Imagine that you own and operate a family business going back three generations. You hired an offshore company to develop your website, but after some years, you sever that contract due to costs and incompetence. And then the nightmare begins.
The offshore company initiates a campaign to try to destroy you by hijacking your website, deploying fraudulent clicks to your ads, defaming your company and making extortion demands.
Your livelihood is under attack! Think the justice system will help? Maybe not. The internet is something like the Wild West in spots, so it’s no wonder some people try to take justice into their own hands.
This story isn’t hypothetical. This really happened. And now, a CEO is facing jail time after desperately seeking relief from his attackers.
Earlier this year, I reported on how Google apparently suspended acting on most or all defamation removal requests submitted to them. For years now, Google has generally removed defamatory items from search results when presented with a properly executed court order, but it apparently froze that removal process following instances in which people had submitted fraudulently obtained court orders, sometimes involving fake defendants.
Google subsequently resumed granting some court-ordered removal requests after my article, albeit in a much more conservative manner. The company seems to be assessing each request more skeptically, apparently to better verify that the court orders are bona fide and well-founded.
This last month brings us news of the CEO of The Natural Sapphire Company, Michael Arnstein, who has pled guilty to forging a judge’s signature on court documents that he submitted to Google, asking them to remove negative reviews about his business from the search results.
The Natural Sapphire Company became victimized by a foreign-based development firm that turned rogue on them, according to the company. They had used this offshore development firm to build out a highly competitive jewel sales website, but, according to the e-commerce site’s CEO, it had “fallen into a state of disrepair.”
After deciding to migrate the programming work to US-based developers, the Natural Sapphire Company said it became the target of widespread and effective online attacks. According to company officials, the offshore firm began sabotaging their website, attempting to hijack their web traffic, attacking their online reputation, harassing clients and employees and performing fraudulent clicks on their ads.
The Natural Sapphire Company and its CEO, Michael Arnstein, sought help against the cyberattacks. The FBI initially assisted them, Arnstein said, but this stalled when they could not persuade foreign authorities to bring the suspect(s) to justice.
Eventually, the company gave up and agreed to extortion payments to get relief.
Separately, the company filed a lawsuit and obtained a default judgment citing the URLs where false, damaging statements were published. The Natural Sapphire Company successfully submitted removal requests for these URLs to Google.
But, when they subsequently discovered more URLs with the same or similar content, Google would not act on these without yet more court orders. Between financial losses attributable to the fake reviews posted online and the mounting costs of addressing the cyberattacks, making extortion payments and paying associated legal fees, the company was in dire straits.
According to Arnstein, the company came up with a solution based on bad advice from a well-known online reputation management firm. He took the original court order that Google had already acted on, amended it to feature the new URLs and submitted more removal requests to Google.
Unfortunately for Arnstein, Google ascertained that these subsequent court orders were false and notified the Justice Department, which then arrested him and charged him with forging a federal judge’s signature. Arnstein is currently awaiting sentencing after pleading guilty to a reduced charge.
The breadth of the attacks upon the Natural Sapphire Company and Michael Arnstein was extraordinary, according to his account, which I’ll detail below.
However, if you don’t have time to read all this, skip down to the last section, subtitled “Online reputation victims are largely unprotected,” to read my commentary about what happened and why one should be sympathetic to Michael Arnstein.
The story of The Natural Sapphire Company and its CEO, Michael Arnstein, is a cautionary tale about the risks of doing business with some offshore developers.
It’s not at all unusual to use offshore developers — I have done so successfully a great many times and have worked with some fantastic people that I would trust with my life, as well as with my sensitive client projects. But The Natural Sapphire Company had the ill fortune to work with some very bad eggs.
Read below to understand the sorts of pressure that Michael Arnstein experienced as a result of a sophisticated, concerted online reputation attack. The story I’ll tell is based largely upon Arnstein’s version of events, which he backs up with other people’s accounts, as well as with emails allegedly exchanged with the perpetrator.
Sequence of the reputation attack on The Natural Sapphire Company
After working with the TransPacific Software Pvt Ltd company and its founder, Prashant Telang, for about five years and paying them roughly $1 million, The Natural Sapphire Company says it attempted to migrate development to US software developers and discontinue their contract.
To their dismay, they soon discovered that TransPacific Software had apparently embedded back doors into the company’s website and systems, which the contractor then began to use to sabotage the gemstone company in a variety of ways, through deletions of database entries, deletions of product images, changing prices to be sharply discounted and more.
Additionally, TransPacific Software took one of The Natural Sapphire Company’s domain name aliases (a variation without “the”: naturalsapphirecompany.com), then pointed the domain to a website defaming The Natural Sapphire Company. The harassers also purchased a number of other domain name variations and set up defaming websites on those as well.
According to Arnstein, Prashant Telang and his Mumbai, India-based company also worked to get The Natural Sapphire Company’s email addresses blacklisted so that customers could not properly receive their communications. Using a copy of the company’s customer database that it had apparently kept, Telang allegedly messaged past customers — including their credit card details — telling them that The Natural Sapphire Company was a scam operation that was selling their private financial account information.
