Technology & Marketing Law Blog: November 2011 Archives

Technology & Marketing Law Blog

« October 2011 | Main | December 2011 »

November 30, 2011

Fraud Allegations Don't Trump 47 USC 230--Hopkins v. Doe

By Eric Goldman

Hopkins v. Doe #1, 2011 WL 5921446 (N.D. Ga. Nov. 28, 2011). The initial complaint. Hopkins' lawsuit-related website.

This lawsuit relates to allegedly defamatory statements that Does made about Hopkins on Topix. As a pro se, Hopkins sued both the Does and Topix. Topix naturally invoked 47 USC 230, and the court easily concludes that it qualifies for the immunity. The court says:

At bottom, Plaintiff seeks to hold Topix liable for simply publishing the defamatory conduct and the consequences which flow from that decision....All of Plaintiff’s state-law claims are preempted by the CDA’s immunity, and Plaintiff has therefore failed to state a claim.

It appears the plaintiff tried to work around 47 USC 230 by arguing that Topix had made on-site promises to address problematic content and Topix didn't uphold those promises. The court rejects the workaround: "It does not matter that Plaintiff has attempted to skirt this preemption by alleging that Topix fraudulently violated its own policies by not policing its content in a timely fashion." This is unquestionably correct (see, e.g., the uncited Milo v. Martin), but it reinforces that breach of contract workarounds to 47 USC 230 don't necessarily work. For more on the 230/contact interplay, see my recent article on online account terminations.

Hopkins appears to have taken this defeat in stride and is now refocusing his attention on the correct targets. He posted a statement on his website about this ruling:

The Federal Court basically ruled that Topix is completely protected under the Communication Decency Act of 1996 (CDA) which basically allows Internet Providers to act Indecently. So they dismissed Topix, and then remanded the case back to Superior Court in regards to all the John Does, which I will now focus on.

So I tried. I did the best I could. Many people reviewed my work and said that it had as good a chance as anything they could imagine. But inthe end the lesson learned seems to be that until Congress changes hte CDA, then people like Chris Tolles, running companies like Topix, have a free reign to allow Indeecent Communications to flourish and destroy lives. Chalk one up for evil. But we fought. Sometimes that is enough. Now we need to see where this goes.

As for me - I am now hunting certain John Does.

Posted by Eric at 05:05 PM | Derivative Liability | TrackBack

Pennsylvania Court Orders Personal Injury Plaintiff to Turn Over Facebook Password to Defendant -- Largent v. Reed

[Post by Venkat Balasubramani]

Largent v. Reed, 2009-1823 (Pa. Ct. of Common Pleas; Nov. 8, 2011)

Keith and Jessica Largent were involved in an accident in 2007. They sued Jessica Rosko and Sagrario Pena alleging negligence and loss of consortium. During Ms. Largent’s deposition, defense counsel realized that Ms. Largent had a Facebook profile and she “used it regularly to play a game called FrontierVille.” Largent refused to turn over any information about the account, and Rosko moved to compel Largent to disclose her Facebook username and password.

Rosko argued that Largent’s profile was “public,” and certain posts to Largent’s Facebook account contradicted her claims of “serious and severe injury.” Specifically, Rosko claimed that Largent posted photographers that depict her “enjoying life with her family and a status update about going to the gym.”

The court starts by noting that Pennsylvania discovery rules are broad and “the relevancy threshold is slight.” The court also notes that Rosko claimed a “good faith” basis for seeking the material in question: “[t]he information sought by Rosko might prove that Largent’s injuries don’t exist, or that they are exaggerated.”

If there is no applicable privilege or statutory bar, the information must be turned over. On the privilege issue, the court says:

[t]here is no confidential social networking privilege under existing Pennsylvania law. There is no reasonable expectation of privacy in material posted on Facebook. Almost all information on Facebook is shared with third parties, and there is no reasonable privacy expectation in such information.

As far as a statutory bar, the Stored Communications Act was the obvious possibility. The court recognizes the complexity around the statute and its applicability to the types of communications at issue, but says that “the minutae are irrelevant for [the present] purposes.” Only one court has addressed whether Facebook communications are covered by the SCA (Crispin v. Audigier) and the court distinguishes that case on the basis that in that case the information was sought directly from the provider. In this case, Rosko is seeking the information from Largent directly:

[t]he SCA does not apply because Largent is not an entity regulated by the SCA. She is neither a RCS nor an ECS, and accessing Facebook or the internet via a home computer, smartphone, laptop, or other means does not render her an RCS or ECS.

Largent argued that granting Rosko’s motion was akin to “asking her to turn over . . . her private photo albums and requesting to view her personal email,” and would cause embarrassment and annoyance, but the court rejects these arguments. With respect to the possibility of embarrassment, the court says that because the posts are not truly private anyway, there can be no credible argument that disclosing the information would cause unreasonable embarrassment. As to the issue of annoyance to Largent the court says, the costs will be borne by Rosko, and:

Largent can still access her account while Rosko is investigating.

The court orders Largent to turn over her Facebook login information to defense counsel within 14 days of the date of the order. Defense counsel then has a 21 day window in which to inspect Largent's profile. After this window elapses, the court says that Largent may change her password.
__

I think we can all agree that the court's reminder that just because you posted something on a social network does not mean that it's privileged or off-limits is useful. The court is also right that it is folly to assume that anything posted to a social network (or for that matter, anywhere) is truly "private." These points can't be made often enough. That said, I think as with other Facebook discovery disputes, the resolution here is clunky and fails to account for the varied nature of the information that is stored in someone's Facebook account. This may range from private, e-mail-like communications with someone's lawyer or psychologist (should be privileged) to pictures of you frolicking on the beach which are published without any privacy restrictions at all (which are not privileged and undoubtedly relevant). Under the court's order, this distinction does not matter, and defense counsel is free to rummage around in Largent's Facebook account freely. (Kash Hill blogged about a discovery dispute with a similar result. A divorcing couple was forced to swap Facebook and dating site log-ins: "Judge Orders Divorcing Couple To Swap Facebook And Dating Site Passwords.") Some intrusion is expected and tolerated when you bring a claim for personal injury and maybe this is the cyber version of the independent medical examination. [As a sidenote, while it's problematic to delete any profiles while litigation is pending, if you are the plaintiff and you assert a claim for personal injury, you may want to delete your profile or deactivate it before you file suit. Added: check with your lawyer before you delete any profiles. Someone pointed out that the duty to preserve evidence arises before you file suit, so the pre-suit deletion of profiles may be ill advised.]

Of course, sharing your Facebook credentials with a third party is a violation of Facebook's terms of service--we all know that accessing a site in violation of its terms of service can come with stiff criminal penalties (the court even cites to US v. Drew in its order).

I don't have a great solution for this. It would be nice if Facebook allowed you to generate some sort of log of all of the items you have posted or sent around. This way the parties and the court can focus in on what's relevant without an opponent having to rummage around in your account.

In the meantime, if you are a litigant in a civil lawsuit and you post something online that you hope some folks don't see, just as with email, or any electronic media for that matter, realize that IT WILL COME BACK TO HAUNT YOU.

[NB: the court's order has some nice snark, including footnote 3: "Facebook currently does not allow a person to "dislike" (or in Facebook parlance, "un-like") a friend's post, probably for good reason."]

[Added: Lance Peterman suggests the ThnkUp app from Gina Trapani. I have not checked it out, but if it allows you to produce a comprehensive log of your Facebook posts, communications, and other activity, it may be useful for these types of discovery disputes. Another alternative may be the "download your information" feature which Facebook offers.]

Other coverage:

Drug & Device law: Another Excellent Facebook E-Discovery Opinion
Law.com No Reasonable Expectation of Privacy on Facebook, Pa. Judge Says

Previous posts:

"Court Orders Disclosure of Facebook and MySpace Passwords in Personal Injury Case -- McMillen v. Hummingbird Speedway"
"Judge Offers to Facebook 'Friend' Witnesses in Order to Resolve Discovery Dispute -- Barnes v. CUS Nashville"
"Facebook Messages/Wall Posts, Civil Discovery, and the Stored Communications Act -- Crispin v. Audigier"
"Plaintiff Can't be Forced to Accept Defense Counsel's Facebook Friend Request in Personal Injury Case -- Piccolo v. Paterson"
"Court Orders Plaintiff to Turn Over Facebook and MySpace Passwords in Discovery Dispute -- Zimmerman v. Weis Markets, Inc."

Posted by Venkat at 09:24 AM | Evidence/Discovery , Privacy/Security

November 29, 2011

Facebook Settles With the FTC -- In re Facebook, Inc.

[Post by Venkat Balasubramani, with comments from Eric]

In re Facebook, Inc. (Nov. 29, 2011) (Settlement & Proposed Consent Decree [pdf]) (Mark Zuckerberg's blog post)

The FTC announced its long-rumored settlement with Facebook. The key terms:

• Facebook is barred from making representations about the “privacy or security” of consumers’ personal information;

• Facebook must get end user approval before it enacts changes which “override” consumer preferences;

• Facebook is required to prevent anyone from accessing a “user’s material” within 30 days of a user’s deletion of his or her account;

• Facebook must enact a “comprehensive privacy program”;

• Facebook must undergo periodic privacy audits conducted by independent third parties.

