April 28, 2005
Adware Vendor Sued by New York Attorney General
New York v. Intermix Media (complaint filed April 28, 2005). Elliott Spitzer has sued software vendor Intermix Media (formerly eUniverse) for violations of New York’s consumer protection act, false advertising and common law trespass to chattels based on Intermix’s “spyware/adware.” New York press release. AP story.
The complaint focuses on Intermix Media’s bundling of adware with other software (games, utilities, etc.). Specifically, the complaint alleges:
“Intermix offers consumers either no notice or only token notice about the hidden spyware programs. Intermix either fails to disclose these additional programs in any manner, or hides mention of them deep within lengthy, legalistic license agreements. Even in the latter case, the information Intermix does provide about the spyware programs is vague, incomplete and often factually incorrect….. In every single test, Intermix provided either no notice or woefully insufficient notice about Intermix’s bundled spyware programs.”
The complaint also targets the ways in which Intermix allegedly intentionally made it difficult to figure out how to uninstall the program.
This case is important because it might help define the line about how much disclosure is sufficient. Right now the law is extremely unclear; even the New York complaint lumps together no disclosure and inadequate disclosure, and in my mind these are two very different standards. Failing to disclose means no one would understand; inadequate disclosure depends on the consumer, their expectations, and how much responsibility the consumer has to figure things out for themselves. As I’ve discussed before, part of the problem is that software vendors have to make a long list of disclosures, so the disclosures will never be easy for consumers to understand. As Deirdre Mulligan has claimed, even full disclosure doesn’t necessarily change behavior. So more clarity on the applicable legal standards for disclosure would be useful, but I’m not immediately convinced by the complaint that NY is drawing the line in the right place.
This case may also reinforce that Congressional action may be neither necessary or prudent. If states can enforce their current consumer protection laws, then Congress getting into the act (especially through rigid command-and-control laws like HR 29) adds little value. Even if NY loses the case, the mere fact that the case was brought indicates that the current law can be used to combat bad actors when they are engaged in bad behavior.
UPDATE: Wendy Seltzer on the lawsuit.
UPDATE #2: CBS Marketwatch (reigstration required) reports that Spitzer may be planning more lawsuits against adware vendors, adware distributors and potentially advertisers/revenue sources.
UPDATE #3 (10/21): The formal settlement was finally announced.
Is Camcordering Ever Legitimate?
I exchanged emails with Ed Foster regarding the anti-camcordering portion of the ART Act. Ed expressed concerns about the proportionality of criminalizing camcordering, and he has a point. Merely recording a movie is not, by itself, harmful. At worst, camcordering is a preparatory step towards a criminal end (such as commercial pirating). Do we need to push the criminal boundaries this early in the process, before any such harm has occurred?
On the other hand, I cannot come up with a single legitimate reason why someone would need to camcorder a movie. I can imagine legitimate activity that might be uncomfortably close to camcordering that could lead to inadvertent problems, such as a person who has a video camera in his/her backpack (that never leaves the backpack) or a flirty couple or a family taking pictures of each other prior to a movie. But as for the act of camcordering a movie while it’s playing—is there any reason why this is legitimate behavior? If not, while the law may be unnecessary and perhaps overzealous in its consequences, it isn’t likely to sweep in people inadvertently (unlike other aspects of criminal copyright law).
UPDATE: Michael Madison has found an artist whose art will be curtailed by the law. Of course, the artist can get permission to create his art--surely not a painless process, but artists have to obtain rights clearances in plenty of contexts.
April 27, 2005
Bush Signs Family Entertainment and Copyright Act of 2005
UPDATE: Fred von Lohmann offers his characteristically clear-headed perspective on the Family Entertainment and Copyright Act.
Walmart Foundation Uses Copyright to Curtail Griper
The Walmart Foundation has gone after the gripe site “walmart-foundation.org” using 512(c)(3) notices to take down images that the griper took from walmartfoundation.org. A few observations about this:
* copyright is an extremely effective tool against gripers. Using a 512(c)(3) notice has the power to get immediate attention from upstream hosts/IAPs, which usually leads to a very quick resolution/shutdown. On the other hand, copyright only limits certain types of ways that gripers can complain—they are still free to say what they want, but they can’t use copyrighted works indiscriminately.
* I’m surprised that the Foundation didn’t mention any trademark issue. Perhaps the Bosley case is a partial explanation...?
* I read through some of the gripe site's text, which the griper tried to characterize as “parody." I thought some of it was pretty subtle commentary, not obviously a parody. In fact, to make his point, it seems like the griper took a lot of Foundation text in addition to Foundation graphics. I’m not sure why the 512(c)(3) notice didn’t mention the taking of copyrighted text. (I can’t imagine it’s because there's a different in the fair use treatment of text modifications vs. graphics).
The anti-griper forces are resilient. While trademark may have its limits, copyright can be a powerful alternative. We will see this situation again.
Dead Tree Version of Click Fraud--Shorewest Realty v. Milwaukee Journal-Sentinel
Milwaukee Journal-Sentinel sued for alleged circulation count fraud.
UPDATE: Not surprisingly, the Journal-Sentinel has denied the charge.
UPDATE #2: July response by the Journal-Sentinel.
Then, on August 26, Shorewest alleges that the Journal-Sentinel "reimbursed carriers to buy extra copies of the newspaper and left unrequested papers at schools."
UPDATE #3: The case has reportedly settled (May 2006).
