A federal court in New York has dismissed a case in which the plaintiff claimed that a third-party advertiser had violated the Computer Fraud and Abuse Act (CFAA) by sniffing her browser history and using flash cookies, ruling that the plaintiff didn’t prove that the actions were harmful enough.
While these activities may have, as the plaintiff Sonal Bose claims, “impaired the functioning and diminished the value of [her] computer in a general fashion,” the suit was eventually struck down by the United States District Court for the Southern District of New York because Bose failed to quantify the cost of any repairs or investigations into the alleged damages to her computer.
Flash cookies, also known as local shared objects, are a type persistent cookie created by Adobe Flash programs. The use of Flash cookies has become a controversial practice in some cases, because until recently users were unable to delete them in the same way that they could erase normal Web cookies. However, recent versions of Firefox, Chrome and Internet Explorer have given users the ability to kill Flash cookies from the browser. The allegation in Bose’s suit is that after deleting her browser cookies, Interclick was able to “respawn” them using Flash cookies.
The class-action suit, initially filed by Bose, was brought against Interclick, a third-party advertiser, McDonald’s, Mazda, CBS, and Microsoft. Bose claims that Interclick and the other co-defendants invaded her privacy, misappropriated her personal information and interfered with the operation of her computer.
Specifically, Bose claimed to have suffered losses on three fronts: damage due to impairment of computer and computer-related services and resources, loss due to Interclick’s collection of personal information, and loss due to an interruption of Internet services.
According to the court’s ruling, the CFAA is a criminal statute. However, within that statute is a civil enforcement provision which states that “any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief.”
The relevant caveat in this case is that the aggregated losses must exceed $5,000. Among the court’s reasons for dismissing the case was that Bose failed to quantify any damages that Interclick may have caused to her “computer, systems or data that could require economic remedy.”
The court’s decision was handed down amid controversies surrounding Microsoft’s use and subsequent termination of supercookies use on MSN.