« July 2011 | Main | September 2011 »
August 31, 2011
Pillow Pets Knockoff Enjoined from Keyword Advertising--CJ Products v Snuggly Plushez
By Eric Goldman
CJ Products LLC v. Snuggly Plushez LLC, 2011 WL 3667750 (E.D.N.Y. Aug. 22, 2011)
Pillow Pets are cuddly and soft, but if you make knockoff versions of them, be prepared to meet the sharp end of their sword in court--a fate that befell the defendants in this case. However, before we condemn the defendants too much, recognize that (a) the term "pillow pets" is very descriptive ("It's a pillow...it's a pet"), and (b) the idea of making stuffed animals that turn into pillows goes back at least decades.
Nevertheless, the court concludes that the defendants mimicry was too close. It violated Pillow Pets' copyright registration in sculptural works, and the marketing campaign constituted false advertising (for, among other things, saying "As Seen on TV" and claiming to be "original" and "authentic") and trademark infringement. To reach the latter conclusion, the court concluded that "pillow pets" was a descriptive term that had achieved secondary meaning.
Unusually, this ruling broke out its discussion of the trademark implications of the defendants' keyword ad campaign (rather than incorporating the discussion into the other trademark infringement analysis). The defendants ran ads like:
Official PillowPets.CO- Soft Chenille Plush Pillow Pets
Low Prices, New Styles Now in stock
www.pillowpets.co
and
PillowPets.Co™
Official Site. SuperSoft chenille plush pillow pets Now in Stock!
www.pillowpets.co
I could see how this ad copy for a knockoff might confuse some consumers, and the plaintiffs introduced some evidence that consumers had mistakenly transacted with the defendants. This case reminded me a little of the Edriver case in terms of the defendants' online efforts to look "official."
The court, like many others, says the ads make a trademark use in commerce. Fortunately, inspired by the Network Automation case, the court refused to apply an Internet exceptionalist likelihood of consumer confusion analysis for keyword advertising. The court expressly rejected the Hearts on Fire keyword-specific bonus multi-factor test.
Instead, the court cited evidence of actual confusion, the defendants' efforts to mimic the plaintiff's home page, and the resulting traffic bump as reasons to grant "plaintiffs’ motion to enjoin defendants’ use of the terms “Pillow Pets” and “My Pillow Pets” in the Google AdWords program to trigger sponsored links." Given the court's view that the defendants were impermissible knockoffs that had used overly aggressive marketing tactics, an injunction was the logical denouement.
Personally, I'm surprised the pillow pet fad has lasted as long as it has. Then again, my kids still sleep with their pillow pets every night. Check out Dina's excitement when she first got her unicorn pillow pet.
Rebecca also blogged this ruling.
Posted by Eric at 08:35 AM | Marketing , Search Engines , Trademark | TrackBack
August 30, 2011
Second Circuit Says No First Sale Doctrine for Works Manufactured Outside the U.S. -- Wiley & Sons v. Kirtsaeng
[Post by Venkat Balasubramani]
Wiley & Sons, Inc. v. Kirtsaeng, 09-4896-cv (2nd Cir. Aug. 15, 2011)
Wiley asserted copyright infringement claims against Kirtsaeng, who imported into the United States and sold "foreign editions" of Wiley textbooks. The books had legends printed on them which indicated that they were "Authorized for sale in Europe, Asia, Africa and the Middle East Only," and any exportation or importation to another region was prohibited. Kirtsaeng, who sold the books to finance his education, reportedly earned a tidy profit (between $900,000 and $1.2 million). The jury found Kirtsaeng liable for willful infringement and imposed $75,000 in damages for eight separate works. The district court judge disallowed Kirtsaeng's first sale defense, and on appeal, the Second Circuit addressed the issue of whether it should have been available to Kirtsaeng.
A section of the Copyright Act (section 602(a)(1)) provides that unauthorized importation is a violation of the copyright owner's exclusive distribution right:
Importation into the United States, without the authority of the owner of copyright under this title, of copies . . . of a work that have been acquired outside the United States is an infringement of the exclusive right to distribute . . . .
Separately, the section codifying the first sale doctrine (section 109(a)) provides that:
the owner of a particular copy . . . lawfully made under this title . . . is entitled, without the authority of the copyright owner, to sell or otherwise dispose of the possession of that copy . . . .
The key question was whether the "lawfully made under this title" language of the first sale section refers to items that were physically made in the United States or whether it encompasses copies that were licensed by a United States copyright holder but manufactured abroad. There's obvious tension between section 602(a)(1) and section 109(a). Allowing importers to take advantage of the first sale doctrine with respect to works manufactured abroad would limit the copyright owner's rights under section 602(a)(1), as the owner would not be able to prevent the importation of copies once sold.
The Ninth Circuit recently took up this conflict, and ruled in Costco v. Omega that the "lawfully made under this title" language in section 109(a) only applied to items that were produced in the United States. The Supreme Court accepted cert. in the Costco case but affirmed without providing any guidance due to a 4-4 split among the Justices (Justice Kagan recused). A prior Supreme Court case dealing with the interplay between section 109 and 602(a)(1) (Quality King Distributors, Inc. v. L'anza Research International, Inc.) held that the first sale defense is available to imported goods, but that case involved goods that were manufactured within the United States, sent abroad, and then imported. The Ninth Circuit held that Quality King did not overrule existing Ninth Circuit precedent which restricted the first sale defense to goods that are "legally made and sold in the United States."
Wiley argued in the Second Circuit that, because the Copyright Act (Chapter 17 of the US Code) did not apply extraterritorrialy, "lawfully made under this title," should mean "lawfully made in the United States." The Second Circuit found that the textual argument was not determinative. Among other things, copyright protection can apply to works published in foreign nations, and elsewhere in the Copyright Act Congress used the phrase "lawfully made under this title" and did not limit it to items that were produced in the United States. Nevertheless the court held that any conflict between sections 109(a) and 602(a)(1) was best reconciled by limiting the first sale doctrine to "works manufactured domestically." According to the court, this was the approach the Court hinted at in Quality King and the approach that best comports with the overall structure of Title 17.
The court also pointed to some drawbacks of the approach suggested by Kirtsaeng. Under his approach, copyright holders could control importation either only where (1) the importer does not legally "own" the copy or (2) where the work is produced in a country where US copyrights are not protected (i.e., by treaty). From the court's perspective, this was untenable, because in order to be able to control importation, copyright owners would have to either not sell their works or would have to produce them in countries "that may not honor their copyright in the first place." Kirtsaeng also argued that US copyright owners could take advantage of the importation bar to circumvent the first sale defense by outsourcing all of their manufacturing to foreign countries and ship them back into the US for domestic sales. While this seemed farfetched to me, the court said this was a policy matter that did not affect its interpretation of the statute.
Judge Murtha dissented, pointing out that in Quality King, the Court noted that the bar on importation without permission "is an infringement of the . . . distribution right." Because the rights of distribution are expressly "'subject to sections 107 through 122,' the copyright owner's power to limit importation is qualified by the first sale doctrine . . . . " He also argued that the overall structure of the Copyright Act and other provisions support Kirtsaeng's position. In other sections of the Copyright Act, Congress expressly referenced the location of manufacture, and if it wanted to limit the first sale doctrine only to works manufactured in the United States, it could have easily done so. He also argued that economic justifications favor Kirstaeng's position. Allowing a copyright owner to freely limit importation would lead to uncertainty in the secondary market. It would also "provide an incentive for U.S. copyright holders to manufacture copies of their work abroad," since works manufactured abroad would in practical terms be entitled to greater copyright protection.
__
Although the policy clearly should favor the re-seller here, I didn't see a clear solution to the statutory conflict, and don't see either side as having a particularly compelling argument. The place of manufacture as a basis for a distinction seems arbitrary to me, particularly when it comes to something like content. I would expect that this may not be the last word, and the Supreme Court may end up weighing in on this case.
My understanding is that the publishing industry has traditionally treated the domestic and foreign markets separately and, as a matter of long-standing practice, has charged different prices for domestic and foreign editions of books. This pricing structure depends on being able to limit the availability of foreign editions in the domestic market. At first glance, this is precisely what section 602(a)(1) facilitates. I don't think this is a practice that should be encouraged, but it's one that publishers have long engaged in and that courts have supported. (See Eric's post on a case from the Southern District of New York, which reaches the same conclusion: "Resale of International Textbooks to US Students Not Protected by First Sale Doctrine--Pearson v. Liu.")
On the other hand, does it make sense to limit the copyright owner's control to new versions of the books? Should the resale market remain free of the copyright owner's control? Wiley's approach ends up allowing for greater copyright protection for works in the foreign markets, which is odd from a copyright standpoint. But will this realistically result in some sort of offshoring push by publishers? I wasn't sold on this argument.
One tweak in the case is that Wiley included a legend in one of the foreign editions which referenced US copyright laws:
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form . . . except as permitted under Section 107 or 108 of the 1976 United States Copyright Act.
As the dissent notes, it's awkward for Wiley to be able to rely on rights under the Copyright Act but for Kirtsaeng to be deprived of the protections afforded by the same act. Interestingly, the majority references this legend in a footnote states that they "are . . . somewhat puzzled as to why Title 17 is invoked." I wasn't sure if this referred to Wiley invoking Title 17 in the legend, or Wiley bringing an infringement claim under Title 17 rather than some other cause of action. (An interesting sidenote: Kirtsaeng was located in the US and sold the books via eBay; what result if he had been located off-shore and sold to US consumers via eBay?)
As books, including textbooks, migrate to devices and are sold or licensed in digital form, the focus of this battle will shift away from first sale to DRM. Although it's early to tell, my impression is that thus far, content owners are winning that battle.
[An interesting footnote to the case is that Kirtsaeng consulted, among other sources, "Google Answers" in order to determine the legality of his practice. It's unclear what answer he was provided, but he either didn't get the right answer, or got the right answer and disregarded it.]
Other coverage:
Poking More Holes in the First Sale Doctrine (EFF)
Legally Bought Some Books Abroad? Sell Them In The US And You Could Owe $150k Per Book For Infringement (Techdirt)
Previous related posts:
Software Vendor Trumps First Sale Doctrine via License--Vernor v. Autodesk
UMG Can't Enforce "Not for Sale" Restrictions on Promo CDs -- UMG v. Augusto
Supreme Indecision: Costco v. Omega Gums up the (Watch)Works
Posted by Venkat at 04:39 PM | Copyright , E-Commerce
Fall 2011 Internet Law Reader and Syllabus
I have posted my Internet Law syllabus for Fall 2011. In addition, as I did last year, I have posted my Internet Law course reader to Scribd as a DRM-free pay-to-download PDF. You can also buy a print-on-demand copy at CafePress. If you are an academic and would like a free PDF, email me. If you are interested in adopting the reader for your class, definitely let me know and I can also share my PPT slide deck with you. If you are outside the US and therefore unable to pay due to Scribd's policies, contact me as well.
This year, I made the following changes to my course and the reader:
* Regarding keyword advertising, I replaced the Hearts on Fire case with the Network Automation case. I'm still not 100% sure how the Network Automation case will be interpreted by the lower courts, but the early rulings suggest the Network Automation case has tilted things a little more towards the defense.
* I added the Illinois v. Hemi case. The last thing I want to do is spend more time on Internet jurisdiction issues, but I was able to edit the case down to less than 2 pages. Even with that brief treatment, the opinion is helpful to illustrate the problems of geographic scienter for e-commerce sites, as well as the opinion's explicit repudiation of the dying Zippo precedent.
* I added Zimmerman v. Weis, which allowed a litigant to get the passwords to its opponent's Facebook account for discovery purposes. At its core, it's an e-discovery case, and I don't plan to spend a lot of time on that topic. However, I think the case will spur a lot of student thinking about the differences between a Facebook account and offline analogues from a privacy standpoint.
* I added the In re Rolando S. case, which said that taking someone else's Facebook account for a joyride was felony identity theft. I think this is one of the most thought-provoking Internet law cases from the past year. I'm going to be especially interested to see how the students respond to the case.
* I deleted the Mummagraphics and BMG v. Gonzalez cases. It's always painful to drop cases, but I needed to free up some space for these additions. The Mummagraphics case remains an important precedent, but it did duplicate with a lot of the discussion from the trespass to chattels material earlier in the semester. The BMG v. Gonzalez case was useful to punctuate the point that a fair use defense isn't going to succeed in the case of personal music downloading, but I think I can make that point effectively enough without the case.
In the reader, I also added a number of drawings, screenshots and other graphical materials to help with the material, plus I added some notes and questions after some of the cases. Progressively, the reader is turning into a real casebook.
My analogous blog posts from years past: 2010; 2009; 2008; 2007; 2006; 2005.
Posted by Eric at 08:47 AM | Internet History | TrackBack
August 29, 2011
Levi Strauss's Trademark and Domain Name Claims May Block Unauthorized Resales -- Levi Strauss v. Papikian
[Post by Venkat Balasubramani]
Levi Strauss & Co v. Papikian Enterprises, C 10-05051 JSW (N.D. Cal.; Aug. 24, 2011) [pdf]
Facts: Levi Strauss owns trademarks for "Levi's," "501" and other terms. It sells its products directly and to authorized retailers but does not sell through "distributors, wholesalers or jobbers." Retailers are contractually restricted from reselling "first quality merchandise." Papikian registered several domain names (501USA.com, 550jeans.com, 517jeans.com) through which he offered Levi Strauss products for sale. Levi Strauss grumbled about his use of various Levi Strauss trademarks and how Papikian sold goods to EU residents. The parties engaged in settlement discussions which were not fruitful, and ultimately Levi Strauss brought suit, alleging trademark and cybersquatting claims. Levi Strauss alleged that in response to some of Levi Strauss's complaints, Papikian made some changes to his website, but at some point along the way, these changes reverted, and Papikian's website "looked more professional, offered [Levi Strauss] products exclusively, and make more extensive use of [Levi Strauss] trademarks."
Papikian brought a motion for summary judgment, which the court denies.
Discussion:
First sale defense: Papikian argued that his sales of Levi Strauss products was protected under the first sale doctrine. Similar to the first sale doctrine in copyright, courts have held that "the right of a producer to control distribution of its trademarked product does not extend beyond the first sale of the product." (One big difference is that unlike copyright law, trademark law does not allow trademark owners to control importation of trademarked goods, other than counterfeits.) However, resellers who wish to take advantage of the first sale rule have to carefully tread the line between a retailer merely carrying/selling the goods and "suggesting affiliation" with the trademark owner. While the court doesn't describe the actual evidence put forth by Levi Strauss, it finds that Levi Strauss put forth sufficient evidence to create a factual question on the issue of whether Papikian crossed the line.
Nominative fair use: Papikian argued that his use of Levi Strauss trademarks was protected under the nominative fair use defense. Once a defendant shows that it is using the trademark to refer to the trademarked good, the burden shifts to the plaintiff to show a likelihood of confusion. The court finds that Levi Strauss sufficiently created a factual dispute on this point; again, the court looks to the changes to Papikian's website and the fact that it had disclaimers at one point but no longer does. The court also cited to Toyota Motor Sports v. Tabari and noted that Papkian's domain names were the types of domain names that the Ninth Circuit hinted could suggest sponsorship or endorsement.
Cybersquatting: The court also denies Papikian's request for summary judgment on Levi Strauss's ACPA claim. The court says that there are "material facts in dispute with regard to Papikian's intent." The court notes that Papikian's fair use defense remains unresolved. Additionally, Levi Strauss presented evidence of an adverse WIPO decision against Papikian. The order does not contain any discussion of the ACPA's safe harbor provision, which protects registrants who "believed and had reasonable grounds to believe that the use of the domain name was a fair use or otherwise lawful."
European law: The order thus far has been bad news for Papikian, but there is one ray of light. Levi Strauss asserted claims under EU trademark law against Papikian. It argued that Papikian's importation of products into the EU without Levi Strauss's consent violated "Articles 5 and 7 of the First Council Directive 89/104/EEC of 21 December 1988, to approximate the laws of the Member States relating to trademarks, as amended by the Agreement on the European Union of 2 May 1992." The court declines to exercise jurisdiction over this claim out of comity. The relevant treaties provide for the "independence" of various member countries, and having tribunals in one country adjudicate the rights under the trademarks of another country would undermine the "spirit of cooperation" that underlies the comity doctrine. The court says that while it declines to exercise supplemental jurisdiction over Levi Strauss's claims in this case, this does not mean that it would decline supplemental jurisdiction "over every case involving foreign trademarks."
[The court also rejects Papikian's request for summary judgment on the dilution claims, finding that Papikian failed to demonstrate the absence of factual disputes with respect to these claims.]
___
The court's refusal to entertain Levi Strauss's claims under EU law is noteworthy. Allowing it to proceed with those claims would allow Levi Strauss to enforce an importation ban into the EU based on EU trademark law, something that it clearly could not do under US trademark law. The court did not discuss it in those terms, but it would be an end run around the fact that trademark law does not permit the trademark owner to control exportation or importation to allow the trademark owner to enforce a foreign ban on importation without consent. It would have also sharply limited the first sale defense.
Once the EU claims are taken out of the picture, you're left with claims by a trademark owner against a re-seller, who is legitimately selling the trademark owner's goods. The re-seller should have some amount of leeway to use the trademark owner's mark in order to refer to the trademarked goods and in the re-seller's domain name, but the court's order doesn't cut the re-seller much slack. The repeated tweaks to Papikian's site, along with the removal of the disclaimer and Levi Strauss's vague allegations that Papikian used more than Levi Strauss's marks than was necessary, is enough to get past summary judgment. As prior posts demonstrate, courts readily seem to find a hook to deny summary judgment to a reseller-defendant who raises first sale and nominative fair use defenses. (See "eBay Resales Constitute Trademark Infringement Despite First Sale Doctrine--Beltronics v. Midwest" (alleged warranty misstatements);"Online Resale of Expired Cosmetics May Be Trademark Infringement--Mary Kay v. Weber" ("expired" cosmetics that plaintiff argued were materially different)). One takeaway here is that trademark first sale and nominative fair use defenses remain murky and fact-specific.
Previous related posts:
eBay Resales Constitute Trademark Infringement Despite First Sale Doctrine--Beltronics v. Midwest
Online Resale of Expired Cosmetics May Be Trademark Infringement--Mary Kay v. Weber
Posted by Venkat at 09:07 PM | Domain Names , Trademark
Bev Stayart Racks Up Two More Losses--Stayart v. Yahoo and Stayart v. Google
By Eric Goldman
Stayart v. Yahoo, Inc., 2011 WL 3625242 (E.D. Wis. Aug. 17, 2011)
Stayart v. Google Inc., 2:10-cv-00336-LA (E.D. Wis. Aug. 17, 2011)
Persistence is a virtue, but sometimes, enough is enough. You probably remember Bev Stayart as the woman who was upset that sploggers had built pages associating her name with the drug Levitra. In a litigation campaign now spanning 2 1/2 years, she has sued both Google and Yahoo for showing these splogged results. Her lawsuits have gotten zero traction. See the end of this post for my prior blog posts on her futile campaign.
The most recent rulings address her motions to reconsider the dismissal of her publicity rights claims, as well a dismissal in the Yahoo case for lack of subject matter jurisdiction and a motion in the Google case for attorneys' fees. Stayart avoids paying Google's fees--which I would have enthusiastically awarded against her if I had been judge--so I guess she might call that a win. She loses everything else.
The court rejects Stayart's publicity rights claim under Wisconsin's statute. It says that Stayart must establish a substantial connection between her name and advertising, not a de minimis or incidental connection. She didn't do that; her allegations only suggest that "defendant reported the results of its search of other websites." The court wraps up this point by saying:
Because it is not a misappropriation to use a person’s name primarily for the purpose of communicating information, displaying these search suggestions does not provide a basis for plaintiff’s claims.
The court doesn't cite the Habush v. Cannon ruling (also interpreting Wisconsin publicity rights law, although that case involved ads), but I think its ruling is philosophically in sync with that case.
In the Google case, Stayart pointed out that a keyword search for "bev stayart levitra" triggered ads for Levitra. The court, without using the phrase "broad matching," concludes that the logical conclusion is that the ads are based on broad-matching to Levitra. The court's discussion isn't so definitive that this language will be followed as precedent, but the court's reasoning would help defendants in keyword advertising lawsuits where broad matching is involved as well.
In the Yahoo case, the court dismisses subject matter jurisdiction because she didn't clear the $75,000 threshold. She tries to count the possibility of punitive damages towards the $75,000, but noting the Gore case, the court says:
Even assuming that punitive damages were available, such damages would necessarily be limited given the de minimis nature of the compensatory damages alleged.
The court couches the discussion in fairly turgid legal prose, but the message is clear: Bev Stayart's claims substantially overread the law, and she hasn't suffered any damage the court is going to recognize. Most plaintiffs would get the hint and cut their losses.
Among other consequences of her litigation campaign, Bev Stayart's litigation campaign has irrevocably changed the search results on her name. Instead of associating her with sexual dysfunction drugs, her search results forevermore will be associated with unmeritorious litigation. Thus, I still fail to understand why these lawsuits aren't fundamentally counterproductive to her apparent goal of improving her online reputation.
____
Prior blog posts:
* Google Not Liable for Suggested Vanity Searches--Stayart v. Google
* Seventh Circuit Tosses Beverly Stayart's False Endorsement Claims--Stayart v. Yahoo
* Beverly Stayart Strikes Again! This Time, Stayart Sues Google
* Yahoo's Search Results Snippets Aren't False Endorsement--Stayart v. Yahoo
* Yahoo/Overture Sued for Search Results Snippets Containing Plaintiff's Name--Stayart v. Yahoo
Posted by Eric at 10:12 AM | Publicity/Privacy Rights , Search Engines | TrackBack
August 26, 2011
New Advertising & Marketing Law Casebook Available for Review
By Eric Goldman
For the past 2+ years, Rebecca Tushnet and I have been writing a brand-new casebook on Advertising & Marketing Law. Although some advertising/marketing law textbooks cater to undergraduate classes (such as those in journalism schools, marketing departments and communications departments), no casebooks currently support the law school market. As a result, we think this casebook will become a vital resource for law school instructors offering the course. When I offered the course in Spring 2011, I was overwhelmed by student demand for the course--over 90 students tried to enroll! I anticipate that the course will be popular at many other schools.
I taught from an early draft of the materials this Spring, and I was happy with the course and the materials. Rebecca and I have now put together a fairly complete beta version of the casebook, and we are making it available for adoptions this academic year. In addition to the casebook itself, Rebecca and I are sharing our PPT slide decks and lecture notes as supplementary teaching resources. If you are teaching--or considering teaching--a course in Advertising Law and would like to review the materials for potential adoption, please email Rebecca or me and we will send you a private URL where you can download the materials. Or, if you are an academic who is teaching or writing on related topics and are just curious about our approach, contact us as well. In either case, we'll ask you to share your feedback on the materials so that we can improve them and produce a "final" version of the first edition.
If you aren't one of those two types of folks, please be patient with us while we gather and incorporate all of this feedback and prepare a more polished version. We plan to make the materials more widely available then.
______
The table of contents:
Chapter 0: Preface
Chapter 1: Overview
Chapter 2: What is an Advertisement?
Chapter 3: False Advertising Overview
Chapter 4: Deception
Chapter 5: Other Business Torts
Chapter 6: False Advertising Practice
Chapter 7: False Advertising Remedies
Chapter 8: Copyrights
Chapter 9: Brand Protection and Usage
Chapter 10: Competitive Restrictions
Chapter 11: Featuring People in Ads
Chapter 12: Privacy
Chapter 13: Promotions
Chapter 14: The Advertising Industry Ecosystem
Chapter 15: Case Studies
______
If you're interested, I've posted my Spring 2011 exam and sample answer.
