASS ALLEGATIONS
16
17
97.
Pursuant to Rules 23(a), (b)(2) and (b)(3) of the Federal Rules of Civil
18
Procedure, Plaintiffs Gaos and Italiano bring Count I (ECPA) on behalf of themselves as
19
individuals and all other persons in the following similarly situated class:
20
21
22
23
24
25
26
All persons in the United States with a Google Account who, at any
time between October 25, 2006 and October 17, 2011 during
which Google was transmitting search queries to search results
links via referrer headers, submitted a search query at
http://www.google.com and clicked on any link displayed by
Google in its search results (the “ECPA Class”). Excluded from
the Class are Google, its officers and directors, legal
representatives, successors or assigns, any entity in which Google
has or had a controlling interest, the judge to whom this case is
assigned and the judge’s immediate family.
27
28
SECOND AMENDED COMPLAINT
32
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page34 of 43
1
98.
Pursuant to Rules 23(a) and 23(b)(3), Plaintiff Italiano also brings Counts II-
2
IV (state law claims) on behalf of himself individually and all other persons in the following
3
similarly situated class:
4
All persons in the United States with a Google Account who, at any
time between October 25, 2006 and October 17, 2011 during
which Google was transmitting search queries to search results
links via referrer headers, submitted a search query at
http://www.google.com and clicked on any link displayed by
Google in its search results (the “State Law Class”). Excluded
from the Class are Google, its officers and directors, legal
representatives, successors or assigns, any entity in which Google
has or had a controlling interest, the judge to whom this case is
assigned and the judge’s immediate family.
5
6
7
8
9
10
11
12
99.
Pursuant to Rules 23(a) and Rule 23(b)(2), Plaintiff Italiano also brings Count
13
III (the UCL) on behalf of himself individually and all other persons in the following
14
similarly situated class expressly seeking injunctive relief only:
15
All persons in the United States who, at any time after October 25,
2006 and during which time Google was transmitting search
queries to search results links via referrer headers, submitted a
search query at http://www.google.com and clicked on any link
displayed by Google in its search results (the “Injunctive Relief
Class”). Excluded from the Class are Google, its officers and
directors, legal representatives, successors or assigns, any entity in
which Google has or had a controlling interest, the judge to whom
this case is assigned and the judge’s immediate family.
16
17
18
19
20
21
22
23
100.
The Classes are each composed of numerous people, whose joinder in this
24
action would be impracticable. The disposition of their claims through this class action will
25
benefit Class members, the parties and the courts. Upon information and belief, Google’s
26
search engine has been used by hundreds of millions of users during the relevant time period.
27
101.
There is a well-defined community of interest in questions of law and fact
28
SECOND AMENDED COMPLAINT
33
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page35 of 43
1
affecting the Classes. These questions of law and fact predominate over individual questions
2
affecting individual Class members, including, but not limited to, the following:
a. whether and to what extent Google has disclosed its users’ search queries to
3
third parties, and whether the disclosure is ongoing;
4
b. whether Google’s conduct described herein violates Google’s Privacy Policy
5
and representations to Plaintiffs and the Classes;
6
c. whether Google’s conduct described herein violates the Electronic
7
Communications Privacy Act, 18 U.S.C. § 2702 et seq.;
8
d. whether Google’s conduct described herein constitutes a breach of contract;
9
e. whether Google is unjustly enriched as a result of its conduct described
10
herein; and
11
f. whether Plaintiffs and members of the Classes are entitled to injunctive and
12
other equitable relief.
13
102.
14
Google has engaged, and continues to engage, in a common course of conduct
15
giving rise to the legal rights sought to be enforced by Plaintiffs and the Classes. Similar or
16
identical statutory and common law violations, business practices and injuries are involved.
17
Individual questions, if any, pale by comparison to the numerous common questions that
18
dominate.
103.
19
The injuries, actual and imminent, sustained by Plaintiffs and the Classes
20
flow, in each instance, from a common nucleus of operative facts. In each case, Google
21
caused or permitted unauthorized communications of private and personally-identifying
22
information to be delivered to third parties without adequate or any notice, consent or
23
opportunity to opt out.
104.
24
Given the similar nature of the Classes members’ claims and the absence of
25
material differences in the statutes and common laws upon which the Classes members’
26
claims are based, a nationwide class action will be easily managed by the Court and the
27
parties.
28
SECOND AMENDED COMPLAINT
34
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page36 of 43
1
2
3
4
5
105.
Because of the relatively small size of the individual Classes members’
claims, no Class user could afford to seek legal redress on an individual basis.
106.
