« December 2009 | Main | February 2010 »
January 31, 2010
January 2010 Quick Links
By Eric Goldman
Copyright
* An English translation of Google's December loss in France on a Google Book Search lawsuit.
* Ed Felten reports on a survey of files available via BitTorrent. Acknowledging some methodological limits, he estimates ~99% were likely copyright infringing.
* Elsevier B.V. v. UnitedHealth Group, Inc., 2010 WL 150167 (S.D.N.Y. Jan 14, 2010). Denying copyright statutory damages and attorneys' fees to unregistered foreign works is constitutional because the Berne Convention (which Elsevier argued prohibits the statutory formalities) is not self-executing.
* Techdirt: Singapore Court Rules That Online DVR Is Infringing...While Noting How Copyright Law Isn't Really Set Up For This
* Techdirt: If Banning The Internet For Sex Offenders Is Unfair, Is Banning The Internet For Copyright Infringers Fair?
* The Copyright Office issued new regulations on the deposit of online-only works: “The regulation establishes that online–only works are exempt from mandatory deposit until a demand for deposit of copies or phonorecords of such works is issued by the Copyright Office.”
Trademark/Publicity Rights
* American Airlines v. Yahoo settled. Previous coverage:
- Yahoo Subpoenas Expedia in American Airlines Lawsuit
- Fifth Circuit Denies Yahoo's Jurisdictional Appeal in American Airlines Case
- American Airlines v. Yahoo Venue Transfer Denied
- Yahoo Countersues American Airlines for Declaratory Judgment
- American Airlines Sues Yahoo for Selling Keyword Advertising
* Duplicity alert! Rescuecom is in court defending its keyword ads triggered by competitor Best Buy's TMs.
* Bev Stayart sues Yahoo again over publicity rights. My September 2009 blog post on her prior loss against Yahoo.
Pornography
* Clark v. Commonwealth, 2009 WL 5125009 (Ky. App. Ct. Dec. 30, 2009). Upholding a conviction when "Clark knowingly used a computer for the purpose of getting a minor, or a peace officer whom Clark believed was a minor, to take a sexually explicit photograph of herself."
* Am. Booksellers Found. for Free Expression v. Cordray, Slip Opinion No. 2010-Ohio-149 (Jan. 27, 2010). Ohio's Supreme Court partially upholds its state law restricting Internet distribution of harmful to juveniles material to juveniles when the communications are to recipients known or believed to be juveniles.
Spam
* United States v. Zein (E.D. Mich. 2009). Posting an ad on Craigslist constituted a "mass marketing" activity sufficient to trigger a 2 level sentencing enhancement.
* Comcast and e360 settled their lawsuit. Previous blog coverage.
Blogs/Social Networking Sites
* Sieber v. Brownstone Publishing Company, 2007 CA 002549 B (D.C. Superior Ct. Dec. 23, 2009). A building contractor sued Angie's List and other people over consumer reviews. My prior mention of the case. After 2 years of litigation, a DC trial judge dismissed all defendants on summary judgment and awarded one defendant-counterclaimant $18k+. The entire text of the memo opinion:
MEMORANDUM OPINION AND ORDER GRANTING MOTIONS FOR SUMMARY JUDGMENT OF ALL DEFENDANTS, DENYING PLAINTIFFS' MOTIONS FOR SUMMARY JUDGMENT, and GRANTING POOLE'S MOTION FOR SUMMARY JUDGMENT ON HIS COUNTERCLAIM signed by Judge Long, efiled, eserved, and docketed in chambers on December 23, 2009. It is ORDERED that the Motions for Summary Judgment of Brownstone Publishing Co., the Washington Post Company, John Kelly, and John W. Poole are granted; and it is FURTHER ORDERED that the Motions for Summary Judgment filed on behalf of the plaintiffs are denied; and it is FURTHER ORDERED that judgment shall be entered in favor of all defendants against the plaintiffs as to all claims in the Second Amended Complaint; and it is FURTHER ORDERED that judgment shall be entered in favor of defendant Poole and against plaintiff SCS Contracting Group LP as to Poole's Counterclaim against plaintiff SCS Contracting Group for $18,300 plus 6% (six percent) per annum interest, and a separate money judgment for this sum shall be docketed. Court Jacket not in chambers.
* FINRA Regulatory Notice 10-06: Guidance on Blogs and Social Networking Web Sites.
* Duer v. Henderson, 2009-Ohio-6815 (Ohio App. Ct. Dec. 23, 2009). A web publication telling a ghost story and describing the location of purportedly paranormal phenomenon on private property is not liable for any resulting trespass to real property.
* The “moldy tweet” lawsuit was dismissed.
* Two lawsuits holding that bloggers aren't subject to jurisdiction in the plaintiff's home court:
- Silver v. Brown, 2009 WL 5220297 (D. N.M. Nov. 30, 2009).
- Workman Sec. Corp. v. Phillip Roy Financial Services, LLC, 2010 WL 155525 (D. Minn. Jan 11, 2010)
* BBC: France ponders a right-to-forget law.
E-commerce
* Appliance Zone, LLC v. NexTag Inc., No:4-09-cv-0089-SEB-WGH (S.D. Indiana Dec. 22, 2009). Upholding NextTag's clickthrough-formed advertiser agreement. Mehmet Munur’s comments.
* Edward A. Zelinsky, “New York’s 'Amazon Law': Constitutional But Unwise.”
* Largo Cargo v. Google, a new complaint over allegedly mismanaged AdWord bids. This is the latest incarnation of the Almeida case. I think Largo Cargo’s complaint is still a no go.
* The NYT catalogs an impressive roster of futility for US dot coms trying to compete in China.
Miscellaneous
* Gmail will consult the user's prior emails to pick an ad if a particular email doesn't lend itself to a good ad.
* Illustrating the divergence between the open source community and the Wikipedia community, APC reports that 75% of Linux code is now written by paid developers.
* Oddee: 15 Funny Facebook Fails.
* I expect to be in the Netherlands May 23-30. Let me know if you would like to meet up there.
Posted by Eric at 01:19 PM | Content Regulation , Copyright , Derivative Liability , E-Commerce , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack
January 29, 2010
Terri Chen Replaces Rose Hagan as Google's Chief Trademark Counsel
By Eric Goldman
I previously mentioned that Rose Hagan, Google's longtime chief trademark counsel, was retiring. (Her last day was Wednesday). Rose's next ventures include art and jewelry. Terri Yun-Lin Chen, a current trademark counsel at Google, has taken over Rose's spot. Terri has a bachelors and JD from UC Berkeley, and she practiced IP litigation at Wilson Sonsini before joining Google over 3 years ago.
Before retiring, Rose led Google's trademark functions for 7+ years. During that time, Google went from near-zero revenue to building a $20B+/year business selling keyword advertising, of which an unknown amount is derived from the sale of third party trademarks. While not everything has gone smoothly for Google--most obviously there are 10 pending lawsuits over Google's trademark policies--Google's massive keyword advertising success and its ability to avoid a business-threatening/ending trademark lawsuit are both remarkable achievements that have made a lot of people a lot of money. Also remarkable is Google's rapid ascendancy to become one of the world's most recognized and cherished brands. Kudos to Rose on her role in these accomplishments. She leaves big shoes for Terri to fill.
Posted by Eric at 12:58 PM | Search Engines , Trademark | TrackBack
January 27, 2010
Utah May Repeal Its Spyware Control Act--SB 26
By Eric Goldman
It's that time of year again. The Utah legislature is back in session and cooking up new schemes to regulate the Internet. So far I only see one Internet-specific bill in queue, SB 26. Surprisingly, it does not directly attempt to regulate keyword advertising.
SB 26 is sponsored by Sen. Stephen H. Urquhart, who rocketed to national cyberlaw fame (infamy?) in 2004 when he sponsored Utah's Spyware Control Act. It was such a misguided law that it motivated me (in part) to write a 71 page magnum opus explaining its policy deficiencies. It was also hampered by its fairly obvious unconstitutionality, which was confirmed by a Utah court a few months after passage. (Note: I helped write an amicus brief in that court challenge, so you might interpret my assessment as an advocacy statement). Following the judicial thumping, then-Rep. Urquhart shepherded an amendment to the Spyware Control Act in 2005 that effectively neutered the law. Since then, I believe the law has sat largely dormant. The only court citation I know of was in the 2008 Overstock v. SmartBargains case, easily rejecting Overstock's mystifying attempt to make a claim under the superseded 2004 version of the law.
Among other items I'll discuss in a moment, SB 26 proposes to repeal the Spyware Control Act entirely. If passed, that would be a remarkable development because most legislators let their failed laws sit on the books unused. It takes some work to repeal a law, plus it can be a little embarrassing to repeal a law--especially after hyping up the law to get it passed initially (Urquhart had a lot of tough talk about spyware/adware in 2004-05, see, e.g., here). Kudos to Sen. Urquhart for having the fortitude to admit and fix his errors publicly.
While repealing the law would be a remarkable step on its own, it's even more remarkable in the context of the Utah legislature's track record of Internet regulation. By my count, repealing the Spyware Control Act would be at least the THIRD Utah Internet law that its legislature repealed in the past few years--the other two being Utah's 1995 digital signature act and its infamous Trademark Protection Act. For a legislature that meets only a couple of months a year, a trifecta of repealed Internet laws in the past couple of years is a stunning waste of scarce legislative resources. Wow.
As bad as that is, the three repealed laws don't even tell the full story of the Utah legislature's incompetence when it comes to Internet regulation. Recall Utah's failed attempt to line its coffers by taxing email (which turned into a big money-loser), and don't forget its repeated attempts to regulate Internet content that have spawned years of costly litigation (see, e.g., Free Speech Coalition v. Shurtleff). From my perspective, anyone looking objectively at the Utah legislature's track record of regulating the Internet would logically conclude that they should cut their losses and focus on other legislative priorities.
Unfortunately, SB 26 indicates that either hope springs eternal in the Utah legislature or they are doomed to forget the lessons of history. Despite doing some good by putting down the Spyware Control Act, the bill amazingly proposes more regulations of the Internet! To Sen. Urquhart's credit, the bill is largely clone-and-revise proposals from other places and not drafted from scratch, which may contribute less from a regulatory standpoint but at least they aren't quite as error prone. The proposed law has three main components:
1) anti-phishing/anti-pharming restrictions. I'm not sure where the original text came from. California has an anti-phishing law but I don't think this is a clone-and-revise of that law. Maybe it's cloned from another state's anti-phishing law. In any case, the anti-"phishing" proposal is noteworthy because the regulation doesn't restrict itself to email (presumably to avoid any risk of CAN-SPAM preemption). As a result, as currently drafted, it's an unlimited anti-pretexting law applicable to both online and offline conduct.
2) anti-spyware restrictions. After wiping out the Spyware Control Act, the new anti-spyware proposals are based on the California model of state anti-spyware laws, which have been followed by a couple dozen other states. The California model regulates various types of "intentionally deceptive" conduct regarding software activity. This is what Utah should have done in 2004-05 rather than trying to develop its own sui generis law. I generally don't have a problem with regulating intentionally deceptive software behavior, but it seems a little late to be enacting the laws now. Most of the regulations contemplate practices more common in 2003-06 and largely defunct now, so Utah is showing up late to a party that ended years ago.
3) a state version of the federal Anti-Cybersquatting Consumer Protection Act. I know some other states have enacted domain name protection laws (California comes to mind), but it's not clear what benefits these state laws have. As far as I know, California's law is almost never used. Tom O'Toole speculates that this bill will make it easier for Utah trademark owners to bring in rem lawsuits, but it's not clear to me how much this law will help given the rarity of ACPA in rem lawsuits (UDRPs are usually cheaper and faster for the same results) and already expansive jurisdictional principles under ACPA. Further, I wonder if this law is preempted either by the dormant commerce clause or via field preemption of the federal ACPA.
I should add that I’ve observed that Utah bills can change radically from draft to draft with little warning, even if the law is on the legislative floor for a final vote, so we'll have to see if this law transmogrifies through the process. And I am keeping a vigilant watch for any resurrected attempts to regulate keyword advertising.
Posted by Eric at 09:58 AM | Adware/Spyware , Domain Names , Internet History , Spam , Trademark | TrackBack
January 23, 2010
Facebook User Agreement Upheld in Copyright Infringement Lawsuit Over Third Party App--Miller v. Facebook
By Eric Goldman
Miller v. Facebook, Inc., 1:2009cv02810 (N.D. Ga. Jan. 15, 2010). Miller's complaint filed in October 2009.
Miller makes the Adobe Flash videogame "Boomshine." He alleges that defendant Yeo published a Facebook app, ChainRxn, that violates Miller's "look and feel" copyright in Boomshine. In addition to suing Yeo, Miller sued Facebook for its role in providing access to the app. See Wendy Davis' initial story on the lawsuit from October. Facebook defended on jurisdictional grounds, asserting that Facebook's user agreement requires that the lawsuit should be heard in California, not Miller's preferred venue of Georgia.
The court grants the transfer request. Miller had a Facebook account that he used to promote his games, and he consented to the Facebook user agreement--and its mandatory venue clause--when he created his account. Miller argued that Facebook's user agreement was vague, a contract of adhesion, and inapplicable to Miller's copyright complaint. The court efficiently rejects these attacks, noting its concerns about Facebook having 350 million potentially litigious users:
striking the forum selection clause could wreak havoc on the entire social-networking internet industry. If this court were to determine that the forum selection clause contained in Facebook's TOU was unenforceable, the company could face litigation in every state in this country and in nations around the globe which would have potential adverse consequences for the users of Facebook's social-networking site and for other internet companies.
It's hard to argue with this, but the Court's next move is trickier. It says that Miller's copyright infringement allegations are covered by the forum selection clause, which purports to govern "any dispute about or involving the Web site and/or the Service." A complaint about an infringing app clearly satisfies this broad language, but consider the implications. Miller, like 350 million other people, has a Facebook account. He's complaining about activity that isn't related to his use of his account; rather, he's complaining about wholly unrelated activity. Read literally, this court seems to be saying that all 350M Facebook users are required to sue Facebook in Facebook's home court for any claim they may have that relates to Facebook.com.
Just like this sweeping outcome has not occurred for other Internet companies like eBay, I don't expect that Facebook will be so lucky either. However, it would have been nice if the court had been more careful explaining why a copyright infringement lawsuit brought by a copyright owner who happens to be a Facebook member is governed by the user agreement.
If the case gets that far, I wonder if Facebook can claim the 512 safe harbor for hosting a user-supplied allegedly infringing app. In general, I think third party apps fits the 512 paradigm neatly--either 512(c) if Facebook hosts the app or 512(d) if Facebook links to the app. However, Miller alleged that he sent a C&D notice to Facebook and Facebook ignored it, which putatively disqualifies Facebook from 512(c) or 512(d) coverage if the C&D satisfied the 512(c)(3) requirements. Even if Facebook can't claim 512 protection, Miller faces a potential uphill battle proving his allegations that the ChainRxn game infringes Boomshine's "look and feel," which are tricky to enforce, especially in the gaming context.
I wouldn't read too much into this case, but it does seem partially responsive to the legions of unhappy Facebook users who believe that Facebook's user agreement should be struck down for one reason or another. It's harder to trump properly formed online user agreements than most people wish, and this case is a small example of that. Facebook users who are unhappy with Facebook's user agreement can find recourse in a variety of ways, but assuming the contract is going to fail in court is one of the least preferred methods.
Posted by Eric at 11:29 AM | Licensing/Contracts | TrackBack
January 22, 2010
Google and China: Some General Thoughts
By Eric Goldman
I have deferred blogging on the Google/China imbroglio for a few reasons. First, heavyweights such as Jonathan Zittrain have tracked International online censorship and online security issues more closely than I have. Second, after Google’s provocative blog post, I wanted to see the facts develop rather than rely solely on Google’s assertions. The spin doctors are now moving in, so the useful development of the factual record will be slowing down.
Third, and perhaps most importantly, the Google/China situation is really complex and multi-faceted, and it’s been difficult keeping all of the issues straight. Some issues raised by Google’s announcement include:
* cybersecurity, both corporate and personal
* political and industrial espionage
* suppression of political speech, especially of dissidents
* censorship of search engine results and the likelihood that censorial efforts can succeed on the Internet
* “cyber-imperialism,” i.e., exporting US norms about Internet law to other countries
* economic protectionism and whether US companies compete with local Chinese companies on a level playing field
* geopolitical and trade relationships between two world nuclear superpowers
Heady stuff! It would make a good summer blockbuster movie.
Although most folks have lauded Google for its principled stand against China’s censorship, I’m not 100% clear that Google’s decision is entirely selfless. First, as has been noted frequently, Google has not been making inroads against local search leader Baidu. Further, the deck may be stacked against Google in changing that situation, due perhaps to economic protectionism from the Chinese government. Second, in a point that has gotten less attention, some members of Congress (most notably Rep. Christopher Smith) have repeatedly jawboned Google and other Internet companies to curtail their support of the Chinese government (see, e.g., the Global Online Freedom Act). Google might have rationally concluded that voluntarily cutting China loose could abate Congress’ interest in regulating its international operations, which might ultimately avoid profit-degrading domestic regulations.
On that point, I fear that we may hold duplicitous expectations when US Internet companies go global. If a US Internet company wants to successfully compete in a foreign market, it must open a local office and build a localized versions of their services reflecting local legal requirements. Inevitably, these localized versions will be more speech restrictive than the US version of the service. Foreign laws don’t have the First Amendment, 47 USC 230 or (in most cases) even a weak safe harbor like 17 USC 512, plus local cultural norms may tolerate unpopular speech less than we do. So what should a US service provider do when trying to expand internationally? It has a few options, none of them particularly attractive:
* It can skip unreasonably censorious markets altogether, like Google proposes to do in China.
* It can comply with local laws, even though that runs counter to US laws and norms.
* It can ignore local laws, which is typically not a successful plan. In extreme cases, it can lead to local company executives going to jail.
