This is a special proceeding brought pursuant to Executive Law §63(12), General Business Law §§ 349 and 350, Penal Law § 156.20 and New York common law. Petitioner Attorney General seeks injunctive and monetary relief against respondent Direct Revenue, LLC ("Direct Revenue") and its principals for allegedly deceptive and illegal practices relating to the installation of pop-up advertising software on consumers' computers.

Respondents move to dismiss (CPLR 3211[a][7], CPLR 3013) on the grounds that: (1) the transactions complained of were either authorized by contract or initiated by independent third parties outside of respondents' control; (2) the petition fails to provide reasonable notice of the numerous additional transactions allegedly at issue; (3) the petition fails to allege that the additional transactions took place in New York; (4) the petition impermissibly exports the state's standards to transactions occurring outside New York in violation of the Commerce Clause of the United States Constitution; and (5) the remedy of disgorgement is not available under the relevant statutes.

For the following reasons, the petition is dismissed in its entirety. [*2]

Facts

Respondent Direct Revenue is a Delaware corporation with its primary place of business in New York. The individual respondents Joshua Abram, Rodney Hook, Daniel Kaufman and Alan Murray are the officers and shareholders of Direct Revenue who founded the company in 2002.

Direct Revenue is engaged in the business of advertising. Specifically, the company produces software, including software that delivers advertisements to consumers' computer screens through the Internet. Although the petition characterizes its products as "spyware," at oral argument petitioner conceded that the software at issue does not collect consumer computer usage information for publication to third parties. Rather, the parties agree that the software merely generates pop-up ads geared to a consumer's Internet usage.

Direct Revenue does not charge fees to consumers. Instead, it receives compensation from the companies whose products and services it advertises. To induce consumers to view the ads, the company offers them popular software applications, such as screensavers or games, free. When the free application is downloaded by the consumer, the applications install another piece of software from Direct Revenue known as an "advertising client," which generates the pop-up ads. The ads may be discarded by clicking on an "X" in the upper right-hand corner of the box in which they appear.

In many cases, Direct Revenue contracts with third-party distributors to disseminate the "advertising client." Those distributors, in turn, contract with subdistributors to assist in the process. The third parties bundle Direct Revenue's advertising client software along with their own software programs which they offer to internet users. The distributors leave a "stub" file on consumers' computer, which sends a message to Direct Revenue's servers to facilitate installation and updating of the advertising software.

In response to consumers who complained that Direct Revenue's ad-generating software was being installed on their computers without notice or consent, the Attorney General ("AG") commenced an investigation in November 2004. Between November 2004 and March 2006, AG investigators conducted 29 tests of websites which distributed Direct Revenue's advertising client. The transactions were conducted over the Internet from computers located in New York City.

Seven of the 29 transactions were conducted directly with Direct Revenue, either through a Direct Revenue website, or a Direct Revenue advertisement appearing at a website operated by a third party. In each of the seven cases, the investigator was presented with a computer hyperlink which specifically referred to Direct Revenue's end-user license agreement ("EULA"). A dialog box labeled "Security Warning" appeared each time, offering the user the option of accepting the terms of the EULA by clicking "Yes" or declining it by clicking "No." The accompanying message explained that by clicking on "Yes," the user acknowledged that he or she had read the EULA and agreed to be bound by its terms.

The pertinent provisions of the EULA are as follows:

Section 1 ("Acceptance of Agreement")

The Software will collect information about websites you access and will use that information to display advertising on your computer. [*3]

* * *

By clicking Yes,' install' or downloading, installing or using the Software, you acknowledge that you have read and understood this Agreement, agree to be bound by its terms, and represent that you have the necessary rights and permissions to install the Software on the computer being used. If you do not agree to be bound by the terms of this Agreement . . . you may not download or use the software.

Section 2 ("Functionality"):

This Software delivers advertising and various information and promotional messages to your computer screen while you view Internet web pages.

* * *

By installing the Software, you understand and agree that the Software may, without further notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to [Direct Revenue], in the form of pop-up ads, interstitial ads and various other ad formats . . . automatically update the Software and install added features or functionality or additional software.

