Dunstan et al v. comScore, Inc.
Filing
136
AMENDED complaint by Jeff Dunstan, Mike Harris against comScore, Inc. (Attachments: # 1 Exhibit A)(Thomassen, Benjamin)
<![CDATA[
IN THE UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF ILLINOIS, EASTERN DIVISION
MIKE HARRIS and JEFF DUNSTAN,
individually and on behalf of a class of similarly
situated individuals,
)
)
)
)
Plaintiffs,
)
)
v.
)
)
COMSCORE, INC., a Delaware corporation,
)
)
)
Defendant.
)
__________________________________________)
Case No. 1:11-5807
Hon. James F. Holderman
FIRST AMENDED CLASS ACTION COMPLAINT
Plaintiffs Mike Harris and Jeff Dunstan bring this First Amended Class Action Complaint
(“Complaint”) against Defendant comScore, Inc. (“comScore”) for its unauthorized infiltration
of millions of unsuspecting consumers’ personal computers, as well as other deceptive and unfair
business practices perpetrated in conjunction with its data collection software. Plaintiffs, for their
Complaint, allege as follows upon personal knowledge as to themselves and their own acts and
experiences and, as to all other matters, upon information and belief, including investigation
conducted by their own attorneys.
INTRODUCTION
1.
comScore designs, distributes, and deploys its data collection software in a
deceptive and calculated fashion to unlawfully monitor the most personal online movements of
millions of consumers without their knowledge.
2.
comScore provides high profile clients such as the Wall Street Journal, the New
York Times, and Fox News with detailed data that it collects from millions of consumers online
(hereinafter referred to as “monitored consumers”). These clients pay enormous fees for access
to comScore’s highly valuable and comprehensive store of information about consumers.
3.
comScore asserts that its data provides insight into the purchasing habits, market
trends, and other online behavior of consumers. In order to gather such extensive data, comScore
relies upon a large pool of consumers with comScore’s software operating on their computers:
“[C]entral to most comScore services is the comScore panel, the largest continuously measured
consumer panel of its kind. With approximately 2 million worldwide consumers under
continuous measurement, the comScore panel utilizes a sophisticated methodology that is
designed to accurately measure people and their behavior in the digital environment.”1
4.
As one of the biggest players in the Internet research industry, statistics gleaned
from comScore’s consumer data are featured in major media outlets on a daily basis. However,
what lies beneath comScore’s data gathering techniques is far more sinister and shocking to all
but the few who fully understand its business practices. Namely, comScore has developed highly
intrusive and robust data collection software known by such names as RelevantKnowledge,
OpinionSpy, Premier Opinion, OpinionSquare, PermissionResearch, and MarketScore
(hereinafter collectively referred to in the singular as “Surveillance Software”) to surreptitiously
siphon exorbitant amounts of sensitive and personal data from consumers’ computers. Through
subsidiaries bearing innocuous names, comScore uses deceitful tactics to disseminate its
software and thereby gain constant monitoring access to millions of hapless consumers’
computers and networks.
5.
comScore’s sophisticated computer applications monitor every action conducted
by users. This data is sent to comScore’s servers, and then organized and sold to its clients.2
6.
To extract this data, comScore’s Surveillance Software injects code into the user’s
web browser to monitor everything viewed, clicked, or inputted online. In addition, the software
1
comScore Methodology, http://www.comscore.com/About_comScore/Methodology
(accurate as of Aug. 17, 2011) (web-page now since deleted).
2
To accommodate this wealth of information, comScore maintains two of the largest data
warehouses in the world. These data storage facilities are comprised of more than five hundred
(500) servers, with combined storage accommodation for two-hundred and eighty (280)
terabytes, or two-hundred and eighty thousand (280,000) gigabytes of data.
2
opens ports,3 modifies the consumer’s firewall, and places “root certificates”4 on the affected
computer to ensure unimpeded access.
7.
The scope and breadth of data that comScore collects from unsuspecting
consumers is terrifying. By way of illustration, comScore’s Surveillance Software constantly
collects and transmits the following data, among others, from a consumer’s computer to
comScore’s servers:
a)
the monitored consumer’s usernames and passwords;
b)
queries on search engines like Google;
c)
the website(s) the monitored consumer is currently viewing;
d)
credit card numbers and any financial or otherwise sensitive information
inputted into any website the monitored consumer views;
e)
the goods purchased online by the monitored consumer, the price paid by
the monitored consumer for the goods, and amount of time the monitored
consumer views the goods before purchase; and
f)
8.
specific advertisements clicked by the monitored consumer.
After the Surveillance Software is installed on a monitored consumer’s computer,
information concerning all Internet traffic from the consumer’s computer is transmitted to
comScore servers.
9.
Furthermore, comScore’s Surveillance Software seeks out and scans every file on
the monitored consumer’s computer (including word processing documents, emails, PDFs,
image files, spreadsheets, etc.), and sends information resulting from examination of those files
to comScore’s servers.
10.
Although comScore claims that its software only mines data from the individual
consumer’s computer, it designed its Surveillance Software to scan files located on any network
3
In this context, “ports” are incoming and outgoing portals on a system which facilitate
communications between computers over the Internet.