Facebook is under the FTC’s jurisdiction for 20 years.
__

The FTC’s complaint and its explanation sheds some light on the scope of the settlement. Among other things, the complaint alleged: (1) Facebook shared informormation such as “friends lists” without warning users that it would change the default; (2) shoddy security practices around third party apps, which were permitted to access information beyond what was necessary to operate the apps; (3) Facebook shared personal information with advertisers when it said it wouldn’t; (4) Facebook continued to allow access to profiles after end users had deleted them; and (5) Facebook claimed it complied with EU Safe Harbors when it didn’t.

Given the numerous missteps (or some would say, overt disregard for user privacy) by Facebook, this was inevitable. As Eric mentions in his comments, Twitter and Google are both under similar consent decrees, and now with Facebook having agreed to a proposed settlement, the FTC has achieved de facto regulation of the biggest social networks.

The big question is what this will mean for Facebook’s advertising practices. It will undoubtedly make it harder to Facebook to permeate as a platform without clearly disclosing changes to users (the Facebook feature that alerts your friends when you are reading an article probably warrants more robust disclosure as a result of this decree), but will Facebook’s garden-variety targeting be affected in any way? I’m guessing not. (The definition of “third party” in the settlement carves out a “service provider . . . [who] uses the . . . information for and at the direction of [Facebook] and no other individual or entity and for no other purpose [and] does not disclose the . . . information, or any individually identifiable information derived from such information, except for, and at the direction of, [Facebook], for the purpose of providing services requested by a user . . . .” Query as to how this carve out affects Facebook’s advertising practices.)

The provisions about “privacy changes” seem to apply prospectively. I assume Facebook rolled back all of the objectionable changes which precipitated consumer complaints in the first place, so it's not as if Facebook gets a free pass on its overreaches to date. Still, it’s interesting that the settlement did not specify the various changes over the past couple of years that spurred the FTC into action.

The part about deleted profiles was interesting in that the settlement only says that Facebook agrees to not “allow third party access” to profile information. There’s nothing about Facebook purging the information, so I assume it can still be subpoenaed.

I question whether the settlement comes too late for Facebook. It has fooled users not once, or twice, but on a regular basis. (Facebook is like the stereotypical person in an abusive relationship. It doles out the punishment and people keep coming on hearing a promise that it will make things right.) In a way, the settlement may be a boon to Facebook. It has failed to keep its promises of its own accord, but now it can point to the imprimatur of the FTC settlement and say: “like Twitter and Google, we too are under the tumb of the FTC…you don’t have to take our word for it that we will make good on our privacy promises!”

[NB: the numerous privacy class actions against Facebook have all been dismissed or are otherwise languishing and are likely to be dismissed. This settlement should not have any effect on those lawsuits one way or another, although Zuckerberg’s blog post contains a broad mea culpa that may sway a judge or a factfinder. If plaintiffs can get past the damages/standing issue, they are sure to wave that around.]
____

Eric's Comments

1) The FTC's privacy rules are quite easy to follow. Tell users the truth, and don't change the rules mid-stream without users' consent. We've all known that Facebook repeatedly cuts corners when it comes to its privacy promises. Like most Internet companies, they thought they could get away with it. They didn't.

2) The fact Facebook violated these rules is bad legally, but it's even worse for Facebook’s user relations. Few Internet brands as big as Facebook have so many users that feel apathetic—or downright antagonistic—towards the service. This isn't a recipe for long-term success.

3) Surprisingly, although the collateral material discusses third party apps, the settlement doesn’t crack down on Facebook's API and the stunning amount of personal data (about both users and their friends) that third parties can pull from Facebook without any meaningful supervision. Even so, I can't imagine Facebook's API will continue to work as it's currently working for the indefinite future.

4) The FTC is on the way to making a clean sweep of settlements with major Silicon Valley Internet players. See our blog posts on the Twitter and Google Buzz settlements. It seems inevitable that the FTC will eventually put all of them under a monitoring program. In effect, the FTC is manufacturing de facto legislation through its Silicon Valley tour-de-force.

5) Add in the DOJ's extraordinary attention to the Silicon Valley, especially Google, and it's clear that DC regulators intend to have the final word about Silicon Valley business practices.

Posted by Venkat at 11:42 AM | Privacy/Security

November 28, 2011

Court OKs Private Seizure of Domain Names Which Allegedly Sold Counterfeit Goods--Chanel, Inc. v. Does

[Post by Venkat Balasubramani]

Chanel, Inc. v. Does, et al., 11-cv-01508-KJD-PAL (D. Nev.) (Sept. 26, 2011 Order) (Oct. 11, 2011 Order) (Nov. 14, 2011 Order)

Luxury brand Chanel has engaged in a fierce campaign against counterfeit websites in federal court in Nevada. It has seized approximately six hundred domain names in the last few months.

The basic facts alleged by Chanel are nearly identical. It identifies domain names which are used to "advertise, promote, offer for sale or sell" Chanel goods, including "handbags, wallets, shoes, boots, sunglasses, tee shirts, watches, and costume jewelry." Chanel's investigative team orders goods from the sites. When the goods arrive, they identify the goods as counterfeit (i.e., they bear Chanel marks but are "non-genuine Chanel products"). Chanel also argues that the defendant websites can "transfer registrations, change registration data and content, change hosts, and redirect traffic," thus thwarting Chanel's ability to have effective recourse against the defendants.

Based on these allegations, the court first enters a TRO against approximately 400 domain names, followed by a preliminary injunction (the September 26 and October 11 orders). The second time around, the court enters a temporary restraining order and preliminary injunction aimed at approximately 200 domain names (the November 14 order).

The relief granted by the court is extraordinary in its scope, and includes:

- an injunction against the defendants prohibiting them from using any Chanel marks or selling any Chanel products;

- an injunction against the top-level domain name registry, directing it to change the registrar of record for the domain names to GoDaddy (!);

- an injunction telling GoDaddy to change the DNS data for the domain names so the domain names resolve to a site where a copy of the case documents are hosted (servingnotice.com/sdv/index.html);

- authorization for Chanel to enter the domain names into "Google's Webmaster Tools" and cancel any redirection of the domain names;

- an order requiring Google, Bing, Yahoo, Facebook, Google+, and Twitter to "de-index and/or remove [the domain names] from any search results pages."

Chanel is required to post a bond in the amount of $20,000.
__

Wow.

I'm sympathetic to the "whack-a-mole" problem rights owners face, but this relief is just extraordinarily broad and is on shaky procedural grounds.

First, I did not get a clear sense that this is an enforcement action against a single defendant. If there's no credible allegation of a conspiracy or an arrangement between whomever is behind these domain names, it strikes me as problematic for Chanel to file a placeholder lawsuit and then add or remove defendants at its convenience.

Second, it was not entirely clear why the lawsuit was in Nevada. The domain names are not registered to a registrar that is based in Nevada, and there's no clear basis for in rem jurisdiction. It's possible that plaintiff picked this jurisdiction as a matter of convenience, but there's no apparent relationship between the alleged counterfeiting activities and the State of Nevada.

Then there's the matter that some of the court's relief is directed at a variety of entities that are not parties to the dispute (including the registrars, the registry, Facebook, Twitter, Google, etc.). I'm not sure how this court can direct a registry to change a domain name's registrar of record or Google to de-list a site, but the court does so anyway. This is probably the most problematic aspect of the court's orders. [Interesting that GoDaddy was chosen as the registrar that the domain names would be transferred to.]

Finally, there's no clear basis to authorize a transfer of a defendant's property pending resolution of a lawsuit to the plaintiff. (See Bosh v. Zavala.) I don't see this as particularly problematic in this case because Chanel is not looking to liquidate the domain names, but it certainly raises due process red flags, given that this is all done with minimal (or no) notice to defendants.

On a loosely related note, TorrentFreak has a post about the latest seizure action by ICE/DOJ: "Feds Seize 130+ Domain Names in Mass Crackdown," where the feds seized a bunch of domain names that were allegedly used to sell or promote "counterfeit clothing." I'm always stumped by the timing, motivation, choice of targets, and other aspects of the DOJ's intellectual property enforcement efforts, but particularly in this context, I'm unclear as to why the DOJ puts energy towards enforcements that private parties seem to be able to accomplish on their own. (I'm sure they have their reasons, but they're never obvious to me.)

It's also worth viewing this case within the broader context of SOPA and thinking about which of the remedies obtained by Chanel in this case are ones that SOPA provides (and which have resulted in a hue and cry). (See, e.g., Eric's post: "Why I Oppose the Stop Online Piracy Act (SOPA)/E-PARASITES Act"; Techdirt: "The Definitive Post On Why SOPA And Protect IP Are Bad, Bad Ideas.") An injunction requiring Google to "de-list" sites is one remedy which SOPA expressly makes available, and ordering the registry to transfer domain names to GoDaddy and ordering GoDaddy to update the DNS records is in effect achieving another remedy which SOPA creates. The fight against SOPA may be a red herring in some ways, since IP plaintiffs are fashioning very similar remedies in court irrespective of the legislation. Thus, even if SOPA is defeated, it may turn out to be a Pyrrhic victory--opponents may win the battle but may not have gained much as a result.

Posted by Venkat at 11:21 AM | Domain Names , Trademark

Dangerous Copyright Office Proposal to Undercut the DMCA Online Safe Harbors

By Eric Goldman

In light of SOPA and its capacity to destroy the current online safe harbor scheme, it seems almost quaint to keep worrying about 17 USC 512. However, unless SOPA/PROTECT-IP passes, 512 remains an essential part of the UGC economy, and it's worth fighting to preserve the safe harbor's integrity and all of the social benefits that have flowed from it.

