Published in Bloomberg Law Reports, March 7, 2011
What Is History Sniffing, and How Does It Work?
Similar activity is alleged to have occurred in Interclick and McDonald’s, the two separate New York actions filed by plaintiff Sonal Bose. In Interclick, the defendant (a web advertising service) allegedly embedded its hidden links in the code it used to display advertisements to consumers on the web.13 Once the history sniffing code examined the colors of the hidden links, it transmitted the results to the defendant’s servers.14 In the McDonald’s case, Bose alleges that the defendants engaged Interclick to conduct their web advertising campaigns and, as part of those services, to perform history sniffing.15
How Can History Sniffing Be Detected by Potential Plaintiffs?
The answer to this question is not entirely clear. According to the report from UCSD, there are no publicly available tools for detecting history sniffing.21 Moreover, it appears as if the plaintiffs in Pitner, Interclick, and McDonald’s did not use any special tools, but rather were “tipped off” by the UCSD report. In Interclick, for example, the plaintiff alleges that the UCSD study provides independent confirmation of Interclick’s use of history sniffing technology.22 She also alleges that, after examining the contents of her local storage associated with Adobe Flash on her computer, she discovered an LSO that had been stored by Interclick.23 Based on this discovery, coupled with the fact that Interclick is an advertising service and was identified in the UCSD report as furnishing history sniffing code, the plaintiff alleges that she “believes” that Interclick accessed her browsing history.24 This same plaintiff makes similar allegations in McDonald’s.
The Legal History of History Sniffing
As discussed above, although history sniffing is nothing new in the computer world, it is a relative newcomer on the legal scene. The Pitner, Interclick, and McDonald’s cases are the first three in what may or may not be a long line, and these cases are just getting started. There is no meaningful activity on record in either Pitner or Interclick, and in McDonald’s the parties recently stipulated to extend the deadline for defendants to “answer, move, or otherwise respond” to the complaint until March 7, 2011.25 It is reasonable to expect that the defendants in all three cases will seek to dismiss them at their earliest opportunity.
History sniffing has not only grabbed the attention of the judicial system in recent months, it is now on the Federal Trade Commission’s radar screen. The Director of the FTC Bureau of Consumer Protection, David C. Vladeck, discussed history sniffing in early December in remarks made at meetings of various privacy organizations.26 Mr. Vladeck discussed the UCSD study and reported that FTC staff have met with web browser vendors regarding the development and implementation of fixes for the history sniffing problem.27
The Merits of History Sniffing Claims
The outcomes in the three current lawsuits on history sniffing will obviously serve as a litmus test for what is to come. If these cases all fall flat, that could spell a quick end to history sniffing litigation. On the other hand, if any of these cases are successful, then arguably any web user could have a case, either now or down the road.
The three current lawsuits present a number of potential theories of liability related to history sniffing. All of the suits include claims for violation of the federal Computer Fraud and Abuse Act, violation of the applicable state deceptive acts and practices statutes (i.e., “consumer fraud” statutes), and unjust enrichment.28 The case pending in California also includes claims for violation of the state computer crime and unfair competition statutes.29 The two cases pending in New York also include claims for violation of the Electronic Communications Privacy Act, trespass to personal property, breach of implied contract, and (in one of the cases) tortious interference with contract.30
The question is, out of all these causes of action, will any of them hold up under close scrutiny? Notwithstanding the difficulty of meeting the elements of these claims that address the defendants’ actions, the issue of damages could be particularly troublesome for the plaintiffs. For one, it could be difficult to place a value on a “violation of privacy” – especially when dealing with something as “public” as the Internet, where users already know that “cookies” are a fact of life – or impairment of the “integrity” of a computer or data. Additionally, these lawsuits allege that the plaintiffs’ browser histories contain confidential personal information that has discernable value to them, and that the defendants have taken this information away from the plaintiffs, thereby compromising the plaintiffs’ ability to sell such information themselves. Will a jury ever buy that argument? Does a market exist for individual web users to sell their browser histories?
Finally, from a policy perspective, Internet advertisers will point out that “history sniffing” is merely another form of finding out what products and services computer users (i.e., consumers) are specifically interested in, so that the advertisers may transmit “targeted” advertising to the users, rather than barrage them with random advertisements. They will further point out that Internet advertising is part of what keeps most websites free, and that if Internet advertisers cannot engage in targeted advertising, websites may no longer be free.
