Lawsuit filed over app privacy invasion

While mobile app users like sharing private information with family and friends, it’s not necessarily something they want or intend to share with strangers, corporations or those seeking to profit from the information gained.

On Monday, a group of 13 citizens, working with three Austin attorneys, filed a 152-page class action lawsuit in U.S. District Court against powerhouse companies in the mobile world. The lawsuit alleges technology and social networking companies “surreptitiously harvest, upload and illegally steal the owners’ address book data without the owners’ knowledge or consent.”

“And we wanted to let people know that this is not right, it shouldn’t be tolerated. And on behalf of the citizens of Texas and the country, we’re going to try and put a stop to it,” said attorney Jeff Edwards. “A second grader knows that you’re not supposed to take things that aren’t yours, and so should a tech company.”

The group seeks a trial by jury.

Attorneys of record in the case are Jeff Edwards, Carl F. Schwenker and Dirk Jordan.

The list of defendants named in the suit includes:

+ Path, Inc.
+ Twitter, Inc.
+ Apple, Inc.
+ Facebook, Inc.
+ Beluga, Inc.
+ Yelp! Inc.
+ Burn, Inc.
+ Instagram, Inc.
+ Foursquare Labs, Inc.
+ Gowalla Incorporated
+ Foodspotting, Inc.
+ Hispter, Inc.
+ LinkedIn Corporation,
+ Rovio MobileOy,
+ ZeptoLab UK Limited aka ZeptoLab
+ Chillingo Ltd.,
+ Electron Arts Inc.
+ Kik Interactive, Inc.

The timing and placement of the lawsuit cannot be overlooked, given the start this past weekend of the internationally known South By Southwest Conference, where startup companies each year look to make a name for themselves during interactive events with the introduction of new mobile apps. One of the biggest mobile app companies ever to launch at SXSW is Twitter.

The premise of the lawsuit is that companies are taking things that don’t belong to them, and that such companies are knowingly involved in acts of invasions of privacy.

The plaintiffs seek damages, attorneys’ fees and litigation costs because of violations of:

Texas Penal Code 16.02, which addresses intentional interception, disclosure or use of wire or electronic communication
Texas Penal Code 31.30, which addresses consolidated theft offenses
Texas Penal Code 33.02, which addresses breach of computer security
common law misappropriation
civil liability under the Texas Wiretapping Act for intentional interception, disclosure or use of wire or electronic communications
violation of U.S. racketeering influence and corrupt organizations acts
and more, including transportation of stolen property
“Literally billions of contacts from the address books of tens of millions of unsuspecting wireless mobile device owners have now been accessed and stolen … ” which has “…turned the address book owners’ wireless mobile devices into mobile radio beacons broadcasting and publicly exposing the unsuspecting device owner’s address book data to the world.”

The plaintiffs in the case are listed as: Marc Opperman, Rachelle King, Claire Moses, Gentry Hoffman, Steve Dean, Alicia Medlock, Alan Beueshasen, Scott Medlock, Greg Varner, Judy Long, Guili Biondi, Jason Green and Nirali Mandaywala, on behalf of themselves and all others similarly situated.

The lawsuit refers to the stance of Apple, Inc., founder and CEO Steve Jobs’ (now deceased), who directed the company to have a moral responsibility, and “to provide device owners ‘freedom from programs that steal your private data [and] freedom from programs that trash your battery'” — such communication written in an email in May 2010 to Valleywag website editor Ryan Tate. The information was published in the book by Walter Isaacson, “Steve Jobs,” according to the lawsuit.

While Apple’s policies prohibit use of “any robot, spider, site search or other retrieval application or device to scrape” or gather personal information, according to the lawsuit, it states that Apple repeatedly permits and facilitates distribution of forbidden information via apps approved for use on its devices.

The Google Android market, devices and apps are also reviewed in the class action lawsuit paperwork. In particular, it includes Google’s “Android Market Distribution Agreement,” which in part states, “You agree that if you use the Market to distribute Products, you will protect the privacy and legal rights of users … and you must provide legally adequate privacy notice and protection for those users … your Product may only use that information for the limited purposes for which the user has given you permission to do so.”

The lawsuit also specifically addresses actions of the Path app, in having stolen its users’ address book data, prompted the issuance of a statement of apology published on Feb. 8 by Path’s founder and CEO Doug Morin on the company’s website, which says the company “made a mistake” in the way it handled users’ personal information.

The lawsuit addresses similar concerns for all other defendants named.

In addition to damages, the relief sought by the plaintiffs includes immediate, temporary, preliminary and permanent prohibition of the distribution or operation of apps that have coding or functionalities that cause the unencrypted uploading of address book data before an owner grants explicit permission to do so, as well as unauthorized use of such data.

The lawsuit also asks that the defendants submit to periodic audits in regard to privacy issues.