July 04, 2005
Click Fraud Lawsuit--Click Defense v. Google
Click Defense Inc. v. Google, Inc., No. 5:05-cv-02579-RMW (N.D. Cal. complaint filed June 24, 2005). This is the second major lawsuit again Google for click fraud, following on the Lane’s Gift case filed a few months ago. I have yet to see the Lane’s Gift complaint, but fortunately, we can evaluate this complaint.
What is Click Fraud? (and some possible solutions)
Defining click fraud has always been tough. The Click Defense complaint defines click fraud as “when someone clicks on a search advertisement with an ill intent and with no intention of doing business with the advertiser….purposeful clicks on advertisements for some kind of improper purpose.” (Para. 21). The complaint gives the two typical examples—competitors clicking to burn up an ad spend (Para. 21(a)), and webmasters clicking to boost AdSense earnings (Para. 21(b)).
While I can’t quibble with this definition, it creates problems from a litigation standpoint. How, exactly, is Google supposed to divine clicker intent/purpose? Google knows a little about each click—the ad clicked on, which site delivered the ad, the IP address of the clicker, time of the click—but with respect to any individual click, this information is insufficient to determine intent.
Thus, the plaintiffs expect Google to infer intent through clicker repetition. This isn’t wholly unprecedented; Google uses repetition (among other considerations) to screen out robotic behavior. However, clicker repetition isn’t a good proxy for intent, as evidenced by the statistics on interrupted searches and returns to abandoned shopping carts.
Thus, a “click-series” analysis cannot accurately reveal clicker intent. It will never catch the bad-intent clicker who engages in low volume clicking, and any threshold has to be set high enough not to catch the shopper who uses interrupted search strategies. As a result, Google simply cannot eliminate click fraud when fraud is based on the clicker’s intent. Accordingly, the plaintiffs’ definition creates a legal conundrum—assuming that Google has no practical way to detect every instance of click fraud, when does the volume of click fraud (as defined by the complaint) reach the point that it warrants legal consequences? Without rigorous boundaries around this magic moment, many judges will be reluctant to fashion legal relief.
Having said this, Google could do more with the data it has. First, Google could not charge for any highly-repetitive clicking (robotic or otherwise). Maybe Google is already doing this, but I can’t recall a public statement by Google to this effect. I understand that Google may not want to publicize specific thresholds to maintain security, but at the moment my inference is that it counts highly repetitive clicking in some cases. Google can do better than that.
Second, Google could give advertisers a credit across-the-board based on Google’s system-wide estimates of click fraud. For example, if Google thinks that click fraud cannot be determined on a click-by-click basis, but click fraud comprises 10% of clicks across the network, Google could reduce every advertiser’s monthly bill [billed clicks x advertiser’s average bidded CPC for the month] by 10%.
I don’t think this would immediately lop off 10% of Google’s revenues; I would expect many advertisers would keep spending the same by increasing CPCs, bidding on new keywords, etc. Nevertheless, I would not expect Google to acknowledge the click fraud problem so openly unless the problem was truly out of control or advertisers banded together to force Google to act.
On that front, I remain surprised that advertisers have not attempted to coordinate their actions to date. In my world, the people with the money dictate terms to those who want that money, and a group of large Google advertisers should be able to produce results.
In any case, these musings about possible solutions do not directly affect the lawsuit. However, they highlight the definitional problems and the uncomfortable line-drawing exercises that a judge will have to consider. On this basis alone, a judge may think that this problem is better resolved by negotiation between the parties than through judicial intervention.
The Causes of Action
The complaint alleges four causes of action:
· breach of contract
· unjust enrichment
· violation of California’s Business & Professions Code Sec. 17200
I think the last two causes of action are “fluffy.” They are alleged in virtually every case involving some type of allegedly unfair business practices but they rarely affect the outcome. Usually, fluffy claims stand or fall with other, more substantive claims. If the plaintiffs lose the breach of contract and negligence claims, I think the other two claims will fail as well.
The Negligence Claim
Negligence is a tort claim. Every tort requires, as a precondition, that the defendant (Google) owes a legal “duty” to the plaintiffs. Although there are exceptions, parties in a contract generally don’t have tort duties to each other solely due to the contract.
