aNewDomain — Avid Life’s adultery site Ashley Madison now is the focus of a growing number of class action lawsuits in several U.S. states and Canada. Here’s my legal analysis.
On the heels of an enormous and wide-ranging $578 million USD class action lawsuit filed against the Canadian firm in Toronto, there now are meaty class action suits that challenge the adultery site in California, Missouri and Texas, with many more states likely to follow. (Read the full text of these U.S. complaints here.)
The scandal began after hackers contacted Avid Life CEO Noel Biderman (pictured at right with models) and other execs with an ultimatum: Close down the Ashley Madison site or see Ashley Madison customer data leaked out in bulk. The hacker group called itself the Impact Team.
Execs called the bluff. And the hack began, with the leaking of upwards of 24GB of sensitive customer data and confidential company emails in two separate dumps.
The leaks included emails from Avid Life owners and management, but also a list of some 32 million alleged customers names, email addresses, sexual preferences, credit card data, intimate details and more.
The FBI is now investigating the so-called Impact Team, trying to discover who they are and how many people there are. No one knows, though cybersecurity pundit John McAfee has his theories, which you can read here.
In a statement, the Impact Team alleged that Avid Life is guilty of deceit, incompetence and, even, of human trafficking. In this interview with Motherboard, they claimed that getting in to the servers and finding the data was child’s play. And they claimed that, in effect, there was “nobody … watching.”
But the hackers are no longer the issue. Whoever they are, they aren’t even named in these six class actions.
The real issue is whether Ashley Madison breached the trust of its clientele, either by not keeping sensitive data secure enough or by failing to completely wipe it when customers paid $19 to have that done.
And the legal flood gates open …
The first class action suit to hit Avid Life (dba Ashley Madison) came out of Canada, where the firm is based. It is a doozy. Charney Lawyers and Sutts, Strosberg LLP, filed the nine-figure national class action lawsuit against Avid Life entities, mainly for the involuntary disclosure of their clients’ personal information.
The Canadian suit now is projected to include upwards of 250,000 Canadians.
Ottawa resident and widower Eliot Shore, who is disabled, is the client serving as the putative class representative in the Canadian case, which is the one everyone will be watching closely because of its depth and breadth. That means Shore is the named, real-life person who will represent the Canadian “John Does” named in that suit.
In the suit, Shore claims that he wasn’t on Ashley Madison to have an affair with married women or otherwise committed people. Rather, he claims that he only enrolled on the site to find simple companionship after his wife’s death due to cancer. Further, he claims that he never had any meetings with the women on the site, and that he never cheated on his spouse during marriage.
His comments and those of other people named in the hacker dumps of the 32M-plus names now raise questions about whether all of the names represent real customers at all.
Some might come from fictional profiles or from real names nabbed from mailing lists. In The Washington Post, a former Ashley Madison contractor and online dating consultant said this:
Ashley Madison has paid people to write profiles, and they’ve allowed fake profiles to proliferate on their site,” said David Evans, an industry consultant who has contracted with Ashley Madison in the past and has tracked the business of online dating since 2002. “Tons of sites are guilty of that. That’s not news.”
The hacked information includes message history, home addresses, emails and, most damaging, their personal names. The data was dumped on the Internet earlier this month and made viewable to the public. Many former users of the site were outraged at the “rip-off” — referring to the additional fee they paid to remove their information. The data remained and was ultimately exposed.
Newswire reported:
Numerous former users of AshleyMadison.com have approached the law firms to inquire about their privacy rights under Canadian law. They are outraged that AshleyMadison.com failed to protect its users’ information. In many cases, the users paid an additional fee for the website to remove all of their user data, only to discover that the information was left intact and exposed.”
Given the portending avalanche of national class actions in the U.S., Forbes has listed Avid Life’s financial sheets with $115 million in sales and $55 million in profits in 2014.
Due to the early stages of the Canadian lawsuit, it has yet to be certified by the court.
That will involve a thorough, detailed legal analysis of the issue of fact — that each of the class members were similarly-situated as the plaintiff Shore in the factual context of the company’s failure to protect their anonymity and safeguard their secrets from foreseeable unauthorized and illegal infiltration.
The only difference between plaintiff Shore and the class members may be the quantum of damages resulting from:
- The individual personal embarrassment, humiliation and possible devastation of resulting divorces with or without children.
- The economic consequences to professional reputations locked and bound by contractual morals clauses, such as actors or athletes.
