October 31, 2005
WhenU Opposition to 1-800 Contact's Certiorari Petition
By Eric Goldman
WhenU has filed its opposition to 1-800 Contact's petition for certiorari from the US Supreme Court. WhenU's main argument:
"1-800 mischaracterizes the decision below as holding that the “covert” use of a trademark can never support an infringement claim. But the Second Circuit did not rule that the unseen use of a trademark can never be infringing; it merely held that the particular manner in which WhenU employs the plaintiff’s mark to generate online advertisements does not constitute the “use” of a mark. Petitioner also argues that the decision below is at odds with cases involving metatags, cybersquatting and keyword advertising. But the Second Circuit addressed each of those situations in its opinion, explained why they differ from WhenU’s advertising, and expressly stated that it was expressing no view on the validity of other Internet cases. Accordingly, the conflict posited by 1-800 simply does not exist."
I think it's correct that the Second Circuit opinion does not evidence a particularly strong circuit split, but only because the opinion was so limited. If we try to read the Second Circuit opinion broadly to opine on trademark use on the Internet, a split becomes more pronounced. If we read the opinion narrowly, in that it opines only on the specific under-the-hood database practices of WhenU, there's no circuit split--but then there may be very little precedential impact from the case.
Domain Name Outage This Morning
By Eric Goldman
This morning the blog suffered an outage due to a problem with the domain name renewal. With Rex's help, we got everything straightened out and we should be back in business. Fortunately, the domain never really left my host's control, so there was never a serious risk of porn-napping. I will say this, though--the administrative procedures to manage a domain name at a place like GoDaddy are very taxing, even to me.
October 28, 2005
Product Placement and the Apprentice TV Show
By Eric Goldman
I've always been confused by the fuss over product placements. I know people generally don't like advertisements, and I also know that people want to be told when something is an "advertisement." But product placement occurs in the context of editorial content, and if the editorial content is good, personally I don't care how the showcased products got there.
More importantly, we have tolerated many types of quasi-marketing editorial content for decades. When a band does a live performance on Saturday Night Live (or the Ed Sullivan show), is this band's performance an advertisement or editorial content? Because it's "between the ads," we call it editorial content--but make no mistake, the band's performance absolutely is about increasing record sales, and usually it has precisely that effect. If we consider the full range of quasi-marketing, such as author interviews as part of a book tour (President Clinton's appearance on Oprah is a particularly conspicuous example), book excerpts in newspapers/magazines and radio performances of songs, we realize that marketing in the guise of editorial content is ubiquitous and fully tolerated. To me, product placements are just another example.
As reported by the NYT recently, the process of product placements has become a lot more formalized and organized than it has historically. This article made several interesting points about product placement.
First, it notes how product placement is a logical response to the TiVo age--perhaps the only feasible solution. So long as consumers can excise out commercials easily, consumers will do so. Product placements intermix the editorial content and marketing content in a non-excisable fashion, mitigating the power of the TiVo fast-forward button.
Second, not all product placements are paid. The NYT article gives several examples of product placements where the editorial team initiated the placement and got permission from the marketer, but didn't get paid. Two examples: the famous Seinfeld with the wayward Junior Mints, and a recent placement of a Chrysler 300C in ER.
Third, product placements are reshaping Hollywood financing for good reasons. Integrating product placements into the production allows the producers to "pre-sell" advertising, in some cases enough to cover production costs. Mark Burnett has been doing that with Survivor. Accordingly, TV shows with pre-sold product placement revenues are much lower financial risks for broadcasters. This financing source has the potential to restructure some of the Hollywood financing game.
Meanwhile, product placements can have enormous effects on sales. I'm still in shock from the amazing results from the Apprentice. Consider Pontiac's results when its new Pontiac Solstice was the center of a task on Apprentice. Pontiac hoped to sell 1,000 Solstices in 10 days. Instead, they sold 1,000 cars in 41 minutes--before the show even aired on the West Coast! Pontiac ultimately sold out its entire 1st year production (5,000 cars) before the car was launched.
The Apprentice also helped Staples sell, in 2 hours, a half-million dollars worth of an office organizer created by the candidates. And Hanes sold out a line of T-shirts in 2 days after they were featured on the show.
I wonder how you feel about these sales results from product placements. Personally, I don't mind product placements so long as the editorial content is good. In the case of the Apprentice, I like the show, and I like how the teams work on real-life business situations rather than totally artificial scenarios. If, as a collateral effect, the product placements increase my propensity to transact with the showcased marketer, I'm OK with that.
The law does apply to product placements, but in ways that are insignificant in practice. Payola is illegal, but only if not disclosed. So product placements should be disclosed, and frequently producers make these disclosures in the credits where they are easily missed (I fast-forward through the credits just like I fast-forward through the ads). I assume that over time the anti-marketing crowd will demand increasingly more intrusive/noisier disclosures about product placements that viewers can't miss, but I'm skeptical that more prominent disclosures will help the viewers in any meaningful way.
October 25, 2005
Can Kids Bind Parents to EULAs?
By Eric Goldman
Abramson v. America Online, 2005 US Dist. LEXIS 10095 (N.D. Tex. May 25, 2005).
One of the great unresolved issues in Cyberlaw: if a kid downloads P2P file sharing software, are the parents responsible? This issue is germane to the P2P file sharing lawsuits when kids use the software to engage in illegal file downloads. It's also germane to adware because the P2P file sharing software may be bundled with adware, and the parents may (legimitately) complain that they did not ask or want the software to be installed on their computer.
In the Abramson case, mom wanted AOL installed on her computer. She told dad, who asked Jr. to install AOL. Unfortunately, the case doesn't mention Jr.'s age. Mom develops a legal gripe against AOL, and she sues in Texas. AOL responds that she is bound by AOL's user agreement requiring that the lawsuit be brought in Virginia. Mom says she never agreed to the user agreement. AOL says that Jr. did and that binds mom.
The court says that mom is bound to the user agreement for two alternative reasons:
1) Jr. had "apparent" authority to bind mom to the agreement. With apparent authority, a third party reasonably believes that a principal delegated authority to the agent. Here, this seems confusing--how can an automated agent (AOL's click-through mechanism) "perceive" authority? The court fails to address that. Instead, read at its most literal level, if an automated agent "thinks" the person clicking has authority, then a clicking kid binds the parents.
2) Mom "ratified" the contract by continuing to use the AOL service knowing that the service was governed by a contract of some sort.
What does all this mean for adware vendors? This case probably doesn't speak directly to the typical bundled download. First, mom gave instructions to install the AOL software, whereas many parents may not give equivalent instructions to their kids regarding P2P file sharing software (in fact, many parents probably give instructions not to download). Second, we may be hard-pressed to say that a parent "ratifies" the adware install, especially if the parent tries to remove the install.
However, this case also shows that an "ignorance of the contract" defense on the part of parents is dicey. And, if followed by other courts, this court's bald statement that an automated agent could believe that the clicker has apparent authority could have a powerful impact on attempts to finger-point otherwise.
Hat tip: ContractsProf blog.
