Google Spars with Internet Users Over Privacy Before Third Circuit

Google won in the district court, which dismissed the case last year after two-dozen similar suits were consolidated in a multidistrict litigation and sent to the District of Delaware.

The plaintiffs in the case are people who used one of two Internet browsers ' Apple's Safari or Microsoft's Internet Explorer ' each of which was designed and advertised as protecting users' privacy by blocking the third-party cookies.

“Unable to compile detailed profiles for millions of Safari and IE users, the defendants designed and deployed secret computer code, triggering an invisible iframe, generating a hidden form leading to a clandestine cookie, and intentionally deceptive computer language to hack past Safari's and IE's default privacy settings to place hidden tracking cookies into browser-managed files on plaintiffs' hard drives,” according to the plaintiffs' brief, which argues that this system allowed Google and the other defendants to collect information about the Internet users.

Jason Barnes of Barnes & Associates in Jefferson City, MO, argued on behalf of the plaintiffs.

Judge D. Michael Fisher noted during arguments that the federal Wiretap Act, 18 U.S.C. '2510, et. seq., requires one party consent, indicating that requirement would be satisfied since the advertising websites ostensibly knew about the cookies. Barnes, however, argued the websites didn't actually know that Google and the other companies had been using cookies and, beyond that, it's a factual issue.

The three types of content had been intercepted, Barnes said ' detailed URLs, forms and search queries. So he framed the question as being whether those things relate to the substance or meaning of an electronic communication, as is required by the Wiretap Act.

Later, addressing Rubin, Judge Cheryl Krause asked: “Thinking about this as combined communication, are URLs content?”

Barnes had argued that URLs can convey information about the user. He used the example of a website with advice on controlling herpes outbreaks.

Answering Krause's question, Rubin said: “We don't think the court gets to that.”

“But, if we did,” Judge Julio Fuentes pressed.

“It's a fact-intensive question,” Rubin said.

“So, if we get to that question, then you think that we would need to reverse and remand for fact-finding?” Krause said.

“Absolutely not,” Rubin said. The complaint doesn't detail any specific examples of particular URLs that were intercepted, which would allow the court to determine whether the Web address would constitute content.

There are “multiple allegations of URLs being transmitted,” Krause said.

The district court recognized that URLs are location identifiers, Rubin said, explaining that additional information is necessary to determine the meaning of the content.

Some URLs could constitute content, Rubin conceded when asked by Krause, but none have been alleged in this case, he said.

Asked about online forms and search queries, Rubin said the method for tracking forms is different than the one at issue in this case.

“So, if we get to the point of looking at content under the Wiretap Act ' wouldn't we need to remand for fact-finding on those issues?” Krause asked.

“No. First of all there's no device at issue here. They have to allege a device was used to do the interception ' the only device they allege under the Wiretap Act is the code that set the cookies and they vaguely point to the cookies themselves. So at best, at best, the cookie is the device they allege,” Rubin said.

Krause counted the devices that could qualify here ' the user's computer, the first-party server, and the defendants' servers.

But the plaintiffs didn't identify those; they just identified cookies, Rubin said. Also, all of those things are used to deliver ads regardless of whether cookies are attached, so they can't be conceived of as the infrastructure for a wiretap interception, he said.

“The only thing that's plausibly a device for the Wiretap Act claim is the cookie; otherwise, all of that other infrastructure exists and would be subject to an interception claim absent the cookie, and that would, again, bring us back to a place where people could be bringing wiretap claims in all sorts of contexts,” Rubin said.

Saranac Hale Spencer writes for The Legal Intelligencer, an ALM sibling of Internet Law & Strategy, in which this article originally appeared. She can be reached at [email protected]. Follow her on Twitter @SSpencerTLI.

Cookies are either a benign method for furnishing Internet users with relevant advertising or they are the foundation of a pernicious invasion of privacy, lawyers argued in front of the Third Circuit last month.

Either way, the U.S. Court of Appeals for the Third Circuit appears likely to be wading into precedent-setting territory.

