Dealing with Pop-ups










About us





Pop-up ads are certainly a nuisance - but are they illegal? The answer is subtler than a simple yes or no.

                            Copyright      Trademark        FTC          Suggestions for Future Policy


Richard H. Stern, in his Micro Law column of the IEEE Micro newsletter, deals with the legality of pop-up ads in detail. One way a pop-ad might be considered to be illegal is if it violates Section 106 of the Copyright Act, which prohibits the unauthorized preparation of derivative works. A derivative work is a copy of an original work, with a slight alteration. A famous example of an unauthorized derivative work is a depiction of Mona Lisa with a goatee and moustache, which caused an uproar in France.

Does the addition of a pop-up ad on top of a website constitute the unauthorized preparation of a derivative work? Stern argues that it probably does. One reason is that pop-ads are often unauthorized by the creator of the original website. For instance, companies such as Gator and WhenU have made a business out of contracting with a particular company, such as Amazon, and displaying a pop-up ad for that company when an Internet user visits a competitor’s site, such as Barnes & Noble. In this case, Barnes & Noble has not authorized its website to be modified by layering a pop-up window on top of it. (Challenging search engines and pop-ups under copyright law - part 3)

To be considered a derivative work, the new work must have some element of originality. The change cannot be so small as to be considered trivial. Stern argues that the originality requirement is not an issue because the pop-up window is so similar to the website that it covers. The change is not trivial because it drastically changes the way in which the original website is presented; a pop-up window can block a significant portion of a website.

Furthermore, Section 106 of the Copyright Act is unique in that it prohibits the preparation of a derivative work. This means that, before the derivative work is even physically copied or distributed, it could be in violation of Section 106. This is particularly applicable in regard to pop-up ads: Even though a pop-up ad is fleeting, and can be closed by the user almost immediately after it appears on screen, this slight moment of modification is enough to meet the preparation criteria of Section 106. (Challenging search engines and pop-ups under copyright law - part 3)

Even an unauthorized derivative work may get out of any copyright infringement liability if it falls under the umbrella of fair use. Stern references an example of this scenario with the case of Kelly v. Arriba Soft. Arriba Soft had designed an image search engine used thumbnails - small versions of images - to allow users to quickly browse through the search results. The plaintiff, Les Kelly, objected to this practice because he thought the thumbnail images displayed his photographs out of their original context. However, the court ruled that the thumbnails were fair use because they provided users with a useful function that Arriba Soft could not accomplish without them. Certainly, text-based image search results would be considerably less useful.

The question then becomes: Does a pop-up ad, even if an unauthorized derivative work, fall under fair use? Stern specifies two criteria to determine whether a derivative work should be acceptable. First, does it intercept the flow of commerce that would otherwise go to the original work? An affirmative here would hurt the work’s case for acceptability. Second, does it provide a useful function for public use? If so, this would help to redeem the work. A pop-up ad certainly meets the first criteria because it is specifically designed to divert trade. The second criteria is less clear. A pop-up ad is useful in that it provides the user with an ad of interest, presumably an alternative product or service to the one that he or she is seeking by visiting the original website. However, in so doing it provides a barrier to the original point of interest. The net utility is questionable at best. (Challenging search engines and pop-ups under copyright law - part 3)

Despite Stern’s argument, court rulings on this issue have not found pop-up ads to be liable. One reason given by the court is that, if an unauthorized work were indeed created by the addition of a pop-up ad, the individual Internet user would have to be considered the primary violator for triggering the pop-up ad to appear on their screen. Companies like WhenU would merely be secondary contributors to the violation. The courts found it unconscionable to expose thousands of Internet users to potential infringement liability simply by manipulating the display of a website in any number of ways, pop-up ads included.

Stern’s response is that not all manipulations by the user are equal, and that the court should not judge them as such. While moving a second browser window over the first may be considered a benign act, this does not mean that a pop-up ad should also be considered fair use.


If a copyright violation cannot be established, a pop-up ad may be considered to be illegal if it violates a trademark. An article in the Technology Law Bulletin looks at the same cases against WhenU that Richard H. Stern did in his column, but from a trademark perspective. Three companies, U-Haul, 1-800 CONTACTS, and Wells Fargo, brought trademark infringement claims against WhenU in three different courts.

