Home

Biography

Tech & Marketing Blog

Goldman's Observations Blog

Writings

Presentations          

Classes

Resources

Contact


 

 
Technology & Marketing Law Blog

« April 2010 | Main | June 2010 »

May 28, 2010

MySpace Evidence: Maryland Appeals Court Allows Circumstantial Authentication -- Griffin v. Maryland

[Post by Venkat]

Griffin v. Maryland, Case No. 1132 (Md. Ct. App.) (May 27, 2010) [pdf]

Facts: Defendant Griffin was convicted of murder. The first trial ended in a mistrial. The underlying facts were that the defendant allegedly got into an argument with the victim at a party, pursued the victim into the bathroom, and shot him.

At the first trial, one of defendant's cousins (Gibbs) testified that the defendant was standing right next to Gibbs, and that defendant did not enter the bathroom. On retrial, Gibbs changed his testimony and testified that he saw the defendant pursue the victim into the bathroom.

In order to explain the discrepancy in Gibbs's testimony, the prosecutor argued that the defendant's girlfriend Jessica Barber "had threatened [Gibbs] before the first trial." In connection with this argument, the prosecution offered Ms. Barber's MySpace profile page which contained the following blurb:

FREE BOOOZY!!! JUST REMEMBER SNITCHES GET STITCHES!! U KNOW WHO YOU ARE!!

Ms. Barber was not called to authenticate the MySpace page. The prosecution instead called a police officer who testified that he visited the website on December 5, 2006, the date on the printout of the page.

The Court's Ruling: Defendant argued that "the State came nowhere near authenticating the contents of the MySpace page as statements by Barber." The prosecution argued that the foundational evidence was sufficient to support "a reasonable inference by the jury that the printout was what it purported to be - Jessica Barber's MySpace website."

The court walks through the rules for authentication, includes an obligatory reference to articles about the growth and increased use of social networking profiles, and cites to a slew of law review articles on the evidentiary issues arising from the use of "social media networking site" evidence. The court also acknowledges that "users of social media Web sites, blogs, chat rooms, and discussion forums may post messages anonymously or under pseudonyms." Finally, the court notes the distinction between admitting MySpace "messages" and chat logs on the one hand, and admitting the profile printout on the other hand.

The court's ultimate conclusion?

We see no reason why social media profiles may not be circumstantially authenticated in the same manner as other forms of electronic communication - by their content and context . . . . The MySpace profile printout featured a photograph of Ms. Barber and appellant in an embrace. It also contained the user's birth date and identified her boyfriend as "Boozy." Ms. Barber testified and identified appellant as her boyfriend, with the nickname of "Boozy." When defense counsel challenged the State to authenticate the MySpace profile as belonging to Ms. Barber, the State proffered Sergeant Cook as an authenticating witness. He testified that he believed the profile belonged to Ms. Barber, based on the photograph of her with appellant; Ms. Barber's given birth date, which matched the date listed on the profile, and the references in the profile to "Boozy," the nickname that Ms. Barber ascribed to appellant.
The court rules that the profile printout was properly admitted and rejects defendant's arguments that the printouts should have been authenticated "either by the author or [by] expert information technology evidence."

Commonwealth v. Williams: In contrast to the approach taken by the court in Griffin, the Massachusetts Supreme Court recently held in Commonwealth v. Williams that MySpace messages were not sufficiently authenticated, absent technical evidence. Williams involved MySpace messages introduced - also in an alleged witness intimidation scenario - to explain a witness's reluctance to testify and why she may have feigned lack of memory. The prosecution alleged that the defendant's brother sent the witness intimidating messages through MySpace, and offered the messages as evidence. The prosecution offered the testimony of the witness (who received the messages), who testified that the sender was the defendant's brother, that "he had a picture of himself on his MySpace account, and that his MySpace name was 'doit4it.'"

The court found that the messages were not properly authenticated:

while the foundational testimony established that the messages were sent by someone with access to [the sender's] MySpace Web page, it did not identify the person who actually sent the communication. Nor was there expert testimony that no one other than [the sender] could communicate from that Web page.

Although the court held that the messages were improperly admitted, the court concluded that this was harmless error.
__

With the caveats that federal courts vary in their treatment of webpage authentication (as discussed in this law.com article), and the rules of evidence from Maryland and Massachusetts (rather than the federal rules) were at play here, there are two potential problems with the approach taken in Griffin.

First, even though the court extensively surveys secondary sources, and acknowledges that when it comes to social networking profile evidence, the concern arises that "someone other than the alleged author may have accessed the account and posted the message in question," the court nevertheless concludes that "individualization [of a profile] may lend itself to authentication of a particular profile page as having been created by the person depicted in it." This ignores the reality that public profile pages - which as the court notes are intended for the world to see - can be readily copied (or scraped, or aggregated) by anyone, personalized details and all. A random third party could have copied Ms. Barber's profile verbatim, and could have added on whatever details he or she wanted.

Second, the prosecution didn't question Ms. Barber on the profile page. It relied on the testimony of a police officer who accessed the webpage over the internet (??). There's a simple way to authenticate profile evidence - (1) present the testimony of the profile owner or (2) present the testimony of the company whose service is used to create the profile. Here, neither was done, and the court takes at face value the fact that the webpage accessed by the police investigator was actually Ms. Barber's profile page.

Williams takes a more restrictive approach and finds that the evidence was not sufficiently authenticated, even though the evidence in question was a "message," which the recipient testified that she received. As between the message evidence in Williams and the profile evidence in Griffin, the message evidence from Williams stands head and shoulders above, in terms of authentication. The court in Williams still said no.

I'm surprised there was no discussion of any other evidentiary issues (e.g., hearsay, relevance) by either the parties or by the court.

One thing is for sure, judging from the quantity of cases that involve MySpace evidence in criminal cases, MySpace is fertile ground for prosecutors. As the court notes (quoting from an article), "[i]t should now be a matter of professional competence for attorneys to take the time to investigate social networking sites." The same goes for courts too!

Added: Evan Brown has a post about a recent California criminal case which highlights the pitfalls of relying on a weak authentication standard when admitting this type of evidence. The case was brought against a man who "set up a bogus MySpace profile of his former church pastor . . . suggest[ing] the pastor used drugs and was gay."

[h/t Adam Greivell]

Related post: "MySpace Profile Evidence Inadmissible to Show Defendant Committed 'Gangster Style' Robbery"

Posted by Venkat at 03:52 PM | General

May 27, 2010

EFF Weighs in on Facebook v. Power Ventures -- Facebook v. Power Ventures

[Post by Venkat]

Facebook v. Power Ventures, Case No. 5:08-cv-05780 JW (N.D. Cal.) (Facebook Motion) (EFF Amicus Brief)

Facebook and Power Ventures have been locked in a dispute over whether Power Ventures can access Facebook's website and network outside of Facebook's authorized developer channels. The dispute yielded an interesting ruling on Power.com's motion to dismiss. The parties are both seeking summary judgment on the issue of whether Power.com's conduct violates California Penal Code section 502(c). EFF recently weighed in with an amicus brief which makes the already interesting dispute even more interesting.

The Dispute: Facebook brought Computer Fraud and Abuse Act claims and copyright claims (along with a slew of other claims) against Power.com. Setting aside the peripheral trademark and CAN-SPAM claims, Facebook's key allegations are that (1) Power.com accessed Facebook's network "without authorization" in violation of the Computer Fraud and Abuse Act (and section 502(c), the California computer crime statute); (2) Power.com accessed Facebook’s network in violation of the Facebook terms of use; and (3) Power.com copied the copyrighted portions of the Facebook website in the process of allowing Facebook users to access Facebook through Power.com's interface. (There's also an anti-circumvention claim tied to the unauthorized copying claim.) The court denied Power.com's motion to dismiss. (See coverage of the court's initial ruling on Power.com's motion to dismiss from Tom O'Toole, Jeff Neuburger, and Cyberlaw Cases.)

At this point, the parties are jousting over whether Power.com's conduct violates California Penal Code section 502(c). I'm surprised the parties are focusing their initial battle around this statute, rather than the Computer Fraud and Abuse Act. That said, given that California courts have held that Computer Fraud and Abuse Act decisions are persuasive when it comes to interpreting Section 502(c), what the court does here will be a good indication of what the court will do with the Computer Fraud and Abuse Act claim.

EFF's Amicus Brief: The brief comes at an opportune time for Power.com. I speculated earlier as to whether Power.com would settle this dispute, but given the recent barrage of negative publicity surrounding Facebook (including planned protests/mass deactivations (or deletions ?) of Facebook accounts, and criticism from numerous high profile users and technology commentators), this round of motions could ratchet up the pressure on Facebook. [As a sidenote, Judge Fogel, who originally presided over the dispute and who seemed sympathetic to Facebook's position, recused himself. He didn't give any reasons for the recusal (nor is he required to). I'm not sure what effect this will have on the dispute, but I thought it was worth mentioning.]

EFF urges for a narrow interpretation of section 502(c) in a way that avoids liability to Power.com. The EFF brief argues that finding liability based on access in excess of Facebook's terms of service is similar to attempting to hold Lori Drew liable for creating a MySpace profile in violation of MySpace terms of service. ("[In] Facebook's view . . . [a] user who is twelve years old violates the criminal law every time she uses Facebook.") According to EFF this results in allowing a private entity to define the bounds of criminal conduct, and does not give end users sufficient advance notice of what's permitted and what is criminal conduct. Notwithstanding the difficulties in analogizing a criminal case to a civil one, EFF's argument resonates, in light of the fact that Facebook has changed its terms of service over the past few years. (EFF: "Facebook's Eroding Privacy Policy: a Timeline.") Facebook's terms are difficult to read and digest for a lawyer; for a non-lawyer end user, they are even tougher. Although length is not a proxy for whether a document is understandable, a popular refrain on the internet was that Facebook's terms are longer than the Constitution.

Does Access in Violation of Facebook's Terms of Service Violate the CFAA: There are cases holding that repeated unauthorized access of a website through automated means may violate the CFAA (for example: EF Cultural Travel BV v. Zefer Corp.; EF Cultural Travel BV v. Explorica, Inc.; Southwest Airlines v. Farechase, Inc.; Register.com, Inc. v. Verio, Inc.). Power.com does not have an easy road when it comes to legal precedent. EFF's brief cites to a recent case from the employment context where the Ninth Circuit narrowly interpreted the Computer Fraud and Abuse Act (LVRC Holdings, LLC v. Brekka, discussed by Jeff Neuburger here). Brekka was a case where an employee accessed his employer's computers and servers for his own purposes (and contrary to his employer's interests). The employer never expressly rescinded Brekka's access. The Ninth Circuit granted summary judgment in favor of the employee (Brekka), reasoning that once authorized, the authorized user cannot violate the CFAA unless the authorization has been rescinded or where the authorized user "exceeds authorized access" - i.e., by accessing the computer to obtain or alter information" that the authorized user is not entitled to obtain or alter. The court in Brekka acknowledges that the Seventh Circuit took a different approach in International Airport Centers v. Citrin, where it concluded that an employee can lose "authorization" when the employee "resolves to act contrary to the employer's interest."

There's one key difference between Brekka and this case, which is that in this case, there was never any dispute as to whether Power.com or Facebook end users are authorized to access Facebook's servers through Power.com's service. In any event, Facebook sent Power.com a cease and desist letter making clear that Facebook viewed Power.com's access as unauthorized. Interestingly, one of the CFAA sections covers unauthorized access where the defendant "obtains information" which the defendant is not entitled to obtain. Arguably Facebook end users are not "entitled" to obtain information from Facebook through channels that are not authorized by Facebook. However, the information that end users are looking to access is clearly not Facebook's - it's the end users own data. (The Computer Fraud and Abuse Act has several different sections, but broadly, it requires (1) access or the transmission of information that is unauthorized; (2) which causes damage or effects fraud, and (3) with a certain level of culpability. The EFF's internet law treatise page on the CFAA is a good resource for background.)

The CFAA component of this dispute reminds me in some ways of Southwest Airlines v. BoardFirst, a case where Southwest Airlines tried to shut down BoardFirst's service, which assisted passengers in checking in to Southwest's flights. The court denied Southwest's motion for summary judgment, and the parties ultimately settled. The court's ruling denying Southwest's motion for summary judgment [scribd] contains some good discussion about whether access in excess of a website terms of use constitutes a violation of the Computer Fraud and Abuse Act. As that case makes clear, however, even if there are problems with Facebook's Computer Fraud and Abuse Act claim, Facebook most certainly has a valid terms of service-based claim. Finding that there's been no terms of service violation would require some serious judicial contortions, and would undermine a pretty basic principle that a website owner is free to define the bounds of access of its website through a terms of service. There have been decisions which have invalidated portions of terms of service based on the fact that the terms are grossly unfair (or are unconscionable) but it's tough to see this part of Facebook's terms fitting into this category. (On a related note, Professor Goldman recently blogged about Miller v. Facebook, a case where Facebook successfully invoked the venue provision of its user agreement to get a copyright dispute transferred from Georgia to California.)

Facebook also has a copyright claim. As tenuous as Facebook's copyright claims may be, there are cases which support Facebook's position, and a judge in this case has already ruled that Power.com doesn't get a pass if it is found to have accessed Facebook's copyrighted material (even for the purpose of allowing end user access).
__

While recent events have made Power.com's arguments more tenable, I think it still has a tough battle, among other things because it's a competitor of sorts. That said, there are a variety of factors which make this case a harder one for Facebook than I initially thought. It is interesting to see people rally around Power.com, who judging from Facebook's pleadings, has some baggage - the type that makes a clear win for Power.com unlikely. As far as data portability goes, Power.com is an unlikely champion. On the other hand, Facebook doesn't look so great blocking Power.com's efforts.

Other Third Party Services: Another interesting aspect to this dispute is that a plethora of third party services have arisen which arguably address the privacy and data concerns of Facebook's end users. Are these services allowed to access end user data in violation of Facebook's terms? Facebook has tried to force some of these applications to stop, but I think some of these applications may have a more compelling argument than Power.com, which is just a point of aggregation for various social networking profiles. For example, if Facebook didn't provide a way for end users to delete their user data, could a third party provide this service?