UPDATE: Going back through some old notes, I'm reminded of Motise v. America Online, Inc., 346 F. Supp. 2d 563 (SDNY Nov. 30, 2004), where a stepfather signed up an AOL account and his stepson (who apparently shared use) was bound by AOL user agreement for choice of forum purposes.
UPDATE 2: I received the following email from "Elaine Abramson" from email address "AAArtWork@aol.com" (reposted with permission). Obviously, I'm in a worse position to evaluate the facts than the judge was, so I offer this up for your consideration:
"1) My son was NOT a minor on May 20, 1999, the date that AOL paralegal Carrie Davis claimed in her PERJURED Affidavit. My son was 30 years-old on that date.
2) My son was working in New York on that date while I and my computer were in Dallas, Texas.
3) May 20, 1999 was a Thursday, a working day. My son was at work.
4) On May 20, 1999 I owned a Magnavox 386 computer. It did NOT have a modem and did NOT have internet capabilities. I did NOT purchase a computer with Internet connections until March 21, 2000, eleven (11) months after Carrie Davis's PURJURED Affidavit claimed that I had become an AOL member.
5) My Magnovox computer only had a floppy drive. It did NOT have a CD drive and could NOT use AOL's Internet connection CD's.
6) AOL.5 was the CD that was used to connect my computer to the internet. The packaging states that it has a 2000 copyright date. Therefore, I could NOT have become an AOL member prior to AOL releasing that CD to the public.
7) On Google I found listings for Carrie Davis having created (depending on how it was listed) between 10,700 and 260,000 Affidavits similar to the PERJURED one she submitted to the Texas and Virginia courts in my case.
Because of all of the above facts, it was physically impossible for me to have become an AOL member on the date stated in Carrie Davis' PERJURED Affidavit. I have repeatedly submitted these documents to the United States District Court Eastern District of Virginia - Alexandria Division but have been ignored because I am pro se."
October 22, 2005
Barnes on Adware Contracts
By Eric Goldman
Wayne Barnes, a law professor at Texas Wesleyan University School of Law, has posted "Rethinking Spyware: Questioning the Propriety of Contractual Consent to Online Surveillance" to SSRN.
The first 50 pages largely recap the technology and the case law. If you're new to the area, this is an admirable summary of what's been happening. If you're already pretty familiar with the adware space and the case law, you might start at page 50.
Starting around page 50, the paper gets especially interesting. The paper applies some Restatements and UCC provisions to the contracting process. The paper also tries to establish the proposition that adware-mediated online surveillance is so intrusive--as intrusive as a human stalking you in physical space--that we should simply ban adware. Or, if we choose a lesser step, we should require adware vendors to make extreme disclosures and then require consumers to provide repeated consent just to make sure they really meant it.
I had many critiques of the paper, which I emailed to Wayne privately. With Wayne's permission, I have included my global structural comments at the end of this post so that you can "look over our shoulders" to see what I suggested to him.
One thing I agree with Wayne about: the contract formation process with adware raises important questions about the validity of private ordering in this context. In other words, do we really believe consumers when they say "Yes" to adware? If we don't--and there are some good reasons why we might not--then we may have a defect in private ordering. However, I'm not yet convinced that's a big problem. First, I'm not sure such a defect is unique to adware--I think we have many private ordering crises throughout the law of contract, and we've resolved this issue before (maybe not satisfactorily, but we're not dealing with new issues here either). Second, even if there is a defect, I'm not 100% sure that there's any cure that's better than the current situation. Wayne's paper is a commendable first step in addressing these questions, but I think a lot more theoretical and empirical work will need to be done on this topic before we reach really satisfactory resolutions.
The spyware epidemic has reached new heights on the Internet. Computer users are increasingly burdened with programs they did not knowingly or consciously install, which place strains on their computers’ performance, and which also trigger annoying “pop-up” advertisements of products or services which have been determined to match the users’ preferences. The users’ purported preferences are determined, in turn, by the software continuously monitoring every move the consumer makes as she “surfs the Internet.” The public overwhelmingly disapproves of spyware which is surreptitiously placed on computers in this manner, and also largely disapproves of the pop-up advertising paradigm. As a result, there have been many legislative proposals, on a state and federal level, to address the spyware problem. All of the proposals assume that, if knowing and effective consent to spyware installation is granted by the consumer, then the software is lawful. Existing case law would seem to provide a means for corroboration of this conclusion. However, the implications of allowing such profound and invasive surveillance appear to be largely ignored in all of the proposals and discussion concerning spyware. This may be because of the “problem of perspective” concerning online activities, as first highlighted by Professor Orin Kerr. This article seeks to illuminate the true nature of the spyware bargain, and questions the propriety of sanctioning such “surveillance bargains” under principles of contract law. Such bargains may often be unenforceable because a term allowing continual surveillance may be beyond the range of reasonable expectations of most consumers. Even if not, however, the privacy implications are such that we as a society may wish to condemn such “bargains to be spied upon,” and conclude that such contracts should simply be unenforceable as a matter of public policy, and therefore banned.
My conceptual global comments to Wayne about the paper (cut and paste from my email to Wayne):
1) I think you did an admirable job recapping the debate over the words "adware" and "spyware." However, in the end, I was still confused throughout the paper exactly what "spyware" meant to you. It may simply be that you are hypothesizing a unique type of software that both (a) watches behavior, and (b) triggers ads. However, does your hypothesized model also report the captured data back to a home base, or does the data just sit in a directory on the user's computer? (And does it matter?). In the most narrow form of hypothesized software you might be discussing, I wonder if anyone is actually doing what you're concerned about. In the broadest interpretation of your hypothesized software, I think in many cases you're really discussing adware (as I would use the term), not spyware. Perhaps this confusion was mine alone, but I was confused throughout the paper about exactly what were the essential attributes of the software you were characterizing as "spyware."
2) A centerpiece argument in your paper is that electronic surveillance is fully equivalent to human surveillance. I know that some agree with you, but this point deserves considerable attention. I think, if I understand your argument (and it depends exactly on the key attributes of your definition of spyware), that you think that electronic software aggregating electronic behavior onto a hard drive but not telling anyone (and no human ever cognitively considering that data) is as bad as a person physically being in the same room as another person, watching them have sex, masturbate, douche, go to the bathroom, inject themselves with cocaine or commit the other myriad of personal activities that one might want to keep "private." Note that while a person can engage in cybersex, there are some qualitative and cognizable differences between cybersex and physical-space sex or masturbation...aren't there? And while I personally feel uncomfortable with the idea of a stranger (or even my son) watching me defecate, exactly how can the computer monitor a person going to the bathroom?
[Note, I address the inconsequence of inchoate data collection in http://papers.ssrn.com/sol3/papers.cfm?abstract_id=685241]
If there are some activities that are conducted in physical space that aren't replicatable in cyberspace, or if the idea of a computer recording electronic behavior is different from having a person in the bathroom with me while I'm defecating, doesn't this undermine your analogy on Page 52? And if that analogy is weakened, I think that also weaken the various conclusions you draw from it.