The companies claimed that WhenU’s database of trademarked names constituted trademark infringement. WhenU’s pop-up ad generating software, SaveNow, monitors an Internet user’s activity by checking each URL visited against a database of some 40,000 URLs and keywords contained in WhenU’s database. This is how SaveNow determines, as in the previous example, to display an Amazon pop-up ad if the user is looking at the Barnes & Noble website. U-Haul argued that this practice violates trademark law because it could cause customer confusion, in which a user might think that the pop-up ad was generated by the original website being viewed. Users might think, for instance, that Barnes & Noble encouraged its customers to visit Amazon. (Pop-up Ads, Trademark Law and the Meaning of “Use”)

The courts hearing this argument focused their deliberations on what it means to use a trademark. In non-Internet related cases, a trademark is used when it is placed on the packaging or labels of products. In this case, the trademarked name, Barnes & Noble for example, is used only in a database that is never actually seen by the Internet user. WhenU argued that since its software only used the trademarked names in its proprietary database to trigger a pop-up ad, this did not qualify as “use” under trademark law. (Pop-up Ads, Trademark Law and the Meaning of “Use”)

WhenU’s argument won over the court in two of the three cases brought against it, those heard in Virginia and Michigan. However, a judge in New York hearing the case brought by 1-800-CONTACTS found WhenU to be in violation. The judge ruled that including a trademarked name, “” in a database, as well as triggering a pop-up ad, did in fact qualify as illegal use under trademark law. (Pop-up Ads, Trademark Law and the Meaning of “Use”)

Advancements in computers, the Internet, and technology in general are moving at a breakneck pace, often leaving the judicial system in uncharted waters. In the case of pop-up ads, the precedents that have informed decisions regarding copyright law and trademark law in the past do not necessarily hold when it comes to Internet related cases. Should we hold a company that places a pop-up ad on top of a browser window liable for copyright infringement, when users can easily make such modifications themselves? Can a trademark be used illegally if the user never sees the “use” in question? These are some of the questions that the legal system is currently grappling with, and the outcome is far from clear.


Online advertising in the United States falls under the purview of the U.S. Federal Trade Commission (FTC). Even though, as we have seen, the legality of pop-up ads has not been unequivocally determined, in many instances the FTC has found the tactics used by various programs to display these pop-up ads to be violation of fair advertising practices.

The FTC has a large task on its hands in regulating Internet advertising. In certain respects, the Internet is all other media forms combined: television, radio, and print media. The FTC has adapted its consumer protection rules and guidelines to apply to Internet commerce ad specified how such terms as “written,” “printed,” or “direct mail” are adaptable to electronic media. Details of these rules and guidelines explained in the FTC‘s guide for businesses, Dot Com Disclosures.

We will not delve into these details here, but the fundamentals are simply stated in the report resulting from the FTC‘s workshop on Spyware. Section 5 of the FTC Act gives the agency authority to challenge practices that are “deceptive” or “unfair.” An unfair practice is one that causes or is likely to cause substantial injury to consumers without being outweighed by any significant benefits to consumers. The injury must not have been reasonably avoidable. A deception is defined as a representation, omission, or practice that is likely to mislead consumers to their detriment who are acting reasonably under the circumstances.

Despite the abstractness of these principles, the FTC has applied them in over 100 law enforcement actions since 1994 to stop fraud and deception online. One example is the case against a company created by two college students called D Squared. The company took advantage of the Windows Messenger Service that is built into Microsoft Windows - which usually provides messages about print jobs or system shut downs - to bombard users with pop-up ads that advertised D Squared’s own pop-up blocking software. According to the FTC, the ads appeared as frequently as every 10 minutes for as long as the users were connected to the Internet, causing some computers to lose productivity, freeze, or crash. In its settlement with the FTC in 2004, D Squared was banned from sending pop-up ads through Windows Messenger Service or marketing its pop-up blocking software. Microsoft subsequently took action to prevent its Messenger service from being exploited by advertisements.

D Squared exploited a loophole in software pre-installed with Windows. Also objectionable, in the FTC’s judgment, is separate adware software that comes bundled with other software products. settled with the FTC in 2005 over charges that it failed to disclose that adware had been included in an offer for free security software called SpyBlast. had distributed ads that a user’s IP address was at risk from hackers. Users who clicked on this ad received an Active X installation box for SpyBlast that failed to disclose that installing SpyBlast would also install adware. The adware collected information about users, such as the URLs of webpages visited, and then sent them pop-up ads according to browsing habits. According the FTC‘s report, since knowing about the presence of adware would be material to consumers deciding whether to install SpyBlast, the failure to disclose this information was deceptive. The settlement prevented from making any claims about the efficacy of SpyBlast without also stating that those installing the program will receive advertisements.

A final example demonstrates how adware can be both deceptive and unfair according to FTC standards. The FTC’s 2006 case against Zango included complaints that the company had used third parties to install its adware software on consumers’ computers without their knowledge. For example, downloading free content such as screensavers or games would also install Zango’s adware without disclosing this information, which the FTS found to be deceptive. The adware would track the consumers’ Internet use and display pop-up ads accordingly. Furthermore, the FTC complained that Zango deliberately made it difficult to identify, locate, and remove the adware once it was installed. For instance, the adware files had names resembling core system files and provided uninstall software would fail to remove the adware. The FTC found these practices to be unfair. The settlement barred downloads of adware without user consent, required Zango to provide a way to remove it, and demanded a $3 million fine for ill-gotten gains.

