* Deleted the Perfect 10 v. ccBill and Perfect 10 v. Visa cases. I have been struggling with how to teach the Ninth Circuit's Perfect 10 troika of cases for the last couple of years. The troika was over 100 pages of reading that nevertheless left students befuddled after all that work. But I felt constrained because the troika is the most definitive statement of Ninth Circuit law, and it is insightful to see the cases evolve. Nevertheless, I decided that the Amazon case was the most doctrinally significant, so I kept that and ditched the other 2.

* Added Io v. Veoh. To make up for taking out the Perfect 10 cases, I've added this case, which I think is a very clear exposition of a DMCA online safe harbor case.

* Added Parker v. Yahoo. I think this will be a good case to tie together some copyright doctrinal threads as well as provide a nice compare/contrast with the Ticketmaster v. RMG case.

Trespass to Chattels

* Replaced the Computer Fraud & Abuse Act statute with the most recently amended version.

* Included a slide that synthesizes the various trespass to chattel doctrines into a summary format.

Contracts

* Added the Harris v. Blockbuster case. It's a short case that efficiently makes several powerful pedagogical points--including perhaps most importantly, the perils of robo-drafting by copying language from other people's agreements.

Blogs and Social Networking Sites

* Replaced my old materials on blog law and social networking sites law with my most recent talk on both from February.

* Added my Third Wave of Internet Exceptionalism article

* Added the Moreno v. Hanford Sentinel case as an end-of-the-semester review case. As I said when I first blogged on the case, I think "this is one of the most interesting cases I've seen in a while," and I'm really excited about teaching it. I think it will be an excellent issue-spotting opportunity for students as well as a powerful reminder of the power of published words (and how those words can unintentionally affect the people we love).

Change to the Grading Options

My other big change this year is that I am giving students the option to write a wiki entry on a cyberlaw topic as part of their grade. This was inspired by my forthcoming paper on Wikipedia (which you'll hear more about soon). In connection with that paper, I was researching alternative labor sources that could power Wikipedia, and students working as part of a class assignment was one option I explore in the paper (with some reservations). As part of "eating my own dog food" (a terrible idiom that seems to be prevalent in the Silicon Valley), I figured I should give it a try myself. As you can see, the wiki-drafting is optional, not mandatory, so I'll be interested to see how many students choose the option. I'll also be interested to see what happens when the students actually try to submit their work to Wikipedia. I have a mental image of a massive buzzsaw, but perhaps I'm being too cynical.

Posted by Eric at 09:36 AM | Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Search Engines , Trademark , Trespass to Chattels | TrackBack

August 10, 2009

Nursing Student's Blog Post Doesn't Support Expulsion--Yoder v. University of Louisville

By Eric Goldman

Yoder v. University of Louisville, 2009 WL 2406235 (W.D. Ky. Aug. 3, 2009). Yoder's initial complaint.

Nina Yoder was a University of Louisville nursing student. She posted a blog post to MySpace entitled "How I Witnessed the Miracle of Life” that describes her first-hand observations from a school assignment to go watch a patient-mother giving birth. The blog post now appears to be set to private, but you can see a PDF of it, and the opinion quotes the full text for your reading pleasure. This blog post and the resulting imbroglio sparked a lot of discussion. For more background, see this page with some of the source correspondence (and over 100 comments) and this thread from a nursing students' blog with about 250 comments.

Even if Yoder’s blog post was intended to be tongue-in-cheek, I can see why the blog post was so controversial. As just one example, the blog post repeatedly refers to newborn babies as "creeps." The court does not have kind words to describe the blog post, calling it "vulgar," "distasteful," "offensive," "crass and uncouth," and an "abject failure" as an attempt at humor. My personal take is that the blog post was, at best, ill-advised. I really can't imagine when I would want to work with a nurse who calls my baby a "creep," even if in jest, and (as discussed below) the amount of detail Yoder disclosed about her patient shows a reckless disregard for the confidentiality we expect from medical professionals.

When University of Louisville nursing school administrators discovered the post, they expelled Yoder from the nursing program on the grounds that she violated two contracts: the student honor code and a confidentiality agreement. Given how damaging Yoder's post was to the University's nursing school (after reading it, I suspect few patients would agree to let student nurses observe their treatments), I understand this impulse. However, the administrators’ decision to have two uniformed police officers at the termination meeting (because Yoder had separately blogged about her support of the Second Amendment) and to frisk her for weapons seemed a little over-the-top.