The complaint does not explain why Google owes a duty to its AdWord customers. A cryptic complaint is not unusual; complaints do not need to spell out the underlying legal theories.
The complaint alludes to some duties (Paras. 31-33) that Google should track click fraud, warn advertisers about click fraud, and notify advertisers after click fraud occurs. However, these duties do not currently exist (i.e., there’s no precedent imposing these duties on Google), so a court would have to create them from scratch.
Making new law in this context may give many judges pause because there's a contract between the parties, so the parties had a chance to spell out their duties to each other (rather than relying on default/unstated duties). As a result, it’s possible that a judge will say that Google only has contractual obligations to the plaintiffs and no tort duties, in which case the negligence claim will fail.
The Breach of Contract Claim
From my perspective, the contract breach claim is the substantive heart of the complaint. Historically, my position has been that there is no “fraud” in click fraud cases because the plaintiffs get what they pay for. Advertisers buy clicks, Google delivers clicks—in my book, end of the story. If advertisers want to change the definition of clicks, they can negotiate with Google for a different definition.
The plaintiffs address this by alleging that Google won’t negotiate its contract (Para. 39). This is probably true in Click Defense’s case but not true across all advertisers. I am sure Google will negotiate special deals for top advertisers, so the “take it or leave it” offering simply reflects that Click Defense is a Long Tail advertiser. Plus, a party’s unwillingness to negotiate is rarely important in business-to-business contract cases.
Based on the contract the parties entered into, the complaint claims that Google charges for clicks that weren’t appropriately chargeable under the contract’s terms. The contract says that advertisers pay based on “actual clicks.” The complaint alleges (Paras. 36 and 42) that “actual clicks” do not include fraudulent clicks.
This raises a pure contract interpretation question: what do the words “actual click” mean? Although the word “click” has a pretty well-accepted meaning, I think the phrase “actual clicks” is susceptible of multiple meanings. If I were drafting this provision, I would define “clicks” to reflect how my client’s system technically records them. I would also say that “clicks” exclude any clicks that my client, in its sole discretion, considers to be fraudulent based on the client’s fraud detection systems.
Google’s contract doesn’t provide any clarification of “clicks” or “actual clicks.” Without such a definition, the plaintiffs can try to define it favorably to them. Because Google already reduces its raw number of clicks to reflect robot activity, the judge could decide that “actual clicks” includes other reductions as well. Personally, I think it’s a stretch to convert “actual” to mean “non-fraudulent” (especially using an intent-driven definition) but that’s for the court to decide.
In addition to the breach of contract based on “actual clicks,” the complaint alleges that Google breached an implied covenant of good faith and fair dealing. Although all contracts contain this implied covenant, judges often interpret this covenant narrowly. However, some judges would consider self-dealing (as alleged in Para. 34) to violate such an implied covenant. As with the interpretation of the words “actual click,” it is difficult to predict in advance what a judge will do with this allegation.
To recap: I think that the plaintiff will get zero traction with its unjust enrichment and 17200 claims, and I think the negligence claim will probably fail because Google does not owe a tort duty to the plaintiffs. I personally think the contract claim should fail as well, but much depends on the way the judge interprets the words “actual click” and the scope of the implied covenant, so neither of these interpretations are easily predictable in advance.
What’s Not Alleged
Despite the fact that the plaintiffs tried to bolster their legal attack through 2 fluffy claims (unjust enrichment and 17200) and one weak claim (negligence), I found it noteworthy what the plaintiff might have claimed but didn’t.
Notably, the plaintiffs did not allege that Google committed fraud in inducing advertisers into its contract, nor did the plaintiffs allege that Google made a misrepresentation in its marketing or breach any warranty that might have arisen in the marketing or sales process. Any fraud/misrepresentation/warranty would have come from statements outside of the contract, such as Google’s marketing materials, press releases, publicity statements or securities filings. The complaint does reference some of these extra-contract statements (e.g., Paras. 27-29) but does not use these statements to support additional causes of actions. (Note that the contract disclaims many of these extra-contract statements in Sec. 4, but plaintiffs can overcome these disclaimers in some situations).