Your analogy on Page 52 also assumes that a person is stalking another person "for whatever purpose." I agree that would be creepy, but that's not the right analogy to spyware, which is monitoring behavior putatively to deliver contextually relevant results that would create positive utility for me. I wouldn't want someone tailing me for no reason, but I might very well want people tailing me if they were going to help me. Thus, I disagree with your point on Page 53, where you say no one would voluntarily seek to be tailed--I can think of several situations where that's not true because the tailer would provide valuable services to the tailee--for example, medical care, nannies/butlers, stars with entourages.
Because of this general problem of distinguishing the physical from the virtual, your analogy to the Article 9 repossession law didn't work for me. I'm not an Article 9 expert, but I can think of several distinctions. With repossession, there is a risk of physical altercations that create a breach of the peace. There's also the risk that the repossessor lacked the rights to do what they are doing, thus depriving a legitimate owner of possession and use of their chattel and being difficult to distinguish from an outright theft/conversion of the chattel.
All told, I personally thought your analogy and your virtual/physical distinction (or lack thereof) didn't clarify things for me, but instead raised lots more questions.
You might also note that there is a large literature on this general question--you cited a couple of articles (like Dan Hunter's article), but I'm sure you know that the literature on the physical/virtual distinctions in Cyberlaw, and developing the appropriate analogies, is very rich.
3) You repeatedly take potshots at spyware because it is typically bundled with "modest-value" applications. There are 3 issues with this.
a) there is always a risk of a person externally valuing the subjective utility a party receives from a transaction. This is why the law doesn't question the adequacy of "consideration." But you were willing to make an across-the-board assessment of the subjective value that users place on the bundled applications. You might want to acknowledge more explicitly the basis on which you form that conclusion of subjective value.
b) If you are trying to cost-account for the benefits consumers receive, you need to include any ads received that create positive utility.
c) Current practices are changing rapidly. So whatever the current value proposition is, we should be reluctant to make any predictions about future value propositions.
See http://blog.ericgoldman.org/archives/2005/10/does_anyone_rea.htm for more on this point.
4) I have an idiosyncratic hot button. Personally, I am completely unpersuaded by any policy rationale in the Internet space about preserving the "sanctity of the home." I know this meme has propagated widely, but in the online context, it's nonsensical. Spyware can be installed on home computers and office computers. If the law depends on the "sanctity of the home," then it should make a difference--home-installed spyware bad, office-installed spyware not as bad. Is that what you intend? Also, assume spyware is installed on a laptop that the owner shuttles between the office, home and a cybercafe. Now what? I think there may be underlying policy concerns masked by the "sanctity of the home" argument that deserve to be unpacked and examined more closely. Otherwise, I personally find the rationale very empty.
5) Based on the problems of defining spyware, and tying it to your core objection about surveillance, I think your proposed solution covers a wide range of software--virus checkers, parental filtering software, Windows XP, Google Desktop's Sidebar. Are you really proposing that all of these software programs should be banned because of their surveillance capacity? If so, you might want to acknowledge that expressly. If not, then I'm not sure I understood how you distinguish between the objectionable features of spyware and the ubiquitous monitoring capacities of software.
October 21, 2005
"Does Anyone Really Like Adware?" My Response to Suzi's Question
By Eric Goldman
Suzi of Spyware Confidential asks: "Does anyone really like adware?"
I think this question is crucial, and it's one I've been wondering myself. However, I think there are really 2 subquestions embedded in this one, and I'd like to deal with them separately.
One way to frame Suzi's question is: does the value proposition of adware, as currently implemented, work? To that, I think many of us--even me!--would answer the question negatively, and I think the adware vendors can largely blame themselves for this.
Most adware vendors today say: we'll give you X for free (or help you get X for free), but you'll pay for it with pop-up ads. In this model, the pop-up ads are the "price" or the "cost" of the consumer getting something they want.
But thinking of ads as a cost to consumers, rather than a benefit, seals the fate of the adware vendors. When consumers view ads as a cost, they have every incentive to avoid the ads. We've seen this behavior over and over again with ad-supported media. Consumers take the "good" stuff (the "content") and avoid the "bad" stuff (the ads). For example, drivers in cars switch between preset radio stations when an ad comes on, and TiVo and VCR owners blast through the ads. (Even I do that--with my TiVo, I can shave a half-hour show down to 22-23 minutes).
Thus, each time adware vendors bang the drums that adware-served pop-up ads are the price of something else, they are reinforcing that consumers should resent the value proposition and try to vitiate the deal. And, on that basis, I think even the adware vendors are admitting that the current answer to Suzi's question is no (at least with respect to adware qua adware).
Adware in the Future
Personally, I am less interested in the state of adware today. I recognize that some bad practices today are creating significant difficulty, and I don't want to trivialize those. But technology, business practices and consumer expectations are evolving rapidly, so focusing on today's snapshot of activity may be too myopic. Accordingly, we could reframe Suzi's question as--does adware have the capacity to be something people like and value?
I think the answer to this reframed question is emphatically yes. Indeed, I'll go one step further and say that adware has the potential to have a positive value proposition even if it's distributed on a standalone basis (i.e., without any bundled applications).
I know it sounds crazy to most people conditioned to hate advertising, but advertising can be a benefit, not a cost. Consider, for example, a person looking for a job or an apartment might buy a newspaper to get the classified ads. Stated another way, this person would pay to purchase advertising. Crazy, isn't it? Not at all. Where ads add value to consumers, consumers will want them, seek them out, potentially even pay for them.
Adware vendors have the theoretical capacity to make their software valuable enough that consumers will want it on a standalone basis. If adware vendors succeeded in that, I predict that consumers would gladly embrace adware.
While this capacity may be theoretical, there are existing models of such a mutually-beneficial vendor-consumer relationship: "infomediaries."
An infomediary model works only if consumers trust the infomediary. This is why I think adware vendors' current efforts are so misdirected. Adware vendors should be focusing on how to win consumer trust in the ads they serve, not how to improve distribution or the bundled value proposition. The current crop of adware vendors may or may not evolve to meet this challenge, but future market entrants will--so long as we don't destroy the competitive environment in a way that prevents their entry.
October 20, 2005
Spitzer's Witchhunt Nails Adware Executive Personally
By Eric Goldman
In response to my post yesterday about adware witchhunts, a reader privately criticized me for analogizing the adware situation with manias where people's lives were at stake. Ben Edelman made a similar point in his comment to the post. I didn't mean to suggest (directly or via an analogy) that people would die because of the anti-spyware mania, and I apologize for any statements that suggested or implied otherwise.
However, I was trying to say, and I remain fully convinced, that the anti-spyware mania will extract significant personal tolls on those targeted, even if the legal basis of their targeting is questionable. As if on cue to provide evidence for this point, today Sheriff Spitzer announced his latest trophy: Intermix CEO Brad Greenspan entered into an "Assurance of Discontinuance" which requires him to pay $750,000 for his alleged wrongdoings, which allegedly included
* "Greenspan directed Intermix’s employees to bundle adware programs with other free software programs to avoid informing consumers of their existence by disclosing Intermix’s adware programs only in a linked, inconspicuous, End User License Agreement."
* "Greenspan directed subordinates to bundle the adware programs to make them difficult to uninstall."