Recently, the Copyright Office floated a proposal that would result in websites completely losing the 512 safe harbors due to administrative technicalities. Specifically, the Copyright Office proposes to force all websites that currently have properly designated an agent for notice to re-register or they will automatically forfeit the safe harbor; then, the Copyright Office proposes to require all websites to take affirmative action to confirm their designation every two years or they will automatically forfeit the safe harbor.

Unquestionably, the proposal's net effect will be that well-meaning legitimate websites will lose their safe harbor protection due to unintentional or garden-variety clerical/administrative errors. Further, there is almost no countervailing benefit to copyright owners or the Copyright Office from the additional administrative requirements.[**] Indeed, the Copyright Office proposal inevitably will increase the litigation costs for both copyright owners and UGC websites as it gives them yet another thing to litigate over--as if 512 opinions weren't long enough already.

[**: Perhaps I've overstated things. In fact, the proposal may offer indirect benefits to both copyright owners and the Copyright Office. First, copyright owners might be happy that more UGC websites become easy targets for their lawsuits. Second, I wonder if the Copyright Office plans to use filing fees to extract more profits from UGC websites, something they didn't expressly say but I have my suspicions].

Working with Corynne McSherry of the EFF and Jason Schultz from UC Berkeley, today we filed comments to the Copyright Office proposal encouraging them to scrap this part of the proposal. Our comments are just 3 pages long, so take a look. The initial comment due date is today; reply comments are due Dec. 27.

Posted by Eric at 09:20 AM | Copyright , Derivative Liability | TrackBack

November 27, 2011

Redbox Can be Liable Under the Video Privacy Protection Act for Failure to Purge Video Rental Records -- Sterk v. Redbox

[Post by Venkat Balasubramani]

Sterk v. Redbox, 11 c 1729 (N.D. Ill. Aug 19, 2011)

Redbox is a company which rents DVDs to customers from automated, self-service kiosks, typically charging $1 per rental. The customer is required to return the DVD the following day and, if the customer fails to do so, the customer is charged a late fee. If the customer is twenty five days late, then the customer is charged the price of the DVD (at which point the customer owns the DVD).

Plaintiffs filed a putative class action, alleging that Redbox maintained customers' credit card billing information, along with their "video programming viewing histories," in violation of the provisions of the Video Privacy Protection Act. The VPPA has a section ("subsection 2710(e)") which says that:

a person subject to this section shall destroy personally identifiable information as soon as practicable, but no later than one year from the date the information is no longer necessary for the purpose for which it was collected and there are no pending requests or orders for access to such information under subsection (b)(2) or (c)(2) or pursuant to a court order.

Plaintiffs alleged that Redbox violated subsection 2710(e).

Does the VPPA Create a Private Cause of Action for Wrongful Retention of Video Rental Records: Redbox argued that the statute only provides for a private action for wrongful disclosure, not for the "wrongful retention" of video rental records. The court rejects this argument, noting that the subsection authorizing a private right of action (subsection 2710(c)) says that any person aggrieved by a violation of "this section" may file a suit.

The court interpreted the language referring to "this section" as a reference to section 2710--i.e., the entire statute. The court looks to the "House Legislative Counsel's Manual on Drafting Style," which provides a hierachical breakdown of statutes (by sections, subsections, paragraphs, subparagraphs, and clauses) and the fact that Congress adhered to this hierarchy in other parts of the statute. Redbox pointed to another part of the statute dealing with court-ordered disclosures where Congress used the term "section" arguably somewhat imprecisely to argue that Congress did not consistently use the term "section" in the statute. The court rejects this argument on the basis that provisions dealing with court ordered disclosures are contained in several different subsections, so the use of the term "section" in section 2710(b)(3) is not a mistake, or alternatively does not support the argument that Congress used the term "section" ambiguously in subsection (e).

The court also distinguished a Sixth Circuit decision (Daniel v. Cantrell) which held that only subsection (b) can form the basis of liability under the VPPA. In that case, the court held that only subsection (b) "includes language relating to liability," and if Congress intended a private right of action for violations of subsections (d) and (e), it would have included the private right of action language at the end of the statute, rather than preceding subsections (d) and (e).

Redbox also argued that the legislative history of the VPPA supported its theory that Congress did not provide for a private right of action for the wrongful retention of records, pointing to the Senate Report, which stated that the goal of the statute was to "reduce the chances that an individual's privacy will be invaded, by requiring the destruction of information in an expeditious fashion." The court says that the legislative history is inconclusive, and in any event, the court need not resort to it since the statute is not ambiguous.

Did Plaintiffs State a Claim for Wrongful Retention Under the Statute: Redbox also argued that it collected the information for the purpose of "recouping late fees," and at worst, Redbox had one year from the date of collection to purge the information. The court disagrees with Redbox and says that the statute does not say that a provider always has at least 1 year to purge the information. According to the court, this interpretation of the statute reads the phrase "as soon as practicable" out of the statute. Redbox argued alternatively that it collected the information for marketing and advertising purposes, but this is only allowed if the provider gives the customer the opportunity to opt out "in a clear and conspicuous manner." Sterk alleged that the opt-out was not conspicuous, and the court treats this as a factual dispute which cannot be resolved at the motion to dismiss stage. [Although the court does not rely on this allegation in resolving the motion to dismiss, plaintiffs alleged that Redbox changed its disclosure practices and included a more prominent link to Redbox's terms of use and privacy policy after the lawsuit was filed.]
__

Oy. I'm guessing Congressional staffers who were involved in drafting the Video Privacy Protection Act are cringing as they read this decision.

It's interesting that video rental records are carved out for such special protection under the law. (The VPPA was passed in 1988, in the wake of then-judge Robert Bork's confirmation hearings.) Imagine if we had a similar law in place for book records or web-surfing records!

At any rate, Redbox is potentially on the hook for statutory damages under the VPPA, regardless of whether it used or misused its customers' video rental records in any way. It's unclear as to whether other online "video tape service providers" are going to be tagged with similar lawsuits. Netflix is in the firing line. (See "Close-Up: Netflix Hit With Privacy Suit.") Are Amazon, Apple, and Hulu next?

The craziest part of the lawsuit is that video rental companies can avoid liability by taking the largely ministerial step of procuring their customers' consent to the disclosure of rental records. (Given that Redbox is not some bootstrapped start-up, it's surprising that it did not take this step in the first place.) Although the consent provisions don't appear to expressly insulate records retention, consent needs to be "written" if the provider wants to disclose the information in question. Recently introduced legislation, supported by Netflix, would allow consumers to give blanket authorization to disclosure by video rental companies and to provide such disclosure online. (See Tech Daily Dose: "Calling Robert Bork" (reporting on H.R. 2471.) Interestingly, the proposed legislation does not clearly cover the retention of records and only covers their use and disclosure.

[Since this ruling, Redbox move to reconsider or, in the alternative, sought permission to take an interlocutory appeal, and this motion is pending. In the meantime, the court also denied Redbox's motion to dismiss plaintiffs' consolidated amended complaint. (Here is a copy of the court's minute order denying Redbox's motion.) Redbox in its answer also asserted the affirmative defense that the statute is unconstitutional.

Also, note that the ruling is from August of this year. This one languished in the queue.]

Additional coverage:

N.D. of Ill. Judge Allows VPPA Privacy Lawsuit to Go Forward (Sedgwick)

Posted by Venkat at 08:10 AM | Privacy/Security

November 23, 2011

eBay Gets 47 USC 230 Dismissal of Products Liability Claim--Inman v. Technicolor

By Eric Goldman

Inman v. Technicolor USA, Inc., 2011 WL 5829024 (W.D. Pa. Nov. 18, 2011)

Today, I'm thankful for 47 USC 230. Whenever I think about it, I am still incredulous the law is on the books. Nowadays, Congress' agenda is bulging with proposals from rent-seeking monopolists seeking to break the Internet with the hope of goosing their short-run profits. But 15 years ago, Congress shockingly found a way to foster a new multi-billion dollar UGC industry by restricting lawyers rather than empowering them. And the benefits of the UGC industry make my life better every single day. So thank you to Congress and the foresighted members who recognized that they could do some good with a strong immunity. For more on the history of 47 USC 230 and how it helps today, see the materials we produced from our 15 year anniversary party for 47 USC 230 back in March.

What better way to give thanks for 47 USC 230 than to discuss a case where the 230 immunity got it right. Today's case involves vacuum tubes that contain mercury, some of which third party merchants resold on eBay. Inman, the plainitff, allegedly bought these vacuum tubes and contracted mercury poisoning. He sued nearly two dozen defendants, including eBay, under product liability theories.

eBay defended on several grounds, but I'll focus on 47 USC 230. This is a really easy 230 case; the immunity says eBay can't be liable for what its merchants sell, and the court has little difficulty getting to that point. The court concludes:

the CDA protects eBay from liability for Tube Zone's tortious activity in this case. Inman does not appear to dispute that eBay is an interactive computer service, as defined by 47 U.S.C. § 230(f)(2), or that Tube Zone is not affiliated with eBay beyond its use of eBay's website. It is true that Inman was injured by tortious conduct. However, whether information disseminated through a website results in a tortious act has no effect on immunity under the CDA. Like the malicious program in Green and the gun sale in Gibson, the alleged sale of vacuum tubes in this case was facilitated by communication for which eBay may not be held liable under the CDA. Therefore, to the extent Inman seeks to hold eBay liable for Tube Zone's tortious conduct, eBay is immune.

A number of prior cases have dealt, expressly or implicitly, with an attempted products liability workaround to 230's immunity. For example, Gibson v. Craigslist dealt with a criminal who bought a gun via Craigslist; and Doe v. MySpace dealt with a "premises liability" type claim. Neither claim made any headway against the 230 immunity. This case also cites some older precedent on the same track, including Green v. AOL, Stoner v. eBay and Gentry v. eBay. However, I think this is the cleanest opinion rejecting a products liability attack on 230's immunity.

The only sour note is that the court dismisses eBay without prejudice, so the plaintiff will get another opportunity to fail before 230 slams the door shut permanently.

This case is a prime example of why 47 USC 230 works so well. If eBay was liable under a product liability theory for every product sold in its marketplace, the potential liability would be enormous--eBay can't inspect the goods its merchants sell, eBay merchants sells millions of unique goods, and who knows which goods will harm victims in what way. eBay could act as the ultimate insurer of all of these harms, but only at extreme cost; and requiring that level of insurance would erect enormous barriers to entry and suppress any possibility of innovation. Meanwhile, there are plenty of other defendants for a claim like this, starting with the manufacturers who put mercury into their vacuum tubes. So making eBay an additional defendant does little to help plaintiffs but would subtract a lot from our economy. Avoiding outcomes like that satisfies me even more than a (faux) turkey dinner. Happy Thanksgiving!

Posted by Eric at 09:48 AM | Derivative Liability | TrackBack

November 22, 2011

Court Awards Damages for Wrongful Disruption of Web Presence -- Ordonez v. Icon Sky Holdings

[Post by Venkat Balasubramani]

Ordonez v. Icon Sky Holdings LLC, 10-cv-60156-PAS (S.D. Fla. Aug. 30, 2011)

This was another dispute involving two parties who jockeyed for control of an online presence. I guess you could say that one “jacked” the other’s presence.

Elizabeth Ordonez is a dancer, model, actress, choreographer (etc.) and is known by her fans as “Elizabeth Sky.” She sued Nisha Elizabeth George and her entity Icon Sky Holdings alleging that Icon Sky wrongly obtained a trademark registration for “ELIZABETH SKY” and went on a campaign to disrupt Ordonez’s web presence. George allegedly sent letters to ModelMayhem, Twitter, MySpace, and Facebook, all of whom took down Ordonez’s content, account, or forced Ordonez to change her name.

Ownership of the mark: As far as which of the two parties should be entitled to use the ELIZABETH SKY mark, the facts were pretty unfavorable to George and Icon Sky. Ordonez had been using Elizabeth Sky as a stage name for many years, and the court described some pretty serious irregularities in George’s procurement of the trademark. George was aware of that Ordonez was the senior user, and submitted a specimen that wasn’t really a specimen (it was the exact same specimen which George submitted for another trademark application, but appeard to have been “graphically edited”).

Athough it was a default case, the court easily disposes of the trademark issue. The court finds that George was the junior user and used the ELIZABETH SKY mark in connection wich similar goods and services. This is sufficient for the court to find for plaintiff on her Lanham Act and state law unfair competition claims and this entitles Ordonez to injunctive relief as to George’s use of the ELIZABETH SKY mark.

Tortious interference: Plaintiff also prevailed on her tortious interference claims, which were premised on George’s interference with the contractual relationships between plaintiff and various social networks. The court found that (1) there was a contractual relationship, (2) George knew about this relationship (since she signed up for the services, she was aware of the applicable terms of use), (3) an intentional and unjustified interference, (4) which caused damage. In addition to the social networks, George also demanded that other website take down content which plaintiff had put up. The court found that Ordonez was damaged because her business contacts “discontinued showcasing plaintiff on their websites for fear of being sued,” and many entertainment industry professionals “stopped requesting plaintiff for jobs.”

Libel per se: Finally, plaintiff made out a claim for libel because George falsely accused plaintiff of identity theft. Since identify theft is an “infamous crime,” the court says that plaintiff satisfied the elements of libel per se and did not need to prove damages from George’s statements.

Relief: The court grants plaintiff injunctive relief with respect to the trademark issue and enjoins defendants from continuing to use the mark. Plaintiff also asked to freeze certain of George’s domain names but the court denies this relief since the complaint did not specifically allege a cause of action under the ACPA. Finally, the court awards $81,000 in damages. The bulk of the damages were for plaintiff’s tortious interference claim, and plaintiff put forth evidence that it cost her $78,000 to build her “online presence” – ten hours per week at $50 per hour (over a period of three years). She sought $243,000 in damages for performances that plaintiff’s booking company refused to book because of George’s actions, but the court found the evidence flimsy on this point (and duplicative of the $78,000 in damages it already awarded). The court awards $3000 for lost booking.
__

Eric has blogged a bunch about brands dueling on social networks via takedowns. The Complexions spa case: “Business Sues Facebook to Restore Its Fan Page” and the Ozimals case “Second Life Ordered to Stop Honoring a Copyright Owner's Takedown Notices” are two recent examples. In both of those cases, the networks ended up embroiled in the dispute whereas here Ordonez went after the alleged wrongdoer directly. A user can be enjoined from sending improper takedown notices, but it’s legally questionable as to whether a court can force a network to put someone’s webpage back online (both from a First Amendment and section 230 filtering standpoint, the network should be able to keep content off-line). This particular case is a trademark case, but in the copyright context, section 512 provides some applicable rules: Wrongful takedowns can result in money damages (Lenz), Someone can be enjoined from sending bogus takedown notices (Design Furnishings v. Zen Path), and an intermediary can be enjoined from providing access to a piece of content (section 512(j)).

The interesting thing about this dispute is how the networks in question readily took down plaintiff’s webpages and content. It’s unclear as to whether George went to Facebook, Twitter, and YouTube and waved around the trademark registration—from the court’s recitation of the facts, it did not seem like George was armed with a registration when she complained to the various networks. It’s tough to draw any conclusions from this case, but my instinct is that networks are more than willing to honor takedown notices without closely scrutinizing them, although at times it seems like networks have their own (sometimes maddening) administrative mazes in place.

This is a rare ruling awarding damages to a plaintiff who is claiming tortious interference based on a wrongful takedown. Where the takedown is based on copyright ownership, there may be a preemption issue, so it’s not easy to assert a tortious interference claim based on a copyright takedown notice. (See the Ozimals ruling, “17 USC 512(f) Preempts State Law Claims Over Bogus Copyright Takedown Notices” but see the Smith v. Summit Entertainment case: “17 USC 512(f) Claim Against 'Twilight' Studio Survives Motion to Dismiss” and Rossi v. MPAA. Where a copyright takedown is involved, a plaintiff is better off proceeding under section 512(f).)

Since this case was resolved on a default motion, it’s unclear as to whether in a contested case damages are viable. At any rate, this is one additional datapoint that people who submit takedowns want to keep mind. You can be liable under section 512 if you send a wrongful DMCA takedown, but you may also face liability for tortious interference for causing a network to take someone’s web presence off-line.

Posted by Venkat at 09:39 AM | Publicity/Privacy Rights , Trademark

November 21, 2011

Can A Copyright Be Assigned By Email?--Hermosilla v. Coca-Cola

By John Ottaviani with comments from Venkat and Eric

Vergara Hermosilla v. The Coca Cola Company, No. 11-11317 (11th Cir. Nov. 3, 2011).

Can a copyright be assigned by an exchange of emails? Section 204(a) of the Copyright Act provides that a transfer of copyright ownership is not valid unless an instrument of conveyance, or a note or memorandum of the transfer, is in writing and signed by the owner of the rights conveyed or by such owner’s duly authorized agent. The 11th Circuit has recently affirmed a lower court’s decision that an exchange of emails was sufficient to constitute a contract to assign a copyright. The court’s decision, however, does not seem to adequately address whether the email exchange satisfies the “writing” requirement in Section 204.

Background

The dispute arises out of Coca Cola’s worldwide marketing campaign for the 2010 FIFA World Cup soccer tournament. As part of its advertising campaign, Coca Cola enlisted recording artist K’Naan to create a new version of his song “Wavin’ Flag,” and called the new version the “Celebration Mix.” Coca Cola had certain lyrics in the “Celebration Mix” adapted and sung in different languages by local artists and K’Naan. In 2009, Coca Cola contacted Jose Puig, a representative of Universal Music Latin America, to produce a Spanish version of the Celebration Mix. The Spanish lyrics were to be sung by David Bisbal, a Spanish language singer. Puig was referred to the plaintiff, Rafael Vergara Hermosilla, in November 2009. Vergara adapted the Celebration Mix into Spanish, and subsequently delivered the Spanish lyrics to Puig in December 2009. A dispute later arose over Vergara’s compensation for the adaptation.

Puig and Vergara negotiated a settlement. After a phone conversation about the terms of the deal, Vergara wrote this email:

[B]ecause I am a man of my word and honor, that is not moved by economic motives, my only request is the my credits are respected as producer and adapter of the Spanish version (that every time the name of any composer of this version appears, my name appears as adapter), and obviously, the credits for the production that are detailed in the invoice sent for this production, which I have detailed below.