Posted by Eric at 09:22 AM | Marketing | TrackBack
August 25, 2011
Claims Against Mylife.com for Allegedly Luring Users to Sign up Using "Your Friend is Looking for you" Emails Proceed -- Clerkin v. Mylife
[Post by Venkat Balasubramani]
Clerkin v. Mylife.com, C 11-00527 CW (N.D. Cal. Aug 15, 2011)
I do not understand the lure of the "your friend is looking for you . . . sign up to our network to find out more" advertisements or emails. Then again, I don't understand why companies continue to engage in this practice. Hapless internet users who sign up to use your service in the hopes of finding that person who was searching for them may not find their long lost friend, but they will find a way to assert claims against you.
Several plaintiffs received emails from Mylife stating that people "were searching for them" on the Mylife website. The named plaintiffs paid trial subscription fees and signed up for Mylife. They alleged that they did not find what they were looking for (the people who were searching for them). Despite their requests, Mylife declined to fully refund them their fees. Plaintiffs asserted various state law claims for unfair competition, unjust enrichment, fraud, and under California's Consumer Legal Remedies Act.
The court first addresses plaintiffs' CLRA claims, which were premised on Mylife's allegedly misleading emails and also on Mylife's billing practices. Plaintiffs alleged that they tried out Mylife with an obviously fake name ("sfsf sdgfsdgs") and still received a message that someone was searching for them. They also alleged that Mylife provided a list of fake names of people who were ostensibly searching for those who signed up. In addition to arguing that the emails were not false or deceptive, Mylife also argued that plaintiffs suffered no damage based on the alleged misrepresentations. The court rejects Mylife's arguments, finding that plaintiffs' allegations that the persons who were purportedly looking for them were fictitious sufficiently alleged that the emails were misleading. As to Mylife's argument that plaintiffs had no suffered damages, the court notes that plaintiffs are paying customers and had not been refunded the full amount of their subscription fees from Mylife. The court also finds that plaintiffs adequately alleged a CLRA claim based on Mylife's billing practices--the plaintiffs alleged that they "signed up for a particular subscription, but that Mylife billed for another."
Having allowed the CLRA claim to proceed, the court also declines to dismiss plaintiffs' claims for unjust enrichment, "money had and received," and their claims under California's unfair competition statute.
Although the court allows the claims against Mylife to proceed, the court dismisses (with leave to amend) the claims against the individual defendants and against Oak Investment Partners, because plaintiffs failed to allege sufficient personal involvement in Mylife's allegedly misleading marketing practices. Separately, the court also grants one of the individual defendant's motion to dismiss on the basis of lack of personal jurisdiction.
Networks, including Classmates.com, Match.com, Reunion.com, Yahoo have been sued over the alleged use of fictitious profiles. The Reunion and Classmates cases both involved allegations similar to those raised by plaintiffs here (e.g., emails that say "your friend is looking for you, join our network to learn more"). The plaintiffs in the Reunion case struggled with the fact that they were not easily able to show damages--it did not look like they had paid money out of pocket in reliance on the alleged misstatements. Classmates, which settled, and this case, both look like they do not have that problem, although it wasn't totally clear from the court's order in this case that the plaintiffs signed up and paid fees in reliance on the allegedly misleading statements.
I'm no marketing expert, but at the end of the day, it's probably easy to conclude that these types of marketing practices are not worth the hassle and are not that effective anyway. If you are considering deploying a marketing initiative similar to those allegedly employed by Reunion and Classmates, ask yourself whether it's really worth it.
As a sidenote, Oak Investment Partners can't be happy about a chunk of its $25m investment being used for this type of a marketing practice. Mylife may or may not be vindicated at the end of the day, but these emails were all but guaranteed to ensnare Mylife in litigation.
Posted by Venkat at 12:23 PM | Marketing
August 24, 2011
Mixed DMCA Online Safe Harbor Ruling in Cloud-Based Music Locker Case--Capitol v. MP3Tunes
By Eric Goldman
Capitol Records, Inc. v. MP3Tunes, LLC, 2011 WL 3667335 (SDNY Aug. 22, 2011).
Background. This case involves MP3Tunes.com and Sideload.com. MP3Tunes is a music storage locker. Small lockers are free, but more storage is available at a price. The system doesn't store redundant copies; if the system recognizes an identical bit stream coming from a second user, it just records the hashtag. Sideload is a music search engine that lets users find free music on the Internet. (It was also a browser plug-in). If users find a music file they like, they can "sideload" the music file into their MP3Tunes' locker as a personal archive copy. MP3Tunes' database tracks the sources of these personally archived files.
Due to other issues being addressed in prior proceedings, this ruling primarily focuses on the applicability of the 17 USC 512 safe harbor. This court expressly interprets 512(d), the safe harbor for linking to infringing content--one of the rare opinions to do so. Like most 512 rulings, this ruling is lengthy and detailed, reflecting the fact that the plaintiff contested a long list of safe harbor elements. As I recently mentioned, god bless the pithy 47 USC 230 immunity and the short opinions it produces.
Result. The net effect is that most of MP3Tunes' operations got a 512 safe harbor defense, but it is contributorily liable for any infringing sideloaded files it didn't remove following a takedown notice, and MP3Tunes' CEO (the persistent Michael Robertson) may be personally liable for any infringing files he personally loaded into his locker. These rulings leave the defendants on the hook for potentially millions in damages. Other questions, such as liability for employees' uploads, were rolled over to trial. Because of this mixed ruling, both sides issued public statements touting their wins. As I'll explain momentarily, both sides also earn some brickbats from me.
Some of the post-ruling punditry has suggested this ruling provides a roadmap for other cloud-based music lockers, including the offerings from Apple, Amazon and Google. While that's partially true, the guidance is limited at best due to the fact-specific nature of the ruling. Perhaps the best news for the other services is that lockers may not have to store redundant copies of user-uploaded files to qualify for a Cablevision defense (see the EFF post for more on this). However, as the Zediva ruling recently showed, it remains uncertain how broadly other courts will read the Cablevision case. Otherwise, I think this case mostly tells us things we already knew but that copyright owners refuse to believe.
Out of this dense and slightly inscrutable ruling, some of the points that I found most interesting:
Bogus Takedown Notices (Yet Again...) EMI sent MP3Tunes overbroad takedown notices. The court says EMI affiliates "provided a list of EMI artists and demanded that MP3Tunes 'remove all of EMI's copyrighted works, even those not specifically identified.'" This was in 2007, NINE YEARS after the DMCA came into effect. Seriously, guys? 512(c)(3) isn't that complicated, and major copyright owners that send notices vastly in excess of 512(c)(3) look like greedy or clueless SOBs.
With the hope that we can avoid future SOBness, here's an offer I extend to any and all major copyright owners. I will happily give you a FREE tutorial on how to draft proper 512(c)(3) takedown notices so that you don't look as asinine as EMI looked here. I'm not worried about these trainings being too much of a drain on my time--they should only take about FIVE MINUTES and involve a variation of RTFM.
Needless to say, the court wasn't impressed by EMI's overreaching takedown notuices. It reminds EMI that a proper 512(c)(3) takedown notice requires the copyright owner to provide sufficient information to locate the infringing files (cite to Wolk v. Photobucket).
MP3Tunes' Takedown Policy. MP3Tunes took the puzzling position that, in response to the overreaching 512(c)(3) notices, it only had to remove specified links from Sideload and not any files downloaded from those URLs into personal lockers--even though MP3Tunes kept the source URLs in its database and could therefore trace those files. Now, if the users had downloaded the files to their hard drives, that wouldn't be MP3Tunes' issue--though, to be clear, the users probably don't have a fair use defense if the files are actually infringing (see, e.g,. the BMG v. Gonzalez case). However, as a cloud service provider, MP3Tunes needs to respond to 512(c)(3) notices when they meet the statutory requirements, even if the locker is supposed to be the user's "private" space. MP3Tunes loses the 512 safe harbor for these files because EMI's 512(c)(3) notices provided adequate information for MP3Tunes to locate the files, and the court says MP3Tunes is contributorily liable for these infringements. MP3Tunes argued a Sony defense that its lockers had substantial non-infringing uses, but the court says Sony applies only to products, not services.
It's unclear how this discussion applies to other cloud-based music lockers. The court distinguishes Viacom v. YouTube because Viacom could easily search YouTube for infringements--which isn't possible with private cloud-based lockers (just as it isn't possible with user hard drives). The court also asserts that any other lockers letting users "sideload" from the Internet must trace URL source and disable all files from that URL in response to a 512(c)(3) notice. But what if the music locker allows users to upload files from their hard drives and don't allow those to be searched? The opinion seems to deliberately avoid addressing that situation. [A related unresolved Q: how copyright owners can find private YouTube videos. I've posted a few myself for use in my Advertising Law course.]
The court dismisses MP3Tunes' seemingly overstated concerns about its liability to users for disabling files in their "private" lockers. MP3Tunes' user agreement expressly allowed this, as I would expect every other cloud service providers' user agreements to do.
Even so, it's 100% clear that cloud storage is different from hard drive storage, and some users are going to get quite a surprise when they learn that third parties can zap files from their cloud storage. (Recall the hubbub over Amazon's zapping of books from Kindle). If Congress weren't so dysfunctional, this would be a good place for a statutory fix. It would make a nice complement to the Digital Due Process initiative to fix the ECPA's application to the cloud.
It's worth noting that users weren't represented in this litigation and had no ability to show that their uses were fair, notwithstanding BMG v. Gonzalez and similar cases. If cloud-based music lockers simply pull the trigger on 512(c)(3) notices on an "ex parte" basis (i.e., without any input from the affected users), their fair use rights become effectively irrelevant unless the sites honor users' putback notices. I think it's critical for cloud-based music lockers enabling "private" lockers to address how they will deal with 512(c)(3) notices and if they will honor 512(g) putback notices. I'd welcome your thoughts on ways that we collectively can monitor cloud service providers' policies and practices on this topic.
Repeat Infringer Policy. MP3Tunes had an adequate repeat infringer policy because, among other things, its users weren't "blatant infringers" (they were just downloading files for personal use and may not have known better) and "MP3Tunes does not purposely blind itself to its users' identities and activities."
Red Flags of Infringement. I continue to assert that "red flags of infringement" is no longer possible given copyright owners' widespread practices of freely seeding their content on the Internet as marketing. EMI did that too. Indeed, the court says "EMI executives concede that internet users, including MP3tunes' users and executives, have no way of knowing for sure whether free songs on the internet are unauthorized." The court further dismisses EMI's mockable argument that the terms "free," "mp3" and "file-sharing" automatically confer red flags knowledge. EMI's takedown notices that didn't comply with 512(c)(3) didn't contribute to any red flags knowledge either.
Vicarious Infringement Standards. The court rejects that the sideloading feature contributed to "financial benefit" because, even if it was a "draw," it had non-infringing uses, and MP3Tunes didn't charge for its usage. MP3Tunes lacked the requisite "control" because it was a cloud storage solution.
Public Performance. EMI argued that MP3Tunes publicly performed the files in users' lockers. MP3Tunes responded with a Cablevision defense. The court explains that MP3Tunes doesn't deliver files from a "master copy" (even though redundant copies aren't made) but instead "uses a standard data compression algorithm that eliminates redundant digital data" and therefore preserves exact digital copies. Thus, MP3Tunes wasn't publicly performing. I didn't understand the technological distinction the court was making, but I didn't find it persuasive at all. The court also distinguished Cablevision because it couldn't qualify for 512, while MP3Tunes does.
DMCA's Applicability to pre-72 Sound Recordings. FN1 says that 512 applies to pre-1972 sound recordings:
The Court agrees with Defendants that the plain meaning of the statutory language makes the DMCA safe harbors applicable to both state and federal copyright claims. Thus, the DMCA applies to sound recordings fixed prior to February 15, 1972.
I believe this is the first ruling reaching this conclusion (am I forgetting one?). The court didn't offer any citations or analysis in support of this conclusion, and I anticipate this issue will continue to be litigated fiercely.
Reminder: in case you missed it, I recently caught up on 4 months worth of online copyright rulings, including several addressing the same or similar issues as this case.
Other comments on this ruling: Techdirt, EFF, CNET News.com
Posted by Eric at 02:26 PM | Copyright , Derivative Liability , Licensing/Contracts , Privacy/Security | TrackBack
Court Affirms Robust ISP Protection For Blocking Bulk Emails -- Holomaxx v. Microsoft/Yahoo
[Post by Venkat Balasubramani]
Holomaxx v. Microsoft, 2011 WL 3740813 (N.D. Cal. Aug, 23, 2011) [pdf]
Holomaxx v. Yahoo, 2011 WL 3740827 (N.D. Cal. Aug, 23, 2011) [pdf]
Eric and I both previously posted on the Holomaxx cases, where Holomaxx sued Yahoo and Microsoft for blocking or filtering bulk emails transmitted by Holomaxx. The court granted motions to dismiss filed against Holomaxx with leave to amend. ("Bulk Emailers (Mostly) Lose Three 47 USC 230(c)(2) Rulings--Holomaxx v. Microsoft/Yahoo & Smith v. TRUSTe.") Holomaxx filed an amended complaint, but it produced no better results. The second time around, the court permanently shuts the door on Holomaxx's claims, finding again that Section 230(c)(2)(A) insulates the ISP's filtering decisions and dismissing without leave to amend.
The result was not terribly surprising, given that the court was initially skeptical of Holomaxx's vague allegations that the ISPs harbored some sort of bad faith when they blocked Holomaxx's bulk emails. As Laura Wise notes in her recap of the oral argument, Judge Fogel asked Holomaxx for its "absolute best argument" that Microsoft and Yahoo harbored some sort of bad faith intent, and he was not swayed by what Holomaxx had to offer. Judge Fogel concludes that the Messaging Anti-Abuse Working Group guidelines which Microsoft and Yahoo allegedly deviated from are not an "industry standard," so Microsoft or Yahoo could be faulted for not following them. He also concludes that the fact that the filtering efforts stopped and re-started is not in any way indicative of bad faith. While he acknowledged some tension between Section 230's robust grant of immunity and Judge Fisher's concern (in Zango v. Kaspersky) that a service provider may abuse filtering immunity by blocking content for "anticompetitive purposes or merely at its malicious whim," the court says that allowing Holomaxx to proceed with only its vague allegation of bad faith would undermine Section 230:
To permit Holomaxx to proceed solely on the basis of a conclusory allegation that [the ISP] acted in bad faith would essentially rewrite the CDA.
The court also dismisses Holomaxx's claims under the Wiretap Act and the Stored Communications Act based in part on Holomaxx's failure to articulate how exactly Microsoft and Yahoo violated these statutes in the course of their filtering efforts. (These statutes are excluded from Section 230 so the court deals with them separately.)
__
As with blocking or filtering decisions targeted at malware or spyware, complaining that the ISP was improperly filtering bulk email (spam) is likely to fall on unsympathetic ears. It would take a lot for a court to allow a bulk emailer to conduct discovery on the filtering processes and metrics employed by an ISP. (Hence the rulings on a 12b motion, rather than on summary judgment.) Here the court reiterates the "good faith" standard for 230(c)(2) is measured subjectively, not objectively. That puts a heavy burden on plaintiffs to show subjective bad faith. Eric's reaction to the Zango case--where the Ninth Circuit held that anti-spyware company Kaspersky's decision to classify Zango as adware was protected--largely alludes to this result:
this opinion is terrific news for vendors of anti-spam/anti-spyware/anti-virus services. Although we have long suspected that they would be protected under 230(c)(2), this opinion codifies their immunization as Ninth Circuit law. As a result, these vendors should continue to have a high degree of freedom to make judgments about how to best serve their customers. On the flip side, this opinion confirms that anyone blacklisted by these software vendors can’t use judicial proceedings to change the classification. Fortunately, most reputable vendors offer an extra-judicial mechanism to correct their misclassification errors.
The only difference is that Microsoft and Yahoo are ISPs, and they could use unfettered filtering discretion to block competitive content, links, or maybe even throttle users (or skew search results). Holomaxx's complaint did not credibly raise any such concerns, so the judge dismisses them.
Previous posts and other coverage:
* Bulk Emailers (Mostly) Lose Three 47 USC 230(c)(2) Rulings--Holomaxx v. Microsoft/Yahoo & Smith v. TRUSTe
* Amendment was futile (Laura Wise)
Posted by Venkat at 11:13 AM | Content Regulation , Derivative Liability , Spam
August 23, 2011
Consumer Reviews at "Local" Review Sites Don't Support Jurisdiction--Wilkerson v. RSL
By Eric Goldman
Wilkerson v. RSL Funding, LLC, 2011 WL 3516147 (Tex. App. Ct. Aug. 11, 2011)
It doesn't bring me a lot of joy to blog another Internet jurisdiction case, but the dispute's substantive issues are important enough to blog this case.
Wilkerson's daughter won the California lottery. RSL approached her to buy the future payouts for a lump sum. The daughter took RSL's deal, but things didn't go well. In response, her dad posted negative reviews of RSL at Yahoo Local and Yelp. In both cases, the review pages allegedly indicated RSL's location, and Wilkerson's reviews indicated he knew the company was located in Houston. He also tried to drum up interest in a class action suit. RSL sued in Texas state court, and Wilkerson interposed a jurisdictional defense.
The majority starts by wisely bypassing the Zippo test. For the number of times it's cited, the Zippo test is often unhelpful and unenlightening. Citing several cases, the majority says the Zippo test would apply to the review site operator but not an individual reviewer:
to the extent that the interactive features of Yahoo! and Yelp are the creations of the owners and operators of those websites, the interactive nature of a large-scale ubiquitous internet presence cannot be fully imputed to an individual user such as Wilkerson for the purpose of determining whether he established minimum contacts with Texas sufficient to justify exercising jurisdiction over him....Thus for purposes of analyzing personal jurisdiction over an individual in a case arising from his internet activity, we decline to reflexively apply the sliding-scale analysis of the interactivity of a commercial internet website to determine jurisdiction over the individual website user.
Amen. This year I added the Illinois v. Hemi 7th Circuit jurisdictional ruling, where the court expressly rejected the Zippo test. Perhaps we're seeing the leading edge of anti-Zippo trend. Personally, I wouldn't shed a tear if the Zippo test were retired--permanently.
The majority instead turns to the "purposeful availment" test. The majority cites the Calder v. Jones case and notes that it looked at the "effects" of the defendant's action, but it doesn't call its test the "Effects test," and I think that affects the result. A consumer reviewer doesn't avail itself of the laws of the state its target is located in, but it might intentionally cause tortious effects in the state. I think the majority mucked this distinction. For example, the majority says:
The evidence merely shows that he performed an internet search for RSL, and that he posted reviews and comments on two different websites where he found an opportunity to do so. Wilkerson made only one express reference to RSL's presence in Texas, stating in his Yahoo! review that phone calls made to offices other than RSL's Houston office are transferred to Houston.
For many courts, this would be enough to satisfy the Effects Test; but it's useless to a purposeful availment test. The dissent points out the problems with the majority's (non-)test.
The majority says that it can't impute the review sites' or review readers' actions against Wilkerson. So even if the review sites aggregate local content that's likely to be read by local readers, the court says it can ignore that. The majority also rejects a lot of RSL's evidence showing geographic intent, saying it wasn't properly authenticated. On that point, the majority says:
The present-day reality of the ever-evolving internet is that the content seen by any particular user is often customized by the website based on the geographic location of the person viewing the website, or the geographic location of the same person's computer servers, or other characteristics associated with the person visiting the webpage. Jurisdiction therefore may not be exercised over a nonresident user based on his use of a website based upon the mere evidence that the website incorporated Texas-related content of an unknown origin, particularly when that evidence only shows the website's content as viewed by a different user at a later time in a presumably different location.
I love this sentiment! Content views may be customized, and it is the responsibility of the plaintiff to address that possibility. I'm glad the majority is asking these kinds of questions. However, under the Effects Test, properly applied, none of this matters. If the plaintiff can show what readers in its local trading area saw, it can show what effect the content may have on those readers. As the dissent says:
Wilkerson's posts were made on websites that distribute reviews of local Houston businesses, specifically referred to RSL's Houston office and to specific employees in the Houston office, made factual statements that complained of RSL's Texas activities as a provider of financial services, and were directed to a medium that would be more likely to reach Texas readers than readers in other states, specifically including actual and potential customers of RSL and of other financial services providers in the Houston area. Furthermore, Texas was the focal point of Wilkerson's posts and of any harm suffered.
Although the majority's analysis is clearly off, it's hardly unprecedented that courts are denying jurisdiction over allegedly defamatory reviews. See the list below. I just wish we had a reliable jurisdictional test that reached that result so we could get there without doctrinal hashes.
I'm not sure where this ruling leaves RSL. Texas just enacted a new anti-SLAPP law with some teeth, so RSL may not want to be in Texas courts anyway. On the other hand, if RSL moves the lawsuit to California, it will run into California's strong anti-SLAPP law. RSL's business is risky enough; perhaps RSL shouldn't gamble any more with potential SLAPPs!
For an example of a more traditional ruling involving a more engaged campaign by the defendant, see Chambers v. Chambers, 2011 WL 3512140 (D. Md. Aug. 8, 2011):
Under the facts alleged, Defendants intentionally directed electronic activity into Maryland with the purpose of causing injury to a Maryland resident. See Silver v. Brown, 382 F. App'x 723, 729–730 (10th Cir. 2010) (holding that defendant's blog, set up in direct response to a business deal and accusing plaintiff of wrongdoing, constitutes an intentional act expressly aimed at the forum state with knowledge that the injury would be felt in that forum). They posted on websites, sent emails to Maryland residents, and created blogs that all contain information regarding a Maryland estate proceeding. Dennis Chambers intentionally sought out Maryland residents when making the alleged defamatory statements about Plaintiff in an effort to harm her reputation. Bonnie Chambers created “HonestChief?” to publicize the Orphans Court case and her disagreement with Plaintiff's handling of it, as evidenced by the blog's content and by the consistent posting of its URL on websites with notably large audiences. These activities go beyond merely “placing information on the Internet.” ALS Scan, 293 F.3d at 712. The manifested intent of Defendants' alleged conduct is to reach Maryland citizens—including Plaintiff--creating a cognizable cause of action in Maryland. See ALS Scan, 293 F.3d at 712. Under the alleged facts, Defendants must “reasonably anticipate being haled into court [here] to answer for the truth of [their] statements.” See Calder, 465 U.S. at 790. Accordingly, Defendants' motion to dismiss for lack of personal jurisdiction will be denied.
Related posts:
* Two Recent Social Media Defendants Avoid Personal Jurisdiction
* Web Host Gets Easy 47 USC 230 Win in Catfight--Johnson v. Arden
* Three Gripers Get Disadvantageous Jurisdictional Appellate Rulings in Defamation Cases
* Ripoff Report Sues Blogger, Loses on Jurisdictional Grounds--Xcentric Ventures v. Bird
* Defamation Lawsuit Against Blogger Dismissed on Jurisdictional Grounds--Fahmy v. Hogge
* Connecticut Blogger Not Subject to Texas Jurisdiction--Healix Infusion v. Helix Health
* Blog Defamation Lawsuit Lacks Jurisdiction--TrafficPower.com v. Seobook.com
Posted by Eric at 01:56 PM | Content Regulation , Evidence/Discovery | TrackBack
August 22, 2011
Deep Packet Inspection Lawsuits: NebuAd Partner ISP Wins Summary Judgment -- Kirch v. Embarq
[Post by Venkat Balasubramani with comments from Eric]
Kirch v. Embarq, 10-2047-JAR (D. Kan. Aug. 19, 2011)
The fallout from Nebuad's ill-fated deep packet inspection continues to percolate through the courts. Plaintiffs sued NebuAd and ISPs in the same forum in Northern California, but the ISPs were dismissed on jurisdictional grounds, requiring plaintiffs to pursue them through local lawsuits. NebuAd reportedly shut down, but lawyers recently announced a settlement over claims against NebuAd. (See: "NebuAd Settles Lawsuit Over Behavioral Targeting Tests.") Interestingly, the $2.4M from the proposed settlement will go to public interest organizations and the lawyers--there's no class payout, and just small payments to the named plaintiffs. This is fairly typical in privacy lawsuits, but settlements like these have elicited a few challenges, most prominently in Facebook's Beacon settlement (which is currently on appeal to the Ninth Circuit).