Section 3 ("Uninstall and Remove Software"):

You may uninstall the Software at any time by visiting www.mypctuneup.com.

Section 11 ("Disclaimer of Warranty"):

[Respondent] DISCLAIM ALL WARRANTIES OF ANY

KIND, EXPRESS OR IMPLIED.

Section 12 ("Limitation of Liability"):

[Respondent shall not] BE LIABLE TO YOU

OR TO ANY THIRD-PARTY FOR ANY DIRECT,

INDIRECT INCIDENTAL, CONSEQUENTIAL, SPECIAL

PUNITIVE OR OTHER DAMAGES.

In six of the seven cases involving transactions with Direct Revenue, the OAG investigator clicked "Yes" and downloaded the free software. In one case, the investigator declined to accept it and no software was installed on the computer.

The remaining 22 of the 29 transactions were conducted with websites or advertisements of third party distributors. Direct Revenue's advertising client, along with other companies' advertising software, was installed on the investigator's computer in 21 of those transactions. In twelve of those instances, the software was installed without the investigator clicking on "Yes" or otherwise signaling consent. In sixteen of those instances, no link to the EULA was provided. [*4]Ten of the instances involved installations via subdistributors.

Direct Revenue entered into a Standard Distribution Agreement (the "SDA") with the distributors of its advertising client. Section 2.2 of the SDA provides that respondent's software "will not be installed until after each potential Registered User has agreed to . . . by means of legally valid affirmative consent" Direct Revenue's EULA or its equivalent. That section also requires distributors "to represent[] and warrant[] that each potential Registered User will be specifically informed that they are downloading [Direct Revenue's software] prior to the time such download commences and will receive any other disclosures as required by law." Section 11.1 provides that "neither [party] shall have the right, power or authority at any time to act on behalf of, to impose any obligation on or to represent the other, except as expressly set forth herein."

In addition to the specific instances identified in the course of the AG's investigation, petitioner alleges that Direct Revenue's software has been installed 150 million times in computers all over the world. The petition asserts five causes of action, alleging deceptive acts and practices under General Business Law § 349 (Count I), false advertising under GBL § 350 (Count II), negligent supervision (Count III), trespass to chattels (Count IV) and computer tampering in the fourth degree as defined by Penal Law § 156.20 (Court V). In addition to injunctive relief against respondents' allegedly unlawful advertising and installation practices, petitioner seeks disgorgement of revenues under a theory of unjust enrichment, a monetary penalty of $500 per deceptive or unlawful action under GBL § 350-d and a judgment of $2,000 against each respondent under CPLR § 8303(a)(6).

Discussion

The petition is dismissed. Under CPLR 409, applicable to special proceedings, "[w]here no triable issue of fact is raised, a summary determination is appropriate based on the pleadings, papers and admissions in accordance with the standards for granting summary judgment" (10 West 66th St. Corp. v New York State Div. of Hous. and Cmty. Renewal, 184 AD2d 143, 148 [1st Dept 1992]). As discussed below, petitioner has not established any deceptive conduct or false advertising in connection with the seven specifically identified transactions with Direct Revenue, insofar as all of the completed installations were authorized by the AG investigators in accordance with the terms of the EULA. As to the remaining enumerated transactions with distributors and subdistributors, petitioner has not shown that respondent should be held liable for the actions of those third parties under a theory of agency or ratification, or otherwise. Furthermore, no recovery is available against respondent for the alleged millions of other consumer transactions because petitioner has failed to provide meaningful notice of how those transactions were deceptive or whether they took place in New York. Finally, petition's demand for disgorgement fails because there is no allegation that respondent improperly took anything of value from a consumer, and petitioner has no statutory authority to seek such damages on its own behalf.