Now, given that Intermix sold for $580M, Greenspan may be able to afford the $750,000 check. I also suspect that Greenspan had other personal motivations for consenting rather than fighting. For example, perhaps his assurance of discontinuance was a precondition to final approval of the overall Intermix settlement with Spitzer, which in turn might have been a precondition to the close of the Intermix acquisition. I don't know if this hypothesis is right, but my point is that there may have been behind-the-scenes motivations that explain this settlement.
But what about the law? On what legal basis is an executive individually and personally responsible for decisions taken on behalf of a company?
I'm not an expert in this area, but the default rule is that if a company breaks the law, individual officers, directors and employees aren't liable personally. There are statutory exceptions to this, and in some cases the corporate organization is so thin that we can't distinguish between a corporation's actions and an individual's actions (such as a company where a single person is sole owner and employee). And in consumer protection actions, it's not unprecedented that individuals who run small operations to be covered by an enforcement action.
But actions against executives of "real" companies are pretty rare. Further, Greenspan's decisions were both legally colorable in their propriety and extremely typical of the decisions made by adware executives...and many other software vendors.
The universality of Greenspan's decisions surely must be the point. Spitzer's sending the message that no one in the adware business is beyond his reach. Accordingly, I completely reject any argument that the witchhunt won't significantly affect the lives of the people targeted. Greenspan's $750,000 check says otherwise.
California Anti-Phishing Law--Cal. B&P Code Sec. 22948
By Eric Goldman
Going through my stack, I came across Cal. Business & Professions Code Sec. 22948-22948.3 (SB 355), California's recently enacted anti-phishing law. In general, compared to other state anti-Internet behavior laws, this law is relatively targeted and unobjectionable. However, the substantive provision caught my attention for an unexpected reason. 22948.2 says:
"It shall be unlawful for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business."
I've highlighted the part that I find interesting. The term "business" isn't defined, but per 22948.3(a), a business either provides Internet access to the public, owns a web page, or owns a trademark.
Because someone can be a web page owner even if they are not a trademark owner, this law is a quasi-trademark law--it gives trademark law-style rights to non-trademark owners. The way I read this, business owner X can prevent competitor Y from representing itself as business owner X (at least, for purposes of eliciting personal information via a transaction) even if business owner X doesn't have a trademark--or even if business owner X can't get a trademark (because, e.g., it is using a descriptive trademark that hasn't derived secondary meaning). Anyone else have a different interpretation of this? If my reading is right, then it seems like this law provides a conceptually significant expansion of trademark law.
Further, if my reading is right, then I think trademark owners who can avail themselves of CA law can go after some alleged Internet trademark infringers under the anti-phishing law, even if there wasn't a technical trademark infringement (at least, in the pure form of a likelihood of consumer confusion). If I were a California plaintiff-side trademark attorney, I would consider adding this cause of action as a standard pleading when online trademark infringement is involved. Note, among other things, 22948.3(a) provides statutory damages of $500,000, which might be a pretty good windfall for some trademark owners (and an even better windfall for someone who can't get a trademark!).
October 19, 2005
Latest Junk Fax Lawsuit--Adler v. Vision Lab Telecommunications
By Eric Goldman
Adler v. Vision Lab Telecommunications, Inc., 2005 WL 2621984 (D.D.C. Oct. 17, 2005).
I've set up a Westlaw alert to notify me of new TCPA cases and I'm pretty shocked by the volume of cases being reported under the law--it's way higher than I imagined. I typically get 3-5 emails from Westlaw a week with new cases interpreting the TCPA. Not surprisingly, plaintiffs seem to be loving it!
I'm blogging about this case in particular because of its direct relevance to the adware/spyware cases like Sotelo v. DirectRevenue and Simios v. 180Solutions (I know there's a third case against eXact, but I haven't had a chance to read the complaint yet).
In the Adler case, the plaintiffs brought suit over junk faxes. The defendants moved to dismiss the various claims.
Of particular interest is that the judge granted the motion to dismiss the common law negligence claim, saying that the common law claim was subsumed by the TCPA law. It appears that this specific question has created a split of precedent. The court cited both Morris v. Fax.com, Inc., No. 03-CA-1109 (D.C. Sup. Ct. June 13, 2003) allowing (reluctantly) the negligence claim to survive a motion to dismiss, and Chair King, Inc. v. GTE Mobilnet of Houston, Inc., 135 S.W.3d 365 (Tex. App. 2004), which granted the motion to dismiss.
While the Sotelo court denied the motion to dismiss the negligence claim, I think the Sotelo court ultimately will reach the same conclusion as this court that the negligence claim is subsumed in the other claims.
Also interesting is that the judge denied the motion to dismiss the common law invasion of privacy claim (raised in the Simios case but not (yet?) raised in the Sotelo case). Referring to the Restatements and a motley assortment of precedent, the court says "in extreme circumstances, sending unauthorized fax advertisements may be an intrusion upon seclusion." The court then hastened to add that "Adler may have difficulty proving that defendants' faxes were a frequent enough intrusion to be highly offensive to a reasonable person."
I'd have to research the case law more, but on the face of it, this seems like a big win for anti-fax/anti-telemarketing plaintiffs. There's an acknowledgement that with the right facts, a common law invasion of privacy claim is valid.
Does this thinking port over to the adware/spyware context? The motley precedent cited by the Adler court is heavily laced with references to telephone calls being intrusive, so as precedent this case could be easily distinguished. On the other hand, if the standard is that any marketing intrusion could constitute invasion of privacy so long as the intrusion is frequent enough, then anti-adware plaintiffs should be thrilled!
UPDATE: BNA (subscription required) reports that the case has settled.
Adware Witchhunt Gone Awry
By Eric Goldman
Ben Edelman's latest "research report"/attack salvo goes after Claria because an ad promoting a Claria product was delivered via alleged spyware. To connect Claria with the "spyware" vendor, Ben traces the money as follows:
Step 1: Claria pays ad network Zedo.com
Step 2: Zedo.com pays 02320.com
Step 3: 02320.com pays ad network Yieldmanager.com
Step 4: Yieldmanager.com pays Venus123.com
Step 5: Venus123.com pays "spyware" vendor ContextPlus
Step 6: ContextPlus does a non-consensual installation (this presumably happens before the money flows)
Based on this 6 step process, Ben’s report reaches the conclusions that "Claria pays spyware vendors to show Claria's own ads through their popups," "Claria funds and supports such vendors" and "Claria Shows Ads Through Exploit-Delivered Popups."
Notice the pronoun-verb connection/disconnect here. Claria "pays"..."shows"..."supports." But per Step 5, Venus123.com was the one who entered into the relationship with the "spyware" vendor, and Claria was six contractual relationships away from the delivery of the ads via a non-consensual installation. Was the report confused about who dealt with the vendor? Was this a deliberate decision to ignore steps 1-4?
Either way, this grammatical sleight-of-hand reveals a critical assumption of the report--and of anti-spyware zealots generally--that has not been adequately elucidated, examined or justified. Before we can care about the report's assertions, I feel like someone--anyone--ought to establish that a money source six contractual relations away is "supporting"/"paying"/"funding" the downstream party. If we don't agree with this grammatical construction, there's nothing interesting at all in the report.
