FTC wins second appellate victory over 230 defense

FTC v. LeadClick Media, LLC, 15‐1009‐cv (2d Cir. Sept. 23, 2016)

The FTC and Connecticut sued LeadClick over its role in the use of deceptive websites to market weight loss products. LeadClick managed a network of affiliates/publishers to advertise the products of LeadClick’s merchant client, LeanSpa.  Some affiliates created deceptive websites making false efficacy claims, including claims about independent testing and testimonials.  The FTC also sued CoreLogic, LeadClick’s parent company, as a relief defendant. The court of appeals rejected LeadClick’s §230 defense, but did let CoreLogic off the hook for $4.1 million in relief.

Facts: Until it went out of business in 2011, LeadClick operated an affiliate‐marketing network, connecting merchant clients to third‐party publishers/affiliates who advertised the merchant’s products. The affiliates used email marketing, banner ads, search‐engine placement and websites they created. LeadClick managed the affiliate network through tracking software, referred to as “HitPath,” that would “track the flow of traffic from each individual affiliate’s marketing website to the merchant’s website while remaining invisible to the consumer.”

LeadClick’s affiliate managers were responsible for scouting and recruiting new affiliates, researching affiliates, and matching affiliates with particular merchant offers. “LeadClick would review and control which affiliates were selected to provide online advertising for each merchant’s offer.”  LeadClick also was a media buyer: it bought space for banner ads from well-known websites, then resold the space, sometimes to affiliate marketers, at a markup.

LeanSpa hired LeadClick in September 2010.  LeanSpa paid a set amount, typically $35 to $45, each time a publisher’s ad led a consumer to LeanSpa’s landing page and that consumer enrolled in LeanSpa’s free‐trial program.  LeadClick paid 80-90% of that to the publisher and kept the rest. To track individual consumer actions, LeadClick routed consumers through the HitPath server to the LeanSpa website via publisher-unique links. 

LeadClick became LeanSpa’s primary marketing network, and LeanSpa became LeadClick’s top customer, responsible for about 85% of all eAdvertising division sales, or $22 million in billing.  LeanSpa was chronically behind on its payments to LeadClick, but ultimately paid LeadClick $11.9 million.  Following industry practice, LeadClick paid publishers before getting paid by LeanSpa, and ultimately terminated its business arrangement with LeanSpa.

Some of LeadClick’s affiliates used fake news sites, which “looked like genuine news sites: they had logos styled to look like news sites and included pictures of supposed reporters next to their articles.” Theygenerally represented that a reporter had performed independent tests that demonstrated the efficacy of the weight loss products and included a “consumer comment” section, where fake “consumers” praised the products.  The vast majority of LeadClick traffic to LeanSpa’s websites came from fake news sites.

The evidence showed that LeadClick (1) knew that fake news sites were common in the affiliate marketing industry and that some of its affiliates were using fake news sites, (2) approved of the use of these sites, and, (3) on occasion, provided affiliates with content to use on their fake news pages. For example, one LeadClick employee told an affiliate interested in marketing LeanSpa offers that “News Style landers are totally fine.” Another employee told a potential new client that “[a]ll of our traffic would be through display on fake article pages.” LeadClick’s standard contract with affiliate marketers also required affiliate marketers to submit their proposed marketing pages to LeadClick for approval before they were used. 

LeadClick employees also requested content edits to some fake news sites.  For example, after hearing of a state action against another network for false advertising, a LeadClick employee reached out to an affiliate to “make sure all [his] pages [were] set up good[,] like no crazy [misleading] info.” The affiliate responded that he was removing references to his page being a “news site” and thinking of “removing the reporter pics” from the site to be safe.  The LeadClick employee advised him not to stop using the fake reporter’s picture, but to “just add [the term] advertorial.” Another time, LeadClick employee advised the affiliate to delete references to acai berry on his fake news site and instead use words like “special [ingredient], formula, secret, bla, bla, bla” because “we noticed a huge increase in [actions] with stuff that doesn’t [s]ay acai.”  Providing feedback on another page, another employee stated that the site “looks good except you CANT say anything about a free trial.. [sic] I need that removed,” and noted that “[i]t is much more realistic if you say that someone lost 10‐12 lbs in 4 weeks rather than saying anything more than that.”

LeadClick also sometimes purchased ad space on genuine news sites for banner ads that would link to the fake news sites promoting LeanSpa’s products as part of its media buying business.  LeadClick sometimes identified fake news sites as destination pages for the banner ads when negotiating with media sellers by emailing the media seller a compressed version of an affiliate’s page or providing the web address for the destination page.

LeadClick argued that it couldn’t be held liable under Section 5(a) of the FTCA because it didn’t create the deceptive content, and the content wasn’t attributable to it.  The court of appeals responded that, “under the FTC Act, a defendant may be held liable for engaging in deceptive practices or acts if, with knowledge of the deception, it either directly participates in a deceptive scheme or has the authority to control the deceptive content at issue.”  This is consistent with the case law in other circuits, which also hold that “a deceptive scheme violating the FTC Act may have more than one perpetrator.”  The rule that a defendant who knows of another’s deceptive practices and has the authority to control those deceptive  acts or practices, but allows the deception to proceed, can be liable is consistent with the longstanding rule that “an omission in certain circumstances may constitute a deceptive or unfair practice.”  (Very nice equivocation on the meaning of “omission,” which in this context usually refers to an omitted statement, not an omitted action.)

Though the FTCA doesn’t expressly provide for aiding and abetting liability, that wasn’t the kind of liability being imposed.  A defendant with knowledge of deception who directly participates or who has the authority to control the deceptive practice, but doesn’t, is itself engaged in an deceptive practice.  

That standard was satisfied here, as the evidence showed. Direct participation was shown by the facts that a LeadClick employee “scouted” fake news websites to recruit potential affiliates for the LeanSpa account; LeadClick employees required alterations to the content of its affiliates’ fake news pages by instructing them to revise their pages to comply with explicit directives from LeanSpa; a LeadClick employee instructed an affiliate to check that his fake news site was not “crazy [misleading]” and advising him not to remove the reporter photograph, but to “just add advertorial”; LeadClick employees advised affiliates on the content to include in their pages to increase consumer traffic (telling an affiliate “[i]t is much more realistic if you say that someone lost 10‐12 lbs[.] in 4 weeks rather than saying anything more than that”); and LeadClick purchased banner ad space on genuine news sites to resell that space to affiliates running fake news pages to “generat[e] quality traffic in very lucrative placements.”

Likewise, LeadClick had the authority to control the deceptive practices of affiliates that joined its network, but didn’t.  Ultimately, “[a]s the manager of the affiliate network, LeadClick had a responsibility to ensure that the advertisements produced by its affiliate network were not deceptive or misleading. By failing to do so and allowing the use of fake news sites on its network, despite its knowledge of the deception, LeadClick engaged in a deceptive practice for which it may be held directly liable under the FTC Act.”  Moreover, LeadClick was directly liable “regardless of whether it intended to deceive consumers ‐‐ it is enough that it orchestrated a scheme that was likely to mislead reasonable consumers.” 

What about the CDA? Under §230, a provider of an interactive computer service won’t be held responsible “unless it assisted in the development of what made the content unlawful.”  See FTC v. Accusearch Inc., 570 F.3d 1187 (10th Cir. 2009).  The court here doubted whether LeadClick was even an interactive service provider, because it didn’t provide “computer access in the sense of an internet service provider, website exchange system, online message board, or search engine.”  Its routing of consumers from its affiliates’ webpages to LeanSpa’s websites via the HitPath server “was wholly unrelated to its potential liability under the statute”—that is, none of the acts for which it was being held liable depended on the fact that it provided that routing, which was just done to keep track of who it was supposed to pay.  If it had contracted out that function, it would still have been the actor responsible for all the acts the court previously deemed to justify direct liability.

More disturbingly, the court reasoned that this “service”—access to the HitPath server—wasn’t the kind of activity Congress intended to protect in granting immunity, because the routing “was invisible to consumers and did not benefit them in any way. Its purpose was not to encourage discourse but to keep track of the business referred from its affiliate network.”

But none of this matters, because LeadClick was an information content provider with respect to the content at issue. It participated in the development of the deceptive content: it recruited affiliates for the LeanSpa account that used false news sites; it paid those affiliates to advertise LeanSpa products online, knowing that false news sites were common in the industry (if this is participation, §230 protection is a dead letter); it occasionally advised affiliates to edit content on affiliate pages to avoid being “crazy [misleading],” and to make a report of alleged weight loss appear more “realistic”; and it bought ad space from legitimate news sites, “thereby increasing the likelihood that a consumer would be deceived” by the fake news sites.  LeanClick’s managerial role “far exceeded that of neutral assistance.”

Further, LeadClick wasn’t being held liable as a publisher or speaker of another’s content, but for its own deceptive acts or practices.  This is a version of the agency argument I’ve made before, I think, but it means we have to be very careful about when failure to act (omission) counts as a deceptive act or practice. Here, the court reiterated that LeadClick’s own conduct was “providing edits to affiliate webpages, … purchasing media space on real news sites with the intent to resell that space to its affiliates using fake news sites, and [having] the authority to control those affiliates and allow[ing] them to publish deceptive statements.”  I imagine Eric Goldman will be none too pleased, but it does seem significant that the editing suggested was to increase deceptiveness, not just to increase the attractiveness of the content.

Finally, relief defendant liability: In 2005, CoreLogic’s predecessor bought LeadClick (as an indirect owner through its wholly owned subsidiary CLUSI). In 2010, LeadClick became a direct subsidiary of CoreLogic, and a sister company to CLUSI.  During the restructuring, CoreLogic transitioned LeadClick and six of its sister subsidiaries into a “shared services system” to streamline and enhance back office functions across the subsidiaries. Shared services programs allow related entities to consolidate some or all of their back‐office functions, such as accounting, legal and compliance, human resources, and information technology, into a single office.

When LeadClick accrued a payable expense, CoreLogic would make the payment directly on its behalf, and track the payment as an advance to LeadClick. Both LeadClick and CoreLogic intended that LeadClick would later reimburse CoreLogic for those advances, and ultimately LeadClick repaid a total of $8.2 million of its advance balance to CoreLogic.  Half of this amount was repaid in a single cash transfer of $4.1 million in August 2011, the month before LeadClick ceased business.  The district court treated that transfer as gratuitous and held CoreLogic liable as a relief defendant.

The court of appeals found that CoreLogic was not an appropriate relief defendant because CoreLogic had a legitimate claim to repayment of its prior advances to LeadClick.  A relief defendant needs a legitimate claim, which can be based on an outstanding loan, but not on a gratuitious transfer.  Though CoreLogic lacked a formal loan agreement, the transfer of $4.1 million was  the repayment of an outstanding intercompany loan, implemented as part of its shared services agreement under which CoreLogic had previously paid LeadClick’s accounts payable. Shared services agreements generally don’t involve formal debtor-creditor relationships, since such documentation “is incompatible with the very purpose of shared services: streamlining operations and increasing efficiency by reducing excess paperwork.” Because the companies were consolidated under general accounting principles for public companies, an interest charge would be inappropriate. “Under these circumstances, the lack of a formal loan agreement does not create suspicion that the transactions were a sham.”