4
“Root certificates” are more fully explained in ¶¶ 57–63 of this Complaint.
3
the host computer is connected to, and sends data about those files back to comScore’s servers.
In this way, every available file housed on the monitored consumer’s local network is accessed
by comScore without authorization.
11.
Because of Defendant’s covert methods for deploying its software, millions of
monitored consumers remain wholly unaware that their every online movement is under constant
surveillance by comScore.
12.
To induce individuals to download and install its software, comScore “bundles”
its Surveillance Software with software developed by third parties. The third-party software is
generally offered at no cost, and includes popular items such as free screensavers and games, and
functional applications such as music-copying programs, or greeting-card templates. comScore
pays the third-party every time a consumer downloads the bundled software.
13.
In many cases, comScore provides no method for the monitored consumer to
uninstall its software, and often deceives the consumer into thinking that all of comScore’s
nefarious software has been removed. Moreover, comScore designed its computer applications to
resist attempts to uninstall the Surveillance Software. For example, when a consumer uninstalls
the third-party freeware program, comScore’s Surveillance Software will not be removed.
14.
comScore designed its Surveillance Software to be highly persistent. User
attempts to disable comScore’s applications are wholly ineffectual, as the software automatically
re-starts itself when deactivated. As a result, it is impossible to “turn off” comScore’s 24/7
monitoring.
15.
Even if a monitored consumer can manage to manually uninstall the Surveillance
Software, Defendant programmed its applications to secretly leave behind a comScore root
certificate. As discussed in more detail in Section VII, infra, leaving an untrusted root certificate
on a user’s computer exposes that individual to attacks by hackers, and allows comScore to remonitor the consumer’s computer in the future.
4
16.
Defendant’s Terms of Service (“TOS”) do not reveal the extensive and highly
intrusive amount of data collected by comScore from consumers’ computers.
17.
On information and belief, comScore has intentionally designed its Surveillance
Software and business practices to surreptitiously maximize both the number of consumers
monitored by Defendant, as well as the breadth of information collected.
18.
comScore’s nefarious tactics drive its bottom line by enabling the company to sell
valuable consumer information to clients for enormous fees. While highly lucrative to the
company, comScore’s methods demonstrate a wholesale disregard for consumer privacy rights
and violate numerous federal laws.
PARTIES
19.
Plaintiff Mike Harris is a natural person and citizen of the State of Illinois.
20.
Plaintiff Jeff Dunstan is a natural person and citizen of the State of California.
21.
Defendant comScore, Inc. is a Delaware corporation with its headquarters located
at 11950 Democracy Drive, Suite 600, Reston, Virginia 20190. Defendant does business
throughout the State of Illinois and the United States.
JURISDICTION AND VENUE
22.
This Court has jurisdiction over the subject matter of this action pursuant to 28
U.S.C. § 1331. This Court has jurisdiction over Defendant because it conducts business in
Illinois and/or because the improper conduct alleged in the Complaint occurred in, was directed
from, and/or emanated or exported from Illinois.
23.
Venue is proper in this District under 28 U.S.C. § 1391(a) because the injury
arose in this District. Venue is additionally proper because Defendant transacts significant
business in this District, including entering into consumer transactions, and because Plaintiff
Mike Harris is a resident of Illinois.
5
FACTUAL BACKGROUND
I.
About comScore
24.
comScore is an Internet research corporation that provides marketing data to a
wide variety of clients, generally in the form of aggregated reports about online consumer
behavior. To collect the data necessary for its reports, comScore monitors consumers’ actions
using Surveillance Software operating on users’ computers.
25.
The data collected about monitored consumers by the Surveillance Software is
transmitted, often in real-time, to comScore’s servers. This information is aggregated and
organized for Defendant’s marketing reports, which are then sold to its clients. comScore
currently monitors at least two million computers worldwide.5
26.
comScore’s clients vary widely by industry and size, and include high-profile
companies such as the New York Times, the Wall Street Journal, Procter and Gamble, and Eli
Lilly and Company. These companies use comScore’s reports for, among other things, statistics
for news articles and gauging consumer interest in products and services.
27.
comScore is capable of parsing enormous amounts of information and
extrapolating narrowly defined trends and statistics, as evidenced by the following quote from
the New York Times: “ComScore found a decline of 10 percent in time spent on Web-based
email among 18- to 24-year-olds, about the same as it found for people up to the age of 54.”6
28.
To provide the highly targeted research data noted above, comScore—through its
Surveillance Software—constantly collects, monitors, and analyzes every online move, no matter
how private, of over two million people.
5
comScore Quarterly Report - November 9, 2010,
http://ir.comscore.com/secfiling.cfm?filingID=950123-10-103289 (last visited Oct. 25, 2012).
6
Matt Richtel, E-Mail’s Big Demographic Split, Bits: New York Times Blogs (Dec. 21,
2010), http://bits.blogs.nytimes.com/2010/12/21/e-mails-big-demographic-split/.
6
29.
Unfortunately, most, if not all monitored consumers are not aware of the depth of
data comScore mines from their computers every day. In many cases, consumers are not even
aware of the Surveillance Software’s very existence.
