October 31, 2011
District Court Denies Motion to Dismiss on Reverse Domain Name Hijacking Claim -- Airfx.com v. AirFX LLC
[Post by Venkat Balasubramani, with comments from Eric]
Lurie is an indoor skydiving enthusiast and inventor. He invested in "SkyVenture" brand wind tunnels. In 2006, he looked for an alternate brand and ultimately adopted the trade name "AIRFX." He hadn't publicly launched his business, but he undertook preparations to launch (e.g., lined up a customer and partners). He tried to register Airfx.com but it was already registered. Lurie purchased it from the then-current registrant on February 2, 2007.
AirFX LLC is an Indiana-based business that uses the AIRFX trademark for motorcycle and vehicle parts. In 2010, it contacted Lurie and tried to wrestle the domain name from him. He declined. In April 2011, AirFX LLC brought a UDRP action. The panel ruled that the domain name should be transferred to AirFX LLC.
Lurie brought a lawsuit for reverse domain name hijacking in federal court. AirFX LLC moved to dismiss or to have the case transferred to Indiana.
Reverse hijacking: The court declines to dismiss Lurie's reverse hijacking claim. As the court notes, a reverse hijacking claim was provided in the statute to address the situation where a trademark owner "overreaches" when exercising the trademark owner's ACPA rights. In order to succeed on a reverse hijacking claim, a plaintiff (registrant) must show that (1) the plaintiff's name was "suspended, disabled, or transferred" under a registrar's policy, (2) the trademark owner has notice of the action, and (3) plaintiff's use or registration of the domain name is not unawful. The court says that plaintiff need only show that the use or registration is not unlawful under the ACPA (and not under the Lanham Act).
AirFX LLC largely relied on the UDRP panel's findings plus the fact that, as a trademark owner, it had an obligation to police infringements. The court says that the UDRP rulings are not binding on federal courts and rejects AirFX LLC's arguments that a plaintiff has to show "harassment" in order to prevail on a reverse hijacking claim. Lurie's reverse hijacking claim moves forward.
Procedural disputes: The parties disputed a couple of peripheral procedural issues. AirFX LLC sought to have the action transferred to Indiana. The court rejects this argument because AirFX was required to submit to jurisdiction over a subsequent challenge to the UDRP in "either the location of the registrar's office or where plaintiffs are located." The registrar (GoDaddy) is located in Arizona, so having agreed to this forum in the UDRP filings, AirFX can't move the dispute to Indiana.
AirFX LLC was also hit with an award of costs and fees in the amount of $4,086.30 because it refused to waive service of process. AirFX LLC had a variety of menial arguments for why the waiver did not comply with the rules (lack of a specified return date, an alleged failure to include a self-addressed stamped envelope), but the court rejects these arguments.
Reverse hijacking argument claims are rare. A provision under subsection (v) (invoked here) allows for declaratory and injunctive relief. There's also a separate provision (subsection (iv)) which allows for damages but requires the registrant to show that the person claiming rights to the domain name made "knowing and material" misrepresentations. (See Eric's post on the Digimedia case from last year: "Wildcarding Subdomains Is OK; Reverse Domain Name Hijacking Isn't--Goforit v. Digimedia.")
I'm not sure about the court's comment that the registrant bringing a claim under subsection (v) has to show just that the registrant's conduct was lawful under the ACPA, and not address any Lanham Act arguments. Subsection (v) says that the registrant may file an action "to establish that the registration or use of the domain name by such registrant is not unlawful under this chapter." [emphasis mine] (Here's a link to the statute.)
To begin with, AirFX LLC is not going to have an easy time showing that Lurie violated its rights under the ACPA, but the court also drops a footnote to the GoPets case, under which Lurie may be able to tack his registration to the previous owner's. (Here's my post on that case from earlier this month: "Re-registration of Domain Name is not a "Registration" Under the ACPA -- GoPets Ltd. v. Hise.") Why AirFX LLC did not just participate in the market like Lurie and try to purchase the domain name from the former registrant I don't know, but that's one question I'd be asking if I were the court.
(h/t to Marc Randazza, who is counsel for Lurie)
This is a fine example of how trademark owners claim the "policing" duty to justify trademark bullying. On the surface, there appears to be nothing wrong with Lurie using "airfx" in the pseudo-skydiving business in parallel with AirFX's use in the automobile industry. Because of the unrelated industries, AirFX doesn't have any policing "duty" here. In effect, AirFX appears to be assuming it's the only company in the world that gets to use the trademark--effectively, that it should get dilution-style protection for a trademark that can't meet the requisite requirements.
AirFX's efforts to claw back the domain name are particularly troubling. AirFX doesn't get to preclude all other uses of "airfx," so it is does not "deserve" the domain name airfx.com. Yet, it's able to cheaply pursue a UDRP...and wins! (There is some discussion in the UDRP ruling that Lurie offered to "rent" the domain name and put up PPC links on the parked domain; the panelist seemed to ignore the former and focus on the latter). AirFX overclaimed its trademark rights, the UDRP deck is stacked against domain name registrants, and the result is that Lurie has to spend significant money first to fight the UDRP and then to sue in court. What's wrong with this picture?
To me, this seems like a stereotypical example of trademark bullying as conceived by Sen. Leahy. You recall the Department of Commerce doesn't believe such a thing exists, but consider the results of this litigation battle: AirFX imposed a bunch of legal costs on Lurie for him just to stay in place, making his court "victory" a Pyrrhic one.
As Venkat points out, we've had very few successful claims of ACPA reverse domain name hijacking. It would have been more exciting if Lurie could get ACPA damages (maybe that will come in due course), but even without that, this opinion is noteworthy for the domain name owner's ACPA success.
Notes from HTLI Conference on Defending Against Patent Risk
By Eric Goldman
A couple weeks ago, the High Tech Law Institute and the Berkeley Center for Law & Technology co-sponsored a major conference on the evolving patent ecosystem, called “Defense 2.0: New Strategies for Reducing Patent Risk.” We had this conference in the works long before Google started spending like a drunken sailor to buy up patent portfolios, but Google’s recent acquisition binge provided dramatic evidence that perhaps we needed to discuss the phenomenon.
Companies in the computers/software space—especially the smartphone industry—face an daunting risk of patent lawsuits, which has prompted them to spend a LOT of money on patent portfolio acquisition for the sole purpose of securing their “freedom to operate.” Companies amortize the cost of buying their freedom to operate by baking it into their prices, so we as consumers effectively pay the incremental amount--which flows as a lump sum acquisition price to a small number of patent portfolio owners. If society is getting commensurate incremental benefits from these patent portfolio owners, then the patent system is working just fine; but if we aren't getting that benefit, and instead this tax is incurred because of the costs of litigating patents, then the system is very deeply broken.
This conference was unusual in that it was focused almost entirely on defense-side considerations (the lunch panel was the main exception). Most academic conferences seek “balance” in the form of intellectual diversity; i.e., for every plaintiff expert, there is a defense expert intended to counterbalance the plaintiff perspective. We take balance very seriously at our conferences, but this time we suspended the rule because of the complexity of the defense-side issues and the import of defensive perspectives to the Silicon Valley community. In fact, very few geographic communities could support a defense-focused patent event, but we had a strong showing of about 200 people attending.
Although I was an enthusiastic supporter of this conference, the real “brains” behind it were Robert Barr of BCLT and especially my colleague Colleen Chien, who is doing important and fresh work in this area. See her SSRN page, and follow her at Twitter.
This post provides my notes from the day. As usual, these are not verbatim transcripts, they are my impressions of the speaker’s remarks. Please confirm any statements before relying on them or attributing them to the speakers. We will be posting a video recording from the conference so you can enjoy the event yourself if you missed it.
Robert Barr (UC Berkeley). To talk about Defense 2.0, we need to define Defense 1.0. Defense 1.0: companies file lots of patents either for cross-licensing or mutually assured destruction. Companies built their portfolios with little supplemental buying of patents. Litigation between operating companies remains a big deal, but NPEs/PAEs have emerged as well.
Laura Sydell (NPR).
She’s not opposed to patents, and she doesn’t want to blow the whole system up. Yet, when she would say “patents” around people in the tech world, people would grimace. Many Silicon Valley people don’t seem to like them.
Intellectual Ventures lab is an amazing company. When it said that best inventors may not be best businessmen, this message resonated with her; it parallels her experiences with artists, who may be gifted artistically but not with business acumen. So she asked IV for an example of success story, and they mentioned Chris Crawford. Her response to investigating him “shocked” her.
Crawford’s patent was messy. NPR had 3 patent attorneys review it (not all of that got mentioned in her story). Their response: this patent wasn’t novel. Then, IV sold the patent to Oasis Research (but retained a cut) and sued lots of cloud companies, and all of the defendants seemed to settle because it was cheaper to license than sue.
Laura and her peer went to visit Oasis Research in Marshall, TX and found an empty office. That didn’t jibe with her thoughts about “innovation.” But it was hard to get anyone to talk due to NDAs. Plus, IV is feared in industry. Inventors feel they don’t pay well.
Laura was struck that the Crawford patent wasn’t a unique story. Instead, there appears to be a whole industry built around similarly weak patents.
Since her story aired, issue has exploded. Companies are spending billions of dollars to defend against lawsuits. The patent reform bill didn’t solve any problems.
Q: how did inventors feel about her piece? A: inventors have been mostly positive. Inventors don’t like IV. Most criticisms about the story came from lawyers instead.
Colleen Chien (Santa Clara University)
Patent litigation by the numbers:
* 250,000: patents covering smartphones
* $12.5B: Google’s purchase for Motorola Mobility
* $2.5B/$29B: $29B = Google’s revenue in 2010. Android revenue = $2.5B.
* 10+: different graphic depictions of the smartphone wars
* 19%/28%: distribution of patent lawsuits. Sport of Kings suits (28%) (big co v. big co).
* 15%: new law jobs requiring patent specialists. Is this a good trend?
* 3/20+: 3 different iPhone models available on Amazon. 20+ Android devices.
* 500k+/300k: 500k iPhone apps; 300k Android apps
* Free/$60: Google’s desired price of Android = free. Android handset maker estimate of royalties = $60.
* 0%/26%: Apple makes 0% of iPhone components. Samsung supplies 26% of iPhone components.
* 380+/14+: 380+ NPEs tracked by Patent Freedom. 14+ NPEs are publicly traded.
* 48: Acacia employees. 300+ lawsuits (many more defendants). 1000+ appreciation since 2008. 38% of Acacia's revenues goes back to inventors; 50% go to lawyers.
* 10 universities invest in IV. 18 tech companies invest in IV.
Panel 1: New Challenges in Defensive Portfolio
Lisa McFall (Ovidian)
We’re experiencing a tectonic shift. We had a patent market and it was growing, but the mobile industry has accelerated the issues. Mobile wars + increasing patent liquidity has encouraged companies to revisit their portfolios. Are the portfolios robust enough? If the portfolios are strong, should they sell or enforce?
Purchasing patents is a quicker way to fill portfolio gap than filing new patent applications. Buyers can use brokers, but brokers have limited selection, buyers can’t trust broker’s motivations (they also dealing with NPEs), and the brokered patents are crappy (making them more valuable to NPEs because of litigation ambiguity). Buying directly from sellers: buyers can take advantage of information asymmetry and find highly useful patents, but it can take more effort.
HP, IBM, AT&T have active patent sales programs, but their patents are encumbered with existing licenses and other restrictions. Some Korean/Japanese companies won’t sell at all.
Jeff Draeger (Intel)
Bah humbug. When it comes to patents, the mobile industry is special compared to other industry niches. We’re not seeing the same activity in other industry sectors. Mobile: has big new winners and losers. Wireless patent mania will be waning—the wireless connection isn’t the biggest value-add to the mobile devices, and big players have already made their key purchases.
No rational valuation based on royalties to justify purchase prices. NPEs were at the Nortel auction, but the price got too high. In contrast, operating companies feel huge pain with an injunction against their products.
There are a lot of portfolios on the market. NPEs will be buying at inflated prices and then hitting up operating companies to get paid. But with trends in damages, injunctions and joinder, NPEs won’t be able to recoup their money.
Industry détentes may get destabilized if the companies have a different revenue position or liquidate their patents to NPEs. Companies can’t assume any more than sleeping dogs will lie.
Eugene Kim (Zynga)
Smaller companies need to be strategic about which organizations to join. Patent prices are going up across the board. Valuations were striking about Nortel/Motorola Mobility. There isn’t a magic formula for valuating patents. Over time, finance/accounting people are going to demand information about ROIs. Patent litigation avoidance is difficult to quantify.
Xiang Wang (Orrick China)
Chinese companies are filing more patent lawsuits, but damages are much less than US. Companies will inevitably face Chinese patent lawsuits.
Paul Roeder (HP)
HP is defending 80 patent cases, almost all by NPEs/trolls.
1) Fed Cir is demanding “sound economic damages”—junk arguments don’t work. Defendants should be proactive about computing damages. There’s no separate damages “team” among defense lawyers—everyone should be on the team. Discovery needs to consider damages. Defendants should be attacking damages on summary judgment.
2) Apportionment of damages. Defendants should focus on incremental value added from the patent. To get around this, the plaintiffs are turning to the ITC because damages are irrelevant there. But he thinks most cases in ITC shouldn't have jurisdiction for lack of domestic activity.
3) Prior licenses as market comps must be analogous.
Karen Boyd (Turner Boyd)
Defendants can consider reverse bifurcation. When a small defendant tried to accelerate its damages calculation, the plaintiff instantly dropped the case against that defendant.
Small defendants shouldn’t just rely on the bigger defendants. There’s value to being a leader in the defense group. Incentive for plaintiff to settle with that defendant because the joint defense group might fall apart. But many small defendants can do some coattailing on the smart lawyers who are part of the joint defense group.
Small defendants can challenge personal jurisdiction.
In ND Cal, take a look at Local Rule 3.2. Corporate disclosure rule. It requires disclosure of all parties that have an interest in the litigants. Small defendant can use this rule to its benefit.
Luftman comment: in media industry (as opposed to tech industry), there’s less of a lone wolf mentality in joint defenses. The media companies tend to stick together.
Michael McCoy (Appsterdam)
European software developers are being approached by patent trolls. Some developers are considering avoiding the US market—it’s only 25% of the market for some of them. Patent trolls are like the Mafia—you get a knock on the door, and they get too involved in the target’s business.
Appsterdam’s goal: open source the prior art research.
There has be a change legislatively, such as exclusions against small business defendants, or limits on damages for patentholders who aren’t practicing. Right now, patents are just a tool to build a business around litigation.
Q: do NPEs ever have a gem patent? McCoy’s answer: Probably not.
Roeder comment: get off the issue of patent quality. Fight the battle on other grounds. We need a system that recognizes that if there are 10k patents on data mirroring, none of them are worth squat.
Q: will open sourcing prior art increase risk of willful infringement rulings? A: that’s a risk.
Q: what effect of AIA joinder requirement? Boyd A: it will provide evidence of just how much NPE litigation is taking place. Luftman A: joint defense collaboration is going to be much harder. Defense lawyers are going to have to step up their game. If competitor gets sued, don’t assume you dodged the bullet; you may need to get involved at that point, even before you get sued.
Lisa Buccino (SAP)
If defendant fights, NPEs sense opportunity to get a win. If defendant loses, NPEs can capitalize on the fear of another loss. Finding ways to reduce litigation costs is an effective response to NPEs—“I don’t mind being sued because it won’t cost me a lot.” Ex: sole-source all patent defense to one firm for fixed fee. Then, each NPE’s suit doesn’t have a marginal cost of defense.
Roeder comments: having large docket makes budgeting easier to manage. They study the data that hourly billing creates—study task codes and compare among firms. It becomes a quality measure for firms. Quality isn’t just having a good argument. Luftman: he appreciates when firms demonstrate their project managing skills, including a dedicated case administrator.
Q: defense contingency arrangements? Buccino A: can set up bonuses for achieving dismissals at certain milestones.
Doug Luftman (CBS)
Settlements with NPEs make matters worse for the tech industry. In other industries, defendants focus more on reducing defense costs than taking easy settlements.
Bring reexaminations before you get sued. This means you need to keep track of what’s coming through the system. Problem: too many patents to track. Solutions: outsource to third party vendors.
Another idea: offer a bounty for busting patents, such as by paying for prior art. (Article One).
Joff Wild (IAM Magazine): Acacia’s huge stock price rise reflects their decision to stop partnering with operating companies.
Europe has NPEs, such as IPCon. European courts generally are more willing to give permanent injunction than US courts; it’s automatically given when patent owner wins. If this becomes the EU-wide standard, it will give huge leverage to NPEs—they can wipe out the entire European market for their defendants.
In Asia, Asian countries have companies that buy patents that could be asserted against local companies.
Jim Peacock (NociMed): he can’t remember last time when big companies looked like victims. NPEs need better branding to be treated more charitably.
It takes $25M to get to market, and patents are essential to get return on that investment. Emerging companies may decide to partner with an enforcer such as Acacia. This provides a financing source, and it’s a good alternative to a contingency litigation enforcement.
Wild: Micron bitched about NPEs and then sold 20% of their portfolio to NPEs. It’s overly simplistic to say operating companies = good, NPEs = bad. There are too many linkages between the two communities.
Ewing: proposed the term “privateer” = good guy pirates.
Peacock: he’s OK with getting a reasonable royalty instead of an injunction. 25% rule was too high; he never saw royalties like that in the field.
Wild: Europe isn’t an inventor’s paradise. There are plenty of factors why the innovation environment is better in US. China is on a buying binge to purchase patents.
Q: Does the NPE liquidity market encourage inventors to do more research? Tom Ewing: do inventors think they are getting a fair share? Does it encourage the right innovation? Wild: small inventors aren’t driving patent filings; it’s the big companies doing it. Big companies are flooding the PTO with applications, which has actually hurt the patent quality review. Peter Menell: mutually assured destruction got everyone into patent game; but once folks built expensive defense-oriented patent portfolios, they realized that they needed to monetize. Could we jack up the maintenance fees to clean out junk patents?
Ewing: about 30% of world’s active patents are in US = oversupply of patents? European countries may have relative undersupply.
Peacock: biggest concern as entrepreneur is the maintenance fees he faces in Europe.
Market Solutions Panel
Jason Schultz (Berkeley)
He’s developing a scheme for defensive patent licensing. Companies would make a commitment not to sue if licensees make the same commitment back. This would prevent these patents from being sold to trolls. Analogous to open source licensing programs.
Dan Lang (Cisco)
How to get around prisoner’s dilemma? Industry-wide collective responses better than individual responses. So the industry should try to head off bad patents before they hit the market.
Tom Ewing (Avancept)
We use too many military metaphors in patent discourse! Industry groups can file oppositions to all patents that read on the industry.
Kim Cauthorn (Duff & Phelps)
Patent insurance isn’t magic bullet. The patent insurance industry is taking a while to develop due to a lack of data; insurers can’t build full actuarial tables. NPE settlement experience actually helps quantify the risk. Further, patent insurance isn’t a must-have, unlike car insurance. Ironically, D&O insurance is popular even though D&O lawsuits are far rarer than patent litigation.
Q: how does antitrust apply? Schultz: antitrust challenges to open source provide some guidance. The contract is bilateral even if there are benefits for the industry, so no collusion.
Ewing: valuation problem comes from lack of data. If we could get the data, there are plenty of people who can crunch those numbers.
Becky Eisenberg (University of Michigan)
Maybe the costs in the patent system aren’t inherently bad. They force patent owners to make their choices wisely.
Different patent universes:
Notional: everything that could be patented
Nominal: technology that’s actually covered by patents
Effective: patents that are actually asserted/licensed
Due to costs, nominal < notional and effective < nominal.
But costs imposed on non-patent owners. Perhaps nominal > notional because PTO does a bad job and defers to court.
Technology users: incur costs to research/diligence patents and deal with assertions against them.
Plaintiffs can get economies of scale from enforcement. Surprising that NPEs didn’t arise earlier. Pressures to change cost allocations.