In this ruling, the court reverses the school's expulsion, holding that the school incorrectly interpreted the contracts. The main ruling relates to the contracts' requirement that Yoder not disclose patient confidential information. The defendants allege that the blog post disclosed "the following identifying information about the birth mother: the number of her children; the date that she was in labor; her behaviors; the treatment that she underwent (an epidural); her reaction to labor (vomiting); and the reactions of her family." The court says that none of this information was personally identifiable to the patient or her family because the post "does not disclose the birth mother's name, address, social security number, or the like. It does not disclose her age, race, or ethnicity. The Blog Post does not contain ‘financial’ or ‘employment related information’ about the birth mother. It does not disclose where she was in labor."

Well, the court is correct about the non-identifiable nature of the disclosures if you only consider the four corners of the blog post. No one could use the blog post to identify the mother or her family without relying on additional information. Nevertheless, the court's rationale is completely off-base. I’m confident that any savvy investigator could combine the blog post with other data sources and quickly identify the mom with a high degree of certainty, even if the investigator would rely only on easily obtainable published information. Just knowing the baby’s exact birthdate and limiting the inquiry to the Louisville area immediately limits the pool of possible women to a few hundred. Knowing that the child was the mom's third baby should narrow that restricted pool further. Thus, the court was clearly wrong when it said, categorically, "the Blog Post does not contain information that could possibly lead to the discovery of the birth mother's identity" (italics added). The first person who emails me the correct identity of the patient in question can, as their reward, choose a slinky from my special slinky stash.

As a result, this court's ruling illustrates the false distinction between personally identifiable and non-personally identifiable information. (The same issue arose in the recent Johnson v. Microsoft case declaring that IP addresses are not personally identifiable.) Paul Ohm has an important paper coming out on de-identification that should end this distinction permanently. The ability to combine multiple data sources makes it possible to uniquely identify data subjects even if each individual data source does not enable identification on its own. Especially in light of the healthcare context, this judge was way too charitable to Yoder on this point.

The court also says that Yoder did not violate a "professionalism" requirement in the school’s honor code because the blog post "was not created or used in any professional context." This is analogous to the K-12 school discipline cases (all uncited) where the principal disciplines a student for a blog post made off-campus. Clearly school administrators can reach too far into private conduct when meting out discipline, but again I think the judge is being very charitable here. Yoder was blogging her personal observations about a professional experience she had in a hospital, under confidentiality agreements, while doing her schoolwork. By this reasoning, any post that Yoder wrote in her personal time would not trigger the professionalism code, but given the subject matter of this post, this issue probably warranted more careful treatment.

Having said that, I totally agree with the judge's ultimate conclusion to reinstate Yoder. Although her post raised all kinds of yellow and even red flags about her judgment, the school had a wonderful teaching opportunity to explain/reinforce all kinds of lessons about the professional responsibility of a nurse (like, don't call patients' babies "creeps," even in jest). I think they didn’t capitalize on that opportunity by applying a one-strike rule to Yoder.

An update on Yoder's saga from the Chronicle of Higher Education.

Posted by Eric at 10:12 AM | Content Regulation , Trade Secrets | TrackBack

August 07, 2009

An End to Spam Litigation Factories?--Gordon v. Virtumundo

By Eric Goldman

Gordon v. Virtumundo, Inc., No. 07-35487 (9th Cir. Aug. 6, 2009)

When CAN-SPAM was passed in 2003, it was fairly clear that Congress wasn’t trying to enable broad private enforcement. Everyone knew that rabid anti-spammers would seize any new statutory right for a litigation frenzy. As this court says, "lawmakers were wary of the possibility, if not the likelihood, that the siren song of substantial statutory damages would entice opportunistic plaintiffs to join the fray, which would lead to undesirable results." Although I personally think Congress would better served all of us by omitting all private enforcement rights in CAN-SPAM, unquestionably the private rights in CAN-SPAM are drafted narrowly to prevent their abuses.

That hasn't stopped some zealous anti-spammers from testing the limits of CAN-SPAM's private enforcement remedies anyway. James Gordon has been one of the most active. He is a "professional plaintiff" who has operated a spam "litigation factory" by configuring his technology to try to trap spammers. In effect, he goes out of his way to look for spam. As the court says, “the burdens Gordon complains of are almost exclusively self-imposed and purposefully undertaken."

