Dirty Clicks

This article first appeared in Legal Week, June 2007

Introduction

The past few days have seen a number of significant indications of the new and growing importance of online advertising. In the first place, research from the Internet Advertising Bureau revealed that the money spent on UK internet advertising last year topped 10% of the total advertising spend across all media for the first time, with a figure of around GBP£2bn in total expenditure¹. Secondly there have been a number of record-breaking acquisitions in the sector. Google agreed to buy Doubleclick, one of the leaders in distributed digital advertising, earlier this year for US$3.1bn, WPP agreed to buy 24/7 RealMedia, another digital tech and advertising business, for US$650m and then, just a day later, Microsoft announced the acquisition of Aquantive for US$6bn.

Most of this market, whether search-based advertising as exemplified by Google’s core-business, or display-based or banner advertising, as practised by the target "ad server" companies in these mammoth acquisitions, operates on one of two models. "Pay per click" (PPC) advertising means that advertisers pay a fee every time their advert is clicked on by a viewer, and "pay per impression" advertising (known as "CPM" for cost per thousand-impressions) means that advertisers pay a fee every time their advert is displayed.

As the size of the online advertising market grows, though, so too does the problem of "click-fraud". This type of fraud falls into two categories:

• Affiliate Fraud, which occurs when ad server affiliates (websites that have agreed with companies like those mentioned above to include PPC or CPM advertising in return for a share of the revenues generated) artificially generate clicks in order to beef up their own commissions; and
• Competitor Fraud, which occurs when an advertiser’s competitors, or other people with an axe to grind for some reason (such as disgruntled former employees) deliberately click (for PPC adverts) or re-load (for CPM ones) repeatedly their target’s adverts in order to waste marketing budget.

The methods used to perpetrate these types of fraud have developed from manual clicks to the creation of bogus content websites specifically designed to assist, with computer scripts used automatically to generate fake clicks on adverts. Estimates of the extent of click fraud vary, but most observers seem to agree that around 10% of online advertising expenditure is wasted in this way, though some put the figure as high as 50%².

Whether or not the click-fraudsters are committing a criminal offence, the issue of whether damages can be recovered from them in a civil action is in question (even assuming that the fraudsters can be identified). This is because it is difficult to see what cause of action might apply, and who the claimant would be. In the case of affiliate fraud, the ad server itself could claim for breach of contract, but, since there is no direct financial loss, they may have difficulty establishing damage - their only loss is likely to be damage to reputation. In the case of competitor fraud even this route is not available, there being no contract between the ad server and the fraudsters in this instance.

The direct victims of the fraud, the advertisers, have a similar problem in identifying a cause of action. One tort which may assist is the little-used economic tort of "unlawful interference with business". Although rare, fortunately, the necessary elements for this tort were very recently reviewed in the House of Lords in a single judgement dealing with three cases involving claims for economic torts (one of which, Douglas v Hello!, has been much reported-on for its comments on the law of confidentiality and privacy)³.

In that judgement, the court held that the tort "consists of acts intended to cause loss to the claimant by interfering with the freedom of a third party in a way which is unlawful as against that third party and which is intended to cause loss to the claimant"⁴. The court added that it is also necessary that the claimant be damaged in fact.

Applying this test to the case of click-fraud we arrive at the conclusion that it may be possible for an advertiser to bring a claim in cases of competitor fraud, since the fraudster, in that case, has the requisite intention to damage the claimant. However there is also the requirement that the conduct complained-of constitute an "unlawful act", meaning one which would permit the third party themselves to bring a direct civil claim. In the case of competitor fraud, as discussed above, it may be difficult for the ad server to bring a claim because of the problem in identifying which cause of action could apply. By contrast, in the case of affiliate fraud, whilst there will be less difficulty in meeting the "unlawful act" requirement (the court in the Douglas case stated that there would still be an "unlawful act" where the only reason the third party could not bring a claim was the lack of damage⁵), the problem here is that there is no intention specifically to harm the claimant – so any such claim would probably fail.

In summary we can only conclude that any civil claim against a fraudster, whether made by an ad server or by an advertiser who has suffered loss, would meet some significant problems, and that, to succeed, it may have to break new legal ground.

Because of the difficulties in identifying the fraudsters and then in establishing a claim against them, aggrieved advertisers are perhaps more likely to seek to bring as claim against the ad server. One possible claim might be for breach of a contractual term (whether express or perhaps implied) that they will use reasonable care to prevent click-fraud, assuming that such a term can be shown to apply and that liability for it is not excluded by the contract’s "liability" provisions. Another possibility might be to bring a claim for negligently causing (or not preventing) damage, though since the type of loss suffered is pure economic loss, and since it is well-established that it is difficult to show a duty of care in such situations, such a claim may not be entirely straightforward.

Nevertheless, at least in the USA, Google did, last year, settle for up to US$90m a class action law suit (brought by Lane's Gifts & Collectibles as lead plaintiff) claiming it had not done enough to detect and prevent click fraud.

In recognition of the problem of PPC fraud, in August 2006 the Interactive Advertising Bureau (an industry trade association) announced a working group to create click measurement guidelines and to work towards a full auditing procedure⁶. These "Click Measurement Guidelines" are yet to be finalised but are expected within the next few months.

In the meantime, though, there has been increased interest in forms of online advertising that are less susceptible to fraud than PPC and CPM. By contrast to the "traditional" online advertising world, the market for advertising via mobile phone content is still very much in its infancy and this is a highly innovative sector. Unfortunately, though, not all the innovation is welcome and problems of the fixed online world are increasingly migrating to the mobile one. Spam, for example, has its corollary in "SPIT" (spam over internet telephony) and as online advertising moves to mobile so the problems of "click fraud" seem likely to follow too.

Mobile advertising though has one significant advantage over fixed in this respect – it is much easier to monitor whether customers have made phone calls directly from an ad. This means that a "pay per action" model, where advertisers only pay a fee if customers do something such as make a phonecall or place an order, is much more attractive in the mobile sector. A "pay per action" model is thought likely to avoid click fraud because it is much more difficult and expensive for a fraudster to generate fraudulent hits.

We may, then, find that the current popularity of PPC and CPM advertising, increasingly beset by the problem of click fraud, will end up being just a temporary feature of the online advertising market and that, driven in particular by the expected growth of the mobile-advertising, the more robust model of "pay per action" becomes increasingly the norm.