UC Berkley researcher, Ashkan Soltani, published findings that ETag – the technology incorporated into KISSmetrics analytics – tracked users regardless of their privacy settings. The report raised eyebrows and caused a minor panic in online business circles — and now there’s an Etag lawsuit.
What’s Different About ETag Tracking
Online tracking has been around for a long time. What’s changed is how it’s done. ETag technology is a new, powerful Internet tracking alternative. What makes them different than past techniques is their ability to trail people without the use of HTTP cookies.
Moreover, ETags have unique regenerative properties. Info is stored in a user’s browser cache, so even if cookies are deleted, the data can be recreated using ETag information. The ultimate annoyance for privacy stalwarts, the only way to escape the watchful “eye” of an ETag is to clear your cache between each website visit.
The Online Privacy Implications of ETags
Cross-site user identification is possible with ETag technology. When using ETags, user123 is identified in the system as user123, no matter the site. So, a KISSmetric-enabled website could, theoretically, share information about user123 with other KISSmetric-enabled websites. This type of cross-company information exchange is expressly prohibited by Internet standards, which state that two unrelated websites cannot share common identifiers.
That being said, when dealing with technology, the answers aren’t always cut and dry. Moreover, just because a certain technology has certain capabilities doesn’t mean they’re always used.
For example, KISSmetric uses the same URL for all clients; this is to mitigate bandwidth resources and speed-up user performance; as a result, their system returned “the same anonymous identifier” across multiple websites. But, said identifiers were instantly “translated into unique identifiers for each customer.” Moreover, KISSmetric took the extra step of segregating customers’ data into separate databases.
Technologically savvy? Yes. Illegal? No.
The ETag Lawsuit Violations
Suspiciously, the day Ashkan Soltani published his paper was the same day a class action lawsuit against KISSmetrics was filed in California. Scott Kamber – a lawyer who relied on another Soltani paper in 2010 while trying to prosecute sites that used “Flash cookies” – is representing Joseph Garvey and Stacey Tsan, the two consumers claiming injury as a result of KISSmetric’s use of ETag technology.
The lawsuit claims KISSmetric violated the Video Protection Privacy Act in addition to several California online privacy laws. The plaintiffs also claim to have proof that data was shared with third parties. Yet, they refuse to produce said evidence.
Since news hit of the ETag lawsuit, KISSmetric has been an open book and sternly denies the allegations. They’ve also pledged to cooperate with any and all authorities on the matter.
In response to the lawsuit, KISSmetric immediately addressed the issues at hand and worked overtime to remove any processes which could be misinterpreted. They also installed rigorous “do not track” provisions.
Technology is a good thing. Advancements in the field help our economy and overall quality of life. Before filing a tech-related lawsuit, it’s important to thoroughly assess the technology in question. because many times — like in this Etag lawsuit — the claims are wildly far-reaching and only serve to impede progress; not protect the citizenry.