Plaintiffs’ claims are typical of those of the Classes as all members of the
Classes are similarly affected by Google’s uniform and actionable conduct as alleged herein.
107.
Google has acted and failed to act on grounds generally applicable to
6
Plaintiffs and members of the Classes, requiring the Court’s imposition of uniform relief to
7
ensure compatible standards of conduct toward the members of the Classes.
8
9
10
11
12
108.
Plaintiffs will fairly and adequately protect the interests of the Classes, and
has retained counsel competent and experienced in class action litigation. Plaintiffs have no
interests antagonistic to, or in conflict with, the Classes that Plaintiffs seek to represent.
109.
Plaintiffs reserve the right to revise the above class definitions based on facts
learned in discovery.
13
COUNT I
14
Violation of the ECPA
15
(on behalf of Plaintiffs individually and the ECPA Class)
16
110.
Plaintiffs incorporate the foregoing allegations as if fully set forth herein.
17
111.
The Electronic Communications Privacy Act (the “ECPA”) broadly defines an
18
“electronic communication” as “any transfer of signs, signals, writing, images, sounds, data,
19
or intelligence of any nature transmitted in whole or in party by a wire, radio,
20
electromagnetic, photoelectronic or photooptical system that affects interstate or foreign
21
commerce…” 18 U.S.C. § 2510(12).
22
112.
The ECPA also broadly defines the contents of a communication. Pursuant to
23
the ECPA, “contents” of a communication, when used with respect to any wire, oral, or
24
electronic communications, include any information concerning the substance, purport, or
25
meaning of that communication. 18 U.S.C. § 2510(8). “Contents,” when used with respect to
26
any wire or oral communication, includes any information concerning the identity of the
27
parties to such communication or the existence, substance, purport, or meaning of that
28
SECOND AMENDED COMPLAINT
35
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page37 of 43
1
communication. The definition thus includes all aspects of the communication itself. No
2
aspect, including the identity of the parties, the substance of the communication between
3
them, or the fact of the communication itself, is excluded. The privacy of the communication
4
to be protected is intended to be comprehensive.
5
113.
Pursuant to the ECPA, “electronic storage” means any “temporary storage of a
6
wire or electronic communication incidental to the electronic transmission thereof.” 18
7
U.S.C. § 2510(17)(A).
8
9
114.
Pursuant to the ECPA, Google operates an “electronic communications
service” as defined in 18 U.S.C. § 2510(15). Pursuant to the Stored Communications Act of
10
1986 (the “SCA”), Google also provides a “remote computing service” to the public. 18
11
U.S.C. § 2711(2).
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
115.
In relevant part, 18 U.S.C. § 2702(a) of the ECPA provides as follows:
(a) Prohibitions.— Except as provided in subsection (b) or (c)—
(1) a person or entity providing an electronic communication service to the public
shall not knowingly divulge to any person or entity the contents of a communication
while in electronic storage by that service; and
(2) a person or entity providing remote computing service to the public shall not
knowingly divulge to any person or entity the contents of any communication which
is carried or maintained on that service—
(A) on behalf of, and received by means of electronic transmission from (or created
by means of computer processing of communications received by means of electronic
transmission from), a subscriber or customer of such service;
(B) solely for the purpose of providing storage or computer processing services to
such subscriber or customer, if the provider is not authorized to access the contents of
any such communications for purposes of providing any services other than storage or
computer processing; and
(3) a provider of remote computing service or electronic communication service to
the public shall not knowingly divulge a record or other information pertaining to a
subscriber to or customer of such service (not including the contents of
communications covered by paragraph (1) or (2)) to any governmental entity.
116.
As alleged herein, by disclosing the private search queries of Plaintiffs and
members of the ECPA Class without authorization, Google has knowingly divulged the
28
SECOND AMENDED COMPLAINT
36
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page38 of 43
1
contents of communications of Plaintiffs and members of the ECPA Class while those
2
communications were in electronic storage on its service, in violation of 18 U.S.C. §
3
2702(a)(1).
4
117.
As alleged herein, by disclosing the private search queries of Plaintiffs and
5
members of the ECPA Class without authorization, Google has knowingly divulged the
6
contents of communications of Plaintiffs and members of the ECPA Class carried or
7
maintained on its systems, in violation of 18 U.S.C. § 2702(a)(2).
8
9
10
11
118.
Google intentionally disclosed its users’ communications to third parties to
enhance its profitability and revenue. The disclosures were not necessary for the operation of
Google’s systems or to protect Google’s rights or property.
119.
