A Clickful of Dollars Might Violate The CFAA

Michael Slipsky
Poyner Spruill LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Poyner Spruill LLP

United States Magistrate Judge Christopher J. Burke of the District of Delaware recently held that “click fraud” violates the federal Computer Fraud and Abuse Act, 18 U.S.C 1030 (“CFAA”). “Click fraud” refers to a phenomenon when an online advertising service enhances its perceived value by inflating the number of users who “click” on the ads. In Juju, Inc. v. Native Media, LLC, No. 19-402-CFC, 2020 WL 3208800 (D. Del., June 15, 2020), the defendants emailed messages with job search results. The contract between the plaintiff and defendants provided that the plaintiff paid defendants a certain sum each time a user clicked a link.

This incentive structure was designed to encourage effective electronic marketing. The clicks gauged user interest. User interest is a precursor to use or “conversion.” Over time, the plaintiff observed that the defendants’ conversion rate was low. In theory, users were interested in the advertised openings. But they were not applying for jobs. This pattern of clicks with no conversions eventually aroused suspicion. Plaintiff analyzed the available data: IP addresses, repeated clicks, click location, and click timing to determine whether the clicks reflected genuine user interest, or phantom users fudging figures. Plaintiff ultimately concluded that the defendants were using automated scripts, or some other technical means, to cloak actual user figures behind a wall of phantom clicks. It was paying for users that were not there.

Plaintiff eventually sued defendants. The Complaint asserted contract and other claims.. It also asserted a rare CFAA claim. To prevail on the CFAA claim, the plaintiff had to prove that defendants had (1) accessed a computer; (2) without, or exceeding, authorization; (3) intentionally and; (4) advanced fraud, obtained value, or both.

The defendants moved to dismiss. They argued that alleged click fraud could not constitute unauthorized access to a computer. Unauthorized access was limited to hacking. The court rejected this argument. It noted that under Third Circuit precedent, accessing plaintiff’s computers in violation of a contractual restriction constituted unauthorized CFAA access. The Third Circuit had held that if prohibited by the parties, otherwise permissible access became unauthorized. Access to plaintiff’s computers and information met the CFAA test. That was precisely what the plaintiff was alleging: that the defendants had violated a contractual provision. In doing so, they had directed a stream of unauthorized clicks at plaintiff’s computers.

This constituted access. Because of the parties’ agreement, it was unauthorized access. For this reason, the court recommended denying the Motion to Dismiss. The assertion of a CFAA claim in the context of a business contractual dispute signals the growing popularity of an old statute. Combined with the CFAA’s upcoming trip to the Supreme Court of the United States, we have not heard the last of this once obscure statute.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Poyner Spruill LLP | Attorney Advertising

Written by:

Poyner Spruill LLP
Poyner Spruill LLP
Contact
more
less

Poyner Spruill LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide