A judge in California certified a class action lawsuit against Verisign to proceed and to include up to 400,000 class members. The total cost of the settlement may exceed $200 million. The suit was filed last year in California. "According to our research, Verisign's false advertising has resulted in businesses and consumers paying hundreds of millions of dollars for nothing," states one of the attorneys for the plaintiffs. |
Verisign is the world's leading provider of security certificates used to encrypt data and personal information on the internet. Verisign sells two versions of its SSL security certificates, Secure Site and Secure Site Pro. The Secure Site certificate is advertised as being capable of encrypting data only at a 40-bit level which is considered "encryptionally weak" in the industry. The Secure Site Pro is advertised as encrypting data at 128-bit, a level defined by the industry as "encryptionally strong." Verisign sells its Secure Site Pro certificates for approximately $500.00 more than the Secure Site certificates. The lawsuit claims that Verisign falsely advertises its security certificates. Since early 2000, the two certificates have provided the same 128-bit encryption for the vast majority of internet users.
The case will be the first of many more to come given the burgeoning internet security industry and tremendous growth of online transactions. "Our security and personal privacy are serious matters," stated one of the lawyers working on the case. "People should not be taken advantage of by experts in the field who should know better."
Security breaches and theft of personal information have been a concern to the federal government, business and consumer groups. Other similar suits seeking class action status have been filed around the nation. The suit against Verisign is the first of its kind to be granted court approval to proceed as a class action.
The lawsuit is open to any business that used VeriSign to incrypt data and personal information on their website.