As a result of Google’s unauthorized and unlawful disclosure of Plaintiffs’
12
and the ECPA Class members’ private search queries, Plaintiffs and members of the ECPA
13
Class have suffered damages from Google’s violations of 18 U.S.C. § 2702 in an amount to
14
be determined at trial.
15
120.
Plaintiffs and ECPA Class members are “person[s] aggrieved by [a] violation
16
of [the SCA] in which the conduct constituting the violation is engaged in with a knowing or
17
intentional state or mind…” within the meaning of 18 U.S.C. § 2707(a).
18
121.
Plaintiff and members of the ECPA Class therefore seek remedy as provided
19
for by 18 U.S.C. § 2707(b) and (c), including such preliminary and other equitable or
20
declaratory relief as may be appropriate, damages consistent with subsection (c) of that
21
section to be proven at trial, punitive damages to be proven at trial, and attorneys’ fees and
22
other litigation costs reasonably incurred.
23
COUNT II
24
Breach of Contract
25
(on behalf of Plaintiff Italiano and the State Law Class)
26
122.
Plaintiff Italiano incorporates by reference the foregoing allegations.
27
123.
The provisions of Google’s Terms of Service, which expressly incorporate its
28
SECOND AMENDED COMPLAINT
37
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page39 of 43
1
Privacy Policy, constitute a valid and enforceable contract between Plaintiff and the Class on
2
the one hand, and Google on the other.
3
124.
Under the Terms of Service and Privacy Policy, Plaintiff Italiano and the State
4
Law Class agreed to use Defendant’s services and transmit sensitive personally-identifiable
5
information to Google in exchange for Google’s promise that it would not share that personal
6
information with third parties without users’ authorization.
7
125.
Google materially breached the terms of its Terms of Service and Privacy
8
Policy through its unlawful conduct alleged herein, including the disclosure of Plaintiff
9
Italiano’s and the State Law Class’s private search queries to third parties.
10
126.
As a result of Google’s misconduct and breach of Google’s Terms of Service
11
and Privacy Policy described herein, Plaintiff Italiano and the State Law Class suffered
12
injury. Plaintiff Italiano, on behalf of himself and the State Law Class, seeks damages from
13
Google in an amount to be determined at trial.
14
COUNT III
15
Violation of Cal. Bus. & Prof. Code § 17200, Unfair Competition Law
16
(on behalf of Plaintiff Italiano individually, the State Law Class,
17
and the Injunctive Relief Class)
18
127.
Plaintiff Italiano incorporates by reference the foregoing allegations.
19
128.
Cal. Bus. & Prof. Code § 17200 proscribes unfair business competition and
20
21
defines this to include any unfair, unlawful, or fraudulent business practice or act.
129.
Google is headquartered in California and its misconduct originated in
22
California. Furthermore, Google’s own Terms of Service state that the laws of the State of
23
California shall apply to all litigation concerning its services, including Google Search.
24
Therefore, Google has bound itself to the application of California law to its conduct.
25
130.
Defendant’s acts and practices as alleged herein constitute unlawful, unfair,
26
and/or fraudulent business practices in violation of California’s Unfair Competition Law,
27
Cal. Bus. & Prof. Code §§ 17200, et. seq.
28
SECOND AMENDED COMPLAINT
38
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page40 of 43
1
131.
a.
2
3
Defendant engaged in unlawful business practices by, among other things:
132.
Defendant engaged in unfair business practices by, among other things:
a.
4
engaging in conduct, as alleged herein, that violates the ECPA.
engaging in conduct where the utility of that conduct is outweighed by
5
the gravity of the consequences to Plaintiff Italiano, the State Law
6
Class, and the Injunctive Relief Class; and,
b.
7
engaging in conduct that is reckless, unconscionable, or substantially
8
injurious to Plaintiff Italiano, the State Law Class, and the Injunctive
9
Relief Class.
10
133.
Defendant utilized fraudulent business practices by engaging in conduct that
11
was and is likely to deceive consumers acting reasonably under the circumstances.
12
Defendants’ fraudulent business practices include but are not limited to:
a.
13
parties;
14
b.
15
touting the importance of trust and privacy while simultaneously
transmitting sensitive personal data to third parties; and,
16
c.
17
failing to disclose that Defendant does not need to transmit user search
queries in order to facilitate searches.
18
19
failing to disclose that Defendant transmits user search queries to third
134.
As a direct and proximate result of Defendant’s unlawful, unfair, and
20
fraudulent acts, business practices, and conduct, Plaintiff Italiano, the State Law Class and
21
the Injunctive Relief Class have suffered injury in fact and lost valuable property in the form
22
of their private, sensitive search query data they entrusted to Google.
23
135.