Data-Driven Risk Management Panel
Josh Walker (Lex Machina)
Hypothesis: predictive modeling will transform how finance looks at litigation. Based only on knowing the parties, lawyers, venue, etc., Lex Machina could predict the outcome of a case with 64-85% accuracy.
Mike Mazzeo (Northwestern Business School)
Predicting Patent Infringement Awards: 8 largest damages cases were 47-48% of total damages awarded in 340 cases over 13 years. Top 2 most impactful factors (slide went too fast!):
• case decided in Court of Federal Claims
• Awards decided at jury trials
Colleen Chien (Santa Clara University)
Predicting Patent Litigation. Patents in litigation look different than patents that don’t. Factors more prevalent with litigated patents: transfer, setting change, reexam, maintenance, securitization, forward cites. Lesson: there need to be a sorting mechanism between patents that may be litigated or not.
Mallun Yen (RPX)
RPX looks for patents that may be litigated and buys them up before they’ve been asserted. NPE litigation activity is on the rise: 15% from 2005-10. Expected increase 36% in a year. Total defendants—expected to increase 20% in a year.
Mark Lemley (Stanford Law)
AIA started out to curb litigation abuse, but 9 years later, what resulted does very little towards that. Import of Patent Reform for litigators (see his full article):
* Effectively eliminates patent marking suits
* Tax strategy patents: automatically not novel. Bypass: people will argue they merged a tax strategy with a computer, but that can’t be what Congress meant. So perhaps will this take a bite out of business method claims more generally.
* Effectively eliminates best mode requirement. PTO can reject for lack of best mode, but this is highly unlikely to occur.
* Joinder changes. Parties/courts can’t join multiple defendants or consolidate trials unless the parties have common issues of facts, and violation of the same patent isn’t a common issue of fact. This raises the plaintiffs’ costs. But will courts relate cases together? Only if they’re in the same district, but cases are going to scatter on jurisdictional bases. If the cases aren’t related, then plaintiffs are subject to multiple jeopardy (they have to defend their patent in every case or res judicata will kill the patent for good). Interesting strategic choices for defendants: do I want to go first? If I want, I hope the other defendant wins, in which case I get to free ride. But if first trial isn’t with strongest defendant, I might be disadvantaged by going second. Complicates joint defense agreements—lawyers may be arguing the same case in different jurisdictions, and there may be more conflicts between defendants. [Eric's note: big-scale products liability lawyers have been dealing with these who-goes-first tactical issues for decades. Patent litigators are going to have to learn a thing or two from them.]
* Exclusive federal court jurisdiction even for counterclaims. Reverses Holmes v. Vornado. Some cases in state courts (over, say, license or malpractice) can be brought into federal court.
* Prior user rights. Current provision never has been used. Now it’s expanded. Interesting Qs about exhaustion and the implications for company M&A. Mark thinks it will apply in a small set of cases.
* Can change inventorship at any time; errors in inventorship not a ground for invalidity or inequitable conduct
* Supplemental examination to fix any inequitable conduct during prosecution.
* Advice of counsel/inducement. Failure to obtain advice of counsel can’t be used as evidence of willful infringement or inducement. Effective date for patents filed after September 2012, so this won’t be relevant for many years.
Many thanks to all for a terrific conference!
October 29, 2011
Publicity Rights Class Action Against Facebook Over Promotion of 'Friend Finder' Service Dismissed -- Cohen v. Facebook
[Post by Venkat Balasubramani]
Cohen v. Facebook, Inc., C10-5282, 2011 U.S. Dist. LEXIS 124506 (N.D. Cal. Oct. 27, 2011)
This is a putative class action against Facebook for "promoting its 'friend finder' feature by disclosing to users that their Facebook 'friends' have used that function." The first time around, the court dismissed the claims, but granted leave to amend. ("Court Dismisses Misappropriation Claims Against Facebook Over Its Friend Finder Service.")
This time around, the court's order focused on the issue of whether plaintiffs adequately alleged injury. Facebook argued in its earlier motion that the claims were undermined by Facebook's terms of service, but the court says this issue is not amenable to resolution at the motion to dismiss stage, and Facebook does not bring this argument up again. The court previously ruled that plaintiffs are not automatically entitled to relief under California's publicity rights statute and that plaintiffs can recover non-economic damages if they suffer emotional harm.
In the amended complaint, plaintiffs did not take the route of claiming emotional distress damages. They alleged instead that their names and likeness had economic value to Facebook. The court says that the allegations are insufficient, noting that plaintiffs did not allege that they were entertainers or models, or some other category of individuals who had "an obvious economic interest in [their] likenesses." The court also says that Facebook is using the likeness in a context where it already appeared:
the names and likenesses were merely displayed on the pages of other users who were already plaintiffs' Facebook "friends" and who would regularly see, or at least have access to, those names and likeness in the ordinary course of using their Facebook accounts.
The court says anyone who alleges some cognizable injury under the publicity rights statute can recover statutory damages, but plaintiffs failed to allege the minimum necessary. The court dismisses the case with prejudice.
It's possible that judges in the Northern District of California are getting sick of privacy class actions, because lately they have been pretty harsh on them. I don't think it's necessarily a bad thing, but it seems like courts are scrutinizing these complaints very closely. The iPhone class action, where the court shreds the complaint, was the most recent example before this one: "iPhone Privacy Class Action Dismissed for Lack of Standing."
Plaintiffs face the challenge that they have to tailor their complaints to suit a class, but they do not do a good job of coming out and arguing what exactly the harm is or where exactly the misappropriation occurred. Was this simply a case of Facebook disclosing to your friends that you had used the 'friend finder' service and showing your profile picture when they did this? Or was there something more? (This is a publicity rights and not a privacy lawsuit, but am I missing something, and is Facebook's 'friend finder' some sort of super secret risque alternative dating service?) If there was more to this, it did not come through in the court's order, and maybe plaintiffs just didn't do a great job of making sufficient allegations of nefarious conduct on the part of Facebook.
Plaintiffs tend to rely on this argument that the information or likeness has value, because it has value to Facebook (it must have value, because Facebook is exploiting it). But courts are not buying this argument. Facebook may or may not be exploiting your personal information or likeness, but you have to be able to articulate some value to it independent of the fact that Facebook is exploiting it. As we've seen in several cases, this is often a challenge.
The court dismisses on the basis that plaintiffs have not suffered cognizable injury under the statute, but in a footnote alludes that Article III standing would be a problem anyway. It's not clear as to whether alleging a statutory violation is sufficient to confer standing, or whether plaintiffs have to independently satisfy Article III standing requirements. A case pending before the United States Supreme Court raises this issue with respect to a federal statute; Facebook, Yahoo! and others have weighed in with a friend of the court brief. (See "'Sleeper' Case Asks Whether Plaintiffs Can Sue Without An Injury.") If there's an independent Article III standing requirement, can plaintiffs proceed in state court?
These lawsuits don't leave us with much clarity. Is Facebook engaging in some edgy practices to exploit users' likenesses and information? It's possible, but the best you can say after this case is that plaintiffs' allegations were muddled and the judge threw them out.
October 27, 2011
Righthaven Hit With Another Fee/Cost Award, This Time Nearly $120k--Righthaven v. DiBiase
By Eric Goldman
Righthaven LLC v. DiBiase, 2011 WL 5101938 (D. Nev. Oct. 26, 2011)
There's really not much to say about this one. In a brief opinion that speaks for itself, Judge Hunt awarded nearly $120,000 in attorneys' fees and costs to DiBiase. Given that Righthaven pleaded poverty in response to the $34k fee award to Hoehn, I'm assuming they don't have a spare $120k lying around either. For the reasons I expressed in my last blog post on Righthaven, "I feel no schadenfreude."
Some open questions on my mind:
- when will Righthaven declare bankruptcy? Given that litigation is their business, it would be ironic if they found more litigation success in bankruptcy court than they found in any other court they've visited.
- will Stephens Media infuse Righthaven with more capital, or will it let Righthaven starve for cash?
- can defendants find a way to pierce Righthaven's corporate veil and seek to get their fee award paid directly by Stephens Media and Steve Gibson personally? It seems to me that this possibility is not out of the question.
- will the cumulative attorneys' fee awards against Righthaven exceed the total revenue it brought in from its litigation campaign? At this point, I would be surprised if it didn't.
- if an appellate court does find some grounds to reverse on appeal, will Righthaven even be around to enjoy that new lease on life?
Prior blog coverage of the Righthaven fiasco:
* Colorado Judge Drills Righthaven and Awards Attorneys' Fees--Righthaven v. Wolf
* Resetting the Righthaven Fiasco
* Righthaven Defendant Awarded $3,800 in Attorneys' Fees--Righthaven v. Leon
* Recapping Righthaven Developments from the Past Two Weeks
* Righthaven Benchslapped in Ruling Saying It Lacks Standing--Righthaven v. Democratic Underground
* Another Defense-Favorable Righthaven Ruling--Righthaven v. Choudhry
* Republishing Entire Newspaper Story is Fair Use--Righthaven v. CIO
* Blogger Wins Fair Use Defense...On a Motion to Dismiss!--Righthaven v. Realty One
In Hannaford Data Breach Case, First Circuit Says Card Replacement and ID Theft Insurance are Reasonable Mitigation Damages and Compensable--Anderson v. Hannaford Bros.
[Post by Venkat Balasubramani]
Anderson v. Hannaford Brothers Co., 10-2384; 2450 (1st Cir. Oct. 20, 2011)
Background: Plaintiffs sued Hannaford based on a massive data breach in 2007. In this ruling, the First Circuit said that money spent by plaintiffs to obtain replacement credit cards and for credit monitoring could be considered reasonable mitigation efforts and was therefore legally compensable.
The court recounts the facts underlying the data breach, which is reportedly one of the largest ever. In late 2007, hackers stole up to 4.2 million credit card numbers, expiration, and security codes. Visa notified Hannaford in February 2008, and Hannaford publicly announced the breach on March 17, 2008. At the time it made the announcement, Hannaford knew of some 1,800 cases of fraud resulting from the breach--the unauthorized charges in question "originated in locations across the globe, including New York, Spain, and France."
Affected customers fell into a few different categories. Some financial institutions immediately cancelled their customers' cards and issued replacements. Others did not cancel the card but monitored accounts. Some customers requested that their cards be cancelled but had to pay fees. Other customers also purchased identity theft insurance.
Twenty six different lawsuits were filed against Hannaford, which were consolidated in the District of Maine. The consolidated complaint alleged that fourteen of the named plaintiffs had unauthorized charges on their accounts, seventeen of the named plaintiffs had their cards cancelled, and two of the plaintiffs requested that their issuers give them replacement cards. Plaintiffs alleged seven causes of action, including breach of contract, breach of an implied warranty, negligence and unfair trade practices. They also alleged a variety of different injuries, including:
the cost of replacement card fees when the issuing bank declined to issue a replacement card to them, fees for accounts overdrawn by fraudulent charges, fees for altering pre-authorized payment arrangements, loss of accumulated reward points, inability to earn reward points during the transition to a new card, emotional distress, and time and effort spent reversing unauthorized charges and protecting against further fraud.
Plaintiffs also claimed damages for "the cost of purchasing identity theft/card protection and credit monitoring services."
District Court Proceedings: The district court split the plaintiffs into three different categories. The first category was composed of customers who did not have fraudulent charges posted to their account and the district court held that they were not entitled to relief. The second group was composed of plaintiffs who incurred unreimbursed financial charges. The court said that these plaintiffs could recover. However, during the pendency of the litigation, the single plaintiff who had an unreimbursed charge advised that the charge was reversed.
The last category was composed of customers who experienced unauthorized charges but whose charges were reversed. The district court said that the losses suffered by these customers were "too remote, not reasonably foreseeable, and/or speculative (and under the [trade practices statute] not a 'substantial injury')." (Here's my earlier blog post on the district court ruling: "Hannaford Data Breach Plaintiffs Rebuffed in Maine.") After the court's ruling, plaintiffs moved to certify several questions to the Maine Supreme Judicial Court. The key question, which the court answered in the negative, was whether "time and effort alone, spent in a reasonable effort to avoid or remediate reasonably foreseeable harm" was a cognizable injury under negligence or breach of contract theories. (Here's a brief post discussing this ruling: "Two More Courts Close the Doors on Data Breach Plaintiffs.")
First Circuit: The court rejects plaintiffs' cause of action for breach of fiduciary duty, finding that the relationship between a grocery store and customer is not sufficiently imbued with trust or unequal bargaining power for the court to impose fiduciary obligations on Hannaford. The court also rejects plaintiffs' claims under Maine's unfair trade practices act, finding that the statute does not provide for a private cause of action in these circumstances. The court does recognize plaintiffs' implied contract and negligence claims. Although the court finds that plaintiffs can assert two different bases for recovery (negligence and implied contract), the court focuses on what types of damages are recoverable.
The court says that the costs of procuring replacement cards and credit insurance are recoverable as reasonable mitigation damages. The court looks to the Restatement of Torts (section 919) and its treatment in other contexts (construction and environmental cases) and says that the key question is whether the amounts expended are reasonable when made, even if they turn out to be excessive when viewed in hindsight. In the context of this case, plaintiffs' mitigation efforts were reasonable. Plaintiffs' credit card data was stolen by a sophisticated group of thieves who not only intended to misuse the data, they actually did. The court contrasts these facts with other data breach cases where there had been no obvious malfeasance or no actual misuse of the data. Further evidence of the reasonableness of plaintiffs' efforts was the fact that some banks actually issued replacement cards. The court holds that even if plaintiffs did not experience any unauthorized charges, it was reasonable under the circumstances to pay to have their card replaced.
While the court finds that the replacement card and identity theft fees are recoverable, the court affirms the district court ruling with respect to the remaining categories of damages. These include the claims based on loss of rewards points, fees for pre-authorization charges (etc.).
This is not the first court to say that credit monitoring may be an appropriate response to a data breach. In Ruiz v. Gap, the Ninth Circuit analogized to toxic chemical exposure and noted that in certain circumstances, the costs for monitoring credit activity following a data breach may be recoverable. ("9th Circuit Affirms Rejection of Data Breach Claims Against Gap.") In that case, defendant had offered credit monitoring services and plaintiffs failed to explain why they were inadequate, so the Ninth Circuit did not end up expressly deciding the issue.
Although I'd chalk this up as a win for data breach plaintiffs, it's a slight one. The court's ruling appears limited to credit cards and the court relies heavily on the fact that the prospects of misuse were significant and had actually occurred. The court notes: "where neither the plaintiff nor those similarly situated have experienced fraudulent charges resulting from a theft or loss of data, the purchase of credit monitoring services may be unreasonable and not recoverable." The court also ends up disapproving the bulk of the requested damages. At a minimum, the fact that the court disapproves of damages such as time spent dealing with remedial efforts, damages relating to rewards programs, and for emotional distress is significant. There's no prospect of a damage free-for-all. In fact, in the event of this type of a breach, the prospective defendant(s) can limit their liability by covering the costs of free credit monitoring services and the costs of replacement cards.
The court mentions in a footnote that cardholders are probably limited in their exposure to unauthorized charges due to the Truth in Lending Act. Hannaford argued that the card issuers have instituted "zero-liability protection," which means that customers are not liable for unauthorized charges, but the court says that this does not matter. It would still be reasonable for customers to attempt to mitigate harm to themselves in these circumstances.
A big question is what this means for other privacy plaintiffs in terms of Article III standing. In concluding that plaintiffs may move forward, the court points out the fact that plaintiffs suffered "actual financial losses." Thus, plaintiffs who allege anything other than actual financial losses (e.g., Facebook privacy plaintiffs) would still face an Article III standing hurdle under this case.
Earlier posts on Hannaford:
Related (data breach) posts:
"Starbucks Data Breach Plaintiffs Rebuffed by Ninth Circuit -- Krottner v. Starbucks"
"Two More Courts Close the Doors on Data Breach Plaintiffs"
"9th Circuit Affirms Rejection of Data Breach Claims Against Gap -- Ruiz v. Gap"
"The [Non]enforceability of Privacy Promises--Pinero v. Jackson Hewitt"
"Acxiom Not Liable for Security Breach"
October 26, 2011
Yelp Gets Complete Win in Advertiser "Extortion" Case--Levitt v. Yelp
By Eric Goldman
Levitt v. Yelp Inc., 2011 U.S. Dist. LEXIS 124082 (N.D Cal. Oct. 26, 2011)
A group of advertisers sued Yelp for allegedly extorting them to buy ads from Yelp with the implied/express threat that Yelp would degrade their ranking in Yelp's database if they didn't. In a previous ruling, Judge Patel dismissed the second amended complaint, but her opinion exhibited her characteristic quirkiness.
The case got reassigned to Judge Chen, who was presented with a motion to dismiss a third amended complaint. Deviating in part from Judge Patel's analysis, he reaches the same conclusionthat the complaint should be dismissed--but this time he does so with prejudice, sending the case to the Ninth Circuit (likely) or its grave.
The plaintiffs asserted that Yelp itself wrote negative reviews about the advertisers. In support of this assertion, the plaintiffs claimed that Yelp employees write some reviews, Yelp pays authors for reviews and some reviews don't match the advertisers' customer records. The court says those allegations aren't enough to survive a 12(b)(6) motion to dismiss because they do "not raise more than a mere possibility that Yelp has authored or manipulated content related to Plaintiffs in furtherance of an attempt to 'extort' advertising revenues." The plaintiffs' arguments were too inferential, and other stories plausibly fit the alleged facts.
The plaintiffs' claims that Yelp reorders reviews is preempted by 47 USC 230(c)(1):
Plaintiffs’ allegations of extortion based on Yelp’s alleged manipulation of their review pages – by removing certain reviews and publishing others or changing their order of appearance – falls within the conduct immunized by § 230(c)(1).
Once again, a defense win cites to Roommates.com.
To get around 230, the plaintiffs argued that Yelp assembled a star rating, and the star rating was its own expression, not its users. The court notes this argument was rejected a decade ago in Gentry v. eBay. To get around Gentry, the plaintiffs argued that Yelp improperly monkeyed with reviews to shape the star rating with bad intent (to "extort"/pull cash out of advertisers' pockets).
Judge Chen responds that "§ 230(c)(1) contains no explicit exception for impermissible editorial motive." He contrasts 230(c)(2)'s "good faith" requirement, saying that the absence of a parallel "good faith" requirement in 230(c)(2) means editorial intent is irrelevant to 230(c)(1). [For more on the "good faith" requirement in Section 230(c)(2), see my article on account termination and 230(c)(2).] On this point, he diverged from Judge Patel's analysis, but unlike her, he actually cites a Ripoff Report victory in support of his conclusion. (Still no cite to the Reit v. Yelp ruling).
Making the point that 230(c)(1) does not permit an inquiry into the defendant's motivation, Judge Chen continues:
traditional editorial functions often include subjective judgments informed by political and financial considerations....Determining what motives are permissible and what are not could prove problematic. Indeed, from a policy perspective, permitting litigation and scrutiny motive could result in the “death by ten thousand duck-bites” against which the Ninth Circuit cautioned in interpreting § 230(c)(1)....As illustrated by the case at bar, finding a bad faith exception to immunity under § 230(c)(1) could force Yelp to defend its editorial decisions in the future on a case by case basis and reveal how it decides what to publish and what not to publish. Such exposure could lead Yelp to resist filtering out false/unreliable reviews (as someone could claim an improper motive for its decision), or to immediately remove all negative reviews about which businesses complained (as failure to do so could expose Yelp to a business’s claim that Yelp was strong-arming the business for advertising money).
Yes! That's exactly right, and kudos for the judge for seeing the connection. The beauty of 230(c)(1) is its simplicity. It ends lawsuits cold on a 12(b)(6), and doesn't open the door for a myriad of messy, expensive and time-consuming factual considerations. Having that airtight immunity means websites can make tough editorial decisions without worrying what kind of story those decisions will ultimately tell in court. Contrast the litigation inquiries in 512(c) and contributory/vicarious copyright infringement, where every service provider choice is grist for the plaintiffs, and that pressure leads service providers to follow the rule "if in doubt, take it down."