This particular case is one of the end users' cases against ISPs. They brought claims for violation of the Computer Fraud and Abuse Act, Electronic Communications Privacy Act, invasion of privacy and trespass to chattels. They voluntarily dismissed the invasion of privacy, trespass and CFAA claims. This left the ECPA claim. (The court says the claims were dismissed pursuant to "stipulation," but does not get into detail as to whether there was any settlement associated with this dismissal.)
No derivative liability: The court found for summary judgment purposes that Embarq did not have access to the contents of user communications. Embarq admittedly facilitated NebuAd's tracking and targeting, but this is not enough for plaintiffs to hold Embarq liable:
As plaintiffs' expert testified, Embarq's role was to install the NebuAd device so as to furnish the UTA connection to NebuAd. In other words, the NebuAd device . . . goes into place, then all of the raw data that flows through Embarq is directed to that device, where NebuAd does the analysis and, apparently, separates out the Port 80 traffic. Moreover, plaintiffs cite no authority that Embarq's access to the raw data that flowed through its network constitutes a violation of the ECPA, which requires an entity to actually acquire the contents of those communications. There is nothing in the record that Embarq itself acquired the contents of any communications as they flowed through its network; instead, plaintiffs' theory rests on the notion that the NebuAd System extracted the contents of the communications. Plaintiffs' assertion that Embarq 'endeavored to intercept' communications falls short of creating civil liability under the ECPA, which creates liability for actual interception.
Plaintiffs pointed to the contractual relationship between Embarq and NebuAd as a basis for holding Embarq indirectly liable. The court says clearly that the "civil liability provision of the ECPA . . . does not provide for secondary liability."
User consent: The court also grants Embarq summary judgment on the basis that to the extent there was improper interception, the users consented to it. Embarq's "activation agreement" pointed to its privacy policy and said Embarq could revise it. Prior to deployment of NebuAd, Embarq posted a new paragraph in its privacy policy entitled "preference advertising." This paragraph informed subscribers that:
Embarq may use information such as the websites you visit or online searches that you conduct to deliver or facilitate the delivery of targeted advertisements. The delivery of these advertisements will be based on anonymous surfing behavior and will not include users' names, email addresses, telephone numbers, or any other Personally Identifiable Information.
You may choose to opt out of this preference advertising service. By opting out, you will continue to receive advertisements as normal; but these advertisements will be less relevant and less useful to you. If you would like to opt out, click here. (embarq.com/options)
Subscribers were given an opportunity to opt-out by clicking on a link. Plaintiffs made three arguments as to why this consent should not be viewed as being effective, but the court summarily rejects them all, relying in part on Mortensen v. Bresnan: (1) the scope of the disclosure was inadequate and did not identify NebuAd; (2) the notice was not conspicuous enough; and (3) the opt-out mechanism was insufficient.
__
The NebuAd deep packet inspection idea was ill-fated, but it's interesting to see the litigation play out as it has. NebuAd's insurers settled for a relatively small amount. The claims against the individual ISPs are struggling, and when you throw requests to compel arbitration based on the Supreme Court's decision in Concepcion into the mix, it's going to end up being a long road for plaintiffs.
I'm not sure I can think of a principled reason for this, but I've always viewed deep packet inspection as something that crossed the line. But under existing privacy laws, it's not easy to hold ISPs who partnered with NebuAd liable. Privacy plaintiffs continue to push the envelope but they are repeatedly rebuffed by the courts. As Eric notes, the statutes under which plaintiffs assert causes of action in privacy class actions are convoluted, confusing, and in need of a much-anticipated revamp.
As with the flash cookie cases, I'm curious about the FTC's role in the regulatory quagmire. I would think they could have a significant effect in the area if they came in and took type of action they took against the likes of Google and Twitter against the players in this space. Maybe I'm missing something or there are institutional factors at play (or activities going on behind the scenes), but it certainly seems like the FTC has extracted a large quantity of blood in some situations but is ineffectual or slow to act in others.
Previous posts on NebuAd:
Deep Packet Inspection (NebuAd) Litigation: Court Dismisses ECPA Claim but CFAA Claim Continues
NebuAd Deep Packet Inspection Lawsuits Sputter -- Deering v. CenturyTel & Green v. Cable One
Additional coverage:
Wendy Davis: "Embarq Wins Privacy Suit Stemming From NebuAd Tests"
__
Eric's comments
1) For sake of completeness, I note that a 47 USC 230 defense wouldn't have helped Embarq against the derivative ECPA claim because 230's immunity expressly excludes ECPA claims. See 47 USC 230(e)(4). Thus, this case failed on the prima facie elements. The court says confidently (cites omitted):
The civil liability provision of the ECPA, however, does not provide for secondary liability, as liability attaches only to the party that actually intercepted a communication. As numerous courts have consistently held, a defendant does not “intercept” a communication merely by allowing or enabling, or even directing, another party to intercept communications.
2) The court's conclusion about consent is interesting:
plaintiffs were required to agree to the terms of the Activation Agreement in order to use Embarq’s Internet service; that Agreement incorporated the terms of the Privacy Policy, which informed subscribers that their de-identified data could be shared with third parties; that Agreement informed subscribers that the terms could be changed at any time through posting a new policy at Embarq’s website; and Embarq modified those terms in advance of the NebuAd test to add a paragraph regarding preference advertising, with an opt-out mechanism.
This summary, very much in line with the Mortensen case, shows an extreme judicial deference to Embarq's contract--both in terms of letting broad opaque language serve as user "consent" and letting Embarq unilaterally amend the contract to add new and different terms. We've seen other courts push back on both practices, so I wouldn't recommend Embarq's approach as an industry best practice. It seems especially odd that courts have been so deferential on consent issues given the inherent disagreeability of NebuAd's DPI practices.
3) Along with last week's Bose v. Interclick ruling, chalk this up as another plaintiff loss in a privacy case that most people probably thought was a slam dunk. So many of the pending privacy lawsuits are filed solely because defendants will pay to avoid the adjudication costs of defending their practices under poorly drafted statutes, not because there's any fundamental merit to the cases. We desperately need a complete rewrite of the CFAA and ECPA simply to put them in English so that everyone has a better sense of which cases are meritorious from the outset.
4) An interesting factoid: NebuAd paid less than $30k to Embarq for the trial period. Note to future IAPs who want to experiment with potentially privacy-invasive technologies: it isn't a good financial deal for you! Or, at minimum, get the vendor's insurer to stand behind the vendor's indemnity clause so that you won't spend many multiples of the associated revenue defending yourself when the vendor goes belly-up.
Posted by Venkat at 04:27 PM | Derivative Liability , Licensing/Contracts , Privacy/Security
Federal Geolocation Bills Differ on Scope and Damages (Guest Blog Post)
By Sonya Ziaja
[Sonya is an American attorney and MSc. candidate at University of Oxford. She writes regularly for LegalMatch and Shark. Laser. Blawg.]
Congress will be considering at least two geolocation privacy bills this term. The bipartisan Geolocation Privacy and Surveillance Act (“GPS Act”) tries to tackle both the Fourth Amendment problems with law enforcement's widespread unwarranted use of GPS as well as the pesky consumer privacy issues with data collection. Senator Al Franken's Location Privacy Protection Act separates those issues, and focuses instead only on consumer privacy.
The GPS Act's comprehensive approach to geolocation privacy is admirable. But, in its attempt to regulate such disparate actors as the F.B.I. and Apple, the bill looks like it bit off more than it could chew and lost some teeth—especially with regards to consumer protection. A comparison of the bills highlights a weakness in the GPS Act's enforcement mechanism.
In both bills, enforcement means litigation. Both bills allow for a private right to civil action against non-government entities and individuals that intercept, use or disclose geolocation information. Both bills also provide for equitable relief. So, under either bill, you could sue to stop an entity from collecting or selling your geolocation information. And both bills include a fee-shifting provision, so hiring an attorney shouldn't be too much of a barrier to seeking relief. There are significant differences, though, in how damages are calculated and the limitations on relief in the bills.
On the surface, the GPS Act’s remedies appears stronger. It gives courts two options to assess damages and instructs the courts to use the greater of the two. Either the plaintiff is awarded actual damages plus any profits the offending party gained through the violation; or the plaintiff is granted statutory damages of $100 a day for each day of violation or $10,000, whichever is greater. The first option seems unlikely to act as a deterrent, unless the case is brought as a class action suit, or the individual was in a unique position to lose money from having their location known. So for an ordinary individual bringing suit, statutory damages likely make the most sense under this plan. Successful plaintiffs are guaranteed a minimum $10,000. In addition a plaintiff can sue for punitive damages in “appropriate cases.” What exactly constitutes an “appropriate case” is not described in the bill and is left to the courts to decide.
The Location Privacy and Protection Act takes a more modest and straightforward approach. Potential damages include actual damages (assuming they're beyond a $2,500 threshold) and punitive damages. So an ordinary individual plaintiff could get less under this bill than the $10,000 minimum in the GPS Act.
But while the GPS Act provides for potentially steeper penalties than the Location Privacy and Protection Action, it also contains significant barriers to bringing a successful suit. Chief among these is its statute of limitations. It requires that a plaintiff bring a case within “two years after the date upon which the claimant first has a reasonable opportunity to discover the violation” or the plaintiff loses the right to bring a suit. In other words, if you fail to realize that an entity is intercepting, using or distributing your geolocation information, you're in danger of losing your right to sue and stop that entity from continuing to track you.
The statute of limitation in the Location Privacy and Protection Act is more reasonable. It's still a two-year limit, which would protect corporations from unanticipated lawsuits far into the future. But, where the GPS Act starts the two-year count from the moment that you could have possibly known you were being tracked, this bill starts the two-year count from the date the violation actually happened or the date that you actually learned the violation had taken place.
The GPS Act does take positive steps to protect citizens' privacy rights from law enforcement. But from the point of view of the bill, when those same citizens are viewed as consumers, their privacy no longer seem to be as much of a concern. I would hope that the barriers to enforcement included in the GPS Act are simply oversights and will be remedied in future versions of the bill. Absent changes, however, Franken's Location Privacy Protection Act looks to be the better bet for protecting consumer privacy rights. You might not get the same returns on it as you might from the GPS Act, but at least you have a better chance of being able to sue to stop companies from surrepticiously tracking you.
Posted by Eric at 07:22 AM | Privacy/Security | TrackBack
August 19, 2011
Connecticut Court of Appeals Tackles Authentication of Facebook Messages -- State v. Eleck
[Post by Venkat Balasubramani]
State v. Eleck, (AC 31581 (Conn. Ct. App. Aug 9, 2011)
There have been several recent cases that deal with the authentication of social networking evidence. The Connecticut Court of Appeals recently tackled the issue of whether Facebook messages were properly authenticated. Despite the proffer of circumstantial evidence which tended to show that the messages were authored by the person in question, the court holds that the messages were insufficiently authenticated and therefore properly excluded.
The defendant was charged for assault over an incident at a party. Simone Judway, one of the State's witnesses testified that she talked to the defendant prior to the altercation, and the defendant told her that "if anyone messes with me tonight, I am going to stab them." The defendant sought to impeach Judway's credibility and asked if she had spoken with the defendant following the incident. She said no. The defendant sought to undermine her credibility by showing that she had exchanged Facebook messages with the defendant.
The defendant introduced printouts from his Facebook page which contained messages purportedly from Judway. He also testified that he recognized Judway's Facebook user name (Simone Danielle) as Judway's and that Judway had added him as a Facebook friend shortly before the exchange of messages. Although Judway contested the defendant's claim that she authored the messages, she did not contest that the messages were sent through her Facebook account. She relied vaguely on the fact that her account may have been hacked:
While admitting that the messages were sent from her Facebook account, she simultaneously denied their authorship. She also suggested the she could not have authored the messages because the account had been 'hacked.'
The court notes that the existing rules are sufficient to deal with evidentiary issues raised by social networking evidence:
[w]e see no justification for constructing unique rules for admissibility of electronic communications such as instant messages; they are to be evaluated on a case-by-case basis as any other document to determine whether or not there has been an adequate foundational showing of their relevance and authenticity.
The court also went on to say that circumstantial authentication of these types of messages may be appropriate. Nevertheless, the court held that it was proper for the trial court to exclude the evidence. Strangely enough, the court is skeptical of the argument that the messages were not sufficiently authenticated because the account may have been hacked, but still says that it was up to the defendant to put forth additional evidence to rebut this argument:
Although this suggestion is dubious under the particular facts at hand, given that the messages were sent before the alleged hacking of the account took place, Judway's testimony highlights the general lack of security of the medium and raises an issue as to whether a third party may have sent the messages via Judway's account. Consequently, we agree with the trial court that the fact that Judway held and managed the account did not provide a sufficient foundation for admitting the printout, and it was incumbent on the defendant . . . to advance other foundational proof to authenticate that the proffered messages did, in fact, come from Judway and not simply from her Facebook account.
I blogged about a Maryland case where the Maryland Supreme Court rejected circumstantial authentication of MySpace evidence ("Maryland Supreme Court Rejects "Circumstantial Authentication" Standard for MySpace Evidence"). Although the court in this case pays lip service to circumstantial authentication, it looks like the court has similar skepticism towards the authenticity of this type of evidence. It was fairly surprising that the court bought the argument that the account may have been hacked, and did not rule that this was a credibility issue for the factfinder. Perhaps this is a testament to how widespread Facebook account hacks are perceived to be.
Previous posts:
* Maryland Supreme Court Rejects "Circumstantial Authentication" Standard for MySpace Evidence -- Griffin v. Maryland
* Massachusetts Supreme Court Finds Email Sufficiently Authenticated Based on Surrounding Evidence
Posted by Venkat at 12:20 PM | Evidence/Discovery
August 18, 2011
Another Lawsuit over Flash Cookies Fails -- Bose v. Interclick
[Post by Venkat Balasubramani, with comments from Eric]
Bose v. Interclick, Inc., et al., 10-cv-09183-DAB (S.D.N.Y. Aug. 17, 2011)
Bose sued Interclick, an advertising network, and various advertisers (including McDonald's, Mazda and Microsoft) over "flash cookies" and "history sniffing." As described the court:
[w]hen a user deletes a browser cookie, the flash cookie "respawns" the browser cookie without notice to or consent of the user....
"history sniffing" code, which [contains] a list of web page hyperlinks . . . [uses] the computer's browser to determine whether the computer had previously visited those hyperlinks, and [transmits] the results to [the advertising network's] servers. Interclick used data on the computer's browsing history to select particular advertisements to display on that computer.
Plaintiff asserted putative class claims under the Computer Fraud and Abuse Act, New York's unfair competition statute, and common law trespass.
CFAA claims: Bose asserted three types of damages to support her CFAA claims: (1) impairment of her computer; (2) "loss" based on the collection of personal information; and (3) loss due to "interruption of internet service."
Damage to the computer system: The court canvassed the broad array of losses that can support a CFAA claim, but focused on the issue of whether the loss alleged by Bose satisfied the $5,000 jurisdictional threshold. Boss "[failed] to quantify any damage Interclick caused to her computer . . . ." and what it would cost to remedy this supposed damage.
Collection of personal information: The court rejects Bose's attempt to satisfy the loss threshold by pointing to the alleged misappropriation of her personal information. The court notes that the CFAA provides recovery for "economic damages," and misappropriation of personal information does not qualify. In re DoubleClick arrived at the same result in 2001, and the court rejects her attempt to distinguish DoubleClick on the basis that in this case the network "circumvented" privacy controls that the plaintiff put in place.
Interruption of service: The court also rejects Bose's attempt to argue that the flash cookies caused a slowdown sufficient to invoke the CFAA:
Bose . . . fails to allege specific damage or loss incurred due to alleged interruption of service, or costs incurred to remedy the alleged interruption of service. Even if a flash cookie may reach up to 100 kilobytes in size and may occupy space on Bose's hard drive, Bose fails to demonstrate that the flash cookie caused damage, a slowdown, or a shutdown to her computer.
Aggregation: Finally, the court addressed the issue of whether the damages could be aggregated under the CFAA to meet the $5,000 jurisdictional threshold. The court notes some divergent authority on the issue of whether losses can be aggregated among multiple plaintiffs (as opposed to multiple computers or events) and concludes that each plaintiff has to satisfy the damages threshold individually.
Deceptive business practices: The deceptive business practice requires a consumer-oriented practice that was misleading and that caused injury. The court rejects the defendants' argument that there was no misleading practice. With respect to injury, the court notes that New York law does not require pecuniary injury to maintain a claim; a bare claim for invasion of privacy is sufficient. The deceptive business practices claim against Interclick moves forward. With respect to the advertisers, the court finds that there is no allegation that the advertisers were involved in any way with the misleading practices.
Trespass: Bose claimed that she was "dispossessed of the economic value of her personal information," but the court says this type of a trespass claim is of "dubious merit." Bose also asserted a more conventional trespass claim (a la Intel v. Hamidi). Although the court notes that "there is no allegation that the devices materially affected the condition, quality or value of the computer," the court nevertheless says that her allegations are sufficient to state a trespass claim.
Contract claims: Bose also asserted contract claims, but the court doesn't spend much time before dismissing those claims.
Dismissal with prejudice: The court dismisses the claims against the advertisers with prejudice, finding that any amendments against these defendants would be futile. The court also dismisses the CFAA and contract claims with prejudice.
__
This is the second lawsuit over flash cookies to meet a chilly reception in court. Eric blogged about the Specific Media case (repeatedly cited by this court) earlier this year: "Flash Cookies Lawsuit Tossed for Lack of Harm--La Court v. Specific Media." Cookie plaintiffs just don't seem to have compelling facts in the eyes of the courts. Part of it, no doubt, is the courts' skepticism that anyone who got cookied would care enough about the damage to actually spend money fixing damage to their computers. Plaintiffs rarely allege that they do.
Interestingly, there is mixed authority on whether you can aggregate damages for loss purposes and whether you can assert claims premised on non-economic damages. To my knowledge, some courts had answered these questions in the affirmative, in part based on changes to the CFAA since the DoubleClick decision. But the court here was clearly unwilling to explore the outer reaches of the statute for the sake of these plaintiffs. The tenor of the court's opinion is one of deep skepticism that the plaintiffs is complaining about something that is truly injurious and which warrants judicial intervention:
personal data and demographic information concerning consumers are constantly collected by marketers, mail-order catalogs and retailers. The collection of demographic information does not 'constitute damage' to consumers or unjust enrichment to collectors. Advertising on the internet is no different from advertising on television or in newspapers. Even if Bose took steps to prevent the data collection, her injury is still insufficient to meet the statutory threshold.
It's interesting that the court comes right out and says that even if Bose took steps to prevent the collection, her injury isn't enough to get the court's attention. Not a very privacy-friendly judge here.
In some cases, plaintiffs have sued the advertisers as additional defendants, but the judge here clearly did not see them as appropriate defendants. It's helpful from an advertiser standpoint to get a clear ruling that their mere purchase of advertising on an ad network will not get them sucked into a privacy lawsuit. I wouldn't characterize this scenario as risk-free, but it's still nice that the court made clear that advertisers should not be a part of this lawsuit.
On the other hand, regardless of the legal rules and court decisions, there's little excuse for advertisers to not conduct some due diligence on the networks they deal with. The companies are off the hook in this particular decision, but the advertisers named are established companies, and I would be curious to know the background on how they ended up becoming entangled in a privacy-unfriendly practice that has recently been the focus of a huge negative spotlight.
The court's conclusion on the trespass claim was a little awkward. The court says that a slowdown is required, but despite noting the lack of this allegation, allows the claim to move forward.
It was also somewhat awkward that the court doesn't discuss plaintiff's "history sniffing" allegation at all. The omission is somewhat strange, but it looks like the court just treated Interclick's information collection practices generically. Here's a post from Kash Hill that explains the practice.
It may be too early to tell, but the early indication is that this wave of tracking lawsuits will have a long slog in the courts. This one suffered a pretty big hit at the judge's hands. Both this and the Specific Media case will likely be cited by privacy advocates as to why the current regulatory scheme is broken. I agree that consumers being tracked despite their stated preferences is problematic, but I'm not sure that creating a private right of action is the best solution. A final question. Where is the FTC in all of this? They seem pretty behind the curve in comparison to class action lawyers in the push to regulate privacy.
____________
Eric's comments:
Hey, ad networks: it's not nice to ignore people's expressed preferences about cookies. (I'm not saying the defendants did so in this case; I'm just speaking generally). There may not be legally recognizable harm from placing unwanted cookies, but your consumers are trying to tell you something, and you really ought to listen. Contravening their wishes ticks people off, and it invites legislative bodies to pursue crackdowns like "Do-Not-Track" legislation (whatever that means). If Congress enacts some type of anti-cookie/anti-tracking measure, the ad network industry will have no one to blame but itself (and the Wall Street Journal "What They Know" series).
Hey, plaintiffs: lawsuits over cookies are stupid. The vast majority of us learned that from In re Doubleclick--a decade ago. Cookie lawsuits haven't gotten any more meritorious in the intervening years. So please, just get over it. Meritless privacy lawsuits over advertiser/ad network practices that don't actually harm consumers give legislators some reasons to make privacy lawsuits harder to bring.
Earlier posts:
A Look at the Commercial Privacy Bill of Rights Act of 2011
Flash Cookies Lawsuit Tossed for Lack of Harm--La Court v. Specific Media
Judge Recognizes Loss of Value to PII as Basis of Standing for Data Breach Plaintiff -- Claridge v. RockYou
Posted by Venkat at 08:55 AM | Privacy/Security , Trespass to Chattels
August 17, 2011
Backpage Gets 47 USC 230 Defense for Prostitution Ads--M.A. v. Village Voice
By Eric Goldman
M.A. v. Village Voice Media Holdings LLC, 2011 WL 3607660 (E.D. Mo. Aug. 15, 2011)
M.A. was the victim of a convicted sexual trafficker, Latasha Jewell McFarland. M.A. alleges that McFarland created child pornography of M.A., posted the photos on Backpage as part of advertising M.A. for prostitution, and then acted as a pimp for M.A. M.A. sued Backpage for its role in the tragedy.
The court starts with an interesting discussion about Article III standing. M.A. took the position that she's suing Backpage for running its website, not for the content of McFarland's post. This distinction doesn't make any sense, and the court uses Article III standing to collapse it. M.A.'s real complaint is about McFarland's crimes against her, and the only way M.A. has standing against Backpage for those crimes is based on McFarland's posts to Backpage. Framed this way, Backpage is primed for a 47 USC 230 defense.
M.A. took a comprehensive approach to trying to dislodge the immunity:
* Backpage allows keyword searches. Citing several cases, including Jurin and Rosetta Stone, the court says this is irrelevant.
* Backpage created an adult category. The court cites Dart v. Craigslist in concluding this is irrelevant.
* Backpage takes steps to increase its revenues. Backpage allegedly "tout[ed] its website as a 'highly tuned marketing site' and instruct[ed] posters of ads on how to best increase the impact of those ads." The court responds: "to find Backpage to be not immune from suit based on M.A.'s allegations about how it structured its website in order to increase its profits would be to create a for-profit exception to § 230's broad grant of immunity. This the Court may not do."
* Backpage allegedly knew prostitution was advertised on the site. The court cites several cases for the proposition that knowledge is irrelevant to 230's immunity.
* Backpage "developed" the ads. This was just a rehash of the notice + profit argument. The court says "neither notice or profit make Backpage liable for the content and consequences of the ads posted by McFarland." The court expressly rejects the direct Roommates.com attack on the immunity, distinguishing Roommates and a few other cases by saying " In the instant case, there is no allegation that Backpage was responsible for the development of any portion of the content of McFarland's posted ads or specifically encouraged the development of the offensive nature of that content." The court also notes: "however horrific the consequences to M.A. of McFarland's posted ads were, the ads were created by McFarland."
* Giving Backpage a 230 immunity is "indefensible." This is basically a policy argument, and the court tells M.A. to take it up with Congress.
* Backpage "aided and abetted" a criminal violation. Backpage lacked the specific intent to satisfy the prima facie case. It appears the court also says that 230 preempts aiding-and-abetting liability.
