A lawsuit seeking class action status was filed in federal court claiming that LinkedIn hacked into external email accounts of its members and sent out numerous spam invitations. While users were logged into web-based email accounts such as GMail, Yahoo! Mail, Microsoft mail and others, the social networking giant allegedly broke state and federal laws in accessing member accounts without their knowledge and permission. As has become commonplace, an employee's use of social media is cited as conspicuous additional proof of nefarious activity.
Your email address is worth money - at least $10 per use says LinkedIn and as cited in the civil complaint. This is what the company charges subscribers for each "InMail" communication with a person who is not a linked connection to the member and thus not "in network." The plaintiffs (through their attorneys) claim that the company was deliberately engaged in an overzealous effort to find new subscribers when it broke California state computer fraud and abuse laws, privacy and rights of publicity laws, the Stored Communications Act and the Wiretap Act.
The complaint cites the registration process as being a prime example of deliberate vagueness designed to skirt privacy rights. It clouds the user's ability to make an informed decision about how LinkedIn accesses and handles data shared by the user. While the legal terms of service and privacy policy links are now near the "Join now" button today, only an asterisk appeared there during the time that the complaint was being assembled. One had to scroll down to the bottom of the page to see those links and it is claimed that many users may not have seen them prior to registration. While a user may have agreed to provide an external email address (such as one's GMail acount) to LinkedIn for a limited purpose, would that user know that the company would surreptitiously harvest emails found in contacts databases and user mailboxes while the user was logged into the service? If this did take place, as is claimed by numerous people, then LinkedIn claims that users agreed to this practice.
What makes this lawsuit more disconcerting than others is that LinkedIn was accused of using harvested email addresses to solicit new members in the guise of a user approved email. In other words, the company used its own "seal of trust" to send out emails to private contacts as a more effective way of new member conversion. The complaint cited several complaints on the LinkedIn website, including one from a distraught woman who had invitations to connect with her sent to a mentally disturbed person whose email address was contained in her private email account. Looking at LinkedIn's own website reveals a significant number of complaints about "hacking and spamming" by the company. One in particular which has dozens of comments from other members states:
When I finally joined, I made sure I did not tick anything that could be construed as permission to send invitation spam in my name. Yet now it's happening. Accessing people's email address lists without their permission, and sending spam in their name without asking, is not acceptable.
The complaint alleges (and the company disputes) that LinkedIn's software engineer (who is currently "on sabbatical from high tech slacking") posted on Linkedln at some point that his role is "devising hack schemes to make lots of $$$ with Java, Groovy and cunning at Team Money!" On its company blog, in house counsel denies the allegations and asserts that LinkedIn's core value is "Members First." They assert that the company did not hack member accounts and that it would not conduct activities without the user's consent. This lawsuit challenges those assertions and places into question whether LinkedIn (1) provided adequate disclosure to members about its services and polices, (2) actually had member permission to perform these activities, and (3) regardless of whether they had permission, whether users adequately understood what was being harvested.
The LinkedIn Lawsuit - Privacy and Spam Accusations
The complaint cites the registration process as being a prime example of deliberate vagueness designed to skirt privacy rights. It clouds the user's ability to make an informed decision about how LinkedIn accesses and handles data shared by the user. While the legal terms of service and privacy policy links are now near the "Join now" button today, only an asterisk appeared there during the time that the complaint was being assembled. One had to scroll down to the bottom of the page to see those links and it is claimed that many users may not have seen them prior to registration. While a user may have agreed to provide an external email address (such as one's GMail acount) to LinkedIn for a limited purpose, would that user know that the company would surreptitiously harvest emails found in contacts databases and user mailboxes while the user was logged into the service? If this did take place, as is claimed by numerous people, then LinkedIn claims that users agreed to this practice.
What makes this lawsuit more disconcerting than others is that LinkedIn was accused of using harvested email addresses to solicit new members in the guise of a user approved email. In other words, the company used its own "seal of trust" to send out emails to private contacts as a more effective way of new member conversion. The complaint cited several complaints on the LinkedIn website, including one from a distraught woman who had invitations to connect with her sent to a mentally disturbed person whose email address was contained in her private email account. Looking at LinkedIn's own website reveals a significant number of complaints about "hacking and spamming" by the company. One in particular which has dozens of comments from other members states:
When I finally joined, I made sure I did not tick anything that could be construed as permission to send invitation spam in my name. Yet now it's happening. Accessing people's email address lists without their permission, and sending spam in their name without asking, is not acceptable.
Principal Software Engineer Brags on Social Media?
The complaint alleges (and the company disputes) that LinkedIn's software engineer (who is currently "on sabbatical from high tech slacking") posted on Linkedln at some point that his role is "devising hack schemes to make lots of $$$ with Java, Groovy and cunning at Team Money!" On its company blog, in house counsel denies the allegations and asserts that LinkedIn's core value is "Members First." They assert that the company did not hack member accounts and that it would not conduct activities without the user's consent. This lawsuit challenges those assertions and places into question whether LinkedIn (1) provided adequate disclosure to members about its services and polices, (2) actually had member permission to perform these activities, and (3) regardless of whether they had permission, whether users adequately understood what was being harvested.
- Legal Practice
- Rights - Privacy
- Jurisdiction
- US Federal