II.
comScore’s Methods for Recruiting and Retaining Individuals to Use its Monitoring
Software
30.
As stated in Section I, supra, comScore tracks the online behavior of over two
million (2,000,000) consumers worldwide. To accomplish this, comScore has developed
proprietary software that monitors every action conducted on an individual’s computer.
comScore deploys this software primarily by two methods: 1) online respondent acquisition and
2) a third-party application provider program.7
31.
Online respondent acquisition simply refers to comScore’s method of paying
affiliate partners to post comScore’s advertisements on their websites in an effort to solicit
consumers to download comScore’s Surveillance Software. To entice consumers to download
the Surveillance Software, comScore offers sweepstakes enrollments and prizes in exchange for
membership in its “program.”8 Potential members are also offered software, such as computer
games, for free.9
32.
The second and more devious method that comScore uses to induce consumers to
install its Surveillance Software is through its third-party application provider program. This
method involves comScore paying developers to bundle the Surveillance Software with the thirdparty application provider’s software. The third-party computer application included in the
bundled software may be a free screensaver, game, CD burning software, greeting card template,
7
comScore Media Matrix U.S. Methodology at 9 (hereinafter “comScore report”),
http://thearf-org-aux-assets.s3.amazonaws.com/downloads/research/comScore-RReview.pdf (last
visited Oct. 25, 2012).
8
About RelevantKnowledge, RelevantKnowledge.com,
http://www.relevantknowledge.com/about.aspx (last visited Oct. 25, 2012).
9
Member Benefits, Permission Research,
http://www.permissionresearch.com/Benefits.aspx (last visited Oct. 25, 2012).
7
or any other type of “freeware.” In many cases, the existence of the Surveillance Software
bundled with the freeware is only disclosed, in an inconspicuous fashion, after the installation
process has already begun.
33.
For example, if a consumer downloads a free screensaver bundled with
comScore’s Surveillance Software, the third-party developer of the screensaver is then paid by
comScore for the download of the bundled software.
34.
comScore’s monitoring software is marketed through subsidiaries bearing names
such as TMRG, Inc. and VoiceFive, Inc., with varying names for its Surveillance Software, such
as RelevantKnowledge, OpinionSpy, Premier Opinion, OpinionSquare, PermissionResearch, and
MarketScore.
III.
Consumers are Not Informed About the Information Collected by ComScore’s
Surveillance Software.
35.
As discussed herein, comScore’s intrusive methods for collecting highly sensitive
information from consumers’ computers are staggering. However, comScore’s Terms of Service
(“TOS”) presented (or not presented) to the user paint a far different picture than reality.
36.
comScore’s full Privacy Policy and Terms of Service fail to disclose the following
facts regarding Surveillance Software operations performed on a consumer’s computer:
(a)
the Surveillance Software scans files on both local and network volumes;
(b)
the Surveillance Software has full rights to access and change any file on
the consumer’s computer;
(c)
the Surveillance Software opens an HTTP “backdoor” to transmit data;
(d)
the Surveillance Software has no user interface from which a consumer
can turn off the software, modify the settings, or otherwise determine what
information the software is collecting;
(e)
the Surveillance Software implants a “root certificate” that modifies the
consumer’s computer security settings, and the “root certificate” remains
on a consumer’s system even after the Surveillance Software is removed;
8
(f)
the Surveillance Software modifies a computer’s firewall settings;
(g)
the Surveillance Software transmits information concerning all of a consumer’s
internet traffic to comScore’s servers;
(h)
the Surveillance Software injects code without user intervention into
various web browsers and instant messaging applications;
(i)
the Surveillance Software can be upgraded, modified, and controlled
remotely, without consumer intervention or permission;
(j)
the Surveillance Software will not be deleted if a consumer deletes the free
application (e.g., free screensaver) with which the Surveillance Software
was bundled.
37.
Often, comScore’s TOS do not display any actual reference to Defendant’s full
license agreement whatsoever. (See Exhibit A, attached hereto as a true and accurate copy of
comScore’s Premier Opinion Surveillance Software Terms of Service bundled with a
screensaver.).
38.
In many instances, when a consumer installs third-party applications bundled with
comScore’s Surveillance Software, the graphical display shown to the user makes it appear that
only one piece of software is being installed. For example, if a person installs a free screensaver
bundled with Defendant’s RelevantKnowledge Surveillance Software, a screen will appear
during, and not before, the installation process displaying a brief description of comScore’s
product. Importantly, however, the screen is presented seamlessly with the rest of the
installation.
39.
Other comScore TOS display screens are presented to the user during the bundled
software installation process in such a way that the average, non-expert consumer would not
notice the hyperlink to Defendant’s full agreement. Examples of these inadequacies include
comScore designing its TOS without a functioning link to the full terms, or wedging the link
within a sentence, only offset by color.
9
IV.
comScore’s Surveillance Software Constantly Monitors the Consumer and
Transmits Data to its Servers.
A.
comScore Infiltrates Existing Software on the User’s Computer.
40.