The judge adds that a lawsuit based on Yelp's marketing representations might not be covered by 230(c)(1). I discuss this issue more in my 230(c)(2) paper. I disagree with the judge's statement. As I explain in my paper, 230(c)(1) can preempt marketing-based claims; plus see cases like Milo v. Martin. Fortunately, it's inconsequential to this lawsuit as the plaintiffs dropped their false advertising claims. Unfortunately, I expect plaintiffs to seize this language (along with similar statements in other rulings) and do lots of research to find shreds of marketing and support material published by a service provider that could be used to support a false advertising claim that's fundamentally based on user-generated content. (But cf. the Woods v. Google ruling, where Judge Fogel put his foot down on that nonsense).
This ruling makes clear that Yelp can manage its database of user reviews however it wants. This is as it should be. However, it doesn't mean that we as consumers will find Yelp trustworthy. Section 230(c)(1) simply means that Yelp has to earn and keep our trust as readers/consumers, which remains an important and ongoing challenge.
UPDATE: Rebecca's comments.
Ex-Employee Converted Social Media/Website Passwords by Keeping Them From Her Employer--Ardis Health v. Nankivell
[Post by Venkat, with comments from Eric]
Ardis Health, LLC, Curb Your Cravings, LLC and USA Herbals, LLC v. Ashleigh Nankivell, 2011 WL 4965172 (S.D.N.Y. Oct. 19, 2011)
Nenkivell worked for CYC as a "video and social media producer." Her work included producing videos, "websites, blogs, and social media pages" for CYC and the other two plaintiffs, which were founded by Jordan Finger. Her responsibilities included:
maintaining passwords and other login information for websites, email account, and social media accounts, a well as for third-party servers where plaintiffs stores content
Fortunately for plaintiffs, Nenkivell signed an agreement with CYC which vested ownership in her work product to CYC and required Nenkivell to return all confidential information at CYC's request.
In 2010, Finger and Nenkivell developed a service called "whatsinurs," which the court described as a "social media website for cosmetic products." Ardis applied for a trademark in Whatsinurs and registered the copyright for the website. Finger sent Nenkivell an agreement for the organization and ownership of the new site, which Nenkivell never signed. Nenkivell was restless and looked around for alternate employment. Plaintiffs were unhappy about this and fired Nenkivell in June 2011. After the termination, Finger requested the laptop, which plaintiffs had provided her, and the access information for the various websites. She declined to provide this. Plaintiffs sued and sought injunctive relief.
The Access Information: The court says that it's "uncontested that plaintiffs own the rights to the Access Information," and as a result, Nenkivell's retention of this information can form the basis of a conversion claim. The court also says that plaintiffs' inability to access and update their site ("to react to online trends" and effect a new initiative to participate in "'daily deal' promotions") constitutes irreparable harm. The court orders the information turned over to plaintiffs pending resolution of the dispute.
The Laptop: The court declines to order the laptop returned, saying that the laptop is a "mass-produced object," the loss of which can be compensated by money damages. Plaintiffs also argued that they were entitled to the information on the laptop but the court faults plaintiffs for not fully developing their argument--they relied on confidentiality terms in the agreement and nothing more. Nenkivell also argued that the laptop had continuously synched to plaintiffs' computer. Plaintiffs argued that they could not be sure of this without seeing the laptop, but this argument does not get much traction with the court.
Display of Whatsinurs Content on Defendant's Website: Plaintiffs also argued that they suffered irreparable harm from the display of the whatsinurs site's content on her personal website (as an example of her work). Plaintiffs' key argument on this score was that a search for "whatsinurs" would display both defendants' website and the same contents, as displayed on Nenkivell's personal website. Plaintiffs argued that consumers would be confused as to the source of the website and this would dilute plaintiffs' "whatsinur" brand.
The court says this argument "is preposterous on its face":
Not only do defendant's websites appear below plaintiffs' in search results, defendant's [sic] do not purport to be, or in any way give the impression of being, portals for the sale of commercial goods. On both of defendant's websites, the Whatsinurs content is wholly non-functional, little more than dressed-up image captures. It is clearly labeled as an example of defendant's "Design" capabilities and surrounded by content from other projects defendant has worked on. It does not compete with plaintiffs' websites or pose potential issues of confusion.
Plaintiffs argued that Nenkivell's bad faith raises a presumption of confusion, but the court says that Nenkivell has an innocent explanation and there's no bad faith. Even assuming that there is a presumption of confusion, the court says that this is alone insufficient to warrant injunctive relief.
Yet another dispute over access to websites and social media profiles. It look like plaintiffs half-followed the basic advice of having a written agreement in place that documents the relationship between the company and the individual who manages the company's website and social media profiles. But the agreement in this case was not necessarily clean--the agreement was between Nenkivell and CYC, but one of the other plaintiff entities actually (Ardis) asserted ownership over the "whatsinurs" website. The court does not get into the issue of whether Nenkivell's development of the "whatsinurs" website was outside the scope of her relationship with CYC and therefore not subject to the agreement, but this seems like an issue that should come up. Social media accounts do not neatly fit into existing categories of property and we haven't seen many disputes over account ownership fully play out. (See the OMG Facts case for one ongoing dispute.) While an agreement that expressly covers ownership is ideal, it's interesting to note that the confidentiality provisions of the agreement do the job in this case.
On the web developer/social media producer side, holding any sort of website or social media credentials (or domain names) hostage is legally risky behavior. We've seen a slew of cases where this type of behavior resulted in possible liability. In DSPT Int'l v. Nahum, the Ninth Circuit held that holding domain name hostage may be bad faith under the ACPA. Maremont v. Susan Fredman Design Group involved a social media manager who continued to post on the Twitter and Facebook accounts following termination (this case was dismissed for lack of prosecution). Finally, the Ohio Court of Appeals held earlier this year in Eyesoldt v. Proscan that obstructing access to a website and email account can constitute conversion. The contours of legal liability are far from clear, but there is definitely risk when you hold website, email, or social media credentials hostage! Courts have shown a willingness to treat these credentials as intangible personal property that can support a claim for conversion. We all know how important it is to constantly update our social media accounts. It looks like the courts get this.
The court's rejection of plaintiffs' request to have Nenkivell's "portfolio copy" of the site taken down was interesting. Courts have moved away from automatically granting injunctive relief based on copyright or trademark claims. You have to show actual irreparable harm now. Plaintiffs proceeded primarily based on a trademark theory, and the court's rejection of their argument that the portfolio copy of the site appearing in search results would cause them irreparable harm will get Eric's resounding endorsement. Any time a court credits an end user with the shred of common sense necessary to parse the origin of content on the internet is a cause for celebration in his book (and rightfully so).
1) Kudos to the plaintiffs for having a written agreement that governed the social media credentials, but demerits to them for not learning those credentials before they needed them. If an employee has login credentials to an account that they use for the company, at minimum that employee's manager should get those credentials too.
2) The judge's references to the employee "converting" those credentials makes me want to cry. The court had a half-dozen other legal doctrines easily available to order the defendant to turn the credentials over. Calling her retention of those intangible data strings "conversion" was completely unnecessary and adds to the growing confusion on what it means to "convert" electronic information. Perhaps that ship is sailed, but I continue to insist that "conversion" only applies to physical chattel, not intangible assets, and conflating the two inevitably leads to doctrinal meltdowns.
3) As Venkat predicts, I do cheer that mere appearance in search results should be legally irrelevant. However, I definitely don't like the judge's reference to the relative placement of the search results. I last "bitched" about that issue in my post on the Bitchen Kitchen case, so check that out.
October 24, 2011
Insurance Company's Request to Compel Production of Facebook Password Fails (with Costs)--Chauvin v. State Farm Mutual
[Post by Venkat Balasubramani with a comment from Eric]
Plaintiff suffered an auto accident and sought to recover attendant care benefits under Michigan's no-fault statute. Defendant, State Farm, insured the plaintiff, and sought an order compelling production by plaintiff of "an email address and password for Defendant to examine [plaintiff's] Facebook account." Defendant also sought:
[the] username, email address and password for [plaintiff's] Facebook.com account . . . the name, address and telephone number of each 'friend' on [plaintiff's Facebook.com account, and] . . . all Facebook.com account information for [plaintiff], including, but not limited to, all photographs, messages, status posts, wall posts, comments, groups, and group memberships.
The court rejects the request. The accident in question occurred in 1993, and defendant itself argued that plaintiff's current medical condition was unrelated to the 1993 accident. (This was the basis for State Farm's denial of plaintiff's claims.) The court notes that under Michigan law, after an insurer denies a claim based on certain grounds, it is estopped from arguing additional grounds for denying the claim. Plaintiff also pointed to provisions of Michigan's No Fault Act which limits discovery to facts about an injured person's earnings and costs of treatment. The court also concluded that the sought-after discovery is not relevant, and flatly rejects State Farm's argument that plaintiff's Facebook posts will contain information about his daily activities and "his thoughts." Moreover, any information that State Farm could get through the Facebook account could be determined through other means.
The court noted that State Farm's requests are more than a fishing expedition. The interrogatory that sought the name, address and telephone number of each of plaintiff's friends was "so far outside the realm of discoverable information" that the court concludes it was intended to "intimidate and harass plaintiff."
Parties have gotten out-of-control in seeking social networking profile information. While Facebook and other sites may indeed be a discovery goldmine, this does not mean that you can freely request access to this information without articulating to the court some basis for why the sought after information is relevant or appears reasonably calculated to lead to the discovery of admissible evidence. A generic "we want insight into what the party is thinking" will not suffice, and is probably a red flag to the court. This isn't the first time a court has smacked down a party who requested access to Facebook information without articulating a basis of relevance. (See "Request for Discovery of Facebook Profile and Photos Rejected as a Fishing Expedition.")
Parties and their lawyers should take note of this and other similar decisions. Courts won't hesitate to push back on overly broad requests to access a party's social networking profile information.
The insurance company's request was clearly out-of-bounds. What were they thinking?
Yet, as the joke goes, "there's an app for that." The funny--and disturbing--thing is that the insurance company could have downloaded almost all of its requested information--including Facebook friends' contact info--through the Facebook Connect API. See the list of things an app can request from Facebook once the user accepts the app. There's something troubling to me that the insurance company can't get the info under the court's supervision but can get virtually the same info directly from Facebook without any supervision at all if it can persuade the plaintiff to accept its app.
October 21, 2011
Did California Unintentionally (?) Impose New Statutory Duties on Every Blogger? A Post on the Newly Enacted California Reader Privacy Act
By Eric Goldman
This new California law seeks to protect online book reader privacy to the same extent reader privacy is protected by libraries, by requiring heightened process before the government or private litigants can get certain types of information about book readers/buyers. As a restriction on government action, I support the concept enthusiastically. Indeed, I count many supporters of this bill as friends (well, maybe not after they read this post). At minimum, I know the effort was well-intentioned. However, I continue to believe this law was misarchitected for the reasons I expressed in my prior blog post on the proposed legislation.
My concerns from my prior post still apply, but this post will walk you through a specific reason why this law could be bad news for people who don't realize their conduct is now regulated. Let's look closely at who is required to comply with the law--recognizing that the statute has a private cause of action that will be enforced by a rapacious privacy plaintiffs' bar. The law's requirements applies to "any commercial entity offering a book service to the public." A "book service" means "a service that, as its primary purpose, provides the rental, purchase, borrowing, browsing, or viewing of books."
OK, clearly this covers Amazon and other online book retailers. But in this day and age, what is a "book" and, more importantly, what isn’t? The statute defines a book as:
paginated or similarly organized content in printed, audio, electronic, or other format, including fiction, nonfiction, academic, or other works of the type normally published in a volume or finite number of volumes, excluding serial publications such as a magazine or newspaper
So, let's play a game and try to spot some book services in the field. Is YouTube a book service? It definitely has "electronic" books, but maybe that's not its "primary" purpose. Scribd? It has lots of books too and plenty of other long-form "book-like" content. iTunes? It has lots of audiobooks. Wikipedia? It markets itself as an online encyclopedia, but maybe it isn't commercial enough? Hmmm....this is a tough game.
But what about blogs? Are they "book services"? Before you discount the latter, consider that many blogs are, in fact, paginated (at least in the URL--see Blog Law Blog as an example). Perhaps mere pagination alone isn't enough; maybe the pagination needs to be essential to the content's organization. Perhaps many bloggers aren't "commercial entities," although I'm sure plaintiff lawyers will argue that a blog with AdSense and some Amazon affiliate links would satisfy that standard. Or perhaps bloggers will be excluded as "serial publications," although the statute could have--and should have--made clear that blogs fit into that exception. In fact, cases like the old It’s in the Cards v. Fuschetto suggest that courts might read the statutory exclusion narrowly on the theory that the legislature knew what blogs were but didn't mention them.
The ambiguity of blogs as "book services" means it’s possible California has imposed a new statutory obligation on bloggers (at least those based in California, but who knows if it will be so limited), and this obligation effectively puts bloggers' houses on the line if they don’t hire lawyers to properly navigate through the statute when the government or private litigants ask for information. Gee, thanks.
Indeed, this law could do more than just sweep in bloggers; it might cover *every* website because of the ambiguity of the term "book" and the concept of pagination. I don't know what "pagination" means in the online environment, but the concept may become more problematic in the near future. See News.com, "Opera proposal brings a book look to the Web." Thus, it seems like the law's attempt to carve out books from the universe of online content could fail, in which case large swaths of web operators become unexpectedly governed by the law--with a swarming privacy plaintiffs’ bar as the reward for the uninformed.
I have long believed that states categorically should not try to regulate the Internet. A law like this, as laudatory as its goals are, helps confirm my beliefs.
UPDATE: Paul Levy doesn't agree with my analysis.
On his point about commercial entities, I'm not sure I agree with Paul that courts will exclude individual operators. After all, we call those folks "sole proprietors." But if it definitely includes "partnerships," does that mean it will include co-bloggers? See my article on co-blogging. UPDATE: Eric Johnson parses the statutory language on this point with some care.
My broader point is that this statute is riddled with ambiguities that raise questions about its coverage. If you think my statutory reading is tendentious, it's my position that a typical Internet privacy lawsuit involves a far more tendentious reading of the applicable statute than anything I could ever imagine.
UPDATE 2: In another example of a possible ambiguity, Eugene Volokh asks if the statute makes it illegal for bookstore owners to tell the police about patron-on-patron crime.
UPDATE: Eric Johnson explains why the statute is "crazy."
October 20, 2011
Keyword Metatags are Back...Will Judicial Freakouts Continue?
By Eric Goldman
Keyword metatags are back, and I couldn't be less thrilled. Few Internet technologies have so thoroughly baffled judges as keyword metatags.
From a technologists' perspective, keyword metatags were a 1990s experiment by public search engines at improving their rankings. The experiment failed, of course, as marketers overgrazed keyword metatags. Seeking to improve their relevancy, the search engines quickly reduced or eliminated the weight they assigned to keyword metatags in their ranking algorithms. As a result, keyword metatags probably reached their peak efficacy in the late 1990s and quickly slid to irrelevancy. The final technological blow (so we thought) was in 2009, when Google finally publicly announced that it didn't honor keyword metatags at all (a fact we had known informally for years).
(A side note: keyword metatags are still useful for internal search engines when the search engine can trust the metatag creators' intentions. That trust is completely lacking in the public search engine environment).
Courts started dealing with keyword metatags in the late 1990s, when keyword metatags were at their zenith. Even then, courts ascribed far more power to keyword metatags than the search engines did, effectively treating them as the neutron bomb of ranking tricks. However, while keyword metatags were a quickly passing technological fad, it's taken more than a decade for judges to entertain the possibility that keyword metatags are not omnipotent. See, e.g., Southern Snow v. Snowizard from earlier this year. As usual, the legal system is massively lagging the technological environment. But after Google's 2009 announcement, and given its dominant share of the search market, I had hoped savvy litigants would have an easier time convincing judges that keyword metatags were legally irrelevant.
Thus, I was crestfallen to see Danny Sullivan of Search Engine Land announce that Bing explicitly considers keyword metatags in its ranking algorithm. Bing may be an also-ran, but it's a big enough player to muddle the keyword-metatags-are-dead message for judges. This can only mean one thing: the legal death of keyword metatags presumably got pushed back another decade.
However, Bing's consideration of keyword metatags is a far cry from the initial implementation in the late 1990s. Whereas the initial implementations treated keyword metatags as a "plus factor" for ranking, Bing treats them as a negative factor like spam--i.e., a few types of keyword metatag misuse (apparently, keyword stuffing) will reduce the website's ranking instead of improving it. In a sense, Bing technologically treats users of keyword metatags as presumptive bad guys.
It will be interesting to see what this does to the keyword metatag jurisprudence. Scenario #1 is that judges get the message that websites using keyword metatags are now even less likely to rank favorably on indexed terms than if they didn't use them, so keyword metatags reduce the chance that any consumer saw the defendant's website. This only further reinforces the idea of keyword metatags as the tree that falls in the forest when no one is around to hear it.
Scenario #2 is that judges will treat the inclusion of keyword metatags as further confirmation of the defendant's bad intent. After all, if Bing technologically treats the defendant website as a presumptive abuser, the judges could equally assume bad intent by the defendant. The judge's assessment of the defendant's intent is a huge driver of the likelihood of consumer confusion analysis, so further equating keyword metatag usage with bad defendant intent will lead to many more defendant losses.
The advice to websites remains the same as it has for many years: don't include third party trademarks in keyword metatags, period. We can now say with confidence that, at best, it won't help technologically; and at worst, it could hurt the website both in Bing's rankings and in court.
October 19, 2011
Comments on Doe v. IMDB Privacy Lawsuit
[Post by Venkat Balasubramani]
Doe v. Amazon.com, Inc. and IMDB.com, Inc., 11-cv-1709 (W.D. Wash.; Oct. 13, 2011)
An actress who goes by a stage name sued IMDB and Amazon for disclosing her birthdate, which IMDB allegedly obtained through the payment process. The allegations of the lawsuit are straightforward. Doe is an actress who "has a given legal name that is extremely difficult for Americans to spell and pronounce." [Definite sympathy points from me on that score.] As a result, she adopted a stage name. She listed herself on IMDB, which, apart from being a widely used information source for movie trivia, is also an industry resource. She did not list her age on her IMDB profile. She signed up for "IMDB pro," and in the process IMDB charged her credit card. Doe alleges that IMDB associated her birthdate, and listed this information on her IMDB profile. Noting that "in the entertainment industry, youth is king," Doe alleges that disclosure of her birthdate by IMDB harmed her. She requested IMDB to remove her birthdate, and apparently IMDB refused. She sued.
A few observations about the complaint:
You may or may not quibble with the extent of Doe's damages, but unlike other privacy lawsuits where harm is speculative, Doe has a much better chance at getting over any damages hurdles. There is definitely no standing issue here, and the lawsuit will not be kicked on the basis of standing.
Unlike the privacy class actions which usually allege violations of federal law, Doe alleges violations of state law. There are no federal causes of action in the complaint. This is obviously a strategic decision and in part could have been made to avoid the statutory hoops that a plaintiff alleging causes of action under federal statutes have to jump through. There's a possible preemption argument lurking in the background, but there's not much precedent and tough to say whether defendants will raise the argument and whether it will get any traction.
The biggest threat to IMDB may not be the prospect of damages, although that's surely lurking in the background. What could end up being a fiasco is discovery. Doe's complaint implies that IMDB had some sort of system where it matched information obtained during the payment process with information in its public database. It's a good bet that IMDB (and Amazon) does not want this process to become public, but this is sure to be one of the key aspects of the discovery sought by Doe. A follow up question is whether there is any additional information sharing going on (e.g., between IMDB and Amazon). This is also something that Amazon probably wants to keep under wraps.
IMDB was previously sued on a similar theory. ("Actress Blames Fear of Fan Attacks on Web Site.") That plaintiff did not have much success, but we'll see what happens with Doe.
