February 07, 2010
Third Circuit Schizophrenia Over Student Discipline for Fake MySpace Profiles
By Eric Goldman
J.S. v. Blue Mountain School District, 2010 WL 376186 (3rd Cir. Feb. 4, 2010)
Layshock v. Hermitage School District, 2010 WL 376184 (3rd Cir. Feb. 4, 2010)
Now that I’m a middle-aged man, I don’t find fake online profiles funny at all. But if the Internet had been around when I was in my early teens, I probably would have found a salacious fake online profile of a school authority figure side-splittingly funny. Unfortunately for today’s teens, the toxic brew of easy access to MySpace plus an underdeveloped sense of humor plus anti-authority sentiments has led to an unhealthy number of fake MySpace profiles—far too many of which result in lengthy and expensive court cases. In practice, the “joke” ends up being on the taxpayers.
The cases I’ve been seeing follow a predictable pattern:
Step 1: young teen creates a silly fake MySpace profile of a school authority figure.
Step 2: word of the MySpace profile spreads among the teen’s peers, and they have immature laughs.
Step 3: targeted authority figure discovers the fake profile.
Step 4: authority figure overreacts and metes out unnecessarily harsh discipline. Sometimes, the authority figure also sues the teen/parents or brings in the cops.
Step 5: the disciplined student brings a lawsuit for the authority figure’s overreaction.
Step 6: the parties’ lawyers win, but everyone else—the plaintiffs, defendants, and taxpayers—loses.
My opinion is that the world would be a better place if immature fake online profiles weren't created. It’s clear that any regulatory efforts to keep young teens off MySpace hasn’t eliminated this problem, and it’s unrealistic to expect that kids won’t find ways to pull silly stunts like this. Instead, our best hope for a better future rests at Step 4, when the authority figure decides whether to laugh off the fake profile or go on a rampage. Maybe over time school authority figures will be less shocked by fake online profiles and will learn not to take it personally. In an ideal world, authority figures will figure out how to use these immature stunts as a valuable opportunity to teach about online information credibility and the harms of cyberbullying.
When they get to court, judges are struggling with fake online profile cases, as best evidenced by a pair of Third Circuit cases issued on the same day last week. Two different panels reached different conclusions about whether school discipline for an off-campus-created fake MySpace profile violated the student's First Amendment rights (Layshock says yes, J.S. says no in a 2-1 split opinion). Why the difference?
Surprisingly, the two opinions don’t reconcile their outcomes very well. The Layshock case doesn’t acknowledge the J.S. opinion. The J.S. case does acknowledge Layshock, but only in a footnote:
we find the two cases distinguishable. Unlike the instant case, the school district in Layshock did not argue on appeal that there was, under Tinker, a nexus between the student's speech and a substantial disruption of the school environment.… This nexus, under Tinker, is the basis of our holding in the instant case. Rather, the Layshock panel held that the school district failed to establish that a sufficient nexus existed between the student's creation and distribution of the profile and the school district so that the district was permitted to regulate the student's conduct…. That panel also held, under Frazer, that the student's speech could not be considered "on-campus" speech just because it was targeted at the Principal and other members of the school community and it was reasonably foreseeable that school district and Principal would learn about the MySpace profile.
Obviously each case is fact-specific, so the dichotomous conclusions about the on-campus effects might be explained by factual differences in the fake profiles. From my perspective, the differences seemed pretty small, especially because I ignored the more outrageous fact-like claims as typical adolescent hyperbole. Putting aside the profile contents, I’d argue that Layshock’s on-campus effects were greater because: (1) his was just one entry in a series of fake profiles, and (2) the MySpace profiles were accessible on campus, while in contrast the school successfully blocked on-campus MySpace access in the J.S. case. In any case, any on-campus effects may depend on a number of factors out of the student’s control, including how the principal (over)reacts.
In the end, I think the main distinction between the two cases is that the J.S. court indulged its moral condemnation of the student’s poor choices, while the Layshock court kept its outrage in check. Another possible explanation is that the principal's response in Layshock was outrageously punitive—Layshock was diverted into 3 hours/day of special classes for behaviorally disruptive students even though Layshock was a gifted student normally taking AP classes—and applied inconsistently because the students who created the other fake profiles weren’t disciplined at all. Finally, the cases reached the Third Circuit panels in different procedural postures (e.g., Layshock won in district court on the First Amendment issue while J.S. lost in district court), and the respective school districts adopted different litigation strategies that appeared to have different efficacies.
Because the two Third Circuit opinions reach fact-specific outcomes without clearly distinguishing between the two factual circumstances at issue, the Third Circuit’s dichotomous rulings create a lot of uncertainty that will lead to more frequent, longer-lasting and unproductive courts battles over student-created fake online profiles. As a result, these two cases would benefit from an en banc rehearing. Or perhaps the Third Circuit intentionally or unintentionally created a split (an unusual intra-circuit split) to tee this issue up for Supreme Court review.