As it turns out, this business model does not fare well in court. He lost this case in the district court and subsequently was ordered to pay over $100k in legal fees to the defendant under CAN-SPAM's fee-switching provision. On appeal, the Ninth Circuit has even less kind words for him, saying that CAN-SPAM “was enacted to protect individuals and legitimate businesses—not to support a litigation mill for entrepreneurs like Gordon." As a result, the court issues a broad but muddy opinion that shuts down Gordon’s litigation factory and presumably others like his, but has a less clear effect on other CAN-SPAM defendants.

"Internet Access Service"

CAN-SPAM's private enforcement rights only accrue to "Internet access services." This phrase is troublesome in part because it differs from other possible statutory synonyms for online actors like "interactive computer service" (47 USC 230), "online service provider" (DMCA), "electronic communication service" and "remote computer service" (ECPA), etc. This verbiage proliferation raises questions about the scope of governed entities (who’s covered and who isn’t) and why different online actors are being treated differently (if they are). I hope future legislative drafters will recognize the costs of using different terms for online actors.

In CAN-SPAM, Congress defined an “Internet access service” as "a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services." Check out Ethan’s lengthy but irresolute deconstruction of this definition from last year.

Read literally, this definition seemingly covers all Internet services because they allow users to access their "other" services. However, the Ninth Circuit doesn’t think that's what Congress meant, although it’s not sure about the boundaries either. Instead, the Ninth Circuit "decline[s] this opportunity to set forth a general test or define the outer bounds of what it means to be a provider of ‘Internet access service.’" Gee, thanks.

Nevertheless, the Ninth Circuit had no problem saying that Gordon wasn't an Internet access service. I can’t pin down a specific reason why Gordon wasn’t covered while, according to the court, his service providers (Verizon and GoDaddy) might be. Ultimately, I think the court rejects Gordon's transparent efforts to manufacture a claim.

"Adversely Affected"

A CAN-SPAM private litigant also needs to show that it was “adversely affected” by the spam. The court doesn’t offer a single definition of adverse effect, but it does try to draw some boundaries that leave Gordon out.

In general, the court tries to narrow the scope of cognizable harms in two ways. First, the court segregates consumer-related harms from service provider-related harms. I was heartened to see this because better harm delineation was a central point of my (uncited) 2004 article "Where's the Beef? Dissecting Spam's Purported Harms." Back in the earlier part of this decade, anti-spam advocates would routinely lump together a laundry list of gripes about spam in ways that would degrade policy-makers’ ability to target policy responses to the harm. For example, CAN-SPAM suffers heavily from this schizophrenia about the targeted harm. This court makes it clear that consumer-related harms aren’t part of the CAN-SPAM private litigation calculus.

Second, the court tries to distinguish between the fixed and variable costs of spam fighting and implies that the fixed costs should be ignored when calculating adverse effect. The court’s handling of this distinction is hardly deft. It says repeatedly that we have to assume that IAS providers are absorbing some spam costs as part of their normal costs of operation. For example, the court says:

the harm must be of significance to a bona fide IAS provider—something beyond the mere annoyance of spam and greater than the negligible burdens typically borne by an IAS provider in the ordinary course of business. In most cases, evidence of some combination of operational or technical impairments and related financial costs attributable to unwanted commercial e-mail would suffice

And the court says:

We expect a legitimate service provider to secure adequate bandwidth and storage capacity and take reasonable precautions, such as implementing spam filters, as part of its normal operations….network slowdowns, server crashes, increased bandwidth usage, and hardware and software upgrades bear no inherent relationship to spam or spamming practices. On the contrary, we expect these issues to arise as a matter of course and for legitimate reasons as technology, online media, and Internet services continue to advance and develop. Therefore, evidence of what could be routine business concerns and operating costs is not alone sufficient to unlock the treasure trove of the CAN-SPAM Act’s statutory damages.

