By Nicola McCormick, solicitor, Michael Simkins LLP
The idea of branded content is nothing new but the opportunities for delivery over the internet are only beginning to be explored. Music, video and podcast downloads in particular are poised for an explosion of advertiser exploitation. The promoter of any funded content whether distributed virally or otherwise over the internet will inevitably wish to track who is consuming its content and may wish to limit how such content is used or passed on. Enter the concepts of Adware, Spyware and Digital Rights Management, all of which are frequently confused and have been subject to varying degrees of bad press and criticism. Nicola McCormick explains where the law stands on this:
Adware, Spyware and DRM
Adware and Spyware are terms often used interchangeably which describe software installed on an individual’s computer and used to send back varying kinds of information to a commercial entity’s server either for the purpose of sending targeted pop up advertisements, to report browsing habits or for more nefarious purposes. Digital Rights Management (“DRM”) software limits the scope of use of downloaded content. What these measures and controls have in common is that they require software to be downloaded onto a consumer’s computer hard drive at the time when the consumer downloads content he or she has requested. In the United States these types of bundled software downloads have already attracted litigation. The law suits filed against Sony for its Rootkit copy-protected CD’s made the international press when it was alleged that this form of DRM software was installed by Sony onto its customers’ computers without their consent and that it left users’ computers vulnerable to viral attack. The Adware and Spyware cases have been less well reported outside of the States and yet have raised legal arguments that might well be run in the UK Courts. Many of the US cases relate to alleged breaches of State or Federal laws relating to computer misuse but recent cases have explored the idea of internet trespass, a concept that could well be adopted by the UK courts and which would give ordinary consumers a right to complain about the surreptitious installation of invasive software.
If a person, without permission, interferes with another person’s possessions this may amount to ‘trespass to goods’. Traditionally trespass cases have dealt with interference with physical goods but a number of US cases have suggested that accessing a computer hard drive can amount to trespass. The barrier preventing the use of trespass as a means of legal complaint about Adware, Spyware or DRM in the US has been the need to prove that the complainant has suffered actual damage. However, last month a Californian District Court ruled that allegations that Adware had damaged existing software and reduced the efficiency of the complainant’s computer were sufficient to amount to ‘damage’ for the purposes of trespass. This was not a final ruling in this case but it is the second Adware trespass case known to the author to get past the first hurdle in US court procedure – no doubt other cases are pending or will soon be launched.
In the UK it is not necessary to prove that the trespass has caused ‘damage’ but a complainant must show that the interference with his property has ‘gone beyond generally acceptable standards of conduct’. The surreptitious downloading of software which impairs the function of the user’s computer and is only of benefit to the commercial entity causing it to be installed is likely to fall foul of this UK test and amount to trespass.
In the US cases the litigation has been brought not only against the seller of the software but against the agencies and advertisers who employ such software. If advertisers in the UK do not think through their use of Adware and DRM technology there is a real risk that they could be subject to trespass claims.
Good Practice Points
It is clear from the US cases that it is the surreptitious nature of software downloads which leaves open the door for trespass claims. Properly managed downloads which require informed user consent are far less likely to attract successful claims. There are a number of steps which potential advertisers can take to minimise the risk of facing an action for cyber trespass.
1. It is of utmost importance that advertisers understand the nature of tracking software or digital controls that it is proposed are bundled with their branded content. They should seek reassurances or indemnities from the provider that no other software will be tagged on for any purpose other than those agreed.
2. Advertisers should seek clarification from the software provider as to the likely effect of the software on a user’s computer.
3. Legitimate users of Adware and DRM will always seek consumers consent before downloading any content with collateral software. However, the mere clicking of the consent button is not necessarily sufficient. The quality of information provided prior to the consumer giving his click consent is of key importance. US commentators have suggested a four step approach as follows:
* Tell the consumer that terms apply to the download of content.
* Give the consumer an opportunity to review the terms.
* Tell the consumer that if he takes the next step e.g. clicking “I agree” or “install now” that he will be accepting the terms.
* Do not download unless the consumer takes the active step indicated.
However, merely putting in place the consent architecture will not be sufficient if the nature of a download is not fully disclosed. As with many legal issues on the internet the legitimacy of downloads corresponds directly to the degree of transparency with which the commercial entity deals with the consumer.
Kerrins v Intermix Media Inc., 10 January 2006 (see Music Law Updates Archive March 2006)
Sotelo v Direct Revenue LLC 29 August 2005
This update is © Michael Simkins LLP and is for general guidance only. Legal advice should be sought before taking action in relation to specific matters. Where reference is made to Court decisions facts referred to are those reported as found by the Court. The Michael Simkins’ website is at http://www.simkins.co.uk/default.aspx