Class Action for Misleading Pop-up Ads Against McAfee Survives Motion to Dismiss — Ferrington v. McAfee

[Post by Venkat]

Ferrington v. McAfee, Case No. 10-cv-01455-LHK (N.D. Cal. Oct. 5, 2010)

There have been a few rulings involving class actions from customers alleging that an online merchant partnered with a third party who improperly piggybacked on to the merchant’s transaction (and in the process the customer ended up buying something he or she did not want to purchase). (See In re: Easysaver Rewards Litigation — Internet Rewards Program Class Action Survives Initial Motion to Dismiss and Fifth Circuit Blesses Vistaprint’s Rewards Program Sign-Up Process.) Congress is taking a look at these types of practices and New York’s Attorney General has settled with several companies who allegedly engaged in these types of practices. A lawsuit against McAfee alleging similar claims recently survived a second motion to dismiss.

Background: As alleged by the plaintiffs, McAfee, the computer security software seller partnered with

Arpu . . . a company that places online advertisements that enable consumers to purchase products ‘with a single click, using credit card information already on file’. . . . Arpu partnered with McAfee to place ads on McAfee’s website that would appear after a customer completed a purchase of a McAfee product. If a customer chose to subscribe to the product or service offered in the Arpu ad, McAfee transmits [the customer’s] billing information to Arpu for use in the purchase of the Arpu product. . . . . After [plaintiffs] completed their transactions, but before they downloaded the McAfee product, an Arpu pop-up ad appeared on their computer screens with the button reading ‘Try it Now.’ Believing that clicking on ‘Try it Now’ would download the McAfee software they had just purchased, plaintiffs clicked on the button. They later learned that clicking on ‘Try It Now’ authorized McAfee to transfer their billing info to Arpu, enrolled them in a 30-day free trial of a non-McAfee product called PerfectSpeed, and authorized Arpu to charge them a $4.95 monthly subscription fee after the expiration of the free trial period.

Plaintiffs brought claims under California’s unfair competition law and the California Consumer Legal Remedies Act, along with a few other claims.

The Court’s Ruling:

Screenshots: As an initial matter, McAfee tried to rely on screenshots of the online sign-up process and have these screenshots judicially noticed. Predictably, the court declines McAfee’s offer, because among other things, McAfee itself admitted that it “recreated the image Plaintiffs would have seen . . . [since] the pop-up [ads at issue were] no longer running.” [emphasis added] Plaintiffs also disputed McAfee’s representation that the ads were identical to what the plaintiffs saw during the purchase process. McAfee also tried to rely on documents from Arpu (e.g., terms of use, purchase confirmation emails, etc.). This request suffered the same fate, because among other things, McAfee failed to provide an explanation of the source of the documents. (Even if McAfee explained where they came from, these documents were not properly subject to judicial notice. They would have been contested anyway, so I’m not sure why McAfee thought it could have the court judicially notice these documents.) As in the Easysaver Rewards case, plaintiffs requested the court to judicially notice a Senate Report titled “Aggressive Sales Tactics on the Internet and their Impact on American Consumers,” and two similarly themed FTC reports. The court acknowledged that these reports were prepared, but did not take notice of the findings and opinions contained in those reports.

Unfair Competition Claim: McAfee initially argued that plaintiffs could not obtain damages under 17200 since they had not paid McAfee any money – i.e., plaintiffs paid money to Arpu which plaintiffs were improperly trying to recover from McAfee. The court rejects this argument, concluding that if plaintiffs had paid money to a third party as a result of McAfee’s unfair trade practices, plaintiffs could recover this money as restitution, even though they paid it to a third party. It was not lost on the court that McAfee and Arpu likely had some sort of financial arrangement pursuant to which Arpu would pay McAfee amounts for customers that clicked through.

As far as the merits were concerned, the court looked to two tests for evaluating plaintiffs’ 17200 claim that McAfee engaged in an “unfair” trade practice: (1) the amorphous balancing test (where the harm to the consumer is balanced against the utility of the defendant’s practice) and (2) the test that looked to whether the defendant’s conduct was unfair in light of public policy “tethered” to an actual law or statutory provision that was intended to carry out public policy. With respect to the tethering test, the court found that plaintiffs could not point to any statute or rule to which they could tether their unfairness claim. However, the court found that plaintiffs could assert a claim under the balancing test. Here the court balanced the harm to the plaintiffs from the allegedly misleading statements against the utility of the advertising by McAfee. Surprisingly, the court seemed to struggle with the balancing, in light of the purported utility of pop-up ads. Not shockingly, McAfee could not argue that pop-up ads served a useful purpose, beyond pointing out that the pop-up ads were useful in the same way that any garden variety advertisement was “useful.” [I’m not sure who will testify on McAfee’s behalf that this is actually the case, but I’m sure some internet user exists out there somewhere that can testify to this.]