Once installed, comScore’s Surveillance Software continuously transmits the
monitored consumer’s online actions back to its servers, including information concerning
virtually all of the consumer’s Internet traffic.
41.
In order to collect information about a monitored consumer, comScore designed
its Surveillance Software to scan and examine a wide variety of items on the consumer’s
computer. Through its Surveillance Software, comScore injects code into the monitored
consumer’s web browser (i.e., Internet Explorer, Safari, Firefox) to monitor everything viewed,
clicked, or typed into the browser.
42.
Additionally, to facilitate its monitoring, comScore’s Surveillance Software adds
an exception to a the computer’s firewall, allowing it unfettered access. Because certain
consumers’ firewalls are stricter than others, such an attempt to modify the firewall settings, or
the subsequent redirection of Internet traffic resulting from the firewall modification, often
causes the firewall to lockdown or “freeze” the computer to prevent further harm.
B.
comScore Transmits Users’ Internet Activity to its Servers.
43.
In addition to identifying the specific webpage that the monitored consumer is
viewing, the Surveillance Software also transmits information to comScore revealing how much
the individual pays for items in online transactions,10 how long the individual views items before
purchase, and much more. For example, comScore’s Surveillance Software observes and reports
where the monitored individual’s mouse is moving, such as whether or not the monitored
consumer is hovering over an advertisement.
10
In the aggregate, this information is used to provide insight into customer spending
habits, as evidenced by the following quote from Reuters: “U.S. consumers spent more than $35
billion online this holiday season, up 15 percent from the same period last year, comScore Inc
(SCOR.O) estimated on Tuesday.” Alistair Barr, Online holiday spending rises 15 percent:
comScore, Reuters (Dec. 27, 2011), available at http://www.reuters.com/article/2011/12/27/uscomscore-online-spending-idUSTRE7BQ1CO20111227.
10
44.
Perhaps more striking, the Surveillance Software is indiscriminate about the
information gathered and sent to comScore’s servers. Therefore, names, addresses, credit card
numbers, Social Security Numbers, and search terms on search engines are all siphoned and
transmitted to comScore.
C.
comScore’s Software Identifies Individual Users, and Cannot be Turned Off
by the User.
45.
Because comScore requires precise demographic information to create its
marketing reports, the Surveillance Software must distinguish which user is currently using the
computer at what time. In other words, comScore must know whether or not a father (male, age
45) or his daughter (female, age 14) is using the computer, as that information is necessary to
produce accurate demographic marketing reports. To that end, comScore has developed a
patented procedure known as “User Demographic Reporting” for creating biometric signatures
of consumers by tracking mouse movements and keystrokes. In this way, each time an individual
uses the computer, comScore’s Surveillance Software tracks his or her keystrokes and mouse
movements until it identifies the user as the 14-year-old daughter or 45-year-old father in the
household.
46.
comScore’s software is highly persistent and constantly runs in the background
during all computer activities, yet provides no mechanism to turn it off. If, for any reason, the
software stops running (including manual user attempts to stop it), it automatically restarts.
Accordingly, it is nearly impossible for a consumer to disable the Surveillance Software to avoid
spying on certain users of the computer system.
47.
By definition, comScore’s Surveillance Software is “spyware,” meaning it is
designed to gather data from a consumer’s computer without consent and transfer it to a third
party. Because of this characterization, scores of anti-virus and anti-spyware websites identify
comScore applications as “severe” or “high risk” spyware or adware. For example, Microsoft’s
Malware Protection Center has singled out several comScore applications as problematic. In the
11
same vein, numerous U.S. colleges and universities warn students of the dangers of running
comScore’s software and ban Internet traffic to Defendant’s servers.
V.
comScore Siphons Data From the Monitored Consumer’s Computer and Local
Network Without Authorization.
48.
comScore’s TOS indicate that the application will only monitor and collect data
about the computer on which it is installed. (See Exhibit A, and Section III, supra).
49.
Defendant’s TOS are devoid of any mention that all files on that individual’s
computer will be scanned—and that information about those files will be sent to comScore’s
servers.
A.
50.
comScore Scans All Available Files on the Local Network Attached to the
Consumer’s Computer.
In clear contrast to comScore’s TOS, its Surveillance Software additionally scans
and sends information about available files located on the local network—not just the individual
consumer’s computer—to Defendant’s servers.
51.
Put another way, if a monitored consumer uses a local network to store and access
files—a nearly ubiquitous practice among modern organizations—then the Surveillance
Software also scans all accessible files on the network and sends information about the data to
comScore’s servers. Depending on the network, these files may include confidential business
files, financial documents, trade secrets, or classified government documents.
VI.
To Avoid Disruption to its Data Collection, comScore Designed its Surveillance
Software to Continue to Operate After the Consumer Attempts to Stop It.
52.
comScore’s Surveillance Software has no user interface from which a consumer
can turn off or uninstall the software, modify the settings, or otherwise control what information
the software is collecting.
53.
As discussed in Section II, supra, comScore pays third-party developers to bundle
Surveillance Software with their applications.
54.
