Two New York residents who brought a privacy lawsuit against Turn are asking an appeals court to allow them to proceed with their case in court.
In papers filed with the 9th Circuit Court of Appeals, New York residents Anthony Henson and William Cintron argue that U.S. District Court Judge Jeffrey White should not have granted Turn's request to send the matter to arbitration. Henson and Cintron are seeking a "writ of mandamus" requiring White to vacate his earlier order.
Henson and Cintron alleged in a potential class-action filed in 2015 that Turn used a controversial technology that enabled it to track consumers for online ad purposes, even when they deleted their cookies. The allegations centered on Verizon's "supercookies" -- headers, called UIDHs, that Verizon previously injected into all unencrypted mobile traffic.
Those headers -- 50-character alphanumeric strings -- enabled ad companies to compile profiles of users and serve them targeted ads. The UIDHs also are known as “zombie” cookies, or "supercookies," because they allow ad companies to recreate cookies that users delete.
Turn asked for the case to be sent to arbitration on the grounds that the consumers' allegations were closely connected to their subscriber agreements with Verizon -- which call for arbitration of all disputes.
White agreed with the ad tech company. He ruled that questions raised by the lawsuit "concern substantially interdependent and concerted conduct" by Turn and Verizon.
"Here, Turn contends that it acted in partnership with Verizon to provide services that were disclosed to plaintiffs in their Verizon subscriber agreements," White wrote in his March decision sending the case to arbitration.
Lawyers for Henson and Cintron now argue that White's decision should be reversed for several reasons, including that their arbitration agreements were with Verizon, not Turn.
"Neither plaintiffs’ complaint nor the relationships between any of the parties warrant a conclusion that plaintiffs agreed to arbitrate anything with Turn," they say in papers filed Friday with the 9th Circuit.
Verizon has used the headers since 2012 to track people's activity online and send them targeted ads, but didn't disclose their existence in its privacy policy until last year.
The company has always allowed people to opt out of receiving targeted ads powered by its own ad programs, but didn't initially allow them to avoid header insertions. Last year, Verizon changed its policies to allow people to opt out of the header injections. In October, Verizon again narrowed the program by deciding to only send the header to Verizon companies, including AOL.
Verizon initially said that outside ad networks weren't likely to draw on the headers in order to compile profiles of Web users. But in January of 2015, researcher Jonathan Mayer -- now with the FCC -- reported that the Turn was using Verizon's headers to collect data and send targeted ads to mobile users who delete their cookies.
Turn initially acknowledged that it used the headers for ad targeting and defended the practice, stating that the company uses the “most stable identifier” possible.
Several days later, Turn said it had re-evaluated and would stop using Verizon's headers to target ads.
Lawyers for Henson and Cintron say in their latest papers that Turn and Verizon's ad deal "did not contemplate Turn secretly subverting users’ efforts to protect their privacy and security."
"Verizon assured customers that the UIDH would not be used by advertising partners (like Turn) for tracking and profiling purposes; indeed, it publicly dismissed even the possibility 'that sites and ad entities will attempt to build customer profiles' using its identifiers," the users assert. "Turn proved Verizon wrong."
Turn consistently said it honors the industry's self-regulatory code and doesn't serve targeted ads to users if their cookies reveal that they opted out via links at sites operated by the self-regulatory groups Network Advertising Initiative or Digital Advertising Alliance. But when people clear cookies -- often in order to protect their privacy -- they also delete the opt-out cookies installed by the DAA and NAI.
Turn also says it won't serve targeted ads to people who opt out via its own link, or Verizon's opt-out mechanism. (Verizon's mechanism can persist even when users delete their cookies, according to Turn.)
Earlier this year, the Federal Communications Commission fined Verizon $1.35 million to settle an investigation surrounding the supercookies. That investigation focused on whether Verizon violated the Communications Act's privacy provisions -- which require carriers to protect customers' "proprietary information" -- and whether the company violated a 2010 net neutrality rule requiring disclosure of broadband management practices.
The FCC currently is considering whether to ban broadband providers from using persistent tracking mechanisms.