Some topically related blog posts:
* Principal Loses Lawsuit Against Students and Parents Over Fake MySpace Page--Draker v. Schreiber
* Teenager Busted for Creating Fake "News" Story
* Social Networking Sites and the Law
* Moreno v. Hanford Sentinel, another possibly vindictive principal response to a MySpace posting
Posted by Eric at 09:05 AM Permalink | Content Regulation | TrackBack (0) | Printable Version
February 02, 2010
FTC Privacy Roundtable Recap
By Eric Goldman
[Introductory note: I have repeatedly criticized the FTC on this blog, and this post may implicitly criticize them as well. At the same time, I want to share a couple of compliments for the FTC. First, the FTC did a terrific job preparing for this event. For the panel I participated on, we had two official group organizing calls, plus I had at least 3 individual calls as well. I can’t recall another event which had more pre-event preparation efforts. Second, I remain consistently impressed with the dedication of the FTC staff attorneys. The FTC attorneys I've met uniformly seem to be trying to do the right thing, even if bright minds might disagree about what that is.]
Last week, the FTC held the second of three privacy roundtables at UC Berkeley. A large crowd (I estimate 200+ people) showed up, and I know that many other people watched online. Combined with my conversations with the FTC folks prior to the event, I took away a few meta-observations:
1) The FTC is Facebook-obsessed. FTC staff kept citing Facebook examples. It's clear that the FTC is paying extraordinarily close attention to Facebook.
2) The FTC has embraced the idea of "data as currency." The concept is that online services that don't make consumers pay with cash instead make consumers "pay" by providing their personal data. This didn't come up much at the second roundtable, although I understand it was a big issue at the first.
It's a little dispiriting to see this argument gain traction. I have repeatedly criticized this concept before (see my Coasean Analysis of Marketing and Data Mining and Attention Consumption articles), so I will only briefly recap its deficiencies here. Basically, the concept treats the provision of personal data as an automatic detriment to the consumer, which creates a zero-sum game—just like the transfer of cash, the service provider wins at the consumer's expense. Although consumers may suffer negative consequences from providing their personal data to service providers, the overall concept is wrong because many service provider-consumer relationships are "win-win" where both the consumer and the service provider are better off due to the data transfer. I build some economic formulas in my articles to explain these scenarios with more rigor. Win-win can occur, for example, if the service provider can provide better services to the consumer based on access to personal data. Personalized search is one example. Ultimately, any policy proposals predicated on treating data as currency are likely to overregulate by reducing or eliminating potential win-win scenarios.
3) The term "privacy enhancing technologies" or PETs lacks a consensus definition. Because we didn't agree on what qualifies as a PET, we couldn't determine if they had been successful or not.
Construed narrowly as add-on technologies that guard against specific vectors of privacy intrusions, it's clear that PETs have failed as a mass-market offering. Hardcore privacy folks may seek out tools that advance their interests, and they may even be willing to pay for those tools, but most folks don't care enough to pursue such solutions--even those available for free. (I highlight this tension in my 2002 Forbes editorial.)
However, if we construe PETs more broadly, they have been massively successful. For example, I would consider anti-spam/anti-spyware/anti-virus software as PETs. Obviously those software programs have other benefits, such as security protection, but they solve a variety of privacy-related problems too. For example, my Gmail spam filter learns my preferences and, over time, blocks some types of unwanted emails (such as repeat emails meant for other “egoldman”s like Emma Goldman) from showing up in my in-box. Similarly, PETs have been incorporated into the browsers and provide default protection to their users. If we can get past the one-off single-vector conception of PETs, we may find lots of successful examples.
4) The online "privacy" dialogue hasn't advanced very far in the past 15 years. I felt like much of the 2010 roundtable's discussion would have been apropos 15 years ago. For example, instead of discussing cookies in 1995, in 2010 we are discussing flash cookies and supercookies. There's no real difference in the underlying principles; we're simply at a new point in the technological arms race. Just like technology evolved to provide user control over cookies, it will eventually catch up to flash cookies and supercookies and super-duper-cookies or whatever the next iteration of persistent client-side identifiers is called. Unless we look past the specific technological implementations and focus on broader concepts, we are doomed to repeat the same conversations.
5) Due to the semantic ambiguity of the word "privacy," "privacy" inquiries are guaranteed to fail. Ultimately, I found much of the roundtable discussion unenlightening because the "privacy" umbrella is too broad and ambiguous. From my perspective, the term "privacy" is always fatally ambiguous to any productive conversation; I just don't understand what it means. As a result, at the roundtable, panelists were simultaneously discussing privacy, security, anonymity and a variety of other concepts. The result was a jumbled doctrinal mess and a lot of talking past each other.