In the end, if the class is certified by the courts, then the matter of figuring out how much money should be paid out will be around punishing Avid Life, as opposed to rewarding funds to aggrieved Canadians who feel stung by the site’s privacy policies and trust issues. That’s cold, but it’s how it is.
The lawyers, as usual, will make the most money in the end. That means the lawyers not just behind the various class actions in Canada and around the U.S., but also Avid Life lawyers. One document — readable here — reveals who those lucky Avid Life lawyers will likely be. The firm is K.L. & Gates. The “Gates” in that name? It is none other that Microsoft founder Bill Gates’ father, William H. Gates, a partner in the firm.
Ashley Madison class action suits now in California, Missouri, Texas.
Following the first release of the massive hack, Avid Life released a prophylactic statement announcing that, yes, the Ashley Madison site had been hacked and, because the hack was out there in the open, customers should go to ” … ashley.cynic.al to see if you’ve been compromised … since our site is down.”
In subsequent defensive publicity, Ashley Madison and its parent companies issued statements claiming that membership does not mean any of its clientele actually engaged in extramarital affairs. That’s what Shore is claiming in the Canadian class action suit, and many other alleged customers who’ve shown up among the 32 million names leaked tell the same story. This may be key to how these cases unfold, as I’ll explain below.
The fact is that it really is near impossible to look at any name on the list and know that, definitely, the person with that name was an actual customer. It means actionable damages cannot be proved by membership. It also means, as I discuss below, that alleged customers who actually did not engage in adultery or homosexuality via the site could end up facing criminal accusations in the some 70 countries worldwide that consider either to be a criminal offense, or the seven that consider homosexuality to be a crime punishable by death.
That is one of the many reasons why this is such an emotional and emotionally sensitive case, and why the suing and the defense of this case are just so complicated. Read the California, Texas and Missouri complaints in full here.
That’s why all eyes will be watching the big Canadian class action here in the U.S.
So far, Ashley Madison has stated that the cyber attack was an illegal act, and the company may not have been able to withstand the hack under any circumstances. Portraying itself as a victim is likely a defensive stance it will take. What choice does it have?
According to The American Lawyer, Avid Life’s vice president and general counsel, Avi Weisman, disclosed that Avid Life is being represented by DLA Piper and Barnes & Thornburg in the U.S., with a focus on IP and corporate law. Meanwhile, Stikeman Elliot is representing the company in Canadian litigation and will concentrate on privacy, communications law and, as you’d expect, international border matters.
Only Thursday morning of last week (Aug. 20, 2015), shortly after the announcement of the Canadian lawsuit, Avid Life issued a copyright takedown of three websites that provided a quick look-up of the database.
Of course, there are mirrors of that data all over the net by now, and there are several ScribD documents containing all the names, as well as all the names of all the investors, which likely will prove to be a sad list, too.
There must be some awfully sad faces around Avid Life right now, too. This is a company that was actively discussing and moving toward an IPO on the LSE. Now, not so much.
The Ashley Madison Facebook site is down.
And its Twitter feed, once full of bubbly commentary and naughty little asides, infographics and taunts, is mostly quiet.
Why are people saying that some of the Ashley Madison customer list is fake?
It’s also come to light that Ashley Madison has at least a 9:1 ratio of men to women and a substantial number of phony postings. Due to this, the pairing of couples may be scant despite the robust numbers of membership.
In this vein, larger questions arise about the company’s hauling of innocent sheep for the slaughter. The validity of the data and accounts are in question because many email addresses that have appeared in the leak were merely harvested from e-mail lists purchased by the company. Another indication of a pattern of fraudulent practice was exposed by one woman formerly with the company in Toronto who said that she created hundreds of fake postings of alluring women in order to sell the site to unsuspecting male customers.
The sad reality is that many innocent individuals will be influenced by the mass data dump. In the case of one individual who wrote on Reddit:
I am from a country where homosexuality carries the death penalty … I BEG you all to spread this message. Perhaps the hackers will take notice of it, and then, I can tell them to (at the very least) exercise discretion in their information dump (i.e. leave the single gay arab guy out of it). As of now, I plan on leaving the Kingdom and never returning once I have the $ for a plane ticket. Though I have no place to go, no real friends, and no job.”
Editor’s Note: The individual quoted above has, according to the same source, been offered help and passage to the U.S.
According to The National Law Journal, some in the U.S. legal community are skeptical about the traction of protracted litigation with questionable damages. They wonder whether such cases as this are “sexy” enough, or whether they pose problems in jury trials because juries might automatically consider wronged Ashley Madison customers to liars and cheats.
