California Appeals Court Says Company Can Be Held Liable For Spam It Didn't Write Or Know About
from the that-doesn't-make-any-sense dept
In a ruling that Eric Goldman correctly refers to as “divorced from reality,” a California Appeals court has ruled that two advertising firms can be held liable for actions done by their affiliates (and sub-affiliates). In this case, these sub-affiliates sent out spam, advertising things on behalf of the defendants in the case. There were a few legal questions raised by the case, including yet another attempt to see if CAN SPAM really pre-empts state anti-spam laws, which are interesting, but which we won’t discuss right now. Instead, I wanted to focus on that one key issue of putting the blame on a company for what a third party does.
This is a key point that we’ve been raising a lot around here lately, as more and more people look to blame third parties, often because it’s (a) easier and (b) those third parties have more money. While I recognize that we all get annoyed by spam, a ruling of this nature is completely misdirected. It means that if you want to get a company in trouble, just send spam advertising their stuff to California residents. Now those firms are liable for your statements even if it had no idea that you were doing this. Goldman warns that this ruling will “generate lots more of wasteful profit-seeking litigation.”
Both Venkat and Eric in the link above question how this ruling could survive a Section 230 analysis — which should present a perfectly valid safe harbor for the two firms in question. It’s not clear if either firm even raised a Section 230 defense, but even without that, I’m troubled by the fact that the court didn’t seem to comprehend that it was blaming a company for actions of someone they have no control over. The court — incorrectly — claims that this could lead to “take a more active role in supervising” actions of affiliates, but as Eric points out, the strict liability standard put forth by the court means that no matter how active a role they take, if one spam message slips through, they’re still liable. That doesn’t lead to a more active role in supervising, it leads companies to dump such programs altogether:
Because of strict liability, even advertisers who undertake substantial efforts to police their affiliate network ARE STILL LIABLE FOR ANY PROBLEMS CREATED BY AFFILIATES. Maybe the court got confused about what it meant to impose STRICT LIABILITY. In reality, many advertisers won’t rely on affiliates at all if they are strictly liable for what they do. I bet this court would view that as a perfectly fine outcome, but the it’s disingenuous to say that strict liability will ratchet up the policing effort. A negligence standard might have done that; strict liability squashes the endeavor altogether.
This is definitely a worrisome trend, as we’ve seen a growing number of courts get tripped up on ideas surrounding third party liability, not recognizing the consequences of those rulings.
Filed Under: california, liability, spam
Comments on “California Appeals Court Says Company Can Be Held Liable For Spam It Didn't Write Or Know About”
101 reason to kill all lawyers cute comics …
Easy Solution:
Make court a ‘no win’ situation.
Where, even if you “win” you will never be awarded anything–the other party will simply be fined and the money going to the public’s (publics’ ?) coffers. You still pay your own lawyering fees, win or lose. The only sidereal exception would be cases in which there is demonstrable physical harm to person and/or property; in which case the defendant would pay for the “repairs” thru the court; with the plaintiff never seeing a dime and having no opportunity whatsoever to seek kickbacks via 3rd party contractors…
Such a change would bring about a rapid decline in bullshit “give me money” lawsuits. IMHO anyways.
They're still affiliates
I think your summary suffers from a bit of hyperbole … just sending stuff to Cali residents wouldn’t be enough. Affiliates benefit (short term) from sending spam, and the parent company (companies) have agreements and financial information for the offenders. The root company is not prevented from taking action to recoup costs from the offending affiliate (in fact, they should be encouraged to).
Holding root vendors liable does two things. First, it prevents vendors from affiliate hopping?that is, moving from one badly behaved affiliate to another. Second, if provides consumers, who typically have less relative power in these adversarial relationships, with an easy to identify entity that should hold some responsibility in solving the problem of spam. Tracking down vendors is easy; just follow the credit card payment. Tracking down spammers is hard (and often impossible, due to overseas connections).
I don't see this as a problem.
I don’t see this as a problem.
Normally I agree with you Mike, but I don’t see this as a problem. If they were not liable, any company could just go to a spamming affiliate and say “oh, don’t spam – nudgenudge, winkwink” and be off the hook.
As it sits, it will make sure that companies do business with responsible advertisers and avoid fly-by-nights, which is a win for everybody.
The bit about “blaming third parties” is silly – because the companies in question are not third parties. They are paying the spammers to advertise their products. If they don’t do due dilligence when they select their advertisers, it’s entirely their fault.
If they were held responsible when someone joe-jobs them, you might have a point, but this is not the case.
Well Then
I am holding you [Mike] responsible for my lack productivity at my office. Based on that ruling I do not see it as that far of a stretch. You write about interesting topics and thereby gain my attention at work far more than you should. You can expect a harshly worded e-mail later today!
Extreme Hyperbole
First of all, this is on DECEPTIVE headers and subject lines, so there is already a wrong and a violation of the I-CAN-SPAM Act.
Second, under 17529.5, there is a provision for reduction of damages, if there are preventative measures in place.