Eriq Gardner (THR): Actress Sues IMDb for $1 Million for Revealing Her Age
PogoWasRight: "Aspiring actress sues IMDB and Amazon for revealing her true age and for misusing her credit card details to obtain it
Seattle Weekly: Mystery Actress Files Lawsuit Against IMDb for Revealing Her 'True Age and Name' (offering to "buy beers for anyone who can figure . . . out [the identity of the actress]")
GeekWire: Texas actress sues Amazon for displaying age in IMDb listing
Court Rejects Copyright Misuse Defense Against Apple and Affirms License Restrictions in OS X License Agreement -- Apple v. Psystar
[Post by Venkat Balasubramani]
Apple Inc. v. Psystar Corp., 10-15113 (9th Cir. Sept. 28, 2011) [pdf]
This is a dispute over whether Apple can enforce a restriction in its software license agreements which requires end users to run the Mac OS only on Apple computers. Short answer: yes.
Psystar sold "Open Computers," which were originally called "OpenMacs," and intended as cheaper alternatives for Apple computers. In order to allow these machines to run the Mac OS, Psystar "purchased" (licensed) a copy of the Mac OS X, installed this copy on a Mac computer, downloaded various updates, then made a copy of the software and transferred it to a non-Apple computer. Psystar then "added its own bootloader and kernel extensions to the software" on the non-Apple computer and this copy became the "master image." Psystar shipped "Open Computers" with a copy of the "master image" installed, but it also shipped an unopened copy of the Mac OS X which Psystar had purchased from a third party vendor.
Apple sued, alleging breach of contract, direct and contributory copyright infringement, trademark and trade dress infringement, and unfair competition claims. It also added a DMCA claim to the mix. Psystar counterclaimed, alleging copyright misuse. The district court found Psystar infringed and entered an injunction against it. Psystar asserted an antitrust counterclaim, but that claim was dismissed and Psystar didn't appeal that dismissal. Psystar also did not appeal the copyright infringement ruling.
Psystar argued that the language in the SLA which barred the use of OS X on non-Apple computers "impermissibly extend[ed] the reach of Apple's copyright."
The court starts by noting that the sale versus license distinction (most recently affirmed by the court last year in Vernor v. Autodesk) is "well established." According to the court, this distinction "has caused the use of software licensing agreements to flourish and become the preferred form of software transactions." Psystar argued that Apple sold, rather than licensed, its software to Psystar, but the court spends less than a page explaining that Apple makes its copies of OS X available as a license and not a sale.
The court focuses on the misuse defense. Copyright misuse is an affirmative defense to a claim for copyright infringement, and it was borrowed by courts from patent law. While the Ninth Circuit has recognized the misuse doctrine, it notes that it has been applied "sparingly." The purpose of the defense is to "prevent . . . holders of copyright from leveraging their limited monopoly to allow them control of areas outside the monopoly." The court says it upheld the defense in only one case and there the licensor prevented the licensee from using any other competing product. In another case (Triad Systems v. Southeastern Exp.), misuse was asserted as a defense against a claim of infringement against a service provider who made copies in the course of performing maintenance on the software. The court rejected the misuse defense and held that the service provider infringed when it made copies in the course of performing maintenance. Although a key part of Triad had been legislatively overruled by an amendment to section 117(c), the Ninth Circuit in this case reaffirmed Triad's holding that a license restriction only constitutes misuse when it expressly limits use with a competing product.
Psystar looked to a Fifth Circuit misuse case (Alcatel USA v. DGI Technologies) where the license agreement allowed for use of the software "only in conjunction with [licensor]-manufactured hardware." The court distinguishes Alcatel on the basis that, unlike the licensing agreement there, the OS X license agreement only restricted the use of Apple's software to its computers--third parties were free to develop operating systems for use on Apple computers.
This is a big win for Apple and one that, as Evan notes, "solidifies Apple’s approach to enforcing a controlled, closed ecosystem for the distribution of software used for Macs and iDevices."
It's a win for software companies as well as it provides a resounding endorsement of Vernor. I keep wondering how Vernor v. Autodesk is going to play out. The court here does not spend much time debating the license versus sale issue, notwithstanding the fact that the software here was licensed to a less sophisticated consumer than in Vernor and there was no mention of possession, which was central in Vernor. In fact, there have been a few district court cases addressing the license versus sale issue post-Vernor, but in none of the cases did courts spend much time debating the issue of whether the transaction was a sale or license. Psystar appears to confirm that Vernor effectively shut the door on the use of the first sale doctrine in the software context (once the shrink-wrap comes off).
The case is also a significant limitation of the copyright misuse defense. This defense rarely gets play anyway, but the court's reading of it is narrow. The court notes that in order to constitute misuse, a limitation in a license agreement must "restrict [a] competitor's ability to develop [competing] software." In the Fifth Circuit case, Alcatel similarly argued that it only mattered whether there was an express limitation, but the Fifth Circuit rejected that argument, finding it key that the competitor "was effectively prevented from developing its product" because it did not have the freedom to test its systems with Alcatel's software. Alcatel did not look only to the express terms of the licensing agreement, but that's what the court does in this case. There's no discussion in this case of whether the limitations in the license agreement effectively limit the development of an alternative operating system.
There was also zero discussion of the effect of Apple's copy control mechanisms. Although the district court concluded that Psystar's use of "decryption software to obtain access to [the] operating system violated the DMCA," there's really no mention of this issue in the Ninth Circuit opinion.
I'm not sure what to make of the fact that Psystar did not appeal the copyright infringement ruling. I wonder if Psystar was thinking about making an argument that Psystar clients bought a copy of the OS X, so the shipment of the pre-installed version of the OS X was not an infringing distribution because it was merely an archival or back-up copy that the purchaser could have made him or herself. The fact that the transaction is deemed a license and not a sale put the kibosh on this argument. (See the MDY v. Blizzard case where the court held that section 117 was not available to licensees: "Ninth Circuit's Mixed Opinion in Glider/WoW Bot Case".) I don't think Psystar had a clean argument under section 117 anyway, given that the language of this section only applies to "exact copies," and the two versions of the OS X differed slightly.
I wonder if the result would have been different if Psystar merely distributed the pre-packaged version of the OS X and separately distributed the software components which the end user could use to install and run the OS X on whatever machine they desired? The limitation in the license agreement was fairly broad, and I wonder if the italicized portion could have more effectively supported a misuse argument:
This License allows you to install, use and run one (1) copy of the Apple Software on a single-Apple-labeled computer at a time. You agree not to install, use or run the Apple Software on any non-Apple labeled computer, or to enable others to do so.
Topically related posts:
October 18, 2011
Lawsuit Against Google Over Invalid Clicks and Special Partner Advertising Dismissed -- Woods v. Google
[Post by Venkat Balasubramani with comments from Eric]
Woods v. Google, 5:10-cv-1263-JF (N.D. Cal.; Aug 10, 2011)
This is an advertiser vs. Google lawsuit where the plaintiff argued on behalf of a putative class that (1) he was improperly charged by Google for "invalid clicks," (2) he did not receive a "smart pricing" discount that Google allegedly promised to all of its advertisers, and (3) Google entered into deals with "special partners" allowing the special partners "to place advertisements in ways that are prohibited to other . . . publishers." Here is Eric's recap of the complaint: "Another Advertiser Class Action Lawsuit Filed Against Google--Woods v. Google."
Invalid clicks: The crux of the "invalid clicks" claim was that generally applicable Google policies, FAQs, and explanations, state that invalid clicks are prohibited, and advertisers would not be charged for invalid clicks. Woods argued that these policy statements were incorporated into the contract. According to the court, there are several problems with this argument. First, the agreement in place states that the advertiser's sole remedy is to seek a refund, and in order to do so, the advertiser must raise the issue within 60 days. Woods did not allege that he did either of these.
Second, whether a click is "invalid" is (according to the documentation cited by plaintiff) something that Google will determine (those clicks "that [Google] suspects may constitute click fraud"). According to the court, this means that Google was vested with discretion in determining whether a click was invalid, and there was no allegation in the complaint that Google "acted beyond its discretion" in administering this policy.
Special Partner sweetheart deals: Woods alleged that Google allowed its special partners to generate clicks in a way that its regular customers were not allowed to, but the court does not give this argument much credence.
"Smart Pricing" discount: Woods made a similar argument with respect to the smart pricing discount, arguing that language in the "Adwords Help Center" indicated that Google "promised to apply its Smart Pricing discount to all advertisements generated from its Adsense publishers." He did not argue that the help center language was expressly incorporated. He pointed to sections in the agreement which stated that the program was subject to "all Google policies," and a statement in the agreement that payment was to be made by advertisers "in accordance with the payment terms in the . . . Program FAQ." The court accepts Google's argument that the reference to the "Program FAQ" in the agreement was intended to only incorporate terms relating to payment options and not any terms which relate to how Google calculates the charges. The court also holds that even if the Adwords Help Center language is deemed to be incorporated into the agreement, the complaint is value about what Google's obligations were exactly to apply the smart pricing discount to all advertisements.
Breach of the duty of good faith: The court acknowledges that Woods can bring an action for the breach of the duty of good faith "irrespective of whether [Google] breached its contractual obligations directly." Notwithstanding, the court notes that Woods failed to allege that "Google deprived Woods of a benefit to which he was entitled under the Agreement." The court says that Google is vested with "wide latitude" in administering its Adwords program, but at the same time, this discretion is not unlimited: Google must carry out its responsibilities in good faith. Woods's vague allegations of a conspiracy between Google and its Special Partners are insufficient in the court's view to suggest bad faith.
Unfair competition, false advertising, and fraudulent business practices claims: Finally, the court also pokes holes in the legal elements of Woods's unfair competition and false advertising claims. It states that unless Woods can show that he had a legal right to the smart pricing discounts and to not be charged for invalid clicks (so-called "Banned Ad Implementations") he can't show any cognizable injury. The fraud claims do not satisfy Rule 9(b)'s particularity requirement.
Finally, the court questions whether Woods has standing to bring misrepresentation claims. The Adwords Agreement expressly indicates that the contracting parties have not relied on any outside statements or promises in entering into the agreement. Woods argues that UCL liability may exist where a party to a contract makes "contradictory or misleading representations in order to obfuscate or obscure the actual terms of the contract." The court rejects this argument:
the issue is whether 'a reasonable jury could find' that Woods was reasonable in relying upon the extraneous statements notwithstanding an unambiguous disclaimer . . . [i]n light of Woods's sophistication as an attorney and the complaint's lack of particularity with respect to the statements that were alleged to have induced his reliance, the Court concludes that Woods has not alleged facts sufficient to support such a claim.
It's disheartening to see lawyer-plaintiffs get no love in the courts!
Seriously, Google nicely dodged a bullet here. As online agreements have become "longer and more byzantine," and often cross reference other terms and policies, the possibilities of online agreement circuits getting crossed increases. (We recently saw GoDaddy be deprived of an easy contractual defense due to a cross-reference gaffe: "GoDaddy Mis-Manages Its User Agreements.") While the court rejects Woods's claims on the merits, it also made clear that the various policies and FAQs referenced in Google's agreement were not incorporated and made a part of the contract terms.
There is some tension inherent in Google saying that it is the sole arbiter of what constitutes a valid click. I sense an illusory contract term lurking in the background here. What is an "invalid click"? The court ends up saying that it's whatever Google says it is. The court does pay lip service to the fact that Google's discretion is not unbounded in this regard, but you don't get the sense that Woods will be able to allege any sort of bad faith sufficient to get the court's attention here.
Woods made a valiant effort to argue that whatever the metric was for determining an invalid click, Google did not apply it equally across the board, but the court gives this argument little or no credence. This was one of the more intriguing aspects of Woods' claims, but the court expresses serious reluctance to allow Woods' claims to move forward and allow Woods discovery into Google's business practices in this area. (This would have been a big hassle for Google and I'm sure it's breathing a sigh of relief for not having to respond to Woods' discovery.)
The court gives Woods leave to amend. Let's see if his amended complaint adds any clarity to the allegations.
[This case languished in the blogging queue. In the time between when it was added to the "to blog" list and I actually wrote this blog post, Woods already filed an amended complaint and Google filed a motion to dismiss. You can access those documents here (amended complaint) and here (motion to dismiss).]
I can't believe people are still suing Google for click fraud, especially after Google buttoned up its legal agreements to prevent further click fraud suits. Then again, Judge Fogel recently let a click fraud lawsuit against Facebook keep going when he probably shouldn't have. This one won't get that far. [However, Judge Fogel is giving up his docket for an administrative appointment in DC, so perhaps the successor judge who inherits this case will be more receptive.]
I think the best part of this opinion is when Judge Fogel rejects the plaintiffs' efforts to cut-and-paste various statements from Google's support materials to manufacture a purported contract breach. The plaintiffs worked really hard to find contrary statements from Google's website as an end-run around the contract's plain language (plain, in the sense that it says plaintiffs should lose). Judge Fogel has none of it:
The complaint refers to more than a dozen pages in both the AdWords Help Center and AdSense Help Center that allegedly identify Google’s obligations under the invalid clicks policy, including a video clip and an expert report from another lawsuit, both of which are linked to the AdWords Help Center.(See Compl. ¶¶ 77-93.) The fact that statements about invalid clicks are spread across a variety of pages in a variety of formats make it difficult to identify the terms of any actual and unambiguous contractual obligations. This stands in sharp contrast to other Google policies,which include clear terms.
I think it's become de rigeur in the plaintiff community to slice-and-dice every public statement a company has ever made through its entire history, looking for anything that could be construed as false. But when the contract makes it really, really clear that Google isn't on the hook for click fraud, it would take a really strong and prominent contrary statement to trump it. The plaintiffs apparently fell far short of finding such a smoking gun, and the slicing-and-dicing just made them look silly. Note to plaintiffs: if you have to work that hard to find snippets that purportedly trump the plain language of a contract, you're probably overthinking things. My recommendation is to let such complaints go, although I know you won't heed that advice.
I do agree with Venkat that websites should try to consolidate their sprawling expanse of legal T&Cs documents. As the number of these documents grows, the odds grow exponentially that at least one of the linkages will fail. I bet Google would benefit from putting its legal T&Cs on a strict diet and chopping the number of words in half (or more). This would streamline the documents and perhaps make it easier to consolidate documents.
Venkat also notes that the named plaintiff, Woods, is an attorney. I used to keep a running count of all of the lawyer-as-plaintiff lawsuits against Google. For reasons I've never understood, Google's run-ins with lawyers-as-plaintiffs seem disproportionately frequent. (Please email me if you have any hypotheses). And, even more embarrassing for the legal profession, the lawyer-as-plaintiff cases seems to fare especially poorly against Google, usually getting soundly thumped.
October 15, 2011
Q3 2011 Quick Links, Part 5
By Eric Goldman
See the other quick links posts in this series:
I don't understand the incremental value of a federal private cause of action beyond the current state laws for the described situations. I also wonder if this is the beginning of the end for federal deference to state regulation of trade secrets. If the amendment get adopted, it would be entirely logical to see the restrictions relaxed over time to make it into a general-purpose private right of action for any trade secret misappropriation. For an analogous regulation, see the significant expansion of the CFAA over the past quarter-century, and especially the growing number of cases involving CFAA violations because former employees continued to access their former employees' hardware (and, presumably, misappropriate trade secrets).
* Mattel's lawsuit against MGA over the Bratz dolls has gone sour for Mattel in a big way. It was hit with another $225M in damages, bringing the amount it owes MGA to $310M. Oops.
* Bessen et al, The Private and Social Costs of Patent Trolls:
In the past, non-practicing entities (NPEs) — firms that license patents without producing goods — have facilitated technology markets and increased rents for small inventors. Is this also true for today’s NPEs? Or are they “patent trolls” who opportunistically litigate over software patents with unpredictable boundaries? Using stock market event studies around patent lawsuit filings, we find that NPE lawsuits are associated with half a trillion dollars of lost wealth to defendants from 1990 through 2010, mostly from technology companies. Moreover, very little of this loss represents a transfer to small inventors. Instead, it implies reduced innovation incentives.
* Joe Mullin is blogging again on patent matters, especially NPE issues! From his blog, check out his co-blogger's post on Innovatio, which is sending licensing demands to hundreds of companies who are offering industry-standard wi-fi to consumers.
* Businesses using Groupons may be getting lower Yelp reviews.
* Dan Ariely deconstructs online retailers and websites to show how they are using psychological forces to get us to do what they want.
* Earll v. eBay, 5:11-cv-00262-JF (N.D. Cal. Sept. 7, 2011). eBay could be exposed to claims under the Disabled Persons Act and the Unruh Act.
* Foley v. JetBlue Airways (N.D. Cal. Aug. 3, 2011). Federal aviation law preempts California law regarding disability accessibility to airline website.
* Weinstein v. eBay. StubHub wins an anti-scalping case under New York law.
* NYT: Good example of how a properly managed consumer review website can improve marketplaces.
* David Stebbins is at it again. He sued Google to enforce his purported $500 billion arbitration win. The magistrate recommended dismissing the case as frivolous. Stebbins sued Microsoft too; see the long interview with him and a link to his video.
* Davis v. Avvo, 8:10-cv-02352-JDW-TBM (M.D. Fla. Sept. 13, 2011). Forum selection clause in Avvo’s user agreement upheld.
* Fusha v. Delta Airlines (D. Md. Aug. 30, 2011). Venue selection clause in check-the-box user agreement upheld.
* TradeComet.com LLC v. Google, Inc., 2011 WL 3100388 (2nd Cir. July 26, 2011): "a district court is not required to enforce a forum selection clause only by transferring a case pursuant to § 1404(a) when that clause specifies that suit may be brought in an alternative federal forum. Rather, in such circumstances, a defendant may seek to enforce a forum selection clause under Rule 12(b)."
A separate summary order upheld the applicability of Google's forum selection clause against TradeComet. The court says Google's clause doesn't overreach because "Google unquestionably holds a ‘special interest’ in making sure that it is not subject to suit in numerous different fora for claims arising from its agreements with over a million advertisers."
* Marso v. United Parcel Service, Inc., No. 09 CVS 2582 (N.C. App. Ct. Sept. 20, 2011). UPS required customers to go through a mandatory clickthrough agreement on computers in its store, but...
plaintiff asserts that defendant's employee entered the information into the computer, and that "[n]o one advised [plaintiff], orally or in writing, about any UPS Tariff, waybill, or service guide," or advised him that he could request a copy of the same….plaintiff suggests by his argument that he did not assent to the terms of service identified in the UPS Tariff, which would limit defendant's liability for the fraudulent cashier's check collected by defendant upon delivery of plaintiff's package to Mr. Thompson, and instead asserts that he formed an oral contract with defendant's employee which obligated defendant to be liable to plaintiff for $12,145.00 without limitation. Thus, there appears to be a genuine issue as to whether plaintiff assented to be bound by the limiting terms of the UPS Tariff, and whether defendant presented plaintiff with actual or constructive notice of the terms set forth by the UPS Tariff.
* Truong v. eBay, Inc., 2011 WL 3716999 (Cal. App. Ct. Aug. 24, 2011). This is a busted eBay Motors transaction where eBay warned the winning buyer not to complete the transaction and the seller sued for tortious interference with contract:
eBay raised the immunity provision of the federal Communications Decency Act (47 U.S.C. § 230). As appellant pointed out to the trial court, and as that court ruled, the pertinent provision of that statute makes the law applicable to an action taken by an internet service provider to restrict access to or availability of material that is obscene, harassing, “or otherwise objectionable.” The conduct alleged against eBay was not editing or policing content of items posted on its marketplace, but interfering with a contract. (See 47 U.S.C. § 230(c)(2)(A).) eBay does not urge this ground in its respondent’s brief.
* Added to my RSS feed: The Tech Contracts Blog by David Tollen.
* ABA Journal on electronic service of notice.
* James Grimmelmann's Internet Law casebook.
* Top 15 most popular "Damn You Auto Correct" postings of all time. Hilarious.
* Good news: I will receive the 2011 "IP Vanguard Award" (in the Academic/Public Policy category) from the California State Bar's IP Section.