* 230 doesn't apply to criminal prosecutions. This is a civil case premised on a criminal statute, and the court cites Doe v. Bates for the proposition that 230 preempts the civil claims. M.A. argued that Bates was "flawed," but the court responds "[Bates] is supported, however, by other cases applying the broad reach of § 230's immunity to websites that, whatever they did to increase their profitability and visibility, did not create the content of the offensive posted information." The court continues: "this does not lead M.A. without a remedy under § 2255. She may still pursue a civil remedy against McFarland." (And, in fact, McFarland has been required to make restitution and pay other amounts as part of her criminal sentence).
* The "Optional Protocol to the Convention on the Rights of the Child on the Sale of Children, Child Prostitution, and Child Pornography" trumps 230. This treaty wasn't self-executing. Plus, when the Senate ratified it, it declared existing law--which included 230 already on the books--satisfied the treaty.
The court neatly sums things up:
Plaintiff artfully and eloquently attempts to phrase her allegations to avoid the reach of § 230. Those allegations, however, do not distinguish the complained-of actions of Backpage from any other website that posted content that led to an innocent person's injury. Congress has declared such websites to be immune from suits arising from such injuries.
You have to give M.A. credit for effort. The lawsuits tried virtually every trick in the book to overcome the 230 immunity. But you also have to give the judge credit, both for keeping a cool head and for the skillful references to a couple dozen 230 precedent cases.
Combined with Dart v. Craigslist, it seems entirely clear to me that plaintiffs are wasting their time suing classified ad websites for prostitution ads. M.A.'s situation is tragic, but the blame against Backpage is misdirected.
Posted by Eric at 01:44 PM | Derivative Liability | TrackBack
Ikon Office Solutions Had no Duty to Disclose That Office Equipment Retained Data -- Putnam Bank v. Ikon Office Solutions
[Post by Venkat Balasubramani]
Putnam Bank v. Ikon Office Solutions, Inc., 10-cv-1067 (WWE) (D. Conn.; July 5, 2011)
Putnam Bank filed a putative class action on behalf of those who purchased and leased office equipment from Ikon, alleging that Ikon improperly failed to disclose that this type of equipment automatically saved images of documents that had been printed, faxed, scanned, or copied. The complaint alleged that not only did Ikon failed to disclose this, Ikon failed to destroy the data when such equipment is returned. The complaint further alleged that Ikon knew or should have known that the equipment would be used to fax, print, scan and copy documents which contained sensitive information (e.g., social security numbers, birthdates, medical records, and business data). Putnam sued under Connecticut's unfair trade practices statute, under general negligence and breach of contract theories, and under Connecticut's data breach statute.
Did Ikon Have a Duty to Disclose? A key question relevant to the negligence, unfair trade practice and data breach statute claims: did Ikon have a duty to disclose in the first place? Negative, says the court. According to the court, the data breach statute "is directed to businesses that collect or keep personal information." Ikon does neither by incidentally coming into contact with personal information that their customers have placed on office equipment that Ikon leased out. Additionally, the data breach statute only kicks in where there has been a breach, and Putnam failed to allege that "a breach of security [had] occurred."
The allegations regarding identity theft were, as usual, too speculative:
The amended complaint does not allege facts establishing a reasonable belief that an unauthorized person has accessed personal information from the office equipment used by Putnam. The allegations are confined to an undetermined degree of risk of identity theft.
Was Ikon bound to disclose by its implied duty to act in good faith? Putnam pointed to the implied duty of good faith and fair dealing as a basis for Ikon's duty to disclose. This duty requires a party to not take action that "would injure the other party's right to receive the benefits of the contract." The court found that the complaint did not include allegations of bad faith on Ikon's part. Putnam argued that the lease agreement did not address "the storage devices in office equipment," but the court says that this is not indicative of bad faith.
Was there a common law duty to disclose? Putnam also argued that Ikon had a common law duty to disclose. The key question on this issue was whether it was foreseeable to Ikon that leasing equipment would create a risk of its customers having to incur expenses associated with credit monitoring and ID-theft prevention. This turned on whether reasonable business persons in Ikon's position would expect disclosure of the risk in question. The court says no. The "essence of the transactions between Putnam and Ikon was the lease of office equipment, not the protection of data that would be saved on the equipment." There was no allegation that Ikon knew that Putnam was unfamiliar with the data storage aspect of the equipment or that Putnam expected digital storage to be covered by the lease.
Did Ikon have a contractual obligation to disclose? Finally, the court dismisses Putnam's contract-based argument. The agreement was silent on the issue of data security. Putnam tried to argue that "common trade practice" was to imply a term as to data security but the court is unswayed.
__
It's become entirely predictable that data breach plaintiffs will be rebuffed if they don't assert any out-of-pocket losses. Courts have said time and time again that data breach plaintiffs who don't suffer out of pocket costs cannot maintain a claim, and that the costs of monitoring is not damage that the law typically provides compensation for. Here, the plaintiff tried to argue that the data breach statute required disclosure. Not only was there no breach to speak of, the court questioned whether the statute applied to Ikon at all, since it did not collect any information.
Users of office equipment should obviously have some control over whether data is stored and erased when this equipment is returned to vendors such as Ikon. In some instances, the users may not want their data to be stored at all. But for some reason, many machines are manufactured to store such data. I wondered about whether manufacturers provide a mechanism and instructions on how to wipe hard drives on office equipment. A quick Google search unearthed this LifeHacker post which advised on erasing a copy machine's hard drive ("Erase Your Copy Machine’s Hard Drive to Wipe Important Documents"):
most manufacturers provide exact instructions on how to clear this data, so check your machine's manual before you get rid of it.
It looks like many manufacturers or vendors provide some instructions and a mechanism for making sure data is wiped from the equipment. But the court did not place responsibility on the vendor in this case to make sure this issue was addressed. It would have been nice to see some details around manufacturer/vendor practices and whether information on how to wipe the particular pieces of equipment in question was readily available (i.e., in the equipment manuals) but the court did not delve into this issue. Obviously individual employees may not have much control over storage and deletion of digital images, so they may want to avoid using office equipment to copy highly personal documents.
Related posts:
Starbucks Data Breach Plaintiffs Rebuffed by Ninth Circuit -- Krottner v. Starbucks
9th Circuit Affirms Rejection of Data Breach Claims Against Gap -- Ruiz v. Gap
The [Non]enforceability of Privacy Promises--Pinero v. Jackson Hewitt
Acxiom Not Liable for Security Breach--Bell v. Acxiom
When Does a Privacy Policy Breach Support a Breach of Contract Claim? In re JetBlue
Posted by Venkat at 11:14 AM | Privacy/Security
August 16, 2011
A Close Look at Missouri's "Amy Hestir Student Protection Act" (Guest Blog Post)
By guest blogger Sydney Muray, Certified Paralegal
In the 1980s, a 12-year-old girl named Amy Hestir was manipulated by her seven-grade music teacher into an abusive sexual relationship that lasted over a year. While Amy suffered severe emotional trauma as a result of her experiences, the teacher simply transferred from district to district until he retired. The relocation of sexually predatory teachers around the state to avoid accountability was a practice so common that the Missouri Department of Education termed it “passing the trash.” At the age of 40, Amy Hestir gave her story in testimony to the Missouri legislature in support of legislation sponsored by Sen. Jane Cunningham that sought to impose stricter limitations on contact between teachers and students. Cunningham fought for the legislation for five years before it was passed unanimously as SB54 and named the “Amy Hestir Student Protection Act.”
The bill, signed into law by Gov. Jay Nixon on July 14, 2011 and effective Aug. 28, 2011, contains provisions that are intended to prevent future incidents of "passing the trash" in four main ways.
1) Mandatory reporting requirements and elevating investigations to the Children’s Division from the local district.
2) The creation of a special task force (“Erin’s Law”).
3) Stronger background checks and penalties for teachers with recorded sexual abuse.
4) Mandated creation of new district-level communication policies and a state-level restriction on website use:
S162.069. By January 1, 2012, every school district must develop a written policy concerning teacher-student communication and employee-student communications. Each policy must include appropriate oral and nonverbal personal communication, which may be combined with sexual harassment policies, and appropriate use of electronic media as described in the act, including social networking sites. Teachers cannot establish, maintain, or use a work-related website unless it is available to school administrators and the child's legal custodian, physical custodian, or legal guardian. Teachers also cannot have a non work-related website that allows exclusive access with a current or former student.
The portion in bold has received national attention as a “Facebook ban,” although Facebook is neither the target of the legislation nor the only site covered by the law. “Exclusive access” is defined by the bill as any website that requires mutual consent by both the teacher and student in order to access information, making the range of the bill extremely broad. Work-related websites can still be used if both the school’s administrators and the parents or guardians of the child have access to all the information being exchanged, but schools and teachers will be walking a fine line by trying to use any site which falls under the new law.
The ultimate scope of the law will depend on the way in which it is enforced, but the language of the bill could easily be extended to all social networking sites, and even educational services like Blackboard. The issue is that even if a site is work-related, its content and the exchanges between teachers and students need to be available to administrators and parents or guardians, and many of these services have built-in features for private messaging and sharing restrictions which might run afoul of the new law. This establishes one more barrier for educators who want to incorporate modern applications with communication components into their classes. Even if enforcement is not so severe, educators and administrators will be trying to make decisions about how new technologies fit into the vague parameters of the bill at their own risk.
As such, there is an understandable concern that this may have the unintended consequence of stifling attempts to innovate and modernize primary and secondary education by effectively banning many popular services and placing others in uncertain territory. The American Civil Liberties Union has also voiced concerns that the bill’s language may be so broad as to ban teachers simply having an account on a social networking site also used by students, although Sen. Cunningham has said that the law is only intended to regulate direct communication and is not supposed to stop teachers from just having accounts or communicating with students publicly.
The response by teachers to the bill has been mixed. Many object to what they see as a presumption of guilt and a sign of mistrust. Additionally, some teachers have expressed concern that this bill will deny students the opportunity to communicate with them about sensitive matters through mediums that they feel comfortable using. The students in the Missouri school system today grew up with social networking sites, and they are in many ways reliant on them. However, the most extreme concern is that the lack of privacy in correspondence could deter students from telling a teacher they trust about the very kind of abuse that the bill is trying to address.
On the other hand, some teachers have expressed support for the new requirement imposed by the law on districts to create unambiguous guidelines for contact of any kind between teachers and students. Besides the concern about improper contact, there is a broader issue about the changing relationship between students and teachers. The increased use of social networking has placed many educators in a difficult gray area where it is unclear where the boundaries should lie. The policies and guidelines of local districts simply have not kept pace with technological advancement, making the mandate to create new and clear policies a reasonable requirement.
The disconnect in the bill is that it handles private communication between teachers and students in radically different ways depending on the medium. S162.069 categorically prohibits private correspondence through websites, but in the first two sentences, it only mandates that districts draft policies to deal with all other venues of communication. There is no evidence that social networking and other websites are uniquely risky or prone to abuse in comparison to any other form of communication, but they are treated in a completely different way. The most obvious explanation is that the decision was not based in risk assessment, but in a generation gap in how people communicate. The adoption of new communication technology is highly uneven between different age groups, and the average parent or legislator is less likely to see redeeming qualities in a technology that they do not use. The specific restriction of website use does not show a distrust of teachers, but distrust in a venue of communication that has been the subject of a recent wave of sensationalist news and with few passionate advocates in the Missouri legislature.
This is not the first time Missouri wrestled with the issue of trying to update old laws and regulations to reflect modern communication technology, nor is the Missouri General Assembly alone in taking bold moves. In 2006, a 13 year-old Missourian girl named Megan Meier committed suicide after being the victim of a cruel hoax and harassment through MySpace by Lori Drew, the mother of one of her peers. The response to the tragedy was nationwide and especially visceral because Missouri’s harassment laws at the time did not cover the online bullying directed at Megan. The inability to get a conviction under state law was infuriating to many, and prompted a campaign of harassment and retaliation. Many jurisdictions also reacted strongly, passing laws seeking to prevent a similar tragedy. The most questionable and dangerous response did not come from the Missouri General Assembly itself, but from the federal effort to prosecute Mrs. Drew under 18 U.S.C. § 1030, also known as the “Computer Fraud and Abuse Act.” While the attempt ultimately failed, many legal experts warned that the logic the prosecution used in applying the CFAA would have effectively criminalized the violation of terms of service (ToS) agreements, adding criminal penalties to what has been an exclusively civil matter. Had that set a precedent, users could have faced federal charges for not following the lengthy and rarely-read agreements that are a part of nearly every online service.
In the cases of both Hestir and Meier, young Missourian students were preyed upon by adults in gross betrayals of common trust. Both cases were invoked to justify either the introduction of new legislation or the reapplication of older legislation in order to address potential misuse of the Internet. They are reminders that both the federal and state governments often fail to account for changing conditions or new technologies until after a tragedy occurs, and responses to tragedies are less likely to be carefully evaluated for unintended consequences or be narrowly tailored. The new law in Missouri displays this by packaging long overdue reforms with an unfortunately vague and inconsistent restriction on the use of modern communication tools by educators and students.
Posted by Eric at 04:11 PM | Content Regulation | TrackBack
Racy Teen Photos Posted to Facebook Are Constitutionally Protected Speech--TV v. Smith-Green
By Eric Goldman
T.V. v. Smith-Green Community School Corp., 2011 U.S. Dist. LEXIS 88403 (N.D. Ind. Aug. 10, 2011).
It appears we will get a steady stream of legal rulings about teens being teens while playing around with Facebook accounts. The last time we blogged on this topic, In re Rolando S., the court whiffed by holding that joyriding someone else's Facebook account was felonious identity theft. In this case, involving school discipline for racy Facebook photos, the court reaches a more sensible result.
The court summarizes the background:
During a summer sleepover, plaintiffs -- 16 year old T.V. and 15 year old M.K. -- posed for some raunchy photos which they later posted online [to Facebook, MySpace or Photobucket]. When school officials caught wind of the saucy online display, they suspended both girls from extracurricular activities for a portion of the upcoming school year.
The court describes the photos:
Prior to the first sleepover, the girls bought phallic-shaped rainbow colored lollipops. During the first sleepover, the girls took a number of photographs of themselves sucking on the lollipops. In one, three girls are pictured and M.K. added the caption "Wanna suck on my cock." In another photograph, a fully-clothed M.K. is sucking on one lollipop while another lollipop is positioned between her legs and a fully-clothed T.V. is pretending to suck on it.
During another sleepover, T.V. took a picture of M.K. and another girl pretending to kiss each other. At a final slumber party, more pictures were taken with M.K. wearing lingerie and the other girls in pajamas. One of these pictures shows M.K. standing talking on the phone while another girl holds one of her legs up in the air, with T.V. holding a toy trident as if protruding from her crotch and pointing between M.K.'s legs. In another, T.V. is shown bent over with M.K. poking the trident between her buttocks. A third picture shows T.V. positioned behind another kneeling girl as if engaging in anal sex. In another picture, M.K. poses with money stuck into her lingerie -- stripper-style.
I haven't seen the actual photos, but I can draw four conclusions from this court's description:
1) This isn't really my kind of humor, so I totally missed the joke. But then again, I wasn't part of the intended audience.
2) As a parent, I probably would be disappointed if my daughter posted photos like this when she becomes a teen.
3) Members of Generation X and older believe photos like this could be debilitating to the teens in later life. It's less clear that photos like this actually will debilitate Gen Y/millennials (I believe these girls just make that group, although there's some debate about the cutoff for Generation Y) and subsequent generations. After all, a non-trivial percentage of Gen Y will have posted similar photos, so what seems odd to Gen X may seem natural to Gen Y.
4) These photos depict teenage girls testing their limits and exploring sexual topics. As the girls themselves explained, "the photos were taken and were shared on the internet because the girls thought what they had done was funny and 'wanted to share with [their] friends how funny it was.'" We might wish they did so in a different fashion, and we certainly would advise them not to post the photos to a social networking site, but the girls are engaged in the kind of trial-and-error behavior we expect from teenagers.
Overall, while taking and posting the photos was probably an ill-advised choice, I can excuse those judgments as teens being teens. However, I cannot excuse the immature response of the school administrators, who disciplined the girls for the photos even though they had nothing to do with the school. The girls were active in school extracurricular activities (perhaps not surprisingly, one of them was a cheerleader), but these photos had no connection to those activities; and the photos caused some unwanted nattering in the halls--as would any off-campus development subject to the heightened drama of high school. As the court says edgily, "at most, this case involved two complaints from parents and some petty sniping among a group of 15 and 16 year olds." In all other respects, the slumber parties and resulting photos were off-campus activities in every sense of the word.
So why did the administrators feel like they had to do something about them? As we've seen too many times before, school administrators (probably Gen Xers or baby boomers) apparently overreacted by applying their rules to a new generation developing its own--and different--set of rules. I remain hopeful that we'll see fewer of these lawsuits as school administrators stop freaking out about the Internet. Reminder to other educators: the girls' conduct presented a serendipitous teaching opportunity for all students, including the girls. Seize it, don't squelch it!
The remaining question is whether the administrator overreaction violated any constitutional rights. The court answers yes because the photos were Constitutionally protected, and therefore disciplining the students for the photos violated the students' First Amendment rights. The court virtually gnashes his teeth in reaching this conclusion:
I wish the case involved more important and worthwhile speech on the part of the students, but then of course a school's well-intentioned but unconstitutional punishment of that speech would be all the more regrettable.
Still, the judge correctly notes:
The provocative context of these young girls horsing around with objects representing sex organs was intended to contribute to the humorous effect in the minds of the intended teenage audience.
Kudos to the judge for recognizing that these photos have significant speech implications, however questionable their wisdom or taste. Teens are going to misuse their social networking accounts, but the type of limit-testing they engage in is exactly what we need the First Amendment to protect.
On the other hand, I agree with the court that a lengthy federal court battle over the photos and the resulting discipline overdramatizes the situation. The school administration should have quickly backed off. Because they didn't, the resulting costs of this litigation were a bummer for everyone. We may need more tailored adjudicative processes to cost-effectively resolve overreactions to social networking site posts.
Eugene Volokh's take on the case:
I think this ruling is correct, given Tinker and Fraser. What children did as home is subject to discipline by those with authority of the home — the parents — if those authorities think that the behavior is improper. But government-run schools don’t have, and shouldn’t have, authority to control students’ speech 24/7, even when the students are outside school. And while it’s possible that they may discipline students for such speech when it truly substantially disrupts behavior inside the school, there has to be a pretty high bar for that, a bar that the school’s arguments didn’t clear.
A few related blog posts (a list that amply demonstrates the legal system currently isn't effective at dealing with teens being teens online):
* Logging Into Someone Else's Facebook Account and Posting Messages on Their Friends' Walls Could Be Identity Theft -- In re Rolando S.
* Cyberbullying and Restorative Justice [a Long-Delayed Post on DC v. RR]
* Student Loses First Amendment Fight To Call School Officials “Douchebags” After Four Years Of Litigation--Doninger v. Niehoff (Guest Blog Post)
* Court Finds Juvenile Delinquent Based on Allegedly Offensive Instant Messages -- In re Alex C.
* Private Facebook Group's Conversations Aren't Defamatory--Finkel v. Dauber
* Third Circuit Schizophrenia Over Student Discipline for Fake MySpace Profiles
* Principal Loses Lawsuit Against Students and Parents Over Fake MySpace Page--Draker v. Schreiber
* Teenager Busted for Creating Fake "News" Story
Posted by Eric at 08:40 AM | Content Regulation | TrackBack
August 15, 2011
Missouri Federal Court Says LegalZoom Could be Engaged in the Unauthorized Practice of Law -- Janson v. LegalZoom
[Post by Venkat Balasubramani]
Janson v. LegalZoom, Inc., 2:10-CV-04018-NKL (W.D. Mo. Aug. 2, 2011)
Background: LegalZoom offers "blank legal forms that customers may download." In addition, LegalZoom makes available an internet portal. Here's how LegalZoom describes this aspect of its services in an advertisement:
Over a million people have discovered how easy it is to use LegalZoom for important legal documents, and LegalZoom will help you incorporate your business, file a patent, make a will and more. You can complete our online questions in minutes. Then we'll prepare your legal documents and deliver them directly to you.
Another advertisement states that after answering a "few simple online questions . . . you get a quality legal document filed for you by real helpful people."
Through its portal, LegalZoom makes available various documents, including entity formation documents, estate planning documents, pet protection agreements, and copyright, trademark, and patent applications. Customers pick what type of document they wish to have prepared and answer various questions via a "branching intake mechanism." The questionnaire process is "fully automated," although LegalZoom sometimes provides recommended selections based on how a majority of previous customers answered a particular question. After customers complete the questionnaire, a (human) LegalZoom employee reviews the data for errors or inconsistencies. After the data file is approved, LegalZoom's software creates a document based on the customer's input. A (human) LegalZoom employee then reviews the document again and fixes any formatting problems. The completed document is then mailed (and in some cases emailed) to the customer where the customer can choose to execute the document or take it to a real live lawyer and have him or her advise as to next steps. (This is the process the court describes for agreements, wills, and similar documents. The process for filings varies.)
Plaintiffs sued, asserting that LegalZoom was engaged in the unauthorized practice of law. Plaintiffs also asserted claims for "money had and received" and the Missouri Merchandising Practices Act. Plaintiffs never had any personal interactions with LegalZoom employees; nor did they believe that they were "receiving legal advice while using the LegalZoom website."
Discussion: The court starts with a review of Missouri precedent interpreting Missouri's unauthorized practice statute. Although the statute contains definitions for the "practice of law" and "law business," the court notes that it's ultimately up to the judiciary--which is the "sole arbiter of what constitutes the practice of law"--and not the legislature to determine what crosses the line.
The two main Missouri cases on the unauthorized practice issue were Hulse v. Criger and In re Thompson. Hulse involved a real estate business which prepared legal documents as an "ancillary" service to Hulse's business as a realtor. The Missouri Supreme Court said the preparation of legal documents did not violate unauthorized practice rules, as long as the document preparation services were ancillary to the main business and no separate fees were charged for preparing documents. In Thompson, the court said that the sale of "do-it-yourself divorce kits" was fine, as long as no "personal advice as to the legal remedies or the consequences flowing therefrom" is given.
The court concludes that LegalZoom's sale of blank forms is not the problem. The court finds problematic fact that LegalZoom prepares a document in accordance with a customer's preferences, and conveys the impression that LegalZoom does something more than allowing the customer to pick and choose among various clauses:
LegalZoom's internet portal offers consumers not a piece of self-help merchandise, but a legal document service which goes well beyond the role of notary or public stenographer. The purchaser [in Thompson] understood that it was their responsibility to get it right. In contrast, LegalZoom says 'Just answer a few simple online questions and LegalZoom takes over. You get a quality legal document filed for you by real helpful people.'
Interestingly, the court finds that even LegalZoom's decision tree questionnaire, which allows the customer to craft his or her own document, may be problematic:
LegalZoom's branching computer program is created by a LegalZoom employee using Missouri law. It is that human input that creates the legal document. A computer sitting at a desk in California cannot prepare a legal document without a human programming it to fill in the document using legal principles derived from Missouri law that are selected for the customer based on the information provided by the customer. There is little or no difference between this and a lawyer in Missouri asking a client a series of questions and then preparing a legal document based on the answers provided and applicable Missouri law....
The Missouri Supreme Court cases which specifically address the issue of document preparation . . . make it clear that this is the unauthorized practice of law. The fact that the customer communicates via computer rather than face to face of that the document is prepared using a computer program rather than a pen and paper does not change the essence of this transaction.
The court rejects LegalZoom's request for summary judgment and says that there is a factual question as to the role played by LegalZoom in the transaction. LegalZoom also raises First Amendment and Due Process arguments but the court rejects these as well.
___
The court's conclusion that LegalZoom's software service may constitute the unauthorized practice was interesting. Is there a key difference between what LegalZoom does and "document assembly" services? The court says that offering "blank forms" is clearly OK, but what if someone offered blank forms that could be customized by the client? What if, along with a blank set of forms, someone offered a database and a FAQ that allowed customers to weigh the benefits of various contractual provisions and select the ones that the customer felt was most appropriate for his or her situation? Should it really matter that LegalZoom made this easier by taking in the customer's input through a decision tree and then spitting out a legal document? The line between offering a large variety of forms and offering a customized document where the customer gives input to determine clauses seems awfully thin.
