Linkedin sued by users claiming email abuse

A group of Linkedin users have claimed that the business social network company has used their email accounts to inappropriately collect email addresses of contacts and to send out email messages without their consent or knowledge. They have filed a lawsuit as a class action, and with their lawyers are inviting other Linkedin users who may have experienced the same alleged email abuses to join them in the suit.

Linkedin’s senior director of litigation, Blake Lawit, responded at the company blog in a post entitled Setting the Record Straight on False Accusations:

As you may have read recently, a class action lawsuit was filed against Linkedin last week. The lawsuit alleges that we “break into” the email accounts of our members who choose to upload their email address books to LinkedIn. Quite simply, this is not true, and with so much misinformation out there, we wanted to clear up a few things for our members.

  • We do not access your email account without your permission. Claims that we “hack” or “break into” members’ accounts are false.
  • We never deceive you by “pretending to be you” in order to access your email account.
  • We never send messages or invitations to join Linkedin on your behalf to anyone unless you have given us permission to do so.

We do give you the choice to share your email contacts, so you can connect on LinkedIn with other professionals that you know and trust. We will continue to do everything we can to make our communications about how to do this as clear as possible.

This response may turn out to be an attempt to hide behind the very general agreement by Linkedin users to allow Linkedin to undertake various activities on their behalf. But it seems that some of the specifics of what the tech is doing are being glossed over in this very lawyerly post.

Here’s a few of the more technical issues, as reported in the lawsuit:

When users sign up for LinkedIn they are required to provide an external email address as their username and to setup a new password for their Linkedin account. LinkedIn uses this information to hack into the user’s external email account and extract email addresses. If a LinkedIn user leaves an external email account open, LinkedIn pretends to be that user and downloads the email addresses contained anywhere in that account to Linkedin’s servers. Linkedin is able to download these addresses without requesting the password for the external email accounts or obtaining users’ consent.

As a part of its effort to acquire new users, Linkedln sends multiple emails endorsing its products, services, and brand to potential new users. In an effort to optimize the efficiency ofthis marketing strategy, Linkedln sends these “endorsement emails” to the list of email addresses obtained without its existing users’ express consent and, to further enhance the effectiveness of this particular marketing campaign, these endorsement emails contain the name and likeness of those existing users from whom Linkedln surreptitiously obtained the list of email addresses.

These “endorsement emails” are sent to email addresses taken from Linkedln users’ external email accounts including the addresses of former spouses, clients, opposing counsel, etc. Linkedln reassures its users “[w]e will not email anyone without your permission.” (Linkedln Login Step 2, Yet, Linkedln, without consent, downloads and indefinitely stores email addresses gathered from its members’ third-party email accounts.

Not only does Linkedln send an initial email to the email addresses obtained from a user’s external email account, but Linkedln sends two additional emails to those email addresses when those users do not sign up for a LinkedIn account. Each of these reminder emails contains the Linkedln member’s name and likeness so as to appear that the Linkedln member is endorsing Linkedln. These reminder emails are sent to the email addresses obtained from the member’s external email account without notice or consent from the Linkedln member.

One apparent snag for Linkedin is the fact that users have to opt-out to stop the default mailing behavior of Linkedin, or otherwise it will send “endorsement” emails to as many of the user’s contacts as it has slurped up. Some users have claimed that emails have been sent when they ‘skip’ certain steps, which conceals the need to opt out.

The suit also mentions that a former engineer for Linkedin, Brian Guan described his work on Linkedin as “devising hack schemes to make lots of $$$ with Java, Groovy and cunning at Team Money!” Java is a programming language and Groovy is a synonym for it.

My bet is that Linkedin will come out with a more detailed and thoughtful response to the technical issues of the claims, but that might take place in a courtroom and not in the public eye.