* It can try to change the local country’s laws to be more like ours, either through direct advocacy or by asking the US government to pressure the local government. We routinely use trade negotiations to do this; for example, we have successfully exported our copyright laws this way. But countries usually aren’t thrilled to have the US tell them what their laws should be.
Now, I don’t support China’s efforts to censor search results or suppress political dissent. I understand the arguments that free speech is such a basic human right, like freedom from torture, that we simply won’t tolerate any other local choice. However, we already implicitly accept that Internet companies routinely engage in some types of legally compelled or motivated speech restrictions in other countries when they localize their services—perhaps not to the degree exercised by China, but nevertheless more than we would allow in the US. (I note that China might factually dispute this claim because it claims to have an “open” Internet, although the reports I’ve seen suggest this claim is embarrassingly disingenuous). I recognize that I’m making a slippery slope argument about what government-mandated censorship we’ll tolerate from US Internet companies, but I think we should acknowledge the slippery slope before we categorically reject search engines’ efforts to comply with China’s rules.
If Google ultimately exits China, it would leave Baidu as the search engine market kingpin. This raises another issue I haven’t seen fully discussed. I’m going to assume for a moment that Google is a superior search engine to Baidu. (I’ve never used Baidu, so I have never actually compared the two). Knocking Google out of the Chinese market does two things. First, per my assumption, it takes the better information resource away from Chinese consumers. Second, by reducing competitive pressures on Baidu, quasi-monopolist Baidu is more likely to reduce R&D and service improvements.
If my predicate assumptions are correct, in the long run US consumers will have a consistently superior search tool compared to Chinese consumers. (I also assume China will keep interfering with Chinese consumers’ access to Google.com and that superior market entrants won’t overtake Baidu). Over time, China may hinder its overall long-term global competitiveness due to an inferior information infrastructure. Perhaps this assertion is overly stylized, but I think effective information resources—such as good search engines—are necessary to maintain healthy economic markets and to enable cutting-edge R&D. Thus, the Chinese government should view losing Google as a Chinese search engine competitor as a long-term detriment.
One final procedural point. Google sparked a global verbal spat between two nuclear superpowers through a single blog post. Talk about the power of blogging! Google’s decision to post a confrontational blog post may have helped get the US administration on board but simultaneously reduced Google’s ability to negotiate with the Chinese government. I’m no expert in diplomacy or Chinese cultural norms, but my reading of Google’s post is that its double-barreled accusations of government-sponsored hacking (which Google has not conclusively proved) and censorship left the Chinese government with few options to save face. Thus, Google effectively forced the Chinese government to take a hard line and reject most proposed compromises. I trust Google knew what it was doing and decided that was the right course of action, but in my opinion Google’s approach has pre-determined the final outcome.
Posted by Eric at 11:58 AM | Content Regulation , Search Engines | TrackBack
January 21, 2010
Keyword Ad and Product Shots Case Survives Motion to Dismiss--FragranceNet v. FragranceX
By Eric Goldman
FragranceNet.com, Inc. v. FragranceX.com, Inc., 2010 WL 174159 (E.D.N.Y. Jan. 14, 2010)
I previously blogged about this case in 2007. That ruling was one of several in New York that, following the Rescuecom v. Google district court ruling, held that buying a competitor's trademarks as keywords did not constitute a trademark use in commerce. As a result, the court granted a motion to dismiss.
Looking back even further, the case has been hanging around for almost 4 years. The first complaint was filed May 2006 and the plaintiff is now on its third amended complaint. This longevity is remarkable in its own right--just how much is this case worth to either litigant to justify four years of litigation costs and yet still be wrassling over motions to dismiss? The defendant tries to dismiss the complaint yet again, but this time the motion to dismiss fails, and the court directed the defendant to answer the complaint.
Copyright in Product Shots
FragranceNet claims that FragranceX copied 900+ product shots from FragranceNet's website and republished them verbatim on the FragranceX website. FragranceX responded that product shots aren't copyrightable. For more on the copyrightability of product shots, see my post on Designer Skin v. S&L Vitamins and the several other times I've addressed the topic.
I am not a fan of copyright protection for product shots. At best, I see them as subject to a very thin copyright that protects against only verbatim republication (although FragranceNet alleges FragranceX did just that). Even then, fair use should provide a wide range of permissible secondary uses. However, I also don't see how the defense thought it could win a motion to dismiss that product shots are not copyrightable at all. The defense had to overcome the presumption that photos generally are copyrightable--a presumption which was significantly reinforced in this case because FragranceNet made a successful and timely registration of the photos with the Copyright Office. FragranceNet further alleged in the complaint that the product shots were taken with creativity. Busting the product shot copyrights may be possible with an evidentiary record, but not beforehand.
Trademark Claims over Metatags and Keyword Ads
FragranceNet also claims that FragranceX put its trademarks in the metatags (good grief, another plaintiff who needs to internalize that Google ignores keyword metatags) and bought them as AdWords keywords. FragranceX responds by alleging problems with FragranceNet's acquisition of trademark interests from a third party, but these attacks fail on a motion to dismiss. (For true legal geeks, there is a brief and uncommon discussion of anti-champerty laws).
Although not discussed/cited in this case, I note that last month FragranceNet defeated a motion to dismiss in a different lawsuit attacking the FragranceNet mark as generic. Especially in light of the Hotels.com and Mattress.com Federal Circuit opinions, I expect both that defendant and this one will pursue genericness in future proceedings.
Posted by Eric at 12:11 PM | Copyright , Marketing , Search Engines , Trademark | TrackBack
January 19, 2010
4th Amendment Updates in the State Courts
The US Supreme Court is not the only Supreme Court to recently focus on 4th Amendment privacy issues critical to technology.
By Ethan Ackerman
This blog recently covered the US Supreme Court's decision to hear a 4th Amendment case dealing with texting privacy. While technology privacy cases are fairly rare at the US Supreme Court level, many of the 50 states' highest courts have dealt with similar issues recently. The waning months of 2009 saw three fairly important state-level 4th Amendment cases that could potentially have a big impact on electronic and online privacy.
Searching Suspects' Cellphones
In December, the Ohio Supreme Court addressed the searches of an arrestee's cell phone. In a 4-3 split, the court held that police searches of a suspect's cell phone, even though incident to the suspect's arrest, required a warrant. The court's decision grappled with the scope of 'a search incident to arrest,' which is one of the few exceptions to the warrant requirement the 4th Amendment usually imposes. Susan Brenner helpfully lays out the details surrounding the exception and its scope here. The court noted that federal courts were split on the issue; the Supreme Court hadn't addressed cell phones or anything similar. So the court proceeded to look at the underlying justification for the exception (officer safety, evidence protection). The court held that the exception wasn't necessary and ruled that a warrant was necessary to protect the private and extensively detailed personal information cell phones often hold.
It's perhaps an understatement to say that this area of the law isn't settled, and the Ohio court's focus on two federal cases is just a small chunk of the universe of cases on this issue. In-house counsel at the Federal Law Enforcement Training Center has helpfully catalogued the cases on this issue. So is the outcome sensible? Orin Kerr is a bit skeptical, but as of yet undeclared.
In a necessary reminder that the 4th Amendment matters even in non-criminal cases, the Mississippi ACLU has taken a civil case over a student's expulsion stemming from a cell phone search.
Fourth Amendment Protection for Records Held by Third Parties
The second state Supreme Court case, Colorado v. Gutierrez, doesn't occur online or even address online activities. It's about the impropriety of a (paper) search warrant for the (paper) tax records kept in the (physical) office of a tax preparer. Politicizing it just a smidge, the prosecutor in the case is running for the US Senate, and the taxpayer in the case was a Mexican immigrant. But the case's principal issue, whether information stored with a 3rd party retains 4th Amendment protections, is one of the core issues of online privacy. Facebook, Google Docs, every other "cloud" service, Skype, Hotmail, Google chat, Verizon wireless voicemail, and even Quicken all are 3rd parties holding private communications and information generated by their users. While privacy policies and state and federal statutes grant (or deny) some protections to this information, the 4th Amendment remains the cornerstone of much of the protection this information has. Several past US Supreme Court cases on the 4th Amendment have latched onto the "3rd party" present in these types of relationships to sometimes find that there was no reasonable expectation of privacy in information given to the 3rd party and thus no 4th Amendment protection. This phenomenon was common enough to get its own name as a legal doctrine - the '3rd party' doctrine. 4th Amendment scholar Orin Kerr recently published a law review article mostly praising the doctrine, and skillfully addressing its applications and shortcomings in the online world.
One of the major exceptions to the 3rd party doctrine is when a statute or protected type of relationship may still preserve a reasonable expectation of privacy despite transmission to a 3rd party. Evidentiary privileges like the attorney-client or marital privilege are examples of this. Less clear is the degree to which statutes protecting privacy may preserve the expectation. The Supreme Court has occasionally found statutes insufficient to protect the expectation (e.g. US v. Paynter, the Bank Secrecy Act was an insufficiently privacy-protecting law) but hasn't to my knowledge yet found a statute sufficient.