One of the potential problems for LegalZoom is that its advertisements (cited by the court) did not square with its service. At its core, LegalZoom seems like a turn-key document generation service, but its advertisements do not embrace the image of the self-reliant non-lawyer drafter of legal documents. LegalZoom says that "it" will take care of preparing your legal documents, and as a bonus, LegalZoom's team of "real helpful people" will be available to assist. It was entirely predictable that LegalZoom's marketing wanted to put out the image of LegalZoom "taking care of everything" for the customer and, to the extent LegalZoom's marketing and legal departments had any sort of a battle over this issue, the marketing department apparently won out. (It is really a selling point that you are entrusting your legal document to a software application?) Not that it would have necessarily helped, but I'm surprised also that LegalZoom did not have its customers agree to any sort of disclaimers.
Eric pointed out via email that this factual scenario is hardly new. Unauthorized Practice of law Committee v. Parsons Technology, Inc. was a dispute (in 1999!) over whether "Quicken Family Lawyer" violated the unauthorized practice rules in Texas. Like LegalZoom's service, QFL also asked "a series of questions relevant to filling in the [relevant] legal form" and generated a document. As described by the court:
[Plaintiff] alleges that QFL acts as a 'high tech lawyer by interacting with its 'client' while preparing legal instruments, giving legal advice, and suggesting legal instruments that should be employed by the user.' In other words, QFL is a 'cyber-lawyer.'
The court there had no trouble concluding that the QFL service violated the unauthorized practice rules, so the result in the LegalZoom case is hardly unprecedented.
A few other oddities about this case. The court says that it's solely the province of the courts (and the Missouri Supreme Court) to determine what constitutes the unauthorized practice, but it looks like the decision may end up falling to a jury rather than the court. To the extent there is a mechanism available to it, I'm surprised the court did not just certify the question to the Missouri Supreme Court. I also wondered about the availability of a Section 230 defense for LegalZoom. Its advertisements and human intervention likely make for a Section 230 argument difficult to make. Even removing these two elements, to the extent the defense was available, the case looks like it would make for a fun application of the Ninth Circuit's Roommates decision.
Finally, the court mentions the fact that the plaintiffs in question "never believed that they were receiving legal advice while using the LegalZoom website," and did not have any contacts with LegalZoom employees. While the court's overall conclusion on the unauthorized practice issue is certainly defensible (in light of the statute and case law), the court does not reconcile its decision with these bad facts with respect to the two named plaintiffs, or any procedural class action issues that this raises.
This may seem like a snarky afterthought, but I'm surprised LegalZoom didn't clear these issues with local jurisdictions in advance. They may end up winning (either at this stage or the next) but I wondered what this ruling does for public confidence in their services.
Additional coverage:
Order in LegalZoom Case (Richard Zorza's Access to Justice Blog)
Is Legal Software Conduct? True or False? (eLawyering Blog)
Class Action Claims Online Legal Forms Pose Threat To Consumers (WSJ)
Posted by Venkat at 09:11 AM | E-Commerce
August 12, 2011
The 9th Circuit Tackles a Pair of Internet Jurisdiction Cases
[Post by Venkat Balasubramani]
I'm inclined to agree with Eric that internet personal jurisdiction cases are not the most exciting. The resolution of a question over whether personal jurisdiction is proper often has more to do with whether the court likes your case or finds it interesting than with whether the non-resident defendant satisfied the "Zippo's sliding scale" or some other test. It ends up being a crapshoot much of the time, albeit one that's informed by the court's view of the equities.
The Ninth Circuit issued two new decisions dealing with personal jurisdiction online. Both applied the Supreme Court's recent decision in J McIntyre Machinery, Ltd. v. Nicastro [pdf]. How did that precedent change things? As best as I can tell, it didn't--personal jurisdiction cases continue to be as erratic as always.
Mavrix Photo v. Brand Technologies [pdf]:
Mavrix is a Florida-based photo agency that licenses celebrity photos. It has a California presence. It maintains an office in Los Angeles, employs LA-based photographers, and has a registered agent in California. Brand is an Ohio corporation which runs celebrity-gossip.net. The court notes that celebrity-gossip.net is ranked number 3,622 out of approximately 180 million websites (per Alexa) and receives "more than 12 million unique visitors and 70 million U.S. page views per month."
In 2008, one of Mavrix's photographers shot photos of Josh Duhamel and Stacy Ferguson ("better known by her stage name 'Fergie' . . . [whose group] has sole some 56 million records in the last decade and has won Grammy awards for such hit singles as 'I Gotta Felling' an 'My Humps.'"). Brand allegedly reposted the photos to Brand's website, and Mavrix sued for copyright infringement. The district court dismissed, finding that personal jurisdiction was not proper. The Ninth Circuit reverses.
The court finds that Brand "continuously and deliberately" exploited the California market, but the facts it points to are somewhat curious. Brand's site has third party advertisers and these "third-party advertisers on Brand's website had advertisements directed to Californians." The court relies on this to conclude that Brand "knows--either actually or constructively--about its California user base, and . . . it exploits that base for commercial gain." At the same time, the court also notes that there was nothing in the record to show that "Brand marketed its website in California local media."
The court does not point to any facts that Brand itself targeted Brand's website to California residents. Third party advertisers may have done so, but obviously advertisers will be interested in targeting locally and offering local products or services. Typically, personal jurisdiction cannot be exercised absent a showing that there is some sort of targeting on the part of the non-resident defendant. In tort or infringement cases, courts tend to imply purposeful direction where the non-resident takes acts which the defendant knows or reasonably should know will be felt in the forum state. Causing harm to a celebrity who is a California resident is the classic example of this (this was the result in Calder v. Jones, which employed the "effects test" to find jurisdiction). That wasn't the case here. Although Mavrix's business revolved around celebrity culture, it was a Florida corporation.
Ultimately, the Ninth Circuit relies on the online version of the stream of commerce analysis, under which an online publisher or infringer who has substantial traffic from all fifty states can be sued anywhere (in any state):
where, as here, a website with national viewership and scope appeals to, and profits from, an audience in a particular state, the site's operators can be said to have 'expressly aimed' at that state.
But I thought this is exactly the opposite of what the Court said in J. McIntyre, where the Court found the stream of commerce approach--which looked to the forseeability of the product ending up in a forum state as a basis for personal jurisdiction--problematic:
The owner of a small Florida farm might sell crops to a large nearby distributor, for example, who might then distribute them to grocers across the country. If foreseeability were the controlling criterion, the farmer could be sued in Alaska or any number of other States’ courts without ever leaving town.
McIntyre resulted in a fractured opinion with no clear majority. Mavrix takes the approach that any highly trafficked website whose advertisers engage in local targeting can be sued pretty much anywhere. It's almost as if the Ninth Circuit is sending out a flare to the Supreme Court, asking for this case to be taken up.
[Eric's brief note: this reminds me a little of the old LICRA v. Yahoo battle from over a decade ago, where the fact that Yahoo (as an ad network) targeted ads to French users supported French jurisdiction. That was a bad decision even then. But at least in that case, Yahoo built and ran the geo-targeting technology. Here, the court doesn't close the loop to establish that Brand cultivated advertisers seeking to target CA residents or otherwise affirmatively try to connect its CA readers with advertisers. Bad ruling.]
CollegeSource v. AcademyOne [pdf]:
This is a crazy, long, drawn out dispute over . . . wait for it, digitized versions of college course catalogs. CollegeSource has digitized a significant volume of catalogs and is the established player in the space. AcademyOne comes along and asks about licensing CollegeSource's catalogs but CollegeSource declines. AcademyOne then hires a foreign contractor to collect catalogs from the internet. Somehow AcademyOne ends up with a slew of CollegeSource catalogs. Although it's not totally clear, it looks like AcademyOne's contractor accessed catalogs from the websites of colleges and universities, but in many instances, the institutions simply linked to the files as they resided on CollegeSource's server. Thus, AcademyOne appears to have obtained several course catalogs which were digitized by CollegeSource and which contained CollegeSource's watermark.
CollegeSource sued, alleging Computer Fraud and Abuse Act and terms of use (breach of contract) violations. (Here's a post on the Pennsylvania edition of the dispute between the parties: "College Course Description Aggregator Loses First Round in Fight Against Competitor in Scraping Case.")
The district court granted AcademyOne's motion to dismiss for lack of personal jurisdiction, and the Ninth Circuit reverses. The court says that general jurisdiction is not proper because AcademyOne is a Pennsylvania corporation that does not have any sort of a significant presence in California. However, the court says that specific jurisdiction is proper. Why? Because AcademyOne knew that it was taking acts which would harm a California company when it downloaded course catalogs owned by CollegeSource. AcademyOne approached CollegeSource about a potential licensing relationship and most likely learned that CollegeSource is a California company in this process. AcademyOne (or its contractor) also saw the CollegeSource watermark when they downloaded the course catalogs. Finally, AcademyOne, as the entrant in a very small competitive space would undoubtedly be aware of CollegeSource. The court finds these facts, along with the fact that some of AcademyOne's employees registered to try out CollegeSource on a trial basis (and would have presumably learned of CollegeSource's location this way), sufficient to establish personal jurisdiction over AcademyOne.
It's unclear as to whether the actions of AcademyOne's contractor will be attributed to AcademyOne for all purposes or just for jurisdictional purposes. It looks like the parties will have to duke out the issue of derivative liability under the Computer Fraud and Abuse Act and California's anti-hacking statute in the next chapter of this litigation. This particular chapter ends with a win for CollegeSource.
__
I'm trying to make some sense of the two opinions (you almost wish the court would have compared the two opinions since they were issued together and both authored by Judge Fletcher).
In both cases the court rejected general jurisdiction, finding that the "exacting" standard for establishing general jurisdiction had not been satisfied. In the CollegeSource case, the court noted that AcademyOne advertised to California-specific AdWords, but this did not move the needle for purposes of general jurisdiction. Interestingly, in CollegeSource the court did not rely on targeting to find specific jurisdiction proper. The court instead relied on AcademyOne's awareness (or imputed awareness) of where CollegeSource was located. These types of facts were almost non-existent in Mavrix--there was nothing to show that Brand knew in advance where Mavrix was located. This wouldn't have mattered anyway because Mavrix was headquartered in Florida, not California. It looks like Mavrix takes a "general jurisdiction for infringing content" approach to jurisdiction. If your content or website infringe and you have enough traffic and locally target, you can be sued in any state, even one where the plaintiff does not reside. A somewhat scary result for larger publishers and websites.
Oddly, in Mavrix, the court notes that things have changed since the advent of Zippo's "sliding scale" approach--the court rejects Mavrix's attempt to argue that Brand is subject to general jurisdiction because it had a highly interactive website:
Many of the features on which Mavrix relies to show Zippo interactivity--commenting, receiving email newsletters, voting in polls, uploading user-generated content--are standard attributes of many websites. Such features require a minimal amount of engineering expense and effort on the part of the site's owner and do not signal a non-resident defendant's intent to 'sit down and make itself at home' in the forum by cultivating deep, persistent ties with forum residents. To permit the exercise of general jurisdiction based on the accessibility in the forum of a non-resident interactive website would expose most large media entities to nationwide general jurisdiction. That result would be inconsistent with the constitutional requirement that 'the continuous corporate operations with a state' be 'so substantial and of such a nature as to justify suit against the nonresident defendant on causes of action arising from dealings entirely distinct from those activities.'
While the Ninth Circuit cautions against a test for general jurisdiction which would cast an overly broad net in terms of personal jurisdiction over non-resident defendants, that seems to be the precise result of the court's specific jurisdiction analysis.
Posted by Venkat at 01:03 PM | E-Commerce
Catching Up on 4 Months of Online Copyright Cases--Myxer, Hotfile, Megaupload, Flava Works, Zediva, Blue Nile, Perfect 10, Rojadirecta
By Eric Goldman
Online copyright cases have been coming at such a furious pace that I haven't had a chance to keep up. This blog post wraps up the last 4 months of decisions.
Arista Records v. Myxer, Inc., 2:08-cv-03935-GAF-JC (C.D. Cal. April 1, 2011)
Myxer allows users to upload sound files and create downloadable ringtones up to 40 seconds long. The plaintiffs claimed 90+% of the ringtones were at least 34 seconds; but Myxer claims its average length is 25 seconds and that this is shorter than Audible Magic can reliably filter. Myxer claims to be a tool for independent artists to easily get their music into the mobile environment, but of course users can upload third party copyrighted material. UMG objects to the ringtones at Myxer because the downloadable ringtones disrupt its paid-download ringtones business. For reasons that aren't explained, UMG apparently never sent a proper 512 takedown notice, and Myxer treated the complaint as a takedown notice.
In a perplexing but unexplained statement, the court says "The undisputed facts in the present record establish that Myxer has directly infringed at least one of Plaintiff's exclusive rights, pursuant to § 106." The court further says there is no "volitional" defense in the 9th Circuit. This shifts the battle over the 512 safe harbors.
Agreeing with the UMG and YouTube cases, the court says user downloading qualifies for 512 coverage. The adequacy of Myxer's repeat infringer policy and the expeditiousness of its removal was deferred to trial. Citing Io, the fact that terminated users could re-register didn't disqualify Myxer from the 512 defense. The court rejected UMG's arguments that Myxer had generalized knowledge of infringement and says "to the extent that Plaintiff suggests that Myxer should have taken additional steps to filter infringing material on the Myxer Website, ‘the DMCA does not place the burden of ferreting out infringement on the service provider.’" With respect to direct financial benefit, the court says the test is "whether the infringing activity constitutes a ‘draw’ for users, not just an added benefit."
Myxer also loses a fair use defense. It's pretty clear that Myxer kept the maximum ringtone length fairly short as part of a fair use strategy, but the court circularly says Myxer took the best part, i.e., the chorus.
The most remarkable thing about this opinion is its length--75 pages. Easily, 17 USC 512 opinions are, on average, double or even triple the length of 47 USC 230 opinions. That's because 17 USC 512 has so many more words--and elements--than the pithy 47 USC 230, and plaintiffs contest virtually every word in a 512 defense. This makes for long and sometimes ponderous opinions. As a reader of judicial opinions, let's hear it for short immunities!
Disney Enterprises, Inc. v. Hotfile Corp., 11-20427-CIV-JORDAN (S.D. Fla. July 8, 2011)
Hotfile is a cyberlocker. Part of its business model is to give faster download speeds to paying members. Hotfile pays uploaders who post popular large files, which could naturally encourage people to upload infringing files.
Unlike the Myxer case, and following in the footsteps of the old Netcom case, the court rejects Hotfile's direct liability: "the law is clear that Hotfile and Mr. Titov are not liable for direct copyright infringement because they own and manage internet facilities that allow others to upload and download copyrighted material.... nothing in the complaint alleges that Hotfile or Mr. Titov took direct, volitional steps to violate the plaintiffs’ infringement" [sic—the last word should have been "copyright"]. As a result, the court grants the defendants' motion to dismiss the direct infringement claim.
The court distinguishes some 1990s cases (Webbworld and Russ Hardenburgh, among others) suggesting otherwise, saying that, in those cases, the defendants uploaded files themselves or used software to search for files. The court also expressly disagrees with Capitol v. MP3Tunes and Arista v. USENET.com. This is a pretty unpersuasive distinction based on the facts of the precedent cases, and I think it highlights the weakness of the "volitional" defense. The fact is that all but the most passive of hosts or conduits take some affirmative steps towards customizing the downloader's experience, and trying to parse which of those steps constitute "volitional" conduct and which don't is leading to the inevitable doctrinal incoherence.
Having said that, I thought we decided that web hosts aren't directly liable for user-caused infringement 15 years ago. I can't believe we're still wasting our time on this issue in 2011.
Not surprisingly, the secondary infringement claims survived the motion to dismiss.
Perfect 10, Inc. v. Megaupload Ltd., 2011 WL 3203117 (S.D. Cal. July 27, 2011)
Megaupload is another cyberlocker with a terrible brand name. Its business model appears similar to Hotfile's. Like Hotfile, it also sought a motion to dismiss the direct infringement claim. Unlike Hotfile, the court sees enough volitional conduct to survive the claim. It would have been great if the opinion did a compare/contrast with the Hotfile opinion, but sadly Hotfile wasn't mentioned at all--but, naturally, the MP3Tunes and Usenet.com cases (the ones the Hotfile court trashed) were. Sigh.
As usual, Perfect 10 apparently failed to send a proper 512(c)(3) takedown notice. They sent 22 notices in all, but allegedly 21 related to stuff that wasn't theirs. (Huh?) The court can't do much with this on a motion to dismiss and tells Megaupload to put it in its answer. The court does dismiss the vicarious infringement claim, saying that Perfect 10 didn't properly allege the requisite supervision over infringing activity beyond alleging supervision of the system.
Perfect 10's trademark infringement claims get Dastar-ed, but the dilution claims survive. Perfect 10's allegation is tarnishment because its high-quality photos are intermingled with junk photos. Seriously?
Flava Works, Inc. v. Gunter, 2011 WL 3205399 (N.D. Ill. July 27, 2011)
This case involves myVidster, another lousy trademark. After the cataclysmic flameouts of Napster, Grokster, Aimster, Friendster and so many others, who thinks the "-ster" suffix is still cool??? myVidster is small operation, mostly focused on porn, that allows users to "bookmark" a video. From the description, it sounds like myVidster is like a delicious-style link aggregator that embeds the linked videos, but the court confusingly goes out of its way to say myVidster isn't a linking site:
MyVidster does not simply link to video files displayed on another site; it embeds the files on its own site at the direction of users. In other words, when a visitor to myVidster clicks on a video that is posted there, the video plays directly on myVidster, and the visitor remains on the myVidster site; he or she is not taken to the site that hosts the video file.
Right, that sounds like a linking site to me. It's not clear to me how defense counsel failed to get the judge to grasp this essential fact.
The court describes that myVidster adds some metadata. The court shares this panicky observation: "In cases where a myVidster user bookmarks another user’s bookmark, the ‘source code’ will be a myVidster URL even though the original file of the video may be hosted elsewhere." Quelle horreur! Exactly where would the court like that link to go? The court might not have realized that linking user #1 might have added its own metadata or other users may have posted comments that linking user #2 would want to incorporate.
Flava produces gay ethnic porn. It discovered that myVidster users were embedding lots of its content. It sent multiple DMCA takedown notices. Flava claimed that myVidster's response to its takedown notices was erratic--sometimes it would take everything down, sometimes it would remove the link but leave up a thumbnail, and sometimes it would ignore the notice. myVidster responded that it did a better job than that and produced a chart showing its responsiveness. The court discounts the chart because it was not prepared on a timely basis and wasn't sufficiently credible in its preparation, but in a footnote, the court makes it clear it just didn't believe myVidster's principal:
In any event, although it does appear that it was sometimes like pulling teeth to obtain full compliance from Gunter, as discussed infra, the crux of the problem here is not so much the removal of the infringing videos; it is Gunter’s attitude toward copyright protection and his related refusal to adopt measures to prevent or reduce copyright infringement on myVidster as well as to adopt and implement an appropriate policy regarding repeat infringers.
This quote shows that it’s not a good idea to displease judges hearing online copyright cases. As we learned in Io v. Veoh, websites that go beyond the DMCA and proactively fight copyright infringement get a lot of extra credit from judges. For more on this in the trademark context, see Stacey Dogan’s new article, “We Know It When We See It.”
In myVidster's case, its principal took the highly unusual position that anything publicly posted to the Internet was fair game for linking--irrespective of its underlying copyright status. For example, the principal said: "my policy on repeat infringers are those who are using myVidster as a ways and means to distribute content that is not publicly available." He repeatedly told copyright complainants to take it up with the video host, because removing the links from his site wouldn't remove the file itself from the Internet. This is true, but it's not really sensitive to the emerging legal obligations of intermediaries.
Based on the view that anything publicly posted was freely linkable, user-posted links implicated myVidster's repeat infringer policy only if they went to password-protected sites or private URLs. I find it hard to believe that a lawyer recommended this standard. Because of this policy’s incredibly narrow scope, myVidster only had a single user who got a repeat infringer warning. The court didn't have kind words for this policy: "Gunter’s ‘repeat infringer’ policy is in fact no policy at all, at least with respect to copyright infringement....His definition of ‘repeat infringer’ does not encompass copyright law."
The court has little trouble establishing prima facie contributory copyright infringement. Users posted links to infringing videos. myVidster's principal knew of these links from the DMCA takedown notices. He didn't remove the links (or only partially remove them) upon notice. The court says his view about the free linkability of publicly posted but infringing videos "is the epitome of ‘willful blindness.’" The court also cites his failure to implement filters to prevent repeat infringement or to take recourse against the infringing users.
The general operation of a linking site counted as a material contribution. It also cited the fact that the site offered paid hosting as a way to avoid the possible breakage of links (the court said that "encouraged" infringement), and the site's principal also encouraged infringement through his own personal "favorites" list, which included “Star Trek,” “Crank 2,” and “Hancock”--and at a hearing, he stubbornly said that only the copyright owner could tell if the movie posting was infringing. The court also cited the website’s failure to discourage users from infringing copyrights—this was a doctrinal shortcut by the court.
Needless to say, myVidster doesn't get a 512 defense. The court says brusquely: "It is difficult for us to understand how defendants can argue with a straight face that they have adopted and reasonably implemented a ‘repeat infringer’ policy."
It's frustrating to see a ruling like this. myVidster had a legitimate chance of legal success if it got competent legal counsel from day 1 (or, if they did, if they listened to their lawyers) and baked in even the minimum industry-standard anti-infringement efforts. But the misguided view that anything online was linkable couldn’t be defended in court, and the extremeness of that view (combined with the principal's mule-like refusal to give any ground) gave the court too much liberty to say doctrinally unhelpful things as part of a judicial bodyslam.
Although it's largely mooted by the summary judgment opinion, the court's opinion on the motion to dismiss is also interesting. The court dismissed the direct infringement claim (correctly IMO), and on the vicarious infringement claim, echoed the (uncited) Perfect 10 opinion by saying that "To sufficiently allege the element of “right and ability to supervise,” plaintiff will have to allege more than the mere ownership and operation of myVidster." Similarly, the court follows in the (uncited) Myxer court's footsteps by saying the plaintiff "does not allege that the presence of the infringing material on the site enhances the site’s attractiveness or draws customers." As a result, the court tossed the vicarious infringement claim too. The inducement claim also dropped out because of "formulaic" pleading. Finally, the court tossed the trademark claims because they didn't show how myVidster made a use in commerce. Yet, all of these defense-favorable rulings that narrowed the case didn't save myVidster from a disastrous contributory copyright infringement ruling. But, for other defendants, it shows how victory was attainable for myVidster had it followed a better recipe for clean living.
Warner Bros. Entertainment Inc. v. WTV Systems, Inc., 2:11-cv-02817-JFW -E (C.D. Cal. Aug. 1, 2011)
Unlike most of the other cases here, this is not principally a secondary infringement case. However, it bears some commonalities with the other cases.
Zediva was trying to find a way to take advantage of the Cablevision case to offer a video "rental" service online. Zediva would acquire DVDs and essentially check them out to paying customers such that only 1 customer could enjoy the DVD at any one time. Frankly, if the Cablevision case is good law, Zediva has a point. However, I've been troubled by the Cablevision precedent, and this opinion shows that Cablevision isn't a very robust precedent as the court basically says "nyet" to a similar application in a new context.
Zediva's main failing is that it doesn't maintain separate copies of the downloadable file for each viewer as Cablevision did. Of course, that probably wouldn't be profitable for Zediva, because it presumably needs to amortize the DVD's purchase price over multiple viewers. (Unlike Cablevision, which had already paid for the license fee to obtain the digital bits through its cable retransmission license). Then again, it would be really lame if the legal rule is that we have to build wasteful redundant systems to avoid copyright infringement. That was the implicit rule from Cablevision, and this court doesn't let Zediva cut that corner.