For the adaption, you may consider it a work for hire with no economic compensation to that respect. I believe what’s legal is a dollar.

I hope this leaves clear what my work was and what my good intentions were from the beginning.

The next day, Puig responded by email to Vergara to the effect that “You can count on the credits on the track. I am resending you the contract.”

Puig subsequently sent draft contracts confirming the assignment, but inadvertently omitted the provisions that would give Vergara the credits. So Vergara rejected what he characterized as his “proposal” and filed a lawsuit in the Southern District of Florida to enjoin Coca Cola from using the Spanish version of the Celebration Mix without giving him proper credit.

After initially enjoining Coca Cola in May 2010 from disseminating the Spanish version of the Celebration Mix without giving credit to Vergara as the adapter, in February 2011 the District Court granted a summary judgment in favor of Coca Cola. The district court found that the e-mail exchange constituted an assignment by Vergara of his copyright in the adapted lyrics. The court characterized the exchange of emails as an offer and acceptance, “and at that moment the deal was made irrevocable.” The court determined that Puig’s sending of formal contracts that did not reflect all of the terms of the earlier emails was not a “counteroffer which is labeled as an acceptance, but adds new terms” (which typically is not binding under Restatement (Second) of Contracts §59), but was an offer to modify an existing contract. Although Vergara rejected this offer, the court found that this did not impact the initial agreement to assign the copyright.

In a brief aside, the district court also recognized that Section 204 of the Copyright Act requires a signed writing for a conveyance. However, the district court simply noted without discussion that “Courts have found emails to constitute signed writings.” (citing Lemel v. Mattel, Inc., 394 F.3rd 1355 (Fed. Cir. 2005) and the federal E-Sign Act).

11th Circuit Decision

The 11th Circuit opinion is relatively short and to the point. After reciting the facts, the 11th Circuit found that, under Florida law, “the record established without dispute that Vergara assigned his copyright interests to Universal.” The court used a traditional contract analysis to characterize Vergara’s e-mail as an offer and Puig’s e-mail as an unconditional acceptance, which together were effective to create a contract.

Discussion

Unfortunately, while the 11th Circuit found that the e-mail exchange constituted a binding contract under Florida law, the court did not address whether the e-mail exchange constituted a “writing” for purposes of Section 204 of the Copyright Act. Prior to the adoption of the E-Sign law, courts differed as to whether an e-mail exchange would satisfy the writing requirements of Section 204. Section 7001(a)(2) of the federal E-Sign Act, which was enacted in 2000, provides in relevant part that “a contract relating to [a transaction in or affecting interstate or foreign commerce] may not be denied legal effect, validly or enforceable solely because an electronic signature or an electronic record was used in its formation.”

Few courts have addressed what consitutes a "writing" for purposes of E-Sign. Earlier this year, the Arkansas Supreme Court found that a waiver of coverage in an online insurance application constitutes a "writing" for purposes of the Arkansas insurance law requirng such waivers to be in writing. In 2010, the federal district court in Colorado found that an e-mail summary of a settlement meeting could consitute a "writing" for purposes of the Colorado Statute of Frauds, but that the summary could not be enforced as a contract because it was written by an administrative assistant and was not "subscribed by the party to be charged."

But does E-Sign apply to transactions involving transfers of copyrights? Professor Nimmer notes that “[n]othing about the ESIGN Act overtly mentions copyrights in particular or other federal enactments in general.” He further notes that E-Sign does purport to apply “to any transaction in or affecting interstate or foreign commerce,” with some exceptions. It remains to be seem, then whether courts will treat e-mail as having sufficient formalities to satisfy the writing requirement in Section 204 of the Copyright Act.

The 11th Circuit decision also ignored the fact that Vergara’s email characterized the adaptation as a “work made for hire.” Would the decision have come out any differently if analyzed under the “work made for hire” provisions? Probably not. Under Section 101 of the Copyright Act, certain works qualify as a work made for hire if “the parties expressly agree in a written instrument signed by them that the work shall be considered a work made for hire.” The court did not discuss the question whether the adaptation qualified as one of these specially ordered works (at best it might be viewed as a part of an audio visual work, or as a translation, but probably not). Even if the adaptation did qualify as a work that could potentially be a “work made for hire,” does the exchange of emails constitute “a written instrument signed by them?” I find it harder to classify the exchange of e-mails as an “instrument’ within the meaning of the work made for hire definition. This may be why the 11th Circuit decided the issue on contract grounds, but it would have been nice to have some analysis of this issue.
_________

Comment from Venkat:

This is a great post by John that delves into the interplay between the federal ESIGN Act and the Copyright Act. I wonder whether an email disclaimer would have affected the analysis. There’s been a lot written on the efficacy and the desirability of email disclaimers in other contexts, but I wonder if an email disclaimer that said

Nothing in this email is intended as an offer and the author disclaims any intention to make an offer or create an enforceable agreement through any email messages. Any agreement with the author of this email must be in a signed paper document!

would have protected Hermosilla? I’m guessing the court would have said that Hermosilla’s unequivocal intent to reach an agreement trumped anything in an email disclaimer. It may not have been useful here, but it would be useful in other contexts, such as where people exchange email messages in an attempt to settle a dispute and one party tries to use an email along the way to say that the parties reached a settlement and tries to enforce a settlement on this basis. I’m not a fan of email disclaimers, but this type of a disclaimer may be worth exploring.
_________

Eric's comments.

To me, the legal doctrine in this case seems pretty straightforward. If the parties formed a contract or did a proper contract amendment, the fact that the contract was made via email should satisfy the Section 204 "writing" requirement per E-SIGN/UETA. After all, Section 204 is a statute of fraud, and E-SIGN/UETA were designed to say that emails satisfy the statute of frauds. See, e.g., the many real estate cases reaching this result and John E. Theuman, Satisfaction of Statute of Frauds by E-Mail, 110 A.L.R.5th 27 (2003). I don't see any reason why copyright law would be handled differently under E-SIGN or UETA. My analysis is the same for the "work for hire" statute of fraud.

For me, the harder part is whether the email exchange properly formed a contract/contract amendment and, if it did, if Coca-Cola (or its assignor) violated one of the contractual conditions such that their failure to perform negated the contract. If this situation didn't have a whiff of the content creator changing his mind with venal intent, I think other courts might have been more sympathetic on that point.

Posted by John Ottaviani at 08:50 AM | Copyright , E-Commerce , Licensing/Contracts | TrackBack

November 17, 2011

App Developer RockYou Settles Privacy Lawsuit--Claridge v. RockYou

[Post by Venkat Balasubramani with comments from Eric]

Claridge v. RockYou, 09-CV-6032-PJH (N.D. Cal.; Nov. 14, 2011) (settlement pending court approval)

Eric and I previously blogged about the opinion in Claridge v. RockYou, where the court tentatively recognized the theory that personal information may be an end user's property and thus a misappropriation of that data can satisfy Article III standing. ("Judge Recognizes Loss of Value to PII as Basis of Standing for Data Breach Plaintiff.") RockYou is an app developer who claimed to have 130 million unique customers using its apps on a monthly basis. It was hit with a security breach, which allegedly affected the log-in credentials of 32 million RockYou users. Claridge sued, and RockYou and Claridge settled the dispute.

The principal terms of the settlement:

- RockYou consents to an injunction for 36 months, requiring it to undergo two audits during this time (the audits will be conducted by an independent third party selected by "defendant") [i.e., RockYou];

- RockYou is bound by the injunction to the extent it continues to collect consumer information "as alleged in the" lawsuit;

- Claridge gets $2,000 for his time and efforts, and plaintiff's counsel gets $290,000;

- RockYou "represents and warrants that it is financially unable to provide the monetary relief sought by [Claridge]".

The settlement is subject to court approval and only resolves the claims for injunctive and declaratory relief with prejudice as to the proposed class. Someone else is not precluded from bringing another class action, but they have to seek money damages and cannot rely on injunctive relief.
__

The court/agency-monitored audit requirement is in vogue. Soon, it's possible that every single network will have a court or agency imposed requirement to undergo periodic privacy/security audits. (As part of settlements with the FTC, Twitter and Google agreed to periodic audits.) The efficacy of these audits is not clear and surely depends on the scope of the audit and who conducts it. In this case, the audit requirement is toothless since RockYou chooses its auditor. There is also no discussion of what action on RockYou's part facilitated the breach and what corrective steps it would take.

Paragraph 2 of the settlement was confusing. RockYou is only bound by the injunction to the extent it continues to collect and maintain information as alleged in the complaint? Or is RockYou indefinitely subject to the injunction if it continues to collect and maintain such information? How much does RockYou have to change its business practices such that it's not bound by the injunction? Something broader, that required RockYou to be bound any time it collected consumer information, makes more sense. Also, what happens to the information RockYou previously collected if it "exits the business"?

The attorneys' fees figure in this settlement ($290,000) is significantly less than what has been paid in previous cases (Google Buzz: $2.5mm; TD Ameritrade: $500K, knocked down from $1.8mm; Facebook Beacon: $2.8mm, currently on appeal to the 9th Circuit).

