December 31, 2009
512(f) Claim Dismissed on Jurisdictional Grounds--Project DoD v. Federici
By Eric Goldman
Project DOD, Inc. v. Federici, 2009 WL 4910320 (D. Me. Dec. 13, 2009)
17 USC 512(f) creates a cause of action for sending bogus copyright takedown notices. In a regulatory environment where service providers have itchy trigger fingers, it is crucial to suppress bogus takedown notices or the entire notice-and-takedown scheme becomes easily corrupted. Unfortunately, 512(f) cases have not fared well in the courts, and this one fails (at least temporarily) on procedural grounds. Nevertheless, the case illustrates the challenges faced by service providers dealing with copyright owners who freak out.
[The facts recited by the court are based on the complaint, so they have yet to be contested] The websites at issue are www.advocatesforchildrenintherapy.org and www.childrenintherapy.org run by ACT, both of which are critical of defendant's method of providing psychology services. The plaintiff Project DoD, a non-profit organization which offers "censorship-free hosting" and caters to "the Internet's rejects," hosts the two websites. The defendant sent an incomplete takedown notice, which the plaintiff initially honored but then vacillated. The defendant submitted another takedown notice satisfactory to the plaintiff. The plaintiff sent the notice to ACT, who submitted a counternotification. After the statutory waiting period, the plaintiff restored the two websites.
So far, this looks like a typical notice-and-takedown interaction. Then, the court's recitation of the complaint suggests the situation went off the rails. The plaintiff alleges that the "defendant and others engaged in a course of harassing communications with the plaintiff." Allegedly, at least 6 other individuals--all of whom practice the same psychological methods--sent takedown notices to the plaintiff as well, each of which caused the plaintiff to take down the sites until it received ACT's counternotice and waited the statutory waiting period, at which point they were restored. The defendant also allegedly sent a takedown notice to the plaintiff's upstream connectivity provider, which allegedly has prompted that vendor to contemplate cutting off service to the plaintiff and, by necessity, all of the plaintiff's others customers.
Two other points: the plaintiff takes the position that ACT is engaged in fair use commentary of the defendant's copyrighted works (allegedly necessary to critique the defendant's psychological methods), and there is no mention that the defendant or anyone else has brought a copyright infringement lawsuit against ACT.
The court dismisses the plaintiff's 512(f) claim on jurisdictional grounds, citing the rule that sending a C&D letter does not create jurisdiction in the recipient's home court. That rule makes sense, but it seems inapplicable to the plaintiff's allegations. This lawsuit is not merely about the takedown notices sent to the plaintiff; it is about the alleged harassment campaign designed to kick ACT and its web host off the Internet. Such a harassment campaign should easily qualify under the Calder v. Jones "Effects Test" of expressly targeting harms towards the victim. For this reason, I think the jurisdictional dismissal is a bad ruling.
The court also seemed to misunderstand the point of 512(c)(3) notices because the court says they targeted ACT, not Project DoD as ACT's host. Although the notices superficially target user-supplied content, the notices work mainly because they remove 512's protective shield from the service provider--thus leaving the service provider exposed to becoming a copyright infringement defendant along with the targeted user. Every 512(c)(3) notice is an implicit threat to sue the service provider; the threat need not be made explicitly because every service provider automatically internalizes this threat.
More generally, this case provides a glimpse into some of the anarchy created by 512's notice-and-takedown scheme. The system generally works OK for "mainstream" cases involving commercial copyright owners and commercial service providers (except when copyright owners want more than 512 provides, which leads to the multi-year Viacom v. YouTube litigation). However, 512's balance can break down when applied to other types of disputes, such as this one involving an independent copyright owner going up against an ideologically motivated web host. In those non-mainstream cases, 512(c)(3) notices can (and often are) used to advance goals having nothing to do with protecting copyright interests.
UPDATE: Chris Mooney of Project DoD provides a useful recap of the dispute and the litigation, along with links to source materials.
December 30, 2009
Torrent Sites Induce Infringement and Lose DMCA Safe Harbor--Columbia v. Fung
By Eric Goldman
Columbia Pictures Industries, Inc., v. Fung, 2:06-cv-05578-SVW-JC (C.D. Cal. Dec. 21, 2009)
In a potentially significant ruling that got a little lost in the Christmas rush, a federal district court ruled on summary judgment that the “torrent site” Isohunt and related websites induced copyright infringement and were not eligible for the online safe harbors in 17 USC 512. This is one of only a few cases finding copyright inducement post-Grokster, and I believe it is the first to say that an inducement finding categorically eliminates any possible 512 safe harbor. While the loss of Isohunt from the marketplace may not be a big deal, it remains unclear if other, more "legitimate" websites will believe the court's analysis also applies to them. If they do, this case could potentially affect the entire UGC industry.
Fung runs several "torrent" websites, including Isohunt, Torrentbox, Podtropolis and ed2k-it, that facilitate file downloads using BitTorrent (except ed2k-it, which uses eDonkey). As I see it, BitTorrent is the fourth wave of online file sharing:
* the first wave was websites that hosted files themselves
* the second wave was Napster, where the file hosting was decentralized but the operator kept a centrally maintained index
* the third wave was Grokster, Streamcast and their ilk, where both the hosting and indexing was decentralized
* BitTorrent is the fourth wave, where not just the file hosting is decentralized, but also the file serving--in that multiple individual users might contribute to serving a file, not any one single user.
The websites provided a variety of navigational metadata to users, including category tags like “Top Searches,” “Top 20 Movies,” “Top 20 TV Shows,” “Box Office Movies,” “High Quality DVD Rips” and “TV Show Releases,” and the Isohunt website's home page published the list of top 20 films to encourage their uploading. All of these category tags were filled with infringing files, and the plaintiffs introduced a survey claiming that 95% of downloads were infringing. (The court says "the precise percentage of infringement is irrelevant: the evidence clearly shows that Defendants’ users infringed on a significant scale"). The website also included the term "warez" in the metatags.
[An aside: PLEASE PLEASE PLEASE, DON’T USE KEYWORD METATAGS EVER FOR ANYTHING. Google ignores them but judges still think keyword metatags mean something, and at least one technical "expert" (of questionable competence) is erroneously claiming that Google does index them.]
The court also points out Fung’s ill-advised statements, such as a statement that "copyright infringement when it occurs may not necessarily be stealing" and a public acknowledgement that the availability of an infringing file increased traffic. Fung also allegedly provided technical support to users trying to download infringing files and downloaded infringing files himself through the sites. I had thought that most website operators had learned from the Grokster opinion not to say and do such things, but maybe Fung didn't get the memo.
We have long wondered how the Grokster opinion would apply to torrent sites. 4 1/2 years ago, right after the Grokster case came out, guest blogger Mark Schultz predicted that the Grokster ruling meant that "Some services that use BitTorrent to promote infringing file sharing for commercial gain, like the now defunct Suprnova.org, are most likely in trouble." It's taken a while to prove him right, but I think he nailed it.
Doctrinally, the court says that inducement is a distinct prong of contributory copyright liability. As a result, the court doesn't talk about the traditional contributory or vicarious infringement tests because 'Defendants’ inducement liability is overwhelmingly clear."
The Legal Standard
The court initially defines inducement as when "the defendant has undertaken purposeful acts aimed at assisting and encouraging others to infringe copyright." Contrast the precise holding of the Grokster Supreme Court opinion, which said that inducement occurs when a defendant "distribute[s] a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement." It's unclear why the court offered its own broader definition of inducement; the court later quotes the Grokster language and explores it in some detail. I believe this court's definition is impermissibly broader than the Supreme Court's standard. At minimum, I expect future courts will adhere to the exact words of the governing Supreme Court precedent, especially when completely bypassing the venerable contributory infringement test.
The court starts by determining if website users directly infringe. In FN 18, the court says downloading a file via BitTorrent counts as copyright infringement; "To conclude otherwise would be to elevate form over substance." Fung argued that many website users were located outside the US, so their infringements shouldn't count. I'm not sure about this defense strategy. It wasn't a jurisdictional attack (there were US servers), and even the defense acknowledged (FN 17) that at least a quarter of site users were from the US. The court concludes "Plaintiffs’ evidence conclusively establishes that individuals located in the United States have used Fung’s sites to download copies of copyrighted works," and I don't see how the defendants expected they could establish otherwise.
Having found direct infringers, the court cites the following four factors as evidence that the websites induced their infringement:
1) the websites "disseminated a message 'designed to stimulate others' to commit infringements." Supporting facts include Fung’s website statements encouraging/assisting infringement, Fung’s personal campaign to encourage infringement, the “warez” metatags, and various forms of metadata on the website, including honors bestowed on frequent uploading users and taxonomical categories like “Box Office Movie.” With respect to the taxonomical metadata, the court says "Defendants designed the websites and included a feature that collects users’ most commonly searched-for titles. The fact that these lists almost exclusively contained copyrighted works…and that Defendants never removed these lists is probative of Defendants’ knowledge of ongoing infringement and failure to stop this infringement."
2) "directly assisted users in engaging in infringement," such as technical support for users trying to find or enjoy copyrighted works.
The court also attributes the statements of site admins and moderators to the defendants, such as the admins’ technical support to people looking for or downloading copyrighted works. This part of the opinion was especially troublesome. Generally, UGC site moderators are unquestionably independent contractors, not agents, so the website isn't automatically liable for their statements and actions. Here, the court finds an "apparent agency" relationship between the admins and moderators because "Defendants assign this status and give these individuals authority to moderate the forums and user discussions. These individuals were under the control of Defendants and assigned duties related to the administration of the web forums." I believe this is a bad ruling, both normatively and doctrinally (see contrary discussion in, e.g., the Furber and Higher Balance cases in the 230 context). I could see UGC sites deciding to crack down or even eliminate non-employee moderators based on the agency exposure suggested by this opinion.
The court also rejects the defendants’ silly and facially futile First Amendment challenge to the use of the defendants' and moderators' statements as evidence of inducement.
3) the websites’ technical configuration, including the facilitation of BitTorrent downloads and categorization of downloads using "screener" and "PPV" (an acronym for "pay per view") tags, both of which are likely to categorize likely-to-infringe files. Fung also spidered other sites, such as Pirate Bay, to locate more torrent downloads.
4) the websites’ advertising business model where copyrighted works acted as a traffic draw.
The court brusquely rejects the defendants’ argument that infringing activity wasn't taking place on the sites, citing the language from Aimster that "Defendants’ 'ostrich-like refusal to discover the extent to which its system was being used to infringe copyright is merely another piece of evidence' of Defendants’ purposeful, culpable conduct in inducing third party infringement."
The 512 Safe Harbor
Fung's websites link to the actual BitTorrent files, so 512(d) (the DMCA safe harbor for linking to infringing works) theoretically applies. However, this court acknowledges the statutory ambiguity of whether the DMCA 512(c) and (d) safe harbor insulate all three flavors of copyright liability (direct, contributory or vicarious) or just direct infringement. You may recall the recent UMG v. Veoh case indicated that vicarious copyright infringement differed from the safe harbor exclusions, even though both tests use identical words--meaning that the safe harbor had the theoretical capacity to insulate vicarious infringement.
This court starts off with an alternative statutory interpretation:
In many ways, the Digital Millennium Copyright Act is simply a restatement of the legal standards establishing secondary copyright infringement - in many cases, if a defendant is liable for secondary infringement, the defendant is not entitled to Digital Millennium Copyright Act immunity; if a defendant is not liable for secondary infringement, the defendant is entitled to Digital Millennium Copyright Act immunity.
While the court had some weasel words in that statement, it's clear this court thinks the DMCA online safe harbors only insulate against direct infringement, not secondary infringement. The interplay between the safe harbors and secondary infringement remains a multi-billion statutory ambiguity (see, e.g., the Viacom v. YouTube litigation).
As applied to this case, the court proceeded to say that the defendants had the requisite red flags of obvious infringement (or at least turned a willful blind eye to them) to disqualify them from 512 protection. This is a realpolitik conclusion: the court says the websites got 10M visitors a month, at least 25% from the US, who could access files that were 90-95% infringing. Like the Grokster court, the judge couldn't ignore this overall volume of infringing activity, and it says that neither could Fung. The fact that the websites presented metadata about popular downloads only exacerbated the problem. As the court says, "unless Defendants somehow refused to look at their own webpages, they invariably would have been known that (1) infringing material was likely to be available and (2) most of Defendants’ users were searching for and downloading infringing material."
The court concluded by saying that "the statutory safe harbors are based on passive good faith conduct aimed at operating a legitimate internet business," so “inducement liability and the Digital Millennium Copyright Act safe harbors are inherently contradictory.” Thus, the DMCA safe harbors were categorically unavailable to the defense once the court concluded that they had induced infringement.
Although this bright line rule, starkly stated, makes me nervous, it is implicitly consistent with Grokster. After all, the Supreme Court didn't even mention 512 in its Grokster opinion. One way of interpreting that omission is that, as this court says, 512 is irrelevant when inducement applies. Fortunately, this situation may not arise very often given the relative paucity of inducement cases.
Wired indicates that Fung is mulling an appeal. The opinion does have some goofy quirks, but the Napster precedent might constrain the Ninth Circuit’s doctrinal flexibility. In the end, this looks like one of those cases where the defendants are going down one way or another.
For now, one way to read this case, especially in the context of Napster, Aimster, Grokster and the other P2P file sharing cases, is that courts don't really care how file sharing technology works under the hood. It doesn't matter much if the files are hosted or served centrally or not; they are all legally indistinguishable. Indeed, the court acknowledges as much in FN4, when it says that the ed2k-it website used eDonkey instead of BitTorrent but "'the basic elements of eDonkey and BitTorrent technology play similar roles,' and that the minor technical distinctions are not material to the present dispute."
Consistent with this reading, courts might assume that all P2P file sharing technology is illegitimate under the hood, which shifts the judicial inquiry to the "front end"--how did the defendant’s user interface help users navigate this presumptively illegitimate activity? Viewed that way, this is not a case about the legitimacy of BitTorrent as a technology. Instead, this case is about the legitimacy of a torrent site's marketing and customer relations. Fung's activities didn't pass muster here.
