[or: “aren’t there some words you could add to the terms and conditions to make this sh*t legal?“] The latest ruling in Mortensen v. BRESNAN COMMUNICATION, LLC, Dist. Court, D. Montana 2010 is interesting in all so many cases (you can read a full summary of the case and a short review at Eric Goldman’s blog). To sum up, a class action lawsuit was filed against an internet service provider who operated a service that examined its users’ traffic, injected a cookie inside their computer and according to their browsing habits offered them advertisements. (the service, NebuAd,was discontinued in the meantime); In court, the ISP raised a claim that its users are subject to an agreement that allowed it to inspect their traffic, and therefore the Electronic Communication Privacy Act claim (ECPA) should be denied. The court accepted most of the ISP’s claims and ruled that apart from the question of whether injecting the cookie was consensual, the remainder of the lawsuit should be denied.
Unfortunately, the court addresses the consents granted in the agreement in an exaggerated manner and leans on the agreement not being an agreement of adhesion or unconscionable (and in comparison, see Harris v. Blockbuster Inc., 622 F. Supp. 2d 396 – Dist. Court, ND Texas 2009); However, the substantial question is whether this agreement is the only instance that sums up the relations between the parties? In general, most non-lawyers tend to think that an agreement between A and B could influence the question of whether B’s actions against C are legal or not. This misunderstanding is somewhat popular with internet entrepreneurs who perform problematic actions legally, and would rather create agreements to protect them that to shape their privacy policy in some ethical manner (see, for example, the District court ruling in RPA 2542/03 Suissa v. Bar Haim).
However, the problematic question is about NebuAd’s infringement of other website holders’ right who the ISP’s users browse to (and see, in comparison, the question of this in regards to advertisement blocking): NebuAd utilizes information who is, prima facia, the property of other websites: the identity of their users, and commits (even in a minor way) amendments to their source code; similar activities are performed by companies such as Phorm, where users’ browsing habits are analyzed; allegedly, when a user browses website A, it receives a derivative work which was created by the NebuAd servers, which harms the work’s integrity and infringe the author’s copyright and enriches NebuAd unjustly; This proposition is required to understand the problems facing the ISP; unlike a toolbar, which is installed by the users with active consent, for personal and private use, this is an application that a part of infringes the reputation and tools of others.
For example, when Bezeq International, one if Israel’s major ISPs, launched a service that hijacked some of its users’ traffic for promotional uses the end users’ consent (or lack of) could not affect the rights of 3rd parties (innocent 3rd parties who preferred that Bezeq International would not block their and their freedom of speech and expression would not be harmed by it. Thus, in this case, the question is not whether the users were harmed by the placement of a cookie in their computer and whether they consented that their traffic would be intercepted, but whether an ISP may even provide such service that manipulates packets (consensually or without consent).
This is, in my humble opinion, the original err of the court; the court should have consider unconscionably according to the public interest (and, the freedom of the internet); according to the Israeli caselaw, the court has inherent powers to preempt agreements, even if the parties still agree on, when these agreements go against the public interest (See, for example, CA 6601/96Â AES System Inc. v. Saar). In Saar, the court ruled that:
“We are facing the invalidity of a contractual stipulation due to the public policy. We found that the perspective is the of the people’; therefore, “the legitimacy of the parties’ interests is determined from the perspective of the public interest. Moreover, the different human rights – such as the freedom of contracts, freedom of employment, right to property and other human rights – express both a private and a public interest. Indeed, we should not separate between legitimate interests of the parties (excluding banal interests) and the public interest.. We are interested in the public interest, which accepts all the relevant information, including the parties’ legitimate interests“.
Meaning, not only should we consider the interests of the ISP and the user, but the entire public, including the relationship between NebuAd and parties who are not a part of this agreement. In such case, the court should inspect what constitutes as reasonable policies. I want to believe that the final decision will come to a different arrangement, as currently it is quite problematic.
[Originally posted in Hebrew here][Administrative Comment: If you registered for e-mail updates from my Hebrew blog and keep getting this by mistake, please take a moment to re-register, as my Hebrew readers registered to this mailing list by mistake]