By Joshua Salinas and Jessica Mendelson

A federal district court for the Northern District of California recently held in a “competitor click fraud” case that a mere assertion of a violation of the Computer Fraud and Abuse Act claim without sufficient factual details regarding any inside or outside “hacking” is insufficient to establish subject matter jurisdiction over the action. (Incorp Services Inc. v. IncSmart.Biz Inc., No. 11-CV-4660-EJD-PSG, 2012 WL 3685994 (N.D. Cal. Aug. 24, 2012) The case also presented a novel personal jurisdiction issue involving alleged online false advertising where neither the defendants nor the plaintiff resided in California. The court found that personal jurisdiction existed because the defendant company’s website deliberately targeted California consumers and continuously exploited the California marketplace.

Background

Incorp Services Inc. (“Incorp”) is a Nevada-based corporation that provides a variety of company formation and registration services, including registered agent services across the country. Incorp expended resources to advertise its services on Microsoft, Google, and Yahoo! search engines. These search engines use a “pay-per-click” model that charges advertisers each time a user clicks on the advertiser’s ad and subsequently deducts those charges from the advertiser’s ad budget. The search engine stops providing advertising space when the advertiser’s advertising budget is depleted.

A rampant problem with this pay-per-click advertising model is “competitor click fraud,” a fraudulent scheme where companies – who are also advertising on the same websites as their competitors – repeatedly click on their competitors ads to drain their competitor’s advertising budget. As a result, companies can potentially “clean” the Internet of their rivals’ advertisements by exhausting their rivals’ advertising budgets.

Incorp filed a lawsuit in the Northern District of California last year under the Computer Fraud and Abuse Act (“CFAA”) alleging that it was the victim of this aforementioned fraud. Incorp alleged that a group of unknown Doe Defendants engaged in a campaign of repeatedly clicking on Incorp’s online ads, with no actual interest in learning about Incorp or purchasing Incorps’ services. Incorp alleged that the Defendants conducted this campaign in bad faith with the intent of deleting Incorp’s advertising budget to obtain a more prominent position in search engine results and consequently drive more potential customers to Defendants’ website.

Incorp later identified the IP addresses associated with the alleged click fraud and amended its complaint to add IncSmart.Biz, Inc. (“IncSmart”) as a defendant and to include claims against IncSmart for, inter alia, false advertising under the Lanham Act. Incorp alleged that IncSmart falsely advertised that IncSmart provides registered agent services for states where IncSmart does not have the necessary qualifications or did not obtain the necessary certifications to conduct business.

Incorp also amended its complaint to add officers of IncSmart as defendants, as well as one of the officer’s elderly mother. All of these individual defendants were residents of Nevada and had no meaningful personal ties to the State of California. Neither individual defendant owned or leased any real or personal property in California, nor had they ever owned or been required to pay taxes in California.

Accordingly, IncSmart and the individual defendants filed motions to dismiss the amended complaint for lack of personal jurisdiction and improper venue, or alternatively, a transfer of venue. Specifically, they contended that Nevada was the appropriate forum and not California.

As a preliminary matter and before reaching the personal jurisdiction issue, the court decided to first analyze the existence of subject matter jurisdiction for the CFAA claim.

Subject Matter Jurisdiction

The court noted that it may dismiss an action for lack of subject matter jurisdiction where the court lacks a statutory or constitutional basis for deciding the case. In this case, Incorp pled the following:

“In clicking on Incorp’s online ads without having an actual interest in Incorp’s website or services, Defendants exceed their authorized access to the Search Engines’ protected computers….” (emphasis added).

Relying on United States v. Nosal, 661 F.3d 1180 (9th Cir. 2011), which has been previously discussed in greater detail in this blog, the court found that Incorp’s CFAA claim required a showing of additional facts to establish subject matter jurisdiction.

“The Court observes that there are no direct or clear allegations of ‘hacking’ in this passage-being, broadly, ‘the circumvention of technological access barriers,’ not violation of use restrictions.”

In other words, the court held that clicking online ads “without having an actual interest” does not constitute “exceeds authorized access” under the CFAA. The court also held that if Incorp was contending that Incorp’s online activity violated any terms of use policies, it was insufficient to state a claim under the CFAA in light of the Nosal decision that violations of “use restrictions” are not violations under the CFAA. As such, the court granted Incorp leave to amend with respect to the CFAA claim so that Incorp could clarify and reallege how IncSmart’s conduct violated the CFAA.