1. Openbook: "Facebook helps you connect and share with the people in your life. Whether you want to or not." An interesting site that lets you search public Facebook status updates to show how often embarrassing information is shared through Facebook.

2. ReclaimPrivacy.org: a "website provides an independent and open tool for scanning your Facebook privacy settings."

3. Seppukoo: an app that lets you kill your online profiles - in response to a Facebook cease and desist [pdf], the site stopped killing Facebook accounts.

Facebook has a good argument that it needs to regulate access for security reasons. Along these lines, Facebook recently implemented "anti-hacking" features which may make access through third party channels more difficult.

Other coverage:

Techdirt: "Facebook Abusing Computer Crime Law To Block Useful Service"
ReadWriteWeb: "Facebook Suing Power.com for Auto-Logging"
EFF: "EFF Seeks to Protect Innovation for Social Network Users"
Wendy Davis: "EFF: Violating Terms Of Service Isn't Computer Fraud"

Posted by Venkat at 10:23 AM | Privacy/Security

May 26, 2010

Beacon Class Action Lawyers Awarded $2.3MM in Fees -- Lane v. Facebook

[Post by Venkat]

Lane v. Facebook, Case No. 08-3845 RS (N.D. Cal.) (Order re Attorney Fees)

The lawsuit over Facebook's ill-fated Beacon program generated three lawsuits, a lot of wrangling by class action lawyers, and more than a few blog posts (e.g., "Beacon Class Action Settlement Approved;" "Stop Saying 'We Can Amend This Agreement Whenever We Want'!;" "Texas Class Action Aims to Derail Facebook Beacon Settlement"). Judge Seeborg recently approved the settlement, which included the formation of a privacy foundation funded by Facebook. (Here's an earlier post of mine summarizing the then-proposed terms of the settlement.)

The one item pending was the amount of fees which class counsel would be entitled to. Judge Seeborg issued an order on Monday awarding plaintiffs' counsel $2,322,763.00 in fees and $42,210.58 in costs, for a total award of $2,364,973.58. Counsel expended approximately 2500 hours of work on the case, and sought a multiplier of 2.4. The court ruled that a multiplier of 2 was appropriate. The court also found that the hours attributable to the Harris plaintiffs should be "excised," given that "those attorneys attempted to derail the settlement of [Lane v. Facebook] at the preliminary approval stage, before later coming to support it."

[For an explanation of the lawsuit brought by a second group of plaintiffs (Harris v. Facebook) who initially objected to the settlement, check out this post: "Texas Class Action Aims to Derail Facebook Beacon Settlement."]

Although several of the named plaintiffs recovered nominal amounts for their efforts, the class members recovered zero dollars as part of this settlement. The settlement was heralded because it brought significant non-monetary benefits: (1) the establishment of a privacy foundation and (2) a change in Facebook's behavior. Given recent events, I'm sure many are probably left questioning the efficacy of one or both of these.

Posted by Venkat at 08:27 AM | Privacy/Security

May 25, 2010

Life May Be "Rad," But This Trademark Lawsuit Isn't--Williams v. CafePress.com

By Eric Goldman

Williams v. Life's Rad, 2010 U.S.Dist. LEXIS 46763 (N.D. Cal. May 12, 2010)

This lawsuit bummed me out. The trademark at issue--the surfing-inspired "Life's Rad"--is supposed to lift people up, but it's hard to maintain a sunny outlook once the lawyers take over. It reminds me of other hippie-dippy icons that have been the basis of IP legal battles, such as the "Keep on Truckin'" logo, color designs for tie-dye shirts (Banzai v. Broder) and the smiley face. IP lawsuits like these really harsh my mellow.

Both Life's Rad and "Life is Rad" (Williams' offering of radiology-related apparel--get it?!) sell merchandise via CafePress, which means they both agreed to CafePress' user agreement. [An aside: does anyone still use the slang "rad" any more? I thought it died out with "bitchin," "tubular" and "grody."] Life's Rad sent a takedown notice to CafePress, which CafePress honored. Life's Rad seems a little thin-skinned here given its trademark's significant contextual distance from radiology-themed schwag. Further, perhaps CafePress should not have been quite so trigger-happy, although their position is understandable in light of trademark's amorphous boundaries. Williams protested the takedown to no avail and then sued both Life's Rad and CafePress. Williams proceeded pro se. In this ruling, CafePress exits the lawsuit.

Williams tried several of the typical legal arguments that customers trot out when vendors terminate them, such as due process violations (nope--no state action), unfair competition (no--CafePress just exercised its rights under its user agreement) and interference with prospective economic advantage (the court calls that "frivolous"). I haven't pulled the filings to see if CafePress argued 230(c)(2), but that also should have been a possibility.

Williams also tried some unusual legal twists. He argued that CafePress violated the DMCA put-back provisions (17 USC 512(g)). This is misguided on several fronts. First, 512 only applies to copyright, not trademark. Second, CafePress' user agreement authorized its takedown. Third, Williams did not send a proper 512(g)(3) putback request. Fourth (a point the court doesn't note), 512(g) is an option available to a service provider to minimize its liability, not a mandatory requirement to put back content at the user's request.

Williams also claimed that CafePress' takedown violated his trademark rights. The court tosses this aside because (1) Williams didn't claim a trademark in "Life is Rad," (2) CafePress' user agreement authorized the takedown, and (3) "Plaintiff has not identified (nor has the Court been able to identify) any provision of the Lanham Act that restricts an internet service provider's discretion to remove items from its website as a result of any third party party claim of trademark infringement."

This is a great win for CafePress, especially because the court implicitly upholds CafePress' user agreement. Further, this ruling is yet another data point showing that vendors have a lot of discretion to take down their users' offerings without fear of liability to the user. Among other cases in this line: Mehmet v. Add2Net, Estavillo v. Sony and the various Google de-indexing lawsuits (KinderStart, Langdon). See also my 2005 article on virtual world provider discretion to terminate customers.

Some other blog posts on CafePress-related litigation:
* Connecticut Blogger Not Subject to Texas Jurisdiction--Healix Infusion v. Helix Health
* Griper Selling Anti-Walmart Items Through CafePress Doesn't Infringe or Dilute--Smith v. Wal-Mart
* CaféPress Denied 230 Motion to Dismiss--Curran v. Amazon

Posted by Eric at 09:26 AM | Copyright , Derivative Liability , E-Commerce , Trademark | TrackBack

May 24, 2010

Steps Brand Owners Can Take to Deal With Brandjacking on Social Networks

[Post by Venkat]

Winston & Strawn published an article titled [pdf] "Five Steps to Protect Your Trademarks in a Web 2.0 World." The article sets out some steps brand owners can take to prevent or deal with infringement of their marks on sites such as Facebook and Twitter.

I thought the article was great because it urged a measured approach. Here is a summary of the five recommended steps (I particularly liked step one!):

1. Don't panic.
2. Be proactive (get familiar with the sites - "maintain some presence").
3. Don't go guns blazing against the social networking website - it's tough to hold the social networking site liable (Tony La Russa's lawsuit against Twitter is an example of this approach).
4. Use the tools and informal processes provided by the site.
5. Use traditional enforcement strategies.

Consider the Internet Reaction: I would also add one to the list: consider how the internet will react, and take a close look at possible fair use, parody, satire, and First amendment issues. The internet does not react kindly to overzealous brand owners who are not mindful of these issues. Also, it is well worth monitoring any reaction, and having some sort of plan in place to deal with it.

The Streisand Effect: Along these lines, as mentioned in the article, consider the "Streisand effect" (a term coined by Mike Masnick according to internet lore).
__

As described in the article, there have been "few lawsuits . . . for infringement occurring in a social networking context." This points in the direction that either infringement on social networks isn't as rampant as people think, or that brand owners are satisfied with the informal processes made available by sites such as Twitter and Facebook.

Related: Someone recently started a Twitter account for "@BPGlobalPR," noted by VF Daily here: "Somehow, the Internet Appears Not to Understand 'BPGlobalPR' Twitter Is a Joke." While the account is obviously intended as a joke (sample tweet: "Doing our best to turn oil into oilinade. So far the stuff tastes TERRIBLE"), it has over 15,000 followers (which is more than the real BP account has). At least some of those followers appear to take the account seriously.

I can't think of the best approach to dealing with this situation from BP's standpoint, but one suggestion I would not rule out is to hire the person running the account to be on BP's public relations team. Whoever he or she is has a sharp wit and marketing chops (at least when it comes to Twitter)! I'm mostly joking, and in any event, this is pretty far-fetched, given that BP's PR team can't be happy with the person running this account.

Added: The BrandBuilder Blog has a detailed post on the BPGlobalPR Twitter account that's worth reading: "Living in the past = working in the past: How not to get 'brandjacked' like BP Global PR." As noted in that post, the BPGlobalPR Twitter account started up on May 19, 2010!

Posted by Venkat at 07:57 PM | Trademark

A First Look by Tom McCarthy at the Sixth Circuit’s 2010 Victoria’s Secret Tarnishment Decision [Guest Blog Post]

By J. Thomas McCarthy

[Eric's note: Last week, the Sixth Circuit issued a new ruling in the long-running V Secret Catalogue v. Moseley case, this time featuring three opinions from a three-judge panel. Tom McCarthy has generously shared his views on the case:]

After the Supreme Court's 2003 decision in the VICTORIA'S SECRET versus VICTOR'S SECRET battle, the case finally was decided on remand in 2008, the district court applying the 2006 Trademark Dilution Revision Act. The district court granted summary judgment for Victoria's Secret, finding that the use of VICTOR'S SECRET for a small store selling men's and women's lingerie, adult videos and sex toys was likely to cause dilution by tarnishment of the VICTORIA'S SECRET mark for a large chain of stores selling women's lingerie and wearing apparel. I found that decision very troubling because the district court based its finding of a likelihood of tarnishment upon the very same testimony that the Supreme Court in 2003 had characterized as not being evidence of tarnishment.

The district court relied on the same Army officer's testimony that the Supreme Court characterized in its opinion. That is, an Army Officer was offended by the junior user's use of its name on what he considered to be tasteless goods. The Supreme Court said that: “The officer was offended by the ad, but it did not change his conception of Victoria's Secret. His offense was directed entirely at [the junior user], not at [the senior user Victoria's Secret].” Moseley v. V Secret Catalogue, Inc., 537 U.S. 418, 434 (2003). Yet, on remand, the district court said this same testimony “suggests the likelihood that the reputation and standing of the VICTORIA'S SECRET mark would be tarnished.” This did not trouble the Sixth Circuit, which affirmed the summary judgment. V Secret Catalogue, Inc. v. Moseley, ___ F.3d ___, 1020 WL 1979429 (6th Cir. 2010).

I entirely agree with the position of Judge Karen Nelson Moore in her dissent. I think that the majority’s creation out of thin air of a presumption (or “strong inference”) of dilution by tarnishment if there is an “association” with “sex related products” is wildly misguided. The majority essentially creates a hard edged rule that no one can use a “famous” mark (or one so similar that there is an “association”) as a mark for any product or service that a court thinks is “sex-related.” Of course, neither the 2006 TDRA nor its legislative history contains a hint of anything like this and requires (as the dissent points out) proof from the plaintiff of some likely tarnishment of the famous mark.

A central message of the Supreme Court's 2004 Microcolor decision is that the burden of proving a likelihood of confusion always remains with the plaintiff. KP Permanent Make-Up, Inc. v. Lasting Impression I, Inc., 543 U.S. 111 (2004). This same reasoning should apply with equal force to an anti-dilution case. The Sixth Circuit majority shifted the burden to the defendant. The majority said that the defendants had ample opportunity “to offer evidence that there is no real probability of tarnishment and have not done so.” I thought that it was always the trademark owner’s burden to prove its case.

The decision also raises troubling issues of commercial speech. The majority creates a presumption of dilution by tarnishment if the junior mark appears on “sex-related products,” invoking the tort doctrine of res ipsa loquitur. This sounds like the court is making value judgments about what is “sexy.” As dissenting judge Moore points out, it’s ironic that the “tarnished” plaintiff’s VICTORIA’S SECRET mark itself is widely promoted as a source for “sexy little things” intimate lingerie. See Menashe v. V Secret Catalogue, Inc., 409 F. Supp. 2d 412 (S.D. N.Y. 2006) (Victoria’s Secret claimed “Sexy Little Things” as its trademark)

I predict that the majority’s ruling will provoke a storm of criticism. At least it will be grist for the mill of IP commentators and academics, such as myself.

Posted by Eric at 09:07 AM | Trademark | TrackBack

May 23, 2010

Twitter May Allow Competitors to Purchase Trademarks as Keywords for Sponsored Tweets

[Post by Venkat]

via Reid Wilson (at the INTA Annual Meeting):

Twitter's GC on sponsored tweets: still working on the policy; may permit TM's to be purchased by competitors as key words 4 sponsored twts.less than a minute ago via mobile webReid Wilson
Reid_Wilson

Twitter's General Counsel spoke with Fionn O’Raghallaigh in greater detail about sponsored tweets and issues for brand owners. You can check out that informative interview at Managing Intellectual Property here: "Branding Challenges for Twitter and its Users."

This is one of Professor Goldman's favorite topics so I'm sure he will comment on it down the road (if and when interesting issues arise). I just wanted to flag it, and to try out Twitter's embedded tweets function.

Reid's tweet illustrates one of the key benefits of Twitter. I did not attend the INTA annual meeting, but still caught some relevant goings on as they happened.

Posted by Venkat at 11:01 AM | Trademark

May 21, 2010

Second Circuit Stays Hot News Injunction--Barclays v. theflyonthewall

By Eric Goldman

Barclays Capital Inc. v. Theflyonthewall.com, Inc., 10-1372-cv (2d Cir. May 19, 2010)

This case is my choice for the most interesting Cyberlaw development of 2010 (so far). Unfortunately, I ran out of time to blog it when the district court opinion came out in March; the opinion was 89 pages, and I must confess that I let my quest for a perfect blog post become the enemy of a good blog post. Some commentary on the district court ruling: Wendy Davis, Sam Bayard (with a detailed First Amendment analysis), Jeff Neuburger. Fortunately, yesterday we got an important new development in the case, which gives me an excuse to recap the case and talk about its implications.