Like the Roommates.com case, this case raises some troublesome issues about the legal consequences of websites providing organizing and taxonomical metadata, such as providing lists of top downloads. This case makes all inferences against the website operators for organizing user activity into metadata when such organization may help highlight infringing activity. I fear that taxonomical metadata is becoming litigation bait--plaintiffs and judges will look there for problems, so website operators may need to beat them to the punch with proactive policing.
The discussion about moderators being agents is also troublesome. I hope other courts will be reluctant to follow this court's results-driven finding of agency. Otherwise, UGC websites should take a careful look at the cost-benefits of their existing moderator programs.
Overall, I believe this opinion reflects an ongoing strain of P2P doctrinal exceptionalism. I can rationalize the Napster ruling (and the many cases trying to follow in its footsteps) only by concluding that P2P copyright law irreconcilably deviates from mainstream copyright law. We have P2P copyright law on the one hand, and mainstream copyright law on the other, and it simply isn’t possible to harmonize them. If I’m right that there exists a branch of copyright law for P2P cases, this case is consistent with a results-driven decision where the court pre-determined that the defendants’ activities was illegitimate and needed to be stopped. Viewed that way, this case does not teach us much about non-P2P copyright law or about how "legitimate" websites should manage their affairs. Instead, I believe Veoh’s successful defenses--including Veoh’s proactive steps to suppress infringing activity--provide more insightful actionable lessons than the strictures of this case.
December 29, 2009
Consumer Review Website Wins 230 Dismissal in Fourth Circuit--Nemet Chevrolet v. ConsumerAffairs.com
By Eric Goldman
Nemet Chevrolet Ltd. v. ConsumerAffairs.com, Inc., 2009 WL 5126224 (4th Cir. Dec. 29, 2009)
Citing 47 USC 230, today the Fourth Circuit upheld a 12(b)(6) dismissal of defamation and related claims against a consumer review website. This case is noteworthy because the court rejected some common allegations that plaintiffs make to evade 230, so this case may help defendants get 12(b)(6) motions to dismiss more easily.
ConsumerAffairs.com is a consumer review website with a twist: it works in conjunction with a law firm that mines the submitted complaints for potential class action lawsuits. In June 2008, I blogged about the district court's 12(b)(6) dismissal of the case.
Development of the Reviews
Nemet tried two tactics in its complaint to draft around 230. First, it alleged that ConsumerAffairs.com partially developed 20 reviews. Nemet pled:
Upon information and belief, Defendant participated in the preparation of this complaint by soliciting the complaint, steering the complaint into a specific category designed to attract attention by consumer class action lawyers, contacting the consumer to ask questions about the complaint and to help her draft or revise her complaint, and promising the consumer that she could obtain some financial recovery by joining a class action lawsuit. Defendant is therefore responsible, in whole or in part, for developing the substance and content of the false complaint . . . about the Plaintiffs.
These allegations do not survive a 12(b)(6) motion to dismiss.
* the website "structure and design" argument fails, despite Nemet's attempt to invoke Roommates.com, because ConsumerAffairs’ structure was not illegal. To me, the court's discussion reinforces that Roommates.com’ real holding is “If you don’t encourage illegal content, or design your website to require users to input illegal content, you will be immune.” Chalk this case up as yet another citation of Roommates.com for the defense.
* Asking users questions about their posts does not qualify as development.
* The unsupported assertion that ConsumerAffairs edited posts did not pass the Iqbal standard. Plus, as Zeran indicated, 230 protects editorial decisions, so the allegations needed to assert some editing beyond this protected zone.
Second, Nemet alleged that ConsumerAffairs fabricated 8 reviews. Nemet pled:
Because Plaintiffs cannot confirm that the [customer] complaint . . . was even created by a Nemet Motors Customer based on the date, model of car, and first name, Plaintiffs believe that the complaint. . . was fabricated by the Defendant for the purpose of attracting other consumer complaints. By authoring the complaint . . . the Defendant was therefore responsible for the substance and content of the complaint.
This allegation has an obvious (and IMO embarrassing) logic flaw. Even if Nemet can't use its records to validate the facts in a consumer review, ConsumerAffairs.com’s fabrication of the post is only one of many possible explanations. The court notes some other possible explanations: "the post could be anonymous, falsified by the consumer, or simply missed by Nemet." (I would also add the possibility of weak recordkeeping by Nemet). To try to get around this logical deficiency, Nemet marshals up some additional allegations:
(1) that Nemet has an excellent professional reputation, (2) none of the consumer complaints at issue have been reported to or acted upon by the New York City Department of Consumer Affairs, (3) Consumeraffairs.com’s sole source of income is advertising and this advertising is tied to its webpage content, and (4) some of the posts on Consumeraffairs.com’s website appeared online after their listed creation date
But all of these facts are non-sequiturs; none of them show that ConsumerAffairs fabricated the posts, and post-Iqbal these allegations are not enough to state a claim. The dissent disagreed with this conclusion (about the alleged fabrication) and would have allowed those claims to proceed.
230 as an Immunity Redux
In FN 4, the court notes that the Seventh Circuit questioned if 230(c)(1) was just a definitional section. Citing Zeran, which addressed this issue explicitly, the court says "Of whatever academic interest that distinction may be, our Circuit clearly views the § 230 provision as an immunity:" As a result, the court "aim[s] to resolve the question of § 230 immunity at the earliest possible stage of the case because that immunity protects websites not only from 'ultimate liability,' but also from 'having to fight costly and protracted legal battles.'" It looks like there could be a brewing catfight between circuits over whether 230(c)(1) is an immunity, an affirmative defense, a definitional section or something else.
Given that this court was bound by the Zeran precedent, it's perhaps not surprising that the court found 230 protection for a consumer review website. Nevertheless, by rejecting another plaintiff’s attempt to make hay from Roommates.com and rejecting weakly supported allegations of fabrication, this court gave defendants even more support to fend off claims that are, at their core, based on third party content.
The updated census of Roommates.com citations:
Roommates.com Cited for Defense (11 cases): GW Equity v. Xcentric, Best Western v. Furber, Goddard v. Google (and second ruling) Joyner v. Lazzareschi, Atlantic Records v. Project Playlist, Barnes v. Yahoo (note: although the case was a partial loss for the defendant, the Roommates.com discussion came in the defense-favorable part), Doe IX v. MySpace, Doe II v. MySpace, Dart v. Craigslist, Shiamili v. Real Estate Group, Nemet v. ConsumerAffairs
December 28, 2009
Pharma Company Avoids Injunction By Dropping Competitive Keyword Ads--King v. ZymoGenetics
By Eric Goldman
This case involves the cutthroat (sorry) world of blood clotting drugs. King Pharmaceuticals sells bovine (cow) thrombin, a clotting agent. ZymoGenetics sells thrombin made from hamster ovaries and snake venom. ZymoGenetics' version has been making inroads on the thrombin market, and King isn't too pleased about that. King claims that its dropping market share is due to several bad acts on ZymoGenetics's part, including ZymoGenetics' AdWords campaign that included the King trademark "Thrombin-JM" as a keyword.
Blaming illegitimate AdWords for King's dropping market share seemed particularly implausible for two reasons. First, the product is purely B2B and has no consumer-facing side. It's used for post-surgery recuperation, so doctors/hospitals are the target customers--and for professional and liability reasons, they are pretty careful about what they prescribe to patients. So if the AdWords ads have helped facilitate doctor switching, it's more likely due to doctors learning of a new drug that doesn't have some of cow thrombin's negative side effects than any marketplace mistake over brands or other "unfair" diversion.
Second, the AdWords ads produced a trivial number of clicks. ZymoGenetics reports that it got 84 clicks on "Thrombin-JM" (and only 803 on the generic term "thrombin"). The court doesn't expressly guffaw at King for fighting over 84 clicks, but I can hear a snicker or two in the opinion. Not surprisingly given the minuscule volume of clicks, ZymoGenetics voluntarily dropped the competitive keyword purchase when it learned of King's lawsuit (it wasn't giving up much), and it agreed not to buy the keyword again. King pressed for a preliminary injunction to forcibly hold ZymoGenetics to its word, which many courts will issue in these situations, but this court decides that ZymoGenetics' promise is good enough and denied the preliminary injunction.
Now, King was going to court to redress ZymoGenetics' perceived transgressions no matter what, so it would be a little unfair to beat up on them for litigating over 84 clicks. However, this case is yet another example of how competitive AdWord lawsuits often are ridiculous overkill given the economic value at issue. (Related examples are 1-800 JR Cigar, which involved $345 of revenue, and Storus, which involved 1,374 clicks over an 11 month period). It's a good reminder to trademark owners to be smart with their litigation dollars!
December 27, 2009
November-December 2009 Quick Links, Part 2
By Eric Goldman
* Want Ad Digest Inc. v. Display Advertising Inc. (N.D.N.Y. Sept. 3, 2009). A classified ads publisher wants to stop a competitor from republishing its classified ads. The court said that advertisers, not the publisher, generally own the copyrights to each individual ad, but the publisher claimed it had edited those ads sufficient to claim a copyright interest in them as well. This factual allegation prevented summary judgment. The publisher also claimed a compilation copyright based on the organization of individual ads into various headings and subheadings. The court said that the placement of ads within headings and the headings themselves weren't protectable. The organization of subheadings might support a compilation copyright, but the republisher didn't use the same organization and therefore didn't violate any compilation copyright. A little known fact: one of my key summer associate projects in 1993 was to analyze republication of classified ads. Note to my assigning attorney: it may be 16 years later, but I think I got my analysis right!
* Moberg v. 33T LLC, 08-625(NLH) (D. Del. Oct. 6, 2009). Publication of a photo on a German website does not constitute "publication" in the United States sufficient to require the copyright owner to register the photo before suing for copyright infringement in a US court.
* Sony v. Tenenbaum. Downloading copyrighted works via peer to peer software isn't fair use (something we already knew from BMG v. Gonzalez), but it might have been a closer call with a better litigation strategy by the defense.
* Rebecca on EsNtion Records v. TritonTM, an impressive copyright infringement and 1202 defense win.
* The FTC thinks virtual worlds should clean up their act to keep kids away from online porn.
* Prof. Miriam Cherry on employment law issues in virtual worlds.
* Marine Pile Drivers, LLC v. East Coast Marine Pile Drivers, LLC, 2009 WL 3753526 (W.D. La. Nov. 9, 2009). Allegedly defamatory blog post gives rise to jurisdiction in the plaintiff's home court.
* Salyer v. The Southern Poverty Law Center, Inc., 2009 WL 4758736 (W.D. Ky. Dec. 7, 2009). The CMLP page. Subsequently linking to and referencing an allegedly defamatory online article does not reset the statute of limitations under the single publication rule.
* Colette Vogele put together an excellent presentation discussing plaintiff-side considerations when pursuing anonymous posters.
* The FTC and other agencies have promulgated model Gramm-Leach-Bliley privacy policies. Five years in the making and battled tested by consumers. The instructions are pretty specific about font size, font color, page orientation, etc. Although the tabular format should make scanning the notices easier, it will be interesting to see if these notices actually do a better job than the current notices on any dimension that matters.
* LA Times: An in-depth look at Facebook's “judicial system.”
December 26, 2009
November-December 2009 Quick Links, Part 1
By Eric Goldman
* Yahoo and Mary Kay settled Mary Kay's trademark lawsuit over Yahoo's email shortcuts.
* uBID Inc. v. The GoDaddy Group Inc., No. 09-cv-2123 (N.D. Ill. Nov. 5, 2009). uBid’s anti-domain name parking lawsuit failed on jurisdictional grounds. Tom O'Toole explains why this is an unusual jurisdictional ruling.
* Trademark Blog: “Sellify, operator of ONEQUALITY.COM, sues Amazon over Amazon affiliates' alleged misuse of ONEQUALITY.COM as Google keywords.”
* In an unenlightening memo opinion, Second Circuit affirms the Cintas v. Unite Here opinion involving union activists’ web activities using a target company’s trademark. My initial blog post on the case.
* Bloomberg: Buyers of counterfeit luxury goods understand they are getting counterfeits, and many of them upgrade to the real thing eventually.
* Transamerica v. Moniker Online Services, 2009 WL 4715853 (S.D. Fla. Dec. 4, 2009). Domain name registrar does not qualify for ACPA's registrar safe harbor when: "Transamerica alleges that Oversee and the Moniker Defendants, together with the ostensible registrants-the John Doe Defendants-are the de facto registrants of the domain names in question. Transamerica claims that Moniker was not merely acting as a registrant in providing registration services to the John Doe Defendants for the infringing domain names, but instead was part of a scheme to profit from the use of the infringing names. As Transamerica points out, Moniker receives a fee each time an internet user clicks on one of the links attached to the infringing domain sites; such payment establishes at least partial ownership in the domain name." Troubling ruling.
* SafeWorks, LLC v. Spydercrane.com, LLC (W.D. Wash. Dec. 7, 2009). A trademark owner's preemptive registration of domain names containing typographical errors of the registrant's trademarks does not infringe a third party trademarks.
Marketing and Advertising
* In re Gemtronics (FTC ALJ decision Sept 16, 2009). A dietary supplement seller wasn't liable for comments on a website that it didn't own or control but (among other things) it had linked to. While this is great, I still believe the FTC needs to rethink its entire liability scheme of online content endorsement or adoption due to 47 USC 230. See 1, 2.
* Avvo settles Florida bar lawsuit and gets Florida to admit that client testimonials on Avvo aren't lawyer advertising. Rebecca explains why an analogous South Carolina regulation violates 47 USC 230.
* After the FDA spooked pharmaceutical companies to stop engaging in search advertising, the FDA held hearings on Internet pharmaceutical marketing. The Arnold & Porter recap. Ironically, BusinessWeek ran a story wondering if pharmaceutical ads reduce consumer demand.
* The FTC cracks down on online negative option/"continuity plan" offerings.