Plaintiffs also asserted a claim under the “unlawful prong” of 17200, which allows plaintiffs to borrow from other statutes and use violations of these other statutes to support a 17200 claim. The court held that a plaintiff could assert a 17200 claim based on a Lanham Act violation because the Lanham Act cases do not reflect an intent to bar an independent private right of action. Nevertheless, the court held that the plaintiffs did not adequately state a claim here, because the plaintiffs had not alleged “the existence of a valid and protectable mark that is being used [by McAfee] without authorization.” Plaintiffs also asserted that McAfee engaged in an unlawful trade practice alleging that McAfee violated the Consumer Legal Remedies Act.

CLRA Claim: The CLRA prohibits unfair practices undertaken in the context of a transaction involving the “sale or lease of goods or services.” McAfee argued that the CLRA did not apply because the McAfee transaction involved software which is not a good or service covered by CLRA. As McAfee notes, the CLRA defines goods as “tangible chattels.” McAfee analogized software to insurance and credit, which courts have previously held are “intangible chattels,” and not covered by the CLRA. McAfee also cited to secured transaction provisions of California’s version of the Uniform Commercial Code, which defines “general intangibles” to include software and which exclude computer programs from the definition of “goods.”

The court noted the mixed authority on this issue but ultimately concluded that “the software [plaintiffs] purchased is not a good covered by the CLRA.” The court additionally concluded that software “generally is not a service for purposes of the CLRA.” (CLRA defines service as “work, labor, and services . . . including services furnished in connection with the sale or repair of goods.”) In addition, the court rejected plaintiffs’ argument that the particular subscription provided by Arpu should be considered a service, on the basis that plaintiffs had not alleged “sufficient facts as to the nature of the services provided by [Arpu] to allow the court to draw that conclusion.” The court granted plaintiffs leave to allege this in an amended complaint.


My first reaction is . . . what the heck were McAfee’s marketing folks thinking signing up Arpu’s services? McAfee, as a provider of computer security software, offers a third party’s product that customers are prompted to purchase through a pop-up ad at the point of sale? Worse yet, McAfee allegedly transferred the plaintiffs’ credit card information to a third party based on plaintiffs’ assent to terms that were vaguely displayed in a pop-up ad? As detailed in the post about Vistaprint, a robust disclosure may insulate an internet merchant who refers its customers to a rewards program at the point of sale, but the plaintiffs’ allegations (and the dispute as to the terms that were presented to the consumers) easily take this case outside this category. Again, setting aside the legal issues, where – other than out to lunch – was McAfee’s brand manager in this transaction? McAfee bills itself as a company who makes available products to protect consumers from shady websites and software, but taking plaintiffs’ allegations as true, isn’t McAfee engaging in the very conduct that its services are designed to protect against? Regardless of how the lawsuit pans out, plaintiffs’ allegations put McAfee and its brand in an uncomfortable spot.

The case offers teaching similar to Vistaprint and Easysaver: if you are going to inject a third party transaction in the context of an online sale, your documentation better be bulletproof and should make crystal clear to the consumer that a third party is involved. And if you are going to seek judicial notice, the online terms have to be truly indisputable. The court in this case contrasts Vistaprint by noting that in Vistaprint, (1) customers were required to enter their email addresses, (2) the pop-up offer terms were presented in close proximity to where consumers had to enter their email addresses, and (3) the ads in Vistaprint “clearly identified the third party receiving” the billing information from Vistaprint. Regardless of the disclosure, the whole “transferring a customer’s payment information to a third party” sounds like a practice that internet merchants may want to steer clear of.

I’m not sure what to make of the Lanham Act ruling, but the CLRA ruling is interesting. Article 2 of the UCC contains a broad definition of goods, and software (particularly off-the-shelf software) has been classified as a good for Article 2 purposes. A finding that this type of software is not subject to the CLRA certainly narrows the scope of remedies available to consumers, but is defensible in light of the narrow definition for goods employed by the CLRA. (“Goods” are defined as “tangible chattels,” and “services” are defined as “work, labor and services . . . ” under Cal Civ. Code §§ 1761(a) and (b).)