Transactions with Direct RevenueIn each case that the AG's investigators successfully installed respondents' advertising client, they first clicked on the "Yes" button on a dialog box to assent to the terms of the EULA. This conduct created a binding "click-wrap" agreement which bars any claim for deceptive or unlawful conduct. Under New York law, such contracts are enforced so long as the consumer is given a sufficient opportunity to read the EULA, and assents thereto after being provided with an unambiguous method of accepting or declining the offer (Moore v Microsoft Corp., 293 AD2d [*5]587, 588 [2d Dept 2002]; see I. Lan Sys. Inc. v Netscout Svc. Level Corp., 183 F Supp2d 328, 329 [D. Mass 2002][click-wrap license enforced where plaintiff "explicitly accepted the clickwrap license agreement when it clicked on the box stating I agree'"]; Forrest v Verizon Comm., Inc., 805 A2d 1007, 1011 [a "contract is no less a contract simply because it is entered into via a computer"]). Claims that a consumer was not aware of the agreement or did not actually read it must be disregarded where, as here, it is undisputed that the agreement was acknowledged and accepted by clicking on the relevant icon (see, Mortgage Plus, Inc. v DocMagic, Inc., 2004 WL 2331918 [D Kans Aug. 23, 2004]). It is not necessary that it be made impossible for the consumer to signal assent or proceed to installation without being first forced to read the EULA; rather, it is sufficient that a separate hyperlink leading to the agreement is available (see, e.g., Eslworldwide.com, Inc. v Interland, Inc., 2006 WL 1716881 [SDNY 2006]; EF Cultural Travel BV v Zefer Corp., 318 F3d 58 [1st Cir 2003]).

Given the disclosures made in the EULA regarding the pop-up ads and respondents' relevant policies, no GBL § 349 for a deceptive practice may be asserted. Petitioner does not identify anything in the EULA that is false, deceptive or misleading. Furthermore, the clear disclaimers and waivers of liabilities bar any remedy (see, Moore, 293 AD2d at 587). There is no allegation that respondents made prior or other representations to consumers that contradicted the terms of the EULA (see, Goshen v Mut. Life Ins. Co., 98 NY2d 314 [2002]; Gaidon v Guardian Life Ins. Co. of Amer., 94 NY2d 330 [1999]).

Acceptance of the EULA also bars the common law claim of trespass to chattel. Such a cause of action requires that the interference with the plaintiff's property occur without consent (see, JetBlue Airways Corp. Privacy Litig., 379 F Supp2d 299, 328-29 [EDNY 2005]). Although consent may be found invalid where procured by affirmative fraudulent misrepresentations (see, e.g., Shiffman v Empire Blue Cross & Blue Shield, 256 AD2d 131, 131 [1st Dept 1998]), no such deception is alleged here. For similar reasons, the claim for computer tampering under Penal Law § 156.20 fails because consent is a defense under the statute.

The false advertising claim under GBL § 350 must also be dismissed. There is no dispute that four of the six completed installations were not preceded by any advertisement at all. The advertisements for the remaining two merely described Direct Revenue's software as "free," and it is conceded that no consumer was ever charged for it. To the extent that the obligation to receive the advertising client can be construed as a qualification on the word "free," respondent did disclose that condition by reference to the EULA as permitted by the Federal Trade Commission ("FTC") guidelines regarding the use of the word (see, FTC Guide § 251.1[c]). Under GBL § 350-d, "it is a complete defense that the advertisement is subject to and complies with the rules and regulations of, and the statues administered by the Federal Trade Commission."

Finally, petitioner does not dispute that no recovery may be sought for the remaining transaction with respondent which did not conclude with the installation of the allegedly offensive advertising client.

Transactions with Third Parties

Dismissal is required with respect to the 22 transactions conducted with third parties, who petitioner concedes were independent contractors rather than agents of Direct Revenue. A principal is generally not liable for the acts of an independent contractor because of the lack of control over how the contractor's work is performed (Chainani v Bd. of Educ., 87 NY2d 370, [*6]380-81 [1995]). Neither may the principal be charged with the conduct of even more remote subcontractors (People v Synergy6, Inc., Index No 404027/03 [Sup Ct NY Co 2006][unpublished disposition][Attorney General's action for deceptive practices and false advertising under GBL dismissed as against email marketing company where fraudulent emails were sent by company retained by agent]). Although exceptions exist, such as where the contractor was negligently retained or supervised (Saini v Tonju Assocs., 299 AD2d 244, 245 [1st Dept 2002]) or where the principal has ratified the wrongful acts (Kormanyos v Champlain Valley Fed. Sav. and Loan Assoc. of Plattsburgh, 182 AD2d 1036, 1038 [3d Dept 1992]), the record here does not support any grounds for departure from the usual rule.