At the same time, the "privacy" umbrella hindered the inclusion of non-privacy concepts that might have helped overcome the deja vu tendency. The panel titles were:
Panel 1: "technology and privacy"
Panel 2: "privacy implications of social networking and other platform providers"
Panel 3: "privacy implications of cloud computing"
Panel 4: "privacy implications of mobile computing"
Panel 5: "technology and policy"
My latest project on reputation is relevant to the issues discussed at the roundtable, but where does "reputation" fit into these panels? Everywhere--and nowhere. Similarly, I was hoping to discuss the implications of 47 USC 230(c)(2), the immunization for filtering technologies, but where does that fit in? I hoped to discuss it in the first panel but we ran out of time. Using a classic "privacy" structure for the discussion implicitly stifles these important non-privacy considerations from emerging. As a result, this structure almost guarantees a "same old, same old" discussion by precluding new concepts from joining the discourse.
Before the panel, lame-duck Commissioner Pamela Jones Harbour gave some opening remarks. She expressed displeasure with Facebook's resetting of privacy defaults and disagreed with Mark Zuckerberg's quoted remarks that the technology change reflects emerging social attitudes. She also gave a lengthy shout-out to Paul Ohm's paper on de-anonymization/re-identification of non-PII. Note that we will have an evening panel event featuring Paul Ohm at SCU on April 7. Please put that on your calendar now. Paul's paper is already affecting the considerations of FTC Commissioners; come hear what the fuss is about.
After Commissioner Harbour, David Vladeck (head of the FTC's Bureau of Consumer Protection) gave some opening remarks as well. He summarized three conclusions from the first roundtable:
* Consumers don’t understand commercial information-collection practices (ex: data brokers, behavioral targeting).
* Lengthy privacy policies aren’t effective, but privacy disclosures are important.
* Consumers care about privacy.
He concluded his remarks with an ominous threat. He noted that the FTC continues to bring privacy-related enforcement actions, and in particular (a quote from his prepared remarks) "we are currently examining practices that undermine the effectiveness of tools consumers can use to opt out of behavioral advertising, and we hope to announce law enforcement actions in this area this year." I'm not sure what this means. Perhaps the FTC is fed up with NAI's behavioral ad network opt-out tool? I have not been able to make the tool work properly for years.
Finally, I'll mention a few thoughts from the social networking panel, which featured Erika Rottenberg of LinkedIn, Nicole Wong of Google and Tim Sparapani of Facebook. Given all the Facebook-bashing throughout the day, Tim was in the hot seat!
One of Tim’s talking points was that 35% of users customized their privacy settings in response to Facebook's privacy default resetting and its subsequent requirement that they review the settings. 35% user participation would be a remarkably high percentage for any website, and it’s incredible for Facebook with 350M claimed users.
Tim's other talking points didn't go over as well. He claimed that there are no barriers to entry for other social networking sites. This is technically true but woefully incomplete. It could very well be that the optimal number of social networking sites that consumers can actively embrace is precisely one, and there is good reasons to believe that social networking sites experience powerful network effects. See, e.g., Reuter's article about the tipping point between MySpace and Facebook.
Further, although the friendship relations are sticky, Facebook’s real stickiness comes from the self-published content on Facebook that cannot be exported to another site. Tim completely chunked the question about data portability from Facebook, slavishly espousing his talking point that Facebook will delete user accounts on their request--a non-sequitur that made most people in the audience quietly groan. We all understand that Facebook will kill content upon request, but the question on the table was how Facebook will allow users to move their extensive content to a competitor. Tim ducked that question because Facebook doesn't enable it. Facebook does not offer a front door for data portability, and Facebook has been shutting down the backdoor by suing folks like Power.com who try to create an unsanctioned portability method. To be clear, I'm not 100% convinced that Power.com is the good guy in that dispute, but I'm pretty confident that Facebook doesn't tolerate backdoor data portability.
Even so, I think Facebook's biggest threat is itself. Few users will get so mad that they will delete their accounts (I still have my Orkut and Friendster accounts, for example). Instead, Facebook should be concerned that users will simply reduce their usage because they get burned out or lose trust in Facebook. Ultimately this will cause users to migrate elsewhere, so the end game for Facebook could be a whimper, not a bang.
As an example of this latter phenomenon, Tim’s talking points claimed that Facebook gives users control over who they want to share every piece of data at the time they publish the data. He rightly praised this granularity but I am still grumbly that Facebook killed the setting that kept my comments and likes off my profile page. Now, if I don't want those items to show, I have to manually delete each one. So I do have control over my publications as Tim touted, but the additional transaction costs cause me to comment on and like other posts less frequently than I used to. This seems like more of a bug than a feature in my book.
In contrast to Facebook, Nicole Wong hammered the point that Google embraces data portability and builds it into the design of many of its services. As she said (I'm paraphrasing her), because users can leave with a click, we have to better with every product every day, and it makes us build better products. That's the spirit! Facebook, are you listening?
