Another Class Action Pops Up For Complaints About Pop-Ups

By: Ifrah Law

A class action lawsuit recently instituted in federal court in the Northern District of California, Hunter v. Lenovo et al., alleges that Lenovo Inc., a computer manufacturer, violated its customers’ rights by selling computers which came preinstalled with alleged spyware manufactured by Superfish Inc., another named defendant.  The purported class alleges that the Superfish software monitors user activity and displays pop-up ads, among other things, as part of an “image-based search” function which identifies images on the user’s screen and seeks out similar images on the web. The complaint states causes of action for violations of the Electronic Communications Privacy Act and the Stored Communications Act, as well as unjust enrichment.

The Stored Communications Act (“SCA”), 18 U.S.C. §§ 2701-2712 provides criminal penalties for anyone who “intentionally accesses without authorization a facility through which an electronic communication service is provided” or “intentionally exceeds an authorization to access that facility.”  The SCA has been cited by plaintiffs in other class actions in which users allege that a technology company has overstepped its bounds.  For instance, in Perkins v. LinkedIn Corp., No. 13-CV-04303-LHK, 2014 WL 2751053 (N.D. Cal. June 12, 2014), a putative class of LinkedIn users alleged that the social networking company violated the SCA by collecting contacts from users’ external email accounts.  The court granted LinkedIn’s motion to dismiss the SCA claims, noting that the users consented to the collection of email addresses in a prominent disclosure, and therefore LinkedIn was “authorized” to collect the information, an exception to the SCA pursuant to 18 U.S.C. §2701(c).

The complaint in Hunter v. Lenovo attempts to preempt a consent defense, alleging that “Plaintiff never agreed to any terms or conditions regarding the Superfish Surveillance Software.  Accordingly, Plaintiff never consented to Defendants’ monitoring of, access to, and/or interception of his internet communications.”  However, according to a January 23, 2015 forum post by a Lenovo administrator (since edited to link to Lenovo advisory), users had the opportunity to decline the Superfish software Terms of Use, thus disabling the software.  If this proves to be true, then it would be consistent with the court’s determination in LinkedIn that a user’s consent may serve as a defense against an SCA claim.  Unlike LinkedIn, however, the Hunter SCA claim may not be appropriate for resolution at the motion to dismiss stage because it raises an issue of disputed fact which may require discovery.

Although the suit is still pending, Lenovo has reversed course on the Superfish software.  Lenovo has disabled Superfish on computers which came pre-installed with the software, its websites offer instructions for users to uninstall the software altogether, and Lenovo computers no longer come preinstalled with the program.  While these remedial actions may be an appropriate response to user concerns, they do not constitute an admission of legal liability in the class action suit.   The defendants may still argue that users consented to the software, even as they remove it from the computers.