I'm not sure if the attorneys' fees figure is related to this, but RockYou's representation that it is "financially unable" to shell out money to the Proposed Class was worth noting. Does this mean it's on the ropes financially? It's interesting that Claridge did not go after the platforms the RockYou apps were run on top of. The responsibility of networks and platforms to police the conduct of app developers is a brewing issue.

Of course, one downside of the settlement is that the court's earlier order remains on the books.

Eric's comments

This is an odd settlement. The plaintiff class got virtually nothing from RockYou--no relief for the class and de minimis promises from RockYou. The plaintiff's lawyer didn't even get a particularly big payday, although they do expect to get paid even if the "victims" don't get a dime. This financial dichotomy makes me wonder if the judge will approve this settlement. I would expect the judge to ask more questions about RockYou's purported poverty (see Paragraph 5) given it's the excuse for not paying anything to the class. Paragraph 5 sounded to me more like a preference (RockYou would prefer not to pay out more money) than a necessity (RockYou is on death's door). RockYou clearly isn't raking in the dough--it just laid off over half its staff--but they are claiming they'll be profitable within the next year, they have raised nearly $130M in financings, and they surely have cash remaining in the bank.

Because the lawyers are getting paid while the class is getting bubkus, the judge surely can't miss the possibility that the lawyers sold out the class to advance their own profit-seeking interests. That would be a good basis to reject the settlement. Personally, I hope the judge does reject it so that the plaintiff's lawyers don't even get these crumbs and so that RockYou will keep litigating to demonstrate the lack of merit to the plaintiffs' claims.

The ongoing promises by RockYou are ambiguous. There's a fatal typo in the settlement agreement. Paragraph 2 reads "RockYou’s shall be bound by the injunction described in Section 2.1 above, so long as it is engaged in the business of collecting and maintaining consumer records as alleged in the Action." Putting aside the minor typo (the possessive "RockYou's"), the provision references "Section 2.1 above," which doesn't exist. Unlike Venkat, I have no idea what additional obligations RockYou is undertaking other than the 2 audits referenced in Paragraph 1.

It's a bummer the agreement leaves the existing opinion in place. I wish the parties had agreed to ask the judge to vacate it. Even though other courts haven't embraced the judge's data-as-valuable-property argument (see, e.g., the Low v. LinkedIn opinion), with the opinion still on the books, plaintiffs will keep citing it (and clearing the Rule 11 bar) until an appellate court wipes it away--a result that could take years. Until then, the existing opinion gives plaintiffs false hope, spurring many more meritless actions. Just what we need.

Posted by Venkat at 03:08 PM | Privacy/Security

November 15, 2011

Why I Oppose the Stop Online Piracy Act (SOPA)/E-PARASITES Act

By Eric Goldman

[Note: I've been working on this post for about 2 weeks, so my apologies if my comments are duplicative of the intervening discussion about the bill]

The DMCA online safe harbors have worked pretty well over the past 13 years. I don't know that anyone loves the compromise, but everyone seems to have done OK. We've seen an explosion of UGC websites fueled by the safe harbor, and content owners as an industry have done pretty well for themselves financially and have developed a working relationship with most major UGC sites.

The Stop Online Piracy Act, with its ridiculously named subpart the "E-PARASITE Act," doesn't expressly modify 17 USC 512. Nevertheless, it is a full-fledged assault on the safe harbor's scheme. It employs the same basic notice-and-takedown structure of 512, but it applies the cutoff obligations to payment processors and ad networks (thus effectively reversing Perfect 10 v. ccBill and Perfect 10 v. Visa), expands--for the first time--the takedown obligations to trademarks (thus embracing and expanding Gucci v. Frontline), expands the takedown obligations to cover anti-circumvention in addition to the 17 USC 106 rights, expands the reasons why a rightsowner can complain, and does not give the governed intermediaries any business incentive to stand up for user content. On the latter point, because SOPA is designed to cut off the cash, each and every UGC item potentially jeopardizes its entire economic enterprise of a website hosting it. In other words, if the website goes offline because of cash flow problems caused by the cutoff attributable to a single UGC content item, all of the UGC on that website goes dark because of a single content item. Talk about collateral damage.

Thus, among other adverse consequences, if SOPA passed, it effectively repeals 17 USC 512 by shifting most of the action to the notice-and-takedown process in SOPA. In doing so, SOPA radically changes the balance between content owners and UGC websites. Despite the FUD from the content industry and other bill supporters about the supposedly serious problems caused by "rogue" websites and the supposedly fine-grained targeting of this bill, make no mistake--this law mortally threatens the entire UGC community.

There are a lot of other serious problems with the law and I'll discuss a few in a moment, but let me step back for a moment. Some legislative proposals, even if everyone knows they won't pass, are nevertheless useful for sparking healthy conversation among disparate communities. SOPA is not such a law. It doesn't seek to engender productive conversations. Instead, it goes out of its way to pit Silicon Valley v. Hollywood. This fosters unhealthy and antagonistic conversations, and the ongoing battle between the two diverts valuable resources that could be used to enrich both communities. See, e.g., the $100M+ that Google has spent fighting Viacom in the YouTube lawsuit--a huge amount of money that could have been instead invested in new services that benefit consumers, help rightsowners make more money and generally improve society.

Further, this law represents the worst kind of rent-seeking we see from incumbent industries. One approach to drafting legislation is to put so many objectionable concepts into a single bill that the opponents feel like they won if they clean up 50% of the problems, but that still leaves the other 50% of nasties to get through the system. I find it dispiriting that we must spend a lot of resources just to preserve the status quo from this type of industry overreaching. I support democracy for the reasons articulated by Winston Churchill, but I wished I lived in a democracy where attempts at legislative manipulation like SOPA were obviously DOA and led to its proponents suffering appropriately adverse consequences for their overreach.

In addition to the trumping of the 512 notice-and-takedown provisions, other major structural deficiencies of the law include:

* attempting to reinstantiate geographic borders on the Internet. Perhaps rebordering the Internet is inevitable, but it's bad policy for the United States to be cutting off transborder data flows, even for the putatively noble purpose of suppressing copyright infringement. Basically, the law provides a roadmap to foreign governments on how to reinstantiate geographic borders over their Internet connections, and they won't limit their censorship to copyright infringement. Instead, they'll go for the whole enchilada to restrict every type of foreign content the governments object to. (It seems virtually inevitable that we'll do the same in the US too, but that's a separate post). It will be hard for us to criticize those foreign governments' efforts because we taught them how to do it. The retort that we only deemed border reinstantiation worthy for copyright infringement and no other content type will ring hollow. When the Internet balkanizes into the US Internet, which looks nothing like the Egypt Internet, we'll have no one to blame but ourselves. I encourage the act's proponents to think very carefully whether such a Balkanized Internet will make them less money in the long run.

* The imposition of cutoff obligations on a wide variety of intermediaries, including Internet access providers and search engines in addition to the payment processors and ad networks I discussed above.

* Terms that don't lend themselves to precise statutory definitions, including "Internet advertising service," "Internet search engine," and "Internet site." All of these definitions are broad, ambiguous and based on assumptions about current technology. They don't make sense today and will look even sillier 10 years from now.

* the complete absence of empirical evidence supporting the need for any changes, or that the proposed changes fix any important problem. The collateral consequences would be unacceptable even if this evidence existed; without it, it's hard to interpret this law as a good faith effort to improve society.

While most of the discussion has been justifiably focused on the cutoff provisions, I also want to call your attention to Section 205 of SOPA. The way I read it, it proposes to build a huge bureaucracy of foreign diplomats whose sole job is to advance the interests of US IP owners in foreign countries. We already have problems with USTRs being IP maximalists, but this section would dramatically expand the number of IP maximalists in the US diplomatic corps. I'm not sure I have a good handle on all of the implications, but it seems like (1) we'll have more opportunities for the revolving door from IP owners to government and back, (2) this will further inculcate the agenda of legacy/incumbent IP industries into our government policy, and (3) we will have more boots on the ground to push the US IP maximalist agenda on other countries as part of our doctrinal imperialism.

There has been a lot of commentary about the bills. Some links worth exploring:

EFF Coverage

SOPA: Hollywood Finally Gets A Chance to Break the Internet (an excellent single-stop resource to begin your research)

Proposed Copyright Bill Threatens Whistleblowing and Human Rights

Techdirt

[I know you're already reading Techdirt, but no one is doing a better job of chronicling the day-to-day SOPA developments than Mike Masnick.]

E-PARASITE Bill: 'The End Of The Internet As We Know It'

MPAA Helped Police Seize 'Pirated' DVDs That Were Actually Fully Authorized [a must-read article of how content owners who should know better nevertheless mistakenly accuse legitimate businesses of infringing activity and, using the power of law enforcement, shut down legitimate businesses and cost Americans jobs]

Go Daddy Supports E-PARASITE Legislation Even Though Its Own Site Is Dedicated To Theft Of Property Under Terms Of The Bill

Viacom Exec: 'Everyone Knows A Rogue Site When They See One'… Except He Doesn't

Others

Larry Downes, News.com, SOPA: Hollywood's latest effort to turn back time

Future of Music Coalition, Coming Clean on SOPA

Rebecca MacKinnon, New York Times, Stop the Great Firewall of America

Public Knowledge, SOPA and Section 1201: A Frightening Combination

James Temple, San Francisco Chronicle, Stop Online Piracy Act would stop online innovation

What You Can Do

If your member of Congress is supporting the law, remember that fact come election time. Before then, some things you can do today:

Contact your legislator

Sign the petition at Whitehouse.gov

Sign the petition at Avaaz

If you qualify, sign the Educators' Letter to Congress

Posted by Eric at 08:16 PM | Copyright , Derivative Liability , Trademark | TrackBack

November 14, 2011

LinkedIn Beats Referrer URL Privacy Class Action on Article III Standing Grounds--Low v. LinkedIn

[Post by Venkat Balasubramani with comments from Eric]

Low v. LinkedIn, 2011 WL 5509848 (N.D. Ca.; Nov. 11, 2011)

Low brought a putative class action against LinkedIn, complaining about the fact that LinkedIn "allows transmission of users' personally identifiable browsing history and other personal information to third parties, including advertisers, marketing companies, data brokers, and web tracking companies . . . " He asserted a variety of different claims, including under the Stored Communications Act, the California Constitution, breach of contract, conversion, and California consumer protection statutes. The Court finds that Low failed to satisfy Article III standing and dismisses (with leave to amend).