October 14, 2011
Court Disregards Check-the-Box Agreement and Doesn't Enforce Venue Clause -- Dunstan v. comScore
[Post by Venkat Balasubramani with additional comments from Eric]
Dunstan v. comScore, Inc., 11-cv-05807 (N.D. Ill. Oct. 7, 2011)
A comScore Vice President testified that "before a user can install comScore software," a customer must "click the box acknowledging" that the customer read and agreed to the terms. Plaintiffs, on the other hand, alleged that the forum-selection clause was not "apparent" when they downloaded the software. They also alleged that the terms of service were "obscured" during the installation process. From the court's order, it seems like plaintiffs did not deny that they checked the box. The court resolves the apparent factual dispute as follows:
the court declines to infer that clicking a box acknowledging that a user has read an agreement indicates that the agreement was reasonably available to the user, particularly when the plaintiffs have alleged that the hyperlink to the agreement was obscured.
Whoa. Let's take another look at this sentence. The court is saying that just because a user checked a box acknowledging the user had read the agreement, this does not mean that the court can infer that the user was able to read the agreement. (???)
comScore cited to several cases where courts enforced "click-through" agreements, including Specht v. Netscape. The court says that none of the cases involved an allegation of an obscured hyperlink. According to the court, Specht acknowledged the possibility that "a click-through agreement is not enforceable if its terms are not reasonably apparent to the user." The court goes on to note:
it is not reasonable to expect a user casually downloading free software to search for such an agreement if it is not immediately available and obvious where to obtain it. As the Second Circuit noted, 'when products are 'free' and users are invited to download them in the absence of reasonably conspicuous notice that they are about to bind themselves to contract terms, the transactional circumstances cannot be fully analogized to those in the paper world of arm's-length bargaining.' [U]nder the circumstances alleged here, including that the location of the license agreement was not readily apparent, the court concludes that the forum-selection clause was not reasonably communicated to the plaintiffs . . . .
This is definitely a double-take-worthy decision. The court relies on Specht v. Netscape, but Specht is a browsewrap case, where the user did not have to indicate assent to the terms before downloading the software. Given the circumstances (free download) and the fact that the terms were not in an obvious location, the court in Specht declined to enforce the terms.
There's an easy way to solve the problem presented by Specht: have a mechanism to require the user to unequivocally indicate assent to the terms before downloading the software. Courts have upheld this type of contract formation because there is no ambiguity as to the user's assent to the terms, and this was the type of agreement comScore had in place here. The consumer cannot say that he or she did not read the terms because prior to downloading, the user has to indicate that they read the terms. (See for example Feldman v. Google, which Eric discusses in this blog post: "Google Adwords Contract Upheld (Again)".)
It's tough to understate the importance of certainty in online contracting and the predictability of online agreement enforceability. They're among the cornerstones of online commerce. Courts struggled with the enforceability of browsewrap terms, but check the box terms are widely acknowledged to be enforceable; at least there should be no bar as to mutual assent and basic contract formation. I'm not sure whether the formation process or the court went astray here (see Eric's comments below regarding the former--he makes good points regarding implementation). If there were no issues with the UI implementation or the browser, then the court's decision is off base.
[Interestingly, comScore did not argue that the dispute is subject to arbitration, which tends to indicate that the agreement did not have an arbitration clause.]
I have a couple theories about what went wrong here. Theory #1 is that the judge was overly willing to accept a plaintiff's bald factual assertion that comScore didn't adequately present the contract. (The judge says, "At this stage, however, the court must take the plaintiffs’ word for it."). As Venkat indicates, judges have to do a little more gatekeeping than this, because plaintiffs will assert this defect in every lawsuit. If all it takes to survive a motion to dismiss is the plaintiff's bald assertion, the contracts are nearly worthless.
Theory #2 is that comScore didn't do its formation process properly. I think there is truth to this theory even if comScore went "by the book" and used what seemed like a mandatory non-leaky clickthrough agreement. It's the responsibility of software vendors/website vendors to present the contract in such an unambiguous/can't-miss-it process that NO ONE--plaintiffs' lawyers, judges, Grandma--could possibly fail to see it. The fact that the judge gave the plaintiffs the benefit of the doubt is prima facie evidence that comScore failed to do this well enough.
The case might remind us of two key lessons for lawyers advising companies implementing user agreements:
1) I don't care how brilliantly you draft your user agreement. It's also your job as a lawyer to advise your clients HOW to form the contract and to ensure they follow your advice. If your brilliant contract isn't properly formed, who cares what it says?
2) You need to look at the UI implementation across multiple browsers with a variety of settings. Even if your browser renders the agreement formation process just fine, another browser may chunk the display. This is even more crucial in the mobile environment, where UIs are even more constrained.
Q3 2011 Quick Links, Part 4
By Eric Goldman
* Kowalski v. Koster, 2011 WL 4349365 (W.D. Mo. Sept. 15, 2011): “the CDA immunizes Internet service providers and does not create any cause of action under 42 U.S.C. § 1983.”
* SC v Dirty World, 4:11-cv-00392-DW (ED Mo. Sept. 22, 2011). Defendant posting a complaint filed against him & saying "game on" doesn't create an intentional infliction of emotional distress claim.
* Obsidian Finance Group, LLC v. Cox, 2011 WL 2745849 (D. Or. July 7, 2011). Allegedly defamatory statements at obsidianfinancesucks.com are "expressions of opinion protected by the First Amendment"
* Calibra Pictures LLC v Variety, 2011 WL 3612209 (Cal. App. Ct. Aug. 17, 2011). A negative newspaper review is protected by anti-SLAPP laws, even when the newspaper had enticed the plaintiff to spend substantial amounts of money to advertise with it. The allegations in this lawsuit were quite troubling about Variety’s peddling its insider influence and selling movie producers on results it could deliver. Rebecca's coverage.
* BCG Attorney Search v. Kinney, 2011 WL 2936773 (Cal. App. Ct. July 21, 2011). Lawsuit over a Ripoff Report post leads to a successful anti-SLAPP defense.
* US poker players turned into refugees by online gaming ban. Partially related: was Full Tilt Poker a Ponzi scheme?
* Carleton Hotel v Gladstone (complaint filed June 15, 2011). Hotel sues author of TripAdvisor review (for accusing the hotel of a bedbug infestation).
* Parisi v Sinclair appealed. Prior blog post. In addition, in Parisi v. Sinclair, 2011 WL 3705141(D.D.C. Aug 23, 2011) (NO. CIV. 10-897 RJL), one of the book authors was dismissed from the case for lack of personal jurisdiction.
* Useful primer on how to identify John Doe defendants.
* Hollywood, Esq.: Hot New Hollywood Trend: Crazy Defamation Lawsuits.
* Aaron Swartz is being prosecuted for a mass download from the JSTOR database.
* American Booksellers Foundation for Free Expression v. Sullivan, No. 10-193 (D. Alaska June 30, 2011). Alaska's baby-COPA law unconstitutional.
Social Networking Sites
* Bemis v. Bemis, 2011 WL 3335202 (Conn. Super. Ct. July 12, 2011). In a custody dispute involving 13 year old Alyssa, the court order imposed the following requirement: "Each parent shall view Alyssa's Facebook page once per week. If Alyssa is unwilling to share 100% access, she shall be denied computer and smart phone access except for use of a computer for schoolwork which shall be supervised."
* Held v. Ferrellgas, Inc., 2011 WL 3896513 (D. Kan. Aug. 31, 2011): “Plaintiff testified at his deposition that his coworker began subjecting him to a hostile environment prior to his termination in April 2009. At his deposition, Plaintiff could not recall whether he posted anything on Facebook that may be relevant to this case. Defendant claims that information from Plaintiff's Facebook page during Plaintiff's tenure at Ferrellgas is relevant. This court agrees. Further, it appears that Defendant is attempting to mitigate Plaintiff's privacy concerns by allowing Plaintiff to download and produce the information himself, rather than providing login information. Indeed, Defendant itself notes that it is not seeking unfettered or unlimited access to Plaintiff's Facebook, but rather limited access during the relevant time frame. As such, Defendant's motion to compel regarding the Facebook information is granted.”
* U.S. v. Fumo, 2011 WL 3672774 (3rd Cir. Aug. 23, 2011):
Not unlike a juror who speaks with friends or family members about a trial before the verdict is returned, a juror who comments about a case on the internet or social media may engender responses that include extraneous information about the case, or attempts to exercise persuasion and influence. If anything, the risk of such prejudicial communication may be greater when a juror comments on a blog or social media website than when she has a discussion about the case in person, given that the universe of individuals who are able to see and respond to a comment on Facebook or a blog is significantly larger.
Yet while prohibiting and admonishing jurors from commenting—even obliquely—about a trial on social networking websites and other internet mediums is the preferred and highly recommended practice, it does not follow that every failure of a juror to abide by that prohibition will result in a new trial. Rather, as with other claims of juror partiality and exposure to extraneous information, courts must look to determine if the defendant was substantially prejudiced.
* D.J.M. v. Hannibal Public School District #60 (8th Cir. Aug. 1, 2011). A student's IM messages threatening to harm other students supported school discipline of the student, even if the messages were exchanged off school property.
* Kowalski v. Berkeley County Schools, 2011 WL 3132523 (4th Cir. July 27, 2011):
school administrators suspended [Kowalski] from school for five days for creating and posting to a MySpace.com webpage called "S.A.S.H.," which Kowalski claims stood for "Students Against Sluts Herpes" and which was largely dedicated to ridiculing a fellow student....we conclude that in the circumstances of this case, the School District’s imposition of sanctions was permissible. Kowalski used the Internet to orchestrate a targeted attack on a classmate, and did so in a manner that was sufficiently connected to the school environment as to implicate the School District’s recognized authority to discipline speech which "materially and substantially interfere[es] with the requirements of appropriate discipline in the operation of the school and collid[es] with the rights of others."
* Oddee: 9 Most Bizarre Facebook Related Crimes
* NYPD puts cops on the Facebook beat.
* Wikimedia released its 2011-12 annual plan. One of its seven big goals: "The declining participation of seasoned Wikipedia editors must be reversed." As the the detailed report explained: "Declining participation is by far the most serious problem facing the Wikimedia projects: the success of the projects is entirely dependent upon a thriving, healthy editing community." To explain why that's such a challenge, see my article, Wikipedia’s Labor Squeeze and its Consequences. The plan also notes: "Recently we have seen a general decline online in the growth of unique visitors and in page views in the United States."
* In partially related news, Wikipedia is doing a broader rollout of its AbuseFilter tool.
* The Wikipedia Editor Survey from April 2011 provides more evidence of the challenges to replenishing the ranks of active editors.
October 13, 2011
Court Dismisses Lawsuit Under Michigan Spam Statute Based on Preemption and Lack of Standing -- Hafke v. Rossdale Group, LLC
[Post by Venkat Balasubramani]
Hafke v. Rossdale Group, LLC, 11-cv-220 (W.D. Mich.; Oct. 7, 2011)
Hafke described himself as someone who is "attempting to stop Spam in Michigan." He sued Rossdale, a continuing legal education provider, complaining about six unsolicited email messages he received from Rossdale, and alleging that these emails violated Michigan's spam statute.
Rossdale removed the lawsuit to federal court, arguing that the claims are preempted by CAN-SPAM. On a motion to remand, the court agrees with Rossdale, and finds that the lawsuit belongs in federal court. For good measure, the court dismisses the case.
Michigan's anti-spam statutes (sections 445.2503 and 445.2504) contains a mix of elements from other state statutes. Although the statute prohibits misrepresentation of the point of origin or the transmission path of an email, the court notes that the statute does not "set a materiality standard for misrepresentation." Spam preemption cases have found that in order for a state spam claim based on misrepresentation to escape CAN-SPAM's preemption, the misrepresentation must be material. (See Eric's post on Omega World Travel v. Mummagraphics, "Fourth Circuit Rejects Anti-Spam Lawsuit," for background on this.) Because plaintiff did not allege any misrepresentations in the email that were material, the court finds the claims preempted:
The technical violations regarding header, sender, and opt-out information that Plaintiff alleges as violations of the Michigan statute are not allegations of materially deceptive actions. His allegations are thus subject to preemption under CAN-SPAM.
After finding that the claim are preempted, the court dismisses the lawsuit for lack of standing. CAN-SPAM creates standing for a discrete group (other than agencies): providers of "Internet access services" who have suffered "adverse effects" as a result of the spam. Citing to Virtumundo, the court concludes that plaintiff does not have standing under CAN-SPAM.
Ouch. A dismissal that is more or less sua sponte is rough, but it's an understandable reaction from the court given the circumstances. Case law established CAN-SPAM preemption standards years ago. While interesting preemption questions linger around the edges, the plaintiff in this case did not come close to alleging claims that escaped CAN-SPAM's broad preemption clause. Unsophisticated spam plaintiffs should take note that CAN-SPAM allows for an award of attorney's fees.
Eric mentioned that Virtumundo marked an end to spam litigation factories, and it mostly did. There have been a few cases in California where litigants continue to hash out causes of action under state spam statutes (see Hypertouch v. Valueclick and Balsam v. Trancos) but in most other jurisdictions, plaintiffs have had no luck.
Q3 2011 Quick Links, Part 3
By Eric Goldman
* Search Engine Land: "In many cases, it is worth buying keywords even if you rank organically for them." Similarly, a Google study indicates that PPC advertising lifts clicks on organic results. Prior blog post.
* NJ Supreme Court Opinion 43 from the Committee on Attorney Advertising: "attorneys are not flatly prohibited from paying “perlead” Internet advertising charges provided the marketing scheme is advertising and not an impermissible referral service. Just as “pay-per-click” has become more prevalent in the Internet advertising community, “pay-per-lead” or “pay-per-contact” for Internet advertising is likely to become a more common model due to its inherent reward for effective advertising."
* Google quietly liberalizes its policy on buying keyword ads on people's names.
* ClickZ: Why isn't Google letting display advertisers do retargeting using search data?
* WSJ: Litigation battles over the use of “all natural.”
* Nabors v. Google, 2011 WL 3861893 (N.D. Cal. Aug. 30, 2011) and McKinney v. Google, 2011 WL 3862120 (N.D. Cal. Aug. 30, 2011). Court dismisses false advertising lawsuits over the Google Phone allegedly not running at 3G speed.
Endorsements and Testimonials
* WSJ: "Digital Technology and the Re-Birth of Product Placement": "Given the choice, the majority prefer placement to commercial breaks."
* Car company Scion is forming its own record label. Remind me again, where’s the line between ads and editorial content?
* The FTC did a bizarre flipflop on the legitimacy of disclosures by Ashton Kutcher. Like everyone else, the FTC doesn't understand its endorsement/testimonial guidelines.
* ConAgra invited bloggers to a free dinner where they surreptitiously served frozen food and videotaped their surprised reactions. This is great when it works; but if it doesn’t work, you’ve got a group of angry bloggers on your hands. It didn’t work.
* Brooke Burke’s contract gives a little insight into the insidious nature of an endorsement contract.
* AdAge on how Campbell Soups did eye-tracking studies and ethnographic research to improve the way its soups displayed on grocery store shelves.
* AdAge: Meredith, a large print publisher, is guaranteeing its largest advertisers that they will see a sales lift from their ads. It's unusual for a print publisher to make such a guarantee given how much of the sales process is out of their control. On the other hand, advertisers are almost always seeking sales lifts from advertising, but usually they have to rely on weaker proxies to guess whether or not they'll get it.
In related news, Time Inc. is going to try to measure its sales lift for advertisers. This is not quite as aggressive as Meredith’s guaranteed sales lift, but it’s a sign that traditional print publishers recognize that advertisers are buying results.
* Cracked: The 5 Biggest Disasters in the History of Marketing Ideas. Classic, especially the "bananas" one.
* Search Engine Land on a Searchmetrics study showing that: "YouTube is the number one video site that shows up for video results; Google Maps is the number one map site that shows up for map results; Google Product Search is the number one shopping site that shows up for shopping results; Google’s Blogger is the number one image site that shows up for image results."
* Ugh. From Wired: Entrepreneurs scrape mug shots from public sites, SEO them and then charge the depicted individual money to have the photos removed.
* Google bought Zagat. The $125M price tag is incredible. It makes sense only if Zagat becomes Google's foundation for its Places offering. This has to be a signal that Google will be more than happy to honor any de-indexing requests from Yelp. Expect plenty more howling about Google favoriting its own properties over third party sites.
On a related matter, I can’t imagine Orbitz/Travelocity/Expedia/Kayak are thrilled about the ITA implementation either.
* Google's +1 apparently is going to influence search rankings. The story started at Kash Hill's Forbes blog, but it appears Forbes spiked the story (at Google's request...?), so that story is down. Now you have to read both the story, and the possible coverup, at Wired.
* Google killed Sidewiki. I doubt anyone misses it (it was one of Google's many failed UGC/social efforts), but do you remember just how much angst was spilled when Sidewiki first launched?
* NYT on Europe's love affair with the "right to be forgotten."
* My hometown, Mountain View, is becoming a one-company town. While we love Google, naturally this evolution will create some tension. Then again, the Mercury News declares Mountain View a good city for start-ups.
* ShopCity (not surprisingly, working with Gary Reback) has entered the bitchfest about Google rankings. As John McClane would say, "Welcome to the party, pal."
* Findwhat Investor Group v. Findwhat.com, 2011 WL 4506180 (11th Cir. Sept. 30, 2011):
The Form 10-K contains affirmative statements of present fact—"[w]e employ an integrated system ... that continually monitor[s] traffic quality," and "[w]e enforce strict guidelines ...to ensure the quality of traffic," (Compl.75) (emphases added)—that unquestionably create the impression that MIVA maintains an active and sophisticated monitoring system for screening fraudulent traffic. Accepting the Plaintiffs' allegations as true, these statements are misleading because they could mislead a reasonable investor into believing that the Defendants had systems in place that would detect and remove distribution partners engaged in extensive fraudulent revenue-generating practices, when in truth and in fact they did not.
However, management lacked the requisite scienter for securities fraud liability for those statements. Nevertheless, the 11th Circuit held that management’s failure to disclose information about rogue affiliates after it learned the news could constitute securities fraud. Rebecca’s coverage.
* The FTC has proposed revisions to COPPA's regulations. The two most important points:
1) The FTC rejected that websites could have constructive knowledge that they are dealing with kids under 13. As a result, so long as the site doesn’t know a user is under 13 or market to kids under 13, the site can ignore COPPA.
2) The FTC is including geolocation and IP address information as PII. Does this signal that the FTC is taking an expansive view of PII across-the-board, not just in the COPPA arena?
In partially related news, the FTC scored a rare COPPA bust, this time from a mobile app developer.
* FTC settlement with FrostWire: the FTC takes the position that a software default setting that enables too much data sharing is unfair to consumers. This is similar to the LimeWire settlement with the Maryland AG. However, it raises the Q: is the FTC going to take the position that any service that enables too much sharing by default is engaged in unfair practices? If so, it will be taking quite an active role in telling software developers how to code, and the FTC will face an overwhelmingly large list of potential targets!
* Facebook is tracking logged-out users. Mostly this is due to the distributed Facebook “like” button, which acts as a driftnet for collecting lots of information from third party websites. Some members of Congress are unhappy. In contrast, the privacy plaintiffs' bar is rejoicing! Named plaintiffs include Davis, Thompson, Graham, Singley, Howard, Seamon, Beatty, Parrish, Rutledge, Brkic and Hoffman.
* Pandora got sued for privacy breaches too. I'm surprised this took so long.
* OnStar had its own brush with privacy problems when it announced it would track non-customers, but it soon backed down.
* The Lares Institute, Data Breaches and the Phantom Damage Allegation, July 2011: 97% of those surveyed had not “experience[d] any unreimbursed losses that you could trace to a security breach that occurred in the last 12 months.” [link may be down]
* WSJ on the growth of “corporate privacy” positions.
October 12, 2011
Spam Claims Covered by Contract's Indemnity Clause--Commonwealth Marketing Group v. IMG Assocs.
