Does The FTC Get To Ignore Section 230 Of The CDA?

from the apparently dept

I've often joked that the FTC and state AGs choose to live in a fantasy world where Section 230 doesn't exist. A new ruling from the Second Circuit has turned my joke on its ear, suggesting that my underlying fears -- of a Section 230-free zone for consumer protection agencies -- may have become our dystopian reality.

The Opinion

The case involves weight loss products, including colon cleanses, vended by LeanSpa. To generate more sales, LeanSpa hired LeadClick to act as an affiliate marketing manager. LeadClick coordinated promotion of LeanSpa's products with LeadClick's network of affiliates. Some affiliates promoted the products using fake news sites, with articles styled to look like legitimate news articles and consumer comments/testimonials that were fake. Apparently, all of this added up to big business. LeanSpa paid LeadClick $35-$45 each time a consumer signed up for LeanSpa's "free" trial (which was a negative billing option). LeadClick shared 80-90% of these sign-up fees with affiliates and kept the remainder for itself. In total, LeadClick billed LeanSpa $22M, of which LeanSpa paid only $12M. Still, LeanSpa turned into LeadClick's top customer, constituting 85% of its eAdvertising division's sales.

The court summarizes the key facts about LeadClick's role in the fake new sites scheme:

While LeadClick did not itself create fake news sites to advertise products…it (1) knew that fake news sites were common in the affiliate marketing industry and that some of its affiliates were using fake news sites, (2) approved of the use of these sites, and, (3) on occasion, provided affiliates with content to use on their fake news pages.

The court also notes that LeadClick occasionally bought ads on legitimate news sites to promote fake news sites in its affiliate network.

The FTC's Prima Facie Case

The FTC alleged that LeadClick engaged in deceptive practices. LeadClick responded that it didn't do any deceptive practices itself; if anyone did, it was its affiliates. Extensively citing the Ninth Circuit's FTC v. Neovi ruling from 2010 (an unfairness case, not a deception case, but this panel ignores the difference) and a subsequent 11th Circuit case (FTC v. IAB Marketing Associates), the Second Circuit concludes that "a defendant may be held liable for engaging in deceptive practices or acts if, with knowledge of the deception, it either directly participates in a deceptive scheme or has the authority to control the deceptive content at issue."

In the Neovi case, the defendant Qchex had an online check-creation tool that fraudsters used to create and send bogus checks. The court held that Qchex engaged in unfair practices when it printed and then delivered the bogus checks to recipients. But here, LeadClick never "delivered" anything. Indeed, LeadClick argued that the legal standard conflates direct liability with aiding/abetting liability. The Second Circuit disagreed, saying a defendant who "allows the deception to proceed" thus "engages, through its own actions, in a deceptive act or practice that causes harm to consumers."

I'm not a philosopher, but to me, "allowing" a third party to commit misconduct is a bizarre and overly expansive way of defining *direct* liability. Once this court makes this doctrinal cheat, LeadClick didn't have a chance. Applying the legal standard to LeadClick:

  • knowledge. "LeadClick knew that (1) the use of false news pages was prevalent in affiliate marketing, and (2) its own affiliate marketers were using fake news sites to market LeanSpaʹs products."
  • "direct participation in the deceptive conduct." LeadClick satisfied this standard by "recruiting and paying affiliates who used fake news sites for generating traffic, managing those affiliates, suggesting substantive edits to fake news pages, and purchasing banner space for fake news sites on legitimate news sources."
  • "ability to control." LeadClick ran an affiliate network that included fake news sites. "As the manager of the affiliate network, LeadClick had a responsibility to ensure that the advertisements produced by its affiliate network were not deceptive or misleading." I thought the legal standard required
    "ability," but the court tautologically uses the term "responsibility" to satisfy this element. Also note that the court's legal standard ("has the authority to control the deceptive content at issue") sounds a lot like principal-agency liability, but the court doesn't say or imply that LeadClick had a principal-agency relationship with affiliates. Apparently the court is applying some kind of agency-lite liability.

Finally, the court says that LeadClick's intent to deceive consumers is irrelevant; "it is enough that it orchestrated a scheme that was likely to mislead reasonable consumers."

Section 230

Because of the court's intellectual corner-cutting that LeadClick committed a "direct" violation of the FTCA, the Section 230 immunity was already doomed. This is consistent with the Neovi case, where Section 230 didn't even come up even though all of the fraudulent content was provided by third parties. Even though Section 230 doesn't apply to a defendant's own legal violations, the court unfortunately decides to muck up Section 230 jurisprudence anyway, apparently for kicks.

I believe this is only the second time that the Second Circuit has discussed Section 230. The prior case was GoDaddy's undramatic 2015 win in Ricci v. Teamsters, issued per curiam. Oddly, this panel doesn't cite the Ricci case at all -- not even once. The opinion simply says "We have had limited opportunity to interpret Section 230" without referencing the Ricci case by name. I'm baffled why this opinion so deliberately avoided engaging the recent and obviously relevant Ricci precedent…? Could it be that Ricci would have forced the panel to reach a different result or clearly created an intra-circuit split? Is there some kind of behind-the-scenes politics among Second Circuit judges? I welcome your theories.