Even assuming that an individual recognizes the implications of installing
comScore’s Surveillance Software in tandem with software such as a free screensaver, or later
12
determines that the free screensaver was the source of the comScore software, a reasonable
consumer would believe that once the screensaver was uninstalled, comScore’s software would
be uninstalled as well. That is not the case.
55.
When a monitored consumer uninstalls bundled software, comScore’s
Surveillance Software remains active on that monitored consumer’s computer. As a result,
comScore continues to collect information about the monitored consumer, even though the
individual believes comScore’s Surveillance Software was uninstalled. Indeed, the only way to
remove comScore’s Surveillance Software is by manually locating and removing it from the
system.
56.
Because many consumers lack the requisite technical expertise to manually
remove comScore’s software, these users remain unwitting members of Defendant’s monitoring
program. In many cases, consumers are forced to purchase automated spyware removal software
to fully eliminate any traces of Defendant’s software.
VII.
comScore Endangers Consumers by Failing to Remove its Root Certificate During
the Uninstall Process for of its Surveillance Software
57.
If a monitored consumer manages to manually uninstall comScore’s Surveillance
Software, Defendant still leaves its own “root certificate” on the user’s computer.
A.
What is a Root Certificate?
58.
In very basic terms, a root certificate is part of an intricate system that helps
ensure that websites on the Internet are secure. Web browsers, such as Microsoft’s Internet
Explorer, come pre-packaged with a store of root certificates issued by trustworthy Certificate
Authorities such as VeriSign.11 A Certificate Authority, such as VeriSign, distributes certificates
to trustworthy companies like Amazon.com. When an individual browses Amazon.com, the
user’s web browser identifies a certificate that was “signed” by VeriSign, and the individual is
given assurance that the website is secure. Without this system, it would be extremely difficult, if
11
VeriSign is a company that specializes in, among other things, online security and digital
certificates. To date, VeriSign is the largest provider of digital certificates.
13
not impossible, for users to verify which websites were secure and thus safe to transmit sensitive
information to, i.e. credit card numbers and Social Security Numbers.
59.
A Certificate Authority, such as VeriSign, must follow stringent regulations in
order to have its root certificate included in a popular web browser. For example, Microsoft
requires entities applying for root certificates to comply with rigorous guidelines delineated by
the WebTrust for Certification Authorities program sponsored by the American Institute for
Certified Public Accountants (AICPA).
60.
To average users, the significance of a root certificate is most readily manifested
by the small lock in the top left of a web browser that appears when conducting secure
transactions over the Internet. This image provides the individual with peace of mind that
sensitive information can be transmitted to the website without interception by nefarious actors.
B.
comScore Installs its Own Root Certificate Through its Surveillance
Software
61.
Included in the installation of the Surveillance Software is a comScore root
certificate. This root certificate allows comScore to collect information transmitted through the
user’s browser, regardless of whether or not the transaction is secure. In other words, because
comScore has installed its own root certificate, when a monitored consumer is viewing a
website—such as Amazon.com—and thinks that the transaction is free from interception by
third-parties because of the image of a small lock in the top left of the browser, that information
is still captured by Defendant.
62.
If a monitored consumer uninstalls the Surveillance Software, comScore has
designed its software to leave behind the root certificate.
63.
The risks caused by untrusted root certificates are well documented and
14
Defendant’s actions pose serious risks to monitored consumers’ computer systems.12
FACTS RELATING TO PLAINTIFFS
64.
In or around March of 2010, Plaintiff Mike Harris downloaded and installed a free
screensaver secretly bundled with comScore’s Surveillance Software onto his Macintosh
computer. The computer Plaintiff used was connected to a local wireless network.
65.
After discovering that he had inadvertently installed this software, he searched the
World Wide Web to determine how to get rid of the application. Harris attempted to uninstall the
screensaver, however the Surveillance Software continued operating. Plaintiff Harris has a high
level knowledge of information technology, and was still only able to uninstall the software after
conducting hours of diligent research.
66.
Plaintiff Harris did not agree to comScore’s Terms of Service and did not know
that he was installing Surveillance Software when he installed the free software.
67.
In or around September of 2010, Plaintiff Jeff Dunstan downloaded and installed
free greeting card template software secretly bundled with comScore’s Surveillance Software
onto his personal computer running the Microsoft Windows operating system.
68.
After installation, Dunstan’s firewall detected the re-routing of his Internet traffic
to comScore servers, and in response, effectively disabled his computer from accessing the
Internet. In fact, Plaintiff Dunstan’s computer became entirely debilitated in reaction to the
Surveillance Software operating on his computer.
69.
Plaintiff Dunstan spent approximately ten hours investigating and researching
how comScore’s software became installed on his computer and how to remove it.
12
Hackers use untrusted root certificates such as comScore’s to intercept personal data from
users without detection. Because the consumer mistakenly believes that the transaction is secure,
he or she assumes that it is safe to input sensitive financial or other information. Armed with
comScore’s root certificate, a hacker can create the faux appearance of a secure transaction.
Accordingly, the prospect that comScore may attempt to utilize the root certificates it has
intentionally left behind on monitored consumers’ computers is a very real threat.
15
70.