April 24, 2005
Hypertouch Inc. v. Kraft Foods Inc.--New CAN-SPAM Lawsuit
An Internet access provider has sued Kraft Foods under CAN-SPAM and the California anti-spam law. This case is a little unusual because, to date, most CAN-SPAM lawsuits have been against marginal marketers, in many cases who were expected to default. In this case, I would expect a more rigorous fight from the defendants.
Patent Act of 2005
Matthew Buchanan of Promote the Progress has assembled some source material regarding the proposed Patent Act of 2005, a surprisingly broad proposal to reform patent law. Among other significant changes, it proposes to scrap the first to invent standard in favor of a first to file standard. Other notables include imposing a rigorous duty of candor on applicants, limits on damages/injunctions and new standards for anticipating prior art. My initial cursory read suggests that there could be some merit to this proposal. Now, we need to see if it will gather any momentum.
House Passes Trademark Dilution Revision Act
The House has passed the Trademark Dilution Revision Act and sent it to the Senate. The law is pretty sweepingly favorable for trademark owners--not a lot of good news for trademark defendants.
UPDATE: The law has passed. My comments on the Trademark Dilution Revision Act of 2006 as passed.
My blogs finally got PageRank today! (both have a 5). My blogs went live around February 8 and got high-quality in-bound links pretty quickly. Any thoughts about why it took Google 2.5 months to establish the PageRank?
Self-Publishing and the Long Tail
The New York Times runs a lengthy article on self-publishing books.
The emergence of self-publishing shops reinforces the Long Tail theory. By reducing the publishing costs, more niche-oriented content can be produced cost-effectively. Thus, self-publishing houses put real pressure on the value added by traditional publishers. Traditional publishers play a variety of roles: gatekeeper, editor, manufacturer, marketer. The manufacturer role is completely outsourceable; the value-added in the editing process, while not zero, is both outsourceable and comparatively low. So the principal roles of traditional publishers will ultimately become as gatekeepers and marketers.
However, each of these roles are also subject to pressure. For example, the article discusses how some self-publication shops are trying to pitch their role as a farm team, which allows some authors to build a track record sufficient to crack into the big publishing houses. Over time, perhaps the self-publishing houses will be able to develop reliable criteria that will serve the gatekeeper role.
Furthermore, the article indirectly discusses how self-published titles are marketed—they are invariably too niche-y to market through expensive traditional intermediaries like booksellers, so they are marketed through friends-and-family networks, guerrilla emails and other niche distribution channels. These haphazard marketing efforts are not a perfect substitute for traditional publishers' marketing campaigns, but the fact that authors are willing to bear some of the marketing responsibility suggests that this function is potentially outsourceable as well.
UPDATE: Over a year later, the NYT revisits this ground again, this time reviewing various offerings.
April 21, 2005
Family Movie Act of 2005—Legalizing Technology to Skip Film Parts
This morning I blogged on the criminal law part of the Family Entertainment and Copyright Act. Now, I’ll discuss the Family Movie Act of 2005, which allows technology to make parts of a film imperceptible (let’s call it film skipping). I have conflicting feelings about the film skipping part of the law.
Normally, I favor anything that limits the currently too-expansive rights of copyright holders or create new rights to exploit copyrighted works, so my inclination is to favor this law.
However, do we need this law? Movie owners will provide alternative versions of films when those versions are profitable, i.e., the market for the alternative version is large enough to justify the expense. We already see this in a number of contexts: sanitized versions for airplanes or broadcast TV, “director’s cuts,” translated/dubbed versions, etc.
Admittedly, there are some situations where movie owners will not create profitable alternatives, such as where directors have enough clout to control film editing and they object to a particular version. I’m not sure if it’s the best social policy to respect the director’s vision on this, but I suspect the number of decisions inconsistent with profit maximization are relatively small (either on an absolute or relative basis).
Otherwise, this law addresses the problem of unprofitable market niches—where there’s a demand for sanitized films that the movie owners aren’t pursuing because it’s not profitable. This law liberates those markets that are being stifled by the copyright's monopoly, and that should be a good thing.
Nevertheless, this still doesn’t cure my discomfort. Part of that is attributable to the nagging feeling that this law remains just another form of special interest legislation. In this case, a small number of entrepreneurs, most notably ClearPlay, have a business model that required this law. Fortunately for them, their business model overlaps with the moral agendas of some members of Congress. But this is just another form of rent-seeking, and I hate to support that!
Where does that leave me? As far as I can tell, the law means that some Utah residents will now feel comfortable watching Saving Private Ryan. If that’s the principal effect, I guess I’m happy, but it’s hard to believe this was the most valuable use of Congress’ time.
Artists' Rights and Theft Prevention Act--New Criminal Copyright Infringement Standards
As part of the Family Entertainment and Copyright Act, Congress enacted the “Artists' Rights and Theft Prevention Act of 2005” or the “ART Act.” The ART Act adds two new major criminal standards: (1) using a camcorder to record a film in a movie theater, and (2) the willful distribution of pre-release software, movies and music by making it available on a computer network accessible to the public. There are some other goodies for copyright owners, including instructions to the Copyright Office to create a registration process for pre-release works and instructions to the Sentencing Commission (to the extent that body still matters) to ratchet up sentences for criminal copyright infringement yet again.
The ART Act is the first major change to criminal copyright law since the No Electronic Theft Act (the “NET Act”) in 1997. In 2003, I wrote a paper examining the effects of the No Electronic Theft Act, where I concluded that the law was both ill-conceived and a failure in practice. In the paper, I further explored why criminal sanctions for non-commercial copyright infringement were excessive and unproductive.