The court says Zediva is publicly performing the videos. Its main citation is to the On Command case from 2 decades ago and the Redd Horne case from over a quarter-century ago. How's this for some circular logic: "Defendants’ transmissions are ‘to the public’ because the relationship between Defendants, as the transmitter of the performance, and the audience, which in this case consists of their customers, is a commercial, ‘public’ relationship regardless of where the viewing takes place." Huh? The court distinguishes Cablevision because each viewer had his/her own dedicated copy of the video, unlike the shared copy of the DVD in this case.
Citing the Myxer case (discussed above), the court says that the Ninth Circuit hasn't adopted a volitional defense.
This opinion is pretty bad, but IMO the worst part is the court's discussion of irreparable injury. Check out this parade of horribles:
* Zediva might "jeopardize the continued existence of Plaintiffs’ licensees’ businesses" (really?!) because consumers find Zediva’s service more attractive than the crappy options officially sanctioned by the movie studios.
* "Defendants’ service threatens the development of a successful and lawful video on demand market and, in particular, the growing internet-based video on demand market. The presence of Defendants’ service in this market threatens to confuse consumers about video on demand products, and to create incorrect but lasting impressions with consumers about what constitutes lawful video on demand exploitation of Plaintiffs’ Copyrighted Works, including confusion or doubt regarding whether payment is required for access to the Copyrighted Works."
* "Defendants’ service also threatens the development of a successful and lawful video on demand market by offering a sub-optimal customer experience and, thus, tarnishing customers’ perception of video on demand as an attractive option for viewing Plaintiffs’ Copyrighted Works." In particular, the court cites Zediva's inability to let multiple customers share the same DVD simultaneously against it, saying that telling customers that a video is "out of stock" will turn off video-on-demand customers permanently.
After reading this, I get the sense that the movie studios think the video-on-demand industry is more fragile than a 1980s Jaguar.
The court spent a lot of time discussing the movie studios' windowing. This reminded me of recent language from the Second Circuit Barclays' case:
The adoption of new technology that injures or destroys present business models is commonplace. Whether fair or not, that cannot, without more, be prevented by application of the misappropriation tort.
Perhaps copyright law can prevent it.
Blue Nile Inc. v. Ideal Diamond Solutions Inc., 2011 WL 3360664 (W.D. Wash. Aug. 3, 2011)
This is a piercing-the-corporate-veil case. Chasin is the principal of IDS, an outsourced online jewelry website operator for offline jewelry retailers. Blue Nile (remember them?) claims IDS republished its copyrighted product shots. Chasin defended that he personally didn't do it, so he should not be personally liable. The court grants summary judgment to Blue Nile.
On direct infringement, the court says (footnotes omitted):
There is no question that IDS was the “brainchild” of Larry Chasin, that IDS “was a small company”, and that Chasin “controlled the corporate affairs”. In addition to creating and controlling IDS, Chasin licensed the development of the infringing websites, and had the power to direct the removal of infringing content.
Any lack of knowledge goes to damages as an innocent infringer, not to the merits. Of course, if the photos had a copyright notice, the innocent infringement defense may be unavailable, so I'm not sure the court did Chasin any favors there.
On vicarious infringement, the court says (cites omitted):
Chasin admits that he had the ability to remove the infringing content and that he controlled the corporate affairs of IDS; thus he had the right and ability to supervise the infringing activity. He also admits that he personally invested “over $440,000 cash” into IDS and that he received salary and benefits from IDS, thereby giving him a direct financial interest in IDS.
Without more insight into the source of the allegedly infringing photos, it's hard to know just how bad this ruling is. I believe that officer/investor liability for a company's copyright infringement remains undertheorized, and I'd love to see more attention paid both to the doctrinal fine points and to the policy implications of treating someone like Chasin as a direct and vicarious copyright infringer. If you’re looking for a paper topic, this might be worth considering.
I also continue to howl that product shot-related lawsuits are a ridiculous tax on the entire retailing industry, and an area that desperately needs reform. One idea I've been kicking around is a commons-style repository of product shots. If you're interested in kicking this idea around, contact me.
Perfect 10 v. Google, No. 10-56316 (9th Cir. Aug. 3, 2011)
Perfect 10 is in the Ninth Circuit again. This Ninth Circuit panel (the opinion was written by Judge Ikuta) made it very clear that it did not want to discuss the main event--i.e., the merits of Perfect 10's lawsuit against Google. I think that's because the panel knows that the case's substantive issues are coming back to it soon enough (it's interlocutory now), and this panel didn't want to skew the substantive analysis when the time comes.
Instead, this opinion is about the standards for a preliminary injunction in copyright cases. The district court denied preliminary injunctive relief to Perfect 10, while at the same time ruling mostly in Google's favor. In this opinion, the Ninth Circuit weaves eBay v. MercExchange into the standards for preliminary injunctions in copyright cases. The court holds:
We therefore conclude that the propriety of injunctive relief in cases arising under the Copyright Act must be evaluated on a case-by-case basis in accord with traditional equitable principles and without the aid of presumptions or a “thumb on the scale” in favor of issuing such relief.
As a practical matter, this opinion ought to make it harder for copyright plaintiffs to get preliminary injunctions, And unlike many recent Ninth Circuit opinions, I believe there's a realistic chance that other Ninth Circuit panels will honor this holding. The opinion is well-reasoned and a logical extension of the Supreme Court's eBay decision.
The court goes on to say that it wasn't an abuse of discretion to deny a preliminary injunction to Perfect 10, even if it meant they would go out of business. (We can only hope). Basically, the court called BS on Perfect 10's claim that Google is wrecking its business, noting (among other things) that Perfect 10 "failed to submit a statement from even a single former subscriber who ceased paying for Perfect 10’s service because of the content freely available via Google." It is really hard to be too sympathetic towards a copyright owner who seems far more passionate about litigating than in giving consumers reasons to patronize it.
Puerto 80 Projects SLU v. USA, 1:11-cv-04139-PAC (SDNY Aug. 4, 2011)
Rojadirecta is a Spanish operation that runs linking sites. Naturally, some links are to infringing material. Rather than send takedown notices or sue Rojadirecta for infringement, the US government (DHS ICE) just took the domain names on the theory that they were being used to commit criminal copyright infringement. There are numerous problems with ICE’s seizure, including jurisdiction (Rojadirecta is legal in its home country), doctrine (the US government will have a tough time showing criminal copyright infringement), procedure (all of this was done without an adversarial process) and the Constitution (the domain name was the functional equivalent of a printing press for Rojadirecta). The DHS ICE's efforts to shut down a purportedly "rogue" site has, in fact, caused our own government to go rogue itself.
In this lawsuit, Rojadirecta tries to get its domain name back. The applicable statute was designed to govern physical chattel, not virtual printing presses. In a remarkably tone-deaf opinion, the court has none of it. The statute at issue effectively puts the burden on Rojadirecta--an odd place for the burden to rest, given that the US government still hasn't proven anything--and the court doesn't see enough reason to disturb the status quo.
Consider the tone-deafness of the court's response, keeping in mind that the underlying allegation is criminal copyright infringement, where the government's burden should be higher than in a civil case. Rojadirecta argues that it's losing users who can't find it due to the seized domains. The court responds that Rojadirecta has other domains, and "Rojadirecta has a large internet presence and can simply distribute information about the seizure and its new domain names to its customers." Well, yes, it can bang the drum through other media, but by definition there's no way to ensure the publicity reaches folks who only knew of Rojadirecta at the seized domains. Contrast Judge Kozinski's discussion in the Toyota v. Tabari case, a trademark lawsuit over a domain name:
the Tabaris needed to communicate that they specialize in Lexus vehicles, and using the Lexus mark in their domain names accomplished this goal. While using Lexus in their domain names wasn’t the only way to communicate the nature of their business, the same could be said of virtually any choice the Tabaris made about how to convey their message.
In general, it's repugnant under the First Amendment for the court to second-guess a publisher's choices of how to communicate with its audience. Here, the court does just that, and ignores any lost audience because ICE has blocked the publisher's preferred communication method. Corynne at the EFF has more to say about this point.
The court makes the same error when it expressly discusses the First Amendment. The court says "the fact that visitors must now go to other websites to partake in the same discussions is clearly not the kind of substantial hardship that Congress intended to ameliorate in enacting § 983." That is true, but only because 983 contemplated the government would seize physical chattels that putatively facilitate crimes, not virtual printing presses. So when the government misuses its power to reach speech-facilitating chattels, the court should modulate accordingly.
The judge doesn't permanently shut the door on the First Amendment issues or other relevant defenses, but he's apparently not yet appreciated the magnitude of the government's errors either.
Posted by Eric at 09:29 AM | Copyright , Derivative Liability | TrackBack
August 10, 2011
Defamation Claim Over Stock Board Discussion Easily Dismissed--Desai v. Clark
By Eric Goldman
Desai v. Clark, 2011 WL 3359971 (N.D.Cal. August 2, 2011)
I've been seeing a steady stream of defamation and related claims over discussions in stock message boards. This case is representative of what I'm seeing.
Ketan Desai is a consultant in the biotech space and a contributor on the financial news site SeekingAlpha. In 2008, he wrote two posts predicting bad business developments for a publicly traded company, Myriad Genetics. (Post 1; Post 2). His first post disclosed that he shorted the stock at $55, and his second post says he covered the put (apparently profitably).
Christopher Clark, who works as "an analyst in the RS Growth Team" for investment bank RS Investments, posted the following comment under the pseudonym "Seadog":
Being right or making money. On May 13th (when you told us so) the stock closed at $41.25. After the negative news it never broke below $45. How exactly did you make money on this put trade again? And you doubt the rationale that they will be profitable in FY09? They are roughly break even right now and have substantial net outstanding losses. The diagnostics business is hugely profitable (45% operating margins when not spending on their DTC campaign, 40% when they are) and growing rapidly. When you have sustainable revenue, cut spending on dead programs and pay no taxes, that falls to the bottom line. $60mm/45mm shares = $1.33 from cutting that program alone. Nothing in their pipeline warrants a trial near the scale that they undertook with Flurizan—that spend level is not coming back. Stick with collecting degrees, Doc. May try English next—one datum leads but many data lead.
Desai objected to several aspects of this post (including the snarky personal attack--there's a grammar nazi in every crowd), but the allegedly false factual assertions by Clark/Seadog were (1) the implied price of his put (he put at $55, not at $41.25) and (2) implying that Desai was skeptical about the company's profitability when Desai had expressed skepticism about the company's burn rate. Desai also complained about an internal email circulated by RS Investment's general counsel calling him a "delusional egomaniac."
The judge only needed 1 paragraph to explain why they statements weren't actionable opinions, and she dismisses without leave to amend. The opinion doesn't say it expressly, but the judge seems to understand the nature of stock discussion boards and the sometimes overheated discussion that takes place there. By those standards, this exchange was unusually erudite. The opinion doesn't acknowledge that another reader pointed out Seadog's alleged mistake on the put pricing in a subsequent comment, so perhaps any errors were sufficiently corrected by the community on the spot.
The judge ruled on the defendant's motion to dismiss, not an anti-SLAPP motion. This perplexed me because this case looked like a SLAPP and the easy dismissal suggests that an anti-SLAPP motion also would have easily prevailed--with the benefit that Desai would be on the hook for defense counsel fees. It looks like an implicit failing of anti-SLAPP doctrine that defense counsel apparently bypassed an anti-SLAPP motion even when facing what looked to me like a SLAPP.
Interestingly, the court sidesteps the possibility that one or both of the litigants had conflicts of interests in their discussion about Myriad Genetics. SeekingAlpha had a field for conflicts disclosures on main posts, and Desai looks like he appropriately disclosed his put. I don't know if Clark or RS Investment had any interests in Myriad Genetics, but "Seadog" didn't provide any identifying information on the site or disclose any conflicts in the comment. A defamation lawsuit isn't the right vehicle to hammer conflicts of interest, and the FTC and SEC have been remarkably laissez-faire about that as well--especially interesting in the FTC's case given its overall push against inauthetic content online.
Posted by Eric at 07:24 AM | Content Regulation | TrackBack
August 09, 2011
Zynga Wins Arbitration Ruling on "Special Offer" Class Claims Based on Concepcion -- Swift v. Zynga
[Post by Venkat Balasubramani with comments from Eric]
Swift v. Zynga, 2011 WL 3419499 (N.D. Cal.; August 4, 2011)
The US Supreme Court decided AT&T Mobility v. Concepcion earlier this year, and a question left open in that decision is how the Federal Arbitration Act's preemption of state laws which disfavor arbitration clauses would play out in the online context. Most people thought that this decision would allow internet companies to push consumer claims into arbitration through provisions in relevant terms of use agreements, and a recent ruling involving Zynga seems to confirm this.
Background: Swift alleged that she accepted "special offers" while playing Zynga's Facebook apps. She argued that the special offers were misleading, and sued Zynga as well as two of its advertising partners. The lawsuit was originally filed in late 2009 and amended in February 2010. Following the Supreme Court's decision in Concepcion, Zynga moved to compel arbitration and to stay the litigation in light of the Supreme Court's ruling.
Plaintiff received the allegedly misleading offers through Zynga's "YoVille" app, which during the relevant time period contained the following arbitration provision:
You agree that any suit . . . arising out of or relating to these Terms of Use or any of the transactions contemplated herein or related to the Service or any contests or services thereon . . . shall be resolved solely by binding arbitration before a sole arbitrator under the rules and regulations of the American Arbitration Association ("AAA"); provided, however that notwithstanding the parties' decision to resolve any and all disputes arising under these Terms of use through arbitration, Zynga may bring an action in any court of applicable jurisdiction to protect its intellectual property rights or to seek to obtain injunctive relief or other equitable [sic] from a court to enforce the provisions of these Terms of Use or to enforce the decision of the arbitrator. The arbitration will be held in San Francisco.
This agreement was silent as to whether the claims could be aggregated. The terms were presented to Swift when she first decided to start playing the game via a link under a button titled "allow access," which provided notice that the application would access Swift's Facebook profile information. Under the "allow access" button, the app presented the following text:
By proceeding, you are allowing YoVille to access your information and you are agreeing to the Facebook' terms of service in your use of YoVille. By using YoVille, you also agree to the YoVille Terms of Service.
In August 2009 Zynga implemented a "Universal TOS," which contained terms that were different from the YoVille Terms of Service. As relevant to the present dispute, these terms required arbitration on an individual basis, and excluded disputes relating to "theft, piracy, invasion of privacy" from their scope. [I'm not sure what Zynga's rationale is for excluding privacy-related claims from the arbitration clause, but this could end up being relevant to the growing number of privacy lawsuits against Zynga.]
Discussion:
Was there a binding agreement requiring arbitration? Swift argued that she did not assent to the YoVille terms because the terms were not presented in a leakproof manner--i.e., she could access the application without affirmatively representing that she agreed to the terms. Swift relied on Specht v. Netscape and Hines v. Overstock for the proposition that "submerged" terms cannot be enforced by an online merchant. The court disagreed and held that Specht and Hines were distinguishable. In both cases, the consumer would have to hunt around to find the terms, whereas in this case, the terms were presented right underneath the button which allowed Swift to access the application. The court pointed to the fact that Swift did not affirmatively put forth any evidence that she did not read or agree to the terms. The court also pointed to Register v. Verio, where the Second Circuit enforced the online terms and rejected Specht's implication that an "I agree" button was a prerequisite to enforcing online terms.
Did plaintiff's claims fall within the arbitration clause? Swift argued that since claims involving "theft" were excluded from the arbitration clause, her claims were not subject to arbitration. The court doesn't treat this argument very seriously, noting that the "complaint against Zynga cannot reasonably be construed as including a claim for "theft," and therefore the complaint is not expressly exempted from the arbitration clause."
Did Zynga waive the right to arbitrate its claims? Swift also argued that Zynga waived the right to arbitrate its claims, by never raising the issue of arbitration and litigating the case for over a year and a half before raising the issue of arbitration. She also pointed to a clause in the universal terms which said that if the bar on class arbitrations is found to be unenforceable, then the dispute will be litigated. She brought up a variety of arguments in support of this claim (e.g., Zynga acted inconsistently with its right to compel arbitration; she will be prejudiced) but the court rejects all of these arguments. Because Zynga could not have compelled arbitration pre-Concepcion, and since no court found the arbitration clause unenforceable--thus requiring the parties to proceed in court--nothing stops Zynga from seeking to compel arbitration based on Concepcion. In the court's view, because:
Zynga acted promptly following the change in the law by ceasing litigation activity and moving to compel . . . it acted consistently with its rights.
Are the Universal Terms unenforceable because they are unconscionable? Plaintiff raised an unconscionability argument but seems to have pursued it in a lackluster manner. The court notes that "Plaintiff presented no evidence that might support [its procedural unconscionability argument]."
How about the third parties? The non-Zynga defendants tried to latch on to Zynga's request to compel arbitration but they were not so lucky. They argued that the definition of "Zynga Parties" in the limitation of liability section of the terms was broad, and thus they should be able to invoke the arbitration clause. However, the arbitration clause did not mention "Zynga parties," and the court concludes that the two sections have to be read separately. They also argued that as "agents" they should be entitled to enforce the arbitration clause, but the court sides with the plaintiff on this issue, noting that although initially plaintiff labeled these defendants as "agents" after conducting some discovery, she called them independent contractors. Finally, these defendants argued that they were third party beneficiaries. Citing to Balsam v. Tucows, the court rejects this argument as well.
The End Result: After concluding that Zynga is entitled to invoke the arbitration clause and the other defendants are not, the court nevertheless stays the lawsuit as to the non-Zynga defendants and orders the claims with respect to Zynga to be arbitrated. In response to the ruling, Swift decided to dismiss her claims with Zynga with prejudice so she could proceed against the non-Zynga defendants in court. This means Zynga is off the hook.
___
To come back to the initial question, as a result of Concepcion, a lot of online disputes--particularly class actions--are going to end up in arbitration instead of the courts. Even if a dispute has been pending for awhile, a defendant who has the option available is going to push for arbitration. This makes me wonder whether online terms typically contain arbitration clauses which bar class claims or whether companies and their lawyers shied away from those terms in response to decisions which struck down arbitration clauses which barred class claims? Including a class action bar runs the risk of the entire agreement being invalidated, so you certainly can't fault a company for not including this provision in online terms. Going forward, I wonder if online terms will become even more one-sided--since companies have greater assurances that arbitration clauses will be enforced, will this cause them to load up agreements with more onerous terms?
The argument over whether there was a meeting of the minds as to the online terms was interesting, but Zynga's placement of the terms (in a location where plaintiff could not credibly claim she did not read them before she clicked "allow access") made the "I didn't read the terms of use" argument difficult to make. Nevertheless, I still like the idea of having a box that users check that says "by checking this box, I am saying that I have read and agree to the terms." There's a minor distinction between a user clicking "allow access" or installing the application and actually having to check a box saying he or she read and agreed to the terms. I like the insurance that the latter approach provides, but as this decision indicates, it's not essential. Also, from the decision, it seemed that Swift did not access the app from her mobile device, but if she did, I wondered how this would affect the court's analysis of whether she had imputed knowledge of and agreement to the terms.
Second, there is virtually no discussion in the order of how Zynga amended its terms to substitute the "Universal Terms" for the "YoVille Terms" which Swift initially agreed to. The court summarily notes that the initial terms contained provisions to the effect that Zynga "had the right to change the terms at any time" and "use after notice of [a] change in terms constitutes acceptance of the changes." The court surprisingly does not delve into the issue of what notice Zynga attempted to provide Swift (if any) or any of the other circumstances behind the revisions of the terms (or the substitution of the Universal Terms for the YoVille Terms). As mentioned in this post about Roling v. E-Trade Securities, it's pretty risky to include a provision in the agreement that says "we can amend this agreement any time and the revised version is effective after posting." In this day and age, particularly where there may be some ability to message the end user or post messages that the end user will have a tough time arguing they did not read or see, there is no reason to play with fire with respect to this issue. I don't know why companies continue to do it. (The agreement did say that it's effective after "posting" which is better than nothing.)
Given the Court's decision in Concepcion that laws which disfavor arbitration conflict with the Federal Arbitration Act, I wonder if the focus of disputes around the arbitrability of online terms will shift from substantive to procedural? Swift did not appear to make much of an argument as to procedural unconscionability, so it's unclear how much traction this type of argument will get in other cases. Cases poking holes in forum selection and arbitration clauses have focused on both. (See, e.g., Bragg v. Linden Research, Inc., 487 F. Supp. 2d 593 (E.D. Pa. 2007).) Concepcion just speaks to arbitration clauses so there's still some room for consumer plaintiffs to argue unconscionability if they are presented with an extreme set of terms (e.g., terms that are on-sided as to forum, costs, disclaimers). It will be interesting to see how courts resolve these arguments and whether consumer plaintiffs are able to use these as an end run around Concepcion. I think this is an important unresolved question at this point, and would caution against loading up online terms with overly one-sided provisions in response to Concepcion.
Zynga has to be happy about this ruling. As a result of invoking the arbitration clause, it got the plaintiff to dismiss her claims with prejudice against Zynga.
Previous related posts:
* Second Life Forum Selection Clause Upheld--Evans v. Linden
* Another Ruling Challenging "Check the Website for Amendments" Contract Provisions--Roling v. E*Trade
* Stop Saying "We Can Amend This Agreement Whenever We Want"!--Harris v. Blockbuster
* Clickthrough Agreement With Acknowledgement Checkbox Enforced--Scherillo v. Dun & Bradstreet
* Ninth Circuit Strikes Down Contract Amendment Without Notice--Douglas v. Talk America
_____________
Eric's Comments
As this case illustrates, the Supreme Court's Concepcion decision could be a potential game-changer for online user agreements. Even so, I believe that today's best practices are:
1) A mandatory non-leaky clickthrough formation procedure.
2) Mandatory venue in vendor's home court with an arbitration option. See the discussion in Evans v. Linden.
3) No use of arbitration as a waiver of class action rights. Concepcion suggests that more aggressive arbitration clauses, including those that preclude consolidated arbitration, might work. This would be terrific news for vendors if true, but I'll believe it when I see more rulings than this one, especially given that this court basically punted on unconscionability. There are strong public policy norms working against an arbitration clause or other contract provision that prevents class formation.
4) Contract amendments take effect only when users are actually given notice of the amendment. See the Ninth Circuit's Douglas case for the minimum steps required. An opt-in is legally stronger but has a number of procedural problems.
5) Irrespective of the contract language, users are in fact given actual notice of any amendments.
Zynga may have cut corners on some of these fronts but got a favorable bounce in court. Kudos to them and their lawyers. Still, based on the precedents, I wouldn't anticipate the next defendant with identical facts will be so fortunate. Because of the low odds of a repeat victory, I don't recommend any changes to the best practices based on this opinion.
This opinion deals with contract formation for Facebook apps, and its reasoning could extend to Facebook Connect as well (which has a different UI, I believe). (I vaguely recall a prior case on contract formation via Facebook Connect before but now I can't remember it--any help?) The opinion provides some reason for optimism about contract formation procedures by the many apps/websites who rely on Facebook's existing user registrations instead of creating direct user account registrations. In this case, notice that the dialog box apparently treated an "allow" as "yes" to four different issues--if the user wanted to proceed, if the user wanted Facebook to transfer its info to YoVille, if the user agreed to the applicability of Facebook's TOS, and if the user agreed to the YoVille user agreement. That's a lot of work from one dialog box acting as an interstitial to the user's destination. This court gives the participating app effectively a free pass, saying:
Zynga persuasively counters that the dialogue box in question is Facebook’s standard dialogue box presented to users wishing to access any number of Facebook applications, and Zynga followed the norm for Facebook applications and was not attempting to hide its terms of service.
(An aside: I've always been troubled by Facebook Connect because participating websites put Facebook in total control of their user relationships. Should Facebook's winds shift capriciously, Facebook could easily lock out the participating website's entire registered userbase. After-the-fact antitrust claims won't resuscitate the dead businesses. Websites, listen carefully: if you put all of your registered user eggs in the Facebook Connect basket, you may get a jumpstart on your registered users but don't expect my sympathy if all the eggs break.)