Posted by Eric at 04:04 PM Permalink | Internet History , Privacy/Security | TrackBack (0) | Printable Version
February 01, 2010
Google Street View Lawsuit Revived, But Only on Trespass Grounds--Boring v. Google
By Eric Goldman
Boring v. Google Inc., 2010 WL 318281 (3rd Cir. Jan. 28, 2010).
You may recall the book project A Day in the Life of America
Inevitably, some people are going to be unhappy with whatever Google's camera cars indiscriminately captured and published. The plaintiffs in this case, Aaron and Christine Boring, are Pennsylvania homeowners with a reclusive streak. The Google camera car drove down the Borings' private driveway (allegedly ignoring the Borings' signage), took pictures of their house and published the photos through Google Street View.
The Borings were not satisfied with exercising Google's opt-out mechanism and instead made a federal case out of Google's transgressions. However, the district court was not impressed and kicked the Borings out of court.
The Borings appealed to the Third Circuit, which rewarded them with a small window of opportunity. The district court had rejected the Borings' trespass claims because they had not adequately alleged damage from the trespass. The appellate court reversed this point, saying a real property owner does not need to allege damage in order to state a valid trespass claim. As the court says, "Here, the Borings have alleged that Google entered upon their property without permission. If proven, that is a trespass, pure and simple." I'm not a real property expert, but this sounds right to me. The district court cited an 1899 case in support of its ruling, but the appellate court said that precedent was inapplicable.
Thus, the trespass claim survives a 12(b)(6) motion to dismiss, and the case gets sent back to the district court. While the appellate court expressly didn't tell the judge what to do, it's pretty clear that the appellate court doubts that the Borings will be able to assert any cognizable damage. As the court says, "it may well be that, when it comes to proving damages from the alleged trespass, the Borings are left to collect one dollar and whatever sense of vindication that may bring." My guess is that's the best possible outcome for the Borings.
In my opinion, the court's rejection of the Borings' privacy claims is the more interesting cyberlaw development. The court sensibly concludes that any violation suffered by the Borings would not highly offend a reasonable person. In other words, the Borings overreacted in a way the law does not recognize.
Given that the Borings weren't depicted in the photos, the court's ruling suggests that publishing online photos of private property categorically can't qualify as a privacy violation, whether the photos are taken on public or private property. The court's ruling, however, leaves open the possibility that depicting people in the photos might still be actionable--a question not before the court.
While the case has been revived, it's entirely clear to me that the Borings will not find much success on remand. Nevertheless, to save the litigation costs, Google ought to write a small check to settle the case, and the Borings would be prudent to take it rather than wait for the inevitable judicial denouement. To avoid further unwanted intrusions, they should use their settlement money to buy a gate for their driveway.
Posted by Eric at 06:43 AM Permalink | Publicity/Privacy Rights , Search Engines | TrackBack (0) | Printable Version
January 31, 2010
January 2010 Quick Links
By Eric Goldman
Copyright
* An English translation of Google's December loss in France on a Google Book Search lawsuit.
* Ed Felten reports on a survey of files available via BitTorrent. Acknowledging some methodological limits, he estimates ~99% were likely copyright infringing.
* Elsevier B.V. v. UnitedHealth Group, Inc., 2010 WL 150167 (S.D.N.Y. Jan 14, 2010). Denying copyright statutory damages and attorneys' fees to unregistered foreign works is constitutional because the Berne Convention (which Elsevier argued prohibits the statutory formalities) is not self-executing.
* Techdirt: Singapore Court Rules That Online DVR Is Infringing...While Noting How Copyright Law Isn't Really Set Up For This
* Techdirt: If Banning The Internet For Sex Offenders Is Unfair, Is Banning The Internet For Copyright Infringers Fair?
* The Copyright Office issued new regulations on the deposit of online-only works: “The regulation establishes that online–only works are exempt from mandatory deposit until a demand for deposit of copies or phonorecords of such works is issued by the Copyright Office.”
Trademark/Publicity Rights
* American Airlines v. Yahoo settled. Previous coverage:
- Yahoo Subpoenas Expedia in American Airlines Lawsuit
- Fifth Circuit Denies Yahoo's Jurisdictional Appeal in American Airlines Case
- American Airlines v. Yahoo Venue Transfer Denied
- Yahoo Countersues American Airlines for Declaratory Judgment
- American Airlines Sues Yahoo for Selling Keyword Advertising
* Duplicity alert! Rescuecom is in court defending its keyword ads triggered by competitor Best Buy's TMs.
* Bev Stayart sues Yahoo again over publicity rights. My September 2009 blog post on her prior loss against Yahoo.
Pornography
* Clark v. Commonwealth, 2009 WL 5125009 (Ky. App. Ct. Dec. 30, 2009). Upholding a conviction when "Clark knowingly used a computer for the purpose of getting a minor, or a peace officer whom Clark believed was a minor, to take a sexually explicit photograph of herself."
