This odd little case reminded me of that. In Jackson v. American Plaza Corp., No. 08-8980 (S.D.N.Y. April 28, 2009), the court held that one Craigslist advertiser could not sue another Craigslist advertiser for allegedly violating the Craigslist terms of use. The court ruled that the Craigslist terms of use -- which it noted was a valid click contract between Craigslist and its users -- did not create any enforceable rights in third parties such as the plaintiff. Did not "likely" create third-party beneficiary rights, I should say. The plaintiff was seeking an injunction, which the court denied.
Attorneys faced with cases like this really ought to look hard at the Computer Fraud and Abuse Act, 18 U.S.C. 1030, a much more promising route to relief in cases of online misfeasance. The CFAA has recently gotten a lot of attention from companies who are using it against departing employees, but there is no reason it cannot be used against competitors as well. I'm not going to do all the research here (e-mail me if you want the cases), but it is possible to make a respectable legal argument that might entitle the plaintiffs to CFAA relief in this case.
It goes like this. The CFAA prohibits an individual from intentionally accessing a computer without authorization or in excess of authorized access and thereby obtaining information from a protected computer. 18 U.S.C. 1030(a)(2)(C),
A contract, such as an online terms of use document, can be used to define what kind conduct is "authorized" for CFAA purposes. I'm thinking of the Explorica and Verio cases. Let's accept the truth of the plaintiff's argument that the defendant's alleged "spamming" on Craigslist violated the terms of use.
Nor does the computer that was accessed improperly need to be the plaintiff's computer. The CFAA says "any person who suffers damage," and this language was given a plain-English interpretation by the Ninth Circuit in Theofel v. Farey-Jones ("Individuals other than the computer’s owner may be proximately harmed ....").
Finally, the plaintiff would have to demonstrate both "damage" to the computer and "loss" to the plaintiff in excess of $5,000. Spamming has been held to cause CFAA damage (I am thinking of the America Online v. LGCM case.) As for "loss," the plaintiff would have to prove that it was losing business as a result of the defendant's alleged spamming. Presumably the plaintiff in Jackson can make this showing; why else would it have sued?
Finally, assuming that the plaintiff can navigate successfully all of the above issues, Section 1030(g) provides for compensatory damages and injunctive relief.
That's my argument anyhow. I've only half-convinced myself; however, I don't believe there are any cases out there that definitely knock it down.
Back in the real world of Jackson v. American Plaza Corp, the plaintiff and the defendant were both in the business of marketing rental property in New York City. The conduct that drew the plaintiff's lawsuit was spamming, which the court described as posting repetitive advertisements on Craigslist for the same property within a short period of time. The Craigslist terms of use provide that "you agree not to ... post non-local or otherwise irrelevant Content, repeatedly post the same or similar Content or otherwise impose an unreasonable or disproportionately large load on our infrastructure."
The court made pretty quick work of the plaintiff's claim that it was a third-party beneficiary of this language. There was no language elsewhere explicitly giving users rights against other users. Nor did the court find language that might create an inference that the Craigslist terms were intended to benefit anyone other than Craigslist. The contract language cited by the plaintiff, the court observed, "indicates that Craigslist's principal concern with repetitive posting was that it burdens the Craigslist infrastructure. Thus any benefit received by plaintiffs is incidental."
A final, interesting, novel, though unsuccessful, argument made by the plaintiff was that Craigslist officials had made public statements indicating their belief that Craigslist was a "public service." Even if Craigslist officials had made such a statement -- a debatable point, the court noted -- it doesn't indicate an intent on Craigslist's behalf to create legally enforceable obligations among its users.
Here are a few cases in which courts turned back claims that the plaintiffs were third-party beneficiaries of an online contract between other parties.
In Kremen v. Network Solutions Inc., No. 01-15899 (9th Cir. 2003), the Ninth Circuit held that Network Solutions Inc., which allegedly had wrongfully transfered the plaintiff's sex.com domain registration to someone else, was not liable under the theory that the plaintiff was a third-party beneficiary of the domain name management agreement between NSI and the National Science Foundation.
Similar ruling two years earlier in Dluhos v. Strasberg, No. 00-3163 (D. N.J. 2001).
An individual alleging defamation caused by an America Online user is not a third-party beneficiary of the membership agreement between AOL and its users. Morrison v. America Online Inc., No. 3:00CV0723AS (N.D. Ind. 2001).
Internet services company is not third-party beneficiary of contracts between domain name registrar and Internet Corporation for Assigned Names and Numbers. Register.com Inc. v. Verio Inc., No. 00 Civ. 5747 (S.D.N.Y. 2000).
Follow me on Twitter at @bnatechlaw
Another TPB case is Noah v. AOL. http://eric_goldman.tripod.com/caselaw/noahvaol.htm
No offense intended, but your CFAA argument stinks. It's similar to the "logic" that convicted Lori Drew. http://blog.ericgoldman.org/archives/2008/12/lori_drew_convi.htm The CFAA plaintiff in this case would be Craigslist, not some rival advertiser.
Eric.
Posted by: Eric Goldman | May 02, 2009 at 06:50 PM
None taken, if by "stinks" you mean "a really bad idea" as far as online policy. The statute gives a cause of action to "any person" regarding "any protected computer." So I think I can be forgiven for imagining that the plaintiff had something to work with here.
It didn't come up in the *Jackson* case, but even if the plaintiff was able to get the court to find that it was a TPB of the Craigslist TOS, the plaintiff still wouldn't have been able to obtain an injunction -- which is what it was seeking. Injunctive relief is not a breach of contract remedy, is it? On the other hand, the CFAA explicitly provides for injunctive relief.
Posted by: Thomas O'Toole | May 03, 2009 at 01:02 PM
Nice read. I hadn't heard about this case.
I agree with Eric on the CFAA argument. While it's possible to read the statute as permitting the sort of claim you describe, the statute to my knowledge is not meant to address anything another than actual "hacking." Granted the Lori Drew case got that wrong, which means you might be right at least in your intuition that a court might read the statute your way.
Posted by: Matthew C. Sanchez | May 13, 2009 at 02:50 PM
Yeah, sorry, but no. This is the kind of cute argument that judges take about ten seconds to decide they'd rather ignore than try to explain why you're wrong, especially because you're probably really right, Thomas, in that cute kind of way we lawyers can be.
And they're not having any of that.
Posted by: Ron Coleman | June 12, 2009 at 03:08 AM