Eventually, Plaintiff Dunstan had to pay forty dollars ($40) for third-party anti-
virus software to entirely remove the software from his computer and restore it to a functioning
state. Plaintiff Dunstan did not agree to comScore’s Terms of Service and did not know that he
was installing Surveillance Software when he installed the free software.
CLASS ALLEGATIONS
71.
Plaintiffs Mike Harris and Jeff Dunstan bring this action pursuant to Fed. R. Civ.
P. 23(b)(2) and (3) on behalf of themselves and the following class:
All individuals and entities in the United States who have had comScore’s Surveillance
Software installed on their computer(s).
72.
Excluded from the Class are Defendant, its legal representatives, assigns and
successors, and any entity in which Defendant has a controlling interest. Also excluded is the
judge to whom this case is assigned and the judge’s immediate family, as well as any individual
who contributed to the design and deployment of Defendant’s software products.
73.
The Class consist of hundreds of thousands, if not millions, of individuals and
other entities, making joinder impractical. On information and belief, Defendant has deceived
millions of consumers who fall into the definition set forth in the Class.
74.
Plaintiffs’ claims are typical of the claims of all other members of the Class, as
Plaintiffs and other members sustained damages arising out of the wrongful conduct of
Defendant, based upon the same actions of the software products which were made uniformly to
Plaintiffs and the Class.
75.
Plaintiffs will fairly and adequately represent and protect the interests of the other
members of the Class. Plaintiffs have retained counsel with substantial experience in prosecuting
complex litigation and class actions. Plaintiffs and their counsel are committed to vigorously
prosecuting this action on behalf of the members of the Class, and have the financial resources to
do so. Neither Plaintiffs nor their counsel have any interest adverse to those of the other
members of the Class.
16
76.
Absent a class action, most members of the Class would find the cost of litigating
their claims to be prohibitive and will have no effective remedy. The class treatment of common
questions of law and fact is also superior to multiple individual actions or piecemeal litigation in
that it conserves the resources of the courts and the litigants, and promotes consistency and
efficiency of adjudication.
77.
Defendant has acted and failed to act on grounds generally applicable to Plaintiffs
and the other members of the Class, requiring the Court’s imposition of uniform relief to ensure
compatible standards of conduct toward the members of the Class.
78.
The factual and legal bases of Defendant’s liability to Plaintiffs and to the other
members of the Class are the same, and resulted in injury to Plaintiffs and all of the other
members of the Class. Plaintiffs and the other members of the Class have all suffered harm as a
result of Defendant’s wrongful conduct.
79.
There are many questions of law and fact common to the claims of Plaintiffs and
the other members of the Class, and those questions predominate over any questions that may
affect individual members of the Class. Common questions for the Class include but are not
limited to the following:
(a)
whether comScore intentionally designed its software to scan files located
on a monitored consumer’s local network;
(b)
whether comScore intentionally designed its software and/or business
model with third-party application providers to avoid uninstallation when the
third-party application was uninstalled, thus thwarting user attempts to remove the
software;
(c)
whether comScore intentionally designed its Terms of Service to exclude
the true functionality of its Surveillance Software;
(d)
whether comScore’s conduct described herein violated the Stored
Communications Act (18 U.S.C. §§ 2701, et seq.);
17
(e)
whether comScore’s conduct described herein violated the Electronic
Communications Privacy Act (18 U.S.C. §§ 2510, et seq.);
(f)
whether comScore’s conduct described herein violated the Computer
Fraud & Abuse Act (18 U.S.C. § 1030);
(g)
whether comScore has been unjustly enriched at the expense of Plaintiffs
and the Class.
80.
Plaintiffs reserve the right to revise these definitions based on facts learned in
discovery.
FIRST CAUSE OF ACTION
Violations of the Stored Communications Act
(18 U.S.C. §§ 2701, et seq.)
(On Behalf of Plaintiffs and the Class)
81.
Plaintiffs incorporate the foregoing allegations as if fully set forth herein.
82.
The Electronic Communications Privacy Act, 18 U.S.C. §§ 2510, et seq. (the
“ECPA”) broadly defines an “electronic communication” as “any transfer of signs, signals,
writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a
wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or
foreign commerce. . . .” 18 U.S.C. § 2510(12). The Stored Communications Act incorporates this
definition.
83.
Pursuant to the ECPA and Stored Communications Act (“SCA”), “electronic
storage” means any “temporary storage of a wire or electronic communication incidental to the
electronic transmission thereof.” 18 U.S.C. § 2510(17)(A). This type of electronic storage
includes communications in intermediate electronic storage that have not yet been delivered to
their intended recipient.
84.
The SCA mandates, among other things, that it is unlawful for a person to obtain
access to stored communications on another’s computer system without authorization. 18 U.S.C.
§ 2701.
18
85.
Congress expressly included provisions in the SCA to address this issue so as to
prevent “unauthorized persons deliberately gaining access to, and sometimes tampering with,
electronic or wire communications that are not intended to be available to the public.” S. Rep.
No. 99–541, 35, 1986 U.S.C.C.A.N. 3555, 3589.