An unfortunate collateral consequence of this ruling and the resulting Zynga dismissal: with Zynga out of the case, we may not get any further clarification to fix the troubling Swift v. Zynga ruling on 47 USC 230. AdKnowledge (which the opinion repeatedly spell-check corrected into "Acknowledge"--whoops) is still a defendant in this case, so perhaps they will push 47 USC 230 further. Otherwise, we'll just cross our fingers that the prior 230 ruling is an aberration that most other judges will smartly ignore or distinguish.
Posted by Venkat at 09:07 AM | E-Commerce , Licensing/Contracts
August 08, 2011
Google Gets Default Injunction Against AdWord Gamers--Google v. Jackman
By Eric Goldman
Google v. Jackman, 2011 WL 3267907 (N.D. Cal. July 28, 2011)
This is a default ruling, so the facts are based on Google's allegations. The defendants ran AdWords campaigns for online pharmacies that sold anabolic steroids. This broke Google's rules in two ways: first, Google didn't permit the advertising of anabolic steroids; and second, the advertised pharmacies weren't certified by Google's mandatory certification program (VIPPS, "the National Association of Boards of Pharmacy’s Verified Internet Pharmacy Practice Sites"). The defendants further evaded Google's crackdown efforts by misspelling terms and opening up new bogus accounts. Google eventually cleaned out the defendants' ads through its manual "sweeps."
Without the defendants around to defend themselves, Google easily won its case. The court upheld the venue selection clause in Google's TOS and that the defendants' ads breached the TOS. As for remedies, Google dropped its claim for money damages, and the court grants the following injunction:
Defendants Gina Wyant, Gregory Gavin and Amanda Odell, and their agents, representatives, successors, assigns, and any persons in active concert or participation with them are immediately and permanently enjoined from advertising or attempting to advertise through Google’s AdWords advertising network, without regard to contact name, address, or email address and without regard to what URL or website is advertised.
From time to time, Google goes on the offensive against folks it thinks are trying to game it. You may recall Google v. Auction Experts International, 1-04-CV-030560 (Cal. Superior Ct. 2005) in which Google sued an alleged click fraudster and won a $75k default judgment; and United States v. Michael Anthony Bradley, CR 04 20108 (N.D. Cal. indicted June 23, 2004), a prosecution over alleged threats to help spammers defraud Google if the defendant didn't get $100k (that case ultimately fizzled out). Google's efforts to get tough against its spammers have typically struck me as publicity stunts. Default injunctions and dropped prosecutions don't do anything to scare the bad guys, but they intended to persuade third parties that Google will fight for its site's integrity.
In this case, no doubt Google wanted to show the DOJ that it really hates illegal pharma ads enough to "bust" the bad guys. This enforcement effort may have some value in working out a deal to reduce its half-billion dollar exposure. As a result, we won't really know if Google won this case until we see the terms of its DOJ deal.
Posted by Eric at 03:50 PM | Licensing/Contracts , Marketing , Search Engines | TrackBack
August 05, 2011
TheDirty Defeats Publicity Rights Claims--Gauck v. Karamian
By Eric Goldman
Gauck v. Karamian, 2011 WL 3273123 (W.D.Tenn. July 29, 2011)
TheDirty.com has an increasingly active litigation docket. This case comes from Lauren Lee Gauck Giovanetti, a TV news reporter for Fox 13 in Memphis, Tennessee. She sued over two user-submitted posts to TheDirty that claimed she "used illicit drugs, was sexually promiscuous, exchanged sexual favors in return for drugs and money, and assaulted an unknown person." The posts contained photos of her and several nude photos that also claimed to be of her, but she denied that claim. As usual, Nik Richie added his terse and snarky comments to the user posts. He also watermarked the photos and covered up portions of the nude photos.
Gauck sought an injunction based on her publicity rights. The court sidesteps the obvious 47 USC 230 defense, assuming without deciding that the publicity rights claim would fit into 230's IP exception.
Instead, the court rejects the injunction request on the merits of the publicity rights claim. This is based on the specific wording of Tennessee's publicity rights statute, which applies only to advertisements or solicitations. TheDirty made a commercially motivated editorial usage of Gauck's name and image. This type of usage gives courts fits, especially when the editorial publication isn't a traditional journalistic enterprise like a print newspaper. (See more about that problem in trademark law). Even so, there was no way to interpret TheDirty's "editorial content" as an advertisement or solicitation. The court says:
Plaintiff has offered no evidence that Defendants marketed their site by emphasizing Plaintiff’s appearance on the site, used portions of the posts in teasers on other sites to draw more visitors, prominently displayed the posts regarding Plaintiff on the site, advertised Plaintiff’s appearance in connection with the sale of any of Defendants’ products, or charged higher premiums to advertisers for advertising space on the pages pertaining to Plaintiff.
The court rejects Gauck's generalized assertion that TheDirty's editorial content generates more ad money because it deals with celebrity gossip:
Plaintiff has suggested, at most, a currently unsubstantiated connection between the general use of celebrity personas on the site and an increase in traffic and/or advertising revenue.
I think that line of inquiry was irrelevant if we maintain the artificial distinction between editorial content and advertising. If the statute applies only to advertising, then it shouldn't matter if editorial content becomes more interesting because it addresses third party personalities. But the distinction truly is artificial--editorial content is its own form of marketing, i.e., more interesting editorial content naturally draws in more readers. The court didn't make a misstep here, but it could have been sharper or more succinct.
More coverage of TheDirty litigation:
* TheDirty Defeats Privacy Invasion Lawsuit--Dyer v. Dirty World
* thedirty.com's 47 USC 230 Defense Rejected on Motion to Dismiss--Jones v. Dirty World Entertainment
Posted by Eric at 11:32 AM | Derivative Liability , Publicity/Privacy Rights | TrackBack
South Dakota S.Ct Recognizes the Obvious: a Happy Birthday Message on Facebook Doesn't Mean Much -- Onnen v. Sioux Falls Independent School Dist.
[Post by Venkat Balasubramani]
Onnen v. Sioux Falls Independent School Dist., 2011 S.D. 45 (South Dakota; Aug. 3, 2011)
If any modern day communication is more inconsequential than a "happy birthday" post on Facebook, I'm not sure what is. We've all seen, at one time or another, Facebook's reminder that it's our acquaintance or friend's birthday and have taken the two seconds out of our busy web-surfing schedule to wish the person happy birthday. Both the sender and recipient know full well that this is about the most impersonal birthday gesture possible in modern day society. Still, that was one of the issues in this appeal to the South Dakota State Supreme Court.
Onnen worked at Southeast Technical Institute, a part of Sioux Falls School District. The School District found some irregularities in Onnen's conferral of degrees on students who had not adequately completed course requirements. STI conducted an investigation and recommended termination. The Sioux Falls School District Board agreed with this recommendation. Onnen disagreed, arguing that he was wrongfully terminated. He appealed to the Circuit Court who also rejected his contentions. After trial, Onnen argued that the Circuit Judge should have recused himself because:
[The Circuit Judge] received from a major witness . . . for the Defendant . . . a message on [the judge's] Facebook page wishing [the judge] happy birthday in Czech.
The judge received the message during the trial but before the witness testified. The big question: was the message was an improper "ex parte communication"?
The South Dakota State Supreme Court concluded that the message was not an "ex parte communication" because it did not "concern a pending or impending proceeding." In any event, the communication was not "invited" by the judge, and the judge did not acknowledge or respond to it:
Judge Srstka noted that the post was only one of many and that he did not personally know [the witness]. Furthermore, Judge Srstka did not connect the post [to the witness] even after he testified. Judge Srstka also stated that [the message] did not affect [his] decision-making, as [he] did not know it occurred.
The court says in different words what I said at the beginning of the post: a Facebook birthday greeting is a fairly meaningless communication. The judge in question did not even know the witness; nor did it register with the judge that the witness had sent him a happy birthday greeting on Facebook.
Kudos to Judge Srskta for having a Facebook page and to the South Dakota State Supreme Court for not taking it too seriously.
Related Post:
Is the Florida Bar Taking Facebook Friendship Too Seriously?
Posted by Venkat at 09:07 AM | General
August 04, 2011
Idea Submission Case Revived Against MySpace--Riggs v. MySpace
By Eric Goldman
Riggs v. MySpace, Inc., 2011 WL 3020543 (9th Cir. July 25, 2011)
Riggs created a popular MySpace page, only to have MySpace delete it twice. Not pleased by that turn of events, for years Riggs has been doggedly pursuing a lawsuit against MySpace pro se. Two years ago, the district court unceremoniously bounced her lawsuit relying, in part, on a novel reading of 47 USC 230(c)(1). The Ninth Circuit upheld the 230 ruling on appeal:
The district court properly dismissed Riggs’s negligence and gross negligence claims, arising from MySpace’s decisions to delete Riggs’s user profiles on its social networking website yet not delete other profiles Riggs alleged were created by celebrity imposters, because these claims were precluded by section 230(c)(1) of the Communications Decency Act. See Fair Hous. Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157, 1170-71 (9th Cir. 2008) (en banc) (“[A]ny activity that can be boiled down to deciding whether to exclude material that third parties seek to post online is perforce immune under section 230.”).
Another Roommates.com citation for the defense. But, as I explain in my prior blog post, I think this should have been a 230(c)(2) dismissal, not a 230(c)(1) dismissal.
The court also rejected her claim for “promissory fraud breach of contract claim” (whatever that means) for lack of cognizable damages.
However, in an unexpected turn, the court revived her idea submission claim (an implied-in-fact contract breach) "because Riggs alleged in her First Amended Complaint at paragraph 120 that she told the News Corporation’s executive’s assistant that she wanted to “sell” her ideas before she disclosed them." That's a pretty weak allegation made to a person who may lack proper authority to promise anything, so the court seemed mighty generous to Riggs in reviving the case. Nevertheless, this is consistent with California's amorphous idea submission doctrines. They can be a nice end-run to survive motions to dismiss because, by definition, the parties are likely to dispute the facts in an implied-in-fact contract. Sadly, the Ninth Circuit recently expanded the idea submission doctrines in the Larry Montz case (mentioned here), so expect more weak idea submission claims to get further in litigation than they should.
Although the idea submission claim wasn't really a workaround to 47 USC 230, I think this case bears some parallels to Barnes v. Yahoo. In both cases, 47 USC 230 emphatically closed some doors to plaintiffs, but squishy state law doctrines opened other doors for the plaintiffs. It's a good reminder why 47 USC 230 works so well. Because it has so few exceptions, it ends cases cold. Fluffy doctrines like promissory estoppel and implied-in-fact contracts make it hard for judges to cleanly end cases early.
Eriq Gardner's story on the case.
Posted by Eric at 05:18 PM | Derivative Liability , Licensing/Contracts , Trade Secrets | TrackBack
Sixth Circuit: Email and Phone Advocacy Campaign Can Violate the Computer Fraud & Abuse Act -- Pulte Homes v. LIUNA
[Post by Venkat Balasubramani]
Pulte Homes, Inc. v. Laborers' Int'l Union, et al., 09-2245; 10-1673 (6th Cir. Aug 2, 2011)
I blogged about a case involving a labor dispute between Pulte Homes and Laborers' International Union of North America (LIUNA). After Pulte terminated a LIUNA member for alleged misconduct and poor performance, LIUNA became embroiled in a labor-relations dispute with Pulte. LIUNA allegedly exhorted its members and others to "bombard Pulte's sales offices and three of its executives with thousands of phone calls and e-mails." LIUNA allegedly hired an auto-dialing service and encouraged its members to call Pulte. It also used engaged in a web-based email campaign where it encouraged visitors to its website to "fight back" and send e-mails to "specific Pulte executives."
Pulte sued LIUNA, asserting claims under the Computer Fraud and Abuse Act and state law. The district court denied Pulte's request for an injunction and dismissed Pulte's claims. Here is my blog post covering the district court's ruling: "Web-based Email Bombardment Campaign Does Not Amount to a Violation of the Computer Fraud and Abuse Act." The Sixth Circuit reversed the district court's ruling, finding that a phone or email bombardment campaign can constitute a violation of the Computer Fraud and Abuse Act. Pulte asserted two claims under the CFAA, one for unauthorized access which causes damage and the other for transmission of information, code, or a program which caused damage.
Access claim: The CFAA creates a cause of action based on the unauthorized access, or access in excess of authorization, of a protected computer. While acknowledging grey area in the statute over when conduct crosses the line from authorized to unauthorized access, the court holds that there's no grey area in this case, because the phone and email systems were set up to receive calls and emails without restriction:
LIUNA used unprotected public communications systems, which defeats Pulte's allegation that LIUNA accessed its computers "without authorization." Pulte allows all members of the public to contact its offices and executives: it does not allege, for example, that LIUNA, or anyone else, needs a password or code to call or email its business. Rather, like an unprotected website, Pulte's phone and email systems 'were open to the public, so LIUNA was authorized to use them.'
So far, so good.
Transmission claim: The court's resolution of the transmission claim was a little more problematic. The court assumes that LIUNA's communications constitute transmissions and that Pulte's phone and email systems qualify as "protected computers." This leaves two questions: (1) whether the transmissions caused "damage" and (2) whether LIUNA intended to cause damage.
The court notes that the statute only defines damage as "impairment to the integrity or availability of data, a program, a system, or information." Because the statute did not further define "impairment," "integrity," or "availability," the court looked to the ordinary meaning of these words:
'Impairment' means a 'deterioration' or an 'injurious lessening or weakening.' The definition of 'integrity' includes an 'uncorrupted condition,' an 'original perfect state,' and 'soundness.' And 'availability' is the 'capability of being employed or made use of.'
Applying these ordinary meanings, the court concludes that a transmission that weakens a sound computer system--or, similarly, one that diminishes a plaintiff's ability to use data or a system--causes damage. The court further concludes that taking Pulte's allegations as true:
LIUNA's barrage of calls and e-mails allegedly did just that. At a minimum, according to the complaint's well-pled allegations, the transmission diminished Pulte's ability to use its systems and data because they prevented Pulte from receiving at least some calls and accessing or sending at least some emails.
With respect to the intent element, the district court found that LIUNA did not intent to damage Pulte's systems because LIUNA did not fully "grasp . . . the actual consequences of its email campaign." The Sixth Circuit says this is too strict a standard. As long as LIUNA intended to cause a denigration of Pulte's systems, this is sufficient. The court looked to several of the allegations and found this intent satisfied: (1) LIUNA instructed its members to send thousands of emails to specific Pulte executives; (2) the emails came from LIUNA's server; (3) LIUNA encouraged its members to "fight back" after Pulte terminated several employees; (4) LIUNA used an auto-dialing service; and (5) some of the messages included threats and obscenity.
[Interestingly, after concluding that Pulte satisfied the elements of a CFAA claim, the court concludes that the district court properly denied the injunction on the basis that Pulte failed to comply with certain provisions of a statute relating to labor disputes: the Norris-Laguardia Act.]
__
This case is Intel v. Hamidi revisited. That case involved a departed employee who engaged in an email bombardment campaign, and although the California Supreme Court rejected Intel's claims, it held that if a sufficient quantity of emails were sent which caused damage or disruption to Intel's system, this could state a claim for trespass. (I'm not sure what's up with email bombardment, but there have been several cases which address legal liability for this. Television pitchman Kevin Trudeau was hit with a contempt order after encouraging his supporters to send email to the judge hearing his case. The Seventh Circuit vacated this contempt order on procedural grounds. See "Seventh Circuit Vacates Contempt for E-Mail Barrage.")
Neither of the cases are perfectly analogous because in this case the plaintiff was proceeding under the Computer Fraud and Abuse Act. This is a statute that provides for civil and criminal liability, and is widely acknowledged as intended to deal with hacking.
The court cites to AOL v. National Health Care Disc., Inc., 121 F. Supp.2d 1255, 1274 (N.D. Iowa 2000) for the proposition that if "a large volume of [spam messages] cause slowdowns . . . [to AOL's servers] an impairment has occurred." However, this case relied in part on AOL's zany argument that by transmitting email to AOL members through AOL's servers, defendants were engaged in unauthorized access because spam violated AOL's member agreement. AOL argued also that the emailers extracted information in the form of email addresses, but the court denies AOL's motion for summary judgment finding that it's unclear whether the emailers were AOL members or third parties and whether the emails caused damage. The court in that case pointedly questioned whether the CFAA applied to the transmission of spam at all: "realistically, no federal statute currently exists which would prohibit a non-AOL member from sending UBE to any number of AOL members' e-mail addresses, without ever accessing AOL directly." Since the date of that ruling, a federal statute now exists (CAN-SPAM) but this statute would not cover LIUNA's actions in this case since none of the messages in question appear to be commercial email messages.
What's problematic about this case to me is that there were scant allegations that LIUNA engaged in any technical measures designed to slow down or cause "damage" to Pulte's website. The sole allegation was that LIUNA used an auto-dialer, but I wasn't swayed by the court's summary conclusion that the telephone lines were necessarily 'protected computers' or there had been a real 'slowdown' to the phone lines. Indeed, LIUNA's conduct--encouraging supporters to contact a third party to influence action--is something that others engage in with some regularity in the context of political and consumer advocacy. There's nothing in this case which distinguishes LIUNA's conduct from any other web-based action campaign. If you encourage people to flood someone's office with phone calls, you can be liable under the Computer Fraud and Abuse Act? Say what?
Given the fact that LIUNA lacked an obvious commercial purpose, and given the First Amendment interests involved, this decision is somewhat troubling.
Previous posts:
Posted by Venkat at 03:00 PM | Privacy/Security
August 03, 2011
Newspaper's Discussion About Trademark Owner Protected as Nominative Use--1 800 GET THIN v. Hiltzik
By Eric Goldman
1 800 GET THIN v. Hiltzik, 2:11-cv-00505-ODW -E (C.D. Cal. July 25, 2011)
I'm sure any trademark experts reading this post are scratching their heads at the blog post title. Newspapers discussing a trademarked product qualify for the nominative use defense. Well, duh. Why is that even a question that needs to be answered?
Well, because sometimes trademark owners bring asinine lawsuits. In particular, this case may be part of an emerging trend in the surgical procedure industry to misuse trademark law as a weapon against unwanted criticism. See, e.g., the Lifestyle Lift cases (1, 2).
This case involves the Lap Band surgical procedure. 1 800 GET THIN is a marketing agent for the procedure. The LA Times has repeatedly criticized the Lap Band. In one passage, it arguably implied that 1 800 GET THIN provided the procedure rather than just marketed it. Even against a pushover defendant, this is a weak point to gripe about. But against a well-regarded journalistic institution like the LA Times, there's simply no point in tangling in court.
Yet, 1 800 GET THIN still cranked up the machinery of justice. Predictably, the court expends few words in tossing the false designation of origin claim on nominative use grounds. The court also tosses the Lanham Act false advertising claim because the news article was editorial content, not advertising. Rebecca digs into the doctrinal details.
This outcome was so predictable that most trademark litigators probably would have advised 1 800 GET THIN that it had no chance of winning and it should not even try. In fact, the LA Times may very well extract some cash out of 1 800 GET THIN for bringing such a weak case. The case doesn't mention an anti-SLAPP motion, but this case seems tailor-made for anti-SLAPP protection. Otherwise, it's a strong candidate for a Lanham Act fee shift and perhaps Rule 11 sanctions.
Despite the "sun rising in the East" nature of this case's legal outcome, I still wanted to highlight it because it reminds us that trademark law's overexpansive sweep creates several problem. (I discuss these concerns in more detail in my paper, Online Word of Mouth and its Implications for Trademark Law). First, to the extent such a thing exists, this was an example of trademark bullying. The LA Times isn't an easy target for bullying, but smaller defendants will just capitulate in the face of 1 800 GET THIN's trademark threats.
Second, the LA Times didn't make a trademark "use" at all. We should have never reached the nominative use defense because there was no trademark use in the first place. The fact that courts aren't gatekeeping at that level lets weak trademark cases get further than they should. In this situation, relying on the nominative use defense works fine in the Ninth Circuit but is dicey in other circuits that don't cleanly recognize a nominative use defense.
Third, if the LA Times doesn't get 100% compensation from 1 800 GET THIN, then a travesty still occurred even though the LA Times prevailed in court.
A final thought. Having seen so many such lawsuits, I must admit that I become more suspicious of any trademark owner who resorts to completely meritless trademark litigation. It makes me wonder what they are trying to hide. In this case, the fact that the Lap Band and 1 800 GET THIN desperately grasped at legal straws makes me more skeptical of the legitimacy of their offerings.
Posted by Eric at 09:37 AM | Content Regulation , Marketing , Trademark | TrackBack
August 02, 2011
Ninth Circuit Reconsiders SEO-Destroying Injunction Against DMV.Org--TrafficSchool v. EDriver (Joint Blog Post)
By Rebecca Tushnet and Eric Goldman
TrafficSchool.com, Inc. v. Edriver Inc., 2011 WL 3198226 (9th Cir. July 28, 2011)
[Over the years, Rebecca and I have blogged dozens of the same cases. However, we've never done a joint blog post until today. Rebecca and I had both blogged on the district court ruling in this case, so it made sense that both of us were going to blog on the Ninth Circuit ruling. It made even more sense for us to do it together! Rebecca's post. Warning: both Rebecca and I write long blog posts, so our combined effort is a beefy 3,800+ words.]
______________
Rebecca's comments:
District court opinion discussed here. Judge Kozinski has long been a proponent of political-speech-level protection for commercial speech, and that position has its influence on this opinion, which is written in his usual highly readable style. You can also see here the growing lawsuit-limiting effect of standing doctrine, though here at least there was an actual factfinding before the judges decided whether the plaintiff had been harmed.
As Judge Kozinski explains, “Consumers visit DMV.org for help renewing driver's licenses, buying car insurance, viewing driving records, beating traffic tickets, registering vehicles, even finding DUI/DWI attorneys. The more eyeballs DMV.org attracts, the more money defendants earn from selling sponsored links and collecting fees for referring site visitors to vendors of traffic school courses, driver's ed lessons and other driver-related services. This seems like a legitimate and useful business, except that some visitors mistakenly believe the site is run by their state's department of motor vehicles (DMV).”
After trial, the district court found a violation of the Lanham Act but not of California’s UCL. Its injunction required every site visitor to go through a splash screen with a disclaimer. (The Electronic Commerce & Law Reporter blurb described it as a pop-up. It’s not.)
The district court found that plaintiffs “failed to prove ... that they have suffered an injury in fact and lost money or property as a result of Defendants' actions,” and that they “provided no evidence showing a causal connection between Defendants' actions and any harm Plaintiffs incurred.” Edriver argued that this finding proved that TrafficSchool also lacked Lanham Act standing. This was wrong because California’s UCL defines standing more narrowly (pecuniary injury and “immediate” causation) than the Lanham Act, which only requires a plaintiff to believe that it’s likely to be injured.
What about Article III standing? The UCL also defines injury in fact more narrowly than Article III does, so the loss doesn’t necessarily preclude Article III standing. The district court didn’t independently analyze Article III standing, but the court of appeals did, looking for injury in fact, causation, and redressability. The key here was injury in fact.
Article III injury exists in a false advertising case if some consumers who bought defendant’s product under a mistaken belief fostered by the defendant would otherwise have bought plaintiff’s product. This can be proven by actual market experience and probable market behavior. Probability is fine “because proving a counterfactual is never easy, and is especially difficult when the injury consists of lost sales that are predicated on the independent decisions of third parties; i.e., customers. A plaintiff who can't produce lost sales data may therefore establish an injury by creating a chain of inferences showing how defendant's false advertising could harm plaintiff's business.”