The case involves an anachronistic business model deployed by brokerage houses. Brokerage house analysts develop and publish stock recommendations. The recommendations are provided first to brokerage clients, who in theory get a chance to act on the new information before that information is generally incorporated into the stock price. Eventually these recommendations are published to the media or otherwise reach the general public.

This is where the business model get weird. The brokerage houses don't directly charge clients for this early access to this information that may move the stock price. Instead, there is an unwritten expectation that the clients who receive the recommendations early will place their stock trades with the brokerage house providing the information, generating commission revenue for the brokerage firm. Clients who take a firm's recommendations and then consistently transact with other (presumably cheaper) brokerage firms should eventually find themselves kicked off the distribution list for future recommendations.

Consider this business model from a game theory standpoint. It's a multi-iteration game that keeps the brokerage clients from "cheating" (taking the business elsewhere) on any one interaction by promising profits from future interactions so long as they cooperate (place the order with the brokerage house making the recommendation). But the entire model is premised on the brokerage house delivering valuable information that makes clients money, which in turn requires that the clients get the information before the marketplace has incorporated the information into the stock price. And because "information wants to be free" in the ways discussed in John Perry Barlow's seminal article, there is a significant risk that the information will "leak out" quickly, get absorbed into the stock price, and eliminate the brokerage house's quid that is designed to elicit its clients' quo.

Theflyonthewall is a publication that gathers brokerage house recommendations from a variety of sources and republishes them in a subscription newsletter. The quicker theflyonthewall gets a recommendation to its readers, the more likely that the readers can act before the information has already been incorporated into the stock price. In that sense, then, theflyonthewall strikes directly at the heart of the brokerage house's archaic business model. Instead of having to keep transacting with the brokerage houses to keep the information coming, theflyonthewall readers can get some of the same economic benefits and retain the freedom to transact with whomever they want.

Although theflyonthewall disaggregates the brokerage house's business model in a potentially fatal way, it's not like the brokerage houses are defenseless. They could make a number of changes to their business models that would fix the problems. Most obviously, they could charge a subscription fee for access to their stock recommendations directly, rather than being compensated indirectly through the resulting stock trade orders. They could also enter into exclusive dealing contracts with trading clients, i.e., anyone getting the reports MUST trade with the brokerage houses. I'm sure other business model changes are feasible.

Instead, the brokerage houses like the situation exactly as it used to work, without having the worry about accelerated information velocity provided by aggregators like theflyonthewall. So, instead of taking a hard look at their business models, the brokerage houses sued theflyonthewall for, among other things, hot news misappropriation. The Second Circuit revitalized the hot news misappropriation doctrine in its 1997 NBA v. Motorola ruling, which articulated a 5 element prima facie case:

(i) a plaintiff generates or gathers information at a cost; (ii) the information is time-sensitive; (iii) a defendant’s use of the information constitutes free riding on the plaintiff’s efforts; (iv) the defendant is in direct competition with a product or service offered by the plaintiffs; and (v) the ability of other parties to free-ride on the efforts of the plaintiff or others would so reduce the incentive to produce the product or service that its existence or quality would be substantially threatened.

I am not a fan of the hot news misappropriation doctrine. The last thing we need is another amorphous legal doctrine to protect intangible assets, and usually hot news misappropriation is a tool plaintiffs use to suppress competition rather than innovating to fix gaping holes in their business practices. However, if we choose to legally recognize the hot news misappropriation doctrine, this case seemed to be a fairly straightforward application of the doctrine.

A hot news claim requires there to be "hot news"--a narrow category of non-copyrightable information that derives value from its time-sensitivity. I can think of only three categories of information that will reliably meet this requirement: real-time sport scores (fans care about a game's score RIGHT NOW; in 3 days, it's a distant memory), real-time weather information (information about today's weather is far more valuable than information from 3 days ago), and certain types of financial information that feed into stock prices. Here, theflyonthewall was trading in the latter category of information that clearly had time-sensitivity--by the time the brokerage house recommendation was incorporated into the stock price, the information was essentially worthless.

Furthermore, unlike the NBA v. Motorola case, theflyonthewall's republication of the hot news does threaten its production. If the brokerage houses don't change their business model, theflyonthewall and other aggregators will eliminate the differential value that the stock recommendations can provide to clients, which undercuts a main point of producing the recommendations in the first place.

One more interesting fact about the hot news claim. During the pending legal proceedings in this case, theflyonthewall turned around and sued a third party aggregator for ripping off theflyonthewall--alleging, among other things, that the third party aggregator was committing hot news misappropriation of theflyonthewall's publications. This was an obviously duplicitous position, and as a result, the legal positions in theflyonthewall's enforcement action were liberally quoted against it in this lawsuit. A tip to all aggregators that should be common sense but apparently isn't: be very careful about bringing enforcement actions against other aggregators. You might just be helping to build precedent that will undercut your legal positions when the enforcement action comes against you. When I work with aggregators, I tell them that there's almost no circumstance when it will make sense for us to go after other aggregators that rip us off. Instead, I advise aggregators to build ex ante technology controls to restrict re-aggregation rather than relying on ex post legal proceedings.

So if there are going to be hot news cases, this case looks about as good as it gets for the plaintiff. As a result, I didn't see this ruling as particularly troubling for other aggregators, in part because most of them will not meet the elements nearly as well as theflyonthewall did. As a good example, Tom O'Toole recently reported on a lawsuit against Goldman Sachs that included a hot news claim. Putting aside the irony of a brokerage house being on the defense side of a hot news claim, the type of data at issue there looks nowhere as close to "hot" news as the data in theflyonthewall case.

After finding a hot news misappropriation, the district court then did something a little goofy. It issued an injunction that required theflyonthewall to delay publication of any stock recommendations it came across until 10 am (if the recommendation was issued before the stock exchanges open) or 2 hours after the brokerage house’s release, with an exception for theflyonthewall's independently developed reporting on a big news event. Note that the time delay applies even if the recommendations have already been extensively republished elsewhere, such as being picked up by major newswires, so the injunction puts theflyonthewall at a noticeable competitive disadvantage compared to other aggregators/news publishers who are freely publishing the same information without the court-ordered embargo.

Furthermore, the court said that theflyonthewall could request dissolution/modification of the injunction in a year "in the event that it can demonstrate that the Firms have not taken reasonable steps to restrain the systematic, unauthorized misappropriation of their Recommendations, for instance, through the initiation of litigation against any parties with whom negotiation proves unsuccessful." Say what? The court apparently took a carrot and stick approach to the brokerage houses—the plaintiffs get an injunction against theflyonthewall, but they get to keep it only if they take down lots of other news publishers and aggregators. Now, the brokerage houses might just be willing to do that, but do we really want them doing that? From my perspective, it sounds like a lot of extra litigation to prop up a broken business model.

Yesterday, in a noteworthy development that shows this issue is not going away, the Second Circuit put the kibosh on the injunction. The court's order says:

it is hereby ORDERED that the motion for a stay is GRANTED, and Appellant shall not be required to post a bond. It is further ORDERED that the motion to expedite the appeal is GRANTED.

The court then issued two related orders with deadlines for briefing and oral argument, but those orders had inconsistent schedules. I assume the court will issue a corrected order that lays out the schedule it actually meant to say. Either way, it doesn't look like this case will languish in the Second Circuit as so many other Internet cases have done (e.g., the Register.com v. Verio case emerging three years after the appeal).

The Second Circuit orders provide no substantive insight into the appellate court's thinking, but the fact they stayed the injunction is a pretty strong hint that they are unhappy with something in the district court's opinion--perhaps its assessment of hot news, or more likely some aspect of the injunction.

Either way, it would be hard to overstate the importance of the Second Circuit proceedings. I've recently been to a few angst-ridden "Future of Journalism" conferences where this case is highlighted as one possible way that news originators can get some legal and financial leverage over Google News and other news aggregators. I've been generally uncomfortable with those discussions on a number of fronts--most importantly because the news originators unduly denigrate the significant value created by curation, even though many traditional publishers do a fair amount of curation themselves. If the Second Circuit guts the district court's opinion, I assume the pro-hot news forces will go searching for some other menacing doctrine (or worse, crank up the lobbying machine for statutory relief). Or, if the Second Circuit endorses a broad reading of hot news, expect to see a lot more hot news lawsuits.

With the Second Circuit's lax standards for submission of amicus briefs, I expect a lot of amicus briefs will be filed in this case. Public Citizen has already announced its intent to file an amicus brief.

Posted by Eric at 07:36 AM | Content Regulation , E-Commerce | TrackBack

May 20, 2010

CAN-SPAM Plaintiff Slammed With $800K Attorney Fee Award -- Asis Internet v. Optin Global

[Post by Venkat]

Asis Internet Servs. v. Optin Global, Inc., et al., Case No. C-05-05124JCS (N.D. Cal. May 19, 2010)

A federal court granted a request for attorney's fees (in the amount of $806,978.84) against prolific CAN-SPAM plaintiff Asis Internet. I thought things were looking good for Asis - whose lawsuits have generated substantial blog fodder - when it recently obtained a 2.5 million dollar default judgment in a spam case. I don't know the details of Asis's financial situation, other than the fact that it's a small ISP that once argued a bond should not be imposed against it due to its financial situation. At the least, this fee award will take some spring out of its step. More importantly, it stands as a warning to CAN-SPAM plaintiffs everywhere.

The court's order contains a good summary of the procedural history of the case. In 2008, the court granted summary judgment in favor of Azoogle, finding that Asis lacked standing and there was insufficient evidence for a reasonable jury to conclude that Azoogle "procured" the emails in question. Asis then moved for fees. The court denied the fee request without prejudice, but awarded costs ($34,825.24). Asis appealed both the summary judgment order and the cost order to the Ninth Circuit. The Ninth Circuit summarily affirmed. (Here's my blog post on that Ninth Circuit ruling.) Although the Ninth Circuit affirmed both the summary judgment order and the cost order, it didn't comment on the proper standard to be used for awarding costs in CAN-SPAM cases. Asis urged a plaintiff-friendly approach that is used in civil rights cases. Azoogle argued that the more neutral Fogerty standard (which is used in copyright cases) was appropriate.

The court finds the Fogerty standard to be appropriate and grants Azoogle's request for attorney's fees and costs. Azoogle also filed a Rule 11 request for sanctions along with its request for fees. The court awards the fees and costs under CAN-SPAM and doesn't make a finding as to whether Rule 11 sanctions are appropriate:

the Court concludes that while Asis may not have acted out of bad faith in initiating litigation against Azoogle, it at least acted unreasonably. Even assuming Asis might have reasonably believed when it initially named Azoogle as a defendant that it would establish standing - a question that turned on an as-yet unresolved issue of law - there was never any evidence that Azoogle sent or procured the emails on which Asis based its claims. Rather it is apparent that Asis sued Azoogle based on little more than speculation that there might be a connection between those emails and Azoogle. Asis then continued to litigate even as its discovery efforts turned up no evidence in support of its claims against Azoogle. Having initiated over 20 similar actions, and sued over 20 defendants in this action alone, an award of attorneys' fees here is necessary to deter Asis and other plaintiffs hoping to profit under the CAN-SPAM Act from casting such a wide net. [emphasis mine]

Ouch! The court also cites to Gordon v. Virtumundo, where Judge Coughenour awarded Virtumundo $110K in fees and costs. Finally, the court finds that expert fees are unavailable under CAN-SPAM, and declines to award the $105,435 in expert fees which Azoogle requested.

Asis's filings in response to Azoogle's fee request provide a window into the approach frequently taken by Asis and other spam-plaintiffs. Despite being unable to marshal sufficient evidence to withstand summary judgment on the core issues, Asis maintained that it shouldn't be hit with a fee award because the emails at issue "were 'clear violations' of the CAN-SPAM Act." (??)

As reported by Ken Magill in 2009, Gordon (the plaintiff in Virtumundo) lost more than his spam case - he lost his house ("Anti-Spammer Loses More than His Lawsuit"). I expect Azoogle will be fairly aggressive in its collections efforts here. Only time will tell as to whether Asis will suffer the same fate as Gordon. Regardless, this is definitely a wake-up ruling for CAN-SPAM plaintiffs everywhere.

Posted by Venkat at 10:52 AM | Spam

May 19, 2010

Web-based Email Bombardment Campaign Does Not Amount to a Violation of the Computer Fraud and Abuse Act -- Pulte Homes, Inc. v. LiUNA

[Post by Venkat]

Pulte Homes, Inc. v. Laborers' International Union of North America, et al. (E.D. Mich.) (May 12, 2010)

Background: Pulte Homes, "the largest new home builder in the United States" terminated eight employees. Defendant Laborers' International Union of North America (LiUNA) is a labor organization that represents workers in the construction industry. LiUNA claimed that seven of the eight employees were fired for expressing support for LiUNA. Plaintiff alleged that in response to the terminations LiUNA began a "targeted effort to sabotage and interrupt" plaintiff's business operations. Plaintiff argued that LiUNA's email campaign was a violation of the Computer Fraud and Abuse Act (sections 1030(a)(5)(A), 1030(a)(B), and 1030(a)(C)):


Defendants have encouraged LiUNA supporters to inundate Plaintiff with mass quantities of phone calls and e-mails . . . . LiUNA's website featured a 'call to action,' which provided a pre-typed e-mail voicing opposition to Plaintiff's alleged termination of employees for supporting the union. This e-mail was pre-addressed to Plaintiff and allowed users to send it to Plaintiff with the click of a few buttons.

The Court's Ruling:

Unlawful transmissions: The unlawful transmission prong of the CFAA requires the transmission of information as a result of which the defendant "intentionally causes" damage to a protected computer. The court dismissed this claim because plaintiff failed to allege that LiUNA's email campaign caused any appreciable damage to plaintiff's computer system.

Unauthorized access: The unauthorized transmission prong of the statute requires intentional access "without authorization," along with resulting loss. The court concludes that LiUNA did not "access [plaintiff's] computer under the CFAA merely by leaving a voice-mail or sending an e-mail." The court rejects plaintiff's attempt to rely on an older AOL spam case (AOL v. National Health Care Discount, Inc.) where the Northern District of Iowa held that the transmission of bulk email through AOL's servers could constitute a violation of the CFAA. (The court there expressed serious reservations as to whether the Computer Fraud and Abuse Act even covered unsolicited bulk emails: "it is not clear that a violation of AOL's membership agreements results in 'unauthorized access.'") The AOL case was decided pre-CAN-SPAM, and as the court recognized, stretched the bounds of the Computer Fraud and Abuse Act. It's tough to conclude that sending an email to an email address that's designed to receive emails from the general public constitutes "unauthorized access" under the Computer Fraud and Abuse Act. AOL argued that mass emails were "unauthorized," because they were a violation of AOL's terms of service, but this argument suffers from the same problems that any terms of service-based Computer Fraud and Abuse Act claim suffers from.