The complaint alleged that LinkedIn assigned users unique user IDs, and LinkedIn "links and transmits the user ID number to third party tracking IDs ('cookies')." This allows third parties to track the online browsing histories of users, which is linked to LinkedIn's unique user ID (using which third parties can probably determine the identity of the user). [It's unclear from the ruling whether transmitting the user ID is a mistake on LinkedIn's part or whether it was all part of some nefarious Orwellian scheme to track everything and everyone. It was also unclear whether LinkedIn was allegedly compensated for this. I didn't check, but I presume LinkedIn has taken corrective measures.]

Emotional harm: Low argued that he suffered "embarrassment and humiliation caused by the disclosure of his personally identifiable browsing history." But apart from a general allegation that the disclosure of someone's browsing history to third parties would be embarrassing, Low failed to highlight what information was actually disclosed. Additionally, Low also failed to allege that a third party actually linked the browsing history with his identity, as opposed to his LinkedIn unique ID. To the extent Low tried to rely on the future disclosure of information the court says that this is too conjectural and hypothetical.

Economic harm: Low's argument for how he had been economically harmed by LinkedIn's practices was that his browsing history was a marketable piece of property and he was not compensated for LinkedIn's transfer of this property to third parties. The court recaps the cases on this issue (Specific Media; In re iPhone App Litigation; DoubleClick; In re JetBlue) and says Low failed to allege how he was economically harmed by LinkedIn's practices. In particular, the court says Low failed to allege how he was prevented from capitalizing on the value of his personal data. Low cited to Krottner v. Starbucks and Doe 1 v. AOL and argued that the mere disclosure of personal information may create standing. The court says that these cases are distinguishable in that they involved the disclosure of sensitive or private information. Krottner involved the theft of a laptop which contained the private information of employees, including names, addresses, and social security numbers. Although the Ninth Circuit said that plaintiffs were not entitled to relief since they were provided credit monitoring, the court found that loss of sensitive information was enough to satisfy standing. The AOL ('search Valdez') case involved the packaging and distribution of a huge quantity of search data, which included similarly sensitive information, along with sensitive search information. In this case, the court says that Low's allegations are easily distinguishable from Krottner and AOL, and are not sufficient:

Low has not alleged that his credit card number, address, and social security number have been stolen or published or that he is a likely target of identity theft as a result of LinkedIn's practices. Nor has Low alleged that his sensitive personal information has been exposed to the public. Indeed, the Plaintiff has failed to put forth a coherent theory of how his personal information was disclosed or transferred to third parties, and how it has harmed him. Accordingly, Low has failed to allege an injury-in-fact.

The court also footnotes the issue that violation of a statutory right may in some cases confer standing on a plaintiff, but does not delve into it since plaintiff did not raise this issue and plaintiff was given leave to amend.
__

This is a helpful order because it recaps many of the recent cases dealing with the issue of what type of harm a plaintiff must allege. Judge Koh, who wrote the order dismissing plaintiff's claims, also authored the iPhone Privacy opinion, where she methodically picked apart plaintiff's claims. (See iPhone Privacy Class Action Dismissed for Lack of Standing -- In re iPhone App. Litigation.) Judges in the Northern District of California have heard a slew of potential class action privacy lawsuits over the last couple of years and have almost uniformly rejected them. One of the common problems in these cases is that the plaintiffs are not able to articulate with much clarity what practices they are complaining of and how exactly the practices harmed the plaintiff. What often spurs these lawsuits is a research finding or a media report about a company's practice. The lawsuit does not start with the plaintiff who suffers an injury or a negative consequence.

The idea that a company's exploitation of your browsing history or viewing habits causes you economic injury is not getting much traction. Courts are mostly saying that in order to allege economic damages, it's not sufficient to argue that the information has some value in an advertiser or a network's hands--you have to allege that their use of the information somehow impeded your ability to exploit the information. To my knowledge, the RockYou case is the only one to accept the "PII as property" argument, but the court did so reluctantly, and expressed skepticism over the ultimate fate of this theory. (Here's my earlier blog post on the RockYou case: "Judge Recognizes Loss of Value to PII as Basis of Standing for Data Breach Plaintiff.")

This is not the end of the road for this case, as the court grants leave to amend the complaint, but the court says clearly what type of injury the plaintiff has to allege, and I'm somewhat skeptical that the plaintiff will achieve a better result in round 2.

_____

Eric's Comments

1) LinkedIn should never have included a unique ID in its referrer URLs. Same with the other websites that undertook the practice. That was an avoidable error on their parts.

2) Article III standing is an awkward way of disposing of the referrer URL cases. However, at this point, knowing that defendants are going to bring an Article III challenge, it's becoming embarrassing for plaintiffs' lawyers to bring such weak arguments about the plaintiffs' harms. If you're going to bring a privacy lawsuit, find a plaintiff who actually suffered tangible harms and then allege those harms. If you can't, let it go.

3) Allegations of "embarrassment and humiliation" as the harm for Article III standing in a privacy class action suit, without specific facts explaining how, should always fail.

4) I thought the whole "data as property" meme died a decade ago. I agree with Venkat that the RockYou case hasn't opened up a hole for the plaintiffs, but it's too bad that court gave the glimmer of hope to the plaintiffs.

5) I know why Judge Koh gave the plaintiffs another chance, but I'll be surprised if they do any better on round 2. I hope future judges will squelch these low-merit privacy suits even more quickly as the plaintiffs continue to make the same pleading errors over and over again.

Posted by Venkat at 01:20 PM | Privacy/Security

November 10, 2011

Courts Says Employer's Lawsuit Against Ex-Employee Over Retention and Use of Twitter Account can Proceed--PhoneDog v. Kravitz

[Post by Venkat Balasubramani]

PhoneDog v. Kravitz, 2011 WL 5415612 (N.D. Ca.; Nov. 8, 2011)

Another day, another post-employment dispute over a social media account.

In this case, Noah Kravitz worked for PhoneDog, which is an "interactive mobile news and reviews web resource." Kravitz worked as a reviewer and video blogger. He used the "@PhoneDog_Noah" twitter account, and it amassed approximately seventeen thousand followers. When he left, PhoneDog asked for the account "back" but he demurred, instead changing the account handle from @PhoneDog_Noah to "@noahkravitz". PhoneDog sued, asserting claims for (1) misappropriation of trade secrets, (2) interference with economic advantage; and (3) conversion.

Trade secret claim: Kravitz argued that there was no "trade secret" information, because the followers of the account are not secret and are publicly discernable. The passwords he argued merely allow an individual logging on to the account to view the publicly known follower information. He also argued that PhoneDog did not adequately safeguard the password information and treat is a trade secret. The court punts on the issue and says:

PhoneDog has sufficiently described the subject matter of the trade secret with sufficient particularity and has alleged that, despite its demand that Mr. Kravitz relinquish use of the password and Account, he has refused to do so. At this stage, these allegations are sufficient to state a claim. Further, to the extent that Mr. Kravitz has challenged whether the password and Account followers are trade secrets and whether Mr. Kravitz's conduct constitutes misappropriation requires consideration of evidence beyond the scope of the pleading.

Economic advantage claim: The court rejects the interference with economic advantage claim, saying that PhoneDog's allegations were muddled on this issue. It was unclear as to whether PhoneDog was saying Kravitz interfered with PhoneDog's relationship with account followers or with its subscribers or consumers more generally. The court also says PhoneDog failed to connect the dots with respect to any harm based on advertiser relationships, or even any economic harm generally. [I hope PhoneDog was not making a claim based on its vicarious relationship with followers of the @PhoneDog_Noah Twitter account--we all know how tenuous social media relationships are!]

Conversion: The court declines to dismiss the conversion claim, saying that PhoneDog alleged it had the right to possession over the account, and "the nature of that claim is at the core of this lawsuit and cannot be determined on the present record."

This is the scenario that many people speculated about when Rick Sanchez left CNN--would Sanchez get to keep his Twitter account? ("Who 'Owns' A Twitter Account: Employer Or Employee?") Sanchez ultimately kept the account and changed the name. (See: "Ex-CNN anchor Sanchez keeps his Twitter account, changes the name.") I don't think this decision does much to move the needle either way, as it punts on the bulk of the issues.

I end up somewhat skeptical on both of PhoneDog's remaining claims.