Note that I'm not disputing that cash originating from Claria ends up in the hands of a "spyware" vendor who may have directly (or more likely indirectly) made a non-consensual install. (I haven't validated the findings, but I'm willing to accept their truth for now). But even if this finding is true, SO WHAT? If we open up an inquiry to find every person or entity who is a source of funding for ContextPlus 5 degrees of separation away, my guess is that we find hundreds, thousands or even tens of thousands of "supporters." And if we keep working upstream from Claria (going 6, 7 or 8 degrees of separation from the offending event), we find more "supporters" of Claria that are, by association, supporters of ContextPlus. Go far enough up the chain, and I'm 100% convinced we'll find money flowing through Claria to ContextPlus from every anti-spyware zealot and agitator out there. Using this illogic, I think we would unavoidably conclude that every anti-spyware zealot “supports” spyware.
The previous sentence would be partially in jest if it weren't prompted by a serious social threat. That threat isn't spyware; it is witchhunts where mere association, even if attenuated, equals guilt. We saw similar manias in the Seventeenth century witchhunts of Puritan New England, with the 1940s and 50s Red Scare of McCarthyism, and now with the latest round of zealotry, the anti-spyware crusade. I think each of us has the personal responsibility to vigilantly guard against the temptation of a taint-by-association mania and the resulting significant negative consequences it can produce for the falsely accused.
[NB: I've made some changes to the previous paragraph to clarify some points that may have been misinterpreted.]
To be clear, I recognize that Claria, in theory, derives an economic benefit from the ad placed by Venus123.com and delivered via ContextPlus. But once again, SO WHAT? Everyone upstream from Claria derives the same economic benefit--its investors, its landlord, its Internet access providers, etc. Using this rationale, shouldn't they be on the hook too?
No. As a matter of law, policy and logic, we don't go this far. We don't hold stockholders or lenders responsible for the illegal actions of the company they invested in. We don't hold the power company responsible for the actions of a customer. And we don't hold Company A responsible for what Company B, five contractual relationships away from it, does.
Here's how I propose we put a stop to this nonsense. It’s time for the anti-spyware zealots to make their assumptions explicit. We deserve a simple and plain answer to the following question:
When is X responsible for an adware vendor’s unauthorized installation, and why?
In answering this question, I would like to know: (a) the full universe of people who could be X (and does it include their vendors? customers? investors? employees?), and (b) is X's responsibility based on the law (if so, which legal doctrines?), morality (if so, what moral doctrines?), blinding emotional outrage, or some other basis?
Until we get upfront and clear answers to these questions, any report concluding that X or Y supports/funds/pays for/is responsible for "spyware," without justifying the causality link, lacks credibility. I further think any reporter who repeats those report's findings without also referencing this omission abrogates his or her journalistic responsibilities.
* Copyright Infringement for Bundling with P2P File Sharing Software?
* 2004 Case on Advertiser Liability for Spam
* Are Adware Advertisers Responsible for Adware?
* AP Story on Advertiser Responsibility for Adware
* More on the Adware Advertiser Witchhunt
* Edelman on "Intermediaries' Role in the Spyware Mess"
* LA Times on Adware Advertisers--Including 1800 Contacts?
* Will Spitzer Go After the Adware Industry?
* Does AskJeeves Have a Spyware/Adware Problem? Diller Says No. I Say...
October 18, 2005
Galster on Infomediaries and Bonded Sender Programs
By Eric Goldman
In late March, I posted a blog post entitled "Infomediaries--Where Are They?" In that post, I explained why infomediaries have the potential to improve social welfare compared to our existing marketing system, but I noted that no infomediaries have emerged in the marketplace for reasons not entirely clear to me.
In response to that post, one of my students, Garet K. Galster, wrote a thoughtful reply, which I reproduce here (with his permission):
As noted in Professor Goldman's previous post, it appears that at least two social benefits arise in response to infomediary usage. One social benefit is that consumers receive information only on subjects with which they have an interest. Also, the marketing is directed at the most likely consumer of the service being provided. Sounds like a win-win proposition. What is the problem?
In my opinion, the problem with infomediaries appears to be twofold. First, it's all about the Benjamins. The monetization of customer information may be both a temptation for infomediaries and a deterrent for consumers. Also, the cost of administration may be such that the model is not economically feasible, which may flow from the second problem.
Second, there might be a market failure in the technology of the internet as it now stands, which prevents companies from entering the market.
With relation to monetization, government regulation of what an infomediary can do with the information held is likely the only way to prevent such inevitable profit searching. The administration cost of an infomediary would also likely be a stumbling block because of the existing internet technology and lack of internet regulation. The likely administrator for such an infomediary scheme seems to be the delivery service, or rather receipt service, of the marketing materials. Some payment mechanism would need to be developed so as to pass payment along to the receipt service. Also, the marketing communication methods may affect such cost.
Relating to the technology of the internet, following is a skeleton of a proposed system that could be used by internet access providers (IAPs) or e-mail providers in internet marketing mediation.
Members of an IAP or e-mail provider would be able to select items of interest. A list of items of interest could be generated from marketers wishing to market to such members. The system could be designed as an opt-in or opt-out system. Many details could be discussed regarding the least cost implementation of such a system, but that can be saved for comment responses, or another post.
To market to an IAP's members, the marketer would be required to pay a "delivery charge." Consumers would have to pay some fee to block anything other than obscene materials, i.e., materials rated a certain way, maybe in accordance with current movie or music rating systems.
Therefore, all marketing e-mail would be filtered, at a cost to marketers and consumers alike. This would result in an efficient amount of marketing e-mail because the marketer will only partake if his expected return is greater than the amount required by the IAP, and, in turn, consumers will pay to block any e-mail they perceive as not worthy of their time. In other words, an entitlement may not have to be provided completely to the consumer or the marketer, but rather the value of the marketing can ultimately be decided by the parties involved.
One option on the market today is a bonded sender program (BSP). However, the proposed system is different from BSPs in at least three aspects.
First, a bonded sender pays only if sufficient complaints are received from consumers. See Scott Banister, IronPort Systems Inc. White Paper: Bonded Sender Program Overview 3 (July 2002). Indeed, the marketing cost is unknown in a BSP system, and essentially is a function of the consumers' whims.
Second, in a BSP system, the entire expense of marketing, or avoidance thereof, falls upon the shoulders of the marketers. This may not yield the most efficient results.
Finally, the BSP could be considered a deterrent that reaches too far. Indeed, under the BSP model, "[u]nscrupulous spammers suffer from the program, since they could never afford to post the bond - their high complaint rates would put them out of business." Id. Therefore, the ultimate effect of a BSP might be to remove the most valuable marketing tool, i.e. e-mail, from the repertoire of small start-ups and others who need to build a brand or notoriety.
In conclusion on BSPs, they seem purportedly to allow only "legitimate" marketing messages pass through to consumers. However, where there is responsibility on the consumer's part to report perceived illegitimate use of e-mail marketing, it seems the system has already failed. In other words, if unwanted marketing arrives in the consumer's inbox, the desirable cost avoidance feature of an e-mail marketing control has minimal effect.
The proposed system, however, offers pricing predictability, efficient passthrough of marketing e-mail, and allows equal access to the marketing tool while achieving the cost savings desired.