[Anyone engaging in this sort of a mass email campaign may want to stagger the emails or otherwise take steps to minimize potential damage or slowdowns to the recipient's servers. Where there's no damage or slowdown, courts are reluctant to find liability.]
__

This case is reminiscent of Intel v. Hamidi, another case involving a departing employee who was sued for sending mass emails. In Hamidi, the California Supreme Court held that the departing employee could not be held liable under a trespass to chattels theory because the emails he sent did not damage Intel's servers. As in this case, in Hamidi, the plaintiff seemed more concerned about the content or peripheral effects of the emails, rather than any effect the emails had on plaintiff's servers.

Related:

The case also brings to mind the contempt order slapped on "television-pitchman" Kevin Trudeau. Trudeau was a defendant in a case brought by the FTC who exhorted "his radio and web followers to deluge U.S. District Judge Robert Gettleman with e-mail" in an attempt to persuade the judge to side with Trudeau in the FTC proceeding. Judge Gettleman found that this interfered with his administration of justice, and sentenced Trudeau to 30 days. That decision is on appeal to the Seventh Circuit. (See coverage from Wired's Threat Level blog here.)

Another union activity case which Prof. Goldman blogged about recently (in that case, involving trademarks) is Cintas v. Unite Here ("Union Organizers' Activist/Gripe Sites Don't Support Trademark Claims").

UPDATE FROM ERIC: This case also vaguely reminds me of the Utube v. YouTube lawsuit, where Utube claimed that YouTube was trespassing its domain name because people were lousy spellers.

Posted by Venkat at 11:28 PM | Privacy/Security , Spam

How Much Does 1-800 Contacts Hate Competitive Keyword Advertising? $1.1M Worth!?

By Eric Goldman

Rader Fishman & Grauer PLLC v. 1-800 Contacts, Inc., 2:10-cv-00191-TS-DN (redacted complaint filed March 30, 2010; answer and counterclaim filed March 25, 2010; counterclaim answer filed April 19, 2010)

1-800 Contacts has been a repeated guest star on this blog, principally for their duplicitous attitudes towards keyword advertising. 1-800 Contacts has used competitive keyword advertising in the past and was part of a coalition that helped scuttle Utah's second attempt at regulating keyword advertising. On the other hand, 1-800 Contacts was a major player in Utah's third attempt to regulate keyword advertising, and it has been an aggressive plaintiff in numerous lawsuits against competitive keyword advertisers, including the infamous 1-800 Contacts v. WhenU case and numerous obscure lawsuits that no one is closely watching.

We get an inside look at 1-800 Contacts' litigation against competitive advertisers through the filings in Rader Fishman v. 1-800 Contacts. Rader Fishman was one of 1-800 Contacts' "go to" law firms until a key partner switched to a different law firm (Holland & Hart), and 1-800 Contacts made the switch with him. This left the small matter of 1-800 Contacts' outstanding bills, totaling over $650,000. An amount that size is enough to get a law firm to bring a collections action, even if malpractice counterclaims are inevitable.

What really catches my attention, however, is the fee agreement between Rader Fishman and 1-800 Contacts in the Lens.com enforcement action, one of numerous 1-800 Contacts' lawsuits against competitive keyword advertisers. Although the number is redacted in the complaint, 1-800 Contacts' answer (para. 33) reveals that the law firm agreed to cap fees in that litigation at $1.1M.

Wait a minute...what??? How much for a keyword advertising enforcement action? Either the contact lens business is extraordinarily lucrative, or 1-800 Contacts made a really bad business call. As I have repeatedly said, trademark owners should view competitive keyword advertising lawsuits as an investment and measure their ROI accordingly. I haven't seen the numbers, but I'm super-skeptical that the value of the consumers "diverted" (whatever that means) by Lens.com's competitive keyword advertising is more than $1.1M--especially after 1-800 Contacts avails itself of the search engine trademark policies. Of course some or all of this difference could be made up by a damages award from Lens.com--if it wins and can collect--but even then I'm skeptical that the total expected value of this litigation was, or is, cost-justified.

Meanwhile, 1-800 Contacts could have taken the same $1.1M and poured it into advertising for itself. It could have invested the money to improve its products/services, which would enhance its overall competitiveness. 1-800 Contacts could have reduced its prices by $1.1M and stimulated more consumer demand. Heck, 1-800 Contacts could have used the $1.1M to select and switch to a more defensible trademark than its current crummy one. Instead, they've spent more than enough money to buy their outside lawyers a very, very nice new boat (...if the outstanding bills ever get paid...). And with $1.1M on the line for just one of several enforcement actions, it makes more sense why 1-800 Contacts flip-flopped on the Utah legislature and advanced protectionist legislation that would make its life easier--and cheaper.

Posted by Eric at 10:01 AM | Marketing , Search Engines , Trademark | TrackBack

May 18, 2010

A Jury Verdict That Competitive Keyword Advertising Isn't Trademark Infringement--College Network v. Moore

By Eric Goldman

College Network, Inc. v. Moore Educational Publishers, Inc., 2010 WL 1923763 (5th Cir. May 12, 2010). The jury verdict form from January 2009. The district court's final judgment from June 2009.

In December, I blogged about the Fair Isaac v. Experian case, which I thought was the first jury verdict on trademarked keyword advertising. I now stand corrected on two fronts.

First, although the decision came after the jury trial, the judge made a bench ruling that Experian had not committed trademark infringement by buying competitive keyword advertising. Rebecca has some additional updates on the case.

Second, I've since discovered an earlier case, College Network v. Moore Educational Publishers, which had a January 2009 jury finding that competitive keyword advertising doesn't constitute trademark infringement (see the qualifications below). This jury verdict appears to have gone unnoticed, as I could not find any press coverage of the district court proceedings. In fact, I learned about it only because the case was appealed and the Fifth Circuit upheld the dismissal of the trademark claims.

Unfortunately, the three documents linked in my intro paragraph don't completely explain the alleged trademark infringement. The Fifth Circuit ruling summarizes the situation by saying that the advertiser "had purchased the phrase 'The College Network' from Google and Yahoo as a search-engine keyword to summon MEP’s sponsored-link advertising." The advertiser responded that the trademark owner had bought the advertiser's trademarks as well (which would be consistent with keyword advertising plaintiffs' frequently duplicitous behavior), but this allegation wasn't pursued and appears to be immaterial.

Now the provisos on the jury ruling: the jury verdict probably was skewed by the trial court's ruling (pre-Rescuecom) that the advertiser did not make a use in commerce. So where the jury verdict form indicated that the advertiser didn't infringe the trademark, it's unclear if this was based on the jury's finding of no likelihood of confusion or a lack of use in commerce.

On appeal, the Fifth Circuit sidesteps the use in commerce question and says that "the evidence does not compel a finding of likelihood of confusion"--a conclusion that the court weakly explains as it rejects many of the trademark owner's arguments on procedural technicalities. However, in a footnote, the Fifth Circuit partially explains:

In any event, sufficient evidence supported the jury’s finding of no likelihood of confusion under the Fifth Circuit test. MEP and Moore presented extensive documentary evidence on the issue. The jury was permitted to view the keywordsearch process and visually compare the companies’ websites. TCN’s own expert testified as to lack of actual confusion. The evidence does not point so “strongly and overwhelmingly in favor” of TCN that a reasonable jury could not arrive at a contrary verdict.

I haven't parsed through the lower court proceedings to see how the trademark owner's expert (Otto Wheeler, presumably this gentleman) undercut his client's case, but the Fifth Circuit's characterization sure doesn't sound good. Perhaps there should be a motto among litigation experts similar to a doctor's ethical tenet: First, Do No Harm.

[UPDATE: I received a letter from Otto Wheeler saying that the Fifth Circuit opinion mistakenly identified him as the expert providing the unsuccessful opinions. He says he only opined on damages. Instead, he suggests Howie Jacobson, PhD provided the expert opinion which failed to impress the court.]

The trademark owner's loss is doubly ironic because the Fifth Circuit mostly upheld the lower court's conclusions that it owes the advertiser (and its principal) approximately $700k on a defamation counterclaim. Perhaps the advertiser would have sued the trademark owner for defamation no matter what, but a counterclaim was apropos once the trademark owner decided to dance in court. So once again, a trademark owner kicks off a keyword advertising fight only to end up writing a check to the defense. Smart move, guys.

Posted by Eric at 10:35 AM | Marketing , Search Engines , Trademark | TrackBack

May 17, 2010

FTC Busts Check-Issuing Website for Unfair Practices--FTC v. Qchex

By Eric Goldman

Federal Trade Commission v. Neovi, Inc., 09-55093 (9th Cir. May 14, 2010)

Qchex allowed registered users to create and send checks via a website. Initially, users could submit bank account information and payee information, and Qchex would manufacture a check and send it (in some cases physically, in other cases electronically, depending on the sender's request) to the payee. Given that bank account information is widely available (i.e., it's on every check we send and receive), it sounded like it was trivially easy for fraudsters to submit other people's bank information and send an official-looking check drawing on an innocent bystander's account. These bogus checks can wreak havoc on the payment system when they are presented and then bounce (or worse, clear). According to the opinion:

Indeed, over a six-year period, Qchex froze over 13,750 accounts for fraud. Those accounts spawned nearly 155,000 checks, supplied over 37,350 bank account numbers, and were the source of checks totaling more than $402,750,000—an amount more than half of the total drawn during that time.

Eventually, Qchex enhanced its security procedures to deposit a small amount in a bank account and then require the accountholder to report that amount back to Qchex to authenticate the account. For a variety of reasons, this authentication procedure did not eliminate fraud.

The FTC pursued Qchex for unfair trade practices under Section 5 of the FTC Act. Qchex defended on lack of causation, saying the users supplied the relevant information and therefore were responsible for the bum checks. The court's response:

Qchex created and controlled a system that facilitated fraud and that the company was on notice as to the high fraud rate. Qchex’s approach would immunize a website operator that turned a blind eye to fraudulent business made possible only through the operator’s software. Even if the creation of the checks was impossible without user input, that does not mean Qchex did not create the checks that it later delivered.

(I dig the double/triple/quadruple negative in the last sentence. Say what?)

Even if the court's statement is true, isn't this exactly what 47 USC 230 was supposed to immunize? Amazingly, 230 isn't referenced in the opinion at all, although the court does cite the 230-based Accusearch case in support of its conclusion. It's not like 230 was unfamiliar to this panel; the opinion author is Judge McKeown, who also authored a pro-230 dissent in the Roommates.com en banc case.

Put the doctrinal finery to one side for a moment. We know Qchex has to go down for its sloppy authentication processes and the calamitous effect on our banking system. Fine. But the legal reasoning in support of this takedown is troubling. First, it's based on Section 5's unfairness restrictions, a lightly used prong because "unfairness" is unbelievably subjective and malleable. Second, it's based on some type of but-for causation theory, which applies universally to many service providers throughout the Internet (i.e., without PayPal, there would be no PayPal fraud). Third, the courts gave typical deference to the FTC—but perhaps too much deference. Finally, the causation discussion superseded any discussion about 47 USC 230--a conspicuous omission given that Qchex's whole system was premised on user-supplied content.

Having said that, it's not clear that Qchex’s 230 defense would have succeeded. The court emphasizes that liability is due to Qchex's conduct, not its users’. The court says "Qchex caused harm through its own deeds—in this case creating and delivering unverified checks." I expect any other businesses manufacturing inadequately authenticated fake checks will suffer a similar fate. However, I’m not sure this explanation adequately distinguishes between first party and third party content/actions.

It will be interesting to see how the plaintiffs try to misuse the language I quoted above for other types of claims. For example, replace the word “fraud” with “defamation” and see how the language reads. My hope is that the courts will entertain such citations only in FTC Act unfairness cases and not others, but I expect plaintiffs will try to expand its scope nonetheless.

This case brought to mind an old blog post on a site called "Cheezus," which provided a tool that people could use to create and print fake newspaper articles about another person's sexual misconduct. (Unlike Qchex, the user printed the resulting article). Cheezus caught my attention when a mischievous teen used the tools to prank his teacher and got disciplined. I thought the site was irresponsible, but under this rationale, is the Cheezus tool also illegal because it engaged in Sec. 5 unfair practices? If not, why not?

Posted by Eric at 01:55 PM | Content Regulation , Derivative Liability , E-Commerce , Privacy/Security | TrackBack

May 14, 2010

MySpace Profile Evidence Inadmissible to Show Defendant Committed 'Gangster Style' Robbery -- U.S. v. Phaknikone

[Post by Venkat]

U.S. v. Phaknikone, Case No. 09-10084 (11th Cir.) (May 10, 2010)

Defendant Phaknikone was convicted of seven counts of armed robbery, carrying a firearm in relation to a crime of violence, and having possession of a firearm as a felon.

The government argued that the robberies shared a signature trait - they were committed by a common culprit whose signature trait was to "rob the banks like a gangster" (??):

the robberies lasted less than three minutes and involved one or two masked robbers who carried guns and shouted profanities at bank tellers. One of the robbers vaulted the teller counter, demanded that the tellers empty their cash drawers, and sometimes instructed them not to give him any "ink think" or "funny money." In each robbery, at least one robber wore a black ski mask, a hooded sweatshirt, white-topped gloves, black athletic shoes, and held his handgun 'gangster style' in his left hand.

The government sought to admit defendant's profile page, subscriber report, and two photographs, all from his MySpace account. Defendant's profile name was listed as "Trigga," and his profile page contained photographs and $100 bills that floated down the screen. "The song 'Smile' by . . . Tupac plays in the background." He had also uploaded photos through his account, including one where his left arm was hanging out of a car window and he was holding a handgun in his right hand.