* In re Miva Inc. Securities Litigation, 2009 WL 3821146 (M.D. Fla. Nov. 16, 2009). The court dismissed a securities class action lawsuit over Miva's/FindWhat's investor disclosures relating to click fraud and spyware. My initial blog post on the case.
* NYT: False advertising litigation is a growth industry.
* A Milwaukee lawyer has alleged that another lawyer buying keyword advertising triggered by his name violates his publicity rights. I’ve posted the complaint to Scribd.
* Google is now personalizing search results for everyone, not just logged-in users. In 2006, I wrote about how universal personalization would affect SEO and concerns about search engine bias. Danny Sullivan believes Google’s change deserves "extraordinary attention."
* Google took out an ad from itself to explain why its image search results for Michelle Obama contained an offensive result. This is after it first tried to remove the image on the pretext that the website was hosting malware.
* Danny Sullivan asks some good questions about Google's integration of Twitter into its search database.
* BusinessWeek: Matt Cutts, Google’s search engine anti-spam superstar, talks about his job. He doesn't sound like the most fun person to travel with
* Rose Hagan, Google's chief trademark counsel, is retiring after 7 years at Google. She leaves behind big shoes to fill.
December 22, 2009
Ripoff Report Not Bound by Takedown Injunction Against User--Blockowicz v. Williams
By Eric Goldman
Blockowicz v. Williams, 1:09-cv-03955 (N.D. Ill. Dec. 21, 2009)
Last month, I wrote about the interaction between 47 USC 230 and FRCP 65. FRCP 65 says that anyone acting in concert with a litigant is obligated to honor an injunction against the litigant. 47 USC 230 says that websites can't be liable for user content. So, if a user is ordered to take down content he/she publishes on a third party website, must the publishing website comply with the order per FRCP 65, or it is free to ignore the injunction due to 47 USC 230?
To be fair, this issue only arises when a website won't voluntarily remove user content. As we know, many websites instantly fold when sent a nastygram, irrespective of 47 USC 230's protection, and even those that don't usually will cheerily comply with a court order. So to encounter the problem, a website would need an absolute no-takedown policy--even if the user requests the takedown, and even in the face of a court order against the user. Few websites have such absolute policies.
The Ripoff Report is one of those websites, however, and they ran into this issue recently. An individual posted allegedly defamatory remarks about the plaintiffs on Facebook, MySpace, complaintsboard, Ripoff Report and other websites. I believe these are the posts at issue (1, 2)--definitely not nice postings if untrue, and as usual for Ripoff Report, they showed up as top search results in Google (in case you're wondering, I nofollowed my links). The plaintiffs got a default judgment against the poster. The judgment included a takedown order, which the plaintiffs presented to Ripoff Report and the other websites. All of the other websites complied with the takedown order, but the Ripoff Report refused. Instead, the Ripoff Report argued (among other things) that it is not acting in concert with the poster and 47 USC 230 protects its publication decisions.
Surprisingly (to me), the judge agreed with the Ripoff Report. The judge skirted the 230 issue, instead concluding that Ripoff Report's relationship to the user is too "tenuous" (by entering into a user agreement for content publication) to constitute "acting in concert" under FRCP 65.
The court expressly acknowledges that its ruling means that defamatory content could be categorically immune from legal challenge: "The court is sympathetic to the Blockowiczs’ plight; they find themselves the subject of defamatory attacks on the internet yet seemingly have no recourse to have those statements removed from the public view." Although this is the right doctrinal result, the normative issues are still gnawing at me. I'm troubled that online content could be categorically off-limits from compelled takedown based on a service provider’s choices. In some circumstances, continued publication may not be the right result.
UPDATE: Comments from Nate Anderson at Ars Technica (including a more thorough recitation of the case's factual background) and Ben Sheffner (including links to many of the source materials in the case). It's crucial to understand that the judge's ruling turned solely on a statutory interpretation of FRCP 65 and not on how 47 USC 230 might interact with FRCP 65. So, in that sense, 230 is irrelevant to the question at hand. At the same time, as Sheffner notes, that interaction becomes relevant only because 230 bars a claim against the service provider.
Also, as much as I know people enjoy beating up on Ripoff Report, we should not forget that an integral part of this issue is Google's remarkably favorable indexing of Ripoff Report pages.
December 21, 2009
Website Initially Denied 230 Dismissal But Gets It on Appeal--Shiamili v. Real Estate Group
By Eric Goldman
Shiamili v. Real Estate Group of New York, Inc., 2009 WL 4842470 (N.Y. App. Div. Dec. 17, 2009)
Unfortunately, I am only working from a short and opaque appellate memo. It appears that the defendant operated a website that "administered and chose" to publish user comments. A third party posted an allegedly defamatory comment about the plaintiff, an NYC real estate broker, to the website. On this basis, we know that the website isn't liable for the post per 47 USC 230. I don't think I could do a comprehensive census of message board/user comment cases, but similar defense wins in the past 5 years include Finkel v. Facebook, Cornelius v. DeLuca, Joyner v. Lazzareschi, Raggi v. Las Vegas Police, Higher Balance v. Quantum, Best Western v. Furber, Gregerson v. Vilana, Universal Communications System v. Lycos, Eckert v. Microsoft, DiMeo v. Max, Hammer v. Amazon and Faegre & Benson v. Purdy (wow, this list is a blast from the past!). I'm not including the pure web hosting cases or any of the Ripoff Report cases, yet I'm sure there are other cases I'm forgetting. Indeed, given the airtight nature of the precedent, I personally think plaintiffs should be sanctioned for bringing such meritless cases.
Instead, the lower court initially denied the defendant's motion to dismiss in January 2009. Because this case is in state court, I don't have easy access to the state court opinion to see how the judge got it wrong. Fortunately, in a brief and unanimous opinion, the appellate court corrected this rogue trial court judge and dismissed the case per 230. Because the appellate opinion is so brief, I'm going to quote the court's substantive application of 230 to this case in its entirety:
Plaintiff's claim is barred by the CDA. The complaint makes no allegation that defendants authored any defamatory statements. It merely alleges that defendants “choose and administer content” that appears on the Web site. This is precisely the kind of function that the CDA immunizes ( see e.g. Fair Hous. Council, 521 F3d at 1173-1174; Batzel, 333 F3d at 1031). Even accepting as true all of plaintiff's allegations and giving it the benefit of all favorable inferences ( see Leon v. Martinez, 84 N.Y.2d 83, 87-88  ), the complaint does not raise an inference that defendants were “information content providers” within the meaning of the CDA. Plaintiff argues that defendants engaged in a calculated effort to encourage, keep and promote “bad” content on the Web site. However, message board postings do not cease to be data “provided by another information content provider” merely because “the construct and operation” of the Web site might have some influence on the content of the postings ( see Universal, 478 F3d at 422; see also Chicago Lawyers' Comm., 519 F3d at 671-672; Carafano v. Metrosplash.com, 339 F3d 1119, 1124-1125 [9th Cir2003] ).
Where, as here, there is no allegation that defendants authored the defamatory statements, it is not appropriate to permit discovery to determine if a cause of action exists ( see Walsh v. Liberty Mut. Ins. Co., 289 A.D.2d 842, 844 ; see also Universal, 478 F3d at 425-42; cf. Fair Hous. Council, 521 F3d at 1174).
1) I believe there are some folks who believe that a website becomes liable for any user content it "encourages." This is one possible reading of Roommates.com, and it underlies the government enforcement agencies' (e.g., SEC and FTC) content endorsement theories. However, I don't see precedent supporting that proposition at all. This case, like so many others, doesn't care if the website encourages the allegedly tortious content. Instead, the only relevant inquiry is whether the content originated from a third party. If so, 230 applies without any need for further inquiry.
2) This is yet another case where the court cited Roommates.com in favor of the defense. The updated census of Roommates.com citations:
Roommates.com Cited for Defense (10 cases): GW Equity v. Xcentric, Best Western v. Furber, Goddard v. Google (and second ruling) Joyner v. Lazzareschi, Atlantic Records v. Project Playlist, Barnes v. Yahoo (note: although the case was a partial loss for the defendant, the Roommates.com discussion came in the defense-favorable part), Doe IX v. MySpace, Doe II v. MySpace, Dart v. Craigslist and now Shiamili v. Real Estate Group
The 10th Circuit beachhead for Roommates.com is troubling, but overall I think it's entirely clear that Roommates.com has not changed 230 jurisprudence in any meaningful way--except that it may be giving plaintiffs false hope of success and causing them to overinvest in their cases.
UPDATE: The trial court opinion, which quotes some of the allegedly defamatory posts.
UPDATE 2: The complaint. This has a full list of the alleged defamatory postings. It also indicates that the venue in question was a website/blog called "shittyhabitats.com," apparently now defunct. The archive.org page from Feb. 2, 2007 and Feb. 5, 2008.
December 18, 2009
Top Cyberlaw Developments of 2009
(Thanks to Eric for letting me post this list here!)
[Eric's note: some of you may recall John, a regular blog guest contributor from 2005-07. It's great to have another contribution from him.]
Eric will post his own list later, but I thought we could start off the holiday season with one person’s view of the top Cyberlaw developments of 2009. It was an interesting year. While intellectual property issues continue to dominate, and we continue to see plaintiffs and their attorneys running smack into Section 230 of the Communications Decency Act, we’ve also seen developments in the areas of Constitutional law, criminal law, and state and federal regulation. So, let’s recap 2009. Unlike David Letterman’s lists, this list is in no particular order of importance.
1. File Sharing Decisions.
After years of lawsuits against file sharers, we finally have two trial decisions. Both held against the peer-to-peer file sharers. Jammie Thomas managed to turn a 2007 verdict of $222,000 (which was later thrown out due to a mistrial) into a 2009 verdict of $1.29 Million. Her motion to reduce the award is pending.
Joel Tenenbaum received more favorable treatment and was subjected to only a $675,000 jury verdict after he admitted liability and his fair use defense was rejected by Judge Gertner. His motion to appeal/reduce the award is due to be filed in early January. Judge Gertner wrote a compelling decision urging Congress to modify the strict liability consequences of new technologies such as peer-to -peer file sharing. In her decision rejecting the fair use defense, Judge Gertner implored Congress “to amend the [Copyright Act] to reflect the realities of file sharing. There is something wrong with a law that routinely threatens teenagers and students with astronomical penalties for an activity whose implications they may not have fully understood. The injury to the copyright holder may be real, and even substantial, but, under the statute, the record companies do not even have to prove actual damages.” We’ll see if Congress listens.
2. Rise of Copyright First Sale Doctrine.
There were several decisions that turned on applications of the copyright “first sale” doctrine to new online situations. Section 209(a) of the Copyright Act permits the owner of a lawfully made copy of a work to sell or dispose of that copy without the consent of the copyright owner.
First, the held that resales of the AutoCAD software were permitted under the first sale limitations in Section 109(a). The court found that although the underlying documents were styled as “licenses,” the fact that the licensee was entitled to perpetual possession of the copies was the key fact.
We also had two cases (John Wiley & Sons; Pearson Education v. Liu) dealing with the importation of copyrighted works (mostly textbooks) printed abroad and then imported into the United States for sale. Two courts said these transactions are not protected by the first sale doctrine because of the importation provision in Section 602. The courts so far have been following dicta in the Supreme Court’s 1998 Quality King case that goods manufactured overseas and then imported are not protected by the first sale right, despite their reluctance to do so. We may get a resolution of this issue in 2010. The U.S. Supreme Court has invited the Solicitor General to file a brief in the Costco Wholesale Corporation v. Omega, which is on a petition for certiorari to the Ninth Circuit Court of Appeals.
A third entry is Apple v. Psystar. Psystar specialized in creating copies of Apple’s Macintosh OS-X operating System and loading them onto Mac “clones.” The court rejected the first-sale doctrine defense because Psystar’s copies of the Macintosh OS-X operating system were not “lawfully made” within the meaning of Section 109. The parties subsequently settled all claims except for copyright infringement, and Apple obtained a permanent injunction against Psystar.
3. Demise of “Use in Commerce” Defense in Keyword Cases.
In Rescuecom v. Google, the Second Circuit reversed the district court and said that Google’s sale of trademarked keywords as ad triggers constitute a “use in commerce.” This probably is the end of the “use in commerce” defense in keyword advertising cases, which will now turn more on likelihood of confusion (or initial interest confusion) factors.
4. Internet Gambling.
Internet gambling continues to be regulated by a tangle of federal laws ill-adapted for the purpose. Some of the laws date back to the 1961 adoption of the federal Wire Act. This is an areas where Congress should really clean things up, especially with criminal liability sometimes at stake.
Proponents of online gambling took a couple of hits in 2009. In Interactive Media Entertainment and Gaming Association v. Holder, the Third Circuit upheld challenges to the Unlawful Intent Gambling Enforcement Act (UIGEA) on Constitutional grounds. The UIGEA does not prohibit Internet gambling, but does prohibit gambling businesses from accepting financial payments in connection with bets that are illegal under any federal or state law. (This Act has effectively forced legitimate offshore gambling sites to stop taking bets from the United States). The Third Circuit held that the phrase “unlawful Internet gambling” is not vague, and that there is no Constitutionally protected privacy right to gamble in one’s home.
Earlier in the year, the Department of Justice ordered four banks to freeze over $34 million in payments owed to about 27,000 poker players. Although the legality of online poker in the United States is a gray area, the DOJ takes the position that online poker games are prohibited by the federal Wire Act. The DOJ position runs counter to several court decisions that have refused to apply the Wire Act to non-sports related Internet gambling. After the funds were seized, the affected poker sites reportedly reimbursed the players the money that was seized.
5. State Attempts to Regulate the Internet.
This trend, a favorite target of Eric’s ire, continued in 2009. Some more notable attempts include Maine’s passage of a little COPPA Act, banning the use of personal information about minors for marketing purposes (which the Maine Attorney General then refused to enforce), Kentucky’s seizing of domain names associated with alleged gambling websites (the legality of which is pending before the Kentucky Supreme Court), and Utah and other state’s attempts to put sex offender information online or require sex offenders to register websites to which they belong and their passwords.