Two observations about Garet's comments:
First, I'm not convinced that an infomediary needs government regulation to avoid selling out to advertisers. We have some institutions that successfully cater to both consumers and advertisers simultaneously--print publishers are the most obvious example. In the end, an infomediary will live or die based on consumer trust in it. If the infomediary sells out for short term gain, it should result in a death sentence for the business.
Second, there have been a lot of different proposals to broker a payment system between marketers and consumers. See, e.g., Laudon, Kraut et al, Loder et al and Ayres/Funk. I will have a lot more to say about these proposals in my next big paper.
For now, I think it's interesting that Garet proposes to put some of the onus on consumers to pay something if they want to avoid some marketing. None of the articles I cite above consider this option. Indeed, all start from the premise that consumers have the right to be free from marketing and therefore any financial burdens should rest solely on the marketer. In contrast, Garet expects consumers to pay some money as a way to express some of their otherwise-undisclosed preferences. Does it make more sense that consumers have some responsibility to avoid unwanted marketing, just as marketers should have some responsibility to avoid uninterested consumers? I'd be interested in your thoughts on this.
Thanks, Garet, for an interesting response.
October 16, 2005
Copyright Infringement for Bundling with P2P File Sharing Software?
By Eric Goldman
"Saw your recent posting on the Direct Revenue/KaZaA partnership. Many have praised this move despite the fact the Supreme Court has ruled that these P2P networks are illegal. I can see why people are praising Direct Revenue for getting out of the distribution networks they are in, but I’m just surprised to see no one question the legality of distributing with KaZaA. Any thoughts?"
You can read my lengthy response about tertiary copyright infringement at her Spyware Confidential blog.
One correction: a commenter at Suzi's blog notes that the tertiary liability lawsuit named other defendants beyond Bertelsmann, including Hummer Winblad, Hank Barry and John Hummer. I didn't get into this detail in my write-up but the commenter is correct--thanks for the clarification.
October 13, 2005
Peering Agreement Dispute Between Level 3 and Cogent
By Eric Goldman
Peering agreements rarely get much attention, even though they are the Internet's infrastructure. Through peering agreements, Internet access providers (IAPs) agree to exchange packets directly with another IAP. These exchanges are usually for no money with the assumption that the data flowing between the two IAPs will be roughly equivalent. If, in fact, traffic is roughly equivalent, it's cheaper to barter than to charge for packets.
This assumption animates a bedrock and venerable principle of Internet data flows--that there should not be marginal costs to trading packets. This principle is false on its face, as in fact each party to a peering agreement incurs both non-trivial marginal and fixed costs to maintain the connectivity. It's not that hard to imagine a different Internet evolutionary path where each IAP charged those marginal costs to other IAPs, in which case undoubtedly this variable charge would be passed through to consumers.
It's relatively rare for a peering arrangement to blow up. The last well-publicized event was a dispute between Cable & Wireless and PSINet in 2001.
Then, last week, Level 3 and Cogent mixed it up. Level 3 complained that it was larger than Cogent, so Cogent should have to pay Level 3. Level 3 stopped accepting Cogent's packets, so some Level 3 customers could not reach some Cogent customers. Not everyone was affected because many major IAP customers maintain multiple/redundant IAP relationships so that, even if one goes away, often the packets can route around the outage. Nevertheless, Level 3's actions led to a fairly significant outage across the Internet.
The companies have kissed and made up for one month. However, Level 3 continues to insist that Cogent will ultimately need to pay up. This dispute may not be over.
This dispute showed the relative fragility of the current Internet infrastructure. If one major player decides to change the economic rules, (a) some customers will be cut off, and (b) there could be ripple waves that could easily change the default packet processing business model from barter to for-pay. This has created some fertile ground for Congressional grandstanding, and Rep. Boucher is hinting/threatening to use his Congressional powers to unilaterally fix the Internet.
I'm not inherently opposed to a model where we pay by packet. Economists would generally favor this because per-packet pricing would more accurately signal the true marginal costs of communication, encouraging communication at an economically efficient level. For example, if spammers had to pay per packet, the working theory is that spam would radically decrease.
However, the current infrastructure--and resulting lack of per-packet charges--has been IMO a material/essential factor contributing to the proliferation of Internet communications. We take it for granted that we can communicate on the Internet without incurring some annoying and minor marginal cost, and this psychology has enabled the Internet to weave itself deeply into our society. Perhaps we've had it good for a while, and all good things must come to an end. On the other hand, it would be a shame if we lost those benefits simply because one IAP freaked out.
UPDATE: The Washington Post quotes a bunch of putatively anti-regulation people thinking this is a situation that warrants regulatory intervention.
UPDATE 2: Notice the ads on the left. Because of this post, I've been getting ads from Cogent promoting its offer to Level 3 customers giving them 1 year free if they switch to Cogent.
UPDATE 3: Cooler heads have prevailed, the parties have settled their dispute, and it appears that the parties are generally exchanging packets without payment.
Amazon Not Liable for User Book Reviews--Hammer v. Amazon
By Eric Goldman
Hammer v. Amazon.com, 2005 WL 2467046 (EDNY Sept. 27, 2005)
This is a continuation of Hammer v. Trendl, 2003 WL 2146686 (EDNY Jan. 18, 2003). Hammer is a self-published author of handwriting analysis books. He had a vendor relationship with Amazon (unclear from this case what it was--maybe zShops?) to market his books. A user, Trendl, posted negative reviews of Hammer's books on Amazon. Things went sour with Amazon, and they terminated his account.
Hammer then went into a litigation frenzy, suing Trendl and Amazon. He worked pro se, a status that make the entire legal process a little gummy. For example, how is the judge supposed to respond to the claim that he is suing for cyberpiracy under admiralty law? (Cyberpiracy; piracy on the high seas...get it?).
Hammer didn't make his life any easier by being a vexatious litigant. Things got so bad that a judge ordered Hammer from communicating directly with Amazon, instead requiring him to communicate only through Amazon's attorney. You know the lawsuit isn't going to go well for a pro se plaintiff when things get that bad.
In any case, the Hammer v. Trendl ruling implicitly determined that Trendl's postings were pure opinions, and thus there were no facts to form the basis of a defamation. Amazon effectively piggy-backed on this ruling, and the judge in this case basically pointed to that ruling and said "me too." Because the postings weren't defamatory, Amazon had no liability.
Based on the limited facts in the ruling, it seems like Amazon should have also been able to dismiss the claim on 47 USC 230. However, Hammer alleged that Amazon and Trendl were "colluding," and I wonder if that allegation would have been enough to survive a motion to dismiss based on 47 USC 230.
Hammer also alleged that Amazon infringed his copyright by displaying a cover of Hammer's book. On its face, this cause of action is pretty serious but the facts are vague. The court says the allegation of copying is that "a graphic depicting Plaintiff's book cover was linked to a page where Trendl's comments were posted." I'm not sure what this means. Amazon, of course, hosts graphics containing the covers of books it sells, and if those graphics are infringing, Amazon could be on the hook. If this means that someone (Amazon, Trendl or someone else) merely posted a URL on Amazon's site to a graphic of the book cover on someone else's servers, then the judge got it right.