86.
comScore has violated 18 U.S.C. § 2701(a)(1) because it intentionally accessed
consumers’ communications without authorization and obtained, altered, or prevented authorized
access to a wire or electronic communication while in electronic storage by continuing to operate
after the user uninstalled bundled software. comScore had actual knowledge of, and benefited
from, this practice.
87.
Additionally, comScore has violated 18 U.S.C. § 2701(a)(2) because it
intentionally exceeded authorization to access consumers’ communications and obtained, altered,
or prevented authorized access to a wire or electronic communication while in electronic storage
by continuing to operate after the user uninstalled bundled software. Defendant had actual
knowledge of, and benefited from, this practice.
88.
comScore has also violated 18 U.S.C. § 2701(a)(2) because it intentionally
exceeded authorization to access consumers’ communications and obtained, altered, or prevented
authorized access to a wire or electronic communication while in electronic storage by accessing
files on the Plaintiffs’ and the Class’s local networks without permission.
89.
As a result of Defendant’s conduct described herein and its violation of § 2701,
Plaintiffs and the Class have suffered injuries to their privacy rights, and economic harm due to
comScore’s unjust enrichment at their expense. Plaintiffs, on behalf of themselves and the Class,
seek an order enjoining Defendant’s conduct described herein and awarding themselves and the
Class the maximum statutory and punitive damages available under 18 U.S.C. § 2707.
SECOND CAUSE OF ACTION
Violations of the Electronic Communications Privacy Act
(18 U.S.C. §§ 2510, et seq.)
(On Behalf of Plaintiffs and the Class)
90.
Plaintiffs incorporate the forgoing allegations as if fully set forth herein.
19
91.
The Electronic Communications Privacy Act, 18 U.S.C. §§ 2510, et seq. (the
“ECPA”) broadly defines an “electronic communication” as “any transfer of signs, signals,
writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a
wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or
foreign commerce. . . .” 18 U.S.C. § 2510(12).
92.
The ECPA defines “electronic communications system” as any wire, radio,
electromagnetic, photooptical or photoelectronic facilities for the transmission of wire or
electronic communications, and any computer facilities or related electronic equipment for the
electronic storage of such communications. 18 U.S.C. § 2510(14).
93.
The ECPA broadly defines the contents of a communication. Pursuant to the
ECPA, “contents” of a communication, when used with respect to any wire, oral, or electronic
communications, include any information concerning the substance, purport, or meaning of that
communication. 18 U.S.C. § 2510(8). The definition thus includes all aspects of the
communication itself. The privacy of the communication to be protected is intended to be
comprehensive.
94.
Plaintiffs’ and Class Members’ personal computers and computer networks
constitute “electronic computer systems.” Plaintiffs and Class members transmit “electronic
communications” by and through their computers and computer networks in the form of, among
others, emails, sending requests to visit websites, online chats, file transfers, file uploads, and file
downloads.
95.
comScore’s conduct violated 18 U.S.C. § 2511(1)(a) because it intentionally
intercepted and endeavored to intercept Plaintiffs’ and Class Members’ electronic
communications to, from, and within their computers and computer networks.
96.
comScore’s conduct violated 18 U.S.C. § 2511(1)(d) because it used and
endeavored to use the contents of Plaintiffs’ and Class Members’ electronic communications to
20
profit from its unauthorized collection and sale, knowing and having reason to know that the
information was obtained through interception in violation of 18 U.S.C. § 2511(1).
97.
comScore intentionally obtained and/or intercepted, by device or otherwise, these
electronic communications, without the knowledge, consent or authorization of Plaintiffs or the
Class.
98.
Plaintiffs and the Class suffered harm as a result of comScore’s violations of the
ECPA, and therefore seek (a) preliminary, equitable and declaratory relief as may be appropriate,
(b) the sum of the actual damages suffered and the profits obtained by Defendant as a result of
their unlawful conduct, or statutory damages as authorized by 18 U.S.C. § 2520(2)(B),
whichever is greater, (c) punitive damages, and (d) reasonable costs and attorneys’ fees.
THIRD CAUSE OF ACTION
Violation of the Computer Fraud and Abuse Act (“CFAA”)
(18 U.S.C. § 1030)
(On Behalf of Plaintiffs and the Class)
99.
Plaintiffs incorporate the foregoing allegations as if fully set forth herein.
100.
comScore intentionally accessed a computer without authorization and/or
exceeded any authorized access and in so doing intentionally breached its own Terms of Service
and Privacy Policy.
101.
Defendant illegally obtained this information from a protected computer involved
in interstate or foreign communication.
102.
By scanning and removing information from local and network files, monitoring
internet behavior, including keystroke logging consumer input, and injecting code and data onto
Plaintiffs’ computers, comScore accessed Plaintiffs’ computers, in the course of interstate
commerce and/or communication, in excess of the authorization provided by Plaintiffs as
descried in 18 U.S.C. § 1030(a)(2)(C).
103.
comScore violated 18 U.S.C. § 1030(a)(2)(C) by intentionally accessing
Plaintiffs’ and Class Members’ computers and computer networks without authorization and/or
by exceeding the scope of that authorization.
21
104.