Reading these quotes, it seems like the court is trying to zero out the fixed costs borne by anyone connected to the Internet, which would then focus the analysis on only those marginal/variable consequences attributable to a specific spam campaign. However, the court does not want to raise the bar that high, at least not for “legitimate” service providers (which the court thinks clearly excludes Gordon). As the court says:

the threshold of standing should not pose a high bar for the legitimate service operations contemplated by Congress. In some civil actions—where, for example, well-recognized ISPs or plainly legitimate Internet access service providers file suit—adequate harm might be presumed because any reasonable person would agree that such entities dedicate considerable resources to and incur significant financial costs in dealing with spam.

So I’m not quite sure what to make of this language. On the one hand, the court’s acknowledgement that complex societies impose some unwanted but unavoidable costs seems to raise the harm bar pretty high for CAN-SPAM plaintiffs. On the other hand, the court is willing to presume harm for “good” plaintiffs. So why won’t the court make such presumptions for Gordon? Mostly because he “came to the nuisance” (my words, not the court). As the court says:

Gordon purposefully refuses to implement spam filters in a typical manner or otherwise make any attempt to block allegedly unwanted spam or exclude such messages from users’ email inboxes...Gordon made no real effort to avoid, block, or delete commercial e-mail, but instead has voluntarily assumed the role of a spam sleuth. He expends time and resources seeking out and capturing massive volumes of spam, which he collects and then organizes for use in his prolific lawsuits. He admits setting up domains as “spam traps” with the sole purpose of snagging as many e-mail marketing messages as possible.

So my reading of this discussion is that the court sets up a bifurcated “adverse effect” analysis. If you’re a commercial email service provider, you presumptively get access to CAN-SPAM’s “treasure trove.” If you’re a spam troll, nuts to you.

Preemption of State Laws

One of CAN-SPAM's main raisons d'etre was to preempt the rapid proliferation of state anti-spam laws in the early part of this decade (especially California's opt-in anti-spam law). I naively assumed that CAN-SPAM's preemption clause would drive states out of the anti-spam regulation business altogether (a separate rant, but I'm not a fan of any state attempts to regulate Internet activity). No such luck. Following CAN-SPAM’s enactment, nearly every state enacted NEW anti-spam laws designed to fit within the preemption exceptions. This renewed activity at the state level has contributed to the anti-spam litigation frenzy, because the plaintiffs can use both state and federal claims to extract settlements and concessions from defendants.

In 2006, in Omega Travel v. Mummagraphics, the Fourth Circuit took a lot of the wind out of plaintiffs' sails by holding that state anti-spam laws survived CAN-SPAM preemption only as applied to fraud or material misrepresentations, not garden-variety errors or immaterial deception. Here, the Ninth Circuit adopts the Mummagraphics standard, which presumably eviscerates several state laws in Ninth Circuit-governed jurisdictions.

Applying the Mummagraphics’ standard to Gordon’s case wipes out his Washington state anti-spam claim. Gordon argued that, although he was not misled or deceived, Virtumundo’s “from line” violated Washington law because it does not clearly identify Virtumundo as the sender. He also argued that to avoid being deceptive, Virtumundo’s email subject lines must have either Virtumundo’s or its client’s name. The court rejects these arguments because "Gordon offers no proof that any headers have been altered to impair a recipient’s ability to identify, locate, or respond to the person who initiated the email. Nor does he present evidence that Virtumundo’s practice is aimed at misleading recipients as to the identity of the sender."

Expect to see more state laws bite the dust in the face of this preemption analysis.

Implications

This case is exceedingly interesting and important because it destroys the arguments of anti-spam plaintiffs trying to manufacture technical violations of CAN-SPAM for their profit. Not only does the opinion send an unmistakable message to the lower courts to toss these plaintiffs out on their keister, but it sends the harsh message that these plaintiffs ought to rethink their legal hubris. As the court says, “As should be apparent here, ‘the law’ that Gordon purportedly enforces relates more to his subjective view of what the law ought to be, and differs substantially from the law itself.” Ouch. The court has apparently just invalidated the fantastic laws that some anti-spam plaintiffs dream up in their heads.

This case is also important because it puts state anti-spam laws even more clearly on the ropes. It has been an impressive but pathetic display of futility watching the states trip over themselves trying to show that they are tough on spam when their efforts are all irrelevant in light of the Fourth Circuit's and now Ninth Circuit's interpretations of CAN-SPAM. Fortunately (?), most of the states have moved on to being tough on cyberbullying instead of beating up on spammers.