[Post by Venkat Balasubramani]
Commonwealth Mktg. Group v. IMG Assocs., 08-5074 (W.D. Wash. Sept. 28, 2011)
Commonwealth Marketing asserted claims for indemnification against IMG Associates, for underlying claims brought by prolific spam plaintiff James Gordon. Among other cases, Gordon is famous for litigating the Virtumundo case, which ended with the dismissal of his claims on standing and preemption grounds. See Eric's post titled "An End to Spam Litigation Factories?" for more background.
IMG provided marketing services to Commonwealth. The agreement between the parties contained an indemnification clause, which in relevant part read as follows:
IMG shall indemnify, defend (with legal counsel reasonably acceptable to [IMG]) and hold CMG . . . harmless at all times after the Effective Date of this Agreement, from and against and in respect of, any liability, claim, deficiency, loss, damage, penalty, or injury . . . suffered or incurred by CMG . . . arising from (i) any breach or default on the part of IMG . . . , (ii) any act outside the scope of IMG's duties . . ., (iii) any breach by IMG . . . of the CAN-SPAM Act of 2003 . . ., (iv) any misrepresentation by, or breach of any covenant or warranty of IMG contained in this Agreement . . .
IMG argued that since Gordon's claims turned out to be meritless, they were not covered by the indemnification clause. The court disagrees, and says:
the duty to defend arose when Mr. Gordon alleged statutory violations of the CAN-SPAM Act; the merit of those claims is irrelevant.
It was undisputed that Gordon's claims were premised on emails sent by IMG--the emails produced by Gordon in discovery indicated they were sent by IMG. End result: judgment in favor of Commonwealth in the amount of $131,938.93, the fees incurred by Commonwealth in defending against Gordon's claims (which were ultimately dismissed for lack of standing).
The indemnification clause did not obviously cover Commonwealth's claims for indemnification, and it's not surprising that IMG refused the initial tender. Indemnitors often refuse to accept a tender regardless of what the contract actually says. The indemnification clause in this case was tied to IMG's breach of IMG's contractual obligations, a representation or warranty, or "a breach . . . of . . . the CAN-SPAM of 2003." A catch-all clause which offered Commonwealth protection from "any third party claims alleging that IMG's marketing efforts violated applicable laws or third party rights" would have more clearly protected Commonwealth, but the court did not put the indemnification clause at issue under a microscope.
Gordon and other spam plaintiffs must have left a sea of similar indemnification claims in their wake. Fees are available in CAN-SPAM cases, but collecting against the likes of Gordon is no easy task. (See Serial Anti-Spam Lawsuit Filer Loses Appeal... And His Possessions.) A contract's indemnity clause does not often trigger an indemnity obligation, so Commonwealth has to feel good about this result.
Google Defeats Class Certification in Keyword Ad Lawsuit--FPX v. Google
By Eric Goldman
FPX, LLC v. Google, Inc., 2011 WL 4783376 (E.D. Tex. Sept. 29, 2011)
Google obtained a major victory in one of the most serious pending lawsuits against it challenging its AdWords keyword advertising program. Putative class action lawsuits were filed in the Eastern District of Texas--which many folks view as a plaintiff-friendly jurisdiction for patent cases--by some lawyers/litigants with ties to the patent NPE community. (The FPX case was consolidated for discovery purposes with parallel and virtually identical cases by John Beck Amazing Profits, LLC and the Rodney Hamilton Trust; I believe this ruling effectively applies to all three). On the surface, this looked like a major showdown over Google's practices in a potentially hostile venue with a venal adversary.
However, so far the case is working out fine for Google. Judge Ward (adopting Magistrate Judge Everingham's report verbatim) refused to certify the class, meaning that each advertiser will have to proceed against Google individually--or give up. Without the potential payoffs from a class adjudication, it's possible/probable that the plaintiffs' lawyers will lose interest in the case; NPE litigation may be more lucrative than continuing to pursue Google on an advertiser-by-advertiser basis. Even if the plaintiffs decide to push ahead with individual cases, Google's consequences of an adverse ruling go down substantially.
The ruling isn't all that surprising or groundbreaking. As I wrote in my initial blog post on the case in 2009, "the judge is very unlikely to certify the class." The opinion walks through various reasons why trademark lawsuits don't lend themselves to class adjudication, including:
* initial interest confusion must be examined with respect to each trademark. The court notes the different, and trademark-specific, analyses in GEICO v. Google and the Network Automation case. "Thus, Plaintiffs' common contention (i.e., that Google's policy of selling trademarks as keywords leads to initial interest confusion) is not capable of classwide resolution and, as such, does not meet Rule 23(a)(2)'s commonality requirement."
* each trademark's strength has to be individually evaluated. See the Vulcan Golf v. Google ruling.
* any affirmative defenses have to be evaluated on a trademark-by-trademark basis (another cite to Vulcan Golf).
* the request for equitable disgorgement was problematic under the applicable FRCP.
[If you're looking for a good paper topic, here's one: when (if ever) are trademark lawsuits appropriate for class adjudication, and how and why does this differ from other false advertising lawsuits?]
A procedural note: since this ruling, the case was reassigned from Judge Ward to Judge Folsom. This appears to be triggered by Judge Ward's October 1 retirement. It's not clear to me if this reassignment helps or hurts one litigant compared to the other.
As a practical matter, the defeat of class certification here leaves the Rosetta Stone v. Google case as the most serious trademark challenge to AdWords still remaining. Should Google get a good ruling in that appeal, it is probable that Google will successfully run the table on the remaining lawsuits and obtain a de facto clean bill of health for its AdWords program.
The roster of pending AdWords cases (I most recently double-checked the status of pending cases on October 12, 2011):
Ezzo v. Google
Rescuecom v. Google
* FPX v. Google and the related cases John Beck Amazing Profits v. Google and Rodney A. Hamilton Living Trust v. Google, plus
the now-dead Google v. John Beck Amazing Profits
Stratton Faxon v. Google
Soaring Helmet v. Bill Me
Ascentive v. Google
Jurin v. Google 1.0 (voluntarily dismissed), succeeded by Jurin v. Google 2.0
Rosetta Stone v. Google [on appeal]
Flowbee v. Google
Parts Geek v. US Auto Parts
Dazzlesmile v. Epic
* Pathak v. ICG
* Groupion v. Groupon
October 11, 2011
Q3 2011 Quick Links, Part 2 (Trademarks/Domain Names Edition)
By Eric Goldman
* In the Betty Boop case (Fleischer Studios v. AVELA), the Ninth Circuit stepped back from some of its perplexing language about aesthetic functionality and the Dastar opinion, but the revised opinion remains confusing. Rebecca's coverage.
* Car-Freshner Corp. v. Getty Images, Inc., 2011 WL 4527782 (N.D.N.Y. Sept. 28, 2011). In rejecting a motion to dismiss, the court say that selling photos of trademarked items can be trademark use in commerce and may not qualify as trademark fair use; and Getty could be contributorily liable for third party photographs. Terrible decision! Marty’s coverage.
* Firefly Digital Inc. v. Google Inc., 2011 WL 4454909 (W.D. La. Sept. 23, 2011):
Firefly's Marks, GADGET and WEBSITE GADGET, are generic and/or descriptive without distinction or secondary meaning. Accordingly, the Motion for Summary Judgment filed by Google will be granted and Firefly's claims for trademark infringement under the Lanham Act, federal unfair competition, LUPTA and federal and state dilution will be dismissed. Finding that all the requirements for cancellation of Firefly's federal marks have been met, the Court will order that Federal Registration Numbers 3,711,998 and 3,730,874 are cancelled, and will direct the Clerk of Court to provide a certified copy of the judgment that will issue pursuant to this ruling, to the Director of the U.S. Patent and Trademark Office pursuant 15 U.S.C. § 1119 for appropriate cancellation of the foregoing federal registration numbers. Further, the Court will order that the Louisiana Secretary of State cancel from the state registry Firefly's mark, WEBSITE GADGET, pursuant to La. Rev. Stat. 51:219.
Yet another trademark owner ends a trademark lawsuit against Google with fewer trademarks than they started with.
* IPKat provides a very useful explanation of what happened (and didn't happen) with the L'Oreal v. eBay ECJ ruling.
* LimoStars Inc. v. New Jersey Car & Limo, 2:10-cv-02179-LOA (D. Ariz. Aug. 8, 2011). In a default judgment, the court wrote “the mere existence of the www.nylimostars.com website likely adversely impacted Plaintiff’s ranking of www.limostars.com in the listings of Google and other popular online search engines.” Really…? Compare the Bitchen Kitchen case. Also interesting: the court said that the trademark plaintiff could sue the defendant in Arizona based on the defendant’s registration of a domain name with GoDaddy, citing the GoDaddy-registrant agreement’s venue selection clause. I wonder if that contract also has a “no third party beneficiary” clause…?
* Adaptive Marketing LLC v. Girard Gibbs LLP, 2009 WL 8464168 (C.D. Cal. Oct. 9, 2009). I don’t remember seeing this case before, and it just showed up in my Westlaw alerts after 2 years. Keyword advertising defendants may find this case useful. The defendant was a law firm seeking clients who had been allegedly victimized by the plaintiff. The defendant bought the plaintiff’s trademark as an ad trigger and then used the trademark in the ad copy. The court says that the ad buy didn’t constitute initial interest confusion or dilution because the advertiser made a nominative use; and also there was no initial interest confusion because the litigants were not competitors. This outcome is so logical that it should be unremarkable, but defense wins are rare when the keyword ad copy includes the third party trademark.
* Suntree Technologies, Inc. v. Ecosense Intern., Inc., 2011 WL 2893623 (M.D. Fla. July 20, 2011): "Suntree alleges initial interest confusion, which is not actionable confusion in the Eleventh Circuit." Rebecca has more on this case, which reminded me a little of the classic Jacob & Young v. Kent case.
* Mirina Corp. v. Marina Biotech, 770 F. Supp. 2d 1153 (W.D. Wash. March 7, 2011): "in this case, Plaintiff does not argue that Defendant lures its customers away: it argues instead that Plaintiff has a harder time making business contacts because the contacts believe the Plaintiff is the Defendant. Thus, this case is distinguishable from cases where the court has applied an 'initial interest confusion' theory."
* QVC Inc. v. Your Vitamins Inc., No. 10-4587 (3d Cir. July 14, 2011). A corporate-authored blog post about a competitor's products didn't support a false advertising preliminary injunction. The court rejected user-authored comments to the blog post as evidence of consumer confusion (cites omitted):
Comments left on blog posts can be very difficult to authenticate. The use of false identities in Internet forums is now a well-known tactic for attacking corporate rivals. Even if a poster is "legitimate," doubts will often remain as to the sincerity of the comment. And, finally, even if a poster is genuine and making a comment in good faith, whether he or she would fall in to the universe of consumers whose opinions are relevant (i.e., those who are or potentially might be purchasers of the products in question) often cannot be known. Given these considerations, it was especially appropriate for the District Court to give the blog comments only limited weight.
Rebecca's blog post on the case.
* Z Productions, Inc. v. SNR Productions, Inc., 2011 WL 3754693 (M.D. Fla. Aug. 18, 2011). Trademark battle over the mark “cam guys.”
* Sex spray settles Sears "Die Hard" trademark lawsuit.
* Coke Zero’s latest “joke” about overexpansive trademark rights (remember their "joke" about "taste infringement"?) is that it claims it owns the word “and.” That would be funny, except that it’s more of a sad commentary on the state of trademark law--expanded significantly by big trademark owners...like Coca-Cola--that I wouldn’t rule anything out. Yuck yuck yuck.
* Mark McKenna, Probabilistic Knowledge of Third-Party Trademark Infringement, Stanford Technology Law Review (2011). Part of the abstract:
This essay argues that the Supreme Court’s Inwood decision [requires] knowledge that particular actors are likely to infringe as a condition of secondary trademark liability. If, however, courts were inclined to take the analogy to tort law more seriously, then cases involving probabilistic harm would be viewed as negligence cases rather than trademark infringement cases. Liability in these cases would turn on an evaluation of the reasonableness of the defendant’s conduct in preventing harm, taking into account the full cost of alternative precautions. It would also turn on the trademark owner’s ability to prove causation – both in-fact and proximate – concepts that generally are completely absent from trademark cases.
* Tucows.Com Co. v. Lojas Renner S.A., No. 11-C52972 (Ontario App. Ct. of App. Aug. 5, 2011). Ontario court says domain names are property.
* Humorous critique of ICANN's new TLDs.
October 07, 2011
Massachusetts Court Dismisses Lawsuit Alleging Failure to Adequately Safeguard Personal Information -- Katz v. Pershing
[Post by Venkat Balasubramani]
Katz v. Pershing, LLC, 10-12227-RGS (D. Mass. Aug 23, 2011)
Background: Katz maintained an account at National Planning Corporation, an "introducing firm" for which Pershing provides brokerage clearing services. Pershing's services are provided on a proprietary exchange known as "NetExchange Pro," and this platform allows firms and their customers to access account information, stock quotes, etc. Katz alleged that up to 100,000 users have electronic access to customers' non-public personal information, including social security numbers, taxpayer identification numbers, and bank account numbers. Katz alleged that the security deficiencies rendered this information susceptible to being compromised. She claimed that NPC paid Pershing fees to protect the data and these fees were passed on by NPC to Katz and other putative class members.
She filed a lawsuit bringing claims under the Massachusetts deceptive trade practices statute, breach of contract, negligence, and unjust enrichment. Pershing initially moved to dismiss and the court granted the motion before Katz had an opportunity to respond. Katz filed a motion to reconsider. On reconsideration, the court dismisses the case.
Discussion: The court dismisses the based on standing (lack or jurisdiction) and on the merits.
Standing: Pershing argued that Katz did not allege that any of her protected data was actually compromised. The court agrees, noting that several cases have dismissed data loss claims on Article III standing grounds, finding that the increased risk of identity theft is insufficient to create standing. Katz argued that her claims were distinguishable from the other increased risk cases because she brought claims under Massachusetts statutes and for breach of contract.
Massachusetts Data breach statute: The court pointed out that Katz's claims under the Massachusetts unfair trade practices statute needed a statutory predicate--some statute or policy which was enacted for the benefit of the public which the defendant failed to comply with. Katz argued that here, Pershing failed to comply with Massachusetts' data breach statute, which was enacted in the wake of the well-publicized TJX data breach. The court rejects this argument, finding that the data breach statute defines a "breach of security" to include an "unauthorized acquisition or unauthorized use" of encrypted data. While breaches that create a substantial risk of identity theft trigger the statute, there must be a breach in the first place, and there was none alleged by Katz here. There was a second problem with Katz's argument. The Massachusetts data breach statute does not provide for a private cause of action. The statute is intended to be enforced by the attorney general. Therefore, Katz's claim of unfair trade practice based on a violation of the Massachusetts data breach statute fails.
Breach of contract claim: The court rejects Katz's breach of contract claim because it is based on the agreement between NPC and Pershing, and Katz argued that she was an intended third party beneficiary to this agreement. The court pointed to language in the NPC-Pershing agreement which states that the agreement was "not intended to confer any benefits on third-parties including, but not limited to, customers of [NPC]." Katz argued that the contract was superseded by marketing representations made by Pershing, but the NPC-Pershing agreement contained an integration clause, and Katz could not introduce additional terms to vary the agreement. The court also rejects Katz's implied contract claim because it was not supported by valid consideration. If, as Katz alleged, Pershing promised to NPC to safeguard Katz's personal information, "any alleged promise to Katz to do the same would not amount to valid consideration."
Unjust enrichment: The court also rejects Katz's claim for unjust enrichment on the basis that Katz did not allege that she conferred a specific benefit on Pershing or that Pershing was ever aware of this benefit.
Courts have rejected claims from data breach plaintiffs where the plaintiffs have not suffered any out of pocket loss. Here, the plaintiff sued before the breach even occurred, and the court rejects the claims. Out of necessity, plaintiffs have gotten creative and tried every angle imaginable, but so far they have had no luck.
As in the Ikon Solutions case, the plaintiff in this case tried to rely on the data breach statute but the court found that it was inapplicable. To my knowledge, no state has enacted a data breach statute which provides for a private cause of action or damages. The Massachusetts statute primarily requires notification of an alleged breach. The court's two conclusions with respect to the data breach statute are not surprising, but they are significant.
Starbucks Data Breach Plaintiffs Rebuffed by Ninth Circuit
9th Circuit Affirms Rejection of Data Breach Claims Against Gap
The [Non]enforceability of Privacy Promises
Acxiom Not Liable for Security Breach
Ikon Office Solutions Had no Duty to Disclose That Office Equipment Retained Data
Recommended Books on Business Decision-Making Using Intellectual Property?
By Eric Goldman
I posted the following to the IPProfs email list:
I teach the IP Survey course principally as a business law course, i.e., companies are trying to make business decisions, and IP doctrines can help (or hinder) those decisions. Therefore, I emphasize the interplays between the various IP doctrines and explore how businesses can use the doctrines as substitutes or complements to each other.
I got the following email from an intellectually curious student: "I didn't know about the interactions between different areas of IP before. Also the strategic aspects on how to take advantage each type of IP law. Can you point to some more supplemental readings on this area?"
I felt strangely stumped in making recommendations, and now I fear I'm forgetting some obvious targets. I'd be grateful for any suggestions/recommendations.
I got the following suggestions back from the email list:
Howard Anawalt, Idea Rights
Arena and Carrenas, The Business of Intellectual Property
Jon Garon, Own It
Paul Goldstein, Intellectual Property: The Tough New Realities That Could Make or Break Your Business
Michael Gollin, Driving Innovation
Gruner et al, Intellectual Property in Business Organizations: Cases and Materials
Scotchmer, Innovation and Incentives
Varian and Shapiro, Information Rules
Please send me any further suggestions!
UPDATE: Recommendations in response to this post:
John Palfrey, Intellectual Property Strategy
Mark Blaxill and Ralph Eckardt, The Invisible Edge: Taking Your Strategy to the Next Level Using Intellectual Property
October 06, 2011
GoDaddy Mismanages Its User Agreements--Crabb v. GoDaddy
By Eric Goldman
Crabb v. GoDaddy.com, Inc., 2:10-cv-00940-NVW (D. Ariz. Sept. 27, 2011)
Having legal terms sprinkled throughout different documents on the site is legally acceptable if--and only if--the documents link together properly. The flagship online contracts case, Specht v. Netscape, is a good example of how this linking process can fail (it would have been trivially easy for the drafters to cross-link the EULAs in that case). Here, GoDaddy gets a hard lesson in its failure to properly cross-reference documents, and its mistake could lead to a cash payment.
This case is another lawsuit against a registrar for parking ads on undeveloped domain names. Personally, I think it's scummy of registrars to do this because it sets up significant conflicts of interest between registrars and registrants. But if the registrant is told that their undeveloped domain name will be used for ad parking and the registrant can avoid this outcome, then caveat emptor, and may the best registrar win in the marketplace.
In this case, GoDaddy claims it told registrants about the ad parking in its "Universal Terms of Service," which purported to incorporate by reference a "Parked Page Service Agreement." However, the cross-reference in the TOS said the parking agreement applied "only to customers who have purchased those referenced Services." But the registrants didn't "purchase" the ad parking service; rather, GoDaddy imposed it on them for free (or, more precisely, against their will). With the botched cross-reference, the contracts the registrants actually agreed to didn't adequately disclose the ad parking. As a result, GoDaddy can't claim the registrants contractually authorized the parking. GoDaddy still has plenty of other defenses, but it must sting to lose its preferred defense--especially when it had complete control over the situation. WHOOPS.
Court Nukes Another Mass Defendant File-Sharing Lawsuit -- Digiprotect v. Does
[Post by Venkat Balasubramani]
DigiProtect USA v. Does, 10 Civ. 8760 (S.D.N.Y.; Sept. 26, 2011)
Plenty of bad news for copyright plaintiffs lately. Righthaven is getting hammered left and right and is struggling (to say the least) to keep any momentum going. (See Eric's most helpful recap: "Resetting the Righthaven Fiasco," in which he notes that '[t]he Righthaven empire is in tatters.") The mass defendant file-sharing lawsuits have mostly spiraled downward as well. So many of these lawsuits have been dismissed on procedural grounds that I've lost track. Here's another one to add to the list.