Third, the reality is that most companies that hire spammers will have a policy prohibiting it, but do nothing to enforce that policy. In a case that I am litigating, the Defendants David Szpak and Emmanuel Gurtler decided not to check any of their affiliates, accept defaults judgments on prior lawsuits (totaling over $300k USD). Even after the judgments were satisfied by seizing monies from accounts, they never bothered sending an e-mail or making a phone call to the plaintiffs in those cases to ask which affiliate.
Fourth, in my current litigation, one of the identified affiliates is Yambo Financials (listed on ROSKO since 2004 and associated with Child porn and fake canadian drugs), which turned out to have 17 different affiliate IDs that shared banking/epassport accounts. In fact, Gurtler claimed that once they learned of this, they terminated this “affiliate” but that was a lie, and they didn’t terminate all 17 different aliases for this “affiliate.”
OTOH, this is exactly how companies get away with fraud and corruption. If they’re found out, they say they didn’t know their employees, departments, subcontractors, etc, did anything, so they’re not liable. So they fire a scapegoat. Have we reached a point where we don’t want to hold companies responsible for anything?
I see your point, Techdirt, but I often think you don’t see both sides of an issue. You seem to think business is inherently good, and the bad stuff is just an aberration. It’s the other way around.
The Junk fax law did not cause the sun to explode.
The TCPA in regards to junk faxes is also a strict liability statute. See Park Univ. Enters., Inc. v. Am. Cas. Co. of Reading, PA, 314 F. Supp. 2d 1094, 1103 (D. Kan. 2004) (?The TCPA is essentially a strict liability statute? where liability can be found for erroneous unsolicited faxes).
The law is well known and has been around since the 90s that if you hire someone who sends junk faxes, you are liable. I can also spoof faxes, but I have not heard much of that.
If I contact a known criminal and suggest very strongly that it would be great if my ex-wife disappeared, oh, and here’s $50,000 for “consulting services”, I should damn-well be held accountable for what happens.
I don't see this as a problem.
You hit this one exactly right. Many online marketing companies use “affiliates” to do their dirty work, knowing all along what is happened and how the traffic is sourced.
In some cases, I have seen affiliate programs who create phantom accounts, and use those accounts as spam landing pages. When someone complains, they “term” the “rogue affiliate” out of the program, and create a new account for spamming. Oh yeah, they still take all the traffic generated by the same, they just tell people they got rid of that horrible (non-existant) affiliate.
I also agree that TD is on a man run against “third party” stuff this month, but this clearly isn’t third party. They are directly in line, not some sideline of the process.
A complete TD fail this time around.
Re:
ssssssssssttttttttttttrrrrrrrrrrrrreeeeeeeeeeeeeettttttttttccccccccccccccchhhhhhhhhhhhhhhh! *SNAP
I think you took that one a little too far.
This seems parallel to the more generic question of “if a subcontractor breaks the law” who is liable.
For example, what would the law say about a sub-contractor collecting receivables who breaks the law in the process (ex: breaks a guys arm). I suspect it would depend if the parent company asked them to do that or had prior knowledge of the practices used.
Perhaps there is special consideration given the parent company is deeply familiar with the work the sub-contractor is performing.
Civil Discourse
What happened to civil and rationale discussion for resolving differences of opinions? Given good rationale logic those who have crossed the invisible line of appropriate social behavior will agree to reform! After all everyone benefits through peaceful enlightened coexistence. (Don’t believe a word of what I just wrote.)
I’m sorry I don’t understand the problem with a company being responsible for the actions an affiliate takes in its name. Unless you worded the results incorrectly. Your summation that you can get a company in trouble by sending out a bunch of spam in someone elses names to a bunch of California residents. All this will do is make you liable for the spam and the defamation of character of the firm you are attempting to get in trouble. To actually make your scenario work it would in effect have to be done through the means of a long con, win your way into their association, become affiliated with them and THEN send out a lot of spam. However at this point your company would likely be worth something, and there would likely be contractual clauses stating penalties for this scenario.
Civil Discourse
What happened to civil and rationale discussion for resolving differences of opinions?
Good question. At least part of it is the rise of ‘ownership culture.’ Weirdly, it works in two directions. You can own what has been done before you (e.g., most everyone for the last fifty years,) and you can be forced to own what has been done after you (e.g., the above.)
I can’t make sense of this mess.
Re:
not really
I don't see this as a problem.
“Many online marketing companies use “affiliates” to do their dirty work,…” The use of “affiliates” and “Partners” is a major scam in-itself.
Recently we received letters printed on university stationary signed by a university administrators that were nothing more than sales brochures. It is not an appropriate activity for our educational institutions. While not as egregious as spam, those in marketing seem to lack any moral restraint in separating you from your money. Dilbert Cartoon
Hmm
I might start sending out spam on behalf of the judge. See who he considers liable then….
Techdirt
Typical Masnick Friday post. He doesn’t care about the law, his only goal is to further his pro-spam agenda.
/sarc (as the kids say nowadays)
Civil Discourse
“What happened to civil and rationale discussion for resolving differences of opinions?”
When dealing with children jumping up and down, half of whom are yelling the sky is falling, the other half yelling mine, mine, mine. There can be no rational discourse.
