Shame on you Straight Dope. I always enjoyed your website but, according to this CNET article (look at list of websites in image Rank#9616) , it looks like the Straight Dope website has been sniffing the browser history of its readers which is a direct violation of the U.S. Computer Fraud and Abuse Act. Other websites have been sued for this and at least one website has had a class action lawsuit against them!
Looking at the document on your link, SD is being accused of inspecting URLs related to “cars” and “Edmunds”. A number of the other listed sites are supposedly inspecting the exact same thing. The nature of the URLs plus the fact that more than one site is doing the exact same thing leads me to believe that it is some advertiser’s code doing the sniffing.
It also has not yet been proven that it is a direct violation of the act. The lawsuit, if it goes to trial, will determine that. Looking at the results, I wouldn’t be surprised to find that it is linked to advertising. Actually, I would be very surprised to find out that it is not linked to some advertiser.
Turns out one of our ad providers (Interclick, not Rubicon) was running some damfool research project they didn’t tell anybody about. Long story - actually, about 30 column inches in today’s Wall Street Journal. They’re apologetic, say they’ve hired internal and external privacy consultants to review their practices, and assure us this won’t happen again. Always fricking something.
The allegation in the lawsuit mentioned in the article linked to in the OP cites the Computer Fraud and Abuse Act. The CFAA is a federal statute making it illegal to access computers at banks and federal agencies without authorization. It doesn’t cover computers owned by ordinary citizens. While I was none too happy about Interclick’s little experiment, I see no basis for believing it violated the CFAA - the lawyers no doubt threw it in to make their case sound more impressive to journalists. I don’t know what California state law says.
What happens if someone at a bank or federal agency accesses a website that is doing this kind of sniffing?
IANAL but it seems to me that unless the “sniffer” can somehow determine that the potential “sniffy” is or is not located at a bank or federal agency and act accordingly then they probably shouldn’t be doing the sniffing, right?
Not that the Dope is to blame in any of this. Like I assumed from the start, this is an advertiser issue.
That’s the first group listed under “Protected Computers” on the Wikipedia link, but if you look at the second bulletpoint, you’ll see:
I’m not a lawyer, but “used in interstate commerce” is generally a pretty broad category. My computer gets used in interstate commerce every time I order something off of Amazon, and I wouldn’t be surprised if the courts took an even broader view than that.
Look, I’m not defending the practice. We beefed and they said they wouldn’t do it any more. Likewise, if the jamokes who filed this lawsuit can persuade a judge they deserve compensation because they got sniffed while visiting a porn site, more power to 'em.