“Forward To Friend” Class Action Against Reunion.com Dismissed With Leave to Amend

Just came across an order from the Northern District of California granting a Motion to Dismiss filed by Reunion.com in a class action case. (Access a copy of the order here [pdf] [5 pages].) This is a pretty interesting case that hinges on the scope of CAN-SPAM preemption, and some conceptual questions around "forward to a friend" programs.

The Complaint

The crux of the complaint is that at some point Reunion started mining the contact information of its users and sent friends of the users emails trying to get the friends to join. The emails appeared to come from the user (e.g., “I’ve been trying to connect with you on Reunion”). There doesn’t appear to be any dispute that at some point Reunion’s privacy policy did disclose these practices, although it’s unclear as to how adequate the disclosure was. (See footnote 1 of the court’s order.) The complaint alleged that the subject lines and headers were misleading. For example, the complaint alleged that the subject line “[Member Name] Wants to Connect With You” was “likely to mislead the recipients into believing the emails were a personal request to connect with the individual, rather than an unsolicited commercial email advertisement.” Based on this, plaintiffs alleged violations of section 17529.5, California’s anti-spam statute.

Court Dismisses Complaint Based on CAN-SPAM Preemption

The court agreed with defendant’s preemption/Mummagraphics argument that in order to recover under California's anti-spam law, the complaint would have to allege facts sufficient for a “common law fraud or deceit” claim. Basically, an immaterial or borderline subject line violation or header violation could not support a state law claim. Reunion wanted the court to go beyond this and dismiss with prejudice – on the basis that there was no way the complaint could be rehabilitated. It pointed to FTC “forward to friend” regulations in order to bolster its arguments. (See a summary of the FTC regs here.) The court rejected this argument, easily finding that the regulations did not purport to offer blanket exemption to any entities from CAN-SPAM liability. The inquiry under the regulations was “highly fact specific,” and the complaint didn’t contain sufficient facts to foreclose liability against Reunion.

The Amended Complaint

The amended complaint [pdf] [33 pages] extensively catalogues Reunion’s email practices and alleges claims based on Cal. Bus. & Prof. Code 17529(a)(1), (a)(2), and (a)(3). (See a summary of the California statute here, the provisions at issue roughly track the spam laws of other states – (1) accurate subject line, (2) no bad header information, and (3) domains must be used with permission.)

First Claim – Use of Domain Name Without Permission (Cal. Bus. & Prof. Code § 17529.5(a)(1))

The first claim alleges that Reunion sent emails that appeared to come from third party domains (rather than reunion.com) without obtaining the permission of the third party. The claim here is brought on behalf of people who received Reunion emails from their friends who had google or Yahoo-provided email addresses. Ostensibly, Yahoo and Google do not provide individuals email addresses and then allow third parties (such as Reunion) to send emails which appear to come from those email address. (Wait, they do, people do this all the time when forwarding articles from newspaper websites or otherwise using forwarding functionality on websites.)

Reunion has a pretty good argument here.  Reunion will argue that Reunion relied on the representation made from the “forwarding friend” that Reunion had permission to use the domain (or this permission ran through to Reunion). To the extent Reunion erred, it’s not the type of material error that CAN-SPAM is aimed to prevent.

The emails included in the complaint clearly disclose at the bottom that they come from Reunion at the request of a Reunion member. This runs smack into Mummagraphics and that’s what Reunion can and will argue.

Second Claim – Misrepresentation of Header Information (Cal. Bus. & Prof. Code § 17529.5(a)(2))

The second claim alleges that the emails violate subsection (a)(2) because the emails “falsely represented that the Email[s] had been sent from an individual, rather than from Reunion.”

I think this claim has a Mummagraphics problem as well. The bottom of the email clearly discloses that it comes from Reunion.

Third Claim – Misleading Subject Line (Cal. Bus. & Prof. Code § 17529.5(a)(3))

The third claim alleges that the subject lines are misleading. The subject lines don’t seem outside the bounds of what is permissible, particularly since the emails were triggered by the preferences of the “forwarding friend”. (Again, a caveat as to factual grey area here.)  I can’t see the plaintiffs getting much traction from this claim (although I could be wrong).
__

This is a fairly interesting lawsuit in a lot of ways.

First off, it’s interesting that the claims are brought on behalf of the recipients and not on behalf of the senders. I would think the senders (forwarding friends) had cause to complain. They may not have had cognizable legal claims, or claims under any spam statute, but the annoyance certainly affects them as much, if not more. (The complaints lodged against the FTC which are referenced in the complaint interestingly all come from the forwarding members.)  Their claims would look totally different than the claims of the recipients but I don’t get the sense that they would be much weaker. The process through which Reunion “invites” members to invite their contacts to sign up is murky, but according to the complaint, it involves a “negative option” – unless the member takes affirmative action, the contacts are automatically invited. There is one tweak here. The complaint mentions that the members are required to provide their email address and password for the email address in order to sign up. It’s tough for the members to argue that they weren’t tipped off that their contacts would be tapped where they have provided the password for their email accounts.

The court’s order dismissing the complaint seems to ask for an amendment which has some meat as far as fraud and misrepresentation underlying the statutory claims. I didn’t get the sense that the amended complaint contained much on this front.

The preemption argument has gained a lot of steam. Although Virtumundo is currently on appeal, Mummagraphics is pretty persuasive, and it’s unlikely that courts will ultimately not find some preemption. (An earlier Central District decision [link] preempted another portion of California’s spam statute - California Business and Professions Code §§ 17529.4 and 17538.45).  The conclusion here that the other parts of California's spam statute (dealing with subject lines, header information, etc.) should be interpreted to require a material error or misstatement seems pretty sound.