There was some back and forth with the district court and the government's argument was that the profile page and other information was admissible to establish that "this is who the defendant really is":

So I guess you can call it character, but you can also call it bank robber . . .

The district court expressed some hesitation at which point the government offered a redacted version of the profile report, and some of the profile photographs. The district court admitted the redacted version, and some of the photographs.

On appeal the Eleventh Circuit holds that admission of the MySpace profile and subscriber information was an abuse of discretion. The government pressed its argument that the MySpace evidence served to prove modus operandi - i.e., that "someone who shows off a gun in his car would commit the seven bank robberies":

The MySpace evidence therefore was properly admitted for the jury to consider in determining the identity of the defendant as a masked, semiautomatic hand gun wielding, gangster-imitating, profane-language-speaking bank robber described by the victims and eyewitnesses of the robberies. [emphasis mine]
Not surprisingly, the court squarely rejects this argument.

Related:

Evan Brown (Oct. 15, 2009): "MySpace posting was not improper character evidence at murder trial"
Prof. Goldman (Apr. 18, 2010): "MySpace Postings Foil Another Litigant--Sedie v. U.S."

Posted by Venkat at 11:26 AM | General

May 13, 2010

LimeWire Smacked Down for Inducing Copyright Infringement--Arista Records v. Lime Group

By Eric Goldman

Arista Records LLC v. Lime Group LLC, 2010 WL 1914816 (S.D.N.Y. May 11, 2010)

This is one of the rare cases where the news reports mostly got it right. Plain and simple, the record labels won a decisive copyright infringement victory against LimeWire, its chairman and its principal investor. There is no way that the defendants can spin this ruling as good news on any front.

However, this case also doesn't tell us much about the law that we didn't already know. LimeWire was a bit of an anachronism. It is a P2P file sharing system built in 2000 on the Gnutella platform, and therefore it invites a fairly straightforward application of the Supreme Court's Grokster ruling.

Furthermore, as I explain to my students, there is "normal" copyright law and then "P2P file sharing" copyright law, and it's a mistake to think those two legal doctrines are closely related. As this case reinforces, judges will find a way to interpret copyright law to smack down P2P file sharing systems unless those system operators somehow can manage to thread the contributory/vicarious/inducement needle. Given that it had made many of the most damning choices before 2005 (i.e., before the Grokster ruling provided some important clarification), LimeWire really had no chance.

The court's inducement analysis illustrates its smackdown imperative. The court says "the following factors, taken together, establish that LW intended to encourage infringement by distributing LimeWire: (1) LW’s awareness of substantial infringement by users; (2) LW’s efforts to attract infringing users; (3) LW’s efforts to enable and assist users to commit infringement; (4) LW’s dependence on infringing use for the success of its business; and (5) LW’s failure to mitigate infringing activities." Deconstructing the language, this is really just a fancy way of saying that LimeWire operated a P2P file sharing system. And the problem is compounded by LimeWire's venerability. A lot of the evidence of inducement comes from pre-2005 evidence of bad intent, which more "modern" file sharing systems would not have based on their learnings from the Grokster ruling.

On the substantial infringement by users, the court relied on an expert report (challenged by LimeWire, but those challenges were rejected):

Dr. Waterman analyzed a random sample of files available on LimeWire, and determined that 93% of those files were protected or highly likely to be protected by copyright, and thus not authorized for free distribution through LimeWire. (Waterman Report, 2-3.) Dr. Waterman also analyzed the rate at which the sample files were requested for download by LimeWire users. Based on this analysis, he estimated that 98.8% of the files requested for download through LimeWire are copyright protected and not authorized for free distribution.

Thus, like Grokster, there is a certain realpolitik to this decision. The court simply couldn't ignore a large P2P service that was used so predominately for infringement.

The court also reinforces that a service's marketing efforts can be used against it. In this case, the court looks at LimeWire's AdWords keyword advertising campaign and finds that the campaign indicated that LimeWire was trying to compete against other "bad" P2P file sharing services:

From 2002 to 2006, LW conducted a marketing campaign through Google AdWords, whereby Google users who entered certain search queries, such as “replacement napster,” “napster mp3,” “napster download,” “kazaa morpheus,” “mp3 free download,” and dozens of other phrases containing the words “napster,” “kazaa,” or “morpheus,” would see an advertisement leading them to the LimeWire website.

Notice that none of the keywords specifically targeted words that directly confirm a user's desire to infringe. Instead, the keywords indicate a taint by association--LimeWire signaled that it was competing for the same users as Napster, KaZaA and Morpehus, all systems that have been trashed by other courts.

The court also reinforces (consistent with the discussion in Columbia v. Fung) that a service's efforts to provide its users with useful organizing metadata will be held against it based a chain of inferences about bad intent:

A number of LimeWire’s genre categories – including “Classic Rock,” “SoundTrack,” and “Top 40” – relate specifically to popular music and inevitably guide users to copyrighted recordings.

One unusual tidbit: the court says that the common law copyright claims (for sound recordings made before 1972) are equally eligible for inducement as the federal copyright claims.

The court also pierces the corporate veil and holds LimeWire's chairman and its majority investor (the Lime Group, also closely tied to the CEO) liable for LimeWire's inducement. If you're looking for a paper topic, I'd love to see some clarification about when courts will pierce the corporate veil in copyright cases and how that compares to corporate veil-piercing in other tort contexts.

While the court treats this as an easy inducement case, the court denies summary judgment on the contributory copyright infringement claim because it needs more facts on the LimeWire's capacity for substantial non-infringing uses. This is a logical punt given the Supreme Court's deadlock on this issue in Grokster.

The court rejects LimeWire's summary judgment on vicarious copyright infringement, saying (among other things) "There is substantial evidence that LW had the right and ability to limit the use of its product for infringing purposes, including by (1) implementing filtering; (2) denying access; and (3) supervising and regulating users." In other words, LimeWire ran a P2P file sharing system. Note that these 3 elements are true with every online service, but I think the court meant to say that these factors only matter when applying P2P file sharing copyright law, not normal copyright law. Although the plaintiffs didn't ask for summary judgment on the vicarious claim, it appears the court will entertain the plaintiff's motion.

As usual in P2P file sharing system cases, the 512 safe harbors were completely irrelevant to the discussion and not even referenced by the court.

Posted by Eric at 12:04 PM | Copyright , Derivative Liability | TrackBack

4th Cir.: No Expectation of Privacy in Internet and Phone Subscriber Info -- U.S. v. Bynum

[Post by Venkat]

United States v. Bynum, Case No. 08-4207 (4th Cir.) (May 5, 2010)

The FBI observed Marques Bynum's activities in a Yahoo! chat room. Bynum had uploaded photos of children engaged in sex acts. The FBI served an administrative subpoena on Yahoo! seeking the subscriber information and IP address associated with Bynum's profile. Based on the information provided by Yahoo!, the FBI identified the internet service provider associated with the IP address (UUNET). The FBI then subpoenaed UUNET and obtained the email address and telephone number for the customer associated with the IP address. Finally, the FBI subpoenaed the phone and internet companies that operated the dial-up service used by the user, which revealed the "physical address from which the uploads emanated" (which happened to be the defendant's mother's house). The FBI also accessed publicly available information from the defendant's Yahoo! chat profile such as his photo, demographic information, and interests.

The defendant made what appeared to be a half-hearted argument that the Government's use of administrative subpoenas (which precluded disclosure of the subpoenas to the defendant) to obtain his subscriber information violated his Fourth Amendment rights. The court rejects this argument, noting that there was no evidence that defendant "had a subjective expectation of privacy in his internet and phone 'subscriber information' . . . ." He voluntarily provided the information to his internet and phone companies and "assumed the risk" that these companies would reveal this information to the authorities. Even if he was able to show that he had a subjective expectation, he would not be able to show that this expectation would be objectively reasonable. The court notes that "every federal court to address this issue has held that subscriber information provided to an internet provider is not protected by the Fourth Amendment's privacy expectation." Finally, the court footnotes the fact that the defendant did not allege a privacy interest in the IP address the FBI initially obtained from Yahoo!.

As this Ars Techinca article notes, although the New Jersey Supreme Court took a slightly different approach (and required a grand jury subpoena based on the state constitutional right of privacy and the fact that the IP address-identity connection is sufficiently private to warrant some protection) federal cases pretty uniformly follow the approach taken by the Fourth Circuit in this case. In light of the case law, the court's decision does not seem surprising. That said, as someone who doesn't follow the case law very closely in the criminal context, I was surprised at how easy it is for the government to track down your IP address, and through that, your account information and personal details (email address, street address, etc.). From what I understand, an "administrative subpoena" - which was used in this case - is nothing more than a letter from the FBI.

Related:

Tom O'Toole blogged recently about a file sharing (civil) case where subpoenaed Doe defendants unsuccessfully fought to remain anonymous: "File Sharers Have Little But Not Zero Privacy"

A 2009 MediaPost article discusses a decision by Judge Jones of the Western District of Washington where Judge Jones ruled that IP addresses are not "personally identifiable information": "IP Addresses Are Not 'Personally Identifiable' Information"

FourthAmendment.com covers U.S. v. Bynum: "CA4: No reasonable expectation of privacy in subscriber info with ISP"

Posted by Venkat at 11:49 AM | Privacy/Security

May 11, 2010

Internet Access Provider & Blocklist Publishers Denied 230(c)(2) Immunity for Anti-Spam Efforts

By Eric Goldman

Smith v. Trusted Universal Standards in Electronic Transactions, Inc., 2010 WL 1799456 (D.N.J. May 4, 2010)

It's usually a drag to read opinions in pro se lawsuits. Most of the time, the litigant gets flattened mercilessly. Occasionally, however, the judge bends over backwards to give the litigant the benefit of the doubt. Either way, the opinions are messy and untrustworthy.

This case fits that description. The judge says he can't figure out the facts from the complaint. but here's his best guess. It appears that Smith is a Comcast Internet subscriber. Comcast blocked his outgoing mail twice because he was allegedly sending spam. When pressed why it thought Smith's emails were spam, Comcast pointed the finger at IronPort (owned by Cisco), who in turn pointed the finger at Spamhaus. Smith then filed a "Consumer Watchdog" complaint against Comcast with TRUSTe (misnamed as the lead defendant).

Independently, Microsoft put Smith's email server on its Frontbridge blocklist. Smith separately filed a TRUSTe complaint against Microsoft for that. Smith ultimately decided to sue TRUSTe, Comcast, Cisco and Microsoft for 8 different legal violations in one big litigation fiesta.

Smith's claims go nowhere. The court dismisses all of them with leave to amend the complaint, so the story turns out largely happily for the defendants. Unfortunately, the plaintiff does get one more chance, and he even attached a massive 404 page (!) draft amended complaint. (Note: this is 404 pages, not a 404 error, although it certainly is an error). The court reminds the plaintiff that the rules require a short and plain statement of the claims.

Along the way, the court reaches a decidedly defendant-unfriendly conclusion by rejecting Comcast's, Cisco's and Microsoft's 230(c)(2) defense, the statutory immunity for online filtering decisions--and the often overlooked cousin of 230(c)(1) which I have blogged about many times. Worse, the court reaches its conclusion in the face of several clearly applicable precedent cases. In my opinion, this is an example of how Smith's pro se status causes the court to be overly cautious…to the point of reaching the wrong result.

The court starts off right by concluding that spam could qualify as "otherwise objectionable" content under 230(c)(2) (cite to e360insight v. Comcast). Doing a light ejusdem generis analysis, the court says "nothing about the context before or after that phrase limits it to just patently offensive items."

However, Comcast is denied 230(c)(2) on a motion to dismiss because Smith alleged that Comcast acted in bad faith. In support of this, Smith alleged that Comcast told him that they didn't mind his emails, but he just needed to upgrade to a more expensive subscription. The court says if this is true, "Comcast was not concerned that people were receiving large quantities of emails, or concerned about the content of the emails, but rather was concerned that Plaintiff had not purchased a sufficient level of service. This is not a good faith belief that the emails were objectionable, but rather a belief that they violated a service agreement."

This is a garbled statement at best. What I think the court was trying to say is that Comcast had a pink contract that allowed spam if the user paid enough money, and Smith hadn't gotten a pink contract. If so, then I can see the court's point that Comcast is being duplicitous arguing that spam is objectionable content because Comcast's assessments could be bought.

I was uncomfortable with the court's almost off-hand reference that "One would expect that if an interactive computer service had acted in good faith, it could and would come forward with the legitimate basis for its actions when questioned (though the Court is not suggesting they must do so)." First, as the court notes, this is a motion to dismiss, so Comcast can't proffer new evidence. Second, this is a burden-shift. As regular readers know, I believe 230 is an immunity against suit, not an affirmative defense, so the plaintiff has the burden to show why the service provider did not possess the requisite subjective good faith when making its filtering decision. It's not Comcast's responsibility to prove its own subjective good faith beliefs. (How does one prove those in any case?)

Cisco and Microsoft both published blocklist-type information. They try to fit into 230(c)(2)’s statutory definition of "access software providers," which requires them to show that they "provide or enable computer access by multiple users to a computer server." This issue was litigated in the Zango v. Kaspersky case, where Kaspersky distributed anti-spyware software that phoned home for new definitions. The Ninth Circuit said that the phone home feature satisfied the statutory requirement. In contrast, the court appears to say that pure blocklist publishers (i.e. those who do not distribute accompanying software with a phone home capacity) do not; this reading effectively kicks blocklist publishers out of the statute.

As the court acknowledges, this conclusion seemingly conflicts with the 2004 OptInRealBig decision, where the court held that IronPort as a blocklist publisher qualified for the statute because it was a user of an interactive computer service. The court doesn't explain why IronPort doesn't still qualify as an ICS user except to say that IronPort didn't make the requisite showing. The court also does not note that the OptInRealBig case was a 230(c)(1) decision (not a 230(c)(2)) because IronPort republished third party reports, and that should have applied here as well. The court also does not address the extensive 230(c)(1) precedent effectively treating online content publishers (which would include blocklist publishers) as "users" of ICSs, ranging from Barrett v. Rosenthal to the implicit conclusion in Novins v. Cannon.