As noted, under the SDA, Direct Revenue contractually required its distributors to obtain consent of consumers consistent with the terms of the EULA. The SDA also forbade the distributors from holding themselves out as respondent's agents. Respondent was not authorized or obligated to control their work, particularly since many of them additionally acted as distributors for various other advertisers. Although in Sotelo v Direct Revenue, 384 Supp2d 1219 (ND Ill 2005) the court upheld a cause of action against respondent for negligent supervision of distributors, the issue arose on a motion to dismiss and the court thus restricted its inquiry to the four corners of the complaint. Notably, the court stated that it was precluded at that procedural juncture from considering respondent's evidence that the distributors were independent contractors, evidence which, as here, included the SDA.

Petitioner nevertheless argues that Direct Revenue is responsible for every installation of its advertising client, noting that its servers interact with the consumer's computer regardless of which distributor or subdistributor caused the original stub file to be present. However, mere participation in the installation is insufficient, absent proof of involvement in the original deceptive conduct which induced the installation. Moreover, since 2005 respondent has provided consumers with a means of uninstalling the advertising client if they desire, by clicking on the "?" icon appearing on each advertising and visiting a website offering the necessary software. Of the 150 million claimed installations, the record reflects that only between 1.4 million and 2.4 million (between .9% and 1.6%) have remained installed on consumer computers.

The theory that respondents ratified the alleged third party misconduct also fails. The allegations that respondent had general and/or constructive knowledge of some distributors' wrongful practices are insufficient to impose liability (see, Synergy6, supra; Del Signore v Pyramid Sec. Servs., Inc., 147 AD2d 759, 760-61 [3d Dept 1989][mere knowledge of litigation and complaints against security company for undue force by guards insufficient to impose liability upon hiring firm]; see also Hamilton v Beretta USA Corp., 96 NY2d 222, 237 [2001]). Moreover, it is conceded that in those few instances in which respondent obtained actual knowledge of a distributor's misconduct, it took significant steps to modify its procedures. A finding of ratification cannot be found upon such facts, notwithstanding that respondent may have benefited financially from its relationship with the distributors before remedial measures were implemented (see Synergy6, supra).

Transactions with Unidentified Consumers

The petition must be dismissed as to the remaining millions of unidentified consumer transactions. CPLR § 3013 provides that "[s]tatements in a pleading shall be sufficiently particular to give the court and parties notice of the transactions, occurrences, or series of transactions or occurrences, intended to be proved and the material elements of each cause of [*7]action . . . ." Merely identifying a transaction without supplying facts indicating how it gives rise to claim is insufficient (see, Colleran v Rockman, 232 AD2d 322 [1st Dept 1996][pleadings failed to give notice of how attorney's malpractice proximately caused damages]; Drexel Burnham Lambert Group, Inc. v Vigilant Ins. Co., 157 Misc 2d 198 [Sup Ct NY Co 1993][identification of 1,200 insurance claims without specifying persons involved or dates of discovery failed to meet particularity requirement of CPLR § 3013]). Although petitioner is seeking a $500 penalty per transaction — and thus billions of dollars in damages — the pleadings fail to identify anything about the additional transactions other than that they involved installations of respondents' advertising client. Petitioner fails to specify which transactions were deceptive, which advertisements were false, which were conducted with Direct Revenue, and which were conducted with third party distributors or subdistributors. Petitioner also fails to state where the transactions occurred, which is a fatal defect in notice because, as discussed below, the alleged statutory violations are barred for transactions occurring outside of New York.

Petitioner relies primarily on the premise that the 29 identified transactions were representative of all other transactions. Insofar as the court has determined that respondent cannot be held liable for any fraud or deception with respect to the identified installations, no wrongfulness can be imputed to the larger, unspecified class. Furthermore, petitioner fails to identify the methodology by which it determined that the original transactions were representative of all others. Given that each transaction would present, inter alia, individualized issues of consent to the installation and reliance on the

EULA, petitioner's blanket assumption regarding their similarity is untenable.