Plaintiff Italiano, on behalf of himself, the State Law Class, and the Injunctive
24
Relief Class, seeks individual restitution, injunctive relief, and other relief allowed under §
25
17200, et seq.
26
27
28
SECOND AMENDED COMPLAINT
39
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page41 of 43
1
COUNT IV
2
Unjust Enrichment (In the Alternative)
3
(on behalf of Plaintiff Italiano individually and the State Law Class)
4
136.
Plaintiff Italiano incorporates by reference the foregoing allegations.
5
137.
Plaintiff Italiano and members of the State Law Class have conferred a benefit
6
upon Google. Google has received and retained valuable information belonging to Plaintiff
7
Italiano and members of the State Law Class, and as a result of sharing its users’ search
8
queries with third parties without their consent, Google has improved the quality of its search
9
engine and enjoyed increased revenues from advertisers.
10
138.
Google appreciates or has knowledge of said benefit.
11
139.
Under principles of equity and good conscience, Google should not be
12
13
permitted to retain the benefits that it unjustly received as a result of its actions.
140.
Plaintiff Italiano, on his own behalf and on behalf of the State Law Class,
14
seeks the imposition of a constructive trust on and restitution of the proceeds of Google
15
received as a result of its conduct described herein, as well as attorney’s fees and costs
16
pursuant to Cal. Civ. Proc. Code § 1021.5.
17
PRAYER FOR RELIEF
18
WHEREFORE, Plaintiffs, on behalf of themselves and the Classes, pray for the
19
following relief:
20
A.
Certify this case as a class action on behalf of the ECPA Class, State Law
21
Class, and the Injunctive Relief Class as defined above, appoint Plaintiffs Gaos and Italiano
22
as representatives of the ECPA Class and Plaintiff Italiano as representative of the State Law
23
Class and the Injunctive Relief Class, and appoint their counsel as counsel for the ECPA
24
Class, the State Law Class, and the Injunctive Relief Class, pursuant to Rule 23 of the
25
Federal Rules of Civil Procedure;
26
27
B.
Declare that Google’s actions, as described herein, violate the Electronic
Communications Privacy Act (18 U.S.C. § 2702 et seq.), Cal. Bus. & Prof. Code § 17200,
28
SECOND AMENDED COMPLAINT
40
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page42 of 43
1
2
constitute Breach of Contract, and unjust enrichment;
C.
Awarding injunctive and other equitable relief as is necessary to protect the
3
interests of Plaintiffs and the Classes, including, inter alia, an order prohibiting Google from
4
engaging in the wrongful and unlawful acts described herein;
5
6
7
D.
Awarding damages, including statutory damages where applicable, to
Plaintiffs and the Classes, in an amount to be determined at trial;
E.
Awarding all economic, monetary, actual, consequential, and compensatory
8
damages caused by Google’s conduct, and if its conduct is proved willful, awarding Plaintiffs
9
and the Classes exemplary damages;
10
11
F.
Awarding restitution against Google for all money to which Plaintiffs and the
Classes are entitled in equity;
12
G.
Orderering Google to disgorge revenues and profits wrongfully obtained;
13
H.
Awarding Plaintiffs and the Classes their reasonable litigation expenses and
14
attorneys’ fees;
15
I.
Awarding Plaintiffs and the Class interest, to the extent allowable; and,
16
J.
Awarding such other and further relief as equity and justice may require.
JURY TRIAL
17
18
141.
Plaintiffs demand a trial by jury for all issues so triable.
19
20
Dated: May 1, 2012
Respectfully submitted,
NASSIRI & JUNG LLP
21
s/ Kassra P. Nassiri_____
Kassra P. Nassiri
Attorneys for Plaintiffs and the Putative Class
22
23
24
25
Dated: May 1, 2012
Respectfully submitted,
ASCHENBRENER LAW, P.C.
26
s/ Michael Aschenbrener
Michael Aschenbrener
Attorneys for Plaintiffs and the Putative Class
27
28
SECOND AMENDED COMPLAINT
41
10-cv-4809-EJD
Case5:10-cv-04809-EJD Document39 Filed05/01/12 Page43 of 43
CERTIFICATE OF SERVICE
1
2
The undersigned certifies that, on May 1, 2012, he caused this document to be
3
electronically filed with the Clerk of Court using the CM/ECF system, which will send
4
notification of filing to counsel of record for each party.
5
6
Dated: May 1, 2012
ASCHENBRENER LAW, P.C.
7
8
By: s/ Michael Aschenbrener
Michael Aschenbrener
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
SECOND AMENDED COMPLAINT
42
10-cv-4809-EJD
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