Michael Arnstein says he also began receiving taunting email notes from various aliases, informing him that a click-fraud campaign was being conducted upon his Google Pay-Per-Click (PPC) ads. After reviewing, The Natural Sapphire Company says it discovered a click fraud campaign that they estimated cost the company hundreds of dollars a day for a total of at least $115,000.
As a significant advertiser, they reported the notes and concerns to Google’s AdWords team but were informed that Google’s click fraud detection system had adequately filtered out fraudulent clicks already. (The Natural Sapphire Company says it has averaged about $175,000 in annual ad spend at Google for the past 14 years.)
Meanwhile, Arnstein says, Prashant Telang and the TransPacific Software company submitted hundreds of fake negative reviews and defamatory forum postings on a variety of sites to harm the reputation of The Natural Sapphire Company. This in and of itself would cause the company to lose customers, but the impact was greater because these defamatory sites and reviews were used to paint the company’s eBay and Amazon stores as scam enterprises, resulting in their removal from those platforms.
Now, how might we assess whether the various hostile actions towards The Natural Sapphire Company all originated from Prashant Telang and his TransPacific Software Pvt company? As you can see in the above email note example, various aliases were used to author the various communications and fake reviews.
In my opinion, it’s pretty clear who was behind all the various prongs of the attack. Arnstein contacted the FBI requesting help a number of times, and they eventually helped investigate the situation. A third-party wedding forum website worked with The Natural Sapphire Company to provide technical information about the defamatory reviews being posted, and one of those reviews used an unmasked IP address linked to Prashant Telang’s home or business address in Mumbai.
Based on this, Arnstein says, the FBI set up a tap on one of The Natural Sapphire Company’s phone lines and recorded Prashant Telang admitting to most of the identified hostile actions and defamatory postings, and records him demanding a payment of $150,000 to stop the attacks.
Unfortunately, the FBI was unable to help further because authorities in India refused to extradite or charge Prashant Telang.
The Natural Sapphire Company hired an attorney in India for a couple of thousand dollars to try to pursue Prashant Telang via the criminal system there. A case was filed against him in an Indian court, and a judge ordered his arrest. However, the cyber crimes authorities in India let Telang go and dropped the charges, claiming the case should be brought in the US. The Natural Sapphire Company’s Indian lawyer recommended that they offer a bribe to the head of the cybercrime division of $10,000.
Eventually, The Natural Sapphire Company hired an attorney in New York to pursue obtaining a summary judgment against Prashant Telang and the TransPacific Software company to get the fake reviews and other materials removed from various websites and from search engine results. This entailed hiring a private investigator in India to track down Telang to serve him with notice of the lawsuit.
The Natural Sapphire Company prevailed in their court case, obtaining a default judgment, since Telang did not respond to the suit. The default judgment court document ordered TransPacific Software company “… to remove all such false reviews, including, but not limited to, the reviews listed below …” and it then goes on to list 54 URLs which include pages from Scam Informer, Pissed Consumer, Ripoff Report, BadBusinessBureau.com (which now redirects to Ripoff Report), CreditCard Forum, Complaints Board, Facebook, Twitter and Google, among others.
By this point, financial pressures were crushing Michael Arnstein and The Natural Sapphire Company. Costs included time lost by staff members attempting to fight the various attacks, legal fees, click fraud losses, revenue declines due to fake negative reviews and extensive costs of rebuilding (likely completely replacing) sabotaged e-commerce systems.
One can only imagine the stress and pressure upon Arnstein as he strove to protect and repair the legacy of his multigeneration family company.
The company finally gave up on bringing Telang to justice and negotiated a “settlement agreement” with Telang involving paying $72,000 spread out over 24 months. The agreement specifies that Telang and TransPacific Software company will not continue the campaigns of fake review postings, will desist contacting The Natural Sapphire Company’s clients, will relinquish trademarked domains and will reveal methods used to conduct click fraud. Michael Arnstein characterizes this agreement as “extortion,” and, based on the evidence he’s shared, I believe that this would be a very accurate description.
Difficulties getting Google to help
The Natural Sapphire Company at this point was so financially strapped that it could no longer fulfill its financial obligations. The company was overdue on paying some of its attorney fees, its credit rating dropped, and its bank credit lines were canceled. The Arnsteins’ home was also foreclosed upon by the bank, according to the CEO.
Subsequent to submitting the court ordered URLs to Google in a removal request, the company discovered yet more related URLs of fake defamatory content. The company said it could not get Google to respond to inquiries about the original court order, and their court order could not be amended to include the additional URLs without the company spending even more money. The Natural Sapphire Company’s attorney told them that Google likely “ran the clock out” in hopes that they would not submit requests to remove more URLs.
Some of the new URLs were redirecting to the original delisted URLs or were the same content, republished on slightly different URLs from the original court order. This included URLs at PissedConsumer, ComplaintsBoard and Ripoff Report. The Natural Sapphire Company’s attorney kept resubmitting removal requests to Google for around eight months, with little response back from Google.
By this point, The Natural Sapphire Company was being contacted by a number of reputation management companies, and they were mulling over contracting with Brand.com.