* Am. Booksellers Found. for Free Expression v. Cordray, Slip Opinion No. 2010-Ohio-149 (Jan. 27, 2010). Ohio's Supreme Court partially upholds its state law restricting Internet distribution of harmful to juveniles material to juveniles when the communications are to recipients known or believed to be juveniles.
Spam
* United States v. Zein (E.D. Mich. 2009). Posting an ad on Craigslist constituted a "mass marketing" activity sufficient to trigger a 2 level sentencing enhancement.
* Comcast and e360 settled their lawsuit. Previous blog coverage.
Blogs/Social Networking Sites
* Sieber v. Brownstone Publishing Company, 2007 CA 002549 B (D.C. Superior Ct. Dec. 23, 2009). A building contractor sued Angie's List and other people over consumer reviews. My prior mention of the case. After 2 years of litigation, a DC trial judge dismissed all defendants on summary judgment and awarded one defendant-counterclaimant $18k+. The entire text of the memo opinion:
MEMORANDUM OPINION AND ORDER GRANTING MOTIONS FOR SUMMARY JUDGMENT OF ALL DEFENDANTS, DENYING PLAINTIFFS' MOTIONS FOR SUMMARY JUDGMENT, and GRANTING POOLE'S MOTION FOR SUMMARY JUDGMENT ON HIS COUNTERCLAIM signed by Judge Long, efiled, eserved, and docketed in chambers on December 23, 2009. It is ORDERED that the Motions for Summary Judgment of Brownstone Publishing Co., the Washington Post Company, John Kelly, and John W. Poole are granted; and it is FURTHER ORDERED that the Motions for Summary Judgment filed on behalf of the plaintiffs are denied; and it is FURTHER ORDERED that judgment shall be entered in favor of all defendants against the plaintiffs as to all claims in the Second Amended Complaint; and it is FURTHER ORDERED that judgment shall be entered in favor of defendant Poole and against plaintiff SCS Contracting Group LP as to Poole's Counterclaim against plaintiff SCS Contracting Group for $18,300 plus 6% (six percent) per annum interest, and a separate money judgment for this sum shall be docketed. Court Jacket not in chambers.
* FINRA Regulatory Notice 10-06: Guidance on Blogs and Social Networking Web Sites.
* Duer v. Henderson, 2009-Ohio-6815 (Ohio App. Ct. Dec. 23, 2009). A web publication telling a ghost story and describing the location of purportedly paranormal phenomenon on private property is not liable for any resulting trespass to real property.
* The “moldy tweet” lawsuit was dismissed.
* Two lawsuits holding that bloggers aren't subject to jurisdiction in the plaintiff's home court:
- Silver v. Brown, 2009 WL 5220297 (D. N.M. Nov. 30, 2009).
- Workman Sec. Corp. v. Phillip Roy Financial Services, LLC, 2010 WL 155525 (D. Minn. Jan 11, 2010)
* BBC: France ponders a right-to-forget law.
E-commerce
* Appliance Zone, LLC v. NexTag Inc., No:4-09-cv-0089-SEB-WGH (S.D. Indiana Dec. 22, 2009). Upholding NextTag's clickthrough-formed advertiser agreement. Mehmet Munur’s comments.
* Edward A. Zelinsky, “New York’s 'Amazon Law': Constitutional But Unwise.”
* Largo Cargo v. Google, a new complaint over allegedly mismanaged AdWord bids. This is the latest incarnation of the Almeida case. I think Largo Cargo’s complaint is still a no go.
* The NYT catalogs an impressive roster of futility for US dot coms trying to compete in China.
Miscellaneous
* Gmail will consult the user's prior emails to pick an ad if a particular email doesn't lend itself to a good ad.
* Illustrating the divergence between the open source community and the Wikipedia community, APC reports that 75% of Linux code is now written by paid developers.
* Oddee: 15 Funny Facebook Fails.
* I expect to be in the Netherlands May 23-30. Let me know if you would like to meet up there.
Posted by Eric at 01:19 PM Permalink | Content Regulation , Copyright , Derivative Liability , E-Commerce , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack (0) | Printable Version
January 29, 2010
Terri Chen Replaces Rose Hagan as Google's Chief Trademark Counsel
By Eric Goldman
I previously mentioned that Rose Hagan, Google's longtime chief trademark counsel, was retiring. (Her last day was Wednesday). Rose's next ventures include art and jewelry. Terri Yun-Lin Chen, a current trademark counsel at Google, has taken over Rose's spot. Terri has a bachelors and JD from UC Berkeley, and she practiced IP litigation at Wilson Sonsini before joining Google over 3 years ago.