Background: This was one of two lawsuits filed by DigiProtect in the Southern District of New York. In late 2009, the court granted DigiProtect's request to conduct limited discovery, although the court put in place some procedural safeguards. In December 2010, Time Warner and Comcast moved for a protective order, claiming that compliance with DigiProtect's subpoenas would be unduly burdensome. They sought an order requiring DigiProtect to compensate the ISPs for processing subpoenas and to limit the scope of information sought. In January 2011, the court raised the issue that the 240 Doe defendants may not be subject to personal jurisdiction in New York, and joinder may not have been proper. After considering DigiProtect's response, the court dismisses the lawsuit, with leave to replead and name only those Doe defendants who are properly subject to personal jurisdiction in New York.
Personal jurisdiction: The court runs through the Due Process/long-arm statute analysis to determine whether jurisdiction is proper. Although a recent New York state court case construed its long-arm statute broadly to allow for lawsuits against non-resident defendants where the plaintiff/copyright-owner is located in New York, that analysis does not apply in this case. Here, DigiProtect was a New York resident, but the actual copyright holder (Patrick Collins Inc.) was a California company. In passing, the court notes that although DigiProtect is authorized to pursue claims, Patrick Collins "retains most of the bundle of rights as copyright holder." [Houston, we may have a Righthaven-style standing problem!] The court says DigiProtect can't sue based on the fact that the harm from the infringement would be felt in New York, because this is not the case.
DigiProtect also argues for a "swarm" theory of jurisdiction, under which infringers are viewed as agents or co-conspirators of each other. According to DigiProtect, if one participant in a P2P swarm is located in New York, then this is sufficient to assert jurisdiction over the remainder of the group. The court also rejects this argument, noting that the complaint does not connect the Doe defendants to the same "swarm" transaction. Just because the defendants may have downloaded the same media does not mean that there was any connection between the downloads. (See Pacific Century International v. Does, discussed in this blog post: "P2P Swarm Defendants Can't Be Joined in the Same Lawsuit.")
The court expresses a reluctance to
ensnare unsophisticated individuals from around the country in a lawsuit based in New York [where the individuals would] likely be encouraged to settle rather than incur the burden and embarrassment of contesting the litigation.
The fact that the individuals whose IP addresses associated with infringing activity are located in New York is sufficient to establish jurisdiction in the court's view, and the lawsuit may proceed against those individuals only. However, the court notes that this is not the case for the bulk of the Doe defendants in question. Comcast reported to the court that none of the Comcast-associated IP addresses were for New York residents, and Comcast argued that this information could be obtained using a "free, publicly-available website that matches an IP address with the internet service provider . . . and lists the geographic region in which the provider uses the address."
As Comcast notes, this "could easily have been done by Plaintiff at the outset." The court's discussion of this was somewhat confusing to me, as I was under the impression that you cannot reliably "look up" an Internet user's geography using just an IP address. Comcast says that Digiprotect can find the geography of the provider. The court seems to think this means Digiprotect can identify the geography of the accountholder, but of course many Internet access providers have customers in more than one state. In any event, the fact that the court makes this statement shows that it's not excited about plaintiff and its claims.
Costs of compliance: The court also grants the ISPs' request for reimbursement and limitations on plaintiff's requests for information. Plaintiff argued that the ISPs were required to turn over the information anyway based on the DMCA-subpoena provisions, but the DMCA subpoenas don't help when the entity is just providing connectivity and not storing the user files on its servers. (See the Verizon DMCA subpoena case.) In granting the request of the ISPs, the court says:
- DigiProtect must reimburse the ISPs for IP address look-ups and for notifying subscribers;
- this amounts to $120 per IP address (not per subscriber);
- the lookups are limited to 25 IP addresses per month.
Oy vey. A few quick observations.
I'm surprised at the procedural gaffes which have derailed the latest round of mass-defendant P2P lawsuits. I was even more surprised when I saw the large national law firm, Foley & Lardner, was representing DigiProtect. Somewhat surprising to see them involved in a lawsuit over "Let Me Jerk You 2." Even more surprising to see them get smacked down by the court on relatively obvious procedural grounds.
What bogs down these lawsuits are the way they are pursued. You could use the IP addresses and pursue actions in individual jurisdictions (subject to discovery and subpoena limitations), or pursue one identified component of an alleged "swarm" and go after the remaining people involved (subpoena their information from the initial defendant and then go after them in other jurisdictions, if necessary). DigiProtect did not do that, and there's a reason why. It wants to obtain the list of everyone whose IP addresses they have, and send every single one of these people a letter. The same letter. DigiProtect is pursuing the settlement mill model, and more often than not, this model is blowing up in the face of plaintiff and its counsel.
I don't recall whether other courts have expressly approved ISP requests for processing costs, but the court does so here and this may end up effectively putting the kibosh on the lawsuit. I don't get the sense that the plaintiff has invested significant dollars into the dispute or is willing to do so. Plaintiff may balk at the prospect of having to shell out cash upfront to learn the identity of the Doe defendants who may or may not pay off. The limitation on the number of lookups is also a significant limitation. It is at least going to slow things down
To people who are on the receiving end of subpoenas in Doe cases: take the lawsuit seriously, retain counsel, and if you don't have the resources to defend and push back, consider settling for a nominal amount, if possible. But definitely check to see if the case has been blown up by the judge. There's a good chance it has.
October 05, 2011
Ca. Court of Appeal Vacates $100,000 Non-Party Discovery Sanction Against Facebook -- In re J.G.
[Post by Venkat Balasubramani]
In re J.G., A128898; A129157 (Ca Ct. App.; Sept. 30, 2011)
Background: This involved a juvenile proceeding where J.G., a minor, was charged with the offenses of forcible sexual penetration and false imprisonment. During the proceedings, J.G.'s counsel served three subpoenas on Facebook, seeking information "relating to the victim's Facebook user account, including electronic messages sent to and from the account, and other data."
The first subpoena was issued on March 3, 2010 and demanded the production of documents within five days, or alternatively, Facebook's appearance at a court hearing on March 12. On March 17, Facebook served objections on J.G.'s counsel, and among other bases, Facebook argued that the Stored Communications Act precluded the production at issue. Facebook went back and forth with J.G.'s counsel, but did not appear at the scheduled hearing. At the hearing, J.G.'s counsel requested an order requiring Facebook's appearance in court on a new date: April 5, 2010.
On March 29, 2010 and April 7, 2010, the private investigator working for J.G.'s counsel served two additional subpoenas, the latter of which set a hearing date of April 13, 2010. While the first subpoena was signed by J.G.'s counsel, these two subpoenas were signed by the juvenile court commissioner. On April 9, 2010, Facebook served objections to these two subpoenas on counsel but did not file these objections with the court.
On April 12, 2010, Facebook's representatives discussed with J.G.'s counsel the possibility of having the victim execute a consent form. Facebook provided J.G.'s counsel the consent form, and counsel acknowledged receiving the form and advised Facebook: "You don't need to go to court tomorrow."
Facebook did not appear at the April 13 hearing. The investigator emailed a consent form purporting to be signed by the victim but it was actually signed by a representative of the district attorney's office. (??) The investigator further advised Facebook that there was a hearing and a further hearing on Facebook's "handling of the subpoenas" was set for April 20, 2010.
Prior to the April 20th hearing, Facebook's outside counsel arranged for a paralegal to contact the court. The court clerk advised that the hearing was scheduled to occur, but J.G.'s counsel advised Facebook's counsel that the hearing was cancelled. Facebook's counsel appeared at the April 20th hearing where he found out that the court was considering imposing a sanction on Facebook "for failing to comply with court orders relating to the subpoenas." Facebook's counsel advised that the Stored Communications Act restricted Facebook's ability to disclose the information in question. Following the hearing, the court imposed a sanction on Facebook in the amount of $100,000, payable to the Alameda County Superior Court. At the hearing, the court drops the gem of a line, that:
[the judge] saw in the [newspaper] two weeks ago that [Facebook's CEO] made three billion dollars in 19-- excuse me, 2009, three billion dollars . . . .
Shortly after the hearing, J.G.'s counsel provided Facebook with the signed waiver, Facebook produced the information in question, and the juvenile court released J.G. to home supervision. Facebook then moved to vacate the sanctions order.
Discussion: Facebook made three arguments for why the sanction should be vacated. The court rejects the first two, but agrees with the third.
Due Process/notice: Facebook argued that it did not have adequate notice of the court's intent to impose a sanction. The court disagrees, noting that Facebook's counsel appeared at and participated in the hearing. In fact:
counsel acknowledged that Facebook was aware of the court's displeasure with its compliance efforts, and [admitted] that 'it's entirely possible that some things may have fallen through the crack [sic].'
Even if there was some irregularity in the procedures, the court concluded that Facebook did not suffer any prejudice--it participated in the hearing fully and filed papers after the hearing.
Consent to commissioner acting as judge pro tempore: Facebook contended that it did not consent to the commissioner acting as judge pro tempore "for purposes of the sanctions proceedings." The court says Facebook's conduct at the sanctions hearing was implied consent.
Court's authority to impose sanctions: The final argument gets traction with the court. The court says that while the juvenile court has inherent authority to manage its proceedings, the juvenile court does not have inherent authority to impose punitive monetary sanctions. Several different statutes authorize the court to impose sanctions, but none of these come close to authorizing an award of $100,000. While a statute authorizing broader sanctions is on the books, it's limited to parties and not directed at the conduct of nonparty witnesses.
The court vacates the sanctions award as unauthorized and sends the matter back to juvenile court for further consideration in light of its opinion. The court does not reach the issue of whether Facebook "acted reasonably and in good faith," and it looks like the juvenile court is directed to not address this issue either. (The court's order is unclear on this last point.)
Service providers have to walk a fine line when responding to requests for communications. Although both lawsuits were dismissed, MySpace and Yahoo were both sued for disclosing information and communications in response to subpoenas that plaintiffs claimed did not fall under the specific exceptions in the Stored Communications Act. (See Sams v. Yahoo! and Hubbard v. Myspace.) Providers also have to worry about statutes such as the Video Privacy Protection Act and the newly-enacted California Reader Privacy Protection Act [pdf]. I haven't looked at it in detail, but my instinct is that the communications in this case could not be disclosed by Facebook, and it was correct in asserting that the Stored Communications Act barred disclosure. (The DOJ's Cybercrime division lays out the circumstances in which information can be disclosed by service providers. Even wading through this summary will make your head hurt.)
I'm sure Facebook is breathing a sigh of relief over having avoided the sanctions order, although it must not be looking forward to dealing with these discovery issues on an ongoing basis. Dealing with a subpoena in federal court is somewhat more straightforward than dealing with it in other fora, such as in a juvenile criminal proceeding.
It's unfortunate that the court did not discuss the merits of Facebook's objection based on the Stored Communications Act. Litigants also continue to grapple with the issue of how to get Facebook profile information in discovery. As far as recommendations for litigants trying to get Facebook-related information, I would familiarize yourself with what information is covered by the SCA and tailor your request for information accordingly. Second, whenever possible, I would try to seek the information from the litigant rather than from the network directly, and try to obtain a waiver, to the extent there are logistical issues preventing discovery of the information from the litigant. (Of course, courts have not resolved the issue of whether someone can be forced to execute a waiver, but I'm guessing we'll see some decisions on that soon enough.)
Q3 2011 Quick Links, Part 1 (Copyright Edition)
By Eric Goldman
* The Golan v. Holder SCOTUS oral arguments are today. My colleague Tyler Ochoa has been actively monitoring the case:
- his essay previewing the case and the issues it raises
- an amicus brief on whether the 1790 Copyright Act restored copyright on works then in the public domain
- a video where he explains the case to a student audience (item #21)
- a video of a Harvard Law School roundtable about the case
* Lots of news involving Oracle. First, in Oracle v. SAP, the court sliced Oracle's damages by about a billion dollars. Even reduced, Oracle got a huge copyright damages award. Prior blog post. In related news, TomorrowNow struck a plea deal where SAP will pay $20M in criminal fines.
Separately, in Oracle America, Inc. v. Google Inc., 2011 WL 4336691 (N.D. Cal. Sept. 15, 2011), Oracle got a favorable ruling on its copyright claims over Android's infringement of Java. Software geeks, this opinion warrants your attention.
* The PROTECT IP Act is an abomination. I signed a law professor letter against PROTECT IP. Entrepreneurs circulated their own letter. Larry Downes offered some suggestions on how to make the PROTECT IP Act less worse.
* In re Literary Works in Elect. Databases Copyright Litig., 05-5943-cv(L) (2d Cir. Aug. 17, 2011). The long-running Tasini battle takes another turn. This time, the court rejected the settlement because of intra-class conflicts. James Grimmelmann explains the implications for Google Book Search.
* Rock River Communications, Inc. v. Universal Music Group, Inc., 2011 WL 3501762 (C.D. Cal. Aug. 9, 2011). The court dismissed claims over allegedly bogus copyright takedown notices. Prior blog post.
* Only 13 years after DMCA passage, the Copyright Office is proposing a permanent process for designating 512 agents. I have strong objections to the proposal, especially the part where service providers can lose their registration for failing to jump through additional formalities over time. If you are interested in working on comments, contact me.
* A few Righthaven tidbits. MediaNews, one of Righthaven's two main newspaper "customers," has ended its contract with Righthaven. The new MediaNews chief says it was a “dumb idea” from the beginning. Amen! And in Righthaven LLC v. Hill, 2011 WL 4018105 (D. Colo. Sept. 9, 2011), the court denied a fee shift to the defendant. The 505 motion failed because Righthaven voluntarily dismissed the case, meaning that Hill was not a “prevailing party.”
* Flexible Lifeline Systems, Inc v. Precision Lift, Inc., 10-35987 (9th Cir. Aug. 22, 2011): "presuming irreparable harm in a copyright infringement case is inconsistent with, and disapproved by, the Supreme Court’s opinions in eBay and Winter. Thus, our long-standing precedent finding a plaintiff entitled to a presumption of irreparable harm on a showing of likelihood of success on the merits in a copyright infringement case, as stated in Elvis Presley and relied on by the district court, has been effectively overruled."
* Kernal Records Oy v. Mosley, 2011 WL 2223422 (S.D. Fla. June 7, 2011): "publishing AJE on a website in Australia was an act tantamount to global and simultaneous publication of the work, bringing AJE within the definition of a “United States work” under § 101(1)(C) and subject to § 411(a)'s registration requirement." This appears to be an opposite conclusion to Moberg v. 33T LLC, 666 F. Supp. 2d 415 (D. Del. 2009) (mentioned here).
* Slightly related: Shropshire v Canning, 2011 WL 3667492 (N.D. Cal. Aug. 22, 2011). Uploading a video to YouTube's California servers from Canada can constitute infringement in the United States. Prior blog post.
* William Wade Waller Co. v. Nexstar Broadcasting, Inc., 2011 WL 2648584 (E.D. Ark. July 6, 2011). A 1202 CMI claim fails: "Assuming that RKC intentionally cropped the copyright notice out of the picture before distributing it to Nexstar, Plaintiff has made no effort to show that RKC did so intentionally to induce, enable, facilitate or conceal infringement."
* Edgenet v Home Depot (7th Cir. Sept. 2, 2011). A product taxonomy is copyrightable, but the Home Depot properly procured the necessary rights from its vendor before home-brewing its own solution and dropping its vendor. See more on property rights in taxonomies.
* Brownmark Films, LLC v. Comedy Partners, 2011 WL 2648600 (E.D. Wis. July 6, 2011) South Park parody of a YouTube viral video is fair use (on a motion to dismiss).
* Fraserside IP L.L.C. v. Youngtek Solutions Ltd., 2011 WL 2689058 (N.D. Iowa July 12, 2011). A potentially meritorious 17 USC 512(c) defense helps set aside a default judgment.
* The Swatch Group Management Services Ltd. v. Bloomberg LP, 1:11-cv-01006-AKH (SDNY Aug. 30, 2011). Recording a securities analyst call could be copyright infringement.
* Tertiary liability copyright infringement claims against CNET for distributing LimeWire dropped. In other LimeWire news, as part of a deal with the Maryland AG, LimeWire will notify users about the risks of inadverent data sharing.
* Another copyright infringement suit against Amazon, this time for "manufacture-on-demand" CDs.
* Princeton prevents its professors from assigning the copyright in their research to publishers.
* Turnitin’s “WriteCheck” service lets students preview the plagiarism detection report before submitting their papers to their instructors. Good business to be dealing arms to both sides.
October 04, 2011
9th Cir.: ECPA Protects Non-Citizen Communications Stored in the US -- Suzlon Energy v. Microsoft
[Post by Venkat Balasubramani]
Suzlon Energy Ltd. v. Microsoft Corp., 10-35793 (9th Cir. Oct. 3, 2011) [pdf]
Suzlon Energy sought emails from Microsoft for use against Sridhar, an Indian citizen, in a civil lawsuit pending in Australia. It filed a petition for the production of documents, which the district court initially granted. In response, Microsoft and Sridhar filed objections. The district court agreed with Microsoft and Sridhar and held that, although Sridhar was not a United States citizen, the Electronic Communications Privacy Act precluded Microsoft's disclosure of the emails.
The Ninth Circuit affirmed, finding that the text of the statute answers the question of whether the protections of the ECPA are limited to United States citizens. The statute prohibits disclosure of communications which fall under the statute and contains numerous exceptions, but citizenship is not listed as an exception. Additionally, the statute defines a user as "any person or entity" who uses an electronic communications service with authorization:
The Court finds that the plain language of the ECPA extends its protections to non-citizens. The Court is therefore obligated to enforce the statute as written.
Although the court found that the text of the statute answered the question, it nevertheless analyzed the legislative history of the statute "for its instructive value." The court notes that Congress' intent in passing the ECPA is to protect the privacy interests of American citizens. But nothing indicates an intent to protect the privacy rights of only American citizens. Although the language of the legislative history is inconclusive, the passage quoted by the court is interesting and one that Congress may want to take a look at when thinking whether and how to revamp the ECPA:
With the advent of computerized record keeping systems Americans have the ability to lock away a great deal of personal and business information. . . . [T]he law must advance with technology to ensure the continued validity of the fourth amendment.
The court makes clear (citing to Zheng v. Yahoo!) that it's only deciding that ECPA protections apply to information stored in the United States. (Zheng was a case where the district court concluded that a dissident in China could not sue Yahoo! for allegedly turning over email messages to the Chinese government.)
The court also addresses the issue of consent, finding that Sridhar did not impliedly consent by being involved in the Australian litigation. The court does not see the logic in Suzlon's consent argument. The court also says that he did not consent to Microsoft producing the emails on his behalf. Microsoft's terms of service only say that any emails would be disclosed in accordance with United States law and in other circumstances not relevant to the case. Microsoft "never told Sridhar that his communications might be monitored or disclosed." There are no facts supporting an implied consent based on waiver.
It's tough to quibble with the court's interpretation of the statute, but it's interesting that the court specifically carved out and reserved judgment on communications that are not stored in the United States. Zheng v. Yahoo! didn't expressly rely on the storage issue; the court determined that the predicate acts occurred abroad and therefore the ECPA did not apply.
Is the location of the server where the email is stored a workable basis to determine whether ECPA protection should be lost? Does this type of a rule allow an ISP to play games as to what emails are subject to ECPA protection and which are not? If an ISP decides to change its storage practices and decides to store emails offshore, does this suddenly mean that those emails are no longer entitled to protection under the ECPA? (I recall some proposed legislation which would prohibit US companies from storing data outside the United States to avoid foreign governments being able to impose different rules.) From a consumer standpoint, the location of storage doesn't offer much clarity. I imagine customers have no idea what jurisdiction the servers which house their communications are located in.
[Clarification: I revised the post to indicate that the court did not hold that foreign-stored communications are outside the scope of ECPA protection. My zeal to highlight an interesting issue got the better of me! Thanks to the emailer who pointed this out.]