Although not specifically stated, both the NET Act and the ART Act target a group of pernicious infringers called warez traders. Warez traders engage in the trading/distribution of copyrighted works as a hobby/avocation. I specifically described their motives and personality profiles in a paper released earlier this year.
Since the NET Act, the DOJ has had significant success prosecuting warez traders. (I described this success in my 2004 article on warez trading.) I stopped counting when the DOJ hit about 100 prosecutions and 20 jail sentences in 2004, and there have been more since then. In other words, prior to this amendment, the DOJ has successfully used the NET Act to go after individuals who trade copyrighted works, including pre-release copyrighted works, without a commercial motive.
Because of the DOJ’s track record, I’m not as outraged by the ART Act as I expected to be. Indeed, the marginal addition to the NET Act is so small, I really don’t expect it to amount to much at all. The only thing the ART Act does is negate the need for the DOJ to prove a quantum of loss to the copyright owner in the case of pre-release works. In theory, this is a problem because, by definition, pre-release works do not yet have a market value. The ART Act overcomes that “problem” because merely placing the pre-release works on the Internet (or into the share directory of a P2P file-sharing software program) will meet the standard without the need to prove any loss at all.
While Declan thinks this is a problem, I’m less moved. I don’t think the DOJ has been significantly impeded in prosecuting warez traders to date. While the ART Act makes the DOJ's life easier, I don’t expect any different substantive outcome in any cases they choose to pursue.
This is not to say that the law criminalizes behavior optimally; far from it. There is no question that criminal copyright law covers ordinary Americans. I’m pretty confident that everyone reading this blog is eligible to be prosecuted as a criminal copyright infringer if the DOJ wants to do so. The ART Act gives the DOJ an easier way to go after a few of us, but this isn't a failing of the ART Act. Instead, it's an indictment of our entire scheme of criminal copyright infringement (and, some would argue, our criminal legal system generally), which overcriminalizes behavior with the understanding that the DOJ will exercise its discretion appropriately. I have argued that we should fix that defective architecture, but I see no movement in that direction. Instead, elsewhere I’ve explained (in the conclusion) why Congress remains obsessed about warez traders and doesn't care about the collateral consequence of criminalizing everyday behavior among most Americans. Meanwhile, I have also argued that increased criminal sanctions for copyright infringement has a counterproductive effect on the intended audience of warez traders, so Congress is only further moving in the wrong direction policy-wise if its goal is really to curb illicit trading of pre-release works.
Declan's write-up of the signing. Note that I never said that I expect the DOJ to act "responsibly." My point was that I think the DOJ already had the power to prosecute infringers who distributed pre-release content, so I don't see the DOJ doing anything differently than in the past.
I disagree with Susan Crawford about this law expanding the distribution right. I think the distribution right already included situations where a party merely makes copyrighted works available. See Hotaling v. Church of Jesus Christ of Latter-Day Saints (4th Cir. 1997).
April 19, 2005
My Take on Google v. American Blinds
Google v. American Blinds & Wallpaper Factory, 2005 WL 832398 (N.D. Cal. March 30, 2005). I’m a little late blogging the case, but I finally had a chance to read the opinion. On one level, the opinion isn’t all that remarkable. Google moved to dismiss American Blind’s claims, and the judge is required to apply a high standard of review to motions to dismiss. Unsurprisingly, Google couldn’t meet that high standard. If anything, Google got a small win because the judge granted a motion to dismiss the tortious interference with prospective business advantage claim (although this claim seemed like a dead duck from the outset).
Structurally, the opinion is interesting because so many important statement were relegated to the footnotes. Reading it, I got the impression that the judge took the clerk’s memo and cut ‘n’ paste it into the footnotes.
Substantively, because of the early procedural posture of the case, the opinion only has a few nuggets of insight. Some points that caught my eye:
* FN 19 reads: “Defendants analogize the instant case to Ford’s payment to have Car and Driver magazine run Ford advertisements facing every Toyota advertisement in order to target Toyota’s customers or a pizzeria owner’s handing flyers to customers on their way to Domino’s. While it is of no consequence to the outcome of the instant motions, the Court notes that, as alleged by American Blind, Defendants themselves would not be the analogs to Ford and the pizzeria owner, because they are not alleged to be the advertisers.” While the court is technically correct, I don’t understand how/why the court missed the more obvious question—is the magazine liable for taking Ford’s payments to run those ads? However, contrary to Google’s hopes, I’m not convinced that the magazine has no liability in these circumstances. My summer paper will address the issue of “trademark adjacency”—when do adjacent uses of a trademark create liability? There are some interesting precedent from the supermarket context where, in fact, adjacency may contribute to liability.
* In FN 21, the court defines “initial interest confusion” as “a situation in which, although the consumer does not experience confusion as to the source of goods or services, the defendant, by diverting or capturing the consumer’s initial attention, improperly benefits from the goodwill that the plaintiff developed in its mark.” (cite to Brookfield and Playboy). Note that Playboy used a different definition that required competitive uses: “customer confusion that creates initial interest in a competitor’s product . . .[a]lthough dispelled before an actual sale occurs.” The court does not cite the August 2004 Nissan Motors v. Nissan Computer case, the latest Ninth Circuit ruling on initial interest confusion. That case used the Brookfield definition but also pushed any analysis of initial interest confusion back into the multi-factor likelihood of consumer confusion test. So exactly what is the Ninth Circuit definition of “initial interest confusion”? And what standard will the court use in this case? If I were Google, I would take issue with the court’s definition.
