eBay Cracks Down on Cookie Stuffing–eBay v. Digital Point Solutions

By Eric Goldman

eBay, Inc. v. Digital Point Solutions, No. 5:08-cv-04052-PVT (N.D. Cal. complaint filed Aug. 25, 2008)

It is exceedingly rare for marketers to sue affiliates who are trying to game their affiliate programs. I’m sure there have been other lawsuits, but frankly I’m drawing a blank. (The only relevant precedent that came to mind was Google’s tepid enforcement actions in 2004/2005 against click frauders–see Google v. Auction Experts and US v. Bradley). [Update: A reader reminded me of Land’s End v. Remy, which is an on-point precedent.] The more typical remedy when commission fraud is taking place is to cancel any unpaid commissions and write off the rest as a cost of doing business (or an uncollectible painful lesson). But if someone gamed the system big–I mean, really big–maybe it would be worth hiring fancy and very high-priced counsel to go see what they might be able to retrieve…

eBay isn’t saying how much it got taken for by the defendants in the case. The complaint was conspicuously silent on that juicy detail. However, the amount appears to be enough that eBay hired the premium law firm O’Melveny & Myers for a glorified collections effort. Either that, or eBay has decided to send a remarkably expensive message to other potential fraudsters.

The complaint alleges that the defendants engaged in a cookie stuffing campaign to hijack commissions through Commission Junction. Cookie stuffing occurs when a fraudster places a cookie on a third party computer that will cause the fraudster to get paid a commission that the fraudster didn’t earn legitimately by doing the things that the marketer wanted to pay for. In this case, eBay alleges that the defendants used a clever technical exploit to put cookies on users’ computers even though the users had not seen the requisite ads. The complaint also alleges that the defendants deployed some tricks to cover their tracks, like deliberately not cookie-ing computers in San Jose and Santa Barbara, the homes of eBay and Commission Junction respectively, to keep employees of those companies from spotting the marauding cookies.

If in fact the defendants engaged in cookie stuffing, I hope eBay nails them. However, I must say that some of eBay’s legal arguments made me nervous. eBay’s alleged causes of action include:

* CFAA (18 USC 1030). The allegation is that presenting a bogus cookie to eBay’s servers was a misuse of the servers. Hmm…

* fraud. Similarly, the allegation is that the defendants caused web users to make a misrepresentation to eBay’s servers by presenting a bogus cookie. Hmm again…

* CA Penal Code 502. There are very few cases interpreting 502, which isn’t necessarily a bad thing because the statute is so broadly over-inclusive that everyone violates it routinely. Here, it looks like the lawyers weren’t quite sure how to fit cookie stuffing into the statute. Take a look at para. 60 and let me know if you agree that this is an odd pleading.

* a civil RICO conspiracy claim. Given that eBay is being sued for RICO claims in the Mazur case (and, I’m sure, others), I would think eBay would want to avoid building new legal precedent that could be applied against them in other cases.

Reading the list of causes of action, I was surprised that there wasn’t a more squarely applicable cause of action that governed cookie stuffing (however, I will confess, none came to mind as I drafted this post). Maybe this is due to the fact that eBay rather than Commission Junction is the plaintiff. If there isn’t a better cause of action, then perhaps there is a hole in the law. However, I’m keeping my fingers crossed that a judge won’t bastardize existing legal doctrines to plug it.