Court of Appeals upholds a win for consumers in the WinFixer case

Share This Page

The “Inc.” after a company’s name can provide certain legal protections, but let’s get one thing clear:  It’s not a shield that corporate officers can hide behind to avoid personal liability for violations of the FTC Act.  A decision by the U.S. Court of Appeals for the Fourth Circuit underscores that principle.  If executives pondering an iffy business practice need further persuasion, how about an order affirming a $163 million personal judgment against the Vice President of a company sued for FTC violations?

The case began with ads encouraging consumers to conduct a “system scan” for viruses, spyware, and “illegal pornography” on their computers.  Once that “scan” was complete, consumers were urged to download and install software to resolve the problems the “scan” inevitably detected.  After a second “scan,” consumer were told that it would cost them $39.95 or more to fix the problem.

As it turned out, all those exploitive warnings were really an elaborate ruse designed to dupe more than a million people into buying software peddled by Innovative Marketing, Inc., under names like WinFixer, WinAntiVirus, or Advanced Cleaner.  What about all those diagnostics appearing on consumers’ screens and the “problems” they detected?   All bogus.  But the defendants didn’t stop there.  When some consumers later realized they’d been defrauded, Innovative Marketing added a schmear of mustard to all that baloney by refusing to refund their money.

Enter the FTC, which went to court to put a stop to the fraud.  Most of the defendants either settled or had default judgments entered against them.  Innovative Marketing’s Vice President Kristy Ross elected to go to trial.  The court entered a summary judgment in the FTC’s favor, concluding that the ads were deceptive, but the case went ahead on the question of whether Ross was individually liable. 

After hearing the evidence, the trial court ruled that:

[Ross'] broad responsibilities at IMI coupled with the fact that she personally financed corporate expenses, oversaw a large amount of employees and had a hand in the creation and dissemination of the deceptive ads prove[d] by a preponderance of the evidence that she had authority to control and directly participated in the deceptive acts within the meaning of Section 5 of the [FTC Act].

The court also concluded that she had actual knowledge of the deceptive scheme, or was “at the very least recklessly indifferent or intentionally avoided the truth” about what was going on.  The upshot:  a broad injunction and a judgment holding her personally liable for more than $163 million.

Ross appealed, arguing that the FTC doesn’t have the authority to seek redress for consumers.  The Fourth Circuit, looking at these issues for the first time, rejected that theory, citing decades of caselaw – including "powerful Supreme Court authority" – supporting the FTC’s position.

What about Ross’ claim that she can’t be held personally liable?  She asked the Court to reject the established legal standard cited by the trial court in favor of a different test used in some securities cases.  Any other standard, Ross urged, would permit a finding of individual liability based on “indicia having more to do with enthusiasm for and skill at one’s job,” rather than authority over practices challenged as illegal.

The Court seemed unenthusiastic about her argument:

Ross’ proposed standard would permit the Commission to pursue individuals only when they had actual awareness of specific deceptive practices and failed to act to stop the deception, i.e., a specific intent/subjective knowledge requirement;  her proposal would effectively leave the Commission with the “futile gesture” of obtaining “an order directed to the lifeless entity of a corporation while exempting from its operation the living individuals who were responsible for the illegal practices” in the first place.

Litigators will want to study the Fourth Circuit’s rulings on various evidentiary matters Ross raised.  The 25-words-or-less version:  The Court upheld the admission of certain profit-and-loss statements the trial judge used to calculate consumer redress and OKed the introduction of an email from another corporate officer to a payment processor listing Ross’ title as Vice President.

The Fourth Circuit also rejected Ross’ argument that the FTC failed to prove its case at trial.  The Court cited evidence that she “directly participated in the deceptive marketing scheme,” including excerpts from chat logs where Ross wrote:

  • “anyway we have to get all this advertisement stuff off these ads can you please [make] sure it happens it needs to happen for all domains”
  • “btw we have some 30 creatives for errclean [sic] not just 2-3 just add aggression tot hem [sic]”
  • “please ensure its [sic] going to be done or im [sic] going to fine the department and MCs for not finishing it”

What lesson can marketers take from the decision?  When it comes to the applicable legal standard for individual liability, it’s only appropriate the last word should come from the Court:

We hold that one may be found individually liable under the Federal Trade Commission Act if she (1) participated directly in the deceptive practices or had authority to control those practices, and (2) had or should have had knowledge of the deceptive practices.  The second prong of the analysis may be established by showing that the individual had actual knowledge of the deceptive conduct, was recklessly indifferent to its deceptiveness, or had an awareness of a high probability of deceptiveness and intentionally avoided learning the truth.


Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.