In Colorado v. Gutierrez, the Colorado Supreme Court found the federal and state laws protecting the privacy of tax records were sufficient to create a reasonable expectation of privacy in those records, even though they were held by the 3rd party tax preparer. Will a court hold that ECPA's protections for email, or the SCA's protections for chat logs or a Google doc, are sufficiently similar and strong to create a reasonable expectation of privacy in those records?
GPS Tracking of Vehicles
The third recent case is really a trilogy of recent state cases on GPS tracking of vehicles. Long ago in the 1990's, GPS tracking was a world of cops and scorned spouses sticking bulky devices under cars. In the past decade with the (government-mandated) addition of GPS tracking to cellphones, and their increasing ubiquity, the prospect of after-the-fact and real-time tracking of a person's every move is closer now than its ever been. How state courts handle these three car cases might give us some clues to how they'll handle the phone cases in the next few years.
New York, Wisconsin and Massachusetts went three different ways on the issue; finding, denying, and punting on 4th Amendment protections. Jeff Bone does an excellent summary of all three cases on his employers blog, so I'll just point you there. To give you a flavor of how the issue splits across the country and between different federal Circuits, read an earlier email of mine helpfully archived on the internets. Once again go-to scholar Orin Kerr also has thoughts on the general issue. Continuing its record as the best place on the internet for intelligent comment debates, Concurring Opinions is host to a 2008 comments debate between Kerr and fellow scholar Renee Hutchins on the issue.
Posted by Ethan Ackerman at 09:48 AM | Privacy/Security | TrackBack
January 18, 2010
File Names Can Help Predict File Content in Child Porn Prosecution--US v. Beatty
By Eric Goldman
United States v. Beatty, 2009 WL 5220643 (W.D. Pa. Dec. 31, 2009)
This is a child porn prosecution. Using Phex P2P software, an undercover investigator accessed the Gnutella network and conducted searches using search terms known to be used by child pornographers. The investigator identified IP address 76.188.64.82 with 11 files with troubling titles such as:
* r@ygold-pedo-13yo brother fucks 11yo sister and sperm inside 61943812.mpg
* (Pthc) 14yo Isabel-(Rape and Fuck) (R@ygold).mpg
* Little young girl hardfucked by me-7 yrs R@ygold illegal pedo sex.mpg
* (Hussyfan) (pthc) (r@ygold ) (babyshivid) Jessica 11y o get fucktgood.mpg
The investigator then matched hash tag fingerprints of the 11 files with child porn files in a database maintained by the Wyoming Internet Crimes Against Children (ICAC) Task Force. Subsequently, the investigator connected Beatty to the IP address. Based on this information, the government got a search warrant for Beatty's home, found hundreds of incriminating files on his home computer, and got incriminating statements in an interview.
Beatty challenged the government's right to search his home computer. The judge and the litigants agree that the government can legally conduct remote warrantless searches of P2P share directories, but the government apparently argued that they were free by extension to look through Beatty's entire computer. The judge rejected such a broad position, saying:
even if the Defendant suffered no Fourth Amendment intrusion by virtue of Trooper Pearson's conduct in remotely accessing certain shared computer files, the Defendant nevertheless retained a reasonable expectation of privacy in his computer and his home such that he possesses "standing" to challenge the merits of the subject search
This shifts the inquiry to the officers' probable cause for the warrant. Apparently, the investigator did not download the files to review them or attach the files as evidence when requesting the search warrant. I'm not sure why the investigator didn't do either step other than to avoid the toxicity of child porn generally. As a result, Beatty challenged the warrant because the warrant-approving magistrate did not see the files directly or get an affidavit from the investigator stating what he saw in the files. However, the magistrate did have the file names and the matching hash tags. Beatty challenged both.
The judge and the litigants agree that file names do not dispositively predict the actual file's content. As we know, file names can be inaccurate for a variety of reasons: plain error, semantic ambiguity, an effort to surreptitiously install malware, and as a way of increasing the content's perceived illicit value (see, e.g., the discussion in the uncited Perfect 10 v. ccBill case about websites with names like "illegal.net" and "stolencelebritypics.com"). The court correctly concludes that "common knowledge dictates that actual file content cannot be definitively determined from the file name alone."
Nevertheless, the court says that file names have some predictive value:
one can also envision circumstances where the file name is so explicit and detailed in its description as to permit at least a reasonable inference as to what the actual file is likely to show. Many, if not most, of the files at issue here had titles that contained highly graphic references to specific sexual acts-including ejaculation, sexual intercourse, oral sex, and anal sex-involving children ranging in age from 7 to 13 years. Several of the files also reference terms such as "child_sex," "pedofilia," "illegal pedo sex," "incest," or "Lolita." The unmistakable inference which arises from such highly descriptive file names, is that the content includes material pertaining to the sexual exploitation of children-i.e., evidence of criminal activity, if not outright contraband. Given the number of files in question and the pointed references in their titles to specific sexual acts involving young children-described in the most coarse and vulgar terms, this inference is a strong one.
I'm reminded of the admonishments that airport security is not a joking matter, so don't make jokes about having a bomb while going through the airport security line. (I've seen a few airports, including the New Orleans airport, post reminders about this). Similarly, child porn is so toxic that no one in their right mind would falsely use a file title suggesting the file is child porn.
The judge also credits the file titles because accurate file titles enable searches by others. So, if you want to distribute child porn in a searchable way (a seemingly illogical proposition because, as this case illustrates, doing so puts you on a fast track to Club Fed), then you need to use keywords that match search terms. The court says:
As a matter of common sense, the very fact that individuals utilize search terms with P2P software to produce results (i.e., file names ) consistent with their chosen search terms suggests a substantial degree of correlation between file names and file content; if file names were, as a general rule, completely random and bearing no relation whatsoever to their content, then there would be no point in conducting a search in the first place and the whole purpose of peer-to-peer file sharing would be frustrated because there would be no meaningful method for locating the sought-after file content.
I agree with this only superficially. It's true that searchable metadata must have some relationship to the underlying content to make a successful match, but community outsiders might think the metadata looks inaccurate or even completely random. Consider how Napster users used alternative spellings to route around the court-ordered blocks on various names. Now, go one step further: if a group of Napster users agree (in an offsite discussion forum) to tag Britney Spears' songs using "Lolita" (a not wholly inappropriate appellation given some of the videos she made before the age of majority), then a block on searches for "Britney Spears" will eliminate an obvious matchmaking route but will fail to stop matchmaking completely. Indeed, subcommunities can develop multiple synonyms that are opaque to outsiders. For more on this, look at the Urban Dictionary to see how slang can have multiple meanings, and note my article on how a single search term can have dozens of possible meanings. As a result, the search matchmaking process may be more complicated--and the value of "accurate" file descriptors is lower--than the court contemplates.
In any case, it wasn't clear how much traction Beatty expected from reducing the predictive value of file names. Ultimately, the search warrant was issued based on the combination of the file names with the fingerprint matches. It's not like the investigator or the judge had no idea what the files might contain--they had a hash value fingerprint matching a known child porn file. (Beatty unsuccessfully argued that the underlying fingerprinted files should not be credited as known child porn ) Then again, there is no reason why law enforcement isn't routinely preserving copies of suspect files they think are child porn and describing the file contents (or submitting the files) when seeking search warrants, easy steps that would have largely mooted Beatty's challenges.
Posted by Eric at 10:23 AM | Content Regulation , Internet History , Privacy/Security , Search Engines | TrackBack
January 13, 2010
"Law & Wikis" Panel at AALS Law & Computers Section Annual Meeting
By Eric Goldman
This post recaps the 2010 AALS Law & Computers Section Annual Meeting on the theme of “Law & Wikis.” The program consisted of four papers submitted in response to a Call for Papers from Spring 2009. See my panel announcement from November. AALS will eventually post the session as a podcast.
Tim Armstrong, Crowdsourcing and Open Access. An earlier version of his slides.
Tim is interested in open access to primary legal source materials. Most legal source materials are now born digital, but legacy materials are often only in paper, and this material would be more valuable online. How can we accomplish that? Tim outlined a four-step implementation process:
Step 1: Scan the materials (Tim expressly skipped over the copyright issues associated with scanning). Current scanning projects include Google Books, the Internet Archive and the Library of Congress.
Step 2: Extract the text from the scan using a free web OCR services such as any2djvu.
Steps 1 and 2 do not scale very well, but steps 3 and 4 can scale.
Step 3: Proofread and correct the extracted text. Two crowdsourced options for this step:
Option 1: Distributed Proofreaders. This is a large community and can get fast results. However, the project is hierarchical/bureaucratic, which prevents new users from adding texts, and the project does not focus on legal materials.
Option 2: Wikisource. Any user can add materials to Wikisource, it has an easier user interface than Distributed Proofreaders, and the project already handles many legal texts. However, it may be slower than Distributed Proofreaders. Tim recommended that academics consider using Wikisource to distribute scholarship. He posted one of his PDFed articles to Wikisource, and in a few weeks, other users had extracted the text and annotated the article with links to source materials. (I believe you can see his results here).
