Legality of adware distribution with P2P

Legality of adware distribution with P2P

Summary: Legality of adware distribution with P2P: an expert's analysis


After I blogged last week about Direct Revenue's new deal with KaZaA to distribute their adware, I received an email from a representative of another adware company asking what I thought about the legality of the arrangement.  Adware bundling with peer to peer file sharing applications is nothing new.  KaZaA, Morpheus, Grokster and others have long bundled adware.  In 2002, it seemed to me that file sharing apps were one of the largest sources spyware/adware infections of users  posting for help on forums. In the FTC's complaint against Walt Rines and Odysseus Marketing announced last week, one of the counts was "Failure to adequately disclose the presence and nature of bundled software". (page 10, PDF). 

There is also the question of whether or not companies like Sharmaan Networks (KaZaA) and Grokster could be held liable for users illegally downloading copyrighted materials. In June, the Supreme Court ruled that peer to peer companies such as Grokster could, indeed, be held responsible for such piracy.  In September, a somewhat similar ruling was handed down by an Australian court against Sharmaan Networks. 

The question put to me was:

Saw your recent posting on the Direct Revenue/KaZaA partnership. Many have praised this move despite the fact the Supreme Court has ruled that these P2P networks are illegal. I can see why people are praising Direct Revenue for getting out of the distribution networks they are in, but I’m just surprised to see no one question the legality of distributing with KaZaA. Any thoughts?

Since the legal issues with both adware and peer to peer apps are thorny and IANAL (I am not a lawyer), I put the question to an expert.  Eric Goldman, author of the Technology & Marketing Law Blog and professor of law at Marquette University Law School in Milwaukee, Wisconsin, agreed to respond to the question of legality of adware distribution with peer to peer applications. With Eric's permission, here is his analysis.

This raises some interesting questions about copyright liability.  Copyright infringement requires a direct infringer--the person who makes the impermissible copy.  Presumably, KaZaA users are that direct infringer by uploading and downloading infringing files.

Once we identify a direct infringer, then in some cases we can identify other actors who are liable for those infringements.  There are two principal doctrines establishing what we call "secondary" liability.  Contributory infringement occurs when a party, "with knowledge of the infringing activity, induces, causes or materially contributes to the infringing activity of another."  Vicarious infringement occurs when a party has the right and ability to supervise the infringing activities and has a direct financial interest in those activities.

In Grokster, the Supreme Court held that Grokster and StreamCast "induced" infringement.  In my mind, the court simply clarified one of the standards for contributory copyright infringement.  I should note that many of my law professor peers do not agree; they think Grokster created a third basis of liability to supplement contributory and vicarious infringement.

In either case, the author assumes that KaZaA is contributorily or vicariously liable for users' direct infringements (under the Grokster case or otherwise).  The author (adware company representative) then asks the follow-up question: might an adware vendor be liable for KaZaA's contributory or vicarious infringement?

To be clear, the adware vendor is, in all likelihood, not liable for the users' direct infringements under standard contributory or vicarious infringement doctrines.  Most specifically, the adware vendor lacks any technical way to know what users are doing with KaZaA or to control their copyright-infringing behavior.  So, at most, the adware vendor helps KaZaA help users commit direct infringement.

Some commentators have termed such a theory "tertiary" liability.  There is no case law or statute establishing tertiary liability...for good reason.  Consider--should the electric company be tertiarily liable for copyright infringement because they provided an essential resource (power) to help KaZaA help users infringe?  Should the trash company be liable under the same theory?  What about KaZaA's landlord?  You get the point; the witch-hunt for copyright defendants can reach a point of absurdity where businesses simply won't be able to transact with each other without a fear of being pulled into a copyright infringement lawsuit.

