September 01, 2005
Downloading Software onto Home Computer May Be Trespass to Chattels--Sotelo v. DirectRevenue
Sotelo v. DirectRevenue LLC, No. 05 C 2562 (N.D. Ill. Aug. 29, 2005).
It was pretty obvious when the complaint was filed in March that this lawsuit warranted careful scrutiny. This initial ruling reinforces that point. This ruling is interesting and important...but it is also frustrating due to its procedural limitations (as a motion to dismiss) and substantive mistakes. Nevertheless, this case could have some impact on other lawsuits. And should the court's plaintiff-friendly rulings gain more traction, this case could usher in a lawsuit extravaganza against adware companies and perhaps software vendors generally.
This lawsuit arises from users' frustration with unwanted adware. Although there have been a few attempts to bring private causes of action against adware vendors and their advertisers/distributors, none of these efforts have met with much success yet.
Procedurally, the case was initially filed in Illinois state court. However, because the plaintiffs are seeking to form a class, the defendants were able to remove the case from state court to federal court (N.D. Ill.).
The Arbitration Clause
DirectRevenue's EULA contained an arbitration clause, so DirectRevenue moved to dismiss this lawsuit in favor of arbitrating the claims. However, to decide if the claims are arbitrable, the court has to decide if the plaintiffs agreed to the EULA containing the arbitration clause. Thus, the court confronts the well-discussed topic of whether DirectRevenue properly formed a contract with its users.
This is an issue that has perplexed me for some time. Given the legal risks they face, I simply do not understand why adware vendors do not use mandatory non-leaky clickthrough agreements. I further do not understand why adware vendors rely upon third party distributors to form the requisite agreements with users. Instead, to ensure proper formation, adware vendors should display a mandatory bootscreen the first time their software tries to run (i.e., before serving any ads). This bootscreen should give users the choice to accept or reject the terms, and the adware vendor should control the text and the mechanical process of the bootscreen completely. If adware vendors did this, they wouldn't have to worry about (a) sloppy practices by distributors, (b) users saying they didn't know what they were doing, and (c) courts shredding their contract formation process.
In this case, it appears that DirectRevenue was trying to rely upon a browse-wrap style formation process (i.e., the agreement was on a page that users did not need to see to install the software). Although some courts will give effect to browse-wrap terms, the vast weight of precedent is against such formation processes. This court joins the majority line of cases (although, interestingly, without citing any precedent despite dozens of cases on point). The court's opinion is entirely opaque on its thinking, except that it seems to accept that the EULA process wasn't mandatory and the plaintiff didn't see the terms otherwise. (The court also rightly rejects a silly argument that the "?" in the top bar of advertisements (which, if clicked, would lead to the EULA), properly formed the contract.)
Finally, the court correctly distinguishes DirectRevenue's situation from that of ProCD in ProCD v. Zeidenberg because, in ProCD, the existence of terms was disclosed on the software box before the purchase was made. However, the court does not even mention Hill v. Gateway, where point-of-purchase disclosure was adamantly dismissed as immaterial, so it's frustrating that the court wouldn't even address the correct precedent.
As a result, the court does not give effect to the EULA's arbitration clause, and the case stays in federal court. However, the court's reasoning does put the plaintiff in a box for class certification. Because some members of the putative class may have gone through a process where the EULA was properly formed as a contract, these people would be governed by the arbitration clause and not eligible to participate in this lawsuit. As a result, the court does seem to signal that the class size may have shrunk.
Does Downloading Adware Onto a User's Computer Constitute "Trespass to Chattels?"
The plaintiffs allege that the installation and operation of DirectRevenue's adware constitutes a trespass of the user's computer. The defendants moved to dismiss this claim.
The court acknowledges the paucity of Illinois precedent on the doctrine, but it references other jurisdiction's cases--specifically CompuServe v. Cyber Promotions, AOL v. IMS, Hotmail v. Van$ Money Pie, AOL v. LCGM and AOL v. Prime Data.
Reading this list of cases is like a time warp--none of them are later than 1998! Where's the Hamidi case? (The court does cite the case later, but for a subsidiary proposition). Bidder's Edge? Register.com? Ticketmaster? It's pretty frustrating that the court overlooked 7 years of precedent development.
Working with a 7 year old conception of trespass to chattels, the court rejects the defense's argument that the trespass to chattels doctrine only protects service providers. Instead, the court says, "the cause of action may be asserted by an individual computer user who alleges unauthorized electronic contact with his computer system that causes harm, such as Spyware."