Ah, it was the anti-spammer trying to make them look bad defense
Or was it space aliens?
Valueclick did not deny that it was their affiliates that were responsible.
Most o the time, spammers blame others, anti-spammers, terminated affiliates, or competitor trying to make them look bad.
Years ago, the lawyer for Scott Bradley claimed it was an anti-spammer trying to make him look bad. He is in prison for another year for illegal spamming.
With all due respect, it is part of having a business to MONITOR THE COMPANIES WHO YOU ARE DOING BUSINESS WITH so that things like this do not come back to bite you in the ass.
I am getting tired of companies saying “WE ARE NOT RESPONSIBLE!” when someone who they are doing business with does something bad that they are directly or indirectly PAYING THEM FOR.
The Junk fax law did not cause the sun to explode.
It also didn’t keep junk faxes from coming to my office on a weekly basis….
The Junk fax law did not cause the sun to explode.
I remember back before the TCPA there were a lot more, 10 or 20 a day.
There is a simple solution, track down a few, haul them into court for $1,500 each.
Extreme Hyperbole
IANAL so take this with as much salt as necessary, but isn’t the main problem raised here the application of a strict liability standard vs. negligence? Negligence should still catch those using sham affiliates or not checking up on their affliliates at all.
Extreme Hyperbole
First of all, this is on DECEPTIVE headers and subject lines, so there is already a wrong and a violation of the I-CAN-SPAM Act.
Fair enough. Go after those sending the spam then.
Second, under 17529.5, there is a provision for reduction of damages, if there are preventative measures in place.
Still, why not go after those actually responsible?
Third, the reality is that most companies that hire spammers will have a policy prohibiting it, but do nothing to enforce that policy.
As others noted, why not use a negligence standard then, rather than strict liability?
Fourth, in my current litigation, one of the identified affiliates is Yambo Financials (listed on ROSKO since 2004 and associated with Child porn and fake canadian drugs), which turned out to have 17 different affiliate IDs that shared banking/epassport accounts. In fact, Gurtler claimed that once they learned of this, they terminated this “affiliate” but that was a lie, and they didn’t terminate all 17 different aliases for this “affiliate.”
In which case negligence could work, right?
Easy Solution:
true, on the other hand it would also lead to an increase in situations where the judge rules based on which party losing will put more cash into the coffers… not exactly just… possibly still an improvement though… possibly.
Re:
“didn’t know their employees, departments, subcontractors, etc, did anything, so they’re not liable. “
This is why we have Discovery.
Re:
Except, isn’t it the judges who are to blame for handing down idiotic verdicts, and in the case of idiotic verdicts reflecting the law shouldn’t blame lie with lawmakers.
Extreme Hyperbole
Mike, what does the word “Affiliate” mean to you?
To me, it means that the affiliate is not a strict third-party to the plaintiff.
Extreme Hyperbole
There is no “negligence standard.” Negligence is, 1. there is a duty, 2. there is a breach of that duty, 3. there is harm that resulted in the breach of that duty. This reaches the employee or contractor when acting within scope of the employment. Telling the employee, don’t break traffic laws or don’t get into an accident does not insulate from that liability.
CAN-SPAM liability, for an ISP, is either knew or consciously avoided knowing which is a very difficult standard. Defendants in my case claim to enforce their program. However, when asked to produce documents of such Emmanuel Gurtler and David Szpak said, “We don’t keep such records.” Not only that, they had programmed their web sites to rewrite the URL so that their spam victims cannot identify the affiliate who sent the spam (unless they watch http headers.)
There are two rules when dealing with spammers and their attorneys: 1. Spammers lie, 2. when a spammer says something see rule one. Or in other words, when do you believe a liar?
I wonder when they will go after labels and studios making them liable for all those things they release this should be a gold mine for the government.
Also there are the publishers of books, magazines and others that are now liable for what others use their platforms to do.
I am curious what the term “affiliate” really means in this situation. In many business contexts “affiliates” is used almost synonymously with “subsidiaries”, and it may (note…only may) be that the doctrine of Respondeat Superior is a legitimate and compelling basis for imposing liability.
So all of the spam I get that mentions banks, ebay, or the latest – direct buy I can sue over?
Oh wait – not under that decision. 🙁 I live elsewhere.
As someone who has to work with “affiliate marketing” dirtbags on a daily basis, I fully support this ruling.
Companies need to be responsible for the actions of their affiliates, whether it’s spam, affiliate-link-laden autoblogs, or whatever other sleazy dealings they think will make them money. We’re not talking about honest people working in earnest here. We’re talking about lazy, entitled, “screw over whoever you can to make a buck” scum who are basically destroying the internet to push their hostgator affiliate pages and “squeeze pages” for clickbank ebooks.
If you don’t believe me, look up some characters like Alex Goad, Wilson Mattos, Jason Fladlien, Build-A-Niche-Store, or just google “make money from home”. If there were more rulings like this, these people would be forced back to working real jobs…
About Span
This anti spam ruling is way out of line with span filters why is spam such a big deal anyway.This is just another way for goverment to get in the way of small business.