Ever noticed how you can’t take one step without stumbling over a hacking story? It’s in our elections (allegedly), on our screens with shows like Mr Robot, even in our food… in a way. Isn’t it about time we get some of that action going in real estate?
Well, look no further than 924 Bel Air Road, LLC v. Zillow Group, Inc. and settle in for a twisty tale of tech trouble and tribunal turbulence.
Luxury developer and handbag magnate Bruce Makowsky alleges negligence from Zillow over repeated hackings of a listing for his $150 million megamansion, dubbed ‘Billionaire.’ According to Makowsky’s lawyers, Zillow’s weak security questions allowed “someone using a Chinese IP address,” given the foreboding name “User X” in the suit, to claim ownership of the listing and repeatedly change its status to “sold” at well below asking price – first for $110 million, then $90.5 million and finally $94.3 million..
The plaintiff’s representation, Winston & Strawn (W&S), further claims Zillow failed to respond to reports about the hacking for a week. The spreading of false information “dramatically corrupt[ed] the listing price,” prompting Makowsky to seek $60 million in damages through his LLC, 924 Bel Air Road (Billionaire’s address, naturally).
Though Zillow chooses not to comment on ongoing litigation, a spokesperson stated that the company is updating its verification systems. News sources reporting the story frame this as an admission of guilt. Yet another tale of the consumer being screwed over by Big Tech and a pack of dastardly nerds snickering behind their screens in a second-world troll farm. That’s one interpretation, but I did promise a twisty tale, and since Zillow’s motion to dismiss is freely available and this little blog is my place to muse… let’s see what their angle is.
To summarise, the main accusations against Zillow are that they failed to provide adequate security, they didn’t respond to calls for help in a timely manner, and their negligence resulted in financial losses. In their motion to dismiss, Zillow’s lawyers, from Winston & Strawn (W&S), address all of these points.
First, they bring up the Communications Decency Act of 1996 (CDA). The provisions of this act were designed “to shield website operators from liability for user-generated content too voluminous to review manually,” meaning it immunizes sites that host third-party content from laws that might otherwise hold them liable for the actions of its users. The Ninth Circuit and district courts have repeatedly dismissed claims where a user posted false information on a website. Bel Air’s lawyers acknowledge this, but posit that the CDA is “outdated.” As W&S point out, high-profile cases continue to be judged according to the rules of the CDA and Congress shows no signs of wanting to change this.
Second, in W&S’s view, the claims of negligence aren’t plausible for four reasons. N°1 relates to the CDA, as Zillow “owes no legal duty to protect Plaintiff from fraudulent acts of third parties.” Simple enough.
N°2 states “the complaint’s exhibits contradict its allegations of a breach,” this warrants an explanation. Bel Air’s lawyers claim negligence due to lack of responsiveness to alerts of fraudulent behavior, but they filed their first notice on February 7. Zillow responded on the same day to say they were working on it. A second notice is filed on the 9th, and Zillow finally blocks User X’s access on the 12th. Despite the problem being solved in five days, Bel Air threatened legal action on the 12th and proceeded to file on the 24th.
Now, time is money, but unless you’ve had a markedly different experience with customer service than me, five days is a pretty good turn-around. The inference is that this one five-day period was crucial enough to sink Billionaire’s value and cost them real prospective buyers… but considering it’s been on the market for two years and has already seen a reduction from an asking price of $250 million (!) to $150 million (still !), it’s a little hard to buy that argument. In fact, the third and fourth rebuttals in Zillow’s motion to dismiss make that exact point: “3) the complaint contains no facts to support its conclusory allegation of causation, and 4) its allegations of harm are too speculative to satisfy the federal pleading standard.”
It’s possible Jeff Bezos was browsing Zillow for a luxury home with 21 bathrooms and a candy wall in Bel Air during the exact week when all of this went down and immediately decided to give up on the property. But is it probable? W&S’s dismissal makes sure to note that Bel Air does not “plausibly allege that any buyers were discouraged from purchasing the property,” and that the implication that our hypothetical Bezos “would decide whether or not to make a $150,000,000 financial investment based on a brief review of a Zillow listing stretches the word ‘plausibility’ beyond its limits.”
You gotta love it when the claws come out. Me-ow.
Bel Air’s legal counsel stated, “we exposed a huge flaw in Zillow’s screen system that is not subject to immunity. We didn’t file the lawsuit for publicity, we filed it for damages.” The first part is definitely correct. Regardless of the merit of Bel Air’s suit, Zillow’s security is absurd, especially considering the current focus on online privacy and the fact that sites like Trulia and Zillow have been used by burglars to scope out expensive homes. But the second sentence… well.
The 38,000-square-foot property is almost unbelievable in its opulence – despite being advertised for a single family, it includes 12 bedrooms, five bars, two rooms dedicated exclusively to drinking champagne, a Louis Vuitton-designed bowling alley, a helipad with an inoperable Airwolf replica helicopter, and a moat. A moat. The place has its own website and Wikipedia page. It’s clearly not intended to fly under the radar. Plus, the lawsuit has been covered by The Washington Post, Forbes, the Chicago Tribune, and the British Daily Mail, among others, often with grand descriptions of Billionaire. That’s a hell of a publicity boost.
The timing of the hacking is unfortunate as well, coming as it does off the back of a lackluster quarter and a CEO swap for Zillow. The motives of User X are pretty mysterious, too. There wasn’t any money to be made with this hack, so the only motivations are straight-forward, unconvincing trolling or some sort of sabotage. The only thing we seem to know is that the hacks came from a Chinese IP address, but since it’s pretty elementary to fake that sort of thing, that doesn’t mean much.
But hey. The news cycle nowadays seems directed by Buñuel with set design by Dalí. Maybe it really was just a bored member of the Politburo taking time off faking climate change statistics to get one over those decadent bourgeois Americans. It wouldn’t be the weirdest thing to happen this past month, even. Speaking of which, does Zillow list properties in Greenland? I’m on the hunt for a new Summer home.