The court explains a little more about what constitutes "causing harm" by noting that the plaintiffs allege that spyware:
* causes significant and cumulative injury to computers
* interferes with the computer usage
* slows down the computer
* uses bandwidth
* increases "Internet use charges"
* depletes a computer's memory
* uses pixels/screen space on monitors [this one is pretty silly]
* requires more energy because slowed computers must be on longer [also pretty silly]
* reduces user productivity
* increases user frustration
Finally, the court gets to its bottom line: "Many companies and computer users consider pop-up advertisements and Spyware an Internet scourge." This does not bode well for the defense.
But many people think spam is a scourge too, yet in Intel v. Hamidi, all of the enumerated factors were true (although maybe not alleged by the plaintiffs) and Intel still lost its claim. It would have been nice for the court to discuss the Intel v. Hamidi precedent. I don't understand how it was overlooked.
As if the court's standards for trespass weren't troubling enough, the court then raises the specter of a new doctrine: contributory trespass to chattels. The advertiser and agency defendants move to dismiss on the basis that they are not liable for DirectRevenue's action. The court's responded by applying the motion-to-dismiss standard liberally. The court says:
"Plaintiff's allegations that aQauntive works 'in cooperation with' DirectRevenue to download advertisements, that AccuQuote utilitizes Spyware to send unwanted advertisements, and that both defendants have access through DirectRevenue to millions of computers for their targeted advertisements are sufficient to" clear the motion-to-dismiss standard.
These defendants also argue they lacked the requisite intent to commit trespass. The court says that they had intent to advertise, which is good enough to survive the motion to dismiss.
These defendants also argue that they caused no recognizable damage. The court finally acknowledges Intel v. Hamidi here, but says that the plaintiff alleged more damages than other precedent. The court specifically references the allegations of "wasted time, computer security breaches, lost productivity, and additional burdens on the computer's memory and display capabilities," although of course the wasted time and lost productivity arguments were specifically rejected in the Hamidi case, and the burdens on the display capabilities is just plain silly.
Negligence for Distributor's Actions
There are other claims and issues addressed in the ruling, but the final point for this post is the negligence claim. The plaintiffs make a general allegation of negligence, and the court says that there were sufficient allegations to avoid a motion to dismiss. DirectRevenue then argues that its distributors, not DirectRevenue, breached any duty.
The court notes the general legal principle that a hiring party is not liable for its independent contractors' negligence. However, the court refuses to dismiss on this ground, citing the plaintiff's allegation that "the Spyware distributors are controlled by DirectRevenue." However, if the plaintiffs cannot produce more facts to show that this control is beyond the typical control exercised by a hiring party in an independent contractor relationship, it seems like the negligence claim has to fail.
The defendants did win a few minor victories. DirectRevenue's holding company was dismissed from the lawsuit for want of jurisdiction, and the claim for unjust enrichment was dismissed. However, the principal claims--including trespass to chattels, unfair/deceptive trade practices and violations of the Illinois Computer Crime Prevention Act--all survived the motion to dismiss. As a result, I think this ruling was a big win for the plaintiffs.
Moreover, the judge signaled in a few places that he was sympathetic to the plaintiff's concerns. While there's plenty of litigation standing between the plaintiffs and a payday, this ruling dramatically increases the odds of the plaintiff's success.
From a precedent standpoint, this case is (as far as I can remember) the first case to say that individual users may have a valid cause of action for common law trespass to chattels claim based on software using their personal computers. While I think this is a logical extension of the trespass to chattels doctrine as articulated in cases like CompuServe v. Cyber Promotions (cited by the court) and eBay v. Bidder's Edge (not cited), the ruling is in tension with the Intel v. Hamidi case (barely cited), which many of us thought effectively wiped out the CompuServe/eBay cases as precedent.
I trust we all can appreciate the floodgates of litigation that may open if undisclosed downloading of software (not just adware) onto a user's computer can support a trespass to chattels claim (if you're having trouble visualizing, just think two words: Flash and Java). We'll have to see if the court puts any better parameters on its thinking at the summary judgment stage.
Suzi's take at ZDNet.
UPDATE: Alex at SunbeltBlog relays some of the plaintiff attorney's comments on the ruling.
Sounds like this case does not satisfy our four part test (See “Browse-wrap Agreements: Validity of Implied Assent in Electronic Form Agreements” (59 Business Lawyer 279 (2003)), in that the user was not provided with adequate notice of the existence of the terms. Some users are never shown the EULA or told of its existence. (Strike One!). Some users get a pop up window that asks them to click "Install" or "Don't Install," but no disclosure that the software contains adware, or of the existence of the EULA. (Strike Two!). And some users are asked to agree to a non-existent "Consumer Policy Agreement," but not the EULA. (Strike Three!). The court's reasoning may be suspect (perhaps because of the procedural posture of the case on a motion to dismiss), but the result is correct.
Posted by: John at September 1, 2005 10:41 PM