RealNetworks Breached Privacy, 3 Suits Contend

Turning for the first time to the courts to punish an Internet company for privacy breaches, consumers across the country have filed three class-action lawsuits--including two submitted Wednesday--against online audio and video software giant RealNetworks Inc.

The suits accuse Seattle-based RealNetworks of violating an array of privacy and fraud laws in the wake of the company’s admission last week that it surreptitiously used its software to record data, including music preferences, from millions of Internet users.

Amid a fierce backlash, the company issued a software patch last week that it claims will prevent further data collection. But now consumers are seeking legal damages against the company, the first time an online privacy breach has triggered such legal strikes.

Legal experts said prospects for the suits are unclear because they hinge on laws not specifically designed for Internet privacy violations. But if the suits succeed, they could create a powerful weapon for Internet users in their ongoing tug-of-war with companies bent on stockpiling consumer information.

“These cases are an indication that consumers are going to get more aggressive about privacy on the Internet,” said David Sobel, general counsel for the Electronic Privacy Information Center, a Washington-based advocacy group. “I think we’re going to see a lot of lawsuits pursuing creative legal theories.”

The suits filed Wednesday against RealNetworks were submitted in federal courts in Philadelphia and Chicago. Both allege that the company violated an assortment of federal laws, including computer fraud statutes and common-law privacy protections.

The suits follow a class action filed in Orange County Superior Court in Santa Ana last week that seeks up to $500 million in damages, or about $500 per RealNetworks user in California. That suit accuses RealNetworks only of violating California privacy laws.

Founded by Rob Glaser, a former top Microsoft Corp. executive, RealNetworks is best known as the maker of such music and video “streaming” software as RealPlayer and RealJukebox. Company executives did not return two phone calls to the company’s public relations office Wednesday afternoon.

If the lawsuits succeed, RealNetworks could be forced to pay millions of dollars in damages, mainly because so many consumers are potential victims of the privacy breach. But the cases hinge on several untested legal arguments.

The Philadelphia suit, for instance, accuses the company of violating the Computer Fraud Act, a statute enacted in the late 1980s mainly to target hackers who steal data by sneaking into corporate networks.

Jonathan Shub, a Philadelphia attorney who filed that suit, said RealNetworks’ actions are comparable to hacking because the company’s music software secretly extracted information from users’ computers, including the number of songs stored on the hard drive and the type of portable music player, if any, that is attached to the computer.

The practice wasn’t disclosed in the company’s privacy policy on its Web site, and the data it collected could be combined with names, addresses and other personal information that consumers were required to reveal when registering to use the software.

Gathering data without users’ consent, Shub said, “is intrusion into someone else’s computer in an unlawful manner.” Sobel and other legal experts say Congress probably didn’t have companies such as RealNetworks in mind when that legislation was drafted, but the legal strategy may work anyway.

“For the average user, this is every bit as invasive as a hacker breaking into a computer,” Sobel said.

Shub said he will seek to determine whether RealNetworks profited from its data collection, which could provide a target number for monetary damages. The suit also seeks refunds for consumers who paid for RealNetworks programs. The action was filed on behalf of three people, one in Colorado, another in Kansas and a third in Pennsylvania.

The suit filed in Chicago makes similar accusations against the firm and was filed on behalf of two Illinois residents, Robert Jackson and Michael Lieschke, both of whom could not be reached for comment.

The three class-action suits may reflect growing consumer dissatisfaction with existing privacy protections, which mainly consist of self-regulatory measures by Internet companies and civil suits filed by the Federal Trade Commission.

But the suits may also reflect other motives, some legal experts said. What the three cases tell us, said Joseph Grundfest, a professor of law and business at Stanford University, “is that there are at least three lawyers who think they can make money off these cases.”

That seems uncertain at best, he said, because it will be tricky to show financial harm to any of the victims. “A loss of a sense of privacy is something that’s hard to monetize,” said Grundfest, a former commissioner of the Securities and Exchange Commission.