[Eric’s note: I didn’t fully understand the value of posting a PDF to Wikisource. It seems like the author can accomplish a similar result by web publishing the final article version in HTML or a Word file, which eliminates the effort to extract the text (and avoids any errors which might arise in the extraction process). Further, the author can incorporate links him/herself into the article. In fact, I routinely include lots of links in my academic articles. Ideally, law reviews will start publishing articles with complete author-supplied links rather than viewing those links as unnecessary metadata that can be tossed. (Also, it really irks me when law review editors unnecessarily break URLs in the footnotes by adding spaces). Despite this, I could see the value of Wikisource as another distribution channel for articles to increase readership, and I imagine the Wikisource community would add links that never occurred to the author.]
Step 4: distribution and indexing.
Jon Garon, The Role of Wiki Authorship for the Curatorial Audience
Jon believes that Wikipedia as a communal authoring tool is struggling, and it will require structural changes to preserve its market share.
He highlighted two Wiki norms: (1) eliminate social biases using group deliberation. Ex: Wikipedia’s “neutral point of view.” (2) projects have group goals instead individual goals. In effect, these norms combine to work against attributed authorship. However, in other author communities, authors have shown that they want attribution and integrity. For example, 97%+ of Creative Commons users chose attribution.
[Eric’s note: I’m generally skeptical that Creative Commons license adoptions provide accurate insight into authorial desires. I believe that CC license adoption statistics are skewed by Flickr’s huge photo database. Flickr has adopted a CC license requiring attribution as its default, and the overwhelming number of users (not surprisingly) accept Flickr’s default.]
Jon described three communities of users. 1% of users actively create content. 90%+ are totally passive. The remaining ~10% of users are “curators”—they don’t create new content but curate it for others. Ex: the people who reposted videos of Obama’s inauguration.
With that in mind, he notes that Wikipedia has 75,000 regular contributors, compared to the 20M amateur bloggers, 450,000 professional bloggers and 200,000 YouTube contributors. Measured this way, Wikipedia has a relatively small contributor base, perhaps because authors’ desires conflict with Wikipedia’s norms.
He concluded by advocating a wiki for academic and professional communities where their contributions could “count” for their job requirements. To start, an academic-friendly wiki could adopt attribution and integrity norms. It would also benefit by providing ways to measure contributions, such as counting submitted words/footnotes, content resilience (how long the content lasts until it’s reversed—much like WikiTrust does), inlinks and pageviews. These measurement tools can help contributions “count” as professional accomplishments for employing education institutions and public funding sources.
[Eric’s note: Jon’s project is complementary to my paper on Wikipedia, and I generally agree with his concerns about Wikipedia’s labor supply. I also agree that Wikipedia is not very friendly towards academic contributors in a number of respects, a point I explicitly explore in my paper. We did not have time to explore what Jon thinks of Citizendium, which tries to address his concerns.]
Jacqueline Lipton, Wikipedia and the European Union Database Directive
The EU Database Directive, a product of the late 1990s, assumes a content development paradigm of a single database maker aggregating text-based data into a database. It does not contemplate Web 2.0.
Jacqui emphasized jurisdictional questions. Wikipedia’s site disclosures do not expressly address EU law. Regarding copyright, Wikipedia’s site disclosures say that the site is governed by US copyright law, but it respects other countries’ laws (whatever that means). Thus, with respect to IP dispositions, Wikipedia effectively distinguishes between laws that govern information gathering and information dissemination. Wikipedia assumes local IP laws apply to information gathering and US laws apply to information dissemination. Wikipedia doesn’t address IP laws applying to information receipt.
Could a Wikipedia contributor claim a database right in Wikipedia entries? Wikipedia’s submission rules only address contributors’ copyrights, not database rights. Jacqui isn’t sure if a Wikipedia entry could qualify as a protected “database” under the directive.
Could Wikipedia or its contributors have liability for pulling information from a database and republishing via Wikipedia? She can’t answer this question without knowing the specific member state’s directive implementation.
Jacqui summarized her unanswered Qs:
* Jurisdiction/choice of law issues
- where does information gathering occur?
- information dissemination occurs in the US (Wikipedia runs on US servers)
- where is the information received?
* Joint ownership? And ownership of what? What constitutes the database? Presumably the collection of all Wikipedia entries constitutes a “database,” but it’s not clear if any specific entry does.
* How would the directive (or specific implementations) govern databases that are jointly created by people residing in different jurisdictions?
* Which jurisdiction’s fair use/fair dealing laws apply?
Salil Mehra, WikiTruth Through WikiOrder (a paper jointly authored with David Hoffman). Download from SSRN.
This paper considers why people cooperate on Wikipedia. Their animating insight is that Wikipedia develops order just like the Shasta County ranchers profiled by Ellickson, but Wikipedia contributors lack the same kind of organic relationships with each other that the ranchers had. So why has this order developed?
Wikipedia’s dispute resolution methods are not content-based. Instead, they try to foster continued dialectic among contributors. Examples of Wikipedia’s dispute resolution tools:
* informal methods (talk page, reversions) and requests for comments from other contributors
* formal methods: mediation and arbitration. Mediation doesn’t work too well. The site emphasizes arbitration as a solution, but site members are generally anti-lawyer and adhere to an “ignore all rules” ethos.
To study the Wikipedia arbitration process, Salil and David coded 267 arbitrations. They found the most common complaints were personal attacks (94), editing wars (91) and sockpuppetry (76). Common sanctions included cautions and probations (164), article bans (117) and Wikipedia bans (47). Wikipedia bans were most commonly issued for impersonation and anti-social behavior. In contrast, editing violations were negatively correlated with Wikipedia bans—the dispute resolution system tries to rehabilitate contributors rather than kick them out.
Some audience comments to the presentations:
* Wikis are a technology, and Wikipedia is just one implementation of a wiki. We shouldn’t conflate the two.
* Author attribution and integrity are interrelated rights, especially for academics.
* Do we know what types of projects are best run through wiki technologies, and do we know what steps get the right contributors?
* What copyright foundation would best facilitate wiki activity?
Posted by Eric at 03:19 PM | Copyright , General | TrackBack
January 11, 2010
Top Cyberlaw Developments of 2009 (Eric's List)
By Eric Goldman
Guest blogger John Ottaviani recently dropped by to offer his perspectives on 2009’s top Cyberlaw developments. While I like his list a lot, I independently developed my own top 10 list that has a different emphasis. You might enjoy the contrasts. My list:
#10: Louis Vuitton v. Akanoc. After the judge ordered a web host to stand trial, a jury awarded the trademark owner $32 million due to the web host’s contributions to trademark infringement by its customers. This case stands out for the big damages award and as a rare example where an online provider was held liable under a contributory trademark liability theory. Many trademark practitioners are scratching their heads trying to figure out the import of this case, however. Does this case represent a dangerous new frontier of online liability? Was this a bad jury verdict fueled by poor defense lawyering? Or was this an appropriate outcome because the web host actually engaged in bad behavior that distinguishes it from most “legitimate” web hosts? 2010 may help us understand if this case is part of a new trend or an aberration.
#9: Gordon v. Virtumundo. We’ve seen a lot of silly anti-spam litigation, including the emergence of an entirely new group of entrepreneurs called “spam litigation entrepreneurs” who try to make a living on anti-spam lawsuits. These folks have a true love-hate relationship with spam; they hate it so much that they devote their lives to fighting it, but they love getting spam because each one is a potential revenue source. In general, judges hate spam a lot too, so over the years we have seen a number of doctrinally unsupportable results where judges bent the law to make sure spammers lost.
However, the judicial pendulum has swung in the opposite direction, and in Gordon v. Virtumundo, the Ninth Circuit destroyed a serial anti-spam plaintiff’s entrepreneurial business in a doctrinally questionable but strongly worded opinion. In short order, a number of other spam litigation entrepreneurs have seen their lawsuits shut down with emphasis. Due to this ruling, the era of anti-spammers partying in courts may be on the wane.
#8: Zango v. Kaspersky. The question raised in this issue is simple to state but hard to answer: who should decide what constitutes spam, spyware or a virus? Vendors of software designed to curb these threats would like unfettered discretion to make their classifications; businesses who are classified as a threat would like judges to overturn adverse decisions. As it turns out, in a relatively obscure provision (47 USC 230(c)(2)), in 1996 Congress said that software vendors get to make classifications decisions and unhappy businesses can’t complain about them. In June, the Ninth Circuit upheld Kaspersky’s decision to classify Zango’s software as a threat and rejected Zango’s efforts to take the classification decision out of Kaspersky’s hands. This ruling gives enormous freedom to vendors of anti-spam/anti-spyware/anti-virus software to do their best to keep us safe.
#7: Columbia Pictures v. Fung. This case came out just before the Christmas holiday, so it got lost in the holiday hoopla a bit, but it’s a case of potentially significant import. First, it held that the specific torrent sites at issue induced copyright infringement. Second, the court denied the torrent sites’ eligibility for the DMCA online safe harbors. In part, the court said that an inducing website was categorically disqualified from the DMCA online safe harbors. Like the Akanoc case, it’s not entirely clear if this result was a legal aberration or an appropriate reaction to the defendants’ poor choices. Either way, it is possible that more “legitimate” websites may change their behavior to minimize their exposure based on the legal precedents in this case. If they do, this case could have a major impact on UGC websites.
