Four LinkedIn users have filed a lawsuit accusing the business-oriented social network of accessing their e-mail accounts without permission, harvesting the addresses of their contacts and spamming those people with repeated invitations to join the service.
In their most explosive claim, the plaintiffs say that LinkedIn is “breaking into” external e-mail accounts, like Gmail or Yahoo Mail, by pretending to be the account owner, although the legal complaint offers no details about that assertion.
The lawsuit, which is seeking damages on behalf of all LinkedIn users, revives a longstanding issue about the service: Does LinkedIn adequately inform its users about how it uses sensitive information, including e-mail addresses of everyone they know, and get their consent to do so?
The Complaint alleges: “As a part of its effort to acquire new users, Linkedln sends multiple e-mails endorsing its products, services and brand to potential new users. In an effort to optimize the efficiency of this marketing strategy, Linkedln sends these ”endorsement e-mails” to the list of e-mail addresses obtained without its existing users’ express consent and, to further enhance the effectiveness of this particular marketing campaign, these endorsement e-mails contain the name and likeness of those existing users from whom Linkedln surreptitiously obtained the list of e-mail addresses.”
LinkedIn has always maintained that it gets full consent of its users before reaching out to any of their contacts. And the company reiterated that position in a statement in response to the lawsuit, which was filed in federal court in San Jose, Calif.
In a blog post on Saturday evening, LinkedIn specifically denied that it had ever broken into or hacked user accounts.
Regardless of the claims in the lawsuit, there is no doubt that LinkedIn makes it awfully easy for you to send an invitation to connect to everyone you have ever e-mailed and much harder to revoke that permission.
When you sign up for the service, or want to add contacts, LinkedIn prompts you to import the e-mail addresses of potential contacts from your e-mail accounts, like Gmail, Yahoo Mail or Microsoft Outlook. The lawsuit says LinkedIn does this without seeking the e-mail passwords, suggesting that LinkedIn is hacking into accounts. Under LinkedIn’s normal procedures, it asks users for permission to access each account, though e-mail passwords may not be required if a user is already logged into the e-mail account. Once those addresses are imported, LinkedIn asks you for permission to contact them on your behalf.
And here we get to the crux of why LinkedIn might be viewed as spamming: By default, LinkedIn wants to invite every one of those people to connect with you on the service. Instead of asking you to opt in by checking off which specific contacts you want to invite, LinkedIn requires you to opt out by unchecking the “select all” button. If you are not careful, hundreds of invitations can go out — no second thoughts or cooling-off period provided.
In fact, once the authorization is given, LinkedIn will e-mail your contacts several times asking them to join the service or connect to you. (You can withdraw an unaccepted invitation once it is sent, but it is a tedious process). Moreover, even if you don’t invite some or all of those imported names to connect with you, LinkedIn saves the information for various purposes, including prompting you later to add the people as connections.
LinkedIn had 238 million users worldwide at the end of June, up 37 percent from the second quarter of 2012. It relies heavily on user referrals for that sizzling growth, which has also sent its stock price into the stratosphere.
Such growth by referral is common to social networks, games and mobile applications, though sometimes they cross the line into what many of their users would consider spamming.
The lawsuit, and numerous complaints on LinkedIn’s own message boards, suggest that the company is treading dangerously. As one user quoted in the lawsuit put it in a post on LinkedIn:
The legal process will sort out whether LinkedIn is getting adequate consent from its users. But legalities aside, if many users believe that the company is abusing sensitive personal information like e-mail contacts, it risks tarnishing its brand and business.
LinkedIn’s mission includes establishing itself as the premier site for making and maintaining business connections, and trust is the foundation of many lucrative services it wants to offer, from job-hunting help to industry news.
This can end up at best being a big embarrassment to LinkedIn, and at worst, can bring down the company all together.
Thanks to VINDU GOEL and the New York Times, and
Thanks for “listening”.