Google and other Internet companies that use third-party cookies are the only defendants in the case, “but this is how systems across the entire Internet work and whatever ruling this court issues is going to affect broad swaths of companies and how they interact,” says Michael Rubin, the Wilson Sonsini Goodrich & Rosati lawyer who represented Google in front of the Third Circuit.

Google won in the district court, which dismissed the case last year after two-dozen similar suits were consolidated in a multidistrict litigation and sent to the District of Delaware.

The plaintiffs in the case are people who used one of two Internet browsers ' Apple's Safari or Microsoft's Internet Explorer ' each of which was designed and advertised as protecting users' privacy by blocking the third-party cookies.

“Unable to compile detailed profiles for millions of Safari and IE users, the defendants designed and deployed secret computer code, triggering an invisible iframe, generating a hidden form leading to a clandestine cookie, and intentionally deceptive computer language to hack past Safari's and IE's default privacy settings to place hidden tracking cookies into browser-managed files on plaintiffs' hard drives,” according to the plaintiffs' brief, which argues that this system allowed Google and the other defendants to collect information about the Internet users.

Jason Barnes of Barnes & Associates in Jefferson City, MO, argued on behalf of the plaintiffs.

Judge D. Michael Fisher noted during arguments that the federal Wiretap Act, 18 U.S.C. '2510, et. seq., requires one party consent, indicating that requirement would be satisfied since the advertising websites ostensibly knew about the cookies. Barnes, however, argued the websites didn't actually know that Google and the other companies had been using cookies and, beyond that, it's a factual issue.

The three types of content had been intercepted, Barnes said ' detailed URLs, forms and search queries. So he framed the question as being whether those things relate to the substance or meaning of an electronic communication, as is required by the Wiretap Act.

Later, addressing Rubin, Judge Cheryl Krause asked: “Thinking about this as combined communication, are URLs content?”

Barnes had argued that URLs can convey information about the user. He used the example of a website with advice on controlling herpes outbreaks.

Answering Krause's question, Rubin said: “We don't think the court gets to that.”

“But, if we did,” Judge Julio Fuentes pressed.

“It's a fact-intensive question,” Rubin said.

“So, if we get to that question, then you think that we would need to reverse and remand for fact-finding?” Krause said.

“Absolutely not,” Rubin said. The complaint doesn't detail any specific examples of particular URLs that were intercepted, which would allow the court to determine whether the Web address would constitute content.

There are “multiple allegations of URLs being transmitted,” Krause said.

The district court recognized that URLs are location identifiers, Rubin said, explaining that additional information is necessary to determine the meaning of the content.

Some URLs could constitute content, Rubin conceded when asked by Krause, but none have been alleged in this case, he said.

Asked about online forms and search queries, Rubin said the method for tracking forms is different than the one at issue in this case.

“So, if we get to the point of looking at content under the Wiretap Act ' wouldn't we need to remand for fact-finding on those issues?” Krause asked.

“No. First of all there's no device at issue here. They have to allege a device was used to do the interception ' the only device they allege under the Wiretap Act is the code that set the cookies and they vaguely point to the cookies themselves. So at best, at best, the cookie is the device they allege,” Rubin said.

Krause counted the devices that could qualify here ' the user's computer, the first-party server, and the defendants' servers.

But the plaintiffs didn't identify those; they just identified cookies, Rubin said. Also, all of those things are used to deliver ads regardless of whether cookies are attached, so they can't be conceived of as the infrastructure for a wiretap interception, he said.

“The only thing that's plausibly a device for the Wiretap Act claim is the cookie; otherwise, all of that other infrastructure exists and would be subject to an interception claim absent the cookie, and that would, again, bring us back to a place where people could be bringing wiretap claims in all sorts of contexts,” Rubin said.

Saranac Hale Spencer writes for The Legal Intelligencer, an ALM sibling of Internet Law & Strategy, in which this article originally appeared. She can be reached at [email protected]. Follow her on Twitter @SSpencerTLI.