Lenovo Pleads Ignorance in Spyware Privacy Case

     SAN JOSE, Calif. (CN) — Computer manufacturer Lenovo insisted it did not know malware was installed on computers it sold to consumers, and that no one was harmed by the presence of the malicious software during a hearing in federal court Friday.
     Daniel Stephenson, attorney for Lenovo, asked U.S. District Court Judge Ronald Whyte to refrain from certifying a class in the case, arguing none of the four people who bought Lenovo computers infected with faulty software was harmed and therefore lack sufficient reason to sue.
     “What we have here, your honor, are witnesses who are talking about a theoretical vulnerability that was never exploited,” Stephenson said. “This is a big class action with a lot of damages for people who were not injured.”
     The plaintiffs, represented by attorney Andrew Mura, rebutted the argument by saying they were injured at the point of sale — by purchasing defective equipment with preinstalled malware they didn’t know about, which reduced the value of their laptops.
     “The plaintiffs testified that it was important for them to know whether the computers were installed with malware,” Mura said.
     Their second rebuttal focused on what they construe as an actual injury, namely the malware called Superfish, which allows Lenovo to see interactions between the user and a website like Amazon in order to target ads.
     “They wanted this information so they could demonstrate ads to clients and to make profit,” Mura said. “It’s a money-making scheme.”
     Stephenson argued that Lenovo was unaware the software had these capabilities at the time it went to market and that as soon as it became aware, Lenovo addressed the issue by removing the offending software.
     Furthermore, despite Superfish using search data and browsing history to target ads, no private information such as emails, credit cards or dates of birth were disclosed by the software.
     “If information is collected that cannot be attached to a particular person, is that a privacy violation?” Stephenson asked the judge.
     Whyte, whose courtroom demeanor is taciturn compared to other judges in the Northern District, did not indicate whether he was willing to certify a class.
     But in other cases, including a recently dismissed case against Facebook and another against Google, judges refuse class certification due to a number of factors that complicate the commonality question.
     In this case, however, all of the plaintiffs are working with the same computer — a point absent in the privacy cases against Facebook and Google.
     Mura further said a class action is necessary because trying the cases individually is burdensome, particularly when accounting for the expense of hiring experts to parse the technical information associated with the claims.
     Whyte took the matter under submission and is expected to issue a decision in the coming months.

%d bloggers like this: