Netscape and AOL Sued for Alleged Privacy Violation

(July 6, 2000) A complaint was filed against Netscape and AOL in federal court alleging that Netscape's SmartDownload plug in secretly steals private information of third parties in violation of the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act.

The original complaint in Christopher Specht v. Netscape Communications Corp. and America Online Inc. was filed on July 6 in U.S. District Court for the Southern District of New York.

The sole plaintiff in the suit is an individual named Christopher Specht. The complaint merely alleges that he is an individual who "maintains Web sites on the Internet at which visitors are invited to download exe files."

However, the complaint also seeks class action status. The class would include all U.S. persons who maintain web sites that provide .exe and .zip files for download.

Before Specht can bring suit on behalf of the class, the court must first determine that this action is a proper class action, and certify Specht as the proper representative of the Class under Rule 23 of the Federal Rules of Civil Procedure.

Christopher Specht is a photographer from Hoboken, New Jersey, whose work includes legal photography. He maintains a web site for his business, Law Photo.

The defendants are Netscape, which makes the Communicator browser and the SmartDownload plug in, and America Online. Netscape is a subsidiary of AOL.

SmartDownload is a download manager plug-in from Netscape that is designed to facilitate the file download process for Windows 95/98/NT users of Netscape versions 3.x and later. Its main features include the ability to pause and resume downloads, automatic recovery from dropped Internet connections, and a download status window. It handles .exe, .zip, and .idp files.

The Netscape web site describes SmartDownload as follows:

"SmartDownload is a service from Netscape Netcenter designed to assist you with downloading files from the Internet. Key features of SmartDownload are its ability to pause and resume downloads, recover from a dropped Internet connection, and show informative content from Netcenter while downloading." [See, page titled About SmartDownload.]

The complaint alleges that SmartDownload uses cookie technology to secretly send information about downloads to Netscape. It alleges that SmartDownload

"secretly transmits to defendants information identifying the name, type, and source of each and every exe or zip file that a an Internet user downloads using SmartDownload from any site on the Internet, along with information uniquely identifying the visitor. SmartDownload captures and transmits this information unbeknownst to and without the consent of either the Class member or the visitor to the Web site. This continuing surveillance of the Class member's provisioning of exe and zip files, coupled with the unique information uniquely identifying each visitor, permits Netscape to create a continuing profile of the Class member's and each visitor's file transfers over time."

The complaint further alleges that this violates Sections 2511 and 2520 of the Electronic Communications Privacy Act (ECPA), 18 U.S.C.A. §§ 2511 and 2520, and Section 1030 of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030.

Section 2511 of the ECPA provides that "any person who -- (a)  intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any . . . electronic communication; ... (d)  intentionally uses, or endeavors to use, the contents of any . . . electronic communication, knowing or having reason to know that the information was obtained through the interception of a[n] . . . electronic communication in violation of this subsection; ... shall be punished ..."

The complaint alleges that when a user downloads and installs SmartDownload it uses cookie technology to monitor downloads, and collect information.

"The first time that an Internet user runs Communicator after installing it, Communicator automatically sends an electronic transmission to Netscape. Netscape responds by sending to and storing on the Internet user's computer a small text file known as a "cookie." ... [then] ... Each time an Internet user downloads any zip or exe file from any site on the Internet using SmartDownload, SmartDownload automatically transmits to defendants the name and Internet location of the file, along with the identification string from the cookie previously set by Netscape. It also transmits an additional identification string identifying which user of that particular computer is performing the download."

The complaint concludes that "Netscape is using SmartDownload to eavesdrop. It is using SmartDownload to intercept and to send to defendants information about a communication to which defendants are not a party."

The complaint seeks monetary damages, which theoretically, could be millions of dollars. The ECPA provides that "the court may assess as damages whichever is the greater of -- (A)  the sum of the actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation; or (B)  statutory damages of whichever is the greater of $100 a day for each day of violation or $10,000."

The complaint does not allege how many members of the class exist. It states that the suit is brought "on behalf of a class consisting of plaintiff and all other United States persons or entities who maintain Web sites on the Internet providing "zip" or "exe" files for download by visitors to the site ..." It continues that "Thousands of U.S. Web sites offer zip and exe files to their visitors, and millions of people have used SmartDownload."

The complaint also seeks an injunction against Netscape and AOL.

The complaint was filed by the law firm of Abbey, Gardy & Squitieri. Joshua Rubin is the counsel of record.