Although the complaint references statements in Google’s securities filings, the complaint also does not allege that Google committed any securities law violations. While this complaint would not be an appropriate place to do so (the identity of plaintiffs would not overlap between the two actions), most plaintiffs’ attorneys would happily sink their teeth into a rich defendant for every possible claim it can. Perhaps a securities fraud lawsuit is coming from these attorneys, but I doubt it.
I don’t want to overinterpret the absence of these causes of action, but typically plaintiffs’ attorneys allege everything they can. So my inference is that either the plaintiffs didn’t research these topics (which would reflect either sloppiness or a hope for a get-rich-quick settlement), or they did research the topics and found nothing legally useful. Either way, the fact that the plaintiffs base their principal claim (the contract breach) on a contract that is highly Google-favorable does hint at the legal weakness of the plaintiffs’ action.
I vacillate between two competing perceptions about click fraud lawsuits. Sometimes I think that Google deserves some legal heat for its blasé attitude towards click fraud. Other times, I think click fraud plaintiffs are merely media grandstanders and quasi-extortionists. Unquestionably Google can do more to address click fraud, but advertisers—especially Click Defense (given its specialty in click fraud topics)—know about click fraud and yet voluntarily decide to enter into a contract with Google and voluntarily choose the keywords and pick the CPCs they think are profitable knowing that click fraud exists.
I think Click Defense’s complaint is legally weak but not frivolous. Perhaps with sufficient legal sophistry, Click Defense can find a way to convince a judge to give it legal redress. Nevertheless, I remain convinced that click fraud should and will be solved through business dealings rather than in a court of law.
UPDATE: I've noticed that Click Defense continues to advertise on Google, occupying a top spot for the keyword "click fraud." It's really, really hard for plaintiffs to convince a judge of the merits of their case when the plaintiffs keep placing new orders with the defendants under the same terms. I think Click Defense's advertising tips the balance in this case towards publicity stunt instead of serious lawsuit.
UPDATE 2: I got my hands on the Lane's Gift complaint and have blogged on that too. The updated blog post also references some of my insights from a conversation with Click Defense's attorneys.
Where does robotic activity fit into your definition of click fraud? Its not clear to me that manual clicking can reach high enough numbers to be a major problem, since the "cheater" would have to shuffle IP addresses at the very least. However, putting some trojan-compromised drones to work could generate significant revenue (or drain on your competitor); sort of a distributed denial of service attack in slow motion.
I would expect that this is already being done - look at the energy spent generating comment and wiki spam and click fraud would seem to generate a more certain and larger payday.
Does your analysis of the complaint change if automated click fraud is alleged?
Posted by: jeff at July 5, 2005 10:29 AM
Note that I didn't offer my own definition of click fraud; I was happy to work with the definition offered by the plaintiffs. The short answer to your final question is no. Under the plaintiff's definition, the plaintiffs expect Google to divine intent, and Google gets the same information from a click regardless of whether the click is made manually or via a robot. Eric.
Posted by: Eric Goldman at July 5, 2005 12:29 PM
Click fraud takes multiple forms, including competitors clicking each other's ads to drive down their advertising budgets (and perhaps exhaust a competitor's daily, weekly, or monthly budget, such that their ads no longer appear), and the type of automated click fraud to which jeff alluded (which may involve a very sophisticated program which automatically distributes clicks through thousands of proxies, or the triggering of software embedded by virus/worm in thousands of computers throughout the world).
What I find most interesting about this lawsuit is that the Plaintiff (http://www.clickdefense.com/) describes itself as "The leading ad tracking, optimization and click fraud detection company". That is, they claim to be victimized by the type of activity they "lead" in detecting. I am left wondering if the lawsuit is more about generating publicity than it is about obtaining an award of damages. ("The complaint alludes to some duties (Paras. 31-33) that Google should track click fraud, warn advertisers about click fraud, and notify advertisers after click fraud occurs. - perhaps they want Google to buy them, because one would think that these are services they offer.)
Posted by: Aaron at July 11, 2005 08:42 PM