Legal Liability of Automation Programs and Criminal Punishment: Supreme Court Analysis of Online Ad Click Fraud Case

1. Case Background and Overview

As digital technology rapidly advances and the online marketing market expands, new forms of cybercrime that exploit these developments are emerging. Particularly in the fields of search engine optimization (SEO) and online advertising, cases of malicious use of automation tools to harm competitors or pursue illegal profits are increasing.

Supreme Court Decision 2010Do14607 is an important precedent that presents the court’s clear position on these issues. This case specifically judged the scope of application of information network laws and criminal code regarding acts of artificially manipulating search results and fraudulently clicking advertisements through malicious programs.

The defendant provided free software through his own website while secretly installing an ActiveX control containing a malicious program called ‘eWeb.exe’ without users’ awareness. The main functions of this program were as follows:

Search Engine Manipulation Functions

• Periodically receiving work instructions from the defendant company’s server
• Automatically entering specific keywords in Naver search box and automatically clicking designated website links
• Artificially generating related search terms and auto-complete words for specific search terms
• Unfairly boosting search result rankings for specific businesses

Advertisement Click Fraud Functions (Click Fraud)

• Automatically clicking sponsored advertisements regardless of actual user intent
• Disguising as genuine user behavior and transmitting false click signals
• Forcing advertisers to bear advertising costs for invalid clicks

2. Core Legal Issues

The prosecution indicted the defendant on the following three charges:

Charges Filed

1. Information Network Intrusion Crime (Former Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., Article 48, Paragraph 1)
2. Information Network Obstruction Crime (Former Information Network Act, Article 48, Paragraph 3)
3. Computer Obstruction of Business Crime (Criminal Act, Article 314, Paragraph 2)

Major Legal Issues

• Does a program installed with user consent still constitute information network intrusion if its true functions are concealed?
• Can false data input constitute ‘obstruction’ even when the system operates technically normally?
• Does automated false clicking satisfy the constituent elements of obstruction of business crimes?
• How are the scope and degree of ‘infringement’ or ‘obstruction’ required by each crime’s constituent elements distinguished?

3. Information Network Intrusion Crime Judgment

The Supreme Court rendered a guilty verdict for the information network intrusion crime.

Core Elements of Intrusion Crime Establishment

The court comprehensively evaluated the method by which the defendant installed the malicious program on users’ computers and subsequent actions. Although users could be considered to have given some degree of consent during the free program download process, the court judged it to be an intrusion act beyond legitimate access authority for the following reasons:

Judgment Grounds

• Insufficient information provision: The actual functions and risks of the malicious program were not clearly disclosed to users
• Covert communication: Continuously communicating with external servers and receiving commands without user knowledge after installation
• Unauthorized act performance: Automatically transmitting false signals regardless of user intent
• Exceeding authority scope: Clearly going beyond the range of legitimate access authority to information communication systems

Therefore, even if there was formal consent, if that consent was not based on sufficient information and the actual program behavior contradicted the user’s genuine intent, this establishes the important legal principle that it constitutes illegal intrusion into information networks.

4. Information Network Obstruction Crime Judgment

The Supreme Court rendered a not guilty verdict for the information network obstruction crime.

Strict Interpretation of ‘Information Network Obstruction’

The court presented very specific and restrictive interpretation standards for ‘information network obstruction’ as stipulated in Article 48, Paragraph 3 of the Information Network Act:

Definition of Obstruction

‘Information network obstruction’ means the realistic occurrence of a state that physically makes impossible or significantly impedes the core functions of information networks – collection, processing, storage, search, transmission, and reception of information.

This specifically assumes situations such as:

• System down or server paralysis
• Service inability due to network speed degradation
• Situations where the stable operation of the system itself is threatened

Interpretation Standards for ‘Improper Commands’

The court also presented clear standards for ‘improper commands’:

• Commands must have the nature of potentially causing information network obstruction
• Commands that force execution of programs not intended by the system
• Commands that unauthorized modify, delete, or add individual commands of system programs
• Commands that can directly harm network stability

Logic of Not Guilty Judgment

The actions performed by the defendant’s malicious program (automatic search term input, website clicking) were normal types of information that Naver’s system was designed to process routinely. Although the content was false, such signal transmission resulted in:

• No physical damage to Naver’s information network
• No server down or system paralysis
• No direct obstruction to the stable operation of the network

The court judged that issues of search result fairness or reliability are distinct from the legal interest of ‘stable operation of information networks’ that Article 48, Paragraph 3 of the Information Network Act seeks to protect.

