Prof. Goldman blogged recently about the Direct Revenue case, linking to an amicus brief he filed [pdf] and the transcript of the Motion to Dismiss hearing [pdf].  

The Hearing:

The hearing demonstrates a fundamental disconnect about what constitutes spyware.  The AG's office makes the understandable error (in my mind) of using the term "spyware" constantly without defining it.  This is a common practice in the anti-spam arena.  Anyone who has dealt with an unsophisticated anti-spam plaintiff can attest to the fact that throwing around the term "notorious spammer" in legal documents or in court is not likely to persuade the factfinder that the defendant actually sends messages in violation of state or federal laws.  These terms have taken on a meaning in common parlance that doesn't quite track the legal definition.  Calling someone a spammer in a pleading is sort of like saying that "the plaintiff obviously deserves to win."  If it's that obvious, you probably would not be in front of the judge arguing about it.  That said, the judge (and defense counsel) seem to have a view of spyware that seems overly restrictive.  At one point, the court signals to the parties as to what it deems critical, and asks:

does Direct Revenue also publish information about me or my use of my computer to other people?

This definition would not seem to adequately capture the harms in question.  A program that's been installed surreptitiously on a person's computer can cause all sorts of harm apart from publishing information to third parties.  The company can use the information in a manner not intended by the consumer.  The software can run "in the background".  The software can "call home".  The software can be hard to uninstall.  Indeed, Direct Revenue's counsel  argues that the software "can be safely and completely removed by going to . . . www.mypctuneup.com" and that the user will be provided an "electronic trash can".  It's unclear who runs mypctuneup.com, and what relationship this website bears to Direct Revenue.  But this should be the first red flag in the analysis.

The Amicus Brief:

I similarly have trouble with the amicus brief.  I understand it well enough, but I'm not sure what the point of it is.  Professor Goldman's contention is that click-wrap agreements of the type agreed to by Direct Revenue customers are "ubiquitous on the Internet" and that because the customer agreed to a click-wrap in this case, the AG's enforcement action sweeps too broadly.  To me that's neither here nor there.  Everyone agrees to click-wrap agreements, and they are generally thought to be enforceable.  But courts should only enforce click-wraps within "reasonable" parameters.  (I'm not exactly sure how Specht v. Netscape fits into the equation.)  Put another way, when the average person downloads a piece of software, they agree to a click-wrap, expecting (reasonably) to be able to uninstall the software and to be able to control the software.  Direct Revenue's counsel's arguments seem to undermine the brief's position that the click-wrap in this case is a standard (ubiquitous) click-wrap agreement.  When is the last time you downloaded a piece of software that you needed an "electronic trash can" provided by the vendor to "throw out"?  (See Transcript, p. 14 (lines 20-25); 15 (lines 1-10).)

I don't buy Direct Revenue's argument.  Or the brief's either, for that matter.  (Professor's Goldman's qualm seems to be that the charging document does not sufficiently allege anything more than a violation of the click-wrap.  But that's more of a procedural issue.)

I will have more to say about this, including some discussion of Specht and specific spyware statutes.  In the meantime, check out Ben Edelman's page discussing the case and providing links to documents.