#6: Lori Drew’s acquittal. Megan Maier’s suicide remains a heartbreaking tragedy, but unfortunately, overzealous prosecutors compounded the tragedy by prosecuting Lori Drew using bogus legal doctrines. The tragic facts got a jury to convict Drew of some misdemeanor crimes. Fortunately, the judge recognized the legal errors of the prosecution’s theory and the jury’s conclusions and granted Drew an acquittal despite the jury findings. The judge finally got to the right result as a matter of Cyberlaw, but the case remains a chilling testament to prosecutorial power.
#5: Harris v. Blockbuster. The rule is really clear. Service providers can't amend online user agreements in the provider’s sole discretion without notice. As the Ninth Circuit informed us in 2007, those contracts don’t fare well in court. So although these provisions are in just about every online user agreement, they don’t work--as Blockbuster found out the hard way.
As part of the litigation detritus from the Facebook Beacon experiment, users sued Blockbuster for sharing their rental transactions with Facebook and all of their friends, allegedly in violation of the Video Privacy Protection Act. Blockbuster tried to bust the class action by invoking the contract’s arbitration clause. Instead, because Blockbuster had the impermissible amendment provision in its user agreement, the court said the contract was illusory and refused to send the case to arbitration.
This case should signal the end of the ridiculous amendment clauses. We’ll see how long it takes the lawyers to give the provisions up.
#4: Battles Over the First Sale Doctrine. We have seen numerous legal battles this year over the First Sale defenses in both copyright and trademark law.
Copyright owners try to engage in price discrimination by carving up the world into geographic territories with different prices for the same product. If they can use copyright law to keep the cheap products from entering the other geographic market, this keeps the product from effectively price-competing with itself.
This year, two cases involved European textbooks which were functionally equivalent to the textbooks being sold in the United States at higher prices. Entrepreneurs were buying the cheap European texts, shipping them to the US and then selling them online. The entrepreneurs invoked the First Sale doctrine, which says that copyright law can’t prohibit the legitimate purchaser of a tangible copyrighted item from reselling the item to whomever they want at whatever price they want.
However, copyright law has another provision that allows copyright owners to block the importation of copyrighted works into the United States. In the 1998 Quality King case, the US Supreme Court said that the First Sale doctrine trumped the importation right when the goods were manufactured in the US, sold overseas, and then imported back to the US. However, in Pearson v. Liu and John Wiley & Sons v. Kirtsaeng, the judges said that the importation right trumps the First Sale doctrine when the goods were initially manufactured overseas. This issue is ripe for further adjudication, though. A similar importation case, Costco v. Omega, is pending before the US Supreme Court, which is deciding whether or not it wants to hear the case. If it does, we may get clearer instructions about the interplay between the First Sale doctrine and the copyright importation right.
Copyright’s First Sale doctrine was also at issue in Vernor v. Autodesk, where the purchaser of a software disk wanted to resell the disk on eBay despite restrictions in the software licensing agreement barring such resales. The court held that the First Sale doctrine applied and allowed the resale. There are other cases percolating through the court system involving the resale of tangible media contained copyrighted material despite contractual restrictions on resale, so this issue remains a hot one.
Trademark owners also try to prevent competition with their products that leak out of their official channels of distribution. eBay has been the site of a couple battles over the First Sale doctrine in trademark law. In Mary Kay v. Weber, the court held that the trademark First Sale doctrine may not permit the eBay resale of expired cosmetics by a Mary Kay independent beauty consultant. In Beltronics v. Midwest, a trademark owner shut down the eBay resale of radar detectors that had leaked out of the manufacturer’s channel and were being sold (at a cheaper price) without the manufacturer’s warranty.
Clearly, the First Sale doctrine matters a lot to eBay and other consumer-to-consumer e-commerce websites. With a possible pending Supreme Court case and lots of IP owners looking to stifle competition from goods they have already profited from, expect the First Sale doctrines to get lots of attention in 2010.
#3: 47 USC 230. In my opinion, 47 USC 230 is the most important Cyberlaw statute, so new 230 developments will make my top 10 list for the foreseeable future. This year, there were three federal appellate court rulings interpreting 47 USC 230(c)(1):
* in Barnes v. Yahoo, the Ninth Circuit held that 230 protected a website’s negligent delay in removing user content. However, if the website had promised removal to the user, the user could have a viable claim for promissory estoppel that would not be preempted by 230.
* in FTC v. Accusearch, the Tenth Circuit held that a website’s resale of pretexted phone records—even if those records were supplied by third party suppliers—did not qualify for 47 USC 230 protection because of their illegality.
* in Nemet Chevrolet v. ConsumerAffairs.com, the Fourth Circuit held that a consumer review website was not liable for user-supplied reviews, even when the website worked with the user to submit the review, and despite the plaintiff’s unsubstantiated claims that the website had fabricated the reviews itself.
Really, the big 47 USC 230 news in 2009 is the absence of big news. Specifically, 2009 reinforced that the Ninth Circuit’s 2008 Roommates.com decision—one of the most significant defense losses under 47 USC 230—did not rip open a major hole in the statutory protection of websites. Of the 13 cases that I have seen that have cited the Roommates.com en banc opinion, eleven have cited the case in favor of the defense. (See the list here). The two exceptions are the Accusearch case, mentioned above, and the New England Patriots’ lawsuit against StubHub over season ticket resales, an odd opinion that may not have much influence. Therefore, despite our fears about Roommates.com, the 47 USC 230 immunity remained healthy and vibrant in 2009. For more on this topic, see my special recap of 47 USC 230's year-in-review for 2009.
#2: Keyword Advertising Battles. Keyword advertising battles are another perennial topic on these year-in-review lists. A multi-billion dollar a year industry has sprung up around the sale of keyword-triggered advertising, including some keywords that may be third party trademarks, and trademark owners don’t like it at all. This has led to a multi-front battle between trademark owners, keyword advertising sellers (such as Google), and keyword advertising buyers.
One of the biggest Cyberlaw cases of the year was the Second Circuit’s ruling in Rescuecom v. Google. In the district court in 2006, Google won an easy victory against a trademark owner because the court said that Google did not make the requisite “use in commerce” of the trademark. The Second Circuit reversed the district court, sending the case back for further proceedings. The reversal does not ensure Google’s defeat; Google will now litigate other legal doctrines and might very well win on one of those. However, the Second Circuit’s opinion largely spells the end of any “use in commerce” defense by either keyword advertising sellers or buyers.
Because of the “use in commerce” defense’s demise, keyword advertising cases will now likely turn on whether the advertisements create a likelihood of consumer confusion. One case, Hearts on Fire v. Blue Nile, offered up a new and complicated test for gauging consumer confusion. If other courts adopt this test, keyword advertising cases will get even more expensive and complicated—highlighting how important it was that the Rescuecom case eliminated an easy way to end these lawsuits early.
Meanwhile, despite the fact that keyword advertising battles have been taking place for at least a decade, we have not heard what a jury thinks about the practice—until the November jury ruling in Fair Isaac v. Experian. In that case, the jury found for the defense that the keyword-triggered ads did not create the requisite likelihood of consumer confusion. It remains to be seen if other juries reach the same conclusion. If they do, keyword advertising lawsuits should slowly fade away over time because the trademark owners can’t win in the end.
As for now, keyword litigation is going strong and hardly fading away. In Spring, Google made two changes to its trademark policies where it voluntarily agrees to take down certain types of ads at the trademark owner’s request. In May, Google extended its more liberal US-based policy to nearly 200 other countries, replacing the more restrictive policies it had in place there. Shortly thereafter, Google modified its US policy to do less for trademark owners in situations involving product resales, review websites and sales of complementary/replacement parts. Trademark owners were none too pleased with these changes. In response to these changes and the door opened by the Second Circuit Rescuecom decision, Google got hit with about a dozen new lawsuits, including some class action lawsuits, of which I believe 10 are currently still active.
Finally, all of the wrangling in court and over voluntary trademark policies could be mooted by legislative action, and for the third time, the Utah state legislature considered resolving the keyword advertising issue itself. A law regulating keyword advertising passed the Utah house but died in the Utah senate. Expect the pro-regulatory forces to round up the troops for a fourth try in 2010.
#1: FTC Endorsement Guidelines for Bloggers. The Obama administration has breathed new life into a pro-regulatory FTC, and the FTC sure is interested in all things Internet. The FTC has been nosing around Internet privacy and Internet marketing practices pretty carefully, and I expect 2010 to bring more FTC pronouncements designed to tackle the Internet.
But nothing stirred up a hornet’s nest of confusion and anger in 2009 like the FTC’s Endorsement and Testimonials Guidelines. I think it’s fair to say that the FTC’s guidelines rollout was a complete failure. As usual, the FTC’s guidelines were mealy-mouthed and filled with conditional statements (the FTC hates to lay out bright line rules that might constrain their future discretion). However, the FTC’s general gist was clear: bloggers should disclose when they receive financial or other consideration for their blog posts.