The court runs through the standard 3 prong test for Section 230's immunity:

  1. provider/user of an interactive computer service (ICS). The court correctly says "Courts typically have held that internet service providers, website exchange systems, online message boards, and search engines fall within this definition." (What is a "website exchange system"?). Then the court goes sideways, saying it is "doubtful" that LeadClick qualifies as an ICS because it acts as an affiliate manager that doesn't provide access to servers.

    LeadClick argued that it provided affiliate tracking URLs and recorded activity on its server, but the panel responds that LeadClick didn't cite any cases applying Section 230 in similar contexts. The court continues that LeadClick's tracking service "is not the type of service that Congress intended to protect in granting immunity" because "routing customers through the HitPath server before reaching LeanSpaʹs website[] was invisible to consumers and did not benefit them in any way. Its purpose was not to encourage discourse but to keep track of the business referred from its affiliate network."

    Say what? Affiliate programs are just another form of advertising, so like other advertising programs, they help compensate publishers for creating and disseminating their content. We may not want this particular content (fake news sites touting dubious weight loss products). Even so, affiliate programs do support discourse, and the court's denigration of affiliate programs' speech benefits is unfortunate and unsupportable. More generally, the court seems to be marginalizing the speech benefits that third party vendors give to publishers, which is obviously misguided when vendors help publishers conduct their business more efficiently. I hope other courts don't apply a "discourse promotion" threshold for applying Section 230.

    We rarely see cases turn on the ICS prong, so it's really shocking to see the court go there -- especially when it eventually expressly punts on the issue, making this discussion dicta.

  2. content provided by another information content provider (ICP). The court cites Accusearch for the proposition that ICP "cover[s] even those who are responsible for the development of content only in part,ʺ but then adds a "defendant, however, will not be held responsible unless it assisted in the development of what made the content unlawful."

    The court says LeadClick "participated in the development of the deceptive content posted on fake news pages" because it recruited affiliates knowing some had fake news sites, paid them, occasionally advised them to edit content, and bought ads on legitimate news sites. In other words, the court cites the exact same evidence of LeadClick's prima facie liability as evidence of its lack of qualification for Section 230. This is just another way of saying that once the Second Circuit treated LeadClick as a direct violator of the FTCA, LeadClick had no chance of qualifying for Section 230.

    Notice that none of the cited facts actually involve content "creation" by LeadClick, so the court apparently assumes content "development" covers other activities -- but doesn't say what that term means.

    The court continues: "LeadClickʹs role in managing the affiliate network far exceeded that of neutral assistance. Instead, it participated in the development of its affiliatesʹ deceptive websites, ‘materially contributing to [the contentʹs] alleged unlawfulness.'" What does "neutral assistance" mean, and how does that relate to Section 230 immunity? I assume all future plaintiffs in the Second Circuit will claim that the defendant provided "assistance" to the content originator that wasn't "neutral." That should be fun.

  3. treated as publisher/speaker. The court pulls the same trick with this prong, i.e., LeadClick was facing direct liability due to its own misconduct and citing evidence from the prima facie case as disqualifying evidence for this prong.

Further Implications

As we all know, no business wants to litigate against the FTC in court. Not only do the FTC's litigation resources dwarf those available even to large defendants, but judges give the FTC extra credit as the voice of consumers. This case highlighted how the Second Circuit bent plenty of legal doctrine to get the FTC its win. Future defendants who want to fight the FTC in federal court, take note. This kind of doctrinal distortion happens far too frequently in FTC cases, so it would be a mistake to treat it as an unlikely-to-repeat accident.

There is so much unnecessary bad stuff here for Section 230 jurisprudence in the Second Circuit. Plaintiffs can find plenty of mischief in the court's discussion about what qualifies as "interactive computer services," "neutral assistance" and "development." Yuck.

In a footnote, the court says the analysis would be the same under Connecticut's UTPA. This suggests that state AGs could similarly establish a prima facie "direct" violation against defendants like LeadClick per their state unfair competition laws without running afoul of Section 230 either. I expect we'll see this case cited extensively by state AGs in future enforcement actions.

Section 230's year-of-woe keeps going. I'm ready for 2016 to be over. Perhaps the Section 230 pendulum will swing back towards defendants in 2017.

Republished from Eric Goldman's Technology & Marketing Law Blog

Filed Under: cda 230, ftc, second circuit, section 230
Companies: leadclick, leanspa


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Peter, 28 Sep 2016 @ 2:08pm

    Not sure how 230 is relevant here...

    I'm not seeing how Section 230 is relevant here. Just like not every limitation on free speech is a first amendment violation, not every online interaction automatically confers immunity under section 230.

