New York Attorney General Eliot Spitzer has filed suit against a company responsible for what is believed to be the largest deliberate breach of privacy in Internet history. The suit against Gratis Internet alleges that the company sold personal information obtained from millions of consumers under a strict promise of confidentiality.

"Unless checked now, companies that collect and sell information on consumers will continue to find ways to erode the basic standards that protect privacy in the Internet age," Spitzer said.

Spitzer's office began an investigation of companies involved in "data mining" or compilation and sale of marketing lists, early last year. The focus of the investigation quickly turned to Gratis, a Washington, D.C.-based company that owns and operates several Web sites that provide consumers with ways to receive free products, generally through free trials of yet other products.

These sites include or have included:;; and

From 2000 through 2004 Gratis made numerous explicit promises to the users of its web sites about protecting personal information. Among the promises the company made were:

• "We will never give out, sell or lend your name or information to anyone";
• "We will never lend, sell or give out for any reason your email address or personal information";
• "We at [Gratis web site] respect your privacy and do not sell, rent or loan any personally identifiable information regarding our customers to any third party"; and
• "Please note that we do not provide your E-mail address to our business partners."

Even on its sign-up pages, Gratis promised consumers that it "does not . . . sell/rent emails."

However, the investigation confirmed that Gratis's owners, Peter Martin and Robert Jewell, repeatedly violated these promises during 2004 and 2005 by selling access to lists of millions of Gratis's customers to three independent email marketers.

The marketers then sent hundreds of millions of email solicitations to those users, on behalf of their own customers. In each of these deals, Gratis wrongfully shared between one and seven million confidential user records. This is believed to be the largest deliberate breach of a privacy policy ever discovered by U.S. law enforcement.

Leading privacy advocates praised the lawsuit:

• Marc Rotenberg, the Executive Director of the Electronic Privacy Information Center based in Washington D.C. said: "Without strong enforcement, privacy policies are meaningless. We support the efforts of the New York Attorney General to safeguard consumer privacy."

• Beth Givens, Director of the Privacy Rights Clearinghouse, a consumer advocacy organization said: "Attorney General Spitzer continues to send a strong message to Gratis and others like it who would sell their email lists to spammers when their privacy policy says otherwise: Deception doesn't pay."

The suit also sets forth how, during the course of its investigation, Gratis repeatedly, but falsely, denied that such data sharing had even occurred.

In one written response to the attorney general, for instance, Gratis assured the Attorney General that "at all times during its existence . . . Gratis has never sold, rented, or lent email addresses or personal information of its users to any third-party and the company has always maintained control over and ownership of such information."

The attorney general's suit cites specific data sharing contracts, as well as testimony and other evidence provided by internet marketers that did business with Gratis. It seeks penalties and injunctive relief, against Gratis and its principals, under New York's consumer fraud statutes

Earlier this month, Spitzer reached settlements with e-mail marketer Datran Media, to whom Gratis had sold its user records.