It is less clear to me if the court’s discussion about “Internet access services” and “adverse effect” will have broader import on private CAN-SPAM litigation. The court deliberately sidestepped definitive interpretations of both terms, so I expect the interpretive slate is mostly clean outside of the spam litigation factories.

One final point. Spam remains actively litigated in the courts and the subject of some policy discussion, but do you still fret about the spam you receive personally? I get the sense that this panel was not that impressed with Gordon’s efforts in part because spam isn’t as big a deal for the judges as it used to be. Certainly that’s true in my case. I get about 100 spams a day, 90+% of which Gmail appropriately filters into my spam folder (with very few misclassifications of legit email as spam). As a result, it takes me just a minute or two a day to burn through the spam accruals. Not surprisingly, at least for me, good spam filters have solved the problem much better than any legislative intervention.

I understand that spam is a bigger issue for email service providers, especially now that more than 100% of all emails are spam (according to the ridiculously overhyped stats put out by vendors of anti-spam solutions). CAN-SPAM partially offers a solution to these individuals, along with other doctrines like the Computer Fraud & Abuse Act and possibly the common law trespass to chattels doctrine. However, at this point, so much of the anti-spam battle has to be fought technologically, not in the courts, due to the sheer volume and dispersed nature of the putative defendants. As a result, it doesn’t really seem to matter to the overall quantum of spam in our society if courts read CAN-SPAM broadly or narrowly.

Other comments on this case:
* Venkat
* Jeff Neuburger

UPDATE: Ken Magill reports on how Gordon has lost his house belongings due to his persistence.

Posted by Eric at 12:40 PM | Internet History , Marketing , Spam | TrackBack

August 06, 2009

State of the Net West Recap

By Eric Goldman

Yesterday, the High Tech Law Institute and the Advisory Committee to the Congressional Internet Caucus co-sponsored the Third Annual State of the Net West event at Santa Clara University. The featured participants were 3 members of Congress (Boucher, Goodlatte and Lofgren) and the White House CTO Aneesh Chopra, supplemented by 8 distinguished discussants. In a jam-packed morning, we covered a lot of interesting and important ground on broadband, privacy, antitrust, immigration and open government. This blog post recaps some highlights from the discussion.

Boucher on Broadband

Rep. Boucher emphasized the importance of broadband availability to economic activity and expressed concern that the US wasn't keeping up with broadband deployment (he said, "we can do better"). He offered three policy proposals for ways the federal government could help:

* revise the Universal Service Fund to allow dollars to be spent on broadband deployment; and require USF fund recipients 5 years from now to be offering broadband or be cut off from USF
* federally preempt state laws prohibiting municipal broadband offerings (which about 25 states have)
* get the FCC to develop a broadband deployment plan

He expressed disappointment with the guidelines that NTIA and the Department of Agriculture have adopted to give away the $7.2B broadband fund that was part of the stimulus package. It appears he will be encouraging both entities to rethink their guidelines.

My colleague Al Hammond was the broadband discussant. Al made a number of good points, including noting that broadband deployment is both a rural and low-income issue (Boucher appeared to be focusing more on the former) and raising concerns about municipalities not playing fair and the FCC overcounting actual broadband availability.

Boucher on Privacy

Rep. Boucher also gave a preview of the privacy bill he is planning to introduce next month. He started off by saying he likes ad targeting, especially first party targeting (he said he buys items based on customized recommendations). So he wants to encourage "appropriate" ad targeting, not eliminate it. His bill is expected to contain the following elements:

* websites collecting data will be required to post a prominent privacy policy
* users can opt-out of first party targeted ads. This also includes data sharing necessary to enable first party ads
* websites that want to share data with unaffiliated third parties will need opt-in. However, behavioral ad networks can proceed on an opt-out basis if they allow users to see and edit their behavioral profile, except for sensitive information categories that would always be opt-in
* both the FTC and state AGs would have enforcement authority

To the extent that the mandatory privacy policy and opt-out options codifies existing industry practices, this proposal generally seems benign but not worth the effort--the costs of the inevitably poor statutory drafting outweighs any benefit we might get from regulatory codification. Requiring opt-in would likely eliminate third party behavioral ad networks, which (as I've discussed before) is more likely to be a detriment than a win.