Before retiring, Rose led Google's trademark functions for 7+ years. During that time, Google went from near-zero revenue to building a $20B+/year business selling keyword advertising, of which an unknown amount is derived from the sale of third party trademarks. While not everything has gone smoothly for Google--most obviously there are 10 pending lawsuits over Google's trademark policies--Google's massive keyword advertising success and its ability to avoid a business-threatening/ending trademark lawsuit are both remarkable achievements that have made a lot of people a lot of money. Also remarkable is Google's rapid ascendancy to become one of the world's most recognized and cherished brands. Kudos to Rose on her role in these accomplishments. She leaves big shoes for Terri to fill.
Posted by Eric at 12:58 PM Permalink | Search Engines , Trademark | TrackBack (0) | Printable Version
January 27, 2010
Utah May Repeal Its Spyware Control Act--SB 26
By Eric Goldman
It's that time of year again. The Utah legislature is back in session and cooking up new schemes to regulate the Internet. So far I only see one Internet-specific bill in queue, SB 26. Surprisingly, it does not directly attempt to regulate keyword advertising.
SB 26 is sponsored by Sen. Stephen H. Urquhart, who rocketed to national cyberlaw fame (infamy?) in 2004 when he sponsored Utah's Spyware Control Act. It was such a misguided law that it motivated me (in part) to write a 71 page magnum opus explaining its policy deficiencies. It was also hampered by its fairly obvious unconstitutionality, which was confirmed by a Utah court a few months after passage. (Note: I helped write an amicus brief in that court challenge, so you might interpret my assessment as an advocacy statement). Following the judicial thumping, then-Rep. Urquhart shepherded an amendment to the Spyware Control Act in 2005 that effectively neutered the law. Since then, I believe the law has sat largely dormant. The only court citation I know of was in the 2008 Overstock v. SmartBargains case, easily rejecting Overstock's mystifying attempt to make a claim under the superseded 2004 version of the law.
Among other items I'll discuss in a moment, SB 26 proposes to repeal the Spyware Control Act entirely. If passed, that would be a remarkable development because most legislators let their failed laws sit on the books unused. It takes some work to repeal a law, plus it can be a little embarrassing to repeal a law--especially after hyping up the law to get it passed initially (Urquhart had a lot of tough talk about spyware/adware in 2004-05, see, e.g., here). Kudos to Sen. Urquhart for having the fortitude to admit and fix his errors publicly.
While repealing the law would be a remarkable step on its own, it's even more remarkable in the context of the Utah legislature's track record of Internet regulation. By my count, repealing the Spyware Control Act would be at least the THIRD Utah Internet law that its legislature repealed in the past few years--the other two being Utah's 1995 digital signature act and its infamous Trademark Protection Act. For a legislature that meets only a couple of months a year, a trifecta of repealed Internet laws in the past couple of years is a stunning waste of scarce legislative resources. Wow.
As bad as that is, the three repealed laws don't even tell the full story of the Utah legislature's incompetence when it comes to Internet regulation. Recall Utah's failed attempt to line its coffers by taxing email (which turned into a big money-loser), and don't forget its repeated attempts to regulate Internet content that have spawned years of costly litigation (see, e.g., Free Speech Coalition v. Shurtleff). From my perspective, anyone looking objectively at the Utah legislature's track record of regulating the Internet would logically conclude that they should cut their losses and focus on other legislative priorities.
Unfortunately, SB 26 indicates that either hope springs eternal in the Utah legislature or they are doomed to forget the lessons of history. Despite doing some good by putting down the Spyware Control Act, the bill amazingly proposes more regulations of the Internet! To Sen. Urquhart's credit, the bill is largely clone-and-revise proposals from other places and not drafted from scratch, which may contribute less from a regulatory standpoint but at least they aren't quite as error prone. The proposed law has three main components:
1) anti-phishing/anti-pharming restrictions. I'm not sure where the original text came from. California has an anti-phishing law but I don't think this is a clone-and-revise of that law. Maybe it's cloned from another state's anti-phishing law. In any case, the anti-"phishing" proposal is noteworthy because the regulation doesn't restrict itself to email (presumably to avoid any risk of CAN-SPAM preemption). As a result, as currently drafted, it's an unlimited anti-pretexting law applicable to both online and offline conduct.
2) anti-spyware restrictions. After wiping out the Spyware Control Act, the new anti-spyware proposals are based on the California model of state anti-spyware laws, which have been followed by a couple dozen other states. The California model regulates various types of "intentionally deceptive" conduct regarding software activity. This is what Utah should have done in 2004-05 rather than trying to develop its own sui generis law. I generally don't have a problem with regulating intentionally deceptive software behavior, but it seems a little late to be enacting the laws now. Most of the regulations contemplate practices more common in 2003-06 and largely defunct now, so Utah is showing up late to a party that ended years ago.