All of this sort of assumes that the advertisement is a commercial email message. Admittedly, Reunion’s goal in sending the email is getting more members, but if all they’re asking recipients to do is sign up for free, they can still argue that the emails at issue aren’t commercial email messages and thus do not fall within anti-spam statutes.  The emails that are the subject of the lawsuit do not propose a commercial transaction in the sense that the recipients are not paying Reunion anything if they join.  (The forward-to-a-friend regulations and accompanying discussion have some language that may come into play here.) 

It’s a tough call. The complaint is well drafted (and incidentally, the lawyers are no strangers to spam litigation, having represented some winners on the defense side against Asis, an entity that lost in the Northern District on the basis of standing). But ultimately, the emails clearly disclosed that they were sent on behalf of Reunion. Under Mummagraphics it’s a tough sell to bring a claim based on the misleading nature of the spam in this context. The big question in my mind is whether the subject line claim will be viable. I guess arguably the subject lines are roughly  accurate and request the recipient to “connect” the friend. On the other hand, the email is just Reunion’s method of broadening its user base - maybe it should have been more honest about this? Will the outcome depend on how easy it is for the person who joins to control their privacy preferences (and whether these preferences are, in reality, honored)? Will the outcome depend on whether the person who initiates the email feels like they were duped?

Finally, this is probably far-fetched, but can Reunion make out a defense under section 230?

On the marketer side, this case illustrates some of the pitfalls of viral marketing.  The Reunion program instantly triggered public criticism, and a class action was inevitable.  I guess I would recommend taking a second look at the copy around any of these programs and communications.  I think Reunion could have re-worded the subject lines to more easily avoid the claims here (without resulting in much loss on the conversion side).  In general, a website which uses any sort of forwarding feature should be clear that the content or message is being forwarded by the website at the request of a third party. 

On the anti-spam front, it's becoming clearer now how far-reaching Mummagraphics is. 

NB: I use the term "forward to friend" here, but it's not clear that Reunion's emails really fall into that category.  A typical forwarding program requires someone to take action to forward something to a friend.  Again, it's tough to tell from the pleadings whether that was the case here.
 
Added:  check out Ethan Ackerman's post here (Prof. Goldman's Technology & Marketing Law Blog) and Thomas O'Toole's here (BNA's E-Commerce and Tech. Law).  Both of them think the preemption argument went too far here and is unlikely to hold up on appeal. Ethan thinks Mummagraphics went too far, I'm not sure I disagree with him.  I remember thinking and posting at the time that the court there could have held that there was no cognizable claim under OK law, rather than going full bore on the preemption issue.  I guess we'll see more in the next few rounds.
  
 
Trackbacks
  • No trackbacks exist for this post.
Comments

  • 12/1/2008 3:19 PM Private Person wrote:
    Reunion.com should be SHUT DOWN for violating Americans' privacy without their knowledge or permission.

    Privacy VIOLATIONS BY REUNION.COM

    Reunion.com is known to acquire the real names, birth date, high school and colleges attended by individuals and create profiles on their behalf. Many people do not want their personal information (such as their age) publicly posted without their consent. This runs counter to the officially stated policy that "Reunion.com respects your privacy." Respecting people's privacy would require an opt-in means for posting private info, yet the Reunion.com homepage does not even show a means for people who feel violated to opt-out.

    Although member privacy is protected through a blind relay e-mail system preventing that e-mail addresses and contact information is revealed, it is possible to unwittingly allow Reunion to access all your email addresses stored on your computer upon registration. These e-mail addresses are then used, under your name, to solicit more members.[3]

    Reunion.com claims that its members voluntarily choose to share their e-mail usernames, passwords and the contents of their mail boxes. However, this information is used for spoofing which misrepresents the sender of the e-mail.

    Reunion.com began to display actively spidered public records in September of 2008, tying the generated data to a type of profile called a Public Profile[4]. Information that the subject of the profile has not approved, such as family names, names of deceased relatives, married and maiden names, and other contacts are coalesced into a public facing document. People must again opt-out by proactively, contacting Reunion.com and asking to be removed. This is a further violation of privacy rights and has called into question Reunion.com's business ethics.

    E-mail spoofing

    Many people know Reunion.com because they received a spoofed e-mail. People who subscribe to Reunion.com often unwittingly allow Reunion to access all email addresses stored in their free e-mail accounts. These are then used to solicit more members under their name by altering the sender address and other parts of the email header to appear as though the email originated from the person who subscribed.[5] So although the e-mail resembles an e-mail that is sent by a friend, family member, business contact or another relation, it is in fact sent by Reunion.com. Such fraudulent e-mail activity is known as e-mail spoofing and is often used for e-mail spam.

    A typical text of an e-mail by Reunion.com is "I looked for you on Reunion.com, but you weren't there. Please connect with me so we can keep in touch. Do you know XXXXXXX?" " Yes " " No " <-- Buttons that link to their login page "Tell us, and see who's searching for you! "

    The first phrase is generally not true; Reunion.com sends such an e-mail to e-mail addresses found in contact lists of accounts provided by subscribers. Reunion.c
    Reply to this
Leave a comment

Submitted comments are subject to moderation before being displayed.

 Name (required)

 Email (will not be published) (required)

 Website

Your comment is 0 characters limited to 3000 characters.