    In this particular case, I think it's extremely relevant that LeadClick was paying its affiliates for generating LeanSpa signups. That means LeadClick has the ability to direct and influence the behavior of its affiliates, and makes those affiliates agents (at some level) of LeadClick.

    So when the affiliates misbehave, and LeadClick knew (or should have known) about the bad behavior, they have to take some of the heat.

    In a situation like this, where a company is paying someone to lie and mislead on its behalf, they can't hide behind the fiction that "it wasn't us, it was our affiliates." Section 230 is intended to shield companies from being liable for behavior they have no control over, not to give bad actors a convenient way to push legal liability onto a third party for things done on their behalf.

    reply to this | link to this | view in chronology ]

    • icon
      Whatever (profile), 29 Sep 2016 @ 2:04am

      Re: Not sure how 230 is relevant here...

      Nice to see I am not the only one that caught this.

      Good affiliate programs will shut down the accounts and lock out affiliates who mislead the public, cheat, or lie to get signups. Fake news sites are intentionally misleading consumers into believing a product has a good reputation and has not been found to be a scam. Affiliate programs that support that sort of nonsense should be dealt with by the FTC.

      "Section 230's year-of-woe keeps going" because people are trying to use it to cover and excuse all sorts of bad behavior. No, section 230 is not a cover for affiliate program scammers nor does it somehow magically make the program not responsible for the actions of the people they both pay and help with fresh "news" stories.

      It's sort of shocking to see a lawyer not grasping something so basic.

      reply to this | link to this | view in chronology ]

      • icon
        Wendy Cockcroft (profile), 30 Sep 2016 @ 7:33am

        Re: Re: Not sure how 230 is relevant here...

        Let me turn your argument on its head, Whatever:

        Good national security programs will shut down the accounts and lock out agencies who mislead the public, cheat, or lie to get signups. Least untruthful answers are intentionally misleading the public into believing a program has a good reputation and has not been found to be abusive. National security programs that support that sort of nonsense should be dealt with by the relevant congressional oversight committee.

        "Mass surveillance programs's year-of-woe keeps going" because people are trying to use it to cover and excuse all sorts of bad behavior. No, terrorism is not a cover for unconstitutional bulk surveillance nor does it somehow magically make the program not responsible for the actions of the people they both pay and help with "terrorism prevention."

        It's sort of shocking to see an advocate for robust law enforcement not grasping something so basic.

        reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 28 Sep 2016 @ 2:26pm

    The point of the scammer affiliate programs isn't just to advertise a scam. It's to derail any research or due diligence into the whether or not the product is a scam. Mom does a Google search on the miracle cure or miracle weight loss program, and it returns endless (fake) blogs and news sites declaring it legit.

    The program pays out to the owner of the fake blog or news site when someone clicks through the original scam site and gets scammed. And so making the sites has become a cottage industry. The "affiliate marketing manager" gets a cut.

    The "affiliate marketing manager" is acting in much the same grey area as Napster or Pirate bay: Neither torrents nor these affiliate programs are by definition unethical or illegal, but it's hard to overlook what they're being commonly used for.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2016 @ 2:56pm

    To generate more sales, LeanSpa hired LeadClick to act as an affiliate marketing manager.

    All online affiliate programs are scams run by spammers.

    reply to this | link to this | view in chronology ]

  • icon
    Mike Brown (profile), 28 Sep 2016 @ 3:05pm

    Not sure I'm with you on this one

    Just a layperson's $0.02 (IANAL). I can't help but compare this to the Kim Dotcom case. He had to know his users were uploading infringing files, just as LeadClick knew its affiliates were creating fake news sites. But knowing users are up to no good doesn't mean ALL of them are. It's not reasonable to expect a site operator to police millions of users, so section 230 protection would seem appropriate.

    Kim Dotcom is off the hook in my book, and I'd be firmly in your camp on LeadClick, if awareness of the bad actors was the extent of their involvement. The minute they started "suggesting substantive edits to fake news pages, and purchasing banner space for fake news sites on legitimate news sources" I think they crossed the line. 230 protects them from the actions of their users, not their own actions.

    reply to this | link to this | view in chronology ]

  • icon
    Norahc (profile), 28 Sep 2016 @ 4:12pm

    Before the ink is dry

    I'm betting that before the ink is dry on this decision, it will be quoted by legacy media companies, bit torrent trolls, and anyone looking to censor a critic by removing their 230 immunity.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2016 @ 5:44pm

    There are so many scammerz out there today that I just assume that everyone is a scammer.

    See what you assholes have done to yourselves?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Sep 2016 @ 1:59am

      Re:

      It's actually a pretty good practice:

      Affiliate marketer == spammer

      Email marketer == spammer

      Permission-based marketer == spammer

      Remember the immortal words of David Canzi:

      "All children should be aptitude-tested at an early age and, if their main or only aptitude is for marketing, drowned."

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.