* Finally, the court had to confront one of many deficiencies in the Playboy case—did that court decide that Netscape and Excite had “used” Playboy’s trademarks in commerce. The Ninth Circuit so thoroughly botched that ruling that we don’t know something as basic as that. (Then again, we also don’t know if the court was analyzing direct or contributory trademark infringement because the court expressly declined to decide that specific question). For purposes of the motion to dismiss, the court logically concludes that the Playboy case did make an implicit ruling that the search engines were engaged in a trademark use. I’m curious to see if the court will entertain the trademark use question in future motions or if the court thinks that this opinion resolves it for the rest of the litigation.
While the ruling is a loss to Google, I don’t know if Google really expected to win this motion. There’s still lots of opportunity for Google to win the case, and the opinion was fairly opaque about which way the judge was leaning.
New Case on Indexable Uses of Trademarks on Web Pages
Independent Living Aids, Inc. v. Maxi-Aids, Inc., 2005 WL 756676 (2d Cir. April 4, 2005) (unpublished/uncitable decision). This opinion is the latest in a string of rulings involving a trademark infringement claim between two manufacturers of equipment for physically challenged people. Because of the messy litigation history, this latest opinion comes with some baggage (a series of injunctions against the defendant).
Plaintiff claims a trademark in “Independent Living Aids.” This is a weak descriptive phrase but a prior ruling found it protectable and enjoined the defendant’s use.
Despite the injunction, the defendant used the phrase “independent living aids” on its website (no capitalization) in an effort to get indexed by the search engines. The appeals court upheld the lower court’s determination that this usage infringed and was enjoined. However, the appeal court said that the defendant may use variations of the phrase “independent living aids,” such as “aids for independent living” and “aids for living independently,” even though this may result in the defendant’s website being listed in searches for the plaintiff’s trademarked phrase. As the court says, “once the plaintiffs selected a descriptive phrase as a trade name, they accepted the risk that an Internet search of that phrase would produce a list of websites that include the defendants’ website.”
One could view this as a Solomonic ruling. The court properly gave a descriptive trademark very limited protection for the precise trademark, but reasonable variations were excluded from protection. However, from my perspective, the injunction was silly to begin with.
First, any ruling restricting a website’s use of a trademark makes questionable assumptions about searcher behavior, a point I make in some detail in my Deregulating Relevancy article. If the defendant was using the phrase as part of an overall infringement scheme, then it is appropriate for the court to restrict the scheme. But in this case, there’s no evidence that the narrow restriction on web content avoids consumer confusion one bit.
Second, what about descriptive fair use? While the court questioned the defendant’s good faith, an unrestricted injunction against defendant using the TM in commerce on its website is clearly overbroad. The defendant should still be free to use the trademark for comparative advertising and other purposes. For example, recall in the Brookfield case that the court said:
West Coast is not absolutely barred from using the term "MovieBuff." As we explained above, that term can be legitimately used to describe Brookfield's product. For example, its web page might well include an advertisement banner such as "Why pay for MovieBuff when you can get
the same thing here for FREE?" which clearly employs "MovieBuff" to refer to Brookfield's products.
In the end, we need to focus on consumer confusion, but cases like Brookfield and Maxi-Aid lose sight of that. Instead, they make distinctions based on form, not substance—like saying that “independent living aids” is not OK but “aids for independent living” and “aids for living independently” is OK. Eventually, we need a more coherent approach to govern trademark usage on websites.
April 18, 2005
Howes' Recap on Spyware/Adware
Eric L. Howes gives a one-year retrospective of the state of spyware/adware. I was surprised that he was able to find any good news from his perspective, but he did! Of course, I would probably reverse some of his labels (i.e., some of his “good news” is bad news from my perspective, and vice versa), but it’s an interesting recap from any perspective.
Thanks to Spyware Warrior for the tip.
UPDATE: I got an email asking me to explain my "vice-versa" remark (what bad news on Eric's list would have been good news on my list?). Here's how I responded:
"I'd reverse the listing of VC funding of adware companies. This is good news in my book, but I know that opinion is not shared universally. FTC deference is also good news, but I'd rate that as more of a mixed bag (we want them to clean up the real bad guys but I want them to leave others alone). I would also characterize industry practices as improving--maybe not fast enough, certainly not substantively enough to satisfy you--but I think we could find good news here as well.
In any case, the core deficiency in Eric's analysis is a common one--we still don't have bright line rules distinguishing malware, spyware, adware and garden-variety software, and without that, it's impossible to make a uniformly-acceptable list of good or bad news."
April 16, 2005
Google v. Froogles
Google has sued discount shopping site Froogles for trademark infringement. This is not the first time the parties have met; Google lost a UDRP against Froogles already. Most interesting line from the complaint: "As between the parties, Google is the senior user of marks that incorporate the formative -OOGLE for Internet search services." I wonder how far Google is planning to go with protecting that word stub...? The problem for Google is that they may not have priority on the basis of their use of "Froogle," so they have to leverage off their "Google" trademark to block "Froogles."
(Thanks to Gary Price).
NPR on Whois and Privacy
Larry Abramson of NPR ran a story entitled “New Laws on Domain Names Aim to Stem Online Fraud” (specifically referring to the Fraudulent Online Identity Sanctions Act, passed as part of the Intellectual Property Protection in Courts Administration Act). My mom said I talked too fast.
April 15, 2005
"Attention Deficit Trait"
CNET ran an interesting interview a couple of weeks ago with Dr. Edward Hallowell about “attention deficit trait,” described as a type of ADD developed in response to information overload, except that it can be cured by reducing the attention load. See my previous post on avoiding attention distractions.
April 14, 2005
Flash and Cookies
AP reports that there’s a hole in Flash that allows websites to access personal information stored on a user’s hard drive even if the user has wiped the hard drive of the website’s cookies.