I was especially intrigued by the proposal that behavioral networks can flip from opt-in to opt-out by letting users access a user profile. I need to see more details about Boucher's thinking, but doesn't this superficially sound crazy? The most obvious problem is authentication of the user before seeing his or her profile. How would this be done? The networks usually don't know the identity of the specific individuals they are profiling, so they can't authenticate identity. And just tying profile access privileges to a cookie or machine sounds like a recipe for disaster for all shared computers. Plus, a web interface seems to increase the security risks that the bad guys can see profiles they shouldn't be able to see. On first blush, it sounds like this part of Boucher's proposal may need a complete rewrite, with unknown consequences for the entire structure of his proposal.

Mike Hintze of Microsoft was the privacy discussant. He espoused Microsoft's standard line that there should be a comprehensive privacy law.

In the Q&A, Boucher appeared willing to consider concurrent privacy enforcement authority by self-regulatory organizations, so long as they enforced the law's minimum requirements. But any self-regulatory effort wasn't a substitute for other aspects of his bill.

Lofgren on Antitrust

Rep. Lofgren said that if the Bush administration did too little on antitrust enforcement, the Judiciary committee is now concerned that Obama and Varney will do too much. Lofgren is particularly focused on the chilling effects of the mere threat of antitrust scrutiny, not just the actual successful prosecution in court of cases. Thus, an "informal" DOJ expression of interest can deter innovative activity by high tech companies.

She also expressed skepticism that antitrust laws remain effective at protecting technology markets, which are marked by fast innovation and low barriers to entry. (I believe her exact words were "traditional antitrust measures of marketplace behavior might no longer work.") At minimum, any technology-related antitrust enforcement actions should be focused on improving innovation rather than trying to manage current marketplace prices.

Finally, she said that copyright restrictions should be considered in antitrust inquiries. Mike Masnick has more to say on this.

Michael Katz of UC Berkeley was the most colorful respondent. He shared Lofgren's concern that antitrust law may be counterproductively squelching innovation, especially when companies try to capture antitrust enforcers to hassle competitors. He had especially harsh words for the FCC, calling it much less disciplined than the DOJ and observing how the FCC can blackmail companies using its leverage. He also complained that the FCC's review of mergers takes too long, and as an example of their lack of discipline, the FCC will impose merger conditions that have nothing to do with the merger.

Tim Bresnahan of Stanford and my colleague Cathy Sandoval were the other respondents.

At the end of her talk, Lofgren praised the Google Book Search settlement, saying that in some ways it lowers barriers to entry. She also said she was grateful that Google appears to have found a back-door way to liberate orphan works given that she wasn't able to pass an orphan works bill. I'm all in favor of orphan works reform, but a class action settlement seems like a weird way to get there.

Chopra on Open Government

Aneesh Chopra is the new White House CTO, a role that never existed before, which puts Chopra at Obama's elbow on all technology issues. This was Chopra's first Silicon Valley trip since he undertook his new role. His first talk was on Tuesday night at a Churchill Club event; we were his second. Lots of people were very interested in learning more about him. He was the big draw for the press, and we got an unprecedented number of walks-in based in part (we think) on his talk. He was also mobbed before and after his talk--everyone seemed to want a piece of his attention (then again, I'd love to have a chance to kick some stuff around with him one-on-one myself!).

It's easy to see why Chopra sparks such curiosity. My impressions were that he was genuinely affable, smooth without being slick, substantive without being bookish, a big fan of crowdsourcing and an even bigger fan of assessment and measurement of outcomes.

He started off by discussing the importance of technology and how the US's rate of technological performance is lagging against other countries. He then identified three ways to "turn the ship around":

1. invest in innovation building blocks, such as a smart/secure infrastructure, more R&D and improved workforce expertise
2. healthcare reform, especially improvements to the information technology side of healthcare delivery
3. an improved education system, including distance learning and more emphasis on lifelong learning

He then discussed open government issues and gave examples of ways technology can facilitate participatory governance.