Another concern that plaintiffs’ attorneys so far have expressed is around the hometown of Avid Life Media. Based in Toronto, it is more difficult to sue there than it would be were it based in the U.S.
Also, the all-important issue around class certification is speculative, too. That is because, attorneys say, potential damages among the plaintiffs could swing wildly, from child custody disputes to divorce proceedings to false use of an individual’s name to pad the site’s rolls.
Finally, the prospect of any case moving forward against the company might end up largely depending upon keeping the anonymity of the clients, and that signals a potentially rough road ahead. Courts generally ensure anonymity in only the most special of circumstances, for instance in cases involving minor children or the insiders who turn on their organized crime bosses.
There are similarities, certainly, to last year’s Sony hack attack. Like Sony, Avid Life is working closely with the RCMP and the FBI to identify the hackers, company spokespeople have said. Also, it is offering a $500,000 award towards identifying the hackers, which it says would fund arrest and prosecution.
But remember: Sony’s CEO was ousted as a result of the hacks because of the fact that the hackers entered, without credentials, servers so easily and without detection. In that case, the hackers carried out a methodical extraction of key data, such as unreleased movies, installed malware and proceeded to “kill” the machines. It was a crime that crippled the entire Sony U.S. network and cost that company a bundle.
The colossal entertainment company absorbed massive losses in revenue due to this huge disruption, true.
But that’s showbiz.
Sony is not Avid Media, a company that has been gleefully promoting activities that so stand to endanger the reputations and personal lives of its customers. The worldwide exposure of those customers, even if half or more of the 32 million names turn out to be false or incorrect, is devastating to all concerned.
Virtually nothing so far is known about the hacker or hackers who call themselves the “Impact Team.” Some IT experts even publicly insist it had to be an inside job performed by just one disgruntled (female) employee. And The Impact Team, whatever or whoever it turns out to be, has not been named in the class action lawsuit — yet.
Once outed, though, the hacker or hackers might well end up serving in court as an ally to the customers this hack so cruelly exposed, and apparently all to attack one company it found untrustworthy.
Even if the company doesn’t fold in bankruptcy, as some pundits have predicted, even if it survives the withering media scrutiny around this first wave of class action lawsuits in California, Missouri, Texas and Canada, will it ever be able to resurrect its former glory as a seriously promising startup, built on a wink and a lascivious smile?
Stranger things have happened.
But then, this is one of the more unusual cases on record, Internet-wise. Likely the real details and shockers are still to come.
U.S. class actions so far in California, Missouri, Texas, with more likely.
Other firms have expressed an interest in attracting clients on the breach of contract issue in a consumer protection context, rather than the violation of privacy matter. Plaintiffs’ firms interested in representing victims include Abington Cole & Ellery of Tulsa, OK and The Schmidt Firm of Dallas. There are countless more, of course.
And Abington Cole & Ellery’s website invites Ashley Madison users to provide the firm with their names or, understandably to maintain anonymity, their pseudonyms.
Here are the full complaints for both of the California class actions. And below, the full complaint, readable in place, of the complaint in Texas.
John Doe v. Avid Life Media (California class action suit 1)
Here’s the second class action case that’s been filed in California federal court.
Lots of Does v. Avid Life Media (California class action suit 2)
Here’s the Texas class action suit against Avid Life (dba Ashley Madison), below.
John Doe v. Avid Media (Texas)
Here’s the class action suit filed in federal court in St. Louis. It was filed in July 2015 after the first hacker dump on Ashley Madison. It is a $5 million class action lawsuit by a Jane Doe in Missouri, who claims that the company did not honor its agreement to run a “paid-delete” about her information. She paid the company $19 for that service.
For aNewDomain, I’m Jim Kelly.
Images in order:
Image of Avid Life CEO Noel Biderman with models for an Ashley Madison promotional photo shoot: LatinTimes.com, All Rights Reserved. Ashley Madison bride ad: DailyKos.Com, All Rights Reserved. Ashley Madison screenshots: by Jim Kelley for aNewDomain, via AshleyMadison.com and Avid Life. Reflections of Canada: by Dennis Jarvis via Flickr. Doriana Silva image: UK Telegraph, All Rights Reserved. Ashley Madison “sample” football ad: PhoenixNewTimes.com, All Rights Reserved.
Gina Smith and Tom Ewing also contributed to this story.