First, there were “cookies.” Now, there is “history sniffing.” Even if history sniffing is outlawed or abandoned, people will continue to browse the web, and Internet advertising will continue. So it is fair to assume that Internet advertisers will continue to develop new methods for tracking users’ web-browsing activities.
Walter E. Judge, Jr., is a director and Matthew S. Borick is a senior associate with Downs Rachlin Martin PLLC in Burlington, Vermont. Both are members of the firm’s Litigation and Intellectual Property Practice Groups and have litigated numerous cases involving intellectual property, computer crime, and consumer fraud. Both are active members of DRI and DRI’s Commercial Litigation Committee.
©2011 Bloomberg Finance L.P. Originally published by Bloomberg Finance L.P. Reprinted with permission. The opinions expressed are those of the author.
1Pitner v. Midstream Media Int’l, N.V., No. 8:10-cv-01850 (C.D. Cal. filed Dec. 6, 2010).
2Complaint at 4-5, Pitner v. Midstream Media Int’l, N.V., (C.D. Cal. filed Dec. 6, 2010) (No. 8:10-cv-01850).
3Bose v. Interclick, Inc., No. 1:10-cv-09183 (S.D.N.Y. filed Dec. 8, 2010); Bose v. McDonald’s Corp., No.1:10-cv-09183 (S.D.N.Y. filed Dec. 8, 2010).
5Id. at 1, 9.
6Justin Brookman, All Your Browsing History Are Belong to Us [sic],
8Complaint at 6-7, Pitner v. Midstream Media Int’l, N.V., (C.D. Cal. filed Dec. 6, 2010) (No. 8:10-cv-01850).
10Id. at 7.
11Id. at 7-8.
13Complaint at 6, Bose v. Interclick, Inc., (S.D.N.Y. filed Dec. 8, 2010) (No. 1:10-cv-09183).
14Id. at 7. The plaintiff also alleged that the defendant stored Adobe Flash LSOs (local shared objects), or “Flash cookies,” on her computer to track and profile her web use. Id. at 3-6. LSOs are used to recreate browser cookies that the user has deleted. Id. at 5.
15Complaint at 4, 8, Bose v. McDonald’s Corp., (S.D.N.Y. filed Dec. 8, 2010) (No. 1:10-cv-09183).
17Id. at 2.
18Id. at 9.
20Id. at 1.
21Id. at 13. The authors of that study designed and employed a sophisticated policy language, which is described in the report, to detect history sniffing. Id. at 1-6.
22Complaint at 7, Bose v. Interclick, Inc., (S.D.N.Y. filed Dec. 8, 2010) (No. 1:10-cv-09183).
23Id. at 8.
25Stipulation and Order at 1, Bose v. McDonald’s Corp., (S.D.N.Y. filed Jan. 26, 2011) (No. 1:10-cv-09183).
26David C. Vladeck, Director, Fed. Trade Comm’n Bureau of Cons. Prot., Remarks at the Meeting of the International Association of Privacy Professionals (Dec. 7, 2010) (transcript available at
David C. Vladeck, Director, Fed. Trade Comm’n Bureau of Cons. Prot., Remarks at the Consumer Watchdog Conference (Dec. 1, 2010) (transcript available at
28Complaint at 12-19, Pitner v. Midstream Media Int’l, N.V., (C.D. Cal. filed Dec. 6, 2010) (No. 8:10-cv-01850); Complaint at 14-23, Bose v. Interclick, Inc., (S.D.N.Y. filed Dec. 8, 2010) (No. 1:10-cv-09183); Complaint at 13-24, Bose v. McDonald’s Corp., (S.D.N.Y. filed Dec. 8, 2010) (No. 1:10-cv-09183).
29Complaint at 13-16, 18, Pitner v. Midstream Media Int’l, N.V., (C.D. Cal. filed Dec. 6, 2010) (No. 8:10-cv-01850).
30Complaint at 16-19, 20-23, Bose v. Interclick, Inc., (S.D.N.Y. filed Dec. 8, 2010) (No. 1:10-cv-09183); Complaint at 15-18, 19-23, Bose v. McDonald’s Corp., (S.D.N.Y. filed Dec. 8, 2010) (No. 1:10-cv-09183).