hijacking another’s webpage for competing service is bad

Spy Dialer, Inc. v. Reya LLC, 2019 WL 1873296, No. ED CV
18-1178 FMO (SHKx) (C.D. Cal Mar. 18, 2019)
The parties compete in the market for reverse phone lookups.  When a user accessed plaintiff’s Spydialer.com,
malicious computer code allegedly inserted through ads placed by Reya would
cause the user’s browser to automatically scroll down to the bottom of the
webpage, where defendant’s ad was located. The user’s cursor would then be
placed in a search box located within the ad, instead of in the search box for
the Spy Dialer website. The ad’s search box was designed to look similar to Spy
Dialer’s search box. The malicious code allegedly prevented users from
scrolling back up the page to Spy Dialer’s search box. Users who typed a phone
number into the advertisement’s search box were redirected to defendant’s
When Spy Dialer reached out to defendant, a manager claimed
that the malicious code was the result of a “coding error.” Spy Dialer
complained to Google, which conducted an investigation, concluded that
defendant’s ads “constituted a fraudulent business practice,” and banned the ads
from further use.  The ads allegedly
caused Spy Dialer’s website to lose “ranking in Google’s search engine results”
and led to lower traffic and resulting lower ad revenue.
CFAA: Defendant had limited authorization to access Spy Dialer’s
computers, because it submitted ads to platforms which would then place the
advertisements on Spy Dialer’s website. But it allegedly  exceeded the scope of this authorization by
causing the ads with malicious code to be placed on plaintiff’s site. However,
the complaint failed to plead that defendant obtained or altered information on
plaintiff’s computers that it wasn’t authorized to obtain or alter. For example,
there was no allegation that defendant continued to place ads on plaintiff’s
website even after permission had been revoked. “[M]erely submitting
advertisements through Google Ad Services[] does not state a CFAA violation.”
ECPA: 18 U.S.C. § 2511 provides a private right of action
against “any person who … intentionally intercepts, endeavors to intercept,
or procures any other person to intercept or endeavor to intercept, any wire,
oral, or electronic communication[.]” Here, when a visitor attempted to use Spy
Dialer’s website, defendant’s malicious ad would force the visitor’s browser to
automatically scroll to the bottom of the webpage. Even if the user realized
what was happening, the malicious code allegedly prevented them from scrolling
back up to the top of the webpage to use plaintiff’s own search box. This
“captured” and “redirected” traffic intended for Spy Dialer’s website (is that
the same as interception?).  And it was
plausibly alleged to be intentional, in that the code was sufficiently “sophisticated”
that it could not have come about through mistake or error.
California Penal Code § 502 creates liability against an
individual who “[k]nowingly accesses and without permission alters, damages,
deletes, destroys, or otherwise uses any data, computer, computer system, or
computer network in order to either (A) devise or execute any scheme or
artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain
money, property, or data.” “Just as plaintiff’s CFAA claim fails … so too must
those aspects of plaintiff’s § 502 claim which depend on defendant having
accessed plaintiff’s computers.” But 502(c)(3) prohibits individuals from
“[k]nowingly and without permission us[ing] or caus[ing] to be used computer
services.” Subsection (c)(5) creates liability against a person who
“[k]nowingly and without permission disrupts or causes the disruption of computer
services or denies or causes the denial of computer services to an authorized
user of a computer, computer system, or computer network.” Subsection (c)(8)
bars “[k]nowingly introduc[ing] any computer contaminant into any computer,
computer system, or computer network.”
None of those provisions required access to Spy Dialer’s
computers, so those claims survived.
Lanham Act claim: based on defendant’s use of spydialer.org
(as opposed to plaintiff’s spydialer.com)—easily survives, as does an ACPA
However, a false advertising claim under California Business
& Professions Code § 17500 failed. That law makes it unlawful for any
person to “induce the public to enter into any obligation” by making “any
statement … which is untrue or misleading, and which is known, or which by
the exercise of reasonable care should be known, to be untrue or misleading.” The
use of the domain name “Spydialer.org” was not an actionable “statement” in connection
with the ad or the domain name.  This
seems inconsistent with the ordinary meaning of “statement”—when I wear a nametag
labeled “Prof. Tushnet,” I’m stating my name—but there are apparently cases so holding. Sensible Foods, LLC v. World Gourmet, Inc., 2012 WL
566304, *7 (N.D. Cal. 2012) (rejecting false advertising claim after concluding
that a heart symbol “is not a statement”); Parent v. MillerCoors LLC, 2015 WL
6455752, *7 (S.D. Cal. 2015) (“MillerCoors’ use of the BMBC trade name on the
label is not a ‘statement[.]’ ”).
But state law unfair competition claims survived under §
17200, since the “ultimate test for unfair competition is exactly the same as
for trademark infringement.”
However, there was no actionable conversion of web traffic.  In the Ninth Circuit, “First, there must be
an interest capable of precise definition; second, it must be capable of
exclusive possession or control; and third, the putative owner must have
established a legitimate claim to exclusivity.” Though web traffic is “an
interest capable of precise definition,” in that web traffic consists of the
number of Internet users who accessed a particular website within a given time
frame, it is not “capable of exclusive possession or control.” Unlike domain
names, “web traffic is distinctively ephemeral. Indeed, even the parties that
posted non-malicious banner advertisements on Spydialer.com were no doubt
hoping to redirect a portion of plaintiff’s web traffic from plaintiff’s
website to theirs.”
Fraud claims also failed because there was no allegation
that the plaintiff reasonably relied
on the ad, as opposed to third parties. 
A negligence claim survived, though, based on defendant’s denial of
intentional conduct.

from Blogger http://bit.ly/2GO2m0k

This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s