April 13, 2005
Boalt Spyware Talk
UPDATE: Sunbeltblog has some pointed commentary about my remarks.
New AdWords Trademark Lawsuit--JTH Tax v. Google
JTH Tax, Inc. v. Google, Inc., 2:05CV200 (E.D. Va. complaint filed April 4, 2005). JTH runs “Liberty Tax Service.” A company, “freeadvicecenter.com” runs an AdWords ad (the complaint does not specify what keywords triggered it) that has the title “Liberty Tax Service.” After a fruitless cease and desist letter to Google, JTH is suing Google for an injunction.
There are two odd things about this case. First, why didn’t Google take the ad down? Its trademark infringement policy says that ads containing third party trademarks will be taken down, so this seems like a routine application of that policy. Perhaps Google did take it down, but not fast enough for JTH. I did a search today on “Liberty Tax Service” in Google and the following ad for freeadvicecenter.com came up:
How to Slash your Taxes and get
the Tax Relief you are entitled to.
Second, how valuable is this injunction to JTH? From my perspective, especially given Google’s policy, it seems like a little more leaning on Google would have been a much lower-cost method of resolving the matter than running off to court. (The complaint says that the cease and desist letter was sent March 1, 2005, so JTH waited a total of about 35 days to pull the trigger). Perhaps this is just a publicity stunt; otherwise, I’m finding the lawsuit hard to understand on a cost-benefit basis.
UPDATE: Cooley Godward reports that this case was voluntarily dismissed by the plaintiff shortly after filing. Smells like a publicity stunt to me.
Google News Adds Some Blogs
Bill Gratch of Blawg is reporting that two blawgs have been added to Google News, including one that's only a couple of weeks old. This only further reinforces my confusion about the standards for inclusion in Google News. I’ve argued before that Google News has to move towards including more blogs if it wants to keep up with Technorati, but am I the only one who thinks Google's inclusion process is currently perplexingly random and arbitrary?
2005 Pew Report on Spam
Pew has released its annual survey on recipient attitudes towards spam. The 2005 version shows that recipients are becoming adjusted to the spam influx. As the report says, recipients are “minding it less” and that the “worst case scenario—that spam will seriously degrade or even destroy email—is not happening.” The report speculates that “the findings from almost one year ago might have represented a spike or a high point, rather than a growing negative trend of the impact of spam on the internet experience.”
This evolving attitude towards spam was entirely predictable. For example, in 2003, I wrote: “We have had many years to develop ways to cope with ads in other media, but we are still developing ways to cope with email ads. It seems likely that users will improve their ability to manage email with more experience, at which point user frustration should decrease.” I remain convinced that people will develop organic methods to cope with spam, with or without regulatory intervention, and I predict that the 2006 Pew report will show that spam is even less annoying to recipients than it is today. We have passed through the high water mark, and it’s downhill from here.
I’m so confident of this because the adjustment process occurs with every new marketing medium. A new marketing medium develops, marketers abuse the medium, consumers and technologists develop coping strategies, and an equilibrium is established. This has happened with spam, this will happen with pop-up ads, this will happen with spim, spit and every other spam-variation we can imagine. The process is infinitely repeatable and entirely predictable.
The question is—will the regulators let this evolution take place naturally, or will they find it too irresistible to grandstand to their constituents that they are tough on bad marketing practices? We know the answer, as CAN-SPAM illustrated all too well.
However, I also point the finger at the pollsters and commentators, like Pew, who delight in issuing hyperbolic press releases and reports containing rather inflammatory language (despite the purported objectivity of the report-writers). In my mind, the Pew reports from 2003 and 2004 played no small role in whipping up the anti-spam frenzy, a legacy that we must now live with.
ICANN Not a State Actor
McNeil v. VeriSign, Inc., 2005 WL 741939 (9th Cir. April 1, 2005). The Ninth Circuit ruled (in an unpublished opinion) that ICANN is not a state actor. According to my research, I’ve found the following cases holding that private Internet entities are not state actors:
CompuServe, Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015 (S.D. Ohio 1997)
America Online, Inc. v. Cyber Promotions, Inc., 948 F. Supp. 436 (E.D. Pa. 1996)
Name.Space, Inc. v. Network Solutions, Inc., 202 F.3d 573 (2d Cir. 2000)
Island Online, Inc. v. Network Solutions, Inc. 119 F. Supp. 2d 289 (E.D.N.Y. 2000)
Nat’l A-1 Adver. v. Network Solutions, Inc., 121 F. Supp. 2d 156 (D. N.H. 2000)
Thomas v. Network Solutions, Inc., 176 F.3d 500 (D.C. Cir. 1999)
The McNeil case now makes at least seven cases. I have not found any cases to the contrary. Am I missing any? What room is left for plaintiffs to argue that any Internet entity is a state actor?
(Hat tip to David Sorkin).
April 12, 2005
Cairo v. Crossmedia Services
Cairo, Inc. v. Crossmedia Services, Inc., 2005 WL 756610 (N.D. Cal. Apr. 1, 2005). Cairo runs a search engine listing advertised sales. CMS has a database of advertisements. To build its search database, Cairo’s robot crawls CMS’s servers, which CMS objects to.
This ruling addresses whether Cairo is bound by CMS’s user agreement for purposes of the forum selection clause. The court says yes because (among other reasons) Cairo’s “repeated and automated use of CMS’s web pages can form the basis of imputing knowledge to Cairo of the terms on which CMS’s services were offered” (cite to Register.com v. Verio).
