Lenovo, Inc. (“Lenovo”) has been named in a federal class action suit in connection with recent revelations that many of the PC manufacturer’s computers have been preloaded with a software program called Superfish Visual Discovery.  This program tracks web searches and browsing activity in order to place additional advertisements on the websites that users visit through use of adware or spyware.   Additionally, the program installs its own root certificate that leaves affected PCs more vulnerable to malware attacks.

The lead plaintiff in the action has alleged that the Superfish software tracks Internet usage, invades user privacy and damages user computers.   Additionally, the complaint contains allegations that the software decreases computer speed, decreases the useful life of affected computers, and increases usage of electricity.

Lenovo has since issued a public apology and posted uninstall instructions on its website informing affected consumers of the procedure associated with removing the application from their PCs.  Nevertheless, the proverbial cat has already been let out of the bag, as the federal class action, and a current class action investigation in New York, demonstrate.

The firm spearheading the investigation in New York is currently looking for consumers who purchased the affected Lenovo PCs, charging that the Superfish program “exposes the computer user to serious security vulnerabilities that could result in the theft of users’ logins and passwords, and other sensitive data that a user transmits online, as well as a degraded internet experience caused by downloading and injecting third party ads and pop-up windows.”  To this point, Lenovo’s partners, Microsoft, McAfee and Symantec, respectively, have since updated their software to automatically disable and remove the Superfish software.

Adware Privacy Concerns: The Need to Obtain Prior Informed Consent

Lenovo’s experience offers a cautionary tale for both Internet marketers and the hardware manufacturers that preload adware on computers.  Perhaps the most important lesson is that downloadable applications may only be loaded onto user PCs with the express informed consent of consumers, through use of a comprehensive installation process that follows certain protocols.  Equally important is the fact that each application’s uninstall procedure must be both conspicuous to the consumer, and easily accomplished.  It is imperative for those businesses that operate in the downloadable application space to take the proper precautions in order to minimize the risks of being named in class action lawsuits by contacting experienced counsel to ensure compliance with applicable state and federal law.