A class action lawsuit has been launched by four LinkedIn users for spamming their contacts and sending unauthorized emails. "For years, people have been complaining about LinkedIn's emails," Larry Russ, an attorney for the plaintiffs said, "This lawsuit is squarely directed at the marketing practices causing the public outrage." The plaintiffs are seeking class-action status, with the hope of defining the plaintiff class as any member registered with LinkedIn prior to May 15, 2013, whose identity was used in endorsement emails.
Unsolicited emails from LinkedIn stating that “Person X has invited you to join their network on LinkedIn” has become particularly frustrating. Now a lawsuit alleges that by following this marketing strategy, LinkedIn is violating laws related to hacking, wire-tapping and false endorsements. When joining LinkedIn, users are asked to give access to their personal email accounts so the company can begin emailing invitations to “link” up to the user’s individual external network. By giving access to the address book, LinkedIn is able to gain access to every address in a personal contacts book. The lawsuit alleges that LinkedIn actually goes further than this, “If a LinkedIn user leaves an external email account open, LinkedIn pretends to be that user and downloads the email addresses contained anywhere in that account to Linkedln’s servers. Linkedln is able to download these addresses without requesting the password for the external email accounts or obtaining users’ consent.”
Because of this strategy, LinkedIn is able to access not only the contacts in the member’s address book, but also every email address from every email sent and received. The complaint alleges that this was part of LinkedIn’s marketing strategy and specifically alleges that hacking into users' email accounts is one of the factors that has driven the massive growth in the professional networking company. The lawsuit has been further fuelled by a LinkedIn profile of a former engineer that boasts that he devised hacking strategies during his employment at LinkedIn. Screenshots of the engineer’s profile can be seen here and here.
Furthermore, LinkedIn's strategy requires users to give LinkedIn consent to access personal email accounts like Gmail, Hotmail, and Yahoo. The system only displays a small fraction of users as people to “invite to connect”. However, behind the scenes LinkedIn is sending thousands of unsolicited emails asking anyone in your address book to connect on users’ behalf. This is leading to numerous complaints from users who are lamenting about how ex-partners, spouses, and former lovers are getting invitations to connect without the user's express permission or knowledge. While personally and professionally embarrassing, there are also legitimate causes for security and personal safety.
As one user points out:
“I’m not the only one being hacked by LinkedIn, but extremely upset at the repercussions. One of the people on my contact list is mentally ill and the last thing I wanted was to invite her to be my connection on LinkedIn.”
Email scraping is a rather ambiguous form of e-mail harvesting. Harvesting is the process of obtaining lists of email addresses using various methods for use in bulk email or other purposes usually grouped as spam. Because LinkedIn users are granting permission to gain access to the address book in the first place, it will be interesting to note whether or not this type of email harvesting will be deemed illegal. Because LinkedIn is using this marketing strategy in this way, it has become one of the fastest growing social media sites in the world - with up to two users a second joining the network. LinkedIn has stated that it does not think the case has any merit.
Even though the person joining LinkedIn has given the social networking site permission to email certain individuals, the site is sending an email and following the initial unsolicited email with two further emails from the person inviting them to connect. This implies, as the lawsuit states, that the invitation comes from the user, and that LinkedIn had been given the endorsement as the networking site of choice to connect through. Because these emails uses names, personal attributes, and photographs, the lawsuit seeks to take advantage of California’s publicity laws which allow people to compensated for the use of their likeness.
LinkedIn disputes the claim that it is breaking the law. "LinkedIn is committed to putting our members first, which includes being transparent about how we protect and utilize our members' data," LinkedIn spokesperson Doug Madey said in a statement. "We believe that the legal claims in this lawsuit are without merit, and we intend to fight it vigorously."
In 2011, the social network for work professionals was sued for $5 million after more than 6 million of its users' passwords were leaked online, before the case was dismissed.
The complaint can be read in its entirety here.