The claims as to the unidentified transactions must additionally be dismissed to the extent that they occurred outside the State of New York. GBL §§ 349 and 350 are both restricted to addressing unlawful practices committed "in this state." Accordingly, "to qualify as a prohibited act under the statute, the deception of a consumer must occur in New York" (Goshen v Mut. Life Ins. Co. of New York, 98 NY2d 314, 325 [2002]; see Drizen v Sprint Corp., 12 AD3d 245 [1st Dept 2004]; State v Telehublink, 301 AD2d 1006 [3d Dept 2003]. Although nonresident consumers are protected (see Goshen, 98 NY2d at 325) at least some part of the underlying unlawful transaction affecting them must be completed in this state (see Mountz v Global Vision Prods, 3 Misc 3d 171 [2003] [telemarketing site and the receipt of Internet orders physically within New York State sufficient]; Telehublink, 301 AD2d at 1006 [use of New York mailbox to send and receive correspondence relating to deceptive telemarketing scheme]). However, where the deception is alleged to have affected consumers nationwide, it is not enough to allege merely that the defendant's principal place of business is in New York (Mayfield v Gen. Elec. Capital Corp., 1999 WL 182586, *10 [SDNY March 31, 1999]), or that defendant originated the overall scheme in the state (see, Goshen, 98 NY2d at 314).

The petition alleges only that respondent is a Delaware corporation with its principal place of business in New York. Petitioner nowhere alleges that respondent completed, in whole or in part, any wrongful act employing a computer or other instrumentality within the state. Nor does petitioner identify any New York residents affected by respondents' conduct other than the AG investigators who conducted the enumerated 29 transactions. Accordingly, the allegations are jurisdictionally defective.

The statutory claims under the Penal Law fail for similar reasons (see, CPL § 20.30(1)("[t]he courts of this state do not have jurisdiction to convict a person of an alleged [*8]offense partly committed within this state but consummated in another jurisdiction;" People v McLaughlin, 80 NY2d 466 [1992]).

Demand for Disgorgement

Even assuming petitioner's case could be pursued on the merits, the demand for disgorgement of profits to the state would be barred for several reasons. First, insofar as disgorgement is based upon unjust enrichment, petitioners' do not allege that respondents received anything of value from petitioner or consumers (see, NYC Econ. Dev. Corp. v T.C. Foods Import and Export Co., Inc., 11 Misc 3d 1087 [Sup Ct Queens Co 2006][plaintiff could not recover defendant's advertising billboard revenue based on violation of restrictive covenant where plaintiff had not conferred any benefit on defendant]). Second, while the Executive Law and the GBL permit monetary relief in the form of restitution and damages to consumers, the statutes do no authorize the general disgorgement of profits received from sources other than the public. And even where restitution may be awarded to consumers, it may only be granted in an amount related to the actual damages caused by the misconduct (see, People v Appel, 258 AD2d 957 [4th Dept 1999]. Petitioner is thus strictly limited to recovery as specifically authorized by statute (see, People v Romero, 91 NY2d 750 [1998]; [State v Solil Mgmt. Corp., 128 Misc 2d 767 [Sup Ct NY Co 1985]; State v Hotel Waldorf-Astoria, 67 Misc 2d 90 [Sup Ct NY Co 1971]).

Respondent is not alleged to have taken or received anything of value from any consumer, but rather earned all of its profits from advertising clients. Petitioner has specifically disclaimed any intention to seek recovery on behalf of the allegedly injured parties. Disgorgement of respondents' profits to the state would effectively constitute punitive damages not authorized by statute (see, Solil Mgmt, 128 Misc 2d at 767; Hotel Waldorf-Astoria, 67 Misc 2d at 90). Finally, with respect to the transactions governed by the EULA, relief in quasi-contract would be barred (see, Goldman v Metro. Life Ins. Co., 5 NY3d 561 [2005]).

Accordingly, it is

ADJUDGED that the petition is denied and the proceeding is dismissed.

Dated: March 12, 2008ENTER:

/s/

J.S.C.