Massachusetts DPH Sued for Forcefully Installing Spyware on One Million Android Devices
NCLA accused Massachusetts DPH of secretly installing a contact-tracing app on the device of individuals who reside in or have traveled to or through Massachusetts since June 15, 2021.
A class-action lawsuit filed by the New Civil Liberties Alliance alleges that since June 2021, the Massachusetts Department of Public Health developed a COVID-19 contact tracing app using Google APIs and secretly installed it onto users’ Android smartphones.
New Civil Liberties Alliance (NCLA), a non-profit law firm that works pro bono, filed a class-action lawsuit alleging that the Massachusetts Department of Public Health (MDPH) and Google non-consensually installed a contact tracking app (COVID Exposure Settings: US-MA) on one million Android devices in the Massachusetts area.
Initially released as a voluntary app, NCLA states in the lawsuit that the app gives its developers access to the device owners’ wireless IP addresses and MAC ID, saved contact details, phone numbers, email addresses, and location.
NCLA equates the app to spyware and adds that the app is surreptitiously installed on the device of individuals who reside in or have traveled to or through Massachusetts since June 15, 2021. And if they located and uninstalled it, MDPH reinstalled it without obtaining the necessary permissions.
See More: Why Google’s $391.5M Settlement With 40 States Over Privacy Concerns is Just a Smokescreen
“These secret installations not only invade owners’ reasonable expectation of privacy, but they also intrude upon owners’ property right in their mobile devices by occupying valuable storage space,” the legal document filed by NCLA reads, adding that the two dozen other U.S. states which developed respective contact tracing apps using Google API, engaged in community outreach to encourage downloads.
With relevant permissions, the data in question could be accessed by the MDPH, Google, developers and third parties, if any. “Such brazen disregard for civil liberties violates both the United States and Massachusetts Constitutions, and it must stop now.”
As such, the NCLA accuses MDPH of violating different state and federal laws, including the Computer Fraud and Abuse Act, in eight separate counts.
Besides ceasing unwarranted and non-consensual installations as relief, the NCLA requested the court to declare MDPH’s activities pertaining to COVID Exposure Settings: US-MA as unlawful. The NCLA also requested the state agency pay all costs, expenses, and attorney fees allowed under the Equal Access to Justice Act and $1 in damages.
“The Massachusetts DPH, like any other government actor, is bound by state and federal constitutional and legal constraints on its conduct,” said Peggy Little, senior litigation counsel at NCLA. “This ‘android attack,’ deliberately designed to override the constitutional and legal rights of citizens to be free from government intrusions upon their privacy without their consent, reads like dystopian science fiction—and must be swiftly invalidated by the court.”
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Image source: Shutterstock