However, tertiary liability is the subject of an active case pending right now involving Napster.  The plaintiffs in the Napster case have sued Bertelsmann for providing money and services to Napster to help operate the company.  This is, in effect, seeking to hold Bertelsmann liable for helping Napster help users infringe.  This summer, Bertelsmann moved to dismiss the complaint and the judge refused that motion.  This means that to this judge, the tertiary liability doctrine is serious enough to have stated a cause of action.  This doesn't mean it's good law yet, so we'll be closely watching this case to see if it gives us any clarity on the boundaries of tertiary liability

If tertiary liability is good law, then copyright owners have a whole new group of potential defendants to sue--including, potentially, adware vendors for supporting peer-to-peer file sharing vendors via the software download bundle.  My belief, however, is that tertiary liability stretches the chain of culpability too far and courts will be wise enough to see that.

For example, the recent Sotelo v. DirectRevenue ruling refused to dismiss a claim that adware advertisers may be liable for a trespass to chattel committed by an adware vendor.  If that theory sticks (and that litigation is at too early a stage to make any reliable predictions), then in theory if either KaZaA or a bundled adware vendor commits a trespass to chattels, the other bundled software vendor might be liable for that trespass.

I made some arguments against this type of doctrine in a recent editorial.  However, as a practical matter, the law on this topic is especially fluid right now, and we may be witnessing a rapid expansion of liability doctrines that sweep in lots of potential defendants for other people's actions.

A big "Thank You" to Eric for taking the time to share his expertise and knowledge here.  We might have another opinion forthcoming.  Interested readers -- stay tuned.

Topic: Legal

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Still Clear As Mud

    I guess I am going to stick my neck out on this one. So the legality of whether or not a P2P program is technically a vehicle for copyright infringment ... Yes ... But what about the legality and the costs involved for these spyware, adware, keystoke loggers, unsafe/unstable bundled software that comes with it? Does that make them also liable for that same liability? And what about the home user, corporate user, govermental user, that gets infected with these sometimes malicious and harmful (in my opinion) greyware, shouldn't they be held liable not just for the assisting or vehicular copyright but also for equipment or property damage?

    Hot topic for a lot of us IT folk that are always trying to defend ourselves, our networks, or our company networks. Why should we be the ones taking on that cost, time, and headache when they are the vehicle or cause of such problems. Maybe if they got a few good sized judgements against them they would slow down or deminish in numbers drastically. Especially if they are legally liable for the damaging costs to a (ie) corporate network that had a adware threat that just happened to get into their network and costed the company a few bills to clean up and then educate their users and then try and protect from that threat again.

    Heck, even if the home user could go after these companies with a class action lawsuit and win a few would probably do some good too.

    I guess I see it as a split topic. Yes the P2P networks are a vehicle, and the adware and spyware that comes with these vehicle could be considered part of that software making them a vehicle or like the carborator of the vehicle, so yea why not hold them liable. But don't stop there with these adware and spyware bundled apps, lets start eliminating or reducing the costs associated with these programs for damages to a pc or an organizations network.

    Thanks for the great service and wonderful information. Best wishes to all,

    • class action lawsuits

      flipper1975wat, You mentioned class action lawsuits. Three lawsuits have been filed this year against adware companies, Direct Revenue, 180solutions and eXact Advertising. I blogged each of them and about Direct Revenue reporting the lawsuit was hurting their business. I believe the class action suits do have an effect. Adware companies are affected financially and get lots of negative press along the way. None of the 3 cases have been settled yet, but it will certainly be interesting to follow the outcomes.
  • It's not only Bertelsman being sued

    Although this isn't well publicized, the ongoing case you refer to
    is not primarily directed at Bertelsman, who settled and is a
    major label, more associated with the Plaintiffs than the
    Defendants. The Napster case is against Hummer Winblad, the
    VC firm that invested $11M into Napster (as opposed to the
    $85M put in by Bertelsman) AND against Hank Barry and John
    Hummer PERSONALLY. The message they want to send to the
    $18B VC industry is watch what you invest in, because we will
    come after you and your family if you don't.
    Cheryl erber