3) a state version of the federal Anti-Cybersquatting Consumer Protection Act. I know some other states have enacted domain name protection laws (California comes to mind), but it's not clear what benefits these state laws have. As far as I know, California's law is almost never used. Tom O'Toole speculates that this bill will make it easier for Utah trademark owners to bring in rem lawsuits, but it's not clear to me how much this law will help given the rarity of ACPA in rem lawsuits (UDRPs are usually cheaper and faster for the same results) and already expansive jurisdictional principles under ACPA. Further, I wonder if this law is preempted either by the dormant commerce clause or via field preemption of the federal ACPA.
I should add that I’ve observed that Utah bills can change radically from draft to draft with little warning, even if the law is on the legislative floor for a final vote, so we'll have to see if this law transmogrifies through the process. And I am keeping a vigilant watch for any resurrected attempts to regulate keyword advertising.
Posted by Eric at 09:58 AM Permalink | Adware/Spyware , Domain Names , Internet History , Spam , Trademark | TrackBack (0) | Printable Version
January 23, 2010
Facebook User Agreement Upheld in Copyright Infringement Lawsuit Over Third Party App--Miller v. Facebook
By Eric Goldman
Miller v. Facebook, Inc., 1:2009cv02810 (N.D. Ga. Jan. 15, 2010). Miller's complaint filed in October 2009.
Miller makes the Adobe Flash videogame "Boomshine." He alleges that defendant Yeo published a Facebook app, ChainRxn, that violates Miller's "look and feel" copyright in Boomshine. In addition to suing Yeo, Miller sued Facebook for its role in providing access to the app. See Wendy Davis' initial story on the lawsuit from October. Facebook defended on jurisdictional grounds, asserting that Facebook's user agreement requires that the lawsuit should be heard in California, not Miller's preferred venue of Georgia.
The court grants the transfer request. Miller had a Facebook account that he used to promote his games, and he consented to the Facebook user agreement--and its mandatory venue clause--when he created his account. Miller argued that Facebook's user agreement was vague, a contract of adhesion, and inapplicable to Miller's copyright complaint. The court efficiently rejects these attacks, noting its concerns about Facebook having 350 million potentially litigious users:
striking the forum selection clause could wreak havoc on the entire social-networking internet industry. If this court were to determine that the forum selection clause contained in Facebook's TOU was unenforceable, the company could face litigation in every state in this country and in nations around the globe which would have potential adverse consequences for the users of Facebook's social-networking site and for other internet companies.
It's hard to argue with this, but the Court's next move is trickier. It says that Miller's copyright infringement allegations are covered by the forum selection clause, which purports to govern "any dispute about or involving the Web site and/or the Service." A complaint about an infringing app clearly satisfies this broad language, but consider the implications. Miller, like 350 million other people, has a Facebook account. He's complaining about activity that isn't related to his use of his account; rather, he's complaining about wholly unrelated activity. Read literally, this court seems to be saying that all 350M Facebook users are required to sue Facebook in Facebook's home court for any claim they may have that relates to Facebook.com.
Just like this sweeping outcome has not occurred for other Internet companies like eBay, I don't expect that Facebook will be so lucky either. However, it would have been nice if the court had been more careful explaining why a copyright infringement lawsuit brought by a copyright owner who happens to be a Facebook member is governed by the user agreement.
If the case gets that far, I wonder if Facebook can claim the 512 safe harbor for hosting a user-supplied allegedly infringing app. In general, I think third party apps fits the 512 paradigm neatly--either 512(c) if Facebook hosts the app or 512(d) if Facebook links to the app. However, Miller alleged that he sent a C&D notice to Facebook and Facebook ignored it, which putatively disqualifies Facebook from 512(c) or 512(d) coverage if the C&D satisfied the 512(c)(3) requirements. Even if Facebook can't claim 512 protection, Miller faces a potential uphill battle proving his allegations that the ChainRxn game infringes Boomshine's "look and feel," which are tricky to enforce, especially in the gaming context.
I wouldn't read too much into this case, but it does seem partially responsive to the legions of unhappy Facebook users who believe that Facebook's user agreement should be struck down for one reason or another. It's harder to trump properly formed online user agreements than most people wish, and this case is a small example of that. Facebook users who are unhappy with Facebook's user agreement can find recourse in a variety of ways, but assuming the contract is going to fail in court is one of the least preferred methods.
Posted by Eric at 11:29 AM Permalink | Licensing/Contracts | TrackBack (0) | Printable Version
January 22, 2010
Google and China: Some General Thoughts
By Eric Goldman
I have deferred blogging on the Google/China imbroglio for a few reasons. First, heavyweights such as Jonathan Zittrain have tracked International online censorship and online security issues more closely than I have. Second, after Google’s provocative blog post, I wanted to see the facts develop rather than rely solely on Google’s assertions. The spin doctors are now moving in, so the useful development of the factual record will be slowing down.