This unquestioning adoption of Register.com is troubling. The Register.com case improperly conflates the doctrine of quasi-contract (restitution as a cause of action) with offer/acceptance (the apple stand analogy shows this best). Here, the court unhesitatingly applies Register.com without questioning it, suggesting that browsewrap “contracts” may be binding against electronic agents without any further evidence of manifestation of assent. This is the wrong direction for contract law and search engine law generally. The only way I can make sense of this case is that Cairo may not have crawled the web indiscriminately but instead may have targeted certain sites; if it configured its robot for CMS’s website, then perhaps we shouldn’t be sympathetic.
Hat tip to InternetCases.com for calling attention to the case.
A spammer makes unauthorized use of a company’s trademarks in an email promoting the purchase of goods/services. This isn’t a phishing email per se; it’s not trying to disgorge personal statistics for identity theft or outright theft (although it may be that the seller never plans to deliver the goods, so it may be theft in that sense). On its face, the email's goal is to sell products leveraging the brand of a legitimate company. What should the company do? I wrote up this proposed protocol for dealing with these situations. As you can see, I don't subscribe to the shoot-frist-and-ask-questions-later camp. Please email me with any comments.
This document describes a protocol for dealing with an email that spoofs our domain name and uses our trademarks without authorization.
Some general observations:
· Don’t assume anything. It is very possible that the sender has forged or spoofed other contact information as part of the ruse.
· Information is valuable. You can go a long way towards correcting the problem simply by finding out exactly what happened. This requires some restraint—if you falsely accuse the wrong person, they may be less willing to help you find the right person
· Preserve unmodified copies of all evidence in case it’s needed in litigation. Generally, the best approach is to print hard copies and save a copy to your hard drive (note that things saved to your hard drive can change later if they pull information from the Web—so hard copies are critical).
Step 1: Confirm that the email was, in fact, unauthorized
Step 2: Confirm that the email did not originate from our servers
· The sender could be a rogue employee. If so, we may want to disable access ASAP
· There could be an open port. If so, we should close the port ASAP
Step 3: Make a list of possible places to find the sender (look at email headers in addition to email text)
· originating email service provider/Internet access provider
· any email addresses listed in the email
· any URLs promoted in the email
· any payment service provider (PayPal, Western Union)
Step 4: If email has contact information for the sender, contact the sender
Step 5: Approach service providers identified in Step #3 to ask their help. The objective is to cut off the sender’s ability to cause more harm or profit from their actions.
Step 6: If any other trademark owners are referenced in the email, consider involving them to cooperate
Step 7: Consider turning the matter over to authorities
· Postal inspectors
· Federal Trade Commission
· Local police (both in our district and in the sender’s district)
· Federal Bureau of Investigations
April 11, 2005
Slate Exhibit on Breast Enhancement Patents
Slate has a “revealing” (sorry) look at patents related to breast enhancements throughout history. We tend not to think of the patent database as a great porn resource, but there's plenty of titillation for those who know where to look. As the patent database confirms, human ingenuity knows no bounds!
(Thanks to Steve Nelson for passing this along)
April 07, 2005
Grokster Oral Arguments
If you haven’t seen it elsewhere, the transcript from the oral arguments in Grokster.
Talk on 47 USC 230 at Michigan State
I'm going to be talking tomorrow about derivative liability at a conference at Michigan State University Law School. You can see a preview of my talk. Unquestionably, my perspective is colored by my experiences at Epinions!
Talk at Stanford on Online Trademark Law
April 06, 2005
German Meta-Search Engine May Be Liable for Defamation
Einstmann v. Sharelook Beteiligungen GmbH, LG Berlin, No. 27 O 45/05, 2/22/05. Sorry I’m a little late in picking this up, but a German court has held that a meta-search engine could be liable for defamation. According to the news reports, it appears that the court thinks that the search engine should build a custom filter to avoid displaying the defamatory content, regardless of which search engine might have been the source. Case text (in German) [if anyone has an English translation, please advise]
ACLU Considering Challenge to Utah Anti-Internet Porn LawThe ACLU of Utah is considering a constitutional challenge against Utah’s most-recent anti-Internet porn law. Despite Rep. Dougall’s defensiveness, this law is almost certainly unconstitutional, and I’m confident that it will be struck down when scrutinized by the courts. We should be thankful to the ACLU for taking the initiative to clean out this legislative stinker. (I’ve been a member of the ACLU for nearly 2 decades precisely because I support initiatives like this).
April 05, 2005
Data Mining and Attention Consumption
My short book chapter, Data Mining and Attention Consumption, has finally hit SSRN (it took almost a month to go through the SSRN review process--not sure why it took so long). The abstract:
"This Essay challenges the prevailing hostility towards data mining and direct marketing. The Essay starts by defining data mining and shows that the only important step is how data is used, not its aggregation or sorting. The Essay then discusses one particular type of data use, the sending of direct marketing. The Essay establishes a model for calculating the private utility experienced by a direct marketing recipient. The model posits that utility is a function of the message's substantive content, the degree of attention consumed, and the recipient's reaction to receiving the message. The Essay concludes with some policy recommendations intended to help conserve recipients' attention while preserving space for direct marketing tailored to minority interests."
This article is a preview of my more major piece on marketing regulation generally.
Bosley Medical Institute v. Kremer--Victory for Gripers
Bosley Medical Institute v. Kremer, No. 04-55962, 9th Cir. Apr. 4, 2005. Kremer launches gripe site at www.bosleymedical.com, using the trademark of his target (with no additional words/letters) in the domain name. The court’s response was a big victory for gripers everywhere: “the noncommercial use of a trademark as the domain name of a website — the subject of which is consumer commentary about the products and services represented by the mark — does not constitute infringement under the Lanham Act.”
