Microsoft Corp. v. Lam: The Role of CFAA in the Legal Battle Against Click Fraud
In the financial world, the fraud du jour is the Ponzi scheme. On the internet, the fraud du jour is click fraud. Click fraud defrauds advertisers who pay ad fees on a per "click" basis to internet service providers such as Google or MSN. In theory, each "click" is supposed to represent an interested consumer who has "clicked" on an ad, taking him to more detailed content. In click fraud, the perpetrator simply clicks away at ads without any interest in the content, thus creating higher bills for the advertiser with no marketing result. The perpetrators tend to be competitors of the advertiser, who use click fraud to deplete their competitor's ad budget and increase legitimate customer attention to their own sites, or ad subcontractors, who increase their ad revenues by generating fraudulent clicks.
After increasing hue and cry over click fraud, on June 15, 2009, Microsoft filed suit against the Lam family of Vancouver, British Columbia and Guangzhou, China (Microsoft, Corp. v. Lam, U.S. District Court, District of Washington, Case No. 09-0815). The suit alleges that the Lams were committing the competitor form of click fraud -- using computer-generated clicks on competitors' web ads for insurance and World of Warcraft gold, in order to drain their competitors' ad budgets and to advance the placement of their own ads. According to the suit, Microsoft suffered at least $750,000 in damages from lost ad revenue and from investigating and addressing the defendant's fraudulent activities.
Microsoft raised numerous common law claims, including breach of contract, interference with business relations and fraud. In addition, Microsoft also brought claims under the State of Washington's consumer protection act -- and the Computer Fraud and Abuse Act (CFAA, 18 U.S.C. § 1030).
A civil action for violation of CFAA may be brought against a person who intentionally accesses a protected computer, and as a result of this conduct, causes damage a loss. The term "protected computer" includes computers used in interstate or foreign communications. 18 U.S.C. § 1030 (e)(2). In general, to bring a private suit, the offense must have caused "loss to 1 or more persons during a 1-year period aggregating at least $5,000 in value. 18 U.S.C. § 1030(c)(4)(A)(i)(I); (g).
Damages for CFAA suits brought under this section are limited to economic damages. In many cases, this could be less than the damages available under state tort laws, which also allow recovery of punitive damages, or contract laws, which allow recovery of attorneys fees. In many cases, plaintiffs appear to assert CFAA claims merely to obtain federal jurisdiction. This may be the case in the Microsoft v. Lam case, which uses its assertion of CFAA, as well as diversity, as the basis for its right to federal jurisdiction.
Because this is one of the first civil suits regarding click fraud, it bears watching. We will continue to report on this case, as it develops.
David D. Johnson is a business lawyer whose practice focuses on litigation and other issues relating to digital media and consumer electronics companies. David can be contacted at (310) 785-5371 or DJohnson@jmbm.com.