Lori Drew created a fake MySpace profile to humiliate a 13-year-old neighbor girl and was subsequently blamed for the girl’s suicide death. Drew was convicted of three misdemeanor counts of unauthorized access to computers under the federal Computer Fraud and Abuse Act for violating MySpace’s terms of service. In United States v. Drew, the court dismissed Lori Drew’s conviction, concluding that MySpace’s terms of service were Constitutionally vague. The result is not surprising, because terms of service are not generally written with criminal prosecution in mind. The MySpace terms at issue prohibited a wide variety of conduct but did not explain what activities would make a user’s access “unauthorized”. The user’s conduct was reprehensible, but not criminal.
7. Online Endorsements.
In October, for the first time since 1980, the Federal Trade commission updated its guidelines for advertisers on how to keep their endorsements and testimonial advertisements in line with the FTC laws. The new guidelines explicitly target online endorsements by bloggers and others who receive cash or in-kind payments to review a product. Bloggers who make an endorsement must disclose the material connections they share with the seller of the product or service. While the new guidelines caused a stir among bloggers, they seem to be a reasonable extension of the FTC’s disclosure guidelines in other contexts
8. DMCA Take-Down Notices.
In UMG Recordings v. Veoh Networks, we received some further guidance on what constitutes a proper take-down notice. Here, the court said the copyright owner has the burden of identifying “potentially infringing materials.” A letter merely listing recording artists whose works were allegedly infringing did not give the Internet Service Provider actual knowledge of infringement because the letter does not comply with the DMCA requirements. The court also said that the ISP was not on general notice of copyright infringement just because the website allows users to post music files, which are frequently infringing content.
9. Section 230 of the Communications Decency Act.
There are too many cases to list here, and I am sure Eric has done (or will do) his own exhaustive compilation. The courts clearly expanded the scope of the Section 230 defense in various Craigslist cases (no liability for advertisements for guns or prostitution).
Barnes v. Yahoo showed us that service providers should not make statements and then not follow though. In that case, the plaintiff’s ex-boyfirend created fake personal ads for her on Yahoo and impersonated her in various online forums. She asked Yahoo to take the information down,. A Yahoo employee told her that Yahoo would take the profile down, but Yahoo did not do so until after the complaint was filed.. The Ninth Circuit upheld Yahoo’s Section 230 defenses for claims that Yahoo had an obligation to take the fake profiles down, and that Yahoo did not try to remove some objectionable material. But the court did permit the plaintiff’s claim to go forward that Yahoo had breached its oral contract with her to take the material down, which the Court held amounted to a modification of the “baseline” Section 230 rule.
10. Right to Privacy.
When someone publishes something on a MySpace website without her full name, and then deletes the post, does she have an expectation of privacy? In Moreno v. Hanford Sentinel, Inc., the California Court of Appeals said no. Here, the plaintiff posted an essay that was derogatory of her home town on her MySpace page and then deleted it six days later. In the meantime, the principal at the local high school saw the posting and submitted the poem to a local paper, where the editor (a friend of the principal) published the poem in the Letters to the Editor column and signed the plaintiff’s full name to it. The author and her family received death threats and her father had to close a 20-year old family business. However, the California Court of Appeals ruled that the principal did not invade the author’s privacy by handing the posting to the editor, and further held that the editor did not violate the author’s rights when it published her full name. (The case was remanded in order to address a claim of intentional infliction of emotional stress.)
Let’s hope 2010 brings even more exciting Cyberlaw developments. We have the potential for two Supreme Court rulings, in the Costco case (discussed above) and the Bilski case, which may address the validity of business method patents.
Posted by John Ottaviani at 07:04 AM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Licensing/Contracts , Publicity/Privacy Rights , Search Engines , Trademark | TrackBack
December 17, 2009
Court Finds that SMS Spam Messages are Subject to the TCPA and Rejects First Amendment Defense -- Abbas v. Selling Source, LLC
[Post by Venkat]
Abbas v. Selling Source, LLC, Case no. 09 CV 3413 (N.D. Ill.; Dec. 14, 2009).
I didn't think there was much dispute as to whether SMS spam falls under the Telephone Consumer Protection Act, but Judge Gottschall's order in Abbas v. Selling Source, LLC, tackles this issue and concludes that SMS spam messages are "calls," under the Telephone Consumer Protection Act. Along the way, the court addresses a few other interesting arguments, including defendant Selling Source's First Amendment defenses.
Abbas allegedly received SMS spam from Selling Source. Abbas sued Selling Source in state court under the TCPA. Selling Source removed and filed a motion to dismiss. The court rejected the crux of Selling Source's arguments.
Was Abbas Charged for the Text Messages? Selling Source's first argument was that Abbas did not allege he was charged for the text messages, and that the TCPA only applies to messages for which the recipient is charged. Due to lazy drafting, the statute is not totally clear on this issue. It contains a list of services to which the TCPA applies, but adds a catch-all: "or any service for which the called party is charged for the call." The question for the court is whether this modifier applies to numbers assigned to all types of services, or whether it's just a separate catch-all category. Following passage of the TCPA, the FCC concluded that the TCPA did not apply to calls to cellular customers for which the called party is not charged. Shortly after this FCC pronouncement, Congress passed a law that allowed the FCC to exempt from the scope of the TCPA any calls for which the called party is not charged. The court looked to this Congressional amendment and concluded that the TCPA applies to both "charged and uncharged calls." [Sidenote: should the applicability of the TCPA to "uncharged calls" affect the First Amendment analysis?]
Did Selling Source Use an Automatic Telephone Dialing System? Selling Source argued that Abbas failed to adequately allege that Selling Source used an auto-dialing system to send the messages. The Ninth Circuit dealt with this issue in Satterfield (discussed by Prof. Goldman here and Jeff Neuburger here), where it held that the TCPA only required that the calling mechanism have the capacity to store or produce numbers using a "random or sequential number generator," not that this mechanism was used to initiate the calls (messages). I'm not really sure what to make of this argument in the context of this case, since it's unclear exactly what equipment Selling Source used. Plaintiff certainly has no way of knowing this information at this stage in the litigation. Whatever it means for a piece of equipment to have the "capacity" to store or produce random or sequential numbers, I would guess - given the analysis in Satterfield and in this case - that any reasonably sophisticated piece of equipment fits the bill.
Does the TCPA Apply to SMS messages? Selling Source argued that the TCPA only applies to
"calls," and not to text messages (or that text messages were not "calls" under the TCPA). The court engages in a fairly lengthy analysis (which is worth reading) before concluding that "an SMS message is a 'call' within the meaning of the TCPA." Most people treat this as a foregone conclusion (or at least assume this is likely the case), given that the FCC has long held (starting from a 2003 FCC order) that text messages are "calls" within the TCPA. But Selling Source made some creative arguments that the court seemed to grapple with. Interestingly, the court declined to give the 2003 FCC order concluding that text messages were calls under the TCPA Chevron deference. (The court undertakes an independent look at the issue and concludes that SMS messages are "calls" within the meaning of the TCPA.)
Selling Source's First Amendment Challenge: Finally, the court rejects Selling Source's First Amendment challenge. Jaynes (and the Virginia spam statute) notwithstanding, First Amendment challenges to unsolicited marketing laws are a losing proposition. It wasn't a big surprise that the court didn't buy Selling Source's First Amendment arguments, but cost-shifting is typically advanced as one of the big evils sought to be addressed by unsolicited marketing laws. The court's interpretation of the TCPA potentially takes this out of the equation, at least in some cases. This leaves the privacy rationale, but accepting that rationale as a justification for laws governing unsolicited marketing may make way for lot broader regulation than most people think is appropriate from a First Amendment standpoint. I'm not quarreling with the court's conclusion, and I haven't taken a close look at the issue, but I thought this was worth noting.
It's worth mentioning that the court grants Selling Source's motion to dismiss on the basis of specificity. Although it finds plaintiff's claims viable as a matter of law, plaintiff is required to re-file and allege specifics regarding the receipt of the text messages in question.
It's also worth noting that last week a district court dismissed Computer Fraud and Abuse Act claims based on the receipt of SMS spam messages. See, my post here for a discussion of Czech v. Wall Street on Demand, Inc. As I mentioned in that post, the TCPA is a possible avenue for plaintiffs who receive SMS spam messages.
Barnes v. Yahoo Survives Dismissal Motion on Remand
By Eric Goldman
Barnes v. Yahoo!, Inc., 2009 WL 4823840 (D. Or. Dec. 11, 2009)
You recall Barnes v. Yahoo, the case where Yahoo promised to promptly take down a fake profile created by a third party but didn't do so. The district court initially dismissed the case on 47 USC 230 grounds, but the Ninth Circuit reversed in an opinion that stirred up some trouble due to its sloppy 230 discussion. The Ninth Circuit subsequently fixed its worst excesses in an amended opinion and sent the case back to the district court with a revived promissory estoppel claim. Following that ruling, Barnes amended her complaint and Yahoo sought to dismiss it.
The district court opinion addresses three points:
1) The Ninth Circuit had not validated Barnes' promissory estoppel claim but only concluded that a 230(c)(1) defense wasn't available.
2) Barnes sufficiently alleged reliance when she diffused the media coverage of her story based on Yahoo's takedown promise.
3) Barnes sufficiently alleged that she detrimentally changed her position due to Yahoo's promise because the fake profiles were online longer.
I am a little surprised to see Yahoo even try the motion to dismiss. I think this case is a great candidate for settlement.
The case library:
* Amended Ninth Circuit Opinion
* Barnes' petition for rehearing
* Public Citizen et al amicus brief in support of rehearing
* Yahoo's petition for rehearing
* Ninth Circuit opinion and my blog post on it
* Ninth Circuit oral arguments
* District court opinion and my blog post on it
* Barnes' response to Yahoo's motion to dismiss
* Yahoo's brief in support of its motion to dismiss
* Yahoo's motion to dismiss
* Yahoo's notice of removal to federal court (which contains Barnes' initial complaint)
The Justia page has even more materials from the district court proceedings.
December 15, 2009
When the Supreme Court gets in your inbox
The Supreme Court agrees to review one of the very few Circuit Court opinions finding 4th Amendment protection for in-box content. Should netizens tremble or rejoice?
By Ethan Ackerman
The Supreme Court has agreed to hear an appeal by a California city from an earlier 9th Circuit ruling finding the city had violated the Constitutional and statutory rights of one of its police officers by recovering and reading the officer's pager text messages. While some appellate commentators expected the Supreme Court to take the case, many 4th Amendment scholars (and this author) were surprised by the Court's action in granting certiorari in the case of USA Mobility Wireless, Inc. v. Quon.
The Quon case is notable because it contains two major issues: the 4th Amendment privacy issue and the somewhat unique issue surrounding employer monitoring when the employer is also the government.
The latter aspect had previously driven much of the attention focused on the Quon ruling. In fact, 4th Amendment scholar Orin Kerr even suspects it is the public employee legal standard dispute that may be driving the cert. grant, especially in light of the arguments and authors of the dissent.
Prior to the Supreme Court's action, most of the legal commentaries and even a majority of the web search results for the case were from employer-side law firms telling their clients that private sector employee monitoring was still OK. For example:
* NelsonMullins attorneys, in an article oxymoronically titled "Employer Monitoring Best Practices," informed their clients that that there was no need to change "the surveillance approach used by U.S. employers."
* Greenberg Traurig reminded all employers that "electronic communications policies must be drafted and implemented to effectively eliminate any reasonable expectation of privacy," and that it was advisable to preemptively obtain employee consent to the disclosure of employee communications, even on 3rd-party services. However, Greenberg Traurig also pointed out the "limited direct applicability to private employers" of the case.
* Proskauer Rose explained that the "decision appears to change very little for private employers who wish to review employee communications stored on, or sent through, their own servers and computers" but also (regretfully?) concluded that federal law does "limit employers’ ability to request from third-party providers the contents of employees’ electronic communications."
* Foley & Lardner attorneys undercut the certainty of their recommendations, including that "text messages should be included in monitoring policies," by confusing cellphones and old-fashioned alphanumeric pagers in their discussion of the case.
Even much of the media coverage of the Supreme Court's decision to review the case focuses on the government employer-employee aspect, with both the LA Times and CNN devoting significant discussion to the fact that it was Quon's boss doing the reading and Quon was a police officer (salaciously) using department property.
Warning, a brief blogger-criticizes-some-mainstream-journalism rant: You'd think that a major news organization like CNN, able to employ someone with the presumably competent title of "CNN Supreme Court Producer," wouldn't get fundamental elements of this story wrong. The Court pointedly did not "accept a pair of appeals on this free-speech and privacy dispute" - it denied one and granted one. And "free speech dispute?" There's nothing remotely free speech about this case.
Employment law issues aside, this case is, at its core, a classic 4th Amendment case addressing when someone has a reasonable expectation of privacy in a communication. Quon's holding is notable for two things: (1) it finds a fairly expansive protection of 4th Amendment rights in electronic communications, and (2) it's one of a very small number of Circuit Court cases to do so. Rare cases like this can be privacy gold - they effectively stand until the Supreme Court reverses them. Further, because there are so few cases on the issue, a circuit split or other conflict is unlikely to occur, lessening the chance of Supreme Court reversal. This fact alone is reason for fans of an expansive 4th Amendment to be wary of any Supreme Court review.
December 14, 2009
[Post by Venkat]
Sedersten v. Taylor, 2009 U.S. Dist LEXIS 114525 (Case No. 09-3031-CV-S-GAF) (W.D. Mo. Dec. 9. 2009).
Plaintiff allegedly suffered injuries at the hands of defendant Taylor. Plaintiff sued Taylor, the City of Springfield, and its chief (the claims against the city and the chief were based on theories of negligent hiring and retention). The Springfield News-Leader published an article about the incident in question and the prosecutor's decision to drop charges against Taylor. A commenter "bornandraisedhere" criticized the prosecutor's decision. Plaintiff issued a subpoena to the News-Leader requesting the identity of the commenter.
