n a major legal showdown between Internet data harvesters and privacy advocates, a federal judge has ruled that an advertising company's conduct in gathering detailed information about consumers through the use of "cookies" -- small files containing identification numbers -- and other technology for the purpose of targeting online ads does not violate federal laws.

The ruling last week, by United States District Court Judge Naomi Reice Buchwald, in Manhattan, dismissed at an early stage a consolidated class-action lawsuit against DoubleClick, Inc., a New York-based company that is the largest provider of Internet advertising products and services in the world.

Lawyers say the decision is significant because it represents an important victory for the Internet advertising industry and some Web publishers, whose data-collection practices have been denounced by privacy advocates as an intrusive monitoring of consumer behavior online. In addition, the case represents the first time a federal court has addressed the applicability of federal laws to Internet advertising.

Lawyers representing a potentially huge class of consumers had alleged that DoubleClick's online advertising practices violated three federal laws: the Electronic Communications Privacy Act, which seeks to prohibit destructive hacking; the Wiretap Act, which generally prevents wiretapping for criminal or other wrongful purposes; and the Computer Fraud and Abuse Act, which prohibits unauthorized access to computers.

In her extensive 71-page decision, issued on March 28, Judge Buchwald found that the plaintiffs had utterly failed to show in their amended complaint that DoubleClick's purported conduct violated any of the three federal laws under review. Judge Buchwald went on to observe that there was no evidence that Congress intended to prohibit the kind of online advertising and information-gathering practices pursued by DoubleClick.

"DoubleClick's practices and consumers' privacy concerns with them are not unknown to Congress," Judge Buchwald wrote. "Indeed, Congress is currently considering legislation that specifically recognizes and regulates the online harvesting of user information . . . Although the proposed legislation has no formal authoritative weight, it is evidence that Congress is aware of data-mining practices and is sensitive to the privacy concerns they raise. Where Congress appears to have drawn the parameters of its regulation carefully and is actively engaged in the subject matter, we will not stray from its evident intent."

In another part of her ruling, Judge Buchwald also dismissed without discussion four state law claims against DoubleClick that were attached to the federal suit. Those claims included common law invasion of privacy, unjust enrichment and trespass to property.

Seth Lesser, one of the lead attorneys for the plaintiffs in the case and a partner at the New York law firm Bernstein, Litowitz, Berg & Grossmann, said he would appeal the court's ruling to the United States Court of Appeals for the Second Circuit, in Manhattan. In an interview, he said that Judge Buchwald erred in her recitation of the facts and in her interpretation of the federal laws.

He added that even if the case is upheld on appeal, it is not the end of the battle. Other lawsuits against DoubleClick are pending in California and Texas state courts. Those cases, based on DoubleClick's alleged violation of state privacy and consumer protection laws, are unaffected by Judge Buchwald's ruling, he said.

For its part, DoubleClick appeared quite pleased with the outcome of the federal case in New York. "We're really gratified that the judge found that the federal acts don't apply to DoubleClick's business," said Elizabeth Wang, vice president and general counsel of DoubleClick. She said she was "confident" Judge Buchwald's decision would be affirmed on appeal.

DoubleClick, through proprietary technologies and techniques, and in conjunction with about 11,000 affiliated Web sites, captures at least three different types of information about online users, according to legal papers.

First, the company collects so-called "GET" data, which might reveal, for example, that a consumer who visited an affiliated music site requested information about Bon Jovi. Second, the company records "POST" information, which is the data a consumer is required to insert in blank fields on an affiliated Web page when he or she is signs up for a service, such as a discussion group. Last, by placing a Web bug or so-called "GIF" tag on its affiliated Web sites, DoubleClick can monitor a user's movements throughout the affiliated site, enabling the ad company to learn what information the user sought and viewed.

All the information collected in this manner is compiled by DoubleClick to build demographic profiles of users, according to court documents. In addition, a particular user's hard drive is tagged with a "cookie" -- a small piece of software code -- deposited by DoubleClick when the consumer visits an affiliated site. The end result of the system is that when a consumer views an affiliated Web site, DoubleClick is able to identify the user's computer by the cookie. It then can cross-index that information with the relevant data profile, and immediately make sure that the banner ads that the user sees on the affiliate site are properly targeted to his or her interests.

Perhaps the most promising federal claim that the plaintiffs made in their complaint was that DoubleClick's business practices violated a section of the Electronic Communications Privacy Act. The argument was that DoubleClick's collection of GET, POST and GIF information, as well as its placement and use of the cookies, violated the law's requirement that access to a computer system must be authorized by the "user."

The plaintiffs argued that the relevant "user" was the consumer and that he or she had not given consent to the snooping. But in closely interpreting the law, Judge Buchwald found that the "user" could either be the author of the data -- the consumer or the recipient of the data -- which in this case would be the affiliated Web site that the consumer visited. Judge Buchwald concluded that the affiliated Web site "consented to DoubleClick's access of plaintiff's communications to them."

Stewart Baker, an expert in e-commerce and electronic surveillance who has represented Internet advertisers in privacy-related matters, and a partner at Steptoe & Johnson, a Washington, D.C. law firm, said that Judge Buchwald's analysis was reasonable. As a general rule, he said, if two people are having a telephone conversation, either one of them can consent to a third party listening in. The same analogy applies to the DoubleClick case, he said.

But other scholars disagree. Marc Rotenberg, executive director of the Electronic Privacy Information Center and an expert on privacy law, believes that Judge Buchwald's ruling on the "user" issue will present strong grounds for a reversal on appeal.

"I think this reading [of the Electronic Communications Privacy Act] is almost nonsensical," he said. "Because it completely obliterates the purpose of the provision. It is obvious that the end users' hard disk is central to the analysis here."

Rotenberg added that in his view the statute would permit the use of cookies so long as DoubleClick obtained the consent of the end user whose information is collected. "That is the congressional intent" of the law, he said.

Paul Schwartz, a privacy expert who teaches at Brooklyn Law School, echoed Rotenberg's view. "The court said the Web site is the 'user' of the electronic service and can give consent to DoubleClick," he said. "So what are the individual consumers, chopped liver?"

Schwartz said that it was "fair enough" for Judge Buchwald to say that the federal laws were ill suited to regulate the Internet world of cookie-based advertising.

"But it's also fair to say that Congress at different times has been worried about invasions of privacy," he said. "The ongoing puzzle is to figure out what kind of statutory rules we need."