The judge continues with an alternative reason to dismiss the copyright claim: "Plaintiff contracted to sell his book on Amazon. Amazon displayed the cover of the book on its web site. It is impossible for this Court to comprehend how such an act constitutes an infringement of Plaintiff's copyright."
I have no difficulty imagining this at all. It simply depends on what's in Amazon's contract. The contract could get permission to use the cover; or Amazon could steal a graphic, which wouldn't surprise me in the least. So as a practical matter, I don't understand how this rationale can support a motion to dismiss--it seems like we need more facts here.
In any case, we have a derivative liability case that doesn't cite either 230 or 512. Just a reminder that those safe harbors aren't the entire universe of doctrines exculpating defendants for other people's conduct.
Hat tip to Evan Brown for catching this one--I have alerts for cases on both 47 USC 230 and 17 USC 512, but this case triggered neither! Nice going, Evan.
October 12, 2005
Presentation on Coasean Analysis of Marketing
By Eric Goldman
I'm giving a talk on my next major paper (tentatively titled "A Coasean Analysis of Marketing"...a title that will likely change yet again), at the Midwestern Law & Economics Association meeting in Chicago. A preview of my slides.
Jacoby on Sponsorship Confusion
By Eric Goldman
Sorry for the light blogging--between my travel/presentation schedule and the Jewish holidays, it has been hectic!
Jacob Jacoby is a leading trademark survey expert/consultant--I imagine he's been an expert in over 150 trademark cases. He recently posted a paper to SSRN called "Sense and Nonsense in Measuring Sponsorship Confusion" where he deconstructs various methodological failures in surveying consumers about sponsorship confusion. The abstract:
"Section 43 of the Lanham Act prohibits false or misleading misrepresentations of fact that are likely to cause confusion, or to cause mistake, or to deceive as to the sponsorship or approval of goods or services. Examination of case law reveals emerging disagreement across courts on what needs to be assessed when measuring such "sponsorship" confusion. Various issues, including the logic underlying such measurement, are discussed. In the process, the author explains why, from the perspective of both science and law, one approach accepted by courts makes sense while another does not."
October 04, 2005
A Sharp Stick in the Eye of Trademark Law?
By Mark McKenna
Over at his interesting blog (which Mark Schultz plugged a little while back), Grant McCracken has a post discussing modern marketing practices in terms of their "roundness" or "sharpness." He suggests that all marketing used to be round, by which he means that there could only be one unique and relatively straightforward selling proposition for a brand. He suggests that things have changed, and that consumers now crave sharper marketing - we want marketers to leave some manageable amount of pattern detection to us as consumers. He has several examples of rounded versus sharpened marketing, and the one that resonated most with me was Wayne Newton versus Cirque du Soleil (though Microsoft vs. Google was pretty good too).
I'm not qualified to analyze McCracken's post from a marketing and/or anthropological perspective, but it got me wondering. He seems to be suggesting that consumers don't want such straightforward, clean understandings of brands. That is, at some level, a remarkable observation if it is in fact true as a general proposition. Trademark law has acted for the last 50 years on exactly the opposite assumption.
The tools of modern trademark law increasingly operate for the purpose of allowing a mark owner to manage the meaning of its brand. Think about it - dilution law is all about allowing the owner of a brand to create a singular, clean meaning for its brand. It's for Disney to remain special to Mark Schultz in the same way it was special to him as a kid, and specifically to prevent anyone else from interfering with that simple and immediate reaction.
I've mentioned before, probably too often, how trademark law makes all kinds of assumptions about consumer behavior that are based on zero empirical data. If McCracken is right in his assessment of what consumers want from brands, shouldn't trademark law account for that? I'm not completely sure I know how radically it should change as a result, but it seems to me that this ought to be a fertile ground for further study. I'd be curious to know what my co-bloggers think about this.
October 03, 2005
Menell on State Anti-Spyware Regulation
By Eric Goldman
Peter Menell has posted his article "Regulating 'Spyware': The Limitations of State 'Laboratories' and the Case for Federal Preemption of State Unfair Competition Laws" to SSRN. This article thoroughly examines state-level unfair competition laws and how they may apply to regulating spyware and adware. He also raises some fundamental questions about the wisdom and utility of state-level efforts to regulate the Internet generally.
"Drawing on Justice Brandeis's oft-cited observation that states can serve as "laboratories" of policy experimentation, this Article develops a framework for assessing the allocation of governance authority for regulating Internet activities. In particular, it focuses on whether states should be free to experiment with regulatory approaches or whether the federal government should have principal, if not exclusive (preemptive), regulatory authority over Internet-related activities. Using recent efforts to regulate spyware and adware as a case study, the analysis shows that the lack of harmonization of, and uncertainty surrounding, state unfair competition law produces costly, confusing, multi-district litigation and pushes enterprises to adhere to the limits of the most restrictive state. Such a governance regime unduly hinders innovation in Internet business models. On this basis, the Article favors a uniform federal regulatory system and pre-emption of state statutes and unfair competition common law as applied to spyware and adware. The final section of the Article extrapolates from this study of spyware and adware regulation to the larger context of Internet governance."
Law Enforcement Collection of DNA
By Ethan Ackerman
Recent legislative activity in the US Senate has brought some press attention to the touchy issue of DNA collection by law enforcement. Similar proposed and passed DNA legislation at the state and federal levels over the last several years has also drawn court challenges. As a result, a fair number of court opinions on the subject exist - enough to allow a quick look at the legal contours and legislative status of DNA collection laws.
A quick background
Most every US state and territory has some sort of legislation regarding law enforcement collection of DNA from convicted criminals of one type or another. These laws, passed primarily to assist in identifying potential perpetrators of other, unsolved crimes, vary significantly from state to state. A comprehensive comparison can be found at DNAresource.com, which catalogs legislative information such as types of qualifying crimes, records purging procedures, applicability to probationers, etc. Despite the variability, almost every state shares at least some DNA information with a national, FBI-administered DNA database called CODIS.
Constitutional interests- Privacy and self-incrimination
The non-voluntary extraction of DNA from blood or tissue samples of a suspect or convict plausibly touches on 4th & 5th Amendment rights to be free of searches and self-incrimination, respectively. So how does the jurisprudence currently stand?
The 5th Amendment - not so applicable after all
DNA has quite a bit of evidentiary value, as a match or a dissimilarity with a suspect's DNA can tell whether there is a highly probable connection, or definitive non-match, to some other piece of evidence. The main 5th Amendment argument asserted against collection is that compelled production of such potentially damning, and highly personal, evidence amounts to a compelled 'testimony' against one's self.
This 5th Amendment interest has been rather definitively addressed, and it doesn't amount to much, according to the Supreme Court. More specifically, blood or tissue samples that may tend to show innocence or guilt (say, by matching blood at the scene or having more than the legal limit of alcohol in the blood) can be forcibly (so log as also humanely) collected, and doing so won't violate the 5th Amendment, according to the Supreme Court. In a case that obviously matters a lot to DUI attorneys, Schember v. California, the Supreme Court reiterated that the 5th Amendment protects against compelled testimony primarily in the spoken word sense. Blood tests weren't compelled "testimony," even if they were "compelled" in the sense that they were forcible, over protests. DNA seems to tell much more about a person than blood alcohol level, but while that may gather DNA more privacy protections, it doesn't seem to matter for 5th Amendment purposes, which are concerned mainly with whether spoken "testimony" is compelled.