Goodlatte and Discussants on Immigration

Rep. Goodlatte laid out the Republican's high tech agenda, which includes:
* skilled workforce, including immigration reform
* patent reform
* trade issues
* taxation, including efforts to define when activity in a state triggers tax obligations
* net neutrality (don't regulate but improve antitrust enforcement)
* privacy (opt-out except for sensitive information)

The panel then drilled down on immigration reform. I was really excited to have this panel because workforce issues are so central to the Silicon Valley's "secret sauce" and yet I couldn't recall a time that the HTLI had sponsored a discussion about them. Obviously immigration issues are age-old and are well-trodden, but I nevertheless found the discussion helpful--with the one caveat that everyone on the panel agreed with everyone else, so there was a lot of preaching to the choir. I learned an interesting factoid that both Reps. Goodlatte and Lofgren were formerly immigration attorneys, so they have some front-line domain expertise in this area.

First discussant was AnnaLee Saxenian of UC Berkeley. She talked about how skilled immigrants have fueled innovation in this country. She gave a number of stats in support of this, including that a majority of Silicon Valley engineers are foreign-born, and a high percentage of technology entrepreneurs and patent applicants are foreign-born individuals. She also noted that foreign-born skilled works create net new jobs and also help build better ties to their home country.

We benefit from the best and the brightest from around the world, who come to the US because of our higher education system and historically have chosen to stay. However, she is concerned about this retention because of bureaucratic barriers. She is also concerned that companies, frustrated by their lack of access to development talent, will offshore their R&D.

Finally, she pointed out that immigration discussions kludge together the issues of skilled and low-skilled workers, even though their issues are very different.

Keith Wolfe of Google reinforced many of AnnaLee's points from Google's specific experiences.

My colleague Deep Gulasekaram was the last discussant. He pointed out that free marketplaces may require free movement of labor, which isn't consistent with our current immigration policy. He raised concerns about state and local anti-immigration policies and the negative consequences of tying foreign workers to specific jobs (by linking their visa to the job).

Rep. Lofgren added a few remarks:
* Obama told her that it's time for comprehensive immigration reform. [This led to a polite back-and-forth between Lofgren, who favors comprehensive reform, and Goodlatte, who would settle for piecemeal immigration reform]
* Immigration reform is not a substitute for educating the US workforce
* We should give permanence to people we want to keep (i.e., not keep them on some treadmill with the possibility of a forced exit, which prevents their long-term life planning)
* We need to address the family of skilled immigrants, not just the immigrants themselves

More Coverage of the Event

* ABC 7 News
* KCBS radio
* Zusha Ellison of the Recorder
* Joyce Cutler of BNA (BNA subscription required)
* Mike Masnick
* Joel West
* Colette Vogele
* Warren's Washington Internet Daily also ran a story (not web-linkable) "Boucher Promises Online Privacy Bill Draft Soon"
* The extensive Twitter discussion at hashtag #sotnw. Twitterers included @ipolicy, @caminick, @persistance, @miss_eli, @techpolicygirl, @cathygellis, @mmasnick, @nextgenweb, @marianmerritt, @larrymagid, @christinela, @mblatkin, @seangarrettnow, @vogelelaw (who didn't always use the hashtag--we will try to publish a standardized hashtag at future events). Whew! Apologies if I missed anyone. I can't recall seeing more Twitterers in an audience--everyone seemed to have their Twitter page up constantly. As usual, I didn't turn on my computer at the conference (I take notes by hand and blog them later), so my comments seem woefully out-of-date already!

We plan to post the event audio soon so you can listen for yourself. I'll announce the audio posting at my Twitter account when it's live.

UPDATE: Audio now available: Download (item 27) or Stream

Posted by Eric at 10:54 AM | Adware/Spyware , Copyright , E-Commerce , General , Internet History , Marketing , Patents , Privacy/Security | TrackBack

August 04, 2009

Wikipedia and Rules Proliferation

By Eric Goldman

I have previously mentioned how rule sets tend to expand over time. We've seen this with legislation; for example, consider how the Copyright Act has grown over time. Personally, I've seen code expansion over and over again in the context of negative behavioral restrictions in user-to-user communities. A 2008 article by Brian Butler, Elisabeth Joyce and Jacqueline Pike entitled "Don’t Look Now, But We’ve Created a Bureaucracy: The Nature and Roles of Policies and Rules in Wikipedia" provided yet another dramatic example of this phenomenon in the Wikipedia context. They write:
___________

One useful measure of increased complexity is the change in lengths in terms of word count alone of the policies from the first version to most current. All policies studied grew enormously.

