Sign Up
Stay current with GH&R Newsletters. Click here to sign up.
E-Commerce News
Court Upholds Google Forum Clause; Employee Conduct Does Not Implicate Employer Under CFAA
February 13, 2007
COURT UPHOLDS GOOGLE FORUM CLAUSEIf you’ve entered an Ad words contract with Google, be prepared to visit northern California if you have to sue the search engine giant. A federal court in New York recently held that a forum selection clause in Google's AdWords online contract, that requires all claims to be litigated in northern California, is enforceable. That was bad news for Google’s customer, a New York attorney who was hoping to fight the case on his home turf.
The case arose when Carl E. Person, a New York lawyer and candidate for state attorney general, filed suit in a New York court against Google. Person alleged that Google had conspired with its high volume advertisers to drive up prices. Google filed a motion to dismiss the case for improper venue, based on the forum selection clause in the AdWords contract, which required that all suits be filed in northern California (“where the girls are warm” – Steve Miller Band), home of Google’s headquarters.
Although courts once uniformly rejected contractual forum clauses, the more modern view is that courts will enforce them, so long as they are not “unreasonable under the circumstances.” In this case, when the court turned its attention to the question of reasonableness, it found that enforcement would not be unreasonable.
Person argued that the contract was an “adhesion contract” – a legal term for a standard-form contract typically offered by large, economically powerful corporations to needy individuals on a take-it-or-leave-it basis, with no opportunity to change the contract's terms. Given Person’s status as a New York attorney, the court found that he did not fit the classic definition of a "needy individual."
The court also decided that the clause was not “fundamentally unfair. To find a contract fundamentally unfair, a court must find at least one of three factors: “forum shopping” (i.e. choosing a forum with little relation to the action, strictly for a tactical advantage), fraud or overreaching, and lack of notice to the other party. Since Google's corporate headquarters are in California, the court found that a California forum promoted convenience both to Google and to the larger court system. Person did not allege fraud, and the court found no indication that he lacked notice of the clause: He had seen the terms and had had an opportunity to reject them before engaging in business through AdWords.
Accordingly, while the clause gave an advantage to Google, it was enforceable. In other words, read the contract BEFORE you do the deal. Person should have known better.
EMPLOYEE CONDUCT DOES NOT IMPLICATE EMPLOYER UNDER CFAA
A company does not violate the Computer Fraud and Abuse Act (CFAA) when its employee acts on his own and without the company's knowledge, according to a recent holding from the U.S. District Court for the District of Columbia. The mere fact that the perpetrator was a company employee and used company computer facilities does not establish “intent” for purposes of the CFAA.
The case arose when the law firm Butera & Andrews alleged that it was subjected to 42,000 attacks on its e-mail server from 80 different IP addresses, all controlled or belonging to defendant IBM. (Editor’s note – Don’t hack into a law firm – it really ticks us off!) Of course, the B&A sued the deep pocket, IBM. It alleged that the attacks violated the CFAA and "were made with IBM owned or operated equipment and were directed by IBM employees or agents."
IBM denied that it knew anything about the attacks, and for that reason, moved to dismiss the complaint since the CFAA provides a cause of action only against a person who "intentionally accesses" a computer without authorization.
In reaching its decision, the court made a key finding regarding the definition of intent. Based on its review of the CFAA’a legislative history, the court determined that “intent” under the CFAA requires that the violation "must have been the person's conscious objective."
But in its suit, B&A alleged only that the attacks "were the result of unauthorized activity." According to the court, that allegation tended to undermine a finding of intentional conduct by IBM. The court said there was a key difference between the use of a company's assets to commit a crime and that company's approval or even knowledge of the activity. The court said that, absent something more than an employer-employee relationship, "there are no grounds whatsoever for bringing an action against IBM under any of the statutes relied on, ... as each requires 'intentional' conduct."
The court also found no common law “respondeat superior” claim. Under that theory, IBM cannot be held liable for an employee's intentional conduct on the employer-employee relationship alone. "There is no basis to hold IBM liable under theories of respondeat superior or vicarious liability for the actions of the John Doe defendant [B&A could not identify the specific employee], even if the attacks were actually carried out by an IBM employee or agent," the court said.
Based on B&A’s failure to establish IBM’s intent, the court dismissed the CFAA claim.
This Newsletter is a periodic publication of Graydon Head & Ritchey LLP and should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general information purposes only, and you are urged to consult your own advisor concerning your situation and any specific legal question you may have.