5. Computer Obstruction of Business Crime Judgment

The Supreme Court rendered a guilty verdict for computer obstruction of business crime.

Recognition of ‘False Information Input’

The court analyzed the malicious program’s actions as follows:

• There was absolutely no actual user search intent or click intention
• Nevertheless, signals were transmitted disguised as genuine user behavior
• This corresponds to ‘information contrary to objective truth’, i.e., false information

Realistic Occurrence of ‘Information Processing Obstruction’

Specific obstruction due to false information input occurred as follows:

System Misunderstanding and Wrong Processing

• Naver’s search system mistook false signals for actual user behavior
• Advertisement click aggregation system wrongly processed invalid clicks as valid clicks
• Search ranking algorithms produced inaccurate results based on manipulated data

Deviation from Original Purpose of Use

Information processing devices failed to properly achieve the following original purposes of use:

• Failure to reflect accurate user interests
• Inability to provide fair search results
• Distortion of legitimate advertising fee settlement systems based on valid clicks

Specific Recognition of Business Obstruction

The court judged that such information processing obstruction directly interfered with Naver’s core business:

Search Service Business Obstruction

• Undermining reliability and accuracy of search results
• Providing distorted information to users
• Degrading search service quality

Advertisement Service Business Obstruction

• Charging advertisers for invalid clicks
• Impeding accuracy of advertising effectiveness measurement
• Undermining credibility of the entire advertising system

Particularly, since this crime has the nature of an abstract danger crime, the court held that the crime is established if the risk of business obstruction realistically occurs, regardless of whether actual damage occurs.

6. Legal Significance and Implications of the Ruling

This Supreme Court Decision of March 28, 2013, 2010Do14607 is a very important precedent that presents the direction of legal response to new types of crimes in the digital age.

Distinction of Application Areas between Information Network Law and Criminal Law

The following clear distinctions were made through this ruling:

Information Network Obstruction Crime (Information Network Law)

• Protected Legal Interest: Physical and functional stability of information network infrastructure
• Scope of Application: Acts that directly threaten the availability and stable operation of networks themselves
• Concept of Obstruction: Physical functional obstruction such as system down, service paralysis

Computer Obstruction of Business Crime (Criminal Law)

• Protected Legal Interest: Accuracy, fairness, reliability of information processing
• Scope of Application: Wrong judgment and processing by systems due to false information
• Concept of Obstruction: State where systems produce results that do not conform to original purposes

Legal Guidelines for Automation Technology Use

This ruling provides the following important guidelines for automation program developers and users:

Developer Responsibilities

• Obligation to provide sufficient and clear information about actual program functions
• Prohibition of implementing covert functions without genuine user consent
• Need for prior review of potential impacts on others’ systems or services

User Precautions

• Checking relevant service terms of use and legal restrictions when using automation tools
• Prohibition of use for purposes of hindering competitors or pursuing unfair benefits
• Avoiding false information generation or system manipulation acts

Establishing Fair Competition Order in the Digital Economy Era

This ruling established the following principles:

• Separation of technical sophistication and legal responsibility: Even technically sophisticated methods cannot escape legal responsibility if their purpose or results are unfair
• Distinction between formal legality and substantial illegality: Even if superficially normal signals or commands, punishment is possible if the content is false
• Principle of good faith in digital environments: Online activities are subject to the same ethical and legal standards as reality

Judgment Standards for Future Similar Cases

This ruling presents the following judgment standards for future automation program-related cases:

Information Network Intrusion Crime Judgment Standards

• Sufficiency and clarity of information provided to users
• Whether there was genuine consent for program installation and operation
• Whether the actual behavior of the program after installation conforms to user intent

Obstruction of Business Crime Judgment Standards

• Whether input information conforms to objective facts
• Whether systems performed wrong processing due to false information
• Whether others’ legitimate business was obstructed as a result

Corporate Response Measures

Through this ruling, companies should prepare the following response measures:

Service Providers

• Building automated abnormal traffic detection systems
• Strengthening monitoring of false clicks or manipulated searches
• Specifying restrictions on automation program use in terms of service
• Preparing evidence collection systems for legal response

Marketing and Development Companies

• Mandatory legal review when developing automation tools
• Prior disclosure of legal risks of services provided to customers
• Prohibition of providing services aimed at hindering competitors
• Building regular legal education and compliance systems

We provide comprehensive legal services to help companies minimize legal risks while utilizing digital technology.

Practical Case Reference