• Copyrights: 341 words => 3200 words: 938%
• What Wikipedia is not: 541 words => 5031 words: 929%
• Civility: 1741 words => 2131 words: 124%
• Consensus: 132 words => 2054 words: 1557%
• Deletion: 405 words => 2349 words: 580%
• Ignore all rules: exceptional case

The first version of the Ignore all rules policy is only 23 words long, stating, “If rules make you nervous and depressed, and not desirous of participating in the Wiki, then ignore them and go about your business” [45]. The current version is actually shorter, only 16 words, and says, “If a rule prevents you from working with others to improve or maintain Wikipedia, ignore it” [45]. However, as suggested earlier in this paper, while the actual wording of this policy declined 69% and it appears on the surface to be the least bureaucratic of the policies, the supplemental page directly linked to this policy contains 579 words, indicating that the policy swelled over 3600% [45].
___________

There are some obvious detrimental consequences of this expansion. First, it facilitates wikilawyering. As the rules get more complicated, there are more ambiguities to debate and potentially more contradictory rules. Second, it becomes a bigger barrier to entry for newcomers or casual users; either they must try to master a greater and more complex rule set, or they are more likely to transgress and have their contributions reversed.

Posted by Eric at 10:35 AM | Internet History , Licensing/Contracts | TrackBack

August 03, 2009

Google Goes on Offensive in AdWords Trademark Lawsuit--Google v. John Beck Amazing Profits

By Eric Goldman

Google, Inc v. John Beck Amazing Profits, LLC, C09 03459 (N.D. Cal. complaint filed July 27, 2009). [Warning: 1.4MB file] The Justia page.

A couple of interesting developments in John Beck Amazing Profits v. Google, the putative nationwide trademark owner class action lawsuit against Google over AdWords.

First, as of last week, the plaintiff had not served the complaint on Google even though it's been on file for over 2 months. I'm not sure what's the hold-up, but in my limited experience, delays in serving an already-filed complaint are often a leading indicator of a troubled lawsuit.

Second, last week Google sued the individual named plaintiff in that case, John Beck Amazing Profits, for both a declaratory judgment that AdWords doesn't infringe plus a breach of contract claim that the lawsuit filing breached the AdWords contract provision requiring any AdWords-related lawsuit to be brought in California. Going on the offensive against a plaintiff is characteristic of Google's litigation strategy; Google often tries to turn the tables on its litigation opponents. In this case, a major goal for Google surely is to get the case out of the Eastern District of Texas, which has been a dangerous venue for patent defendants.

Although the declaratory judgment and counterclaim is consistent with Google’s standard practices, in this case Google is ripping a page out of Yahoo's playbook in its litigation with American Airlines. American Airlines sued Yahoo over selling trademarked keywords in a Texas federal court; Yahoo shot back with a in a California federal court to try to get the case in a more favorable venue. The “dueling lawsuits” have led to an ongoing jurisdictional tussle that has slowed down progress on the substantive merits of American Airlines' claim.

As I wrote in connection with Yahoo's efforts, it was not clear to me that a defendant can wrest jurisdictional control of a case through the declaratory judgment process. In Google's situation, it's even more complicated because John Beck Amazing Profits is just the named plaintiff in a class action lawsuit. The plaintiffs could easily replace John Beck Amazing Profits with another named plaintiff who isn't an AdWords advertiser and isn't subject to California jurisdiction. At that point, I'm not sure what happens to the class action. (And, even if Google succeeds in moving the nationwide case, it should have no bearing on the Firepond putative class action lawsuit, which only covers a class of Texas trademark owners). Moreover, even if Google wins the declaratory judgment, it would have no binding effect on other class members.

So other than a not-certain-to-work ploy to pull the nationwide class action out of a bad venue, the only other benefit I see from the litigation is to send a warning shot to any named plaintiff who might succeed John Beck Amazing Profits that Google will be coming after them too. Let's see how that message is received.

The current roster of pending AdWords cases:

* Ezzo v. Google
* Rescuecom v. Google
* FPX v. Google
* John Beck Amazing Profits v. Google and now Google v. John Beck Amazing Profits
* Stratton Faxon v. Google (not initially a trademark case)
* Soaring Helmet v. Bill Me
* Ascentive v. Google
* Jurin v. Google
* Rosetta Stone v. Google

Posted by Eric at 03:51 PM | Derivative Liability , Licensing/Contracts , Search Engines , Trademark | TrackBack