Plaintiffs’ computers, and those belonging to Class Members, are protected
computers pursuant to 18 U.S.C. § 1030(e)(2)(B) because they are used in interstate commerce
and/or communication. Specifically, Plaintiff Dunstan spent $40 to purchase a spyware removal
program to fully remove the program and restore his computer to a functioning state.
105.
By accessing, collecting, and transmitting Plaintiffs and Class Members’
computer data without authorization, comScore intentionally caused damage to those computers
by impairing the integrity of information and/or data.
106.
Through the conduct described herein, comScore has violated 18 U.S.C.
§ 1030(a)(5)(A)(iii).
107.
As a result, comScore’s conduct has caused a loss to one or more persons during
any one-year period aggregating at least $5,000 in value in real economic damages.
108.
Plaintiffs and the Class expended time, money and resources to investigate and
remove comScore’s tracking software from his computer.
109.
Plaintiffs and Class members have additionally suffered loss by reason of these
violations, including, without limitation, violation of the right of privacy.
110.
comScore’s actions were knowing and/or reckless and caused harm to Plaintiffs
and members of the Class.
FOURTH CAUSE OF ACTION
Unjust Enrichment
(On Behalf of Plaintiffs and the Class)
111.
Plaintiffs incorporate the foregoing allegations as if fully set forth herein.
112.
Plaintiffs and members of the Class conferred a monetary benefit on comScore.
Defendant received and retained money by selling data collected from Plaintiffs and the Class
through its Surveillance Software to its clients. Much of this information was collected from
Plaintiffs and the Class without authorization and through deceptive business practices.
113.
comScore appreciates or has knowledge of such benefit, as demonstrated by its
public representations regarding its sales of reports regarding online consumer activity.
22
114.
Under principles of equity and good conscience, comScore should not be
permitted to retain the money obtained by selling information about Plaintiffs and members of
the Class, which comScore has unjustly obtained as a result of its unlawful actions.
115.
Accordingly, Plaintiffs and the Class seek full disgorgement and restitution of any
money comScore has retained as a result of the unlawful and/or wrongful conduct alleged herein.
PRAYER FOR RELIEF
WHEREFORE, Plaintiffs, individually and on behalf of the Class, pray for the following
relief:
A.
Certify this case as a class action on behalf of the Class defined above, appoint
Mike Harris and Jeff Dunstan as class representatives, and appoint their counsel as class counsel;
B.
Declare that comScore’s actions, as described herein, violate the Stored
Communications Act (18 U.S.C. §§ 2701, et seq.), the Electronic Communications Privacy Act
(18 U.S.C. §§ 2510, et seq.), and the Computer Fraud and Abuse Act (18 U.S.C. § 1030);
C.
Award injunctive and other equitable relief as is necessary to protect the interests
of the Plaintiffs and the Class, including, inter alia: (i) an order prohibiting comScore from
engaging in the wrongful and unlawful acts described herein; (ii) requiring comScore to refrain
from accessing files attached to consumers’ local networks; (iii) requiring comScore to delete its
root certificate when the Surveillance Software is removed; (iv) requiring comScore to
conspicuously and truthfully display the manner in which it collects data about monitored
consumers in its Terms of Service; and (v) requiring comScore to uninstall its Surveillance
Software when bundled software is uninstalled.
D.
Award damages, including statutory damages of $1,000 per violation under the
Stored Communications Act, 18 U.S.C. § 2707(c), and the Electronic Communications Privacy
Act, 18 U.S.C. § 2520, and punitive damages where applicable, to Plaintiffs and the Class in an
amount to be determined at trial;
23
E.
Award Plaintiffs and the Class their reasonable litigation expenses and attorneys’
F.
Award Plaintiffs and the Class pre- and post-judgment interest, to the extent
fees;
allowable; and
G. Award such other and further relief as equity and justice may require.
JURY TRIAL
Plaintiffs demand a trial by jury for all issues so triable.
Dated: October 25, 2012
RESPECTFULLY SUBMITTED,
MIKE HARRIS AND JEFF DUNSTAN,
INDIVIDUALLY AND ON BEHALF OF A CLASS OF
SIMILARLY SITUATED INDIVIDUALS,
By: /s/ Benjamin S. Thomassen
One of Plaintiffs’ Attorneys
Jay Edelson
Rafey S. Balabanian
Ari J. Scharg
Benjamin S. Thomassen
Chandler R. Givens
EDELSON MCGUIRE, LLC
350 North LaSalle, Suite 1300
Chicago, Illinois 60654
Telephone: (312) 589-6370
jedelson@edelson.com
rbalabanian@edelson.com
ascharg@edelson.com
bthomassen@edelson.com
cgivens@edelson.com
24
CERTIFICATE OF SERVICE
I, Benjamin S. Thomassen, an attorney, hereby certify that on October 25, 2012, I served
the above and foregoing First Amended Class Action Complaint by causing true and accurate
copies of such paper to be filed and transmitted to all counsel of record via the Court’s CM/ECF
electronic filing system, on this the 25th day of October 25, 2012.
/s/ Benjamin S. Thomassen
Benjamin S. Thomassen
25
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