The court rejected plaintiff's motion to compel the production of information sufficient to identify "bornandraisedhere." The court found that the sought after information was cumulative, and the identity of "bornandraisedhere" would add little to plaintiff's argument (that the city negligently hired Taylor).
reserve[s] the right to use, and to disclose to third parties, all of the information collected from and about [users] while [users use] the Site in any way and for any purpose . . . .
Related: The Supreme Court today accepted review of the Arch Wireless case, which involved a public employee's privacy rights in text messages. (See coverage by the LA Times here.) Also, the EFF is pursuing a claim for attorney's fees (under a California statute) against a company who is trying to out an anonymous commenter: "USA Technologies Attempts to Out Anonymous Online Critics, Runs Into New California Fee Statute."
Another Cautionary Tale of Joint Website Ownership--TEG v. Phelps [UPDATED]
By Eric Goldman
Third Education Group, Inc. v. Phelps, 675 F. Supp. 2d 916 (E.D. Wis. Nov. 25, 2009). Motion to amend denied January 19, 2010.
[UPDATE: In the initial version of this post, Richard Phelps’ story was part of a broader narrative about the potential problems of website co-ownership. However, his behavior in response to my post warrants its own discussion. Seeking to redress his perceived problems with my initial post, he has done all of the following:
* he emailed me multiple times
* he emailed my boss (the Dean) multiple times
* he emailed my colleagues multiple times
* he emailed an unrelated blogger at least two times
* he had his attorney call me to request changes to my post
* most recently, he has promised/threatened that he “will be filing a complaint about your behavior with California authorities and, for that matter, any others that might be available.”
All of this in response to a relatively obscure blog post that currently sees de minimis traffic. The stress of being uncertain about Phelps’ next moves to pressure me has literally kept me up at nights. As a result, I have decided to make changes to this post to respond to a detailed email that Phelps sent me on May 16. Normally I would post or extensively quote his May 16 email so you could read his words verbatim and form your own conclusions, but he asked me not to post it; nor can I characterize his views of the post’s deficiencies in my own words for fear of introducing new ambiguity that might generate further grist. Nevertheless, my hope is that the modifications below resolve Phelps’ concerns so that he will leave me alone. To facilitate that result, I sent him the following email:
“I am sorry for any aggravation my blog post has caused you. I have modified my blog post to acknowledge every point you raised in your May 16, 2010 email. Having done so, please do not contact me directly in the future by email, phone, letter, in person or otherwise. If, for some reason, you believe there is still something we need to discuss, please have your attorney or other representative contact me; I am willing to speak with him or her. Although my colleagues have not mentioned your emails to me (other than the Dean, who believes this is an academic freedom issue), I am sure they would be grateful if you did not contact them either.”
Most of Phelps’ concerns were based on my recap of the court’s opinion. I encourage you to read the opinion yourself so that you can decide if I mischaracterized the opinion or if Phelps seeks to relitigate factual points that the judge decided against him.]
Corporate divorces are ugly. They may lack the high-stakes drama associated with child custody disputes, but in all other respects they can be just as emotional and messy as spousal divorces. Fortunately, parties to a corporate marriage can avoid some heartache by forming proper "prenuptial agreements." Unfortunately, the courts are filled with examples of cases where this wasn't done (or wasn't done properly).
A year ago, I blogged on one such case, Mikhlyn v. Bove, a fine example of a web empire literally and perhaps irreparably split in two by a falling out of the principals. Today's case, Third Education Group v. Phelps, offers up another cautionary tale of corporate divorce along those lines. If you are jointly running a website or blog and you haven't properly documented your relationship with your compatriots, this post is for you.
In 2002, Phelps and Thompson decided to start an online publication focused on education policy called "Third Education Group." They effectively formed a "voluntary association" (I believe the Wisconsin equivalent of an implied partnership) to implement the journal. [UPDATE: Phelps disputes the italicized language. I was partially referring to the court’s factual finding: “In early 2002, after recognizing that they shared mutual interests and were concerned that current educational policy publications were generally devoted to the ideology of one of the two major political parties, Phelps and Thompson began discussing creating an online educational policy journal that would offer a different, middle perspective. Efforts were made, largely by Phelps, to first see if their idea for a journal could be affiliated with an existing entity, or to obtain sponsors or funding for their project.”]
In 2004, on behalf of the voluntary association, Phelps registered two domain names and applied for a trademark registration, both listing only himself as the owner. [UPDATE: Phelps disputes the italicized language. Regarding the domain names, I was partially referring to the court’s opinion: “The undisputed evidence demonstrates that the domain names thirdeducationgroup.org and thirdeducationgroup.net were registered for TEG and were not simply Phelps' personal website….Although registered in Phelps' name, at the time he registered these domain names, the evidence clearly established that he was doing so on behalf of TEG.” The court’s discussion about the trademark registration is a little more complicated but was implicit in the court’s finding that the corporation automatically obtained all of the assets (including the trademark registration) generated by the voluntary association. The court says: “The evidence demonstrates that Phelps and Thompson intended TEG, Inc. to succeed the unincorporated association; there is absolutely no evidence to permit the court to conclude that Phelps and Thompson intended the unincorporated association to coexist alongside the corporation and to retain control of the trademark or any other property. The evidence demonstrates that in every way, the parties intended TEG, Inc. to be the successor to the unincorporated association.”]
In 2005, Phelps and Thompson formed a 501(c)(3) non-profit corporation to succeed the voluntary association. Phelps was president and a director of the corporation. Phelps and Thompson did not sign any type of assignment agreement to move the voluntary association's assets into the corporation. [UPDATE: Phelps disputes the italicized language, pointing to an IRS Form 1023 that the relevant players signed. I was partially referring to the opinion’s language that: “the property of the association passed to the corporation, and the absence of an assignment does not affect TEG, Inc.'s right to the trademark.”]
In 2006, after an editorial dispute, the parties' relationship turned sour. In response, Phelps locked off the corporation's websites from further changes, and the corporation stripped him of his officer and director status. [UPDATE: Phelps disputes the italicized language. I was partially referring to the court’s language that: “The evidence demonstrates that by at least March 12, 2006, two days before the resolution and thus a time when it is undisputed that Phelps was both a director and president of TEG, Inc., he blocked Thompson (and anyone else associated with the corporation) from making changes to the corporation's website.”]
Phelps pointed the domain names to his new venture, also called "Third Educational Group, Inc." Meanwhile, locked out of its websites, the corporation registered new domain names, copied its old articles from the old website and then reposted them on its new website. [UPDATE: Phelps disputes the italicized language. I was partially referring to the court’s findings of fact: “After being locked out of its own websites, the Wisconsin corporation copied much of its website content from the sites now controlled by Phelps, and reposted it under the domain name tegr.org.”] Phelps then sent 512(c)(3) takedown notices to the new website host, which successfully put the new website offline. Cross-lawsuits ensued.
[UPDATE: In my prior post, I included a reference and link to a litigation recap from Thompson’s perspective. When Phelps’ attorney contacted me, his only request was that I remove the link. The attorney did not mention any concerns about other factual characterizations. If you would like to see Thompson’s perspectives about the litigation, you can find them through a search. Meanwhile, with the hopes that the link was, in fact, Phelps’ main irritant, and given its relatively inconsequential contribution to the post’s narrative, I have removed it.]
For aficionados of disputes over jointly developed online properties, you may recognize some common elements:
* the person who controls the domain name registrations has de facto control over the empire. [UPDATE: Phelps disputes the italicized inference for reasons I did not understand.] Yet another reminder to keep domain name registration contacts up to date.
* when a business relationship turns sour, it's not unusual for one aggrieved participant to fight the other participant in every Internet venue where the other tries to resurrect the joint effort.
* it is almost impossible to imagine that the venture produces enough cash to economically justify the type of death spiral litigation it spawned. Instead, the litigation is usually about settling personal scores--typically the most expensive litigation around.
* courts often issue a "split the baby" ruling in these cases, rarely giving one side a clean victory over the other.
This case has a classic split-the-baby result. The court concludes:
* the corporation succeeded to the legal rights in the trademark "Third Education Group." Phelps had argued that the trademark rights remained with the voluntary association, which would have given Phelps joint rights to the trademark.
* Phelps violated his fiduciary duties as an officer and director when he locked everyone else out of the company's website. [UPDATE: Phelps disputes the italicized language. I was partially referring to the opinion’s language that: “it is the conclusion of this court that Phelps breached a fiduciary duty owed to TEG, Inc. by asserting and retaining personal control over the corporation's domain names.”]
* Phelps' 512(c)(3) takedown notices did not give rise to a 512(f) claim for misrepresented takedown notices because, for several reasons, Phelps had a subjective good faith belief in their legitimacy.
* although Phelps infringed the corporation's trademark rights in "Third Education Group" and violated his fiduciary duties, the corporation could not show any damages from Phelps' behavior and therefore did not get any damage awards. The court specifically rejected any claim under the Lanham Act's fee-shifting clause for exceptional cases.
* the court also rejected the corporation's emotionally punitive injunction requests and will take a closer look at the appropriate scope of injunctive relief.
So who won this ruling? Nominally, Third Education Group did because it won on the trademark and fiduciary duty claims, but it's not that satisfying of a victory without any damages or a punitive injunction. As usual, then, the only possible winner in messy litigation is the lawyers, and even then only if they get paid.
For another recent example of a well-meaning but under-documented collaboration that devolved into bitter litigation, see LunaTrex v. Cafasso, 2009 WL 4506321 (S.D. Ind. Dec. 1, 2009), involving a team that came together chasing the $20M Google Lunar X prize but didn't dot the is and cross the ts well enough to avoid a messy battle. As the court says:
After a lengthy discussion of numerous ideas that evolved, the group eventually chose the name LunaTrex. (As will be seen, with the benefit of hindsight it is clear that the group also should have spent some more time talking about organization, structure, ownership, and other legal formalities.)
I've written more about messy online divorces in my 2006 Co-Blogging Law article. I think the Third Education Group court did a good job being sensitive to the unintended consequences of a voluntary relationship going south. For example, the court says
Phelps had much more than a mere good faith belief that he was entitled to use the mark. This was not a case of an individual, for example, mistakenly believing he had a license. Rather, in the present case, the objective evidence was on Phelps' side. He was the one who undisputedly came up with the mark. He was the one who paid to register the mark. He was the one in whose name the mark was registered. And he was the one primarily responsible for establishing the use of the mark. He did this, not as one person in a large organization, but rather as an individual who had joined with another collaborator and in doing so, likely without an understanding of the legal ramifications, formed an unincorporated association. (emphasis added)
This is consistent with the hope I expressed in my Co-Blogging article:
the common law typically can handle the idiosyncrasies of blogging in a sensible and contextually sensitive manner. In that respect, judges evaluating blogs should recognize that unexpected or counterintuitive rulings could significantly destabilize the blogging community. Fortunately, many of the legal doctrines discussed in this essay, including partnership and employment law, are naturally flexible. Judges should use that flexibility to balance the many considerations around blogging
[UPDATE: In Third Education Group, Inc. v. Phelps, 2009 WL 5216988 (E.D. Wis.
December 30, 2009), the court had more to say about this litigation. I quote a portion of the court’s opinion (rather than provide a summary that might prompt a further response from Phelps):
“Phelps should not derive any benefit from the use of the thirdeducationgroup domain names. To do so would run afoul of this court's order. Phelps acknowledges as much and agrees to be enjoined from use, but contends that he should be permitted to retain possession of the domain names, leaving them inactive. Phelps contends that he should be permitted to retain possession because he was the one who undertook and financed the initial registration; he paid for the registration and it is his name alone on the registration. Cynically, but based on the history between the parties, one might suspect that Phelps is motivated less by notions of principle and maybe seeks to retain the domain efforts as one last ditch effort to frustrate TEG, Inc.
On the other hand, perhaps there is a good reason why the relevant domain names should be left blank. When Phelps split with TEG, Inc., TEG, Inc. went on to establish itself at tegr.org while Phelps continued to operate the thirdeducationgroup websites (at least until the court determined that the trademark did not belong to him, at which point the websites appear to have gone blank). If TEG, Inc. were to suddenly reappear on the thirdeducationgroup websites, individuals who may have previously understood that these websites were under the control of Phelps might be confused and believe that it is Phelps behind the sites rather than TEG, Inc. A primary purpose of federal trademark law is to prevent consumer confusion and ordering Phelps to surrender the domain names to TEG, Inc. might only exacerbate these problems. But this is only speculation by the court.
Principles of equity warrant that TEG, Inc. control the domain names. Thereafter, it will be the decision of TEG, Inc. as to what action to take, if any, in regard to these names. It is the conclusion of the court that the thirdeducationgroup domain names are the lawful property of TEG, Inc. As the court previously noted,
The undisputed evidence demonstrates that the domain names thirdeducationgroup.org and thirdeducationgroup.net were registered for TEG and were not simply Phelps' personal website. Although registered in Phelps' name, at the time he registered these domain names, the evidence clearly established that he was doing so on behalf of TEG. As such, the domain names belonged to TEG.
(Docket No. 138 at 13 (citations omitted).)
In failing to provide access to these websites to TEG, Inc., Phelps breached the fiduciary duty he owed to TEG, Inc. Returning these domain names to the control of TEG, Inc. is required to remedy Phelps' breach of fiduciary duty. Accordingly, the court shall order Phelps to take all necessary actions to transfer or assign any interest in and control over the thirdeducationgroup domain names to TEG, Inc.
IT IS HEREBY ORDERED that for the reasons stated herein and stated in the court's prior decision, (Docket No. 138), the court enters a permanent injunction, which is affixed hereto, containing the following provisions:
1. Richard Phelps is permanently enjoined and restrained from using “Third Education Group” or any confusingly similar term as a name or mark for any goods, services, internet domain names, websites, or organization or other entity regarding education research, policy, or theory.
2. Richard Phelps is permanently enjoined and restrained from diluting the distinctive quality of the name and mark “Third Education Group.”
3. Richard Phelps is permanently enjoined and restrained from representing that he retains or has had any affiliation with Third Education Group, Inc. during the period of this injunction.