TrafficSchool produced ample evidence that it competes with DMV.org for referral revenue, sometimes with the same course providers. “Sales gained by one are thus likely to come at the other's expense. Evidence of direct competition is strong proof that plaintiffs have a stake in the outcome of the suit, so their injury isn't ‘conjectural’ or ‘hypothetical.’ Plaintiffs also presented testimonial and survey evidence that a ‘recommended by DMV’ endorsement is an important factor in consumers' choice of traffic schools and driver's ed classes. It stands to reason that defendants will capture a larger share of the referral market—to plaintiffs' detriment—if they mislead consumers into believing that DMV.org's referrals are recommended by their state's DMV. Plaintiffs have therefore established sufficient injury for Article III standing.”
Lanham Act standing requires (1) a commercial injury based upon a misrepresentation about a product; and (2) a competitive injury. (Footnote: a plaintiff can show both these things and still lack standing if the purpose of its false advertising suit is to enforce someone else’s statutory rights—plaintiffs here couldn’t sue on the California DMV’s trademark rights. But they sued to enforce their own right to be free of unfair competition.) Defendants argued that DMV.org was a publisher, while plaintiffs’ sites are self-promotional tools, but plaintiffs introduced evidence that they compete in the referral market.
Defendants argued that the only injury here was to the public. Though plaintiffs didn’t prove “identifiable” injury to themselves, the standard for “commercial injury” was different. Likely injury is all that’s required, not actual injury. “[W]hen plaintiff competes directly with defendant, a misrepresentation will give rise to a presumed commercial injury that is sufficient to establish standing.” Kozinski defended this presumption; advertising is about competing for consumer dollars, and misleading ads can upset competitive positions. “Moreover, the Lanham Act is at heart a consumer protection statute. Requiring proof that defendant's ads caused plaintiff to lose sales as a prerequisite to bringing suit would frustrate its ability to act as the fabled vicarious avenger of the consuming public.” The court didn’t need to decide whether the presumption was conclusive or rebuttable because defendants didn’t provide any evidence to rebut it.
The remaining question was whether the ads were misleading. They were.
When plaintiffs sued, Californians who googled (Judge Kozinski fears no neologism, especially when it is useful) “dmv” or “drivers ed” would see DMV.org’s sponsored listings for “ca.dmv.org” or “california.dmv.org.” respectively. “While there's nothing inherently misleading about sponsored search results, they can mislead if they are named so as to give a false impression as to the likely sponsorship of the website to which they refer.” The ca. and california. prefixes were obviously designed to suggest official affiliation. The website design also mimicked an actual DMV site, copying slogans and state symbols, and linking to DMV-related pages like applying for a license, registering a car and signing up for traffic school. The disclaimer was easy to miss because it was displayed in small font at the bottom of each page, where many consumers would never scroll.
There was also plenty of evidence of actual confusion, including two declarations from confused individuals and hundreds of emails from obviously confused consumers. “Some of these emails contained sensitive personal information that the typical consumer wouldn't share with a commercial website”:
My boyfriend George [redacted] ... got a ticket in South Carolina in 2006.... Mr. [redacted] driver's license number is [redacted]. His date of birth is [redacted]. I have his social security number if needed, but I don't want to put all of his personal information on this e-mail if possible.... I was told by Central Court for Lexington County in South Carolina that if we contacted the Arkansas DMV that y'all would be able to tell us what court this is in and where to pay the ticket.
Law enforcement officials and state DMV employees were also confused, seeking help with, among other things, DUI cases (again a situation where the subject undoubtedly wouldn’t like that information out in the open). Two California cities, a private law firm in Texas and a number of newspapers mistakenly linked their websites to DMV.org instead of a state DMV website.
Plaintiffs didn’t stop there, but also provided an internet survey showing that “a majority of California residents searching online for traffic schools believed that (1) DMV.org's website was actually the California DMV's and (2) a search engine listing for DMV.org was endorsed or sponsored by the California DMV.” There were significant flaws, including failure to use a control, but the district court found it more credible than defendants’ survey and gave it “some” weight, which was not reversible error.
Overall, there were “volumes” of evidence of competition and misleadingness. This established that the DMV.org site deceived a substantial segment of the audience, and plaintiffs also showed that a “recommended by DMV” endorsement will affect purchase decisions, causing likely injury to plaintiffs.
Remedy: the district court ordered DMV.org to present every site visitor with a splash screen stating, “YOU ARE ABOUT TO ENTER A PRIVATELY OWNED WEBSITE THAT IS NOT OWNED OR OPERATED BY ANY STATE GOVERNMENT AGENCY.” Visitors have to click to continue. Defendants argued that this was overbroad and restrained conduct not at issue in the complaint, and violated the First Amendment.
The district court reasoned that the splash screen was necessary to: (1) “remedy any confusion that consumers have already developed before visiting DMV.ORG for the first time,” (2) “remedy the public interest concerns associated with [confused visitors'] transfer of sensitive information to Defendants,” and (3) “prevent confusion among DMV.ORG's consumers.” Defendants argued that the splash screen doesn’t do these things (I’ll have a bit to say about this shortly). Their only evidence was a declaration from DMV.org’s CEO stating that they tested several alternative disclaimers and “found them to be more effective than the splash screen in preventing consumers from emailing DMV.org with sensitive personal information.” Even crediting this self-serving declaration, defendants didn’t prove that the splash screen was ineffective, and said nothing about whether the alternative disclaimers served the other interests identified by the district court. Citing Home Box Office, Inc. v. Showtime/The Movie Channel Inc., 832 F.2d 1311 (2d Cir.1987), the court of appeals ruled that defendants hadn’t carried their “heavy burden” of showing that alternative disclaimers reduced likely confusion. The district court didn’t abuse its discretion when it concluded that the splash screen was the best way to correct the false advertising.
“Courts routinely grant permanent injunctions prohibiting deceptive advertising. Because false or misleading commercial statements aren't constitutionally protected, such injunctions rarely raise First Amendment concerns.” However, the permanent injunction here did because it erected a barrier to all content on the website, not merely that which is deceptive. “Some of the website's content is informational and thus fully protected, such as guides to applying for a driver's license, buying insurance and beating traffic tickets. The informational content is commingled with truthful commercial speech, which is entitled to significant First Amendment protection. The district court was required to tailor the injunction so as to burden no more protected speech than necessary.”
The injunction was a permanent and unnecessary burden to accessing DMV.org’s First Amendment-protected content. “The splash screen forces potential visitors to take an additional navigational step, deterring some consumers from entering the website altogether,” and defendants submitted evidence that splash screens typically drive away up to a quarter of potential visitors, prevent them from tailoring the landing page, and interfere with search engine indexing and ranking.
The district court premised the injunction on its findings that defendants’ search engine marketing and natural listings, including the DMV.org domain name, caused confusion prior to viewing any content, and then identified specific misleading statements. “The splash screen is justified to remedy the harm caused by such practices so long as they continue,” and so long as it helps remedy lingering confusion, but not forever. On remand, the district court had to reconsider the duration of the splash screen “in light of any intervening changes in the website's content and marketing practices, as well as the dissipation of the deception resulting from past practices.” If the district court continued the requirement, it needed to explain the continuing justification (comment: which would be the deceptive domain name) and what conditions defendants must satisfy in order to remove the splash screen in the future. The district court could also simply ban deceptive marketing or placing misleading statements on DMV.org.
My comment: I really don’t get this. It’s the domain name that’s at the core of the deception, something the district court pointed out—if the splash screen is justified “so long as [the deceptive practices]” continue, they will continue until there is a new domain name. Maybe if defendants only advertise the new domain name and simply redirect anyone who goes to dmv.org to the new domain, they should be allowed to remove the splash screen eventually. But for now, I don’t see why this isn’t a dilemma of defendants’ own deceptive making.
There is a potential bright spot, I suppose: the current splash screen is pretty bad (I would infer deliberately so). Take a look: Defendants have removed “Unofficial Guide to the DMV” from their license plate logo. The disclaimer runs at the very top, a couple of pixels away from the top of the browser window, in grey rather than black text (a nearly transparent tactic, pun intended!), not near the action invitation to click to continue, and not near the dmv.org logo, both of which are far more prominent to the eye. This placement clearly flunks the FTC’s guidelines for online disclosures, and defendants who already managed to mis-implement disclosures (of which more below) should not get the benefit of the doubt in this area. On remand, I sincerely hope that the revised remedy, whether splash page or not, forces the disclaimer into a prominent position.
The district court denied plaintiffs’ request for an award of profits because they provided no evidence of causation, nor did they quantify the harm they suffered. “Nothing in the Lanham Act conditions an award of profits on plaintiff's proof of harm, and we've held that profits may be awarded in the absence of such proof,” though it’s an uncommon remedy without proof of harm. Profits are appropriate in false comparative advertising cases, “where it's reasonable to presume that every dollar defendant makes has come directly out of plaintiff's pocket.” Likewise “where ordinary damages won't deter unlawful conduct: for example, when defendant associates its product with plaintiff's noncompetitive product to appropriate good will or brand value.”
But neither line of cases were relevant here. Profits may be awarded only as compensation and not as a penalty, but without comparative advertising plaintiff’s injury may be a small fraction of defendants’ profits. There was no error in denying damages.
The potential attorneys’ fee award did require some rethinking, though. The district court denied fees because, while plaintiffs received an injunction, they didn’t get damages, and they had unclean hands. This was reviewed for abuse of discretion.
An exceptional Lanham Act case justifying fees usually involves conduct that was “fraudulent, deliberate, or willful.” “By examining only the relief awarded to plaintiffs, and failing to consider defendants' conduct, the district court applied the wrong legal standard.” The district court may take failure to recover damages into account, but it should also consider that plaintiffs obtained a judgment and an injunction to ameliorate serious public harm caused by defendants’ unlawful conduct. “It would be inequitable to force plaintiffs to bear the entire cost of enjoining defendants' willful deception when the injunction confers substantial benefits on the public.” Plaintiffs stopped the confusion (maybe) and stopped consumers from mistakenly transferring sensitive personal information to a commercial website. “The district court abused its discretion by failing to consider these substantial benefits or defendants' bad acts in determining whether to award attorney's fees.”
Defendants challenged the finding that their deception was willful. But there was plenty of evidence to support that, including evidence that one defendant had a pattern of registering misleading domain names. “Defendants associated their website with URLs and search terms that falsely implied DMV.org was a government site. They had in their possession hundreds of emails sent by consumers who contacted DMV.org thinking it was a state agency. And DMV.org's director of customer service testified that he voiced concerns about these emails to senior management.”
Defendants responded that they added disclaimers, but they knew the disclaimers were ineffective, because that didn’t change the stream of emails from confused consumers. Given this knowing inaction, the district court could reasonably infer willfulness.
Moreover, the district court’s finding of unclean hands was clearly erroneous. This rested on two findings: (1) plaintiffs registered similar domain names, such as Online-DMV.org, Internet-DMV.org and cadmvtrafficschool.com; and (2) they attempted to advertise their products on DMV.org despite being aware that the site deceived the public. Neither was clear and convincing evidence of inequitable misconduct related to the subject matter of the false advertising claims. (In a footnote, Judge Kozinski commented that it wasn’t clear that the fee award was subject to equitable doctrines such as unclean hands, since the relevant statutory provision doesn’t use the term “equity.”)
Merely registering a domain name wasn’t proof of unclean hands, since registration couldn’t cause confusion unless the domain name was associated with a website visible to consumers, and plaintiffs’ ads on DMV.org ran for just six hours. There was no evidence of actual deception caused by plaintiffs' advertising. There was an email from plaintiffs’ co-founder recommending taking an “[i]f you can't join ‘em, shut ‘em down approach” to DMV.org. “But the doctrine is unclean hands, not impure thoughts. … And the email here actually undermines the rationale for finding unclean hands. Plaintiffs acquired information showing that defendants confused the public; using litigation to shut down a competitor who uses unfair trade practices is precisely what the Lanham Act seeks to encourage.” (I’m not sure that’s undermining, precisely.)
Remand for further proceedings.
______________
Eric's comments:
This lawsuit is just the latest courtroom fracas involving privately operated websites that seem designed to create the appearance of official government sponsorship. Other sites in this genre include ConsumerAffairs.com and FreeCreditReport.com. As I indicated in my prior blog post on this case, the operators of DMV.org were probably too zealous about trumping up their officialness, thus destroying a promising domain name when a lighter touch would have left some short-term profits on the table but generated more profits over the long-run.
Rebecca highlights how this opinion has some important things to say about false advertising standing, consumer confusion in false advertising and attorneys' fees in Lanham Act cases. I'm going to focus on more of the technical issues:
First, DMV.org bought keyword ads that displayed the URL "ca.dmv.org" and "california.dmv.org." The opinion says "Defendants' use of the "ca." and "california." prefixes obviously was designed to suggest an affiliation with the State of California." As far as I can recall, this is the first time a court has explicitly treated the URL displayed in keyword ad copy as contributing to consumer confusion. I know some SEMs like to play games with the domain line in keyword ad copy. Even if Google won't police the URL line, courts will.
Second, the opinion shreds DMV.org's argument that consumers didn't think it was affiliated with a government agency; it concludes that DMV.org "willfully" and "egregiously" deceived consumers because
Defendants associated their website with URLs and search terms that falsely implied DMV.org was a government site. They had in their possession hundreds of emails sent by consumers who contacted DMV.org thinking it was a state agency. And DMV.org's director of customer service testified that he voiced concerns about these emails to senior management.
This deceptive conduct wasn't curable with a website disclaimer: "defendants knew that the disclaimers were ineffective, because adding them didn't end the stream of emails sent by consumers who thought they'd contacted their state DMV." Marketing people love to "fix" any legal problems with disclaimers, but they often simultaneously resist making the disclaimers prominent enough to actually fix the problem, leaving the website no better off.
As usual, Judge Kozinski adopts a realpolitik perspective that we all know what's going on here, and he isn't going to countenance it. This discussion doesn't directly link to or cite the scienter battles in online copyright and trademark cases, but it could be a little uncomfortable for defendants like Fung who rely on form-over-substance arguments.
Third, the district court ordered DMV.org to display a splash screen to incoming visitors containing a disclaimer of government affiliation. I believe the remedy of a mandatory splash screen was also unprecedented. Among other problems with the splash screen, it can hurt or destroy search engine indexing, effectively rendering the domain name worthless. Therefore, even though the district court didn't award any damages (a ruling affirmed on appeal), the mandatory splash screen was potentially far more detrimental.
On appeal, the court partially reverses the mandatory splash screen, noting that it applied equally to deceptive and non-deceptive content that DMV.org is publishing. The court also notes the disadvantages of interfering with search engine indexing:
[The injunction] also precludes defendants from tailoring DMV.org's landing page to make it welcoming to visitors, and interferes with the operation of search engines, making it more difficult for consumers to find the website and its protected content.
In a footnote, the court explains:
Defendants introduced unrebutted evidence that splash screens commonly interfere with the automated "spiders" that search engines deploy to "crawl" the Internet and compile the indexes of web pages they use to determine every page's search ranking. And splash screens themselves don't have high search rankings: Search engines commonly base these rankings on the web page's content and the number of other pages linking to it, and splash screens lack both content and links.
This is a pretty savvy explanation of why a splash screen destroys SEO, and it's heartening to see the court recognize the First Amendment value of SEO (at least, nondeceptive SEO).
The court gives DMV.org some very good news by giving it a chance to work its way out of the splash screen:
On remand, the district court shall reconsider the duration of the splash screen in light of any intervening changes in the website's content and marketing practices, as well as the dissipation of the deception resulting from past practices. If the district court continues to require the splash screen, it shall explain the continuing justification for burdening the website's protected content and what conditions defendants must satisfy in order to remove the splash screen in the future. In the alternative, or in addition, the court may permanently enjoin defendants from engaging in deceptive marketing or placing misleading statements on DMV.org.
On the other hand, as Rebecca points out, the DMV.org domain name is, itself, designed to prey on consumer interest in official DMV services. Perhaps there will be no way for DMV.org to fix this, no matter what disclaimers it uses.
One final note: this opinion was authored by Judge Kozinski, the third domain name opinion he has written in the last 13 months. (The other two are the Tabari and eVisa cases). I went back and counted a total of 9 Ninth Circuit domain name cases in that time--the others being Advertise.com, Christensen (a 2 paragraph opinion), DSPT, Balsam, Office Depot (a non-substantive affirmance) and Vericheck. Kozinski was not on the other panels, so he wrote the opinion in each of the 3 domain name cases he heard. Is all of this just random luck?
UPDATE: Something about this opinion is spurring blog posts focusing on its arcania. Tom O'Toole notes this is the second opinion using the term "googler." Shaun Martin focuses on Kozinski's self-citations.
Posted by Eric at 09:42 AM | Domain Names , Marketing , Search Engines | TrackBack
August 01, 2011
Logging Into Someone Else's Facebook Account and Posting Messages on Their Friends' Walls Could Be Identity Theft -- In re Rolando S.
[Post by Venkat Balasubramani, with comments from Eric]
In re Rolando S., 2011 WL 3212879 (Ca. Ct. App.; July 21, 2011)
Background: Rolando was a juvenile who received an unsolicited text message with the victim's email password. According to the court, he used the password to gain access to the victim's Facebook account and posted several sexually inappropriate messages from the victim's account. The Facebook posts included posts on the walls of the victim's friends and the following change to the victim's profile:
Hey, Face Bookers, [sic] I'm [S.], a junior in high school . . . I want to be a pediatrician but I'm not sure where I want to go to college. I have high standards for myself and plan to meet them all. I love to suck dick.
The victim testified that she suffered stigma as a result of these and other posts. She said:
I used to love going to school. Now, I dread dealing with this every day.
The juvenile was prosecuted under a California statute (section 530.55) which applies to anyone who:
wilfully obtains personal identifying information [of the victim and] uses that information for any unlawful purpose, including to obtain, or attempt to obtain, credit, goods, services, real property, or medication information.
Discussion
Did the defendant willfully obtain the victim's "personal identifying information"? The court holds that despite his argument that he "passively receiv[ed] the text message" which contained the victim's password information, he "willfully" obtained it because he remembered it or otherwise recorded it so he could use it later. Moreover, the court concludes that defendant willfully obtained the victim's Facebook account password. The record was devoid of evidence as to how exactly the defenant accessed the victim's Facebook account, and in the absence of any such evidence, the court says it's "reasonable to infer" that the defendant reset the victim's Facebook password using her email password, and then gained access to the victim's Facebook account.
Did the defendant use the victim's information for an unlawful purpose? In addition to obtaining the information willfully, the perpetrator has to use the information for an "unlawful purpose." The first possibility was that the defendant violated section 647.6, which applies when someone "annoys or molests any child under 18." However, under California Supreme Court precedent, this statute requires a motivation by "an unnatural or abnormal sexual interest in the victim." [emphasis added] The court concluded that the facts did not fit into this statute because the defendant had no real contact with the victim other than the Facebook posts and he also testified that he "intended his comments to be taken as a joke."
The second possibility was that the defendant used the victim's personal information to commit a tortious act. The defendant argued that "unlawful purpose" as used in the statute should be restricted to criminal conduct, but the court disagreed, noting legislative intent to expand the scope of the statute in amending it. The court also pointed to the fact that the definitions section of the statute included the term "crime," and the legislature chose instead to use "any unlawful purpose." The defendant practically conceded that his conduct satisfied the requirements of a civil defamation claim. The court therefore finds that defendant's act constituted libel and constituted an "unlawful purpose" under the statute. Alternatively, the court held that defendant's conduct satisfied the statute because it also constituted a criminal offense. Defendant's actions violated section 653m, which makes any contact with another person using "obscene language . . . by means of an electronic communication device . . . with [the] intent to annoy."
___
It's tough to muster much sympathy for the defendant, who was previously in trouble for reckless driving when he drove his car "at three girls in the school parking lot, but stopped abruptly several feet away from them in an attempt to scare them."
The definition of "personal identifying information" in the statute is broad. (We ran into an analogous problem in the Pineda case). It looks like the court focused on the Facebook password as being the PII in question that supported the violation of the statute, but the opinion is not totally clear on this. A broad definition of personal identifying information coupled with the court's decision to allow tortious conduct to satisfy the "unlawful purpose" could lead to a statute that is expansive in scope and which should raise everyone's First Amendment hackles. Given that the defendant used the email password to access Facebook, this does not feel to me like a case that pushed the statute to the limit.
Interestingly, the defendant argued that his conduct would violate California's newly enacted e-personation statute (section 528.5) which was effective January 1, 2011, and the fact that this statute was passed demonstrates that the legislature did not view his conduct to violate the previously existing statute. The court disagrees with this argument, noting that the newly enacted e-personation statute has different elements from section 530.5:
Section 528.5 does not include a requirement that a perpetrator obtain personal identifying information. As a result, a person could violate section 528.5 by merely posting comments on a blog impersonating another person. There is no requirement, under these circumstances, that the person obtain a password -- a key distinction.
Yikes. This is precisely what is wrong with California's e-personation statute.
_______
Eric's comments
This case plays out as a Greek-style tragedy in three parts.
Part #1: Someone sent the victim's email password to the defendant. The court is vague about who did this or how that person got the victim's password.
This prompts one of my modern rules for clean living: never tell anyone else your passwords. EVER. (Another rule for clean living is to constantly change your passwords, but this is harder to obey). I am such a stickler about my passwords that I don't tell them to ANYONE. Certainly not to campus IT when they want to muck with my computer, but I don't even tell my passwords to my wife. (FWIW, my wife has told me many of her passwords, but I would never use them without her express instructions). I know there's a debate about the spouse-and-passwords dilemma. It's not that I don't trust my wife. I do, completely. But my rule is clean and simple. If someone other than me types in my password, then they ripped it off. (We'll revisit the problem of accessing a logged-in computer in a bit).
In this case, we don't know why the password-obtainer had the victim's password. Perhaps it was hacked. More likely, the victim made an error in judgment. Either way, the defendant apparently used the email password to help reset the Facebook password and access the Facebook account.
Part #2: The defendant misused the victim's password. It goes without saying that the defendant had no business logging into the victim's email or Facebook account. Doing so was inappropriate even if the defendant merely just looks around, given the amount of private information stored in email and Facebook accounts. It was even worse to publish content under that person's name, and worse still to post fake come-ons for sex.
Having said this, once a juvenile finds out he/she can access to a peer's Facebook account, it seems like it would be almost irresistible not to muck around with it. I don't want to dismiss this entirely as "kids will be kids," but I'm sure a non-trivial percentage of kids would take advantage of a peer's password if the circumstance presented itself. Perhaps it's like the joyriding of days of old. If people left keys in their cars, some kids will take the cars for a spin. We can enact draconian laws to discourage joyriding, but if keys are left in cars, joyrides are inevitable. Here, the defendant basically took the victim's Facebook account for a joyride. It was unquestionably wrong behavior, but given its inevitability, it probably shouldn't be felonious.
The defendant's behavior here is analogous to the fake online profiles that teens set up for school officials. I blogged in more detail about that phenomenon last year. In connection with the DC v. RR case, I also blogged on the problems of kids saying hyperbolicly outrageous things online that aren't amenable to punishment under traditional defamation or bullying laws. All of these examples remind us that kids are going to push limits with electronic tools just like they do offline. We need to find safer ways to let kids be kids online without ruining their lives.
Part #3: The court stretched the identity theft statute too far. As Venkat recaps, the court confronted several statutory ambiguities without any good common law precedent. The court also didn't acknowledge or consider any constitutional concerns with its ruling. Instead, the court reaches the counterintuitive and potentially troubling result that publishing fake content through someone else's account steals their identity. Obviously that takes us a pretty far distance from a paradigmatic case of pretending to be someone for commercial benefit (i.e., what I typically think of as "theft").
As Venkat indicates, the ruling reinforces why we should be nervous about California's recent "e-personation" law, which is even more broadly written and applies even when there's no password misuse. It also shows why expansive identity theft laws should be feared, not encouraged. For more on that point, see my post about Illinois' identity theft law.
This ruling leaves open two obvious questions:
1) will it always be identity theft to use a third party password to publish fake content via someone else's account?
2) will it be identity theft to access a third party or shared computer and publish fake content via someone else's account? In that case, the password isn't obtained at all. Given how many people always leave their computers logged-in to various services, I imagine this happens with some frequency.
Posted by Venkat at 03:06 PM | Privacy/Security