More specific to 230(c)(2), the court doesn't explore either Pallorium v. Jared or MAPS v. Black Ice (an old 2000 case), both of which arguably contradict this particular conclusion in the 230(c)(2) context. Thus, because the court did not engage the applicable precedent, was overly solicitous to a pro se litigant, and knew that its discussion was dicta because it was ruling for the defendants anyways, the court chunks the analysis.

For more on 230(c)(2), see my 230(c)(2) talk notes from last summer.

One other noteworthy aspect of the ruling. Smith alleges that Comcast breached its privacy policy, but the court dismisses the contract claim because he doesn't show any loss from the alleged breach. This is yet another case holding that merely breaching a privacy policy isn't an actionable contract breach without more. See, e.g., the cited JetBlue case.

UPDATE: John Levine provides some perspectives about what might have happened.

Posted by Eric at 10:37 AM | Content Regulation , Derivative Liability , Privacy/Security , Spam | TrackBack

May 10, 2010

Geographic Trademark Leads to Interesting (& Tortured) Injunction--Skydive Arizona v. Quattrocchi

By Eric Goldman

Skydive Arizona, Inc. v. Quattrocchi, 2010 WL 1743189 (D. Ariz. April 29, 2010).

A jury found that the defendants had committed trademark infringement, false advertising and cybersquatting and awarded $2.5M in damages, which the judge doubled. Unfortunately, the court's opinion does not precisely spell out what the defendants did wrong. This story gives a little background,and this site shows that the defendants are pretty unpopular. The opinion indicates there was testimony that the defendants had sold bogus gift certificates for the plaintiffs' offerings and had offered inferior services using the same name as plaintiffs'. The court also says "numerous websites operated by Defendants falsely claimed Defendants owned or operated skydiving centers in Arizona, Phoenix, Tempe, Scottsdale, Mesa, Glendale, Yuma, Flagstaff, Chandler, Peoria, and Tucson when Defendants neither owned nor operated any such facilities. Additionally, the Court found that Defendants engaged in unfair competition by using photographs of Plaintiff's business on their website."

The main trademark at issue appears to be "Skydive Arizona," one of those lousy trademarks that sits right at the border of descriptive and generic. See, e.g., the Boston Duck Tours case. With such a crummy trademark at issue, the court sliced injunctive relief carefully. On the question of Internet marketing, the court says:

Plaintiff also requests that this Court prohibit Defendants from using the “Skydive Arizona” trademark or other confusingly similar terms in links or keywords on their websites. The Court finds that such relief is appropriate, especially because Defendants' business primarily utilizes the internet, and will extend Plaintiff's request to include the phrases “Arizona Skydiving” and “Skydiving Arizona” as well. Persons searching for Plaintiff's business should not be erroneously led to Defendant's website due to these marks placement in a meta tag or other link on Defendant's websites. See, e.g., Bernina of America, Inc. v. Fashion Fabrics Intern., Inc., 57 U.S.P.Q.2d 1881, 1884 (N.D.Ill.2001) (preliminarily enjoining defendant from using plaintiff's trademark in meta tags); DeVry/Becker Educ. Dev. Corp. v. Totaltape, Inc., 2002 U.S. Dist. LEXIS 1230, *7-8 (N.D.Ill. Jan. 22, 2002) (enjoining use of plaintiff's trademark in internet links and keywords, and “in any other manner in connection with the internet that would cause consumers to believe erroneously that [defendant's] goods or services are somehow sponsored by, authorized by, licensed by, or in any other way associated with [plaintiff]”.). In taking this step, the Court is not unaware of Defendants' concerns that the generic nature of the words “skydive” and “Arizona” will unfairly prevent Defendants from practicing their business in Arizona. The injunction, however, is not a blanket prohibition against using these words on its website or in meta tags. It merely prohibits Defendants from using “Skydive Arizona,” “Arizona Skydiving,” “Skydiving Arizona,” and any other combination of those words that is confusingly similar to that mark. There is, for example, a difference between using those words in combination as proper nouns, and merely utilizing them individually or in the course of a sentence. The former, depending on the circumstances, is likely prohibited by this injunction, but the latter usage probably is not.

This translates into the following injunction:

from using the trademark “Skydive Arizona,” or any marks that are confusingly similar to or colorable imitations of that trademark, and from using “Skydiving Arizona,” and “Arizona Skydiving,” on or in connection with or as part of any website, including in meta tags, keywords in pay-for-placement or payfor-rank search engines, in source code or other computer code, for the retrieval of data or information or as search terms, in the domain names of any websites, in any titles, headings, statements, links or other text appearing on any page of any website in any location on any websites registered, owned, or used, directly or indirectly, by any of the Defendants

I find the fretting about metatags anachronistically amusing (in a cynical way), but I wonder about the specific contours of this injunction. For example, is it a violation for the defendants to broad-match "skydive" or "skydiving" and geographically restrict the ad to Arizona? It also appears that the site can include statements like "Skydiving in Arizona" or "If you're in Arizona and want to skydive, visit us." I appreciate that the judge recognized the speech restriction concerns of an overbroad injunction, but these types of language contortions are a good sign that the trademark may not have deserved the protection it apparently is getting.

The court also rejected some other overreaching plaintiff requests, such as that the defendants be barred from using the word "Arizona" in any domain name or website and limiting the defendants to operating only 1 skydiving-related website. The defendants also get to keep skydivinginarizona.com.

Posted by Eric at 02:09 PM | Domain Names , Search Engines , Trademark | TrackBack

May 09, 2010

Updates to the Outed Judge-Commenter's Lawsuit Against the Plain Dealer -- Saffold v. Plain Dealer

[Post by Venkat]

I posted a while ago on the lawsuit brought by Judge Saffold against the Plain Dealer newspaper where she alleges the newspaper improperly outed her as a commenter in breach of its privacy policy.

A few updates:

1. Judge Saffold Removed: Judge Saffold was presiding over a serial murder case, and among other things, she was accused of making comments about case on the Plain Dealer's website. At the defendant's request, she was removed from the case.

2. Comments by "lawmiss" on Other Sites: The Plain Dealer reports (in a detailed article) that a commenter with the same username as Judge Saffold ("lawmiss") made comments on other sites, including those that allegedly "target Arabs, Asians, others."

3. A Second Username for Judge Saffold?: The Plain Dealer (again) reports that "other commenters on cleveland.com have noted a similarity between the lawmiss comments and postings under the username 'governmentwatcher.'"

4. Judge Saffold's Unpaid Parking Tickets: The Plain Dealer also reports that Judge Saffold has over $1000 in "fines and late fees for city of Cleveland traffic and parking tickets." (via Volokh Conspiracy)

5. Judge Saffold's Work Computers Removed: The Plain Dealer subpoenaed Judge Saffold's work computers which were removed from her chambers.
___

The Plain Dealer, which reported on all of these stories, seems to be engaged in a media war against the judge. To me, this just highlights the tricky situation the Plain Dealer was in in the first place, by having access to Judge Saffold's account particulars. To the extent they as a media entity have access to information, the temptation to use it will be strong, and tough to resist. Also, the Plain Dealer is providing Judge Saffold ample ammunition to argue that the Plain Dealer was being vindictive, and if it's found to be liable, this may not help the damage calculus. (They're certainly not abiding by the "less is more" rule.) On the other hand, a plaintiff who brings claims revolving around his or her reputation can expect to have everything in his or her background dredged to the surface. If Judge Saffold is found to have been the prolific online commenter that the Plain Dealer says she is, this is not going to do wonders for her reputation, which has probably already suffered some damage following the lawsuit.

Two other posts that I came across that are worth checking out: (1) "Judge Suing Newspaper for Breach of Web Privacy Agreement Over Being Outed as Author of Anonymous Comments" (this post by Professor Volokh and the comments to the post highlight the fact that there's no clear answer under the policy) and (2) "Unmasking a Judge’s Anonymity: Saffold v. Plain Dealer Publishing Co" (this post by Professor Solove discusses the various legal claims, and also points in the direction of no clear answer, at least on the privacy policy issue).

Finally, Professor Goldman was on a Berkman Center panel that briefly discussed this case, along with a host of other issues faced by those who build and maintain online communities [YouTube link]: "Building and Managing Online Communities: Anonymity, Defamation and Privacy, Oh My!" The panel is well worth checking out.

Posted by Venkat at 10:39 PM | Publicity/Privacy Rights

May 06, 2010

Brazil's Proposed Internet Regulation--an Update (That's Actually Good News) (Guest Blog Post)

by Guest Blogger Marcel Leonardi

Some fantastic news: in response to the waves of criticism toward the proposed notice and takedown regime that might have curbed online speech in Brazil - see my prior blog post - the Brazilian Ministry of Justice has announced a completely different system for online service provider liability and content removal.

According to the new system, online service providers are only liable for third-party content if they do not comply with a takedown order issued by a court of law. In addition, the proposed notice and takedown system is completely gone: instead of a simple request from the alleged victim, a court order will be mandatory to take down alleged harmful content, requiring a prima facie analysis of said content by a judge.

This does not mean, however, that online service providers cannot do anything unless ordered by a judge. In fact, online service providers can still remove any content on their own if it violates their terms of service or for any other legitimate reason. It is also worth noting that other Brazilian laws may require that Internet intermediaries take down specific illegal content as soon as they are made aware of its existence, as is the case of child pornography.

This is the text of the new article 20 of the bill:

An Internet service provider shall only be held responsible for damages resulting from content created by a third party if, after receiving a related court order, it does not take measures to render unavailable (within the scope of its services and within the timeframe specified) the content identified as infringing.

This new system acknowledges that removing true harmful content from the Internet is a legitimate goal and also recognizes that determining what is legal or illegal is a task best left for the courts, not to the whim of users or ISPs.

I am thrilled that all the criticism from civil society was heard and that quick measures were taken. This change in the text of the bill in such short time demonstrates that the public consultation regarding this bill is indeed very democratic and open to any helpful suggestions.

This bill also deals with some other equally important, different issues - data retention, net neutrality and judicial requests for user information, to name a few - and it is still open to discussion till May 23rd.

I would like to thank Eric Goldman and all readers of this blog for helping me bring awareness to this very important issue. Thanks to you, we may have a more balanced approach to Internet intermediary liability and online freedom of speech in Brazil.

Posted by Eric at 04:10 PM | Content Regulation , Derivative Liability | TrackBack

May 05, 2010

Asis Internet Awarded $2.5mm on CAN-SPAM Claims -- Asis Internet v. Rausch

[Post by Venkat]

Asis Internet Servs. v. Rausch, Case No. 08-03186 EDL (N.D. Cal.) (May 03, 2010)

Asis Internet was recently awarded summary judgment on its CAN-SPAM claims which it brought against a business known as "Find a Quote." Although not technically a default judgment, the defendant against whom summary judgment was entered did not respond to Requests for Admission (or otherwise participate). This may blunt the value of the ruling. Regardless, Asis certainly hit the jackpot, at least on paper.

Facts: Some facts about Asis and the case:

- it has "just under 1,000 internet access and email customers"
- four employees
- it receives 200,000 spam emails a day
- it costs Asis approximately $3,000 per month to "process" spam emails
- it maintains agreements with Postini, Falcon Knight and other vendors
- it brought claims based on 24,724 emails
- the emails were received "first on its filtering services . . . then transferred, processed and stored . . . "

Asis issues RFAs to defendant Heckerson, who failed to respond. Asis sent a follow up letter which also prompted no response. The court deems the facts that are the subject of the RFAs admitted and grants summary judgment.

The Court's Ruling:

Standing: The court concludes that Asis has standing. Unlike Gordon from Virtumundo, Asis actually has assets and provides a service, even if it's to a small group of people. (Gordon's "service appeared to be limited to using a control panel via an ordinary Internet connection through an ISP to set up email accounts . . . he had a nominal role in providing internet services.")

Adversely Affected: On the question of whether Asis was adversely affected, the court acknowledged that while Virtumundo did not decide whether there needed to be a "direct causal link" between the emails and harms, the court stated that there must be some sort of showing of relationship between the email and the harm (or that the emails contribute in the larger sense to ISP-type harms). Asis satisfied this element by showing that it paid $3,000 per month to "process" spam, it experienced network slow downs, its employees spent time assisting customers with the spam issue (22 hours), and Asis lost customers and revenue.

The CAN-SPAM Claims: Asis had included questions in its RFAs which pretty much went to the core question of whether defendants violated CAN-SPAM. The court relied on these facts. By failing to respond to the RFAs, Heckerson admitted that he "knew his affiliates were sending or hiring others to send commercial electronic mail advertisements with misleading information." He also admitted that he engaged in "a pattern and practice of using spammers to acquire sales leads." (Asis has litigated the affiliate liability issue before, and lost, against Epic Advertising (formerly Azoogle). See this article from MediaPost discussing the summary judgment ruling against Asis, where the court also found that Asis lacked standing.)

Damages: The damages were the most interesting part of the ruling. Asis sought $3,090,500.00 in damages (!) The court looked to the ruling in Facebook's case against Sanford Wallace where Facebook was awarded $711,237,650.00 for 14 million emails (or violations). The court also looked to the recent Tagged case where the court awarded Tagged $25 per violation for a total of $151,975. (The Tagged lawsuit drew this humorous response: "The Supreme Court of Irony Investigating Tagged.com Lawsuit.") The court found the Tagged scenario more analogous and awarded Asis $25 per violation of section 7704(a)(1) and $10 per violation of section 7704(a)(2), for statutory damages of $865,340.00. [The court briefly notes that it's not considering the issue of whether the statutory damage award would violate due process.]

The court also found that Asis put forth persuasive evidence that it is entitled to treble damages. First, it put forth evidence that defendant had to have engaged in harvesting emails because defendant obtained the names of email account holders, and the names or customer information attached to the emails did not exist anywhere else. This satisfies one of the aggravating factors under section 7704(b)(1)(A), entitling Asis to treble damages under 7706(g)(C). Asis also puts forth evidence that defendant used automated scripts to create email accounts from which it sent spam messages. This is an aggravating factor under section 7704(b)(2).

When all is said and done the court awards Asis a whopping $2,596,020.00.
___

This is more or less a default judgment so it's tough to know what to make of it. There are probably collectability issues lurking in the background that could turn this into a pyrrhic victory.