4. Richard Phelps shall take all necessary steps to transfer all rights and interest he has in any domain name containing the terms Third Education Group acquired prior to March 14, 2006 to Third Education Group, Inc.
5. In accordance with 15 U.S.C. § 1119, the Director of the Patent and Trademark Office shall rectify the register with respect to the registration of any party to this action so as to identify Third Education Group, Inc. as the Owner / Registrant of the mark “Third Education Group.””]
December 11, 2009
Court Rejects Computer Fraud & Abuse Act Claim Based on Unsolicited Text Messages--Czech v. Wall Street on Demand
[Post by Venkat]
Czech v. Wall Street on Demand, Inc., No. 09-180 (DWF/RLE) (Dec. 8, 2009).
A Minnesota district judge rejected claims brought under the Computer Fraud and Abuse Act based on the receipt of unsolicited text messages. There's not much to the facts, except that plaintiff received unwanted text messages from Wall Street on Demand, Inc. She did not have a prior business relationship with WSOD. She (vaguely) alleged that she incurred fees and charges related to her receipt of these messages. Based on her receipt of unwanted text messages, she filed a claim against WSOD alleging violations of the Computer Fraud and Abuse Act and state statutes.
The Court's Ruling: The court dismisses plaintiff's amended complaint in an order that helpfully provides a summary of the Computer Fraud and Abuse Act (and recent 2008 tweaks) as it's used in the civil context. Plaintiff brings three possible claims: (1) a claim for obtaining information from her phone; (2) a claim for transmitting information or code through her phone; and (3) a claim for "accessing" her phone.
Information Claim: The court rejects the information-based claim because there's no information that WSOD allegedly obtained through accessing the plaintiff's phone. Plaintiff analogizes to websites and argues that any time someone sends a message to a mobile phone, information is "obtained" in the same way that information is obtained any time someone accesses a website. The court rejects this analogy, finding that "there is a fundamental difference between viewing websites and communicating with wireless devices such as cell phones by sending text messages." Even if the transmission of an unwanted text message somehow resulted in the "obtaining of information," the court concludes that there's no loss as a result of defendant having obtained the information.
Transmission Claim: The transmission claim requires plaintiff to allege that WSOD caused the transmission of code or information and as a result "intentionally caused damage without authorization" to plaintiff's device. The complaint fails on both counts. There wasn't a credible allegation of damage (there was no allegation of impairment to the machine) or of WSOD's intent to cause the damage.
Access Claim: The court rejects the access claim since plaintiff does not adequately allege that the unauthorized access was intentional.
My Take: The Computer Fraud and Abuse Act is an often abused statute, and this seemed like another example of a situation where the statute is being stretched to fit the conduct/harm that was not intended to be covered by the statute. I was surprised that plaintiffs cited to the Lori Drew case [link], which many people view as a classic example of stretching the statute to its breaking point. In some ways this case is reminiscent of ISPs using the Computer Fraud and Abuse Act to attack spam. Some courts were open to this; other courts expressed reservations to the applicability of the Computer Fraud and Abuse Act to spam. See, e.g., America Online, Inc. v. National Health Care Discount, Inc., 121 F. Supp. 2d 1255, 1275 (N.D. Iowa 2000) ("A disturbing issue is whether subsection (a)(5)(c) is intended to address UBE at all.").
The case is also somewhat reminiscent of Abrams v. Facebook, a lawsuit based on the fact that Facebook sent SMS messages to cellphone numbers provided by its users and would keep sending those messages even if the cellphone number changed owners. In a lengthy article, Prof. Goldman discussed the weaknesses of using phone numbers as identity authenticators.
Advice to plaintiffs. If the court dismisses your complaint, come back with additional facts. Do not merely add what the court here calls "background discussion" about the issue you are complaining about. In five or six separate instances, the court mentions the fact that the amended complaint is just a bulkier, more "dressed up version" of the old complaint . . . with no new facts. At a broader level, the court's understandable skepticism towards the damage claims in this case illustrates how difficult it is to bring claims based on unsolicited marketing communications (whether received via your phone or your computer).
Advice to defendants. Transmitting unsolicited text messages is not free of risk. The Telephone Consumer Protection Act is one possible avenue for plaintiffs, and courts are not always deferential to broadly (and poorly) worded opt-ins. (See Eric's post on Satterfield v. Simon & Schuster here.)
Denver University “Cyber Civil Rights” Symposium Recap
By Eric Goldman
The week before Thanksgiving, I attended an unusual symposium sponsored by the University of Denver Law Review entitled “Cyber Civil Rights: New Challenges for Civil Rights and Civil Liberties in our Networked Age.” The symposium covered standard Cyberlaw topics, but the raison d'être was University of Maryland law professor Danielle Citron’s two recent articles on online harassment of women: "Law's Expressive Value in Combating Cyber Gender Harassment" (Michigan Law Review) and "Cyber Civil Rights" (Boston University Law Review). It is unusual for a law school to celebrate another school’s professor and her research, especially when the professor is fairly junior. Nevertheless, Danielle’s participation brought together academics from both the Cyberlaw and civil rights communities, which provided a rare and interesting mix of folks..
Danielle Citron started off by recapping her two papers. Online participation, such as blogging, is essential to professional standing, and employers are reviewing online profiles of prospective employees as part of their hiring considerations. However, women are being targeted for abuse online. These attacks are harming women by changing their online and offline activities, reducing their job opportunities, and causing women to change their gender representations online. Further, folks are trivializing these problems. Women are underreporting the attacks, and law enforcement only intervenes when there are offline harms. New laws can serve an expressive function to communicate that online attacks against women are socially unacceptable. The new laws can validate women’s feelings that they have been harmed and encourage law enforcement to pursue more cases.
Commenting on the papers, Robert Kaczorowski of Fordham Law (and Danielle’s stepdad) made an extended analogy between the Ku Klux Klan and cybermobs.
Wendy Seltzer asked if we could deemphasize the effect of words rather than prohibit them. Danielle responded that we don’t know how seriously to take any particular threat.
An audience member asked if is there a difference between mobs and individual actors who are just taking advantage of being anonymous. Danielle answered that groups can become more extreme online. I think this point deserves more exploration: a series of uncoordinated individual decisions to “pile on” to an attack can look like a coordinated attack to the victim. This is part of why I thought the KKK references were puzzling—KKK activities are clearly coordinated, while online attacks against women can succeed without any coordination or ongoing connection between the attackers.
Paul Ohm argued that that legal solutions are better for cyber civil rights problems than technological solutions. Paul discussed what he labeled “Felten’s Third Law.” (He doesn’t know of two earlier laws named for Ed Felten; he just assumes they exist given Ed’s impressive and influential oeuvre). As articulated by Paul, Felten’s Third Law is that in Cyberlaw conflicts, lawyers love technical solutions and technologists love legal solutions. In other words, we love the solution we don’t know because we assume it has to be better than the one we do. As both a law professor and technologist, Paul picks law over technology for these problems.
Paul categorically rejects any technical solution that would create a “fully identified Internet.” For example, we should not mandate server log retention because we know the logs will be co-opted to regulate other forms of unwanted content, not just online harassment.
Wendy Seltzer discussed the unintended consequences of legal intervention. For example, mandatory Internet filtering in school libraries hasn’t stopped kids from bypassing the filters, but it has facilitated a marketplace for improving filtering technologies that has benefited repressive regimes. Another example: anti-circumvention technology fails to restrict copying but has reduced innovation around DRMed content. Wendy also noted how norms can help curb abuses. For example, while there are online cesspools, she praised Wikipedia’s evolving guidelines for living people’s biographies.
In response, Danielle admitted that her solutions need to be more surgical. She said she might consider moving from a notice-and-takedown model to a notice-and-preserve model for intermediaries.
This panel was composed of three women academics from the civil rights community, so it was a noticeable shift from the typical Cyberlaw academic discussion.
Mary Anne Franks is a University of Chicago Bigelow Fellow and soon-to-be full-time law professor. She expresses our collective disappointment that cyberspace isn’t a utopia that allows people to escape offline discrimination and harassment. She laments that women can lose control of their identities online, such as when someone creates a fake online profile in their names.
She then addressed how cyberspace is unique/special/different with respect to gender harassment. Many commentators try to duck cyberspace exceptionalism, so it was refreshing to see her tackle the issue squarely. Existing offline discrimination/harassment laws assume interactions between repeat players at work and school; online harassment can be divorced totally from any existing social networks. However, because the online activities still harm targeted individuals at work and school, we should treat the harms the same. Offline, there are switching costs to changing jobs or school; online, search engines’ consolidation of results for search on a person’s name creates a different type of switching cost. In terms of supervisory power, she thinks web operators have analogous control to employers or school administrators. Thus, when web operators receive notice of online harassment, they should have a duty to do something about it. Offline, employers can develop a variety of responses and policies to combat workplace harassment. Web operators should have similar latitude; for example, they can delete offending posts or suspend/ban accounts.
Helen Norton, a University of Colorado law professor, did not share Danielle’s optimism (expressed in her first article) that existing discrimination laws can curb online harassment. Instead, Helen thinks a new civil rights statute is needed, but she might limit its remedies to exclude money damages. Helen is pessimistic that there will be regulation any time soon, noting that it can take years to enact civil rights legislation. Helen would also like to see more precise definitions of the exact harms that women are experiencing only online.
Nancy Ehrenreich, a Denver University law professor, began her talk by saying that we should not overstate the Internet’s benefits. She then clarified that we should not assume that disadvantaged folks can overcome barriers online. For example, we impose cultural categories on people in every interaction, so even if people try to mask their identity online, they can’t really escape. She wondered why we aren’t talking about an anti-discrimination law for the web. Her concern is that discrimination denies individuals access to the Internet.
In Q&A, Paul Ohm observed that civil rights scholars often invoke free speech as the countervailing concern to their desired regulations, but Cyberlaw scholars are often more interested in other “generative” effects of the Internet, such as new business models, new labor models and new modes of production.
James Grimmelmann (see his slides) started with the Skanks in NYC case. In that case, the defendant criticized someone else in her social network on a blog, calling the plaintiff (among other unflattering things) a “skank.” The plaintiff sued to obtain the blogger’s identity. After a successful unmasking, the plaintiff dropped the lawsuit, having successfully publicly shamed the blogger.
James hypothesized that this unmasking and shaming was an appropriate remedy—the blogger got shamed (like “an eye for an eye”), and unmasking is a better outcome than other legal remedies like damage suits. James then posited a thought exercise that provided plaintiffs with an expedited unmasking procedure if they drop any damages claim. This would have a number of benefits. Unmasking curbs online harassment is especially effective at busting online mobs. Also, an unmasking remedy avoids messy debates over the First Amendment’s scope, and it may be more desirable than trying to hold online providers liable.
Having advanced his own strawman, James then cut it down. In some cases, defamation remedies may be more desirable, and plaintiffs may not know that until they learn the putative wrongdoer’s identity. In other cases, plaintiffs who just want unmasking would appreciate a lower legal hurdle. Also, we provide legal protection for anonymity for good reasons.
James’ lessons from the thought exercise: we should consider ways to decouple an unmasking remedy from litigation. At the same time, we need to protect defendants from pretextual unmasking; in some cases, retaliation is a big concern, and we should incorporate this concern into the unmasking decision.
From Chris Wolf’s talk (see his full remarks), the most interesting thing I learned is that 18 states have laws banning wearing masks in public, enacted to suppress KKK activities. This was the second speaker’s KKK reference of the day, and it made me wonder if we were experiencing some variation of Godwin’s Law.
Viva Moffat observed that secondary liability issues generate the most heat in online harassment discussions. She expressed concern that imposing legal duties on third parties may not help law’s norm-shaping effect, and it’s not appropriate to impose liability just because the provider has deeper pockets or the direct actor can’t be found. She also suggested that imposing liability on third parties creates a greater risk of collateral damage than direct liability. [Note: I would like to know more about this last assertion. I suspect we cannot make a utilitarian calculation a priori]. As a result, she favors focusing more efforts on sharpening direct liability.
Ed Felten talked about identifying and anonymizing online activity. He explained the usual sequence of events in chasing bad online content:
log file => IP address => identity => justice
But the IP address => identity step breaks down when users use an anonymizing proxy or the user’s network uses network address translation (used by home wireless routers or in coffee shops) and all connected devices’ requests share a single IP address. He said that a majority of Internet connections use NAT.
Because IP address tracebacks can dead-end at the intermediary, an IP address can reveal too little information. However, even when users aren’t investigatory targets, IP addresses can reveal too much information, such as geolocation. This paradox—IP addresses simultaneously reveal both too much and too little information—reflects that the IP address system was built for routing, not identification. So could we design a better authenticating technology?
He then conducted a “semi-realistic” thought experiment of a new technological “tag” that could be used instead of IP addresses. This tag could have the following attributes:
* can be placed by any intermediary
* conveys no information about the sender unless unwrapped by the intermediary (presumably for good legal cause)
* unwrapping the tag yields the best identity information the intermediary has
* the tag’s use is voluntary as a technical matter
* the tag is removable as a technical matter
I then batted clean-up. A summary of my remarks:
Today’s conversation has revisited long-standing Cyberlaw issues, such as:
* anonymity v. accountability, and who should be responsible for online content and actions
* cyberspace as a physical place. See, e.g., Noah v. AOL (an online discrimination case), National Federation of the Blind v. Target (also an online discrimination case) and Estavillo v. Sony
* cyberspace exceptionalism and cyberspace utopianism (on the latter point, see my article on search engine utopianism)
* when is the optimal time to regulate rapidly evolving technology? Early, when the technology is still in its infancy, or later, when market forces and new technological evolutions may have cured the early problems?
Danielle’s articles convinced me that women are experiencing serious harms online that men—including me—could easily trivialize. Danielle’s articles also convinced me that online harassment has strong parallels to the 1970s legal evolution of workplace harassment doctrines, where a big part of the battle was to get people to take the harms seriously.
