You may have noticed a recent trend on Facebook and other websites: Shady student loan repayment businesses maintain websites or troll newsfeeds of former college students with deceptive ads containing the unauthorized use of photographic images of the college, its name, and its logo. Their strategy is to entice unknowing borrowers strapped with student loan debt with the prospect of qualifying for a “loan forgiveness” program purportedly offered under the auspices of the targeted college. These ads cause great disruption and potential reputational damage as they often make the false claim that the college has been compelled to set up a loan forgiveness program due to lawsuits alleging “predatory practices.” To make matters worse, they misrepresent the federal student loan forgiveness programs with the false promise that in as little as three months borrowers will have their loans magically wiped away for the small cost of the maintenance fees debited from their accounts each month.
Because these businesses lurk in electronic dark spaces, often hiding their identities through domain name privacy services, taking down these sites is a challenge – but not impossible with the right strategy.
Who Are These People?
When these sites appear, the first thing a targeted college should do is to attempt to identify the owner and registrant of the domain name. Believe it or not, everyone has free, open access to this information through WHOIS. WHOIS is a query and response protocol that accesses domain registration databases and operates effectively as a directory with the contact and technical information of registered domain name holders. That is the good news. The bad news is that registrants can opt to utilize a domain name privacy service so that the identity of the domain owner and registrant is masked. These student loan repayment outfits tend to use these privacy services and change their names like the Kardashians change spouses – frequently.
If domain ownership can be identified, the next step is to send a cease and desist letter. Such letter should identify specifically how the offending site infringes on the institution’s trademark and copyright and list any other legal infractions. Some of these businesses will retreat at this point and take down the site.
Many will not.
At this juncture, the college may hire counsel and bring suit. But before taking the attack directly to court, colleges are wise to consider raising the matter with the business’ web host service or Facebook if the ad is being run through its newsfeed ad services.
The Unwelcome Guest
The identity of an ISP hosting an offending website can be found on WHOIS or on a DNS look up such as Domaintools. These web hosting services and Facebook maintain policies regulating the conduct of the websites they host and provide complaint-reporting procedures. Facebook, for example, maintains Community Standards that prohibit the use of Facebook “to facilitate or organize criminal activity that causes physical harm to people, businesses or animals, or financial damage to people or businesses.” GoDaddy likewise prohibits the use of its servers and hosted website to carry out “abusive activities” including certain deceptive practices.
Colleges may submit their complaints via complaint portals available on the website of these providers. My experience has been that some ISPs respond very quickly and some require more effort. Facebook has fallen into the latter category. Nevertheless, I have been successful convincing even Facebook with the appropriate substantiation that the newsfeed ad facilitated a criminal enterprise and caused reputational and financial harm to my client college. Complaints to ISPs should include the following:
- Description of how the content on the offending site is deceptive. For example, many of these sites represent the U.S. Department of Education’s loan forgiveness program as being far more expansive than it is. These sites also tend to make false allegations about “predatory” practices of the targeted college and misrepresent the college’s association with the purported loan forgiveness program advertised. It makes sense for the College to have someone call the number listed on the website or newsfeed to find out what the company’s representatives are conveying to callers as this is typically also false and misleading and should also be reported.
- Citations to state and federal statutes prohibiting deceptive business practices. To establish that the website is engaging in unlawful activity, the college should identify state and federal statutes violated by the content on the site. Section 5 of the Federal Trade Commission Act prohibits unfair or deceptive practices in interstate commerce. All states have adopted some form of the Uniform Deceptive Trade Practices Act prohibiting false advertising. Of particular import are any state laws that criminalize such conduct. For example, in New York certain intellectual property violations are criminalized.
- Description of any trademark infringement. Facebook and most, if not all, ISPs expressly ban the posting of content that constitutes trademark infringement. However, once again, Facebook presents a challenge as it is not quick to roll over with just any trademark infringement claim. Facebook demands the applicable trademark registration number and proof that the site is not entitled to some form of fair use of the trademark. In this regard, it can be effective to remind Facebook that courts have found online providers contributorially liable for the infringement when they know or have reason to know of the trademark infringement and continue to supply service to the infringer.
- DMCA Takedown Notice. If the offending site contains content that infringes on an institution’s copyright, such as a misappropriated photographic image of the college, the Digital Millennium Copyright Act (DMCA) provides for a fairly powerful weapon that can be deployed. Under the DMCA, an ISP loses its immunity from liability for copyright-infringing content on the sites it hosts if it fails to remove infringing content after it receives proper notice. The notice to ISPs is known as a Takedown Notice and to be effective it must contain several specific elements identifying the nature of the copyright infringement and attestation regarding the accuracy of the claim. Notices that do not contain all elements will not provide effective notice under the statute.
Keep in mind that unlike other copyright infringement remedies, a DCMA Takedown Notice does not require that the copyright be registered with the U.S. Copyright Office.
Colleges may sometimes feel like they are helpless in these situations as the agencies charged with responding to these claims are overwhelmed and frequently unresponsive. The Federal Trade Commission, for example, will accept such complaints but is not known to take action for individual incidences of deceptive web advertising. By following these tips, your college can take control and make it infertile grounds for these electronic pests.
Yolanda Gallegos can be reached at 505-242-8900 and yolanda@gallegoslegalgroup.com.
The Gallegos Legal Group, founded by Yolanda Gallegos, is a national education law practice, representing colleges and universities around the country. Gallegos Legal Group specializes in higher education regulatory compliance and risk management in areas associated with federal student aid, student grievances, civil rights laws, and contract law.
Thomson-Reuters recently published her chapter on the recent Violence Against Women Act regulations in Inside the Minds: Emerging Issues in College and University Campus Security. AudioSolutionz will soon release her book, Gainful Employment Regulations: The Metrics Reloaded.
Yolanda’s posts should not be considered legal advice. Contact legal counsel if you have specific questions about the issues discussed here.