Sign Up
Stay current with GH&R Newsletters. Click here to sign up.
E-Commerce News
Federal Trade Commission Act Offers Consumer Protections for Small Businesses, Nonprofits and Religious Institutions Under the FTCA; Computer Hacking - A Different Kind of "Loss"
July 22, 2008
Federal Trade Commission Act Offers Consumer Protections for Small Businesses, Nonprofits and Religious Institutions Under the FTCAA company that acquired and sought to enforce allegedly fraudulent telecommunication service contracts may be in violation of the Federal Trade Commission Act, even though its "consumers" were not private individuals.
As a result, a federal court in Illinois ruled that the Federal Trade Commission Act protects small businesses and religious and nonprofit organizations as well as individuals.
Section 45 of the FTC Act prohibits "unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce ...." It allows for civil actions under Section 57, for "consumer" injuries resulting from such acts or practices.
According to the court, the FTC Act’s jurisdiction is not limited to private individuals under the definition of "consumer." In fact, Section 45 provides for protections to persons, partnerships, or corporations harmed by unfair methods of competition or unfair or deceptive acts or practices.
In this case, the FTC brought an action against IFC Credit Corporation, claiming that IFC attempted to recover payments from customers after IFC cut off service. Indeed, IFC never even guaranteed these services.
IFC filed a motion to dismiss arguing that the Federal Trade Commission lacked jurisdiction because small businesses, nonprofit organizations and religious institutions are not "consumers." As such, IFC claimed the organizations were not entitled to protections from unfair methods of competition and unfair or deceptive acts or practices under the FTC Act.
The FTC, however, argued that it has applied the term "consumer" to businesses and individuals alike.
The court found that it is required to give deference to the agency’s interpretation unless the legislative history or structure of the FTC Act indicates a contrary interpretation.
In addressing these concerns, the court concluded that Congress’ enactment of the FTC Act in 1914 provided a broad authority to the Commission. The court also pointed to a 1934 Supreme Court holding that nothing in the text of the FTC Act or the legislative history suggests Congress intended to restrict the FTC’s purview to "fixed and unyielding categories."
With a 1938 Amendment to the FTC Act and the addition of the phrase "unfair or deceptive acts and practices," Congress expanded the FTC’s protections to consumers as well as competitors. A final expansion of power came in 1975 when Congress added "in or affecting commerce," to the text of the Federal Trade Commission Act.
It was not until a 1994 amendment that a real limit on the FTC’s authority was announced, creating the precondition that to announce an act or practice to be "unfair," it must be one that "causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves."
In arguing for an implied, restricted "consumer" definition, IFC cited to the Black’s Law Dictionary definition: "a person who buys goods or services for personal, family, or household use, and with no intention of resale; a natural person who uses products for personal rather than business purposes." Under such a definition, these organizations would clearly fall outside the "consumer" umbrella.
However, in a war of the dictionaries, the court sided with Merriam-Webster Collegiate Dictionary’s more general definition: "one that consumes." This concept fell in line with FTC’s claim, evidenced by case law, that it has long provided protections to more than mere individuals purchasing goods for household or personal goods.
The court was unfazed by IFC’s policy argument that granting the FTC the power to regulate businesses would "bring U.S. commerce to a screeching halt. "If the FTC were to prevail at trial, all that would be ‘chilled’ would be unfair and deceptive practices – a result consistent with the principle that the necessity of good faith and honest, fair dealing, is the very life and spirit of the commercial world."
The court noted, "Congress has entrusted to the FTC the power to determine whether a particular act or practice is unfair. Consistent with its Congressional mandate, the FTC has concluded that small businesses and religious and other nonprofit organizations are consumers and are entitled to protection from deceptive and unfair acts and practices."
The court is clear: don’t mess with the little guy, be he a small business, nonprofit, or religious organization.
Computer Hacking - A Different Kind of "Loss"
Internet-based SuccessFactors Inc. will be able to include in its calculation of "loss" the costs of determining who had hacked into its Website and obtained proprietary information under the Computer Fraud and Abuse Act.
According to a federal district court in California, Section 1030 of the CFAA permits including costs allocated toward the discovery of the identity of the hacker as a mere cost of responding to the offense.
SuccessFactors Inc. included this calculation in their suit against competitor Softscape Inc. under a claim for violations of the CFAA. SuccessFactors alleged that, following an unauthorized access of privileged parts of their website, Softscape sent a derogatory email to SuccessFactors’ clients and potential clients.
CFAA Section 1030 makes it unlawful to access a protected computer and provides civil actions for compensatory damages and other relief to any person who suffers damage or loss exceeding $5,000 on account of another’s computer misuse.
Softscape moved to dismiss the "losses," relying on a holding in a New York federal court involving Tyco International. The court in that case found that "the CFAA allows recovery for losses beyond mere physical damage to property," but qualified that finding by noting that "the additional types of damages awarded by courts under the Act have generally been necessary to assess damages caused to plaintiff’s system or to re-secure the system in the wake of a spamming attack."
The California court differentiated the present case from Tyco, drawing a distinction between the physical harm at issue in Tyco with the harm to proprietary information due to unauthorized access and theft in this case.
According to the California court, a plaintiff such as SuccessFactors must determine exactly who has the protected information and what precisely they have accessed in order to remedy the harm. But, where physical damage is concerned, as in Tyco, that determination is unnecessary to remedy or discover the extent of the harm.
The types of losses that arise in CFAA actions vary with the facts. Apparently so does the ability to recover them.
This Newsletter is a periodic publication of Graydon Head & Ritchey LLP and should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general information purposes only, and you are urged to consult your own advisor concerning your situation and any specific legal question you may have.