There’s a story (http://www.securityprivacyandthelaw.com/admin/trackback/289911) about a lawsuit filed against the game company, Blizzard, which seeks class action status. It appears that the company is being sued for enabling two factor authentication for their online gaming service. Yeah, that’s what I thought: why on earth would someone sue a company for *having* strong authentication? The lawsuit isn’t really about any particular breach, or any harm resulting from negligent actions by Blizzard, or any actual identity theft suffered by its customers. Rather, the complaint appears to argue that customers might, someday, experience harm, possibly, in the future, should Blizzard be (again) hacked. Uh-hun. It further states that, “defendant’s acts have … harmed plaintiffs’ and class members by devaluing their video games … by adding elements of risk to each and every act of playing said games.” Really? Devaluing their video game? How, exactly? Is there any evidence of this? No, there’s not.
It also suggests that customers were deceived into purchasing the game only to later learn that they also needed a $6.50 device to enable two-factor authentication (the RSA ID fob). Now, fine. If it’s true that customers were misled in some material way, then an allegation of consumer fraud might be appropriate (though, isn’t this the role of the FTC?), and if there was some evidence of any kind of harm (even a real privacy harm), then that might be valid, but these claims seem to be quite stretched.