NebuAd, ISPs sued over DPI snooping, ad-targeting program

A group of Internet users has sued NebuAd, the company behind the highly-controversial behavioral-targeting ad platform, in the US District Court of Northern California. The lawsuit accuses NebuAd, Bresnan Communications, Cable One, CenturyTel, Embarq, Knology, and WOW! of all being involved in the interception, copying, transmission, collection, storage, usage, and altering of private data from users. NebuAd "exploits normal browser platform security behaviors by forging IP packets, allowing their own JavaScript code to be written into source code trusted by the web browser," reads the complaint. "NebuAd and ISPs together cooperate in this attack against the intentions of the consumers, the designers of their software, and the owners of the servers they visit." All of the involved parties are alleged to have violated the Electronic Communications Privacy Act of 1986, California's Computer Crime Law, the federal Computer Fraud and Abuse Act, and the California Invasion of Privacy Act. Several of the ISPs are accused of aiding and abetting violations of the above laws and are even accused of civil conspiracy. All defendants are being charged with unjust enrichment for benefiting from the communications they intercepted. The lawsuit asks for injunctive relief prohibiting NebuAd and the ISPs from engaging in deep packet inspection and requiring them to "disgorge all of their ill-gotten gains" to the class. The suit also asks that the defendants delete all of their collected data and offer a way for class members to permanently opt out of any future data collection activities.