Personal Jurisdiction

The court then addressed personal jurisdiction. Under the Fourteenth Amendment’s Due Process clause, the court may exercise personal jurisdiction over a defendant who has “certain minimum contacts with the forum, such that maintenance of the suit does not offend traditional notions of fair play and substantial justice.” Incorp did not contend that the court has general jurisdiction, and therefore, the court addressed specific jurisdiction.

The traditional test for establishing specific jurisdiction involves a three-prong test:

  1. The non-resident defendant must have sufficient minimum contacts, i.e., “purposefully direct his activities” toward the forum state or purposefully avail himself of “the privilege of conducting activities in the forum.” A split has arisen between the circuits concerning analysis under this prong when the minimum contacts are online – the Calder effects test, the Zippo sliding scale test, and the totality-of-circumstances test. The Ninth Circuit has followed the Calder effects test, which requires that the defendant allegedly must have (i) committed an intentional act, (ii) expressly aimed at the forum state, (iii) causing harm that the defendant knows is likely to be suffered in the forum state. Applying this analysis, the court in this case found that IncSmart allegedly used a highly interactive website to offer California specific services to California residents. The court found that this suggested a deliberate intent to access and sell to California consumers, and that IncSmart “continuously and deliberately exploited” the California marketplace with its website. The court held that IncSmart could reasonably expect to be subject to litigation in California.
  2. The claim must arise out of the defendant’s forum-related activities. Here, the court found that the claim arose from IncSmart’s activities via its website, which specifically targeted California consumers.
  3. The exercise of jurisdiction must be reasonable. Finally, the court found that IncSmart failed to present a compelling case that rendering jurisdiction would be unreasonable, and that requiring the case to be refiled in an alternate forum would merely delay the resolution of the case. As a result, the court denied the motion for lack of jurisdiction over the corporation and some of its officers. The court granted the motion with leave to amend, however, with respect to one of the officer’s elderly mother because she was not connected to IncSmart’s website and there was no evidence of any personal jurisdiction.

Improper Venue/Transfer of Venue

Regarding venue, the court concluded that the Defendants failed to establish the necessary burden required to transfer the case to Nevada. In particular, the court noted that Incorp’s choice of forum should be overturned sparingly, and the Defendants failed to show an inconvenience regarding the location of witness and/or documentary evidence. Thus, no transfer of venue was needed.

Takeaways:

(1) Are click fraud claims viable under the CFAA after Nosal?

Some commentators anticipated that the CFAA may represent the future in effective click fraud deterrence. This would become increasingly valuable as more advertising dollars are moving from traditional print and television to online advertising. In fact, Microsoft was the first to bring civil action for click fraud under the provisions of the CFAA a few years ago. (Microsoft Corp. v. Lam, No. C09-0815(W.D. Wash. filed June 15, 2009).  Microsoft contended that the fraudulent clicks at issue violated its terms and conditions, and, thus exceeded authorized access by violating these use restrictions. Unfortunately, no substantive rulings came out of the case as the parties reached a settlement prior to any motion practice.

This case seems to suggest that click fraud claims based on violations of terms of use policies may not be viable under the CFAA after Nosal. The court in this case allowed Incorp to amend its CFAA claim, but it remains unclear how click fraud can constitute activity “without authorization” or “exceeding authorized access” under the statute. One positive note for click fraud victims is that the court’s reliance on Nosal may limit its holding to jurisdictions that follow the Ninth Circuit’s narrow interpretation of the CFAA regarding violations of use restrictions or terms of use policies.

(2) Highly interactive websites that deliberately target a forum state may establish personal jurisdiction

Moreover, this case reaffirms the use of the Calder effects test within the Ninth Circuit for analyzing minimum contacts online. As companies continue to expand and increase their presence and business activities online, it is important to recognize that certain online activities may establish personal jurisdiction that may not otherwise exist. As demonstrated in this case, district courts within the Ninth Circuit when analyzing personal jurisdiction will look into the interactivity of a party’s website and/or how the party’s online activities deliberately target a specific forum. Thus, even if a party is not “physically present” in a particular forum, the party’s may not be able to use the Internet as a digital shield to hide from the court’s jurisdiction.