While I find a lot of descriptive value in Danielle’s work, the normative implications are not as clear. As usual with attempts to regulate rapidly evolving technology, there are many important but overwhelmingly hard definitional challenges, such as who is an “intermediary,” what are “online mobs” and what constitutes online “harassment.” For example, I do not think the Skanks in NYC incident is an online harassment case or an “attack,” but James Grimmelmann’s talk assumed those characterizations.
While we can debate what should be the right level of regulatory intervention, we should not overlook that Congress already enacted a law squarely governing intermediary liability for online harassment: 47 USC 230. The angst that prompted this conference—bad behavior online—is the logical consequences of 230’s broad immunity. The statute enables websites to adopt policies that they will not police user content or retain server logs of user activity. These choices aren’t a surprise or a per se abuse of the immunity; instead, they are the unavoidable implications of Congress’ action.
We might question Congress’ wisdom in adopting 230, but we should not diminish its potential importance to the Internet as we know it. [In Q&A, Chris Wolf asked about the comparative experience in countries that don’t have such broad immunity. In those countries, we know that websites take down user content much more freely, and I believe that the most interesting UGC innovations are all taking place here in the US, not countries with more restrictive UGC liability.] I can, at most, only prove correlation and not causation, but I believe 230 is one of the main causal reasons why the Internet has succeeded so well.
When I speak around the country about 230, I often encounter folks who generally accept 230’s immunity scope but want just one new exception, i.e., their pet topic. If everyone got their “just one” exception, the law would be eviscerated. (I said it would be Swiss-cheesed to death; maybe I should have said it would be overcome by a thousand duck bites). I’m not rejecting new exceptions categorically (they should be each considered on their own merits), but in aggregate 230’s immunization benefits are actually quite precarious. I believe 230 works precisely because of its strength and simplicity, so adding more exceptions could significantly reduce its efficacy.
I concluded my remarks by observing that online harassment is a subspecies of bullying and incivil behavior in our society. While we can and should work to curb online harassment, I am more interested in addressing bullying and incivility in all its forms, wherever it takes place.
In this regard, I have been impressed by how my son’s school is proactively addressing bullying. See more about this effort, called Project Cornerstone. The school is teaching kids not to bully or to tolerate being bullied, and the project gives bullied kids tools to go on the offensive against bullies. There’s no guarantee that anti-bullying programs will work in the short or long run, but I remain hopeful that online harassment today partially reflects that many current Internet users never got any anti-bullying education. Perhaps, then, online harassment issues will naturally abate (without any regulatory intervention) as new generation of Internet users, better educated about bullying, come onto the Internet.
Following my remarks, we had more Q&A.
Paul Ohm Q: Some cyber folks argue against secondary liability because they believe that a victim can pursue a direct action, but Ed’s talk suggests that user anonymity will continue to be possible.
Mary Anne Franks: civil rights isn’t about individual claims because victims have to bear too high a burden to pursue claims. Instead, civil rights are about changing large-scale social norms. The goal is to achieve anti-discrimination by any means necessary. Thus, civil rights scholars have already discussed and concluded that it’s appropriate to impose liability on intermediaries like employers and schools.
Danielle: intermediaries are the lowest cost avoiders.
James Grimmelmann: no, the harassers are the lowest cost avoiders. Civil rights folks would get more support from the Cyberlaw crowd if they focused their regulatory desires towards intermediaries who are in active concert with the bad actors.
We all agree that:
* education can make a big difference
* online communities need to self-police
* there are numerous limits to using the law as a solution, including that lawsuits don’t make sense and 230’s immunity.
We don’t agree on what to do next. There are First Amendment limits, and technology doesn’t offer any panaceas.
December 10, 2009
Is the Florida Bar Taking Facebook Friendship Too Seriously?
[Post by Venkat]
The Florida Judicial Ethics Advisory Committee issued an (advisory) opinion [link] which included the following question and answer:
[May] a judge may add lawyers who may appear before the judge as "friends" on a social networking site, and permit such lawyers to add the judge as their "friend."
[h/t WSJ Law Blog] I thought this conclusion was off base, even after you discount for the fact that Florida has some wacky rules governing advertising by lawyers. My question to the advisory committee is whether this means that it's now inappropriate for a judge to have lunch with a lawyer friend, or engage in email banter with lawyer friends? Is attending the same party now off limits? I assume these actions would still be viewed as appropriate, given that lawyers and judges interact socially (and publicly) all the time. What's so special about Facebook friendship? In the end, the advisory committee should heed the words of one district court
[T]he Court assigns no significance to the Facebook "friends" reference. Facebook reportedly has more than 200 million active users, and the average user has 120 "friends" on the site. . . . Indeed, "friendships" on Facebook may be as fleeting as the flick of a delete button.
Quigley Corp. v. Karkus, No. 09-1725, 2009 U.S. Dist. LEXIS 41296, at *16, n.3 (E.D. Pa. May 19, 2009) (mentioned here and here). With this said, judges and lawyers may want to be careful (driven by common sense), and in any event, minimize their Facebook friending activity while a case is ongoing. [See Techdirt's discussion of a judge-lawyer Facebook friending snafu here.]
[Added: see additional coverage in Silicon Alley's Business Insider: "Florida Judges May not Friend Local Lawyers on Facebook".]
Keyword Advertising Lawsuit Survives Motion to Dismiss on Genericness Grounds--FragranceNet v. Les Parfums
By Eric Goldman
FragranceNet.com, Inc. v. Les Parfums, Inc., 2009 WL 4609268 (E.D.N.Y. Dec. 8, 2009)
In 2007, FragranceNet suffered a stinging loss when it sued a competitor, FragranceX.com, for buying its trademarks as advertising keywords. Interpreting the 1-800 Contacts precedent before that was gutted by the Second Circuit's 2009 Rescuecom decision, the district court judge decisively concluded that buying trademarked keywords did not constitute a use in commerce, ending FragranceNet's lawsuit on a 12(b)(6) motion to dismiss.
Perhaps emboldened by Rescuecom's holding that selling trademarked keywords is a trademark use in commerce. FragranceNet is back in court trying to stop another competitor from advertising on its trademarks. This time the competitors tried for an early dismissal by arguing that the term "FragranceNet" is generic and therefore not eligible for trademark protection. The court says (correctly, IMO) that genericness determinations usually aren't appropriate grounds for 12(b)(6) motions to dismiss (where the court must accept the plaintiff's assertions as true), so the case survives the motion to dismiss. The defendants could try the genericness argument again via summary judgment or possibly trial.
I'm intrigued by the genericness argument because the standards for descriptive marks are pretty lax, and trademark law normally would legally distinguish the single word "FragranceNet" from the clearly generic term "Fragrance." However, two recent Federal Circuit cases, the Hotels.com and Mattress.com cases, have held that the terms "hotels.com" for a hotel retailing website and "mattress.com" for a mattress retailing website were generic because the ".com" portion is ignored and the remainder is the generic word for the retailed items. I assume the same would be true for "fragrance.net" for an online perfume retailer, but would the same analysis apply to "fragrancenet" without the dot? I'm not sure, but it seems like a question worth asking in light of the Hotels.com and Mattress.com opinions.
Even if fragrancenet isn't generic, IMO it is at best descriptive and thus requires secondary meaning to be an enforceable trademark. FragranceNet has registered trademarks, which provide some evidence that it has achieved secondary meaning, but I suspect the defendants will attack the trademarks on secondary meaning grounds as well.
The defendants' counterattack reinforces one of the risks that putative trademark owners face when bringing enforcement actions. Defendants can always attack the validity of their opponent's trademarks, creating the possibility that a court will declare the trademarks invalid and leave the plaintiff with fewer assets than it thought it had when it initiated the legal fracas. We've already seen this outcome in a few online trademark cases that I've covered (e.g., American Blinds and Philbrick), and it's a non-trivial risk in this case as well despite the court's refusal to grant the 12(b)(6).
December 08, 2009
Record Label Sues Google and Microsoft for Linking to Infringing Music--Blues Destiny v. Google
By Eric Goldman
Blues Destiny Records LLC v. Google, Inc., 3:09-cv-00538-WS-EMT (N.D. Fla. complaint filed Dec. 7, 2009) [warning: 1.5MB PDF]
Blues Destiny Records, a small Blues music label, doesn't like RapidShare, a website that allows users to publish files, because users are posting its copyrighted music there. It also doesn't like that people who search for the label's artists in Google and Microsoft get search results that link to sites that link to allegedly infringing copyrighted copies on RapidShare. The complaint was ambiguously worded in describing whether Google and Microsoft directly link to RapidShare or only indirectly link to sites that link to RapidShare, but my own searches indicated that Google's search results did not take searchers directly to RapidShare. So I believe the information flows are something like this:
Uploading user => RapidShare => site linking to RapidShare => search engine => searcher/downloading user, who goes to linking site and then follows the link to RapidShare to complete the allegedly illegal download
As is typical for lawsuits of this nature, the copyright owner didn't sue either the uploading or downloading users. The copyright owner also didn't sue the individuals who posted the links that take people to RapidShare. Instead, the copyright owner brings a frontal 17 USC 512 assault by suing RapidShare (theoretically eligible for 512(c) for hosting the infringing files) and the search engines, who are putatively covered by 512(d) for linking to infringing files (although this claim appears to be even more attenuated if the search engines actually were 2 links away from the download).
The copyright owner appears to have initially struggled with sending proper 512(c)(3) notices, but it got there (or close enough) eventually. The complaint acknowledges that Microsoft disabled the links after receiving some type of notice. As a result, I'm not sure how Microsoft could be liable if they expeditiously removed the links after receiving the copyright owner's notices. Google apparently has not taken down the links (because I can still find them) after seventeen increasingly exasperated requests from the copyright owner, but Google's delayed response/non-response could be due to the copyright owner's imprecision about whether Google was actually linking directly to infringing RapidShare files or only to websites that had allegedly illegal links on them.
As for RapidShare, I didn't see a registration of agent for 512 service of notice, so they may not be claiming 512(c) protection. Then again, the complaint says they are a German/Swiss operation, so they may be impossible to serve and sue in the US, and RapidShare may not have felt any need to satisfy a US law formality.
There have been other lawsuits against websites for linking to infringing content, but plaintiffs usually try to avoid suing power players like Google and Microsoft--both well-funded defendants who aren't likely to roll over on this issue. One of the major exceptions is the Perfect 10 v. Amazon and Google lawsuit, which also involved Google's links to infringing files (in that case, infringing copies of pornographic photos). That lawsuit led to an important but confusing Ninth Circuit ruling from 2007, which left open Google's secondary liability for its links as well as Google's eligibility for a 512 safe harbor for those links. Given the ambiguities of that opinion, the plaintiff's action here isn't clearly wrong as a doctrine matter. However, in my opinion, it is nevertheless ill-advised and unlikely to succeed.
December 04, 2009
Ninth Circuit Rebuffs Another CAN-SPAM Plaintiff -- Asis Internet Services v. Azoogle.com, Inc.
[Post by Venkat]
The Ninth Circuit recently rejected [pdf] two appeals brought by CAN-SPAM plaintiff Asis Internet Services. The trial court granted summary judgment in favor of Azoogle and awarded costs. See Eric's earlier blog post on that ruling. Asis has brought numerous lawsuits against different defendants. While this ruling won't necessarily be used preclusively against Asis it will definitely be cited by the defendants in those cases.
Citing Gordon v. Virtumundo, the court finds that:
the mere costs of carrying SPAM emails over Plaintiff's facilities does not constitute a harm as required by the statute. While Plaintiff argues that employee time was spent on spam-related issues, Plaintiff concedes that it has no records detailing employee time. Plaintiff also spent money on email filtering, though the cost of email filtering did not increase due to the emails at issue. Such ordinary filtering costs do not constitute a harm. [cite omitted] Thus, Plaintiff has not suffered a harm within the meaning of the statute and lacks standing.
The entire memo opinion is about two pages, and the court spends a sentence noting that Asis is not entitled to relief under the California statute (17529.5) because Azoogle "neither sent nor procured the emails at issue, and therefore did not 'advertise' within the meaning of the statute."
The big take away is that courts seem to be able to sniff out people who they view as pursuing litigation for the wrong reasons. It's unlikely that Asis was truly damaged to the extent of even a fraction of fees and resources it spent on this case.
Plaintiffs who aren't large ISPs or social networking websites haven't found a very sympathetic audience, particularly at the appellate level. We're probably left with a regime where only larger ISPs, social networking websites, and state actors are able to effectively bring anti-spam lawsuits. The scope of preemption of California's anti-spam statute is still unclear (Kleffman v. Vonage was certified to the California Supreme Court) so this is one possible option for plaintiffs, but I can't imagine they'll be spending much energy on this.
December 03, 2009
Competitive Keyword Advertiser Wins at Trial--Fair Isaac v. Experian
By Eric Goldman
Fair Isaac Corp. v. Experian Information Solutions Inc., 2009 WL 4263699 (D. Minn. Nov. 25, 2009)
This is an interesting and complicated lawsuit that hasn't gotten the attention it deserves. Fair Isaac produces the ubiquitous "FICO" credit score, which is heavily used in the financial industry to assess borrower creditworthiness. Fair Isaac launched a litigation campaign to suppress competition by rival producers of credit scores. In July, Fair Isaac mostly lost a bunch of its arguments in a complex ruling. Read Rebecca's excellent recap of that ruling. The July ruling left a few issues open for trial, which ended late last month with Fair Isaac's jury loss. See the (uninsightful) jury verdict form and this article from the St. Paul Business Journal.
Normally with a jury verdict, we don't get a lot of legal insight. However, the jury verdict led to a short post-trial ruling by the judge.
First, Fair Isaac tried to claim that its score range from "300-850" was a protectable trademark as a way of trying to thwart its competitors' range of 501-990. I've always wondered why credit scores start at 300 instead of 0, just like the SATs start at 200 or LSAT scores now start at 120. This case finally gave me a new hypothesis: maybe these services think they can claim a trademark in their score ranges...? (As Rebecca also observed, I suspect not wanting to tell people they are a "zero" is also a relevant consideration).
