YAHOO! accused of stalking
by John Selby, Solicitor, Mallesons Stephen Jaques
John Selby, a solicitor with Mallesons Stephen Jaques, outlines the cyber stalking
class action suit lodged against Yahoo! Inc in Dallas Texas. John examines the
issues involved, the consequences of a successful action and gives his view
as to whether the action will be successful.
In a class action suit lodged in Dallas, Texas on 18 January
2000, Internet portal and search engine, Yahoo! Inc1 was accused
of breaching Texas' anti-stalking laws through the use of cookies. The plaintiff's
petition in Stewart v Yahoo! Inc 1 seeks $US50 billion damages as use of the cookies is "a surveillance-like
scheme that monitors and stalks users without their consent or full knowledge"2.
The suit appears to be a tactic in a larger dispute between
Chalkboardtalk.com and Yahoo! Inc over information gleaned from Chalkboardtalk's
website. That suit seeks damages of $1 billion and punitive damages of $3 billion
from Yahoo! Inc, Broadcast.com and several Yahoo! directors for breach of contract
and conversion.
WHAT IS A COOKIE?
A cookie is a small text file that is sent by a webserver
to a personal computer when a person views that website on their computer. The
text file usually contains a series of letters and numbers that act as a unique
identifier for that visitor's computer and enables the webserver to detect whenever
a particular computer accesses pages from the server. This means that a webserver
can serve information and advertising that is customised to the recorded preferences
of that identifier whenever that computer logs onto the website (or an affiliated
website).3
Most Internet browsers are configured to automatically receive
all cookie without notifying the user that those cookies are being received.4 Whilst a website may post a privacy policy notifying
users of its cookie usage, if a user followed a link to that site, cookies will
already have been stored on the user's computer before the page (and notice
of the site's privacy policy) has loaded.
If a user enters personal information onto a website (perhaps
to use a free email service, to find out the weather in a particular city or
to find out what movies are on at their local cinema), then the unique identifier
sent by the webserver to that person's computer could contain information that
could enable a website owner to match the online activities of that computer
to those of a particular person.
HOW DOES YAHOO! USE COOKIES?
To enable Yahoo!'s website to offer visitors the opportunity
to customize the content that they receive from the site and to access personal
online email accounts, Yahoo! stores cookies on its visitor's computers.
Yahoo!'s privacy policy 5 informs visitors to Yahoo!'s website that
Yahoo! stores its own and its advertisers' cookies and web beacons (single pixel
graphic files used to monitor page views 6
) on visitor 's computers to be able to, "...enable Yahoo!
to provide customised services and advertising, ... to monitor visits to particular
pages within its network and to ... increase security during use of personal email
accounts". Yahoo! will share personalised information with its advertisers and
business associates. Those advertisers and business associates are not necessarily
bound by Yahoo!'s privacy policy.
THE ALLEGED OFFENCE
Section 42.072 of the Texas Penal Code makes it an offence
for a person to knowingly engage on more than one occasion in a course of conduct
that:
• is known by that person to be,or
• would be regarded by the other person as,
or
• a reasonable person in the other person's position would regard such
conduct as;
threatening bodily injury or death to the other person or a member of their
family or household, or would cause an offence to be committed against that
other person's property.
The maximum penalty for a breach of section 42.072 is $US
4000 or one year's imprisonment, unless the perpetrator has a previous conviction
in which case the maximum penalty is 2-10 years jail and up to $US 10 000 fine.7
IS YAHOO! LIKELY TO BE IN BREACH OF TEXAS' ANTI-STALKING
LAWS?
Yahoo!'s use of cookies is a course of conduct which occurs
on more than one occasion (every time a user visits a page on the Yahoo! site,
a cookie is either stored onto or read from that user's computer). However,
it is highly debatable whether that course of conduct would be regarded by a
reasonable person as threatening bodily harm or death. Therefore, the only remaining
potential breach of section 42.072 could be that Yahoo! Is engaging in a course
of conduct which threatens an offence against a user's property.
HAS YAHOO! THREATENED AN OFFENCE AGAINST A USER'S PROPERTY?