Unfortunately, this general principle leaves open some fairly fundamental questions, like when is disclosure required in situations less clear than straight cash-for-posting, and where should disclosure be made, especially in space-constrained media like Twitter. Needless to say, unhappy bloggers can be very noisy, so blogger response to the FTC’s announcement was loud and vituperative. The FTC tried to backpedal a little by saying that it did not intend to pursue individual bloggers, but this announcement only reinforced that bloggers do not understand what the FTC wants from them.
Meanwhile, the FTC’s proposed guidelines also took an interesting position about an advertiser’s liability for rogue blogger’s posts. This position is generally consistent with government enforcement agencies’ views that commercial players can be legally responsible for content they endorse or link to (see, e.g., my comments on the SEC’s liability-for-linking policy), but this position runs directly contrary to 47 USC 230’s provisions that say A isn’t liable for B’s online content. As a result, I believe that part of the FTC’s proposed guidelines violate 47 USC 230 and would not survive a court challenge.
Overall, the firestorm over the FTC’s Endorsement and Testimonials guidelines is a small part of a larger effort to regulatorily separate advertising from content. The Internet has collapsed those distinctions, perhaps irreparably, so regulators may be trying to accomplish the impossible. Nevertheless, the FTC seems determined to prop up the distinction, and I expect 2010 will bring more FTC efforts on this front.
* * * * *
While that concludes my top 10 list, there were a number of other interesting developments in 2009 that are worth a brief note:
* Moreno v. Hanford Sentinel. A woman trashed her hometown in an obscure but public MySpace posting and learned there is no “do-over” for Internet content publication. My vote for the most factually interesting Cyberlaw case of 2009.
* Google’s keyword metatag announcement. Courts generally treat the inclusion of third party trademarks in keyword metatags as per se trademark infringement. But Google has confirmed that it ignores keyword metatags. Will courts get the message?
* Google Book Search settlement. If the Google Book Search settlement ever gets approved, it may reshape the book industry, redefine libraries, and make all kinds of other socially significant changes. But the list of opponents to the settlement is long and growing. Professor James Grimmelmann of New York Law School is our community’s maven for all things “GBS.”
* Kindle book deletion. The Kindle store sold e-books it didn’t have the right to sell, so it took them back. Users learned of a key factual difference between physical books and e-books—the vendor can remotely make e-books go poof.
* States’ efforts to impose sales tax efforts based on marketing affiliates. For years, states have been looking for ways to make online retailers collect sales tax for them. They are generally stopped by Supreme Court precedent, but in 2008 New York finally figured out a workaround. The New York statute said that marketing affiliates were like traveling salespeople and thus created the physical nexus required for a state to impose sales tax collection obligations. The New York statute survived its first legal challenge, which opened the floodgates of other states passing similar laws hoping to get their piece of the action. Meanwhile, online retailers aren’t just rolling over; instead, they are threatening to cut off (or actually cutting off) marketing affiliates in states that enact these laws—thus potentially costing the states income tax from the marketing affiliates’ revenue, and creating the potential for the entire affiliate industry to be torn apart.
* Maine kids privacy law. Maine thought it could pass a law banning marketing to kids. It was wrong. The state had to withdraw the law and go back to the drawing board.
* UMG v. Veoh. Veoh won another nice DMCA online safe harbor victory.
* US v. Kilbride. The Ninth Circuit says that online obscenity prosecutions need to evaluate national attitudes towards obscene content, not local community standards.
* Kentucky domain name seizure. Kentucky tried to grab 141 domain names that enabled Kentucky residents to engage in illegal gambling. But those domain names also serviced customers for whom the gambling was completely legal, so the Kentucky courts are rethinking the grab.
* FTC v. Sears. As another example of the new pro-regulatory winds blowing through the FTC, the FTC cracked down on Sears for installing spyware on users’ computers that looked at the users’ hard drives, even though Sears paid the users for the installation and disclosed the spyware’s snooping in the user agreement (though in an inconspicuous manner). This case has made a lot of lawyers concerned that adverse disclosures in user agreements won’t satisfy the FTC.
* Facebook the Drama Queen. Ah, Facebook. Love it. Hate it. Facebook is a pretty nifty site and part of my daily routine, but boy, they sure do have a knack for stirring up trouble.
- In February, they made a relatively modest change to their user agreement that caused people to freak out.
- In response to this, Facebook took the provocative step towards user self-governance. Facebook let users vote on some choices and promised to be bound by the results, but with an asterisk: Facebook decided what options users could vote on, and Facebook would honor those choices only if a prohibitively large number of users exercised their franchise. Still, it was a nice gesture towards cyberspace community self-governance.
- In summer, they tried to settle their Beacon litigation, but that also reminded folks of how much Beacon irritated them in the first place.
- Summer also brought allegations of click fraud on Facebook, and lawsuits followed.
- Finally, in Thanksgiving, Facebook rolled out some changes to its privacy options that it pitched as giving users more choices, but it also took away some choices and defaulted users into some options that surprised them.
Given this track record, is it unrealistic to expect more Facebook drama in 2010?
* Estavillo v. Sony. Speaking of self-governance, virtual world enthusiasts would love to establish the legal proposition that virtual worlds are legally equivalent to governments and therefore obligated to restrain their actions just like governments are. One virtual world enthusiast sued Sony for kicking him off the network, claiming that Sony was legally governed as a “company town” and therefore lacked the discretion to kick him off. WRONG (and it wasn’t even close).
* Wikipedia's policy change. In August, the English-language Wikipedia announced that it was going to tighten up its editorial policies, and people Freaked Out. (In fact, I have predicted that Wikipedia cannot avoid increased editorial restrictions over time, so this change should not have been surprising). However, it turns out that everyone got it wrong, and Wikipedia’s editorial changes are far less dramatic (and consequential) than initially reported. I will post a separate recap on Wikipedia shortly.
If you would like a stroll down memory lane, you can see my previous top 10 lists from 2008, 2007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 2005, 2004 and 2003.
Posted by Eric at 10:46 AM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark , Virtual Worlds | TrackBack
January 05, 2010
47 USC 230 Year-in-Review for 2009
By Eric Goldman
I will do a more comprehensive year in review for Cyberlaw generally, but I thought it would be fun to take a close look at how 47 USC 230 fared in 2009. This is the first full calendar year following the Ninth Circuit’s en banc Roommates.com opinion, and many of us initially feared that the case would create a huge hole in 230’s otherwise solid immunity. As it turns out, those concerns have not come to pass. If anything, 2009 shows us just how strong the immunity remains.
I blogged on a total of 22 cases issued in 2009 that discussed the statute. (I blog on every case I see that substantively discusses 47 USC 230). I blogged on other cases in 2009 that were decided before 2009, such as the Woodhull v. Meinel case from October 2008 and DC v. Harvard-Westlake, a 2007 arbitrator’s dismissal that came to light in 2009.
Of the 22 calendar year 2009 cases, I would classify 14 of them (63%) as easy defense wins, frequently on a 12(b)(6) motion to dismiss or state law equivalent. Even many of the remaining 8 cases contained good news for defendants. For example, in Shiamili, the defense inexplicably lost at the district court level but got an easy reversal on appeal. The Stayart court granted Yahoo an easy defense win, although co-defendant Various didn’t get the 230 ruling. Similarly, the Barnes case granted the defense an easy 230 win on one theory (negligent undertaking) but denied 230 for a different one (promissory estoppel). The Certain Approval Process case said 230 did not prevent the plaintiff from amending the complaint to add a cause of action, but once added, the court instantly zapped the claim on other grounds.
This leaves four unambiguous 230 defense losses in 2009. The leading 230 defense loss was the Tenth Circuit FTC v. Accusearch case, which held a retailer liable for reselling illicit phone records. The other major 230 defense loss was the NPS v. StubHub case, which held that 230 may not apply to a lawsuit over the alleged illegal ticket scalping by StubHub’s sellers. Both of these cases involve the retailing of illegal items, suggesting that 230’s boundaries may not reach that far.
The other two defense losses are less consequential. The Project Playlist held that 230 does not preempt state IP law claims, a conclusion that deserves note only because the Ninth Circuit held otherwise in the 2007 ccBill case. I believe that no other courts will follow the Ninth Circuit’s rule that 230 preempts state IP laws, making the Project Playlist ruling unsurprising.
In People v. Gourlay, a web host was denied a 230 defense to a criminal prosecution for child molestation- and child pornography-related claims. This case turns mostly on the web host’s active role creating the child pornography (as well as the host’s molestation of the child actor); with that context, this case may have little influence on other cases. Indeed, the court made clear that web hosts providing standard web hosting services could fully qualify for 230 protection against a state criminal prosecution of child pornography dissemination.
In reverse chronological order, a brief overview of the 230 cases from 2009:
Nemet Chevrolet v. ConsumerAffairs.com (4th Cir. Dec. 29, 2009). One of three federal appellate court 230(c)(1) rulings in 2009 (Barnes and Accusearch are the others). A solid defense win for a consumer review website. The plaintiff’s claims that the website contributed to the reviews’ development and fabricated reviews were tossed on a 12(b)(6) motion to dismiss.
Shiamili v. Real Estate Group (N.Y. App. Div. Dec. 17, 2009). In an unpublicized January 2009 decision, the trial court denied a website’s 230 dismissal request for claims based on user-supplied comments. In December, this error was fixed on appeal despite allegations that the website “chooses and administers” the user content.