On the critical question of whether the griper was using the domain name in commerce, the site generated no revenues and did not promote any goods or services. It did link to another website, which through a series of further links could lead to commercial advertisements. It would be ridiculous to collapse this chain of links into a conclusion that the domain name use was commercial, and the Ninth Circuit wisely rejected that illogic. (“This roundabout path to the advertising of others is too attenuated to render Kremer’s site commercial.”) The court distinguished Nissan Motor v. Nissan Computer because, in that case, the domain name owner put ads directly on his site.
Many courts have upheld gripers’ rights so long as do not use TM.com, so this case could be a turning point for letting gripers pick a domain name of choice. The court disagreed with the PETA v. Doughney case on the argument that registering TM.com blocks customers of the TM owner from obtaining the TM owner’s goods, because in this case the bosleymedical.com site was, indeed, about Bosley Medical. The court limits the doctrine to situations where the domain name registrant offers competing services. Thus, in a strongly-worded sentence, the court concludes “Bosley cannot use the Lanham Act either as a shield from Kremer’s criticism, or as a sword to shut Kremer up.”
(In a footnote, the court says that the initial interest confusion does not apply because the griper’s use was non-commercial).
The court reversed the griper’s summary judgment ruling on the ACPA claim, rejecting that the non-commercial determination under the Lanham Act insulates the griper from a bad faith determination under ACPA (citing the Coca-Cola v. Purdy case). Therefore, it’s still possible the trial court will find against the griper on ACPA.
(Disclaimer: I signed on to an amicus brief prepared by the Berkman Center supporting Kremer in this case).
UPDATE: Marty Schwimmer has a contrarian take on the case.
Search Engines and Privacy
April 04, 2005
Boalt Spyware Conference Recap
On Friday I attended the Spyware conference at Boalt. This was an outstanding conference—I learned a lot. You should take any opportunity to attend a Berkeley Technology Law Journal annual symposium in the future—their events are typically first-rate.
Tutorial on Spyware
Jeffrey Friedberg, Microsoft’s “Director of Windows Privacy,” started off the conference with a spyware tutorial. He proposed rejecting the term “spyware” in favor of “deceptive software,” a useful nomenclature shift. He then made the typical technologist’s argument that we should focus on bad behavior instead of bad software features, as many features that are included in deceptive software can be used for beneficial purposes. Thus, he wants to preserve room for “horse trades” where users willingly make a choice to cede desktop control in exchange for some desired benefit. However, he then gave examples of deceptive software to show how bad actors exploit various user interface design elements to trick users into downloading their software. He listed a number of attributes of XP Service Pack 2 designed to correct some of those design elements.
He then gave an extended depiction of an “Internet battlefield” to argue that spyware and phishing are really the same problem—an attempt to convert data from the user/their desktop into cash. He offered his solutions to the deceptive software/phishing problem: a combination of consumer education, technological innovation, industry cooperation, enforcement and new legislation.
Two points were especially interesting to me:
First, he explained why users should never put personal information into a pop-up window because users don’t/can’t know who served the pop-up window (e.g., there are no address bars in the pop-up window). He showed how phishers may launch a pop-up while redirecting the main window to a trusted website at the correct URL. In this case, the user might mistakenly assume that the pop-up window was spawned by the underlying trusted site. I realized that even I could fail prey to that trick, so I’ve made a mental note—no personal information into pop-up windows!
Second, he discussed how occasionally Microsoft has used its automatic update feature to eradicate (he called it “clean”) software from users’ computers. He gave the example of Download.ject, some malware code that Microsoft simply deemed impermissible, so it wiped Download.ject off the face of the Windows universe. Perhaps I missed the publicity about this at the time, but I’m troubled by this exercise of power. On the one hand, so long as Microsoft executes its powers as a benevolent dictator wisely, it’s a great asset to combat malware. On the other hand, (1) it isn’t clear how clearly Microsoft communicates its decision, (2) I am not aware that Microsoft has published its standards for software that it will unilaterally eradicate (or that it applies those standards consistently), and (3) we have to trust Microsoft to do the right thing, and I’m not sure how comfortable I am with that!
Panel on Privacy and Surveillance Issues
Patricia Bellia made an argument that some existing federal laws are inadequate to deal with spyware. She deconstructed the ECPA and made a convincing case that the law has a tough time stretching to cover actions on a single desktop computer. She also deconstructed the CFAA and suggested a little more hope there, but still argued that several standards (such as the $5,000 damage requirement) may be fatal to claims. I need to see her paper, but her talk makes me question my previous beliefs that CFAA and ECPA already covered spyware and that additional legislation was superfluous.
Ari Schwartz presented CDT’s positions on spyware. He argued that adware vendors cater only to advertiser interests, not user interests, and therefore these misdirected loyalties disadvantage consumers. I disagree with this argument: if adware vendors do not provide a suitable user experience, they will not be able to perform well for advertisers. So adware vendors will have to create a good value proposition for users, and their interests are far more aligned than Ari portrays.
Paul Schwartz recapped his recent article Property, Privacy, and Personal Data, 117 Harvard Law Review 2055 (a very interesting read, BTW). In that article, he pointed out two separate reasons to regulate privacy: first, there is a privacy market failure because data collectors know more about what they will do with the data than data subjects, and second, that there are social costs to privacy, and therefore a privacy commons needs to be protected.