Unless a user has provided Yahoo! with their personal information,
Yahoo!'s cookies only records that a computer visited the site, not the identity
of the user sitting behind that computer. However, the databases that record
which sites a particular computer visits can develop a highly accurate description
of that user's online behaviour. If a user gives their personal information
to Yahoo! which may be then linked to that behavioural
modelling, a record of a particular person's online behaviour and interests
is created.8
Whether the right to anonymously surf the web is a personal
right or a property right (or even a right for that matter) is an argument beyond
the scope of this article. Yahoo! is not threatening or actually committing
arson, fraud, robbery or criminal trespass on visitors to its sites.9
However, the Texan Penal Code includes computer crimes as offences
against property. The use of processing power or storage of information on a
computer without the effective consent of the owner of that computer is a breach
of computer security which is an offence.10
The penalty for breaching section 33.02 is a fine of up to
$US 10 000 if the offender was not intending to benefit from the breach. In
Yahoo!'s case, the storing of cookies on a visitor's computer is essential for
tracking that computer. This tracking enables Yahoo! to sell targeted advertising
and hence earn revenue (ie: benefit from the breach).11
Yahoo! has a defence to this offence if it can prove that it received effective
consent from the owners of computers that visit its site to store cookies on
those computers. The link to Yahoo!'s privacy policy is contained in a link
in small type at the very bottom of its webpages. It is unlikely that the majority
of visitors to Yahoo!'s website would read this policy.
Parking garages and traditional stores that place restrictions
upon the right to access their facilities are required to post large notices
at the point of entry to inform visitors of those restrictions and to ensure
that the store has the customer's consent to enforce those restrictions.12
Arguably, Yahoo! has not provided an equivalent
level of disclosure. A small link buried at the bottom of a page containing
over 230 hyperlinks 13
is not the same as a large font sign in the entryway to a store.
CONCLUSION
It is arguable that Yahoo! Inc has technically breached Texas'
anti-stalking laws. However, whether a court would impose a penalty in this
situation is questionable. Texan juries have a reputation as being plaintiff-friendly
which could mean that significant damages may be handed down 14
against Yahoo!. The intention of the Texas legislature
in passing the Penal Code appears to have been to protect people from physical
stalking and computer cracking. It is unlikely that that legislature intended
to pass a law declaring that the business model used by 95% of e-commerce websites
(ie: cookie driven advertising) is illegal. It is more likely that this is just
another example of how developments on the Internet can outpace the foresight
of the legislature, leading to unintended consequences. This case is not scheduled
to be heard for at least another 12 months. If in the meantime, Chalkboardtalk.com
and Yahoo! settle their ongoing contractual dispute, this action is likely to
be settled.
1 Case No. 0001045I, 162nd Civil District Court, Dallas, Texas
before Rhea J. At the time of writing this article, no date has been set for
the hearing.
2 Ingram, M., (2000), "Growing Concern over Internet Privacy",
http://www.wswsw.org/ articles/2000/feb2000/
web-f25.shtml.
3 Yahoo!'s Privacy Policy says that it passes its cookie information
onto its business associates.
4 A user can alter their browser settings to reject all cookies
or to notify the user when a cookie is being sent. The first option renders
some sites inoperable (free email sites, online shopping malls, etc) whilst
the second option makes browsing a frustrating experience - almost every time
a user clicks on a link, several warnings pop up enquiring whether to accept
or reject the cookies being received. Some sites place up to 20 cookies on a
user's computer each time a new page is viewed. Fortunately, some third party
programs can make managing cookies much easier, eg: Cookie Pal, http://www.kburra.com.
5 http://privacy. Yahoo!.com/privacy/us/
6 http://privacy. Yahoo!.com/privacy/us/pixels/
7 Sections 12.21 and 12.34 Texas Penal Code.
8 A common method to prevent this is for a user to fill out
each online form with different nonsensical information and to regularly delete
all cookies from the hard disc (eg: using Window Washer, http://www.webroot.com).
9 Title 7, Offences against Property, Texas Penal Code, Chapters
28-32.
10 Section 33.02 Texan Penal Code
11 Section 12.51 Texan Penal Code
12 For example, a store's right to search the bags of visitors
to a store would be criminal trespass unless acceptance of that right was made
a visible condition of access to the store and parking garages exclude liability
for loss or theft - Council of the City of Sydney v West (1965) 114 CLR 481;
Davis v Pearce Parking Station Pty Ltd (1954) 91 CLR 642.
13 http://www.yahoo.com (as at 31/7/00)
14 http://www.nytimes.com/library/tech/00/02/
cyber/cyberlaw/18law.html
September 2000 contents
|