Additional coverage: Ninth Circuit Says ECPA Protects Foreign Citizens (Tom O'Toole/BNA)
Article on Bypassing Geographic Content Restrictions Using Borrowed IP Addresses
By Eric Goldman
Marketa Trimble (UNLV Law) has posted a full copy of her article, The Future of Cybertravel: Legal Implications of the Evasion of Geolocation. I've highlighted this article before, such as in my coverage of the Internet Law Works-in-Progress where I heard her present it.
The paper relates to problems created by efforts to reinstantiate geographic borders on the Internet. In particular, where content owners have sought to restrict distribution of their copyrighted works online to only people located to specified geographies (as measured by the users' IP addresses), third party service providers in those countries offer to rent out "local" IP addresses to let non-local users bypass the geographic restrictions. I hate the name "cybertravel" to describe this phenomenon (a point I have stressed to Marketa), but the topic is crucial to cyberlaw. It implicates a wide swath of cyberlaw doctrines, including national efforts to restrict objectionable content; Lori Drew-style server misuse based on false registration information; and the efficacy of efforts (like the Protect IP Act) to suppress rogue foreign websites. Marketa does a super job engaging this complex topic, so this is an article worth checking out.
The internet is valued as a medium that both defies and defeats physical borders. However, cyberspace is now being exposed to attempts by both governments and private entities to impose territorial limits through blocking or permitting access to content by internet users based on their geographical location – a territorial partitioning of the internet. A number of authors have discussed the advantages and disadvantages attached to raising borders in cyberspace; however, as opposed to the earlier literature, this article focuses on an internet activity that is designed to bypass the partitioning of cyberspace and render any partitioning attempts ineffective. The activity – cybertravel – permits users to access content on the internet that is normally not available when they connect to the internet from their geographical location. By utilizing an internet protocol address that does not correspond to their physical location, but to a location from which access to the content is permitted, users may view or use content that is otherwise unavailable to them. Although cybertravel is not novel (some cybertravel tools have been available for a number of years), recently the tools allowing it have proliferated and become sufficiently user-friendly to allow even average internet users to utilize them. Indeed, there is an increasing interest in cybertravel among the general internet public as more and more website operators employ geolocation tools to limit access to content on their websites from certain countries or regions.
This paper analyzes the current legal status of cybertravel and explores how the law may treat cybertravel in the future. The analysis of the current legal framework covers copyright as well as other legal doctrines and the laws of multiple countries, with a special emphasis on U.S. law. The future of the legal status of cybertravel will be strongly affected by three current developments: the desire of countries and many actors on the internet to erect borders on the internet to facilitate compliance with territorially-defined regulation, the need for attribution of acts on the internet to particular actors, and the ongoing transition from the IPv4 to IPv6 protocol that is promising permanently assigned or embedded internet protocol addresses. This paper makes an attempt to identify arguments for making or keeping certain types of cybertravel legal, and suggests legal, technical and business solutions for any cybertravel that may be permitted.
October 03, 2011
Re-registration of Domain Name is not a "Registration" Under the ACPA -- GoPets Ltd. v. Hise
[Post by Venkat Balasubramani]
GoPets Ltd. v. Hise, 08-56110; 08-56112 (9th Cir. Sept. 22, 2011)
Although Eric is not a big fan of them, the Ninth Circuit has produced a slew of domain name opinions this year. GoPets Ltd. v. Hise is one to add to the list.
Background: Hise registered gopets.com in 1999. Hise and his brother and their entity are experienced domainers; they registered more than 1,300 domain names in the past decade. In 2004, Eric Bethke founded GoPets Ltd., a Korean company that developed a game involving "virtual pets that move between the computers of registered users." GoPets filed an application to register the "GoPets" mark in 2004 and the registration issued in 2006. Starting in 2004, Bethke made several attempts to purchase the gopets.com domain name from Hise. The parties went back and forth but never consummated a sale of the domain name.
In 2006, GoPets filed a UDRP action against Wise. The arbitrator ruled in favor of Hise, finding that since Hise registered gopets.com before GoPets Ltd. started using the mark, there could be no bad faith. After the UDRP ruling, the Hise brothers registered a slew of other gopets domain names, including gopet.biz, gopet.org, egopets.com, gopetz.bz, gopets.ws, gopet.tv, gopet.ws, gopet.bz, gopet.de, gopet.eu, and gopet.name. Meanwhile, Bethke again tried to purchase the domain name, and offered up to $40,000 for gopets.com. The Hises demurred and instead sent a letter to the investors of GoPets, offering to sell the domain name for $5 million. After receiving the offer to sell the domain name for $5 million, GoPets Ltd. filed a complaint for cybersquatting, and for claims under the ACPA, and Lanham Act.
The district court granted GoPets Ltd.'s motion for summary judgment on its ACPA and Lanham Act claims with respect to all of the domain names. The court also granted GoPets Ltd. its attorney's fees.
Re-registration of gopets.com: Hise transferred the gopets.com domain name to Digital Overture, an entity owned by him and his brother. Digital Overture re-registered the domain in 2006. The question is whether the 2006 re-registration violated the ACPA. GoPets argued that since its mark was distinctive in 2006 when the domain was re-registered, this is sufficient to state a claim under the ACPA. According to the court, the key question is whether the initial registration was done in bad faith--subsequent renewals or even transfers are irrelevant:
we conclude that Congress meant "registration" to refer only to the initial registration. It is undisputed that . . . Hise could have retained all of his rights to gopets.com indefinitely if he had maintained the registration of the domain name in his own name. We see no basis in ACPA to conclude that a right that belongs to an initial registrant of a currently registered domain name is lost when that name is transferred to another owner.
The court finds that although the re-registration or transfer of gopets.com was not in bad faith, there was ample support for the factual conclusion that Hise's registration of the remaining domain names were done in bad faith. Hise tried to argue that he thought that registration of these domain names was proper based on his UDRP victory, but not surprisingly, the court rejects this defense.
Damages: The trial court awarded $100,000 in damages for Hise's registration of gopets.com and $1,000 in damages for the remaining domain names. The Ninth Circuit vacates the $100,000 award based on gopets.com but affirms the remaining damage award.
The ACPA allows for a plaintiff to elect statutory damages: "in the amount of not less than $1,000 and not more than $100,000 per domain name, as the court considers just." Hise argued (relying on Feltner v. Columbia Pictures Television) that the statutory damage award should have been decided by a jury and not a judge, and having a judge rather than jury determine statutory damages violated his Seventh Amendment right to a jury trial. The court says that this may be a viable argument, but not in this case, since the court awarded the minimum statutory amount. Hise could not have achieved a better result in front of a jury since the jury would have had to award the minimum as well. (See the similar BMG v. Gonzalez ruling in the copyright context). This issue will have to be hashed out in another case.
If I'm reading the court's opinion correctly, it means that any time someone registers a domain name before a mark has become distinctive or famous, that domain name gets a free pass, regardless of any transfers or changed use of the domain name? Or is the court's decision based on the fact that the basis for the ACPA claim was based on "registration" (as opposed to "trafficking" or "use"), and therefore the renewal or transfer does not create ACPA liability? If GoPets had stronger facts around Hise's use of the domain name, would it have made a difference?
I'm guessing the opinion just speaks to registration. Other decisions have held that the determination of the lawfulness of a domain name registration is not fixed--it may change over time, depending on the defendant's conduct and use of the domain name. (Storey v. Cello Holdings, L.L.C., 347 F.3d 370, 385 (2d Cir. N.Y. 2003) ("Congress intended the cybersquatting statute to make rights to a domain-name registration contingent on ongoing conduct rather than to make them fixed at the time of registration".) It's useful to contrast the result for gopets.com with Newport News Holding Co v. Virtual City Vision (4th Cir. April 18, 2011) [pdf]. As Eric wrote in May, the registrant of newportnews.com won a UDRP proceeding, but ten years later, was the subject of an adverse ruling on ACPA claims against it. What went wrong?
[I]n making changes to its website in 2007, VCV [the registrant of newportnews.com] shifted its focus away from the legitimate service of providing information related to the city of Newport News and became instead a website devoted primarily to women’s fashion....VCV cannot escape the consequences of its deliberate metamorphosis....newportnews.com went from being a website about a city that happened to have some apparel advertisements to a website about women’s apparel that happened to include minimal references to the city of Newport News.
Thus, the court awarded $80k in damages, $10k in sanctions and attorneys' fees against VCV (the registrant of newportnews.com). It would not be prudent to read the Ninth Circuit's Gopets.com opinion as giving registrants a free pass for the life of the domain name. I doubt that's what the court meant, but I was surprised the court was not clearer about it, and surprised that the facts around the Hises' use of the domain name did not factor at all into the legal analysis.
UPDATE: Ryan Gile says "The lesson here is two-fold. Failing to negotiate in good faith can lead to unnecessary lawsuits and lawsuits often last longer than internet companies or their brands."
New Essay on 47 USC 230(c)(2)
By Eric Goldman
I have posted a new essay, Online User Account Termination and 47 U.S.C. §230(c)(2), to SSRN. I wrote this essay as a contribution to a virtual world symposium at UC Irvine, and it will be published in the UC Irvine Law Review.
The essay generally argues that 47 USC 230(c)(2) permits online providers, including virtual world operators, to terminate user accounts without liability. Academic commentators frequently ignore or fail to consider Section 230(c)(2)'s immunity when discussing user account terminations, so the essay tries to elevate Section 230(c)(2)'s profile in the discussions, especially for the virtual world community. To me, Section 230(c)(2)'s applicability to account terminations is clear, but the story is complicated and perhaps not free from controversy. In addition to explaining the nuts-and-bolts, I offer a brief theoretical defense of the immunity.
I believe this essay is the first law review article exclusively on 47 USC 230(c)(2), the overlooked and undertheorized sibling of Section 230(c)(1). (FWIW, I have another, much larger article in process on Section 230(c)(1) that I hope to complete next semester.) If I've missed a 230(c)(2)-specific article, please please please let me know. For that reason alone, I'm quite excited about this essay.
I'm also excited about this essay because it culminates a topic I've been contemplating since I began blogging--the implications of virtual world proprietors' rights to terminate for convenience. See, e.g., this post--one of my first on the blog--from 6 1/2 years ago. After all these years, I'm glad to finally organize my thoughts more completely.
The essay is in draft form, so I would gratefully welcome your comments.
An online provider’s termination of a user’s online account can be a major-and potentially even life-changing-event for the user. Account termination exiles the user from a virtual place the user wanted to be; termination disrupts any social network relationship ties in that venue, and prevents the user from sending or receiving messages there; and the user loses any virtual assets in the account, which could be anything from archived emails to accumulated game assets. The effects of account termination are especially acute in virtual worlds, where dedicated users may be spending a majority of their waking hours or have aggregated substantial in-game wealth. However, the problem arises in all online environments (including email, social networking and web hosting) where account termination disrupts investments made by users.
Because of the potentially significant consequences from online user account termination, user-rights advocates, especially in the virtual world context, have sought legal restrictions on online providers’ discretion to terminate users. However, these efforts are largely misdirected because of 47 U.S.C. §230(c)(2) (“Section 230(c)(2)”), a federal statutory immunity. This essay, written in conjunction with an April 2011 symposium at UC Irvine entitled "Governing the Magic Circle: Regulation of Virtual Worlds," explains Section 230(c)(2)’s role in immunizing online providers’ decisions to terminate user accounts. It also explains why this immunity is sound policy.
October 01, 2011
Facebook's Trademark Suit Against Teachbook Survives Motion to Dismiss
by Eric Goldman
Facebook, Inc. v. Teachbook.com LLC, 2011 WL 4449686 (N.D. Ill. Sept. 26, 2011).
Facebook has been helping many lawyers send their kids to private school with an expensive enforcement campaign to control the prefix "face" and suffix "book" for social networking sites. Its "-book" targets have included Lamebook (which recently settled; see some speculation why), Bearbook for the hirsute gay community and Teachbook, the subject of this lawsuit, which targets teachers.
Facebook's entire campaign is fraught with peril given the intensely descriptive nature of Facebook's own trademark, the historical meanings of "facebook" prior to The Facebook, and the interest of budding new entrepreneurs in taking advantage of the pre-The Facebook lexical meanings of the term. But the reality is that Facebook is apparently willing to sink a significant amount of money into an aggressive legal position, which helps it bully 9 out of 10 targets off the term just by threatening them.
Teachbook is one of the few that didn't back down, and it even won an initial legal victory in May when it got Facebook's trademark infringement lawsuit dismissed for lack of jurisdiction. Facebook promptly refiled in Teachbook's home court, and Teachbook's subsequent motion to dismiss gets zero traction with this judge.
Teachbook submitted 300 pages of exhibits and asked the court to consider them on the motion to dismiss, and the court rejects all of it. For example, the court declines to take judicial notice of a filing Facebook made in a European trademark proceeding, USPTO filings and various dictionaries. The court also declines to consider printouts from Facebook's website, saying those printouts aren't "central" to Facebook's complaint.
The good news for Teachbook is that all of this material can be considered at a later stage of the lawsuit. The bad news is that it has to fight long enough to get there.
Is the "Book" Suffix Generic?
Teachbook made the reasonable argument that the suffix "book" is generic, and therefore Facebook should not be able to enforce any rights in the term "book." (If I recall correctly, Facebook had to disclaim the "book" suffix in its US trademark application). Facebook logically retorts that it is seeking to enforce the entirety of its "Facebook" mark, not just any standalone rights in the suffix "book." The court accepts Facebook's spin, at least for purposes of the dismissal motion, saying "one could reasonably infer that the choice of the TEACHBOOK mark—which, like the FACEBOOK mark, is a curt, two-syllable conjunction of otherwise unremarkable words—to offer a similar service in the same medium was no accident." The court also notes that Facebook has a registered trademark (prima facie evidence that the term "Facebook" is not generic) and that Teachbook has the burdens on a motion to dismiss.
The court says that even if Facebook is enforcing just the "book" suffix, that term isn't generic:
Facebook is using the suffix-BOOK to offer social networking services via the internet. Even in this age of “e-books,” social networking services do not fall within the category of what one would traditionally call “books.”...were we to narrow the focus of our inquiry to the suffix -BOOK, we would still be unable to conclude that Facebook's mark is merely generic in the context of offering social networking services on the internet
It appears the court has only one definition of "book" in mind--presumably, a long-form bound-cover published BOOK. The court even says "the word “book,” unlike “top,” does not instantly call to mind a multiplicity of meanings." But I couldn't disagree more, the "book" can mean many things in addition to a classic BOOK. Indeed, before The Facebook, a facebook was a printed photo directory of people in a small social network, such as the incoming 1L class at a law school. For more on the legal ambiguity of the term "book," see our blog post on the California Reader Privacy Act, which I still oppose in large part due to the semantic ambiguity of the term "book" (and which I predict will lead to a privacy plaintiff lawyer fiesta on that point).
Likelihood of Consumer Confusion
On mark similarity, the court sees enough similarity for now: "Both marks are a combination of the suffix-BOOK preceded by fairly mundane, monosyllabic words. And in both instances, it is the uninterrupted conjunction of the mundane words with the suffix-BOOK that gives the marks their verve." The court distinguishes between sites that draw users through "word-of-mouth, hyperlinks, and search engine results" versus user browsing, saying:
Given the similarities between the TEACHBOOK and FACEBOOK marks, it is reasonable to infer that someone browsing the internet might understand Teachbook to be “in some way related to, or connected or affiliated with, or sponsored by” Facebook.
Huh? If the user reaches the site by browsing, then they will see the entire site--including any disclaimers, and the market positioning that Teachbook is an alternative to Facebook. A quick inspection of Teachbook should have instantly ended the possibility of any user confusion about Facebook's sponsorship or affiliation.
The court then goes off the rails when he discusses search engines. He tries to parse the abominal Seventh Circuit case Eli Lilly v. Natural Answers (the Prozac v. Herbrozac case) from over a decade ago. In the Eli Lilly case, the court inferred the defendant's bad faith from the defendant's inclusion of the plaintiff's trademark in the metatags. This is one of the classic judicial freakouts about metatags; fortunately, most judges have learned a lot about Internet search since then, but this judge is still stuck in the 1990s. The judge thinks the "Teachbook" domain name could serve as the functional substitute for metatags and therefore supports the same inference of bad faith:
It is reasonable to infer from the complaint that the same thing may be happening here, albeit with website domain names rather than meta tags. Indeed, one can imagine teachers searching the internet for www.facebook.com and hitting upon www.teachbook.com. And even though these same teachers might also read Teachbook's attempt to define itself as an alternative to Facebook, the initial interest stems from the goodwill associated with Facebook, not Teachbook.
Uh, no. I can't think of any reasonably likely keyword search for "Facebook" or any variation thereof that is likely to produce the Teachbook search result anywhere in the top 100 search results (except, perhaps, for stories about this lawsuit). And relying on initial interest confusion is a joke; check out the Google search results for "Teachbook" and see if you can find any reason to think initial interest confusion (whatever that means) will occur. Plus, the initial interest confusion doctrine is typically an analytical crutch for plaintiffs' lawyers and judges who can't think of any real justifications for their decisions. Finally, just up above, the court had said that the risk was people browsing to Teachbook instead of getting there via search engines; now, the judge is worried about search engines. Which is it, judge?
The judge wraps up his misguided likelihood of confusion discussion by assuming that teachers are idiots:
Furthermore, who is to say these teachers might not think that Teachbook is Facebook's response to some schools banning teachers from using Facebook? In light of such policies, a reasonable consumer might assume that Facebook was offering social networking services targeted specifically at teachers and addressing the privacy concerns at which the schools' policies are apparently aimed. The same consumer might further assume that Facebook, in order to draw on its famous name, decided to call that service TEACHBOOK. Indeed, nothing in the statement from Teachbook's website indicates that this is not the case.
It's true that if judges keep giving Facebook trademark protection for the suffix "book," the world will assume Facebook owns all brand extensions of "-book." This is a classic bootstrap of weak trademark rights into powerful ones. But judges could just as easily reverse that presumption by authorizing Lamebook and Bearbook and Teachbook and all of the other legitimate derivations of the suffix "book." Hey judge, we trust teachers to teach our kids; I think we can trust them to figure out the differences between Teachbook and Facebook (although I'd venture a guess that even a second grader would have zero difficulty distinguishing between Facebook and Teachbook).
The court shoots down Teachbook's argument that "Teachbook" and "Facebook" are too dissimilar to create dilution. The court logically cites Levi Strauss & Co. v. Abercrombie & Fitch Trading Co., 633 F.3d 1158 (9th Cir. 2011), but that case has really ripped open the door for trademark dilution claims for dissimilar marks. The court then says Facebook sufficiently alleged blurring to let this claim continue.
I wonder about Facebook's dilution posture given the dozens (hundreds? thousands?) of third party precedent trademarks with the term "book" in them, suggesting that Facebook itself has a narrow range of protectable interests. Further, Facebook might be exposing itself to greater dilution risk from other famous trademark owners with "book" in their trademarks who might have dissimilar marks but could claim Facebook is blurring theirs. It seems to me that Facebook is playing with fire here--not that such risks are likely to deter Facebook in its highly aggressive quest to own "face" and "book."
Good judges can adjust their evaluation to the legal standard at issue, i.e., the presumptions are often against the defendant on a motion to dismiss, but the plaintiff has a greater burden of persuasion at later stages in the case. If the judge modulates his standards, this opinion doesn't necessarily portend doom for Teachbook. But if that modulation doesn't happen (and potentially even if it does), this opinion clearly indicates that Teachbook is in deep, deep trouble with this judge.
This opinion trots out some moldy oldie Seventh Circuit freakouts about the Internet, such as the Eli Lilly case and the eminently mockable Promatek v. Equitrac case. In light of the Ninth Circuit's Network Automation case, I'm wondering if Teachbook would actually have had more favorable precedent in the Ninth Circuit rather than moving the case back to the Seventh Circuit. Something for future trademark defendants to think about.