In any case, Fair Isaac's bid to trademark the score range "300-850" failed. As the judge recaps, "the jury returned a verdict finding that the alleged '300-850' mark was not a valid, protectable trademark because the term '300-850”'has not acquired secondary meaning." Once again, a putative trademark owner goes to court only to find out that it has fewer trademarked assets than it thought.
Second, the court rejected Fair Isaac's trademark claim over competitive keyword advertising based on insufficient proof of consumer confusion. The court recaps:
To the extent that Fair Isaac bases its keyword advertising claims on the alleged “300-850” mark, such a claim fails in light the jury's finding that “300-850” is not a valid mark. To the extent that the keyword advertising claims are based on the “Fair Isaac” and “FICO” marks, the Court finds that the weight of the evidence adduced at trial does not support a credible inference that Experian's and Trans Union's purchases of Fair Isaac's trademarks as keyword search terms was likely to confuse consumers. The only evidence adduced at trial in support of the assertion that the keyword advertising was likely to cause confusion-the opinion testimony of Fair Isaac's expert James Berger-lacks credibility. [emphasis added]
(Bummer for Fair Isaac to see the court toss aside its expert like a rag doll. I'm guessing the expert wasn't cheap).
This is one of only a few cases reaching a definitive "final" ruling about the legitimacy of competitive keyword advertising. Most cases settle or end on some other basis (like the plaintiff's lack of a protectable trademark, as the court ruled here for the "300-850" keyword purchases). The only other similar trial outcome was the old 2004/05 GEICO v. Google case, which concluded in a poorly reasoned and difficult-to-follow opinion after trial that Google was not liable for keyword triggered ads that didn't contain the trademark in the ad copy and potentially liable for the triggered ads that did. Other than the GEICO mess, we have only a few summary judgment rulings on consumer confusion due to competitive keyword advertising:
* Finding that referencing the trademarks in the ad copy creates a likelihood of consumer confusion: Storus
In light of these limited precedents reaching a final outcome on keyword triggering, this ruling is significant because it's the strongest evidence yet that keyword advertising defendants do not create actionable consumer confusion and therefore will win at trial. This is one of the reasons why I favor finding doctrinal ways for defendants to end cases earlier in the process (and well before trial) if the defendants are going to win at trial anyway.
According to the St. Paul Business Journal article, Fair Isaac plans to appeal this ruling as well as their July loss. Better to fight in court than fight in the marketplace, I guess.
Claims Brought by Express Scripts Data Breach Plaintiffs Rejected on Standing Grounds -- Amburgy v. Express Scripts, Inc.
[Post by Venkat]
A federal court in Missouri recently rejected a class action brought by consumer plaintiffs on standing grounds. Given the long line of consumer plaintiffs who have suffered a similar fate I thought this case was somewhat unexceptional, but I think it's worth mentioning for a couple of reasons. (Amburgy v. Express Scripts, Inc., Case No. 4:09-CV705 FRB; Nov. 23, 2009 (E.D. Mo). Access a copy of the order at scribd here.)
Consumer plaintiffs who have tried to bring claims arising out of data breaches have all pretty much failed, unless they are able to show that someone actually misused their data (for example, by withdrawing money from their account). A good recent example of this is the Citizens Financial case mentioned here and here, where the court allowed plaintiffs to sue a bank which tried to hold the plaintiff liable for funds that were hacked from plaintiff's bank account. Where the plaintiff or class of plaintiffs have not had their data actually misused by the person who stole it, courts have uniformly rejected class actions trying to seek redress. Typically the company who suffered the loss of data will offer monitoring services effectively mooting the issue of whether this is something plaintiffs should be able to sue for.
Express Scripts provides "pharmacy benefit management services." It suffered a data breach coupled with an extortion attempt by someone who threatened to disclose customer information. (WSJ Health Blog [link] covered the story in 2008.) Although Express Scripts notified the FBI, a quick Google search didn't unearth any news reports of the bad actors having been caught. The Express Scripts webpage [link] which provides notice of the incident states that in August 2009 the perpetrator sent a similar letter threatening to expose consumer information. Plaintiffs sued alleging negligence, breach of contract, and state law satutory claims.
The court granted the motion to dismiss brought by Express Scripts on Article III standing grounds. Language used by the court expressed some hostility to the underlying claims - in describing the hypothetical nature of the injury, the court states:
[f]or plaintiff to suffer the injury and harm he alleges here, many "if's" would have to come to pass. Assuming plaintiff's allegation of security breach to be true, plaintiff alleges that he would be injured "if" his personal information was compromised, and "if" such information was obtained by an unauthorized third party, and "if" his identity was stolen as a result, and "if" the use of his stolen identity caused the harm. These multiple "if's" squarely place plaintiff's claimed injury in the realm of the hypothetical. If a party were allowed to assert such remote and speculative claims to obtain federal court jurisdiction, the Supreme Court's standing doctrine would be meaningless.
[quotations in original]
The result is pretty typical, but two things struck me about this case. I didn't realize this at first, but the records at issue included prescription information. Medical information is subject to a higher degree of privacy and subject to specialized rules. Either the plaintiff didn't allege violations of these specific rules or the rules weren't implicated. Either way, the court only made a passing reference to the fact that the data included prescription information. Second, the bad actor is still at large. There are cases where an information breach occurs as part of another incident (such as a theft of a laptop). It's less clear in those cases whether someone just stole a laptop or whether they were focused on obtaining information. Here, there's no dispute that a bad actor has the customer information. Express Script received not one but two extortion letters which contained specific information demonstrating that the third party had access to Express Scripts information. And the person who sent the letters has not yet been caught. (On the other hand, the fact that they were seeking to extort Express Scripts tends to point in the direction that they didn't necessarily use the information. The bad actors lose leverage by using the information and using the information increases the likelihood of being caught.)
I wonder if anyone has compiled data on what actually happens to these data breach class action plaintiffs - i.e., how many of them suffer damages as a result of identity theft, etc. I would think this type of data would be useful.
[Added: see additional coverage of this case from Proskauer's Privacy Law Blog here.]
December 02, 2009
Case Western “Signifiers in Cyberspace” Conference Recap
By Eric Goldman
In mid-November, I attended a conference at Case Western Reserve University School of Law in Cleveland, Ohio entitled “Signifiers in Cyberspace: Domain Names & Online Trademarks.” My notes:
Corynne McSherry of EFF discussed how TM owners are bypassing direct challenges against gripers and instead putting pressure on domain name registrars. She focused on the Yes Man spoof website of the New York Times, which included a parody ad of the De Beers diamond manufacturer. Humorless De Beers sought relief from Joker.com, the parodist’s registrar. EFF has responded to De Beers that the parody is legitimate because it has no commercial aspect, it’s nominative use, and the First Amendment applies. The EFF is also encouraging Joker.com to ignore De Beers because it (as the registrar) can’t be liable for the registered domain name. So why is Joker.com even entertaining De Beers’ complaint? Corynne notes the registrar’s revenue from any single domain name registration is less than legal cost of investigating and responding. Corynne discussed how parodists and gripers can minimize their legal risk (I blogged on these recommendations in May).
I remain very interested in situations where domain name registrars apply their own takedown policies to their customers. For example, I’ve previously mentioned GoDaddy’s “itchy trigger finger” when it comes to intervening with its registrants. I suspect there is significant heterogeneity among registrars’ interventionist tendencies. I think this is an area worth exploring. If you have other examples of domain name registrar intervention in its customers' content, please share them.
Stacey Dogan spoke about the aftermath of the Rescuecom ruling. Stacey is disappointed that courts aren't adopting her arguments to use the “trademark use in commerce” doctrine to insulate intermediaries (she calls it her “biggest failure in life”). She described three post-Rescuecom uncertainties: (1) what acts by intermediaries constitute TM infringement? (2) on what doctrinal basis? (direct v. contributory), and (3) what remedies do the intermediaries face?
Stacey thinks courts need to be more precise about the nexus between defendant behavior and TM owner harm. This should lead to better distinctions between direct and contributory infringement.
She offered a taxonomy of claims against intermediaries:
* General confusion = when the intermediary creates confusion through the blurring of ads and editorial content. Stacey thinks these aren’t TM issues. But if commingling is the problem, then the remedy should be an injunction requiring the intermediary to label the ads.
* Strict liability = when the search engine is automatically on the hook for its involvement with the ads. Stacey says courts should reject this approach due to the search engines' lack of proximate causation for consumer confusion. If a search engine faces any liability, it should be solely on the basis of contributory infringement (with its higher scienter bar).
* Failure to act = when the search engine fails to respond to TM owner’s takedown notice. She said we don’t see this in search engine cases [a point I disagree with given that the TM owner vs. search engine lawsuits all represent a failing of the search engines’ voluntary TM policies]; instead, she was thinking of the Tiffany case. Stacey thinks the failure of act prong is where the legal action should be. She wants courts to map out appropriate scienter levels. General knowledge of infringement isn’t enough, and courts should let defendants make reasonable judgments about whether the advertiser will qualify for any trademark defenses. If the advertiser is obviously infringing, and intermediary gets notice and fails to act, she thinks contributory liability could be appropriate.
Graeme Dinwoodie believes the ECJ will not follow the Advocate General’s opinion in the Google case. He explored two parallels between the AG’s opinion and Rescuecom: Both get away from trademark use of commerce, and both consider underlying policy values. Graeme thinks search engine defendants should move away from disputing the lack of harm to the trademark owner; instead, he thinks they will get more traction by showing the countervailing benefits of their advertising. For example, he thinks they should be showing how keyword advertising can facilitate investment and innovation.
Jeffrey Samuels shared his perspectives as a panelist in 200 UDRP proceedings. Since the UDRP’s implementation, there have been about 25,000 UDRP decisions. 40% are US registrations. 75% involve .com. 75% are defaults.
The UDRP isn’t designed to solve all domain name disputes. He gave an example of a domain name registration containing a celebrity child’s name. The UDRP isn't helpful because a 2 week old kid doesn’t have protectable trademark rights.
“The UDRP is hardly a model of clarity.” All cases are fact-dependent. If a UDRP proceeding has unusual facts, he recommends requesting a 3 member panel--these proceedings get more carefully evaluated opinions and minimize the effects of any one panelist’s idiosyncratic views.
Some issues that regularly arise in UDRP proceedings:
* What the TM owner has to do to establish its rights. The majority view is that a registration anywhere in the world suffices. Common law rights generally require presenting sufficient evidence validating the rights.
* There remains a split of authority on “sucks” sites.
* In the early days, panelists used to run through the multi-factor likelihood of confusion factors. That’s rarely done today. Now, most panelists just make sight and sound comparison.
Karl Auerbach discussed two interrelated issues: (1) ICANN lacks any political authority for its “Internet governance” role, and (2) technology does not require that ICANN monopolize DNS root services. He argues that we would benefit from competition among DNS root services. His argument reminds me a bit of the net neutrality debate. We can hypothesize many possible net neutrality problems, but most of them go away with vigorous competition. Similarly, ICANN’s often-ridiculous shenanigans would be less vexing in the face of bona fide competition for DNS root services.
Dan Hunter spoke about a new paper he’s writing with Mark McKenna. Their target is the fundamental trademark principle that trademark law protects against consumer confusion. They think consumer confusion is an imperfect proxy for our normative goal of protecting consumers. Some confusion is endemic in a complex society; and some methods of communication, like humor, require confusion to work. Therefore, they want to move away from trying to block consumer confusion and instead refocus trademark law on reducing errors in consumer decision-making. This seems like a fruitful endeavor, but they are also taking a swipe against the consumer search cost justification for trademark law, a move I didn't follow.
Bill McGeveran recapped his recent work on social networking sites and gave a preview of his next article. His target is fake online profiles such as the Tony La Russa fake Twitter account. He expects to see more pressure to create IP rights in personal identities.
I spoke about trademarks and behavioral targeting, and in particular the competition among marketers for consumer preference information. For example, I believe the anti-deep packet inspection pushback wasn’t based solely on privacy concerns. Instead, destination websites fear that an IAP will disintermediate them and use its prime access to consumer preference information to steer customers to competitors. (See this blog post for more on that point). My (very brief) slides.
December 01, 2009
"Spam Filter Ate My Electronic Filing Notice" Plaintiffs Get Another Chance -- Shuey v. Schwab
[Post by Venkat]
The "spam filter ate my electronic filing notice" excuse was an inevitable byproduct of the CM/ECF electronic filing system now in place in federal courts. As expected, courts have not been very sympathetic to this excuse. In an unpublished decision, the Third Circuit gave a party who advanced this excuse another chance. (The case caption is Shuey v. Schwab, Case No. 08-4727 (3rd Cir.; November 3, 2009). Here's a link to the Justia page.)
Plaintiffs brought civil rights claims against a township and certain police officers alleging excessive force. Defendants moved to dismiss. Plaintiffs failed to respond. The court issued an order directing plaintiffs to respond or "otherwise communicate with the court." Plaintiffs did not respond to this order either, and the court dismissed the action with prejudice. After the dismissal was entered, plaintiffs sought reconsideration, alleging among other things that their failure to respond was caused by "technological error." Specifically, counsel "explained that the court's electronically filed order was errantly tagged as 'spam' in counsel's email system and therefore was never delivered." The district court denied plaintiffs' request for reconsideration.
On appeal, the Third Circuit reversed, holding that before dismissing a case as a sanction the trial court must engage in some sort of merits analysis. The court's ruling doesn't directly address the "spam filter ate my CM/ECF notice" excuse, but gives the lawsuit a small dose of oxygen.
Although I'm sure we'll see parties continue to assert this excuse, I don't think courts will be very sympathetic. I guess common sense is the best advice here. Get a good spam filter and whitelist all domain names through which you are likely to receive electronic notices. When all else fails, keep track of your cases by checking PACER (or RECAP) once in a while!
Related: You can see my take on the ruling below here: "The Spam Filter Ate My CM/ECF Notice?," and posts on other cases where parties have asserted this excuse here (Russo v. Network Solutions, Inc.), here (American Boat Company, Inc. v. United States), and here (Stewart v. Avaya, Inc.).