The 4th Amendment - it applies, but the devil is in the details
The 4th Amendment protects against unreasonable searches and seizures, and most every case challenging a DNA collection has recognized that such compelled collection is a search or seizure. With almost equal uniformity, though, courts have found such a search - at least as applied to convicts or probationers/parolees - not unreasonable. A comprehensive and fairly recent report on these cases by the American Society of Law, Medicine & Ethics catalogs the legal theories in each case. Included in the report is a discussion of the 9th Circuit's 2004 en banc decision in US v. Kincade, discussed more below. While several federal circuit courts have addressed DNA collection laws, the 9th Circuit in Kincade is the only court to find one unconstitutional. Kincade's unconstitutionality ruling was only temporary, as the en banc court reversed the panel decision and barely found the federal DNA statute constitutional, in a 6-5 split. Because it is the only circuit decision to find a 4th Amendment failing in the federal statute, because the ultimate decision was en banc rather than just a panel (making it a close to a Supreme Court decision as anything out there,) and because the split was so close, Kincade is worth focusing on in more detail.
US v. Kincade
A 9th Circuit Court of Appeals panel found, 2-1, that the mandatory collection of DNA as a term of parole violated Thomas Kincade's 4th Amendment rights, a decision the en banc 9th Circuit reversed. Details and analysis can be found on findlaw, the informative EPIC page on the Kincade cases, or the actual en banc 9th circuit opinion.
It is worth noting reading at least one of the summaries, but the meat of the opinion is this: a 6-5 majority upheld the collection only because of the diminished privacy expectations probationers/parolees have, a distinction discussed more in the conclusion, below.
Criminal DNA collection laws can generally be classified into three 'waves,' with the third wave just starting to be proposed and pass in states and Congress. In the first wave, states passed laws mandating collection of DNA from violent or sexual offense criminals, and the creation and sharing DNA databases. At the federal level, this included a nationwide database, administered by the FBI, called CODIS. The 'second' wave was somewhat reactionary: in response to the perceived slanting of the technology and resources towards prosecution, legislation was passed mandating sharing of DNA information and samples with the accused, requiring timely analysis and providing funding to reduce backlogs, and making evidence available to the already convicted to assist in post-conviction claims of innocence. Such legislation is perhaps best exemplified by the Innocence Protection Act at the federal level. The "third' wave of DNA legislation has focused on extending the collection pool to arrestees, not just those tried and convicted of a crime, with the goal of making DNA collection much like fingerprinting.
California's prop. 69 and Senator Kyl's DNA Fingerprinting Act of 2005 are examples of recent 'third' wave legislation, though some states, such as Virginia, have gone beyond legislation and have already enacted laws.
Because it is the federal version of similar state 'third' wave legislation, and it expands the federal database and funding to arrestees, the DNA Fingerprinting Act of 2005 is worth a quick peek.
The DNA Fingerprinting Act of 2005
The DNA Fingerprinting Act of 2005 (S.1606) would, according to its author, Sen. John Kyl of Arizona, now allow DNA from state arrestees (not just convicts) to be included in CODIS, expand federal funding to state DNA collection programs for arrestees (not just convicts), and allow DNA collection from federal arrestees and detainees (not just convicts). Similar bills have passed the House of Representatives in the past, and, although it has opposed 'second wave' bills that arguably level access to DNA evidence, the current Administration apparently supports Sen. Kyl's bill.
Senate politics and bill passage
In addition to the expansion of state DNA collection powers, the Kyl bill allows anyone who is "arrested or detained under the authority of the United States" to DNA tested, not just convicted felons. This federal expansion, while nowhere near as big an expansion as allowing each state to expand collection, is likely to be the most contentious. Why? Immigration. The Kyl bill allows compulsory testing of any detained immigrants. While many may think of "detained" immigrants as just those caught at illegal border-crossing attempts, but, thanks to federal immigration law, even visiting foreign scholars in the visa application system may be considered detained at some points in processing. The immigration angle seems to be the first thing opponents (LEAHY cite) criticized, and depending on which version of the Kyl press release/editorial one looks at, the home-state-targeted one or the one on the Senator's senate webpage, illegal immigrants either are or are not mentioned as the target of the bill.
The Kyl bill's recent press has been primarily focused on its recent passage out of the Senate Judiciary Committee, and important procedural step on the path to enacted law. The bill was offered, over objections, as an amendment to S.1197, the reauthorization of VAWA, the Violence Against Women Act, itself a politically charged bill.
Some thoughts in conclusion
To some degree, legislators zealous expansion of criminal DNA collection flies in the face of oft-professed concern over personal privacy. The US Senate unanimously passed a genetic information privacy bill, extolling the sanctity of genetic information protection and warning against indiscriminate collection and discrimination. Yet at least some of these legislators are proposing to authorize large-scale collections of the same information in the name of crime fighting.
Aside from the constitutional concerns discussed below and immigration issues that make it a political hot potato, Sen. Kyl's bill also seems to be weak in how broadly it sweeps in permissible DNA collection. Far from expanding DNA collection to "just" the arrestees and detainees focused on above, the language of the bill technically allows states almost carte blanche to include DNA from any source. A state could pass a law allowing collection, not just for convicted offenses or at arrest, but at any reason - i.e. as a condition of getting a drivers license! The only limiting language for state collection grants in the bill is: states can only add DNA collected pursuant to "applicable legal authority" - which means, roughly, anything the state passes a law for.
Final Constitutional thoughts
So how would a bill such as the DNA Fingerprint Act of 2005 fare if it were passed into law? Arizona Senator Kyl is from the 9th Circuit, so lets look there. From Kincade, we already know that DNA testing turns heavily on the incarcerated/probationary status of the unwilling donor. Another 9th Circuit case, US v. Scott, held that pre-conviction arrestees can't be compelled to submit to drug testing as a condition of bail. This seems like the same population (the 'arrestees and detainees' described in the DNA Fingerprint Act) in the same circumstances (facing compelled tissue sampling) with the same 4th Amendment concerns. At least under 9th Circuit case law, it looks like the Kyl bill, and any similar California propositions, wouldn't hold up to a 4th Amendment challenge.
A contrary conclusion?
But wait a minute, aren't searches of a person incident to a lawfully executed arrest ok for 4th Amendment purposes? All these current DNA cases are about parolees or convicts, and are well after an arrest, in effect a new search. Why not routine DNA testing of an arrestee during booking, just like fingerprinting, which doesn't violate the 4th Amendment?
Even here, the Kyl bill doesn't limit collections to lawful arrestees, but rather speaks also of those (such as immigrants, or presumably also Guantanamo captives, or as-of-yet-unarrested suspects) who are "detained." The fingerprinting of those 'detained but not (or not yet) arrested' does present a 4th Amendment-violating seizure according to the US Supreme Court. Presumably the same logic would apply to DNA collection.