Third, and perhaps most importantly, the Google/China situation is really complex and multi-faceted, and it’s been difficult keeping all of the issues straight. Some issues raised by Google’s announcement include:
* cybersecurity, both corporate and personal
* political and industrial espionage
* suppression of political speech, especially of dissidents
* censorship of search engine results and the likelihood that censorial efforts can succeed on the Internet
* “cyber-imperialism,” i.e., exporting US norms about Internet law to other countries
* economic protectionism and whether US companies compete with local Chinese companies on a level playing field
* geopolitical and trade relationships between two world nuclear superpowers
Heady stuff! It would make a good summer blockbuster movie.
Although most folks have lauded Google for its principled stand against China’s censorship, I’m not 100% clear that Google’s decision is entirely selfless. First, as has been noted frequently, Google has not been making inroads against local search leader Baidu. Further, the deck may be stacked against Google in changing that situation, due perhaps to economic protectionism from the Chinese government. Second, in a point that has gotten less attention, some members of Congress (most notably Rep. Christopher Smith) have repeatedly jawboned Google and other Internet companies to curtail their support of the Chinese government (see, e.g., the Global Online Freedom Act). Google might have rationally concluded that voluntarily cutting China loose could abate Congress’ interest in regulating its international operations, which might ultimately avoid profit-degrading domestic regulations.
On that point, I fear that we may hold duplicitous expectations when US Internet companies go global. If a US Internet company wants to successfully compete in a foreign market, it must open a local office and build a localized versions of their services reflecting local legal requirements. Inevitably, these localized versions will be more speech restrictive than the US version of the service. Foreign laws don’t have the First Amendment, 47 USC 230 or (in most cases) even a weak safe harbor like 17 USC 512, plus local cultural norms may tolerate unpopular speech less than we do. So what should a US service provider do when trying to expand internationally? It has a few options, none of them particularly attractive:
* It can skip unreasonably censorious markets altogether, like Google proposes to do in China.
* It can comply with local laws, even though that runs counter to US laws and norms.
* It can ignore local laws, which is typically not a successful plan. In extreme cases, it can lead to local company executives going to jail.
* It can try to change the local country’s laws to be more like ours, either through direct advocacy or by asking the US government to pressure the local government. We routinely use trade negotiations to do this; for example, we have successfully exported our copyright laws this way. But countries usually aren’t thrilled to have the US tell them what their laws should be.
Now, I don’t support China’s efforts to censor search results or suppress political dissent. I understand the arguments that free speech is such a basic human right, like freedom from torture, that we simply won’t tolerate any other local choice. However, we already implicitly accept that Internet companies routinely engage in some types of legally compelled or motivated speech restrictions in other countries when they localize their services—perhaps not to the degree exercised by China, but nevertheless more than we would allow in the US. (I note that China might factually dispute this claim because it claims to have an “open” Internet, although the reports I’ve seen suggest this claim is embarrassingly disingenuous). I recognize that I’m making a slippery slope argument about what government-mandated censorship we’ll tolerate from US Internet companies, but I think we should acknowledge the slippery slope before we categorically reject search engines’ efforts to comply with China’s rules.
If Google ultimately exits China, it would leave Baidu as the search engine market kingpin. This raises another issue I haven’t seen fully discussed. I’m going to assume for a moment that Google is a superior search engine to Baidu. (I’ve never used Baidu, so I have never actually compared the two). Knocking Google out of the Chinese market does two things. First, per my assumption, it takes the better information resource away from Chinese consumers. Second, by reducing competitive pressures on Baidu, quasi-monopolist Baidu is more likely to reduce R&D and service improvements.
If my predicate assumptions are correct, in the long run US consumers will have a consistently superior search tool compared to Chinese consumers. (I also assume China will keep interfering with Chinese consumers’ access to Google.com and that superior market entrants won’t overtake Baidu). Over time, China may hinder its overall long-term global competitiveness due to an inferior information infrastructure. Perhaps this assertion is overly stylized, but I think effective information resources—such as good search engines—are necessary to maintain healthy economic markets and to enable cutting-edge R&D. Thus, the Chinese government should view losing Google as a Chinese search engine competitor as a long-term detriment.
One final procedural point. Google sparked a global verbal spat between two nuclear superpowers through a single blog post. Talk about the power of blogging! Google’s decision to post a confrontational blog post may have helped get the US administration on board but simultaneously reduced Google’s ability to negotiate with the Chinese government. I’m no expert in diplomacy or Chinese cultural norms, but my reading of Google’s post is that its double-barreled accusations of government-sponsored hacking (which Google has not conclusively proved) and censorship left the Chinese government with few options to save face. Thus, Google effectively forced the Chinese government to take a hard line and reject most proposed compromises. I trust Google knew what it was doing and decided that was the right course of action, but in my opinion Google’s approach has pre-determined the final outcome.
Posted by Eric at 11:58 AM Permalink | Content Regulation , Search Engines | TrackBack (0) | Printable Version