E-Commerce Law Week, Issue 558

TRO in Web Advertising Case Could Augur Major Problem for Search Engines and ISPs

The Federal Trade Commission has won a temporary restraining order barring Yahoo!, Microsoft Network's Live Search, AltaVista, and AllTheWeb from running certain deceptive advertisements -- even though the FTC did not name these search engines as defendants.  The FTC's complaint alleges that one or more unknown defendants violated the "deceptive acts or practices" prong of the FTC Act by purchasing search engine advertising that falsely suggested that the defendants were affiliated with the federal government's "Making Home Affordable" program; however, clicking on the displayed links directed consumers to commercial websites that collected personal information and offered "paid home loan modification or foreclosure relief services."  In addition to directly enjoining the defendants from placing their deceptive ads, the TRO also requires the four search engines to:  (1) "identify all persons" who paid them to place the ads; (2) "refuse to place paid advertisements that contain active hyperlinks that are labeled MakingHomeAffordable.gov, or any other domain name containing the top level domain name 'gov,' for any such person"; and (3) send the FTC copies of all ads placed by such persons, along with the conditions for triggering the ads, the number of times the hyperlinks in the ads were clicked, and the amount paid for each ad.  The court explained that it was imposing these requirements on the search engines pursuant to Rule 65(d)(2)(C) of the Federal Rules of Civil Procedure, which states that a preliminary injunction may bind persons who receive notice of the injunction and "are in active concert or participation with" the parties to a case.

Court Considers Retailer's Data Breach Liability

A recent ruling could help clarify when a retailer may be held liable for harm caused by a breach of its customers' information.  In In Re Hannaford Bros. Co. Customer Data Security Breach Litigation, a group of consumers alleged that they had used credit and debit cards to purchase groceries at Hannaford's stores, that a third party had stolen the electronic payment data associated with these cards, and that this theft had caused them loss and other injuries.  The plaintiffs asserted seven state law causes of action against Hannaford -- breach of implied contract, breach of implied warranty, breach of duty to a confidential relationship, failure to advise customers of the theft of their data in a timely manner, strict liability, negligence, and a violation of the Maine Unfair Trade Practices Act (UTPA).  In its ruling on Hannaford's motion to dismiss these claims, a federal court in Maine held that the claims for breach of implied contract, negligence, and a violation of the UTPA were viable, but that "consumers whose payment data are stolen can recover against the merchant only if the merchant's negligence caused a direct loss to the consumer's account."  The court found that only a plaintiff who allegedly had "fraudulent charges on her account that … her card issuing bank ha[d] refused to remove" met this standard for stating a cognizable injury.  Accordingly, it allowed this one plaintiff to pursue her claims against Hannaford for breach of contract, negligence, and a violation of the UTPA, and dismissed all of the other plaintiffs' claims.  Along the way, the court also suggested that courts should look to the FTC's data security actions when considering liability under state consumer protection laws like the UTPA.

FBI Use of NSLs Increased in 2008

A recent Justice Department report to Congress indicates that the FBI issued 24,744 National Security Letters for information concerning U.S. persons in 2008 -- up from 16,804 such requests in 2007.  The number of U.S. persons targeted by these requests also rose, climbing from 4,327 in 2007 to 7,225 in 2008.  However, the report indicated that more than half of this increase in the number of NSL requests can be explained by the fact that the number of "corrective NSLs" requested jumped from 471 in 2007 to 4,929 in 2008.  These corrective NSLs were issued to provide legal authority to retain records that the FBI had received from communications service providers prior to 2008 in response to "exigent letters" and other requests that were served "without documented compliance" with the Electronic Communications Privacy Act.  The report also revealed that the FBI made 2,082 applications to the Foreign Intelligence Surveillance Court in 2008 to conduct electronic surveillance or physical searches for national security purposes, with only one of those denied by the FISC.  The FBI also filed -- and the FISC approved -- 13 applications for access to certain business records under section 1861 of the Foreign Intelligence Surveillance Act (an authority created by section 215 of the USA PATRIOT Act).

Steptoe Presents:  Online Brand Enforcement: A Business-Minded Approach to Web Infringers 

On June 10, 2009, Steptoe will host a complimentary webinar entitled Online Brand Enforcement: A Business-Minded Approach to Web Infringers, led by Brian Winterfeldt and Bryce Coughlin and moderated by Michelle Cooke.  Guest speakers will include J. Scott Evans, Senior Director, Global Brand and Trademark at Yahoo! Inc., and Michael Bishop, General Counsel of AT&T Intellectual Property, Inc.  Topics to be addressed include options for enforcing brands, cost-effective enforcement strategies, and settlement and litigation, if necessary.  Registration is free, but is on a first-come, first-served basis.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.