The fact that Asis "received the emails first on its filtering service operated by Postini, then transferred, processed and stored the emails on its server . . . " is interesting. So Postini does a fine job filtering out the spam received by Asis (maybe spam is not the grave $2.5 million problem Asis claims?). And Asis actually moves the messages from the spam filter to its own folder where the messages are "processed"? This brought to mind Judge Gould's concurrence in Virtumundo, which talked about how the common law "did not develop remedies for people who gratuitously create . . . circumstances that would support a legal claim and act . . . with the chief aim of collecting a damage award."

Either way, Asis deserves credit for soldiering on.

Posted by Venkat at 03:40 PM | Spam

Troubling Ruling About 47 USC 230 and Moderators--Cornelius v. DeLuca

By Eric Goldman

Cornelius v. DeLuca, 2010 WL 1709928 (D. Idaho April 26, 2010)

I blogged about this case last year. In that post, I described the situation:

DeLuca runs bodybuilding.com, a fitness website and online retailer. The plaintiffs sell dietary supplements ("syntrax," whatever that is). The plaintiffs allege that their competitors posted shill reviews to bodybuilding.com designed to harm the plaintiffs' business. The plaintiffs sued both bodybuilding.com and the putative shillers.

In the previous ruling, a Missouri judge dismissed without prejudice a civil conspiracy claim against bodybuilding.com per 47 USC 230. Since then, the case has been transferred to Idaho, and the plaintiffs have launched another foray against bodybuilding.com, alleging that bodybuilding.com is derivatively liable for a Lanham Act false advertising claim. The court sidesteps a number of interesting questions, such as how 230 interacts with a Lanham Act false advertising claim, to what extent Lanham Act false advertising claims support derivative liability, and how a derivative claim interacts with the printer/publisher defenses in the Lanham Act. Instead, the court reaches two conclusions in response to bodybuilding.com's 12(b)(6) motion to dismiss:

1) Even though bodybuilding.com uses third party moderators, bodybuilding.com is not liable for every posting made on the site. This is a correct ruling and fully consistent with 230's immunization of the editorial function.

2) However, allegations that a moderator posted one of the offending messages survives a 12(b)(6) motion to dismiss based on the allegations that the moderator was a representative of the site and posted the message within the scope of the representation.

My hope is that the court will see the error of conclusion #2 on summary judgment. There are a number of cases that have rejected this agency-style argument as a workaround to 230, including the cases I cited in the last post:

* Joyner v. Lazzareschi: conspiracy argued but not alleged
* Higher Balance v. Quantum Future Group: no "alter ego" liability
* Cisneros v. Yahoo: no "aiding and abetting" liability. Accord: Goddard v. Google
* Best Western v. Furber: no liability for co-website operator activities

More recently, Novins v. Cannon says that there can be only 1 online defamation defendant per case. I also note the questionable Delfino v. Agilent case, where the court found the employer had a 230 defense for its employee's rogue actions.

Should conclusion #2 be followed by other courts (a doubtful proposition), it puts further legal pressure on websites relying on third party moderators. I have already raised this concern in my post on the uncited Columbia v. Fung case, which had some gratuitous language about site admins and moderators that is consistent with this case. I wrote:

The court also attributes the statements of site admins and moderators to the defendants, such as the admins’ technical support to people looking for or downloading copyrighted works. This part of the opinion was especially troublesome. Generally, UGC site moderators are unquestionably independent contractors, not agents, so the website isn't automatically liable for their statements and actions. Here, the court finds an "apparent agency" relationship between the admins and moderators because "Defendants assign this status and give these individuals authority to moderate the forums and user discussions. These individuals were under the control of Defendants and assigned duties related to the administration of the web forums." I believe this is a bad ruling, both normatively and doctrinally (see contrary discussion in, e.g., the Furber and Higher Balance cases in the 230 context). I could see UGC sites deciding to crack down or even eliminate non-employee moderators based on the agency exposure suggested by this opinion.

I am hoping these two rulings are outliers that other courts won't follow. I really can't imagine Web 2.0 succeeding without a robust cadre of site admins and moderators helping self-police an online community.

The rest of the opinion is filled with interesting nuggets too. For example, there is an interesting discussion about the (non-existent) statute of limitations in Lanham Act cases. Regarding the posters' direct liability for their allegedly shill posts, Rebecca recaps the discussion. The short story is that the court concluded many of the posts were non-actionable puffery. In her own unique way, she explains why the discussion about the commerciality of the allegedly shill posts may be "not just odd and marginal, it is bizarrely wrong."

My favorite part of the opinion was the court's straight-faced discussion about whether calling someone a "Cornholio" is defamatory. Believe it or not, this is not the first opinion in Westlaw to use the term "Cornholio"--that "honor" is reserved for State v. Lane, 2006 WL 687949 (Ohio App. Ct. March 17, 2006), which described a person as walking with his shirt over his head, "Cornholio style." This court says:

Calling Cornelius "Cornholio" is not a statement of fact. Cornholio is the alter-ego of a cartoon character, Beavis, from "Beavis and Butt-Head." See Beavis, in Wikipedia, the Free Encyclopedia, http://en.wikipedia.org/wiki/Beavis, last visited on April 8, 2010 FN6. While being compared to Cornholio is not flattering, it is not a "specific and measurable claim." Nor can it be reasonably interpreted as a statement of objective fact.

In FN6, the court admits to being embarrassed to having to cite the Wikipedia entry: "The Court does not encourage citations to Wikipedia. However, in rare circumstances, citation to a pop-culture encyclopedia is necessary in order to explain a pop-culture character." In fact, the Wikipedia cite looks significantly better than the Urban Dictionary, the only other marginally credible cite I could see in the first page of my Google results.

Posted by Eric at 10:04 AM | Content Regulation , Derivative Liability , Marketing | TrackBack

May 04, 2010

Agence France-Presse Claims Twitter's Terms of Use Authorize Its Use of Photographs Posted to TwitPic -- Agence France-Presse v. Morel

[Post by Venkat]

Agence France-Presse v. Morel, Case No. 10-civ-2730 (S.D.N.Y.) (March 26, 2010)

The Agence France-Presse (AFP) is involved in litigation over photographs it acquired through Twitter. This could turn into a debacle for AFP, if it hasn't already reached that point.

Background: As described in the photographer's pleadings, Daniel Morel is a photographer who has significant experience working as a photojournalist in Haiti. In the aftermath of the earthquake, he took photographs. He then uploaded (through the help of a friend) some photographs to TwitPic. Another photographer based in the Dominican Republic (Lisandro Suero) apparently copied the images to his own TwitPic account and then purported to license the images. [correction: Suero is not a photographer and provided as contact information, a Dominican phone number (which would not work in Haiti).]

AFP obtained these images (through what it thought was a license from Suero), used the images itself, and then licensed the images to Getty for further distribution. Many publications ran the photos and credited AFP/Suero. Morel got wind of this and started sending around cease and desist letters. AFP then filed a declaratory judgment action asserting commercial defamation and seeking a declaration of non-infringement. Its argument on the issue of whether it had permission to use the photos was that AFP did indeed have permission, and this permission was based on a license contained in the Twitter terms of service! Morel turned around and filed counterclaims for infringement. (A bunch of other media entities are all embroiled in the dispute and they've been indemnified by AFP.)

Thoughts: As an initial matter, it's worth mentioning that if someone is found to have infringed, their good faith (while relevant to damages) is irrelevant to infringement. AFP's request for a finding of non-infringement does not argue that it obtained some sort of license from Suero that it turned out Suero was not capable of granting. Instead AFP argues that "by posting his photographs on Twitter, Mr. Morel was granting the requisite license to Twitter and third parties to use, copy, publish, display and distribute those photographs." There are two basic problems with AFP's position (that it obtained a license through the posting of images through Twitter).

First, as Mike Masnick at Techdirt notes, the images were uploaded to TwitPic, and not Twitter. These are two separate companies, and more importantly, their terms of use differ. TwitPic's terms of use are much more end user friendly. (At some point in the upload process, TwitPic says that the use of TwitPic is "subject to" Twitter's terms of service. To say the least, it's unclear which terms of service apply, and the average end user would most certainly point to TwitPic's terms of service if asked as to which set of terms apply.)

Second, even assuming Morel had uploaded the photos to Twitter, does AFP really believe that uploading the images equals granting a license to AFP to freely disseminate the images outside of Twitter's ecosystem, and for AFP to authorize third parties to disseminate the images? There's nothing in Twitter's terms of use which constitutes an automatic license to third parties to distribute content outside of Twitter's ecosystem. The terms say only that anyone who uploads content to Twitter "grant[s] [Twitter] a . . . license . . . to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such [c]ontent in any and all media or distribution methods . . . ." The terms also provide that:

[the license to Twitter] includes the right for Twitter to make such [c]ontent available to other companies, organizations or individuals who partner with Twitter for the syndication, broadcast, distribution or publication of such [c]ontent on other media and services.

So, Twitter can license the content to its third party partners, but Twitter obviously didn't grant an express license to AFP, otherwise AFP would have argued that this was the case. The idea that AFP could somehow rely on the default Twitter terms (without separate authorization from Twitter) to publish content it finds on Twitter outside of the Twitter ecosystem doesn't even pass the laugh test. Someone should have nuked this argument before it was put on paper.

[A sidenote on the implied license issue. There's a big difference between "embedding" content or hot-linking -- which courts would probably find is not infringing, based on application of the "server test" -- and actually downloading/copying content to your own servers. The key question in this context is where is the content hosted. Check out Professor Goldman's post on Perfect 10 v. Google and Amazon, as well as this post by Fred von Lohmann of the EFF for an explanation of the server test as it's been treated by the Ninth Circuit. I haven't taken a close look at Twitter's latest "embedded tweets" feature, but I would expect that as with embedded YouTube videos, there's no serious question of infringement here. There's a world of difference between the embedded Tweets feature which Twitter recently rolled out, and what AFP did here.]

Equally as important, AFP is making an argument here which is squarely at odds with positions it has taken in the past. (As Techdirt notes, AFP sued Google in 2005 for linking to AFP stories.) Does AFP really want to argue that somehow posting something on a website which has a broad terms of use is sufficient for third parties to use whatever is posted? It doesn't seem that AFP has a big presence on the social web, but I can just see someone arguing in response to an infringement claim asserted by AFP that AFP granted a license through one of their employees uploading, posting, or even linking to content on a social website.

Finally, there's the terms of service issue. Courts are pretty willing to enforce online terms, but of all the people to raise an argument that the terms should not be enforced because he didn't read and understand them, certainly, someone struggling to get online in the immediate aftermath of the Haiti earthquake stands a better chance than most other people.

The equities of the situation are pretty bleak here for AFP. If you read through Morel's complaint, it paints a pretty compelling picture of someone who risked life and limb to take pictures in a disaster zone, and uploaded the pictures. The big bad media company then comes along, starts trafficking in the images, then turns around and sues the guy for commercial defamation? Best of luck to AFP on making that argument in front of a jury.

Takeaways:

From the lawyer's standpoint, obviously figuring out which terms of use apply is critical. Whether in litigation or on the transactional side, it's important to go through the transaction process. It's tough to say what happened here, but repeatedly referencing Twitter's terms of service without mentioning TwitPic doesn't engender much faith in AFP's position.

The bigger lesson may be for AFP and others who are working in social media. I'm willing to bet that AFP's usual due diligence standards were relaxed because the AFP employee contacted Suero through Twitter. After all, Suero had a "verified account." (I'm kidding about the verified account, it was actually a faux verified account, but that's not something a casual Twitter would necessarily pick up on.)

A lesson for content creators as well. Uploading content to social networking websites can affect your legal rights. I don't think they will be determinative in this particular instance, but it's something to keep in mind.

Finally, for Twitter, third parties seem to be confused as to the scope of the license granted in the Twitter terms of service. Whether this is due to confusion around some sort of perceived relationship between Twitter and TwitPic, or for some other reason, this is probably worth clarifying, particularly given the new feature that Twitter just rolled out. In general, Twitter probably wants to encourage broad usage within its ecosystem (such as through its embedded tweets feature) but require one-off licenses when used outside of the ecosystem (such as when someone compiles a list of Tweets and includes them in a printed book).

Additional coverage:

Techdirt: "AFP Sues Photographer Whose Photographs It Used Without Permission"

Media Nation: "Haitian copyright case turns on Twitter's TOS"

Posted by Venkat at 07:14 PM | Copyright

May 03, 2010

Proposed Internet Regulation in Brazil Might Curb Online Speech (Guest Blog Post)

by Guest Blogger Marcel Leonardi

[Marcel Leonardi is an attorney in São Paulo, Brazil, and Professor of Law at FGV-SP. He was a Google Policy Fellow in 2009, working with the international team at the Electronic Frontier Foundation. He has published articles and books in Brazil about ISP liability, online privacy and other Internet law issues. He can be reached at marcel@leonardi.adv.br, or follow him at Twitter.]

[Eric's introduction: notice-and-takedown schemes are generating lots of discussion. We've repeatedly seen problems with the notice-and-takedown scheme in copyright law (see, e.g., Wendy Seltzer's latest article), yet advocates keep evangelizing it as the solution for a range of unwanted content (see, e.g, Rep. McCotter's ill-fated proposal). Marcel has generously agreed to update us on a brewing notice-and-takedown initiative in Brazil.]

Brazil lacks a specific legal framework regarding the Internet. In order to create one, a collaborative process has been organized by the Ministry of Justice and the Center for Technology and Society from FGV-Rio. After a period of 45 days when anyone could suggest what this legal framework should encompass, the organizers have now published a draft of a bill, which is open for comments here.

The process has been touted as an unique collaborative approach to public policy. As far as allowing anyone to comment and discuss the draft online, it is indeed very democratic. Sadly, the same cannot be said of the bill itself.

The main issue is that the proposed legislation has the potential to curb online speech dramatically. It creates a notice and takedown system that allows any person or company to demand that any kind of online content is taken down.

In a nutshell, this system would work like this:

a) upon receiving a valid complaint, an intermediary must take down the questioned content “within a reasonable period”;

b) after the content is offline, the intermediary must notify the user responsible for the content, explaining the removal;

c) the user can either accept the removal or claim full responsibility for the content, in which case he or she can send a counternotice and demand that the intermediary puts the content back online;

d) if the intermediary receives no answer or cannot reach the user, the content remains offline;

e) any other person or company can also claim full responsibility for the content in place of the user, send a counternotice and demand that the intermediary puts it back online. Doing so subjects this person or company to the same legal risks and consequences the user would face;

f) if the intermediary fails to follow this procedure, it will be liable for the third-party content.