Suggestions for Future Policy

In the most malicious cases, the law is clear: The Computer Fraud and Abuse Act of 1984 gives the Department of Justice the authority to prosecute the unauthorized acquisition of data from a protected computer that results in damage. For example, the Department of Justice has pursued individuals who use keyloggers - programs that record a user’s keystrokes - to obtain passwords, credit card numbers, and other private information. (Spyware Workshop)

Of course, in the case of less blatantly egregious practices like intrusive pop-up ads, the ethical standards - and likewise the laws and regulations governing such practices - become less clear cut. As we’ve seen, pop-up ads themselves may not be considered illegal, but often the way in which they are generated is in violation of FTC standards. Up to this point, the FTC takes action on a case-by-case basis after complaints surface regarding a particular questionable practice. While the FTC has pursued 14 such cases, surely some perpetrators have gotten by. Clearly, with this number of cases, the FTC’s guidelines themselves do not constitute an adequate deterrent.

For these reasons, federal legislation is needed to regulate spyware, adware, and similar programs that generate pop-up ads and other forms of intrusive advertising. The anti-spyware bill recently approved by the U.S. House of Representatives is a step in the right direction. The legislation would require that consumers be clearly notified and their consent granted before programs can be installed on a computer. This bill has more teeth than another recently passed by the House, which imposes new penalties on fraudulent uses of spyware, but no new regulations. The U.S. Senate has yet to take up the issue, and previous attempts in the past at anti-spyware regulation have failed to make it into law. (Tougher anti-spyware legislation gets US approval)

While certain U.S. states such as California and Utah have passed anti-spyware legislation, this is inadequate given the global nature of the Internet. (Spyware Workshop)

The European Union has the authority to regulate commerce over much of the European continent, and therefore plays an important role in establishing a global policy against intrusive advertising. The European Commission, under its e-Privacy Directive and the General Data Protection Directive, has given national authorities the power to act against unlawful access to computer equipment, including adware and spyware programs. A report late last year from the European Commission stressed a need to improve cooperation across member states and thus leverage the technical expertise of different agencies.

The European Commission has placed a particularly strong emphasis on combating spam. The reason is loss of productivity: The report estimates that the worldwide cost of spam in 2005 was 39 billion Euro. While the report does not estimate the productivity lost to intrusive forms of advertising such as pop-up ads, it is reasonable to expect that it would be significant as well. We would encourage the European Commission to include this consideration in its efforts to protect productivity. In its report, the Commission states that it plans to introduce legislative proposals in 2007 to strengthen rules in the areas of privacy and security in the communications sector - topics that certainly could cover spyware and pop-up ad concerns. (On Fighting spam, spyware, and malicious software)

A U.S. federal law would give consumers more complete protection against unwanted intrusions, and another tool with which to fight them off. Industry self-regulation and software solutions such as pop-up blockers and spyware scanners are useful and necessary, but not sufficient protection. Individuals should not be left to fend for themselves, nor should the industry be trusted to take care of the problem. Furthermore, individual Internet users, like any distributed demographic, should not be expected to come together on their own to organize and express their grievances against intrusive and damaging advertising practices. Rather, this is the task of government. A law would show, with one voice, that the people do not accept such practices. More importantly, it would establish a set of baseline standards that by which all Internet-based advertising must abide, whether it be pop-up ads or any other future form of advertising.

An important component to future strategies for dealing with pop-up ads and other forms of intrusive advertising is close coordination between government and industry. In general, the legislative and judicial systems face great challenges when dealing with technology-related issues, simply because so much of the technology itself is new. If informed action is to be taken by governments, the judges and legislators must receive guidance from the people who know the technology best - those who develop it. For example, Microsoft filed an affidavit in the FTC case against Seismic Entertainment explaining how a security vulnerability in its Internet Explorer was being exploited to distribute software. Such cooperation should be encouraged in the future. (Spyware Workshop)

Policies aimed at combating intrusive Internet advertising must include consumer education. One of the panelists on the FTC’s spyware workshop claimed that half of the world’s computers do not have even basic protection against virus attacks, despite years of consumer education about viruses. Clearly, more work needs to be done by industry and the government to communicate computing risks to the public.

While regulations should be enforced to ensure software developers make it clear to users when their programs are about to be installed, it is also up to the consumer to know what they are installing. Consumer education could help users determine which websites to trust and to make informed decisions when installing programs. Finally, if consumers know what to look for when it comes to spyware and adware, the task of identifying and prosecuting those that violate government standards will be all the more successful.


The information on this webpage can be used for educational purposes.
For problems or questions regarding this Web site contact [ or].
Last updated: 06/13/07.