As part of trying to win Arnstein’s business, he says, Brand.com’s “legal services department” informed him that since his court order directed TransPacific Services to “…remove all such false reviews, including, but not limited to…” the listed URLs, the “not limited to” wording allowed the court order to be extended to include additional similar defamatory URLs. They told him that he could simply add the additional URLs to the court order himself for resubmission to Google. Arnstein subsequently agreed to contract for some of their marketing services. (Brand.com is no longer in business.)
Following this conversation, Michael Arnstein directed one of his employees to use Photoshop to make a copy of the original court order and to modify it to add in more of the URLs. Subsequently, he submitted these amended court orders to Google as new URL removal requests.
Michael then modified the document a number of times when new URLs were discovered with defaming material, as well as for URLs that Google did not remove from previous request lists, and he resubmitted takedown requests a number of times.
Meanwhile, Google personnel who reviewed the removal requests noticed that the court orders looked strikingly similar, and they checked back with the court to verify that they were bona fide. When Google discovered that there were no officially amended court orders, they contacted the US Justice Department and alerted them that they had discovered bogus court orders.
In spring of this year, US Marshals arrested Michael Arnstein, and he was charged with forging the signature of a federal judge and conspiracy to forge a judge’s signature.
In a plea arrangement in September, Arnstein pled guilty to one count of conspiracy to forge a federal judge’s signature, and he is awaiting sentencing in the early part of 2018. For his plea deal, the prosecutors are expected to make a recommendation that he go to prison for 12 to 18 months and pay a fine of $55,000.
Online reputation victims are largely unprotected
Unfortunately, I have seen quite a number of online reputation attack cases that are similar to what The Natural Sapphire Company experienced, but on a smaller scale.
Broadly speaking, Michael Arnstein’s problem was twofold. He needed to get a criminal in a foreign jurisdiction to stop harming his company, and he needed companies here in the US to remove damaging false information about his company from the internet. He largely failed at both parts until he paid a ransom to the criminal to halt their depredations, and he paid a lot of legal fees to get a court order that could be used to get defamatory search results about his company removed from Google.
Arnstein’s story is one of many that reveals a gaping hole in our current legal landscape: Defamatory materials can be published with a high degree of visibility about companies and individuals, yet often, no one is made legally responsible for removing it.
Congress facilitated online reputation attacks and online defamation
This vacuum of legal responsibility for defamation was intentionally created by the US legislature as a subsection of the Communications Decency Act (“CDA”) of 1996, in Section 230, in order to facilitate the growth of internet industry. This section established that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”
For a comparative frame of reference, in the offline world, if someone printed defamatory content in a newspaper or book, the author and publisher might be found legally liable and could be tasked with removing it — but a bookstore or a library, which are considered mere distributors of published materials, likely could not be held liable and would not be required to remove the contents from their shelves.
By enacting Section 230, the legislature essentially made online publishers of third-party-provided materials the equivalent of offline distributors of published materials.
But there is debate as to whether search engines, social media services, forums and online review sites should really be considered equivalent to offline libraries or bookstores.
It’s in this context that Michael Arnstein claims that he was improperly advised by the “legal services department” of Brand.com.
The reputation management company should be held responsible
Even though Brand.com is out of business, one can still see pages from their site via the Internet Archive’s Wayback Machine. Among the products they offered was a “De-Indexing” service. On the description page for De-Indexing, they provided “before” and “after” screen shots of a Google search results page. The “before” screen shot shows a damaging listing from the Complaints Board website, and the “after” shot shows search results without it.
One blurb touted, “Through the proprietary, patent-pending process cultivated by Brand.com, they can help individuals and brands to remove unwanted search listings.” One wonders how a litigation process and request submission to Google could be patentable.
The page went on to offer: “Have your case presented to Google, Yahoo, or Bing by a legal team retained by Brand.com, fully devoted to removing your unwanted listing.” It’s not clear if Brand.com had internal counsel that helped to obtain court orders. More likely, they had partnered with one or more external law firms to provide litigation support. I searched for attorneys on LinkedIn that listed Brand.com as part of their career history and did not find any.
The Justice Department should perhaps open an investigation into the employees at the former Brand.com and see whether there were other clients that were similarly led into shady practices due to the company’s advice.
While it’s completely unacceptable to forge a judge’s signature or a court order, and ignorance of the law is not a valid excuse, acting on bad legal advice should be considered a significant factor toward considering leniency, in my opinion.
Final take: The law needs to change
First, we saw fraudulent lawsuits filed to get Google to take down damaging content, and now a desperate CEO has descended to forging a judge’s signature. It’s clear that the pressure seems to be mounting for reputation victims seeking redress.
Section 230 of the CDA likely needs to be modified in some way to close the hole in our system that allows reputation attack materials to live on indefinitely and prominently associated with people’s names.
While Michael Arnstein committed a criminal act, he’s also a victim of laws that were stacked against him. Congress’s effort to facilitate the growth of internet companies is resulting in a great number of tragic unintended consequences.
Opinions expressed in this article are those of the guest author and not necessarily Search Engine Land. Staff authors are listed here.