This system stems from articles 20-24 of the bill, which state the following:

Art. 20 An Internet service provider shall only be held responsible for damages resulting from content created by a third party if it has been notified by the injured party and has not taken measures to render unavailable (within the scope of its services and within a reasonable period) the content identified as infringing.

1. Internet service providers must offer in a conspicuous manner at least one electronic means of receiving notices and counternotices.

2. An Internet service provider is allowed to create an automated mechanism to respond to the proceedings provided by this section.

Art. 21. On penalty of invalidity, the notice contemplated by article 20 must contain:

I - the identity of the complainant, including complete name, identity and tax registration numbers, and current contact information;

II - date and time of transmission;

III - clear and specific identification of the content claimed as infringing, permitting the unambiguous location of the material by the recipient of the notification;

IV - description of the relationship between the complainant and the
content described as infringing; and

VI - legal justification for removal.

Art. 22. Upon making the content inaccessible, the service provider shall be responsible for informing the user responsible for the publication of this fact, advising the user of the substance of the complaint and establishing a reasonable period for the complete
elimination of the content.

Provided. If the user responsible for the infringing content is not identifiable or cannot be found, but all the required elements for the validity of the notice are present, the service provider is responsible for maintaining the blockage.

Art. 23. The user responsible for the publication may, following the requirements of article 21, counternotify the service provider, requesting the continued availability of the content and assuming exclusive responsibility for the eventual damages caused to third parties, in which case the service provider will have the duty to re-establish access to the content to which access was disabled and inform the complainant of the re-establishment of access.

Provided. Any other interested party, whether a natural or legal person, following the requirements of article 21, may counternotify the service provider, assuming responsibility for the maintenance of the content.

Art. 24. A complainant as well as a counternotifier shall have responsibility according to law for false or erroneous information and for abuse or bad faith.

My concern is that a notice and takedown system that can be used for any kind of content, like this one, will quickly become a tool to chill legitimate speech. So far, in the absence of regulation, Internet intermediaries in Brazil are free to take down content if they deem it inappropriate or if said content violates their terms of service. Outside of those situations, however, a court order is necessary to take down the alleged harmful content. After a prima facie analysis, judges can grant or refuse to grant an injunction for content removal, depending on the nature of the questioned content and the rights at stake.

Even though the judicial system is far from perfect, Brazilian judges have been exercising great care when analyzing lawsuits demanding online content to be taken down, refusing to grant injunctions that would affect legitimate, yet unwanted, speech.

Therefore, under the current system - created by legal doctrine and precedent - a lot of controversial, critical and political speech stays online in Brazil because those interested in its removal are very aware that judges would probably never grant injunctions to take it down. Frivolous and petty requests are not even filed, since whoever loses a lawsuit in Brazil must pay reasonable attorneys’ fees awarded by the judge. Other would-be plaintiffs give up, fearing the ever increasing “Streisand effect” - when the questioned content becomes “viral” and hugely popular precisely because it was questioned - which is an even bigger issue when an injunction is denied and news of the lawsuit reach the public (a situation that often leads plaintiffs to quickly ask the court for dismissal, before the defendant even knows about the lawsuit).

American readers should also bear in mind that, contrary to the situation in the United States, in Brazil it is neither too complicated nor too expensive (at least in comparison to American standards) to file a lawsuit demanding content to be taken down. In fact, under certain circumstances, such lawsuit can even be filed directly by the alleged victim in a small claims court at little to no cost. This partially explains why the Brazilian numbers are so high in the recent statistics about content removal and data requests that were published by Google, as these numbers include court orders for the removal of content, which often originate from private-party disputes, as explained here.

In summary, Brazilian victims of real online harms can find appropriate redress and take down content via the local judicial system. However, if this bill becomes law, I fear that this notice and takedown system will be heavily abused, as people and companies will then have a channel where they can send all of their previously unfiled frivolous, petty and abusive requests. All they have to do, after all, is complain to the intermediary, which must take the questioned content down to avoid liability.

This approach is significantly more problematic than the notice and takedown system established in the European Union by the e-commerce Directive (2000/31/EC). According to the Directive, hosting providers in the European Union are only required to remove content after being “aware of facts or circumstances from which the illegal activity or information is apparent”. This requirement does not exist under the proposed Brazilian system: all requests for content removal must be accepted, regardless of the legality of the content, or else intermediaries risk liability.

On the other hand, even if users are made aware of their ability to dispute the removal of their content, it is easy to see that many will not be willing to take the risk, even if there is nothing wrong with such content. I believe it is safe to assume that most users will simply be terrified of the potential liability, as they know that fighting back means risking a lawsuit, with all the emotional and financial costs it brings, even when the odds are in their favor. This is also why I do not believe that allowing anyone to “take the heat” in place of the user will solve the problem. In fact, it just adds another target for a lawsuit, as the user is not exempt from liability in this situation.

To be fair, the bill does mention that bad faith requests will be punished, albeit it fails to define how. Practicing attorneys like myself, however, know that proving bad faith in court is not an easy task. Besides, since anyone can send a complaint - not just the victim of the alleged wrongdoing - it is easy to imagine how different people could be used to send complaint after complaint to chill legitimate speech.

It is also worth noting that this system is not final. Even if the content remains online after the notice/counternotice process, the allleged victim can still go to court requesting an injunction for the content to be taken down.

In conclusion, if this bill becomes law, it is very possible that the number of lawsuits related to online content may drop. Ironically, though, the chilling effect on online speech might become far greater than ever before.

Removing true harmful content from the Internet is a legitimate goal, but determining what is legal or illegal is a task best left for the courts, not to the whim of users or ISPs. Despite the differences between the Brazilian and American legal systems, I believe the CDA 230 protections and DMCA histories of abuse can demonstrate the risks and potential pitfalls of a notice and takedown system, specially one that can be (ab)used for any kind of content.

Wth that in mind, I invite all readers to provide some feedback on the draft of this bill. An English version is available here.

Posted by Eric at 07:27 AM | Content Regulation , Derivative Liability | TrackBack

May 02, 2010

Email Header Information Claim Preempted by CAN-SPAM, But Subject Line Claim Not Preempted -- Asis Internet Servs. v. Member Source Media, LLC

[Post by Venkat]

Asis Internet Services v. Member Source Media, LLC, No. C-08-1321 EMC (N.D. Cal.) (April 20, 2010)

Yet another CAN-SPAM preemption ruling, this one is also from the Northern District of California and it also involves veteran spam plaintiff Asis Internet! Of the recent decisions that have grappled with whether CAN-SPAM preempts the California spam statute I think this one gets it most right.

Background: Asis brought claims under CAN-SPAM and section 17529.5 (one provision of California's spam statute) alleging that it received email sent by Member Source Media which had misleading header information and subject lines. The court dismissed the CAN-SPAM claims based on standing and now looks at whether the state law claims are preempted by CAN-SPAM.

The Court's Ruling: The court acknowledges that Virtumundo did not address the precise issue before the court "i.e., whether a plaintiff must plead reliance and damages in order for its state law claim to be saved from preemption." To resolve this question, the court looks to Judge Conti's ruling in the Subscriberbase (which also involved Asis Internet) where Judge Conti found that a plaintiff was not required to plead the fraud elements of reliance and damages in order to escape CAN-SPAM preemption. (Here's my previous post covering the Subscriber base ruling.) The court in this case is persuaded by Judge Conti's reasoning, and similarly concludes that "Asis need not plead reliance and damages in order for its claim to be excepted from preemption." However, the court notes Congress's concerns about "frivolous lawsuits and the scope of plaintiffs allowed to bring suit against email advertisers." The court also gives a nod to Judge Gould's concurring opinion in Virtumundo which expresses concern that allowing anyone to sue could result in the creation of "litigation factories," which Congress obviously did not intend. With this background in mind, the court turns to the specific header and subject line-based claims brought by Asis.

Header Claims: Asis argued that Member Source violated the header information prong of the California statute by sending emails from domain names such as "greenthe.com," "consumerbargrewards.com," and innocenttruthrevealed.com" Asis argued that it had to undertake a WHOIS search to find out where the emails came from, and many of the domains were registered through privacy protection services so these searches came up empty. Finally, Asis argued that certain internet protocol addresses used by the emailers were obtained through false representations because "the purported sub-lessee of the IP addresses, Frank Peters, provided a mailing address and Asis' investigation indicated that no Frank Peters resided at the address."

The court finds that these claims were similar to the claims brought by Gordon -- i.e., they were premised on "technical and immaterial . . . header deficiencies". To the extent Asis argues that domain names must somehow clearly identify Member Source, these claims are preempted under CAN-SPAM. The court contrasted Asis's claims with the claims brought against Reunion.com, which another Northern District judge found were not preempted. In the Reunion.com case, the plaintiff argued that the emails purported to come from a friend or acquaintance but they actually came from Reunion. In contrast, in this case, there was nothing inherently misleading about the header information so the court rejects these claims.

Two quick notes here. First, Professor Goldman previously blogged about US v. Kilbride, a criminal case where the court cited to the use of privacy protection services as supporting the government's case that the defendants violated the header information prong of CAN-SPAM. It's nice to see the court reject (or give nothing more than a passing reference to) Asis's argument that the email headers were somehow misleading under California law because proxy registration was used. Second, I'm not sure what's up with plaintiffs repeatedly making arguments that "fanciful" or "random" domain names can't be used to send emails. There's nothing in CAN-SPAM (or any other spam statute) that says you can't register a bunch of domain names that don't incorporate the name of your company to send out emails. Companies do this (legitimately) all the time. To me, this whole line of argument shows how much plaintiff's are trying to stretch spam laws when bringing claims. Kleffman v. Vonage is another case (certified from the 9th Circuit to the California Supreme Court) where plaintiffs make this argument, and Value Click filed a nice amicus brief [scribd link] that persuasively lays out why this argument is untenable.

Subject Line Claims: The subject line claims were based on subject lines such as "Wal-Mart 500 Dollar Gift Card Inside," and "Second Attempt: $500 Target Gift Card Inside." The court found these claims fall under the garden variety deception category (in contrast to the header information claims) and were not preempted.

End Result: The court finds the header information claim preempted and dismisses this claim with prejudice. The subject line claim is not preempted, and the court declines to exercise supplemental jurisdiction over this claim (Asis can pursue it in state court if it chooses to refile).

The court notes that this case has been going on for over two years. I wonder if Member Source will seek fees, which are available under CAN-SPAM. Fees were awarded against Gordon, the Virtumundo plaintiff. Asis in one of its own filings expressed concerns about its financial situation. It has lost a bunch of rulings over the years, but surprisingly, I haven't seen much about people trying to seek fees against it.

Related Posts: Reunion.com Revisited Again: Claims Under CA Spam Law Not Preempted by CAN-SPAM -- Hoang v. Reunion.com (March 31, 2010)

N.D. Cal Rejects Preemption and Standing Defenses Against Claims Under CA Spam Statute -- Asis Internet Servs. v. Subscriberbase Inc. (April 1, 2010)

Posted by Venkat at 08:12 AM | Spam

May 01, 2010

Facebook Gets Partial Win in Click Fraud Lawsuit

By Eric Goldman

In re Facebook PPC Advertising Litigation, C 09-3043 JF (HRL) (N.D. Cal. April 22, 2010). My blog post on the complaint filing.

This is an unexpectedly hard-to-parse ruling in a click fraud lawsuit against Facebook. Facebook sought a 12(b)(6) motion to dismiss on the basis of its Advertising Terms and Conditions, which included the following language:

I UNDERSTAND THAT THIRD PARTIES MAY GENERATE IMPRESSIONS, CLICKS OR OTHER ACTIONS AFFECTING THE COST OF THE ADVERTISING FOR FRAUDULENT OR IMPROPER PURPOSES, AND I ACCEPT THE RISK OF ANY SUCH IMPRESSIONS, CLICKS, OR OTHER ACTIONS. FACEBOOK SHALL HAVE NO RESPONSIBILITY OR LIABILITY TO ME IN CONNECTION WITH ANY THIRD PARTY CLICK FRAUD OR OTHER IMPROPER ACTIONS THAT MAY OCCUR

Judge Fogel says that the disclaimer clearly preempts any claims for third-party caused click fraud. However, he suggests that Facebook's contract does not preclude a claim based on Facebook's own malfeasance or error. For example, if Facebook's reporting system goes haywire and counts phantom clicks that never occurred, the disclaimer language doesn't help. Fair enough, but the boundary between first party and third party malfeasance is not completely clear. For example, if a user double-clicks, is that third party click fraud or an error in how Facebook counts clicks?

In any case, this ruling exposes a hole in Facebook's disclaimer language. Unfortunately, I'm not sure how fixable it is. Facebook could say that advertisers have to pay even if Facebook's reporting system is miscalibrated or goes rogue. See Go2Net, Inc. v. C.I. Host, Inc., 60 P.3d 1245 (Wash. Ct. App. 2003). However, many judges would not honor those statements at face value.

The plaintiffs also attack the contract by alleging that its integration clause opens up the door to other documents. The clause reads:

[T]hese terms and conditions, the Advertising Guidelines and other applicable Facebook policies, and the terms of any applicable advertising order submitted through the site constitute the entire and exclusive agreement between the parties with respect to any advertising order I place[.] (emphasis in the court's opinion)

Why is that italicized language in the integration clause? It opens up a debate about the scope of other incorporatable documents--exactly what you DON'T want an integration clause to do. Facebook escapes adverse consequences from that loose language; the court concludes that whatever that language means, it does not include the documents that the plaintiffs want to incorporate. But I expect Facebook will want to reconsider that catch-all going forward.

Judge Fogel gives the plaintiffs a chance to amend their complaint, but they will need to be smart in how they approach the amendment. I've seen numerous Fogel rulings where he generously gives the plaintiffs some leeway on the first motion to dismiss but then slams the door on sloppy plaintiffs on the second go-around.

Wendy Davis' writeup of this ruling.

Posted by Eric at 08:58 AM | Licensing/Contracts , Marketing | TrackBack