A recent decision of the District Court of Hong Kong which interpreted a warranty clause relating to spam very narrowly has once again highlighted the fact that wide warranties in service contracts may not prove to be that useful.

Facts

The dispute arose between Goetz Trading Ltd ("Goetz") a limited liability company engaged in the clothing trade, and a Hong Kong Internet Services Provider ("ISP"), Pacific Supernet Ltd., which provided internet services to the plaintiff, including e-mail services.

Pacific Supernet's terms and conditions of service ("the Agreement") included a warranty and undertaking that, inter alia, the subscriber to the service (i.e. Goetz) would not "reproduce, distribute, publish or otherwise transmit any unsolicited advertising or promotional material" ("the Warranty"). A breach of the Warranty entitled Pacific Supernet to terminate or suspend the Agreement.

In July 2001 Pacific Supernet received complaints from third party customers that they were receiving spam e-mails which the defendant traced to Goetz's server. Pacific Supernet communicated this to Goetz (but sent the notification of imminent suspension of services to the wrong email address). Goetz's e-mail transmission was suspended between 21 and 26 July 2001. The service was restored after 26 July 2001 but once again, incidents of spamming were reported. Goetz denied responsibility for distributing it and did not pay Pacific Supernet's service fees. In December 2001 Pacific Supernet suspended its services to Goetz but in any event Goetz opened an account with another ISP in Hong Kong around the same time.

The Agreement entitled Pacific Supernet to service fees for an initial term of one year even in the event of early termination of the Agreement for whatever reason.

Cause of action

After some attempts to settle the dispute out of court, Pacific Supernet filed a clam for unpaid service fees, in the Small Claims Tribunal in Hong Kong. Goetz retaliated by bringing an action in the District Court of Hong Kong for breach of contract by Pacific Supernet as a result of the suspension by Pacific Supernet of its outgoing e-mail service. Pacific Supernet counterclaimed for unpaid service charges for the initial term of one year.

The judge gave judgment to Goetz for damages for breach of contract but also gave judgment to Pacific Supernet on the counter-claim. As the amounts awarded to each party in damages and unpaid fees respectively were of almost equivalent amounts, both victories were pyrrhic.

Given the judge's findings in relation to the Warranty, the case has now set a precedent, in Hong Kong that ISPs cannot rely on warranties in their service contracts to hold their customers liable for hacker or open relay spam. Provisions allowing ISPs to terminate or suspend services to customers in such situations may need to be re-visited and re-drafted.

Issues for the court

The Court had to decide whether the suspension of outgoing e-mail services by Pacific Supernet was in breach of contract. Pacific Supernet relied on the Warranty. In considering the Warranty the Court had to establish whether the spam had come from the plaintiff's server or not.

The parties agreed that there were four ways in which spam could have come from the plaintiff's server, namely: (i)'open relay' spam ie. spam from an outside transmitter which was relayed by Goetz's server; (ii) hacker spam ie. an outside spammer obtained control of Goetz's server; (iii) wrongful use of Goetz's server by one of its employees ; and (iv) IP forgery ie. the spam was sent by a third party which forged Goetz's IP address.

A lot of expert evidence was adduced by Pacific Supernet as to why the fourth scenario was not possible. Goetz's evidence on this scenario was not as conclusive and although finding it difficult to accept that IP forgery would not technically be possible, on the evidence adduced, the court had to discount the fourth scenario.

As far as the first and second scenarios were concerned the judge held that the Warranty could not have been taken as a guarantee by Goetz against unauthorised use by a person "such as a hacker or someone taking advantage of an open relay". Given that at the time of entering into the Agreement the parties were aware that spam could be distributed via these means it was not realistic that Goetz should assume liability for the problem in these scenarios.

This then left only the third scenario. The court held that liability for an employee's wrongful use of the services would have arisen if the employee had had the requirements of the Agreement including the prohibition against spam, brought to his notice. There was no evidence to this effect and the court concluded that the culprit could have been an unauthorised employee on a frolic of his own and that Goetz was not in breach of the Warranty.

Conclusion

The case raises a number of interesting issues in relation to liability for hacker spam and open relay spam as well as in relation to vicarious liability of employers for the spam sent by their employees.

ISPs should note that wide warranties from customers regarding spam may not be such a good idea and that courts are unlikely to find customers liable for hacker or open relay spam. Although Goetz was not found in breach of the Warranty and Pacific Supernet's decision to suspend Goetz's outgoing e-mail was therefore not justified, the court commented that an ISP has a duty to investigate a complaint and eliminate all other possibilities before suspending a customer's account. The fact that Pacific Supernet sent a number of emails (to the wrong address) was not considered to amount to a sufficient investigation.

The ruling should be warning to ISPs to review their warranties as well as their provisions relating to the suspension or termination of customer's accounts in the event they believe the accounts are being used to disseminate spam emails.

As far as vicarious liability for spam is concerned, the judge commented that an employer could be vicariously liable for the spamming activities of his employees. However, for such liability to arise an employer would need to inform his employees of the provisions regarding liability for spamming activities in his own agreement with the ISP. The moral to this seems to be that employers should keep the ISP's terms of service locked away in a drawer!

©Gabriela Kennedy
14 October 2004
The author is a Partner working in the Technology Media and Telecommunications Group of Lovells, Hong Kong. For further information regarding any issues raised in this case note, please contact the author at gabriela.kennedy@lovells.com

__________________________________________________________________________________________________________________

*Goetz Trading Ltd v Pacific Supernet Ltd [2004] HKEC 1218
DCCJ 5427/2002, 11 October 2004, District Court, Judge Muttrie

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.