Dart v. Craigslist (N.D. Ill. Oct. 20, 2009). Craigslist got a big win in its ongoing battles with various government agencies over prostitution ads on Craigslist when the court held it wasn’t liable for those ads.
Riggs v. MySpace (C.D. Cal. Sept. 17, 2009). A goofy case. The court holds that MySpace’s deletion of Riggs’ account was protected by 230(c)(1) on the apparent theory that Riggs (the plaintiff) was the third party supplier of the deleted content. This case would make more sense as a 230(c)(2) case.
Finkel v. Facebook (N.Y. Sup. Ct. Sept. 15, 2009). Facebook wasn’t liable for the contents of a user’s private group even though Facebook placed a copyright notice on the page.
Intellect Art v. Milewski (N.Y. Sup. Ct. Sept. 15, 2009). Ripoff Report wins again.
Stayart v. Yahoo (E.D. Wis. Aug. 28, 2009). An convoluted, and possibly confused, ruling that Yahoo wasn’t liable for search results snippets. However, Various was denied 230 because it may have originated the content in question.
Cornelius v. DeLuca (E.D. Mo. Aug. 18, 2009). An online retailer wasn’t liable for user-supplied comments despite a “conspiracy” allegation.
Goddard v. Google (N.D. Cal. July 30, 2009). This is a follow-on ruling to an important December 2008 ruling in this case, which dismissed the plaintiff’s complaints but gave the plaintiffs another chance. The December 2008 ruling is one of the most interesting and important decisions interpreting Roommates.com. In the July ruling, the judge again found that 230 insulates Google from liability due to allegedly fraudulent ads run through its network and granted a final dismissal.
Doe II v. MySpace (Cal. App. Ct. June 30, 2009). MySpace isn’t liable for users’ sexual assaults on other users.
FTC v. Accusearch (10th Cir. June 29, 2009). The second of three federal appellate court rulings on 230(c)(1). The defendant was an online retailer of illegal phone records. The retailer claimed that the phone records came from third party suppliers and therefore 230 immunized the retailer from liability associated with the records. The court echoed the Ninth Circuit’s Roommates.com decision, effectively extending that case to the Tenth Circuit, and said that the retailer was responsible for selling the illicit phone records despite 230.
Zango v. Kaspersky (9th Cir. June 25, 2009). This is the only 2009 ruling addressing 47 USC 230(c)(2), the overshadowed and frequently overlooked sibling of 230(c)(1). Despite the rarity of 230(c)(2) cases, this case could be fairly influential. The Ninth Circuit held that 230(c)(2) protected an anti-spyware software vendor’s decision to classify software as a threat. If you missed it, you might want to take a look at my presentation slides on 230(c)(2), which distill my deep look at 230(c)(2) this summer.
Gibson v. Craigslist (S.D.N.Y. June 15, 2009). Craigslist isn’t liable for physical injury caused by a gun purchased via a Craigslist ad.
Doe IX v. MySpace (E.D. Tex. May 22, 2009). MySpace isn’t liable for users’ sexual assaults on other users.
Barnes v. Yahoo (9th Cir. May 7, 2009; amended opinion June 22, 2009). The third of three federal appellate court opinions on 230(c)(1). The Ninth Circuit held that 230 preempted a claim against a service provider for negligently delaying the removal of user content (essentially, Zeran redux), but 230 did not preempt a promissory estoppel claim based on promises the service provider made to the person requesting takedown. The initial Ninth Circuit opinion had two other unfortunate digressions: (1) it said that 230 was an affirmative defense that did not support a 12(b)(6) motion to dismiss, and (2) the opinion had ambiguous language implying that 230 preempted only state claims, not federal claims. The amended opinion helpfully eliminated both digressions.
Atlantic Records v. Project Playlist (S.D.N.Y. March 25, 2009). 230 does not preempt a state IP claim—in this case, a violation of state copyright law for pre-1972 sound recordings.
Joyner v. Lazzareschi (Cal. App. Ct. March 18, 2009). A message board operator wasn’t liable for user posts.
Raggi v. Las Vegas Police (D. Nev. March 10, 2009). A union wasn’t liable for messages that union members posted on the union-operated message board.
Certain Approval Programs v. Xcentric Ventures (D. Ariz. March 9, 2009). 230 did not bar amending a complaint to add a new cause of action when the plaintiff also adequately alleged that the Ripoff Report contributed to the creation and development of the content at issue.
People v. Gourlay (Mich. App. Ct. March 3, 2009). This case involves the prosecution of a pornographic web host who also molested the child actor. The web host asserted a 230 defense in trying to overturn the conviction for the charges related to pornography dissemination. Although 230 can preempt state criminal prosecutions, and web hosts are protected by 230 for their ordinary web hosting activities, this web host actively participated in the site’s development and therefore lost 230’s protection.
NPS v. StubHub (Mass. Super. Ct. Jan. 26, 2009). In a long-running battle between the New England Patriots and season ticketholders who want to resell their tickets via StubHub, StubHub was denied summary judgment on 230 grounds. The court cites Roommates.com in saying that StubHub may have contributed to illegal ticket scalping sufficient to potentially disqualify it for 230 protection.
GW Equity v. Xcentric Ventures (N.D. Tex. Jan. 9, 2009). Ripoff Report is protected by 230 even though it offers pull-down menus and manipulates user-submitted reports.
Posted by Eric at 11:45 AM | Derivative Liability | TrackBack
January 04, 2010
Terminated eBay Vendor Gets Day in Court Against eBay--Crawford v. Consumer Depot
By Eric Goldman
Crawford v. Consumer Depot, Inc., 05-3242 (Tenn. County Ct. Dec. 9, 2009)
Essex and Consumer Depot are competitors in the eBay consignment business. According to the court, prior to 2005 Essex used to allow its employees to bid on its auctions, and in 2004 one of its executives was personally suspended for shill bidding. Consumer Depot allegedly accused Essex of shill bidding, sparking a lengthy multi-front battle between the two companies (dating back to summer 2005).
In 2005, eBay suspended Essex for alleged shill bidding. eBay says it made an independent assessment (easily supported because of Essex's past practices) and didn't rely on reports from Consumer Depot. While Essex was negotiating with eBay over possible reinstatement, Essex tried to unload its warehouse by hiring independent contractors who worked very closely with Essex. eBay decided that this end-run was uncool and terminated Essex. Essex eventually sued eBay for the termination.
eBay defended in part on its user agreement. Essex attacked the user agreement in a number of ways, including:
* it never agreed to the user agreement and the company wasn't bound by it. The court says that no one is allowed to sell on eBay without registering for an account, and the registration process requires acceptance of the user agreement. Any employees registering the Essex account automatically bound the corporation. (Cite to the Motise case, briefly discussed here).
* the contract was unconscionable and a contract of adhesion. The court says that although eBay is an important marketplace, people are free to go elsewhere, eBay is free to decline to business with anyone, and in this case Essex was a sophisticated business with experienced principals.
* the contract is illusory because eBay may modify it (see, e.g., the uncited Harris v. Blockbuster). The court rejects this argument because the changes require notice.
* the contract is illusory because eBay can terminate the relationship if it believes that Essex posed a threat to the site's integrity. The court says this provision is sufficiently definite, but only if the court reads into it a "good faith reasonableness" standard for eBay's belief. Further, Essex's multi-year relationship with eBay creates a course of dealing that overlays the agreement. The court’s discussion is a little garbled, but it is clear that the court added a provision to the contract that eBay may exercise its termination right only reasonably and in good faith.
The courts says eBay had an ambiguous anti-shill bidding policy at the time, and Essex alleges that eBay was looking for a big player to use as an example to other vendors. Thus, Essex may be able to prove that eBay "falsely and as a pretext stated that it found Essex guilty of shill bidding."
Based on the modified contract and eBay’s alleged pretextual justifications, the court denies summary judgment to eBay on the contract and state consumer protection claims. Further, the court says that eBay's liability limit clause applies to the contract but not the consumer protection tort claim. With the open damages on the tort claim, this has become a very dangerous lawsuit for eBay. A jury isn’t going to like a shill bidder, but a Tennessee jury isn’t going to like a Silicon Valley bully beating up on a hometown employer either.
My question is: could eBay have successfully defended all claims based on 47 USC 230(c)(2), the statutory protection for filtering decisions? (Not 230(c)(1), which protects against liability for third party content). Policing against shill bidding seems consistent with the spirit of 230(c)(2)--it's something we want service providers to do, and (c)(2) seems to immunize the steps a service provider takes to do so. Perhaps the real core of this dispute is that eBay publicly called out Essex as an example of a shill bidder. This would bring to mind the National Numismatics case where eBay was denied 230(c)(2) for sloppily worded public announcements intimating that some coins were fake when those coins merely didn't satisfy eBay's certification process. If this case is really about eBay’s public callout of Essex for engaging in behavior that violated eBay’s ambiguously worded anti-shill bidding process, then perhaps 230(c)(2) wouldn’t help here either.
Posted by Eric at 04:32 PM | Derivative Liability , E-Commerce , Licensing/Contracts | TrackBack