Based on this, he favors an opt-in scheme that, among other benefits, forces data collectors to tell consumers about their practices. After his talk, I pointed out to him that I see the information asymmetry differently—consumers have heterogeneous but undisclosed interests, so perhaps we should set up a system to force consumers to disclose those interests. I doubt I’ll convince him on this point!
Paul S. surprised a number of us by supporting the mandatory disclosure requirements in HR 29, favoring efforts to sharpen the notice/consent process.
Reed Freeman of Claria then presented Claria’s perspectives on regulation. Claria generally favors regulation of software that operates without consent. From their perspective, these laws would not affect them because they see themselves as obtaining consumer consent.
Seth Lesser then gave his perspectives as a plaintiff’s lawyer in the Doubleclick cookies, Avenue A and Pharmatrak cases, saying that user consent issues are tough to overcome and echoing Patricia’s assessment that the federal statutes may not be robust enough.
Deirdre Mulligan moderated this panel, and I thought she made a great observation when she noted that spyware purveyors are experts at exploiting consumer expectations about user interfaces.
Intellectual Property and Contracting Issues
Dan Burk discussed how intellectual property law does not protect consumers from spyware because, among other things, consumers lack standing to sue. Later I asked Dan if spyware raises any unique issues because consumers don’t have standing under IP laws generally. Dan observed that the relevant “infringing” actions take place on a chattel owned by the consumer, yet the consumer cannot use IP laws to protect that chattel. I’m still not sure if that is a meaningful difference; I’m looking forward to reading his paper.
Jane Winn talked about contract law. Her perspective is that American law upholds contracts very liberally. She favors an approach like the EU directive on mass market contracts, where courts have the power to reject terms that are substantively unfair.
Tim Ehrlich spoke about the costs that legitimate businesses incur due to the spyware paranoia, including the costs incurred by advertisers and the costs attributable to being labeled as spyware or adware. Ehrlich called for some type of appeals process when private companies characterize software as spyware or adware.
Alex MacGillivray described Google’s software principles.
Christine Varney was scheduled as the keynote, but she scratched at the last minute due to illness. Instead, her partner Mary Ellen Callahan took her place. I think we had all been looking forward to hearing Christine, so the substitution was a little disappointing, but Mary Ellen did the best she could under the circumstances. Mary Ellen focused on whether adware businesses could be legitimate, and taking a very FTC-esque approach, she concluded that the answer was yes with adequate notice/consent and easy uninstall procedures.
Peter Menell asked whether regulation was better located at the state or federal level. He used the unfair competition doctrine as a case study, showing that it used to be a federal doctrine but is principally the province of state law now. However, on the Internet, state-based regulation has the risk of creating a lowest-common denominator environment where the most restrictive laws control nationally. He took particular aim at the notion that states can be a laboratory for testing new policy, showing that state law is often influenced by federal policy (such as in the case of unfair competition laws), so they are not pure testing environments. After the talk, I added that states are lousy laboratories because (1) they are especially susceptible to regulatory capture/rent seeking, (2) there is no empirical measurements of results or effort to divine best practices from states’ experiences, and (3) often, at least in the Internet context, a pioneering state’s law is adopted by other states before it has been tested. California’s anti-spyware law is a typical example, having propagated to approximately a dozen states before we have gotten any empirical results in California.
Ira Rubinstein deconstructed several of the proposed federal laws, showing both their breadth and ambiguity.
Susan Crawford gave a good overview of how various legal efforts have failed to address spyware. Her solution is to think about unwanted software as a pathogen and allow technology to develop immunizations organically. She has written a nice paper surveying the spyware/adware topic and I hope she’ll post the paper soon (before it gets too far out of date…).
Deirdre Mulligan gave a great talk (my choice for the best of the day). Her clinic has conducted an ethnographic study of 30 people downloading software and how they processed disclosures. Under current practices, downloaders did not understand the contract terms or even review them. However, when she explained the terms post-download, most users expressed regret. She then presented downloaders with summary notices of some key terms (a layered notice approach). The summaries improved user understanding, but to her surprise, they did not change behavior—people still clicked through to complete the download! This empirical research seems to completely destroy the assumptions incorporated into laws like the Spy Act—the fact that behavior did not change undercuts any belief that more prominent or understandable disclosures will help consumers. I am anxious to see Deirdre’s write-up of her findings; they appear to be both important and useful.
I spoke after Deirdre and made two principal points. First, consumers will benefit from having software on their machines that learns their preferences passively and using those inferred preferences to deliver surplus-producing information. Therefore, we don't want laws that would keep that type of software off users' computers. Second, regulators are forcing consumers to see notice/consent information that consumers don’t care about—basically, foisting new types of pop-ups onto consumers, except that consumers can’t turn these pop-ups off. You can see my notes here.
Henry Chesbrough talked about business models of adware companies. He gave Ebates as an example of a company creating consumer value based on monitoring consumer behavior. He also talked about how government can affect policy not just through negative regulations, but also by encouraging behavior through subsidies and its purchasing protocol.
Michael Geist spoke about transnational jurisdictional issues. He noted the split regarding defamation jurisdiction between the US (which applies the law of the poster) and the other Commonwealth countries (which apply the law of the target).
I thought the conference was great both substantively and as a place to exchange information. My only “criticism” is that many talks did a good job identifying the problems but gave little attention to any solutions (my talk suffered this same defect). In the end, I think this reflects the difficult nature of the problem, but it would have been great if there are new innovative solutions that we should support. Ultimately, such an inquiry is probably moot, because Congress appears to be determined to pass an anti-spyware law regardless of its policy merit.