Was the password really a trade secret? Is an account's follower list a trade secret? Social media account information does not fit nicely within the trade secret box. "Customer lists" historically were a classic trade secret, but when customer lists are now published publicly and capable of being mined, does that concept go away? Even if the list were public, could anyone "download" the list? Could Noah have contacted the list any other way than through the account that he's supposed to turn over? What if Noah had posted a "goodbye" tweet saying "follow me at [new account name]"? With respect to the conversion issue, the court's analysis was disappointingly brief. It's interesting that, in this case, PhoneDog has its own Twitter account and this particular account was one set up specifically for Kravitz--it's not as if he took the company's one and only Twitter account. One other claim you often see discussed in this context is a trademark-based claim. Kravitz likely averted these by changing the name of the account, and presumably removing any PhoneDog branding elements.

The takeaway is to have a written agreement that governs this issue! I blogged about a case last month where a court resolved a social media/account ownership issue in favor of the employer, relying on a written agreement. ("Ex-Employee Converted Social Media/Website Passwords by Keeping Them From Her Employer--Ardis Health v. Nankivell.")

A somewhat interesting aspect of the dispute arose over the value of the Twitter account and followers, which was relevant to the issue of whether PhoneDog's claim for damages got over the $75,000 hurdle. (It had to satisfy the $75,000 jurisdictional threshold for diversity jurisdiction.) PhoneDog said it suffered $340,000 in damages. The account had 17,000 followers, "which according to industry standards, are each valued at $2.50." [I must admit that this caused an eyeroll.] PhoneDog said this translated into a monthly damage amount of $42,500 "for each month that [Kravitz] used the account." Kravitz on the other hand said that Twitter followers have discretion to subscribe or unsubscribe and therefore this valuation was suspect. He also argued that the value in any Twitter account "comes from . . . efforts in posting tweets and [an] individual's interest in following . . . not from the account itself." According to him, there's no evidence that an account even with a significant number of followers has any ongoing value. The court does not resolve this issue, instead finding that PhoneDog alleged enough to get over the $75,000 jurisdictional threshold. These arguments really made me wonder whether the parties were spending money on the dispute in excess of the assets they were fighting over. As in many business break ups, emotions tend to run high. This was surely a contributing factor. This case has mediation written all over it.

Posted by Venkat at 07:13 AM | Licensing/Contracts , Trade Secrets , Trespass to Chattels

November 09, 2011

Employers Demanding the Right to Remotely Wipe Employees' Phones?

By Eric Goldman

I got the following email from one of my students (I edited a little to increase the anonymity):

Recently, my spouse's company announced that it is going to implement a new policy regarding those employees using their mobile devices to check company email. These phones are personal phones, and not provided by the company. What they are proposing is that my spouse sign a release that states that the Company has the right to remotely wipe the phone (restoring it to factory settings) if they feel that any of their trade secrets have been compromised, or if the spouse loses/misplaces the phone.

My problem with this is that these are personal phones with personal information not connected to her work. Does her company have the right to wield such power, or is this over doing it?

This was the first time I'd ever heard of such a provision. Has this become a new standard, or is this company over-the-top hyper-protective of its trade secrets?

As an employee, I would not sign such a release. Further, if I were the employer, I would be reluctant to rely on the release, even if signed, to actually wipe a former employee's phone. If the employee challenged the wipe in court, I would imagine many judges would be reluctant to enforce the release, motivating them to look for reasons not to do so. If nothing else, there's a major due process problem (in the equity sense, not the legal sense). The company is the judge, jury and executioner without ever proving trade secret misappropriation, and carrying out the remote wipe could cause catastrophic data losses for the employee (and possibly for a subsequent employer). This just seems like a bad idea all around.

Please email me if you've seen a provision like this in the field before or if you know of any cases/statutes that address the situation. In the email, let me know if I can repost your email here.
_____

UPDATE: I got this response: "For what it is worth, my firm has a similar policy, though as far as I know it is only enforced technologically (by installation of remote management software) rather than by written agreement. Of course, we can opt out by using a firm-provided blackberry instead of checking work email on our personal phones; perhaps mitigating the sting somewhat."

UPDATE 2: Another response: "These are fairly common provisions to ensure the ability to protect company/client secrets if the phone is lost. Like your other commenter said, these agreements only are usually required for personal devices only when they are allowed as an option to company-provided devices. In that instance, you consent to the wipe in exchange for the convenience of carrying around only one device instead of two. The interesting legal question comes when the firm only pays for email, but retains the contract with the service provider, where you can get a Quon-like situation and potentially a claim against the company for accessing phone records even though they’re not paying for it (recall that the 9th Circuit’s SCA portions of Quon were not part of the Supreme Court’s opinion). But something to think about when you give your company access to your device."

Eric's additional thought: I'm still not seeing how the ability to remote-wipe the company-provided device prevents the leakage of trade secret info. I assume there are still ways to move trade secret information off the device...? I know some companies have developed blocking technology to prevent data leakage through forwarding emails and downloading to flash drives, and I assume this blocking technology would be on the company-issued device. But I have been skeptical that such blocking technology works very well.

UPDATE 3: Another response:

I know some employers believe they are making this 'enforceable' by requiring that the security settings be set on the phone in such a way that they can do the wipe (and effectively the employee hands the security PW of one's personal phone over to one's employer -- which to me is even more dangerous than the notion of letting them wipe it).

It does seem rather silly though in a day when many of us have our entire phone content backed up regularly, either on our home computer or now on iCloud or its equivalents -- and I know of no wiping system that would reach out to those backup copies. (And, since virtually all of our workplace emails are set up with a web-based reader anyway, or some other connection that bypasses the hyper-security of a direct connection to Exchange or whatever might be used, it's all kind of moot in the end.)

Yours is the first example I'd heard of a piece of paper on top of it all -- although I'm not surprised to hear of such. The 'policy' such as it is was often ad hoc created by the IT group, or at best a policy of the company without necessarily getting a firm OK from the employee for the right to mess up his whole life to protect the purported trade secrets. And, to be clear, apart from this piece of paper, I've been seing this going on for many years -- essentially about the time BlackBerry introduced the ability to do such a thing.

Regardless, I've seen the consequences personally when I left my last job, where I had a personal phone (albeit one I had reimbursed by the employer) that was mixed use -- job and personal -- and the realization that as I left the only way to do it was to have it all wiped out. In new job I've gone the inconvenient path of carrying the work-owned BlackBerry, which is 100% work, and my own personal smartphone, which is 100% me. And, in doing so, I've actually discovered a new joy -- There are many times I now leave the work phone at home, and I have a little more control over my life as a result as I'm not being pinged by workers 24/7. (They don't all necessarily know I'm not paying attention, which is even better.)

UPDATE 4: Another response:

This is probably more common than you might think because remote wipe of phones is a standard feature that comes with Microsoft Exchange these days. I've worked at Hewlett-Packard, Microsoft and Amazon, and all of them were set up to where they could remotely wipe your phone via Exchange if you set it up to work with corporate e-mail, regardless of whether or not the phone was personal or company owned.

In my employment contracts, there was usually a clause that said that if I put company data on a device that I personally own, that the company has the right to audit and remove data from said machine, but I have no clue how enforceable that might be....Since I work with a lot of source code for my profession, this doesn't seem that unreasonable to me.

UPDATE 5: Another response:

Such policies and the technology that enables them have become commonplace in large enterprises. Most businesses see such a policy as a trade off for not allowing the employee to use his phone for work at all. In other words, they allow the employee to use their personal phones for work purposes, but require that they submit to searches and remote wiping. Not only is there an element of trade secret protection, but also the issue of breach notification for loss of personal information under state breach notification laws, GLBA, or HITECH.

In fact, there are some applications out there that create a sandbox environment for the employer’s email, calendar, and other information and only allow partial deletion. Good for Enterprise is one such solution, though there are others. However, as you can imagine, there are a lot of issues to work through. The application on these devices can collect location information, IP address, unique device id, etc. Additionally, there are issues with employees giving consent for these types of policies in the EU. Though not impossible, most EU Data Protection Authorities view consent in workplace as coerced, therefore, not freely given. (more on that in the Article 29 Working Party documents WP48, WP114, and WP187)

When I looked into this issue, I did a brief search for cases on this issue but I was not able to find any. There are no statutes that I am aware of that would be directly on point.

UPDATE 6: Another response: "I was at a firm that did this and never thought it was a big deal. My firm gave attorneys two options for mobile devices: you could get a firm-owned Blackberry or receive your firm email on your own personal Blackberry/iPhone. If you brought your own device you agreed to allow them to remote wipe it if you reported the device as lost. I understood the intent to be preventing accidental release or discovery of confidential client information, not to prevent attorneys from deliberately leaking info; there were plenty of other ways to do that if someone wanted. I considered it a useful policy, since if I lost my phone I would want my information deleted anyway. (For what it's worth, when I left they didn't bother to/remember to wipe my phone.)"

Eric's response: I wonder if lawyers acquiesce to this concept more willingly because we are so attuned to the protection of client confidences anyway.

Posted by Eric at 09:52 PM | Trade Secrets | TrackBack

Ohio Court of Appeals: Lawyer-Plaintiff Can't Sue for Misleading Email Ads Which he Knew Were Misleading -- Cicero v. American Satelitte

[Post by Venkat Balasubramani]

Cicero v. American Satellite, Inc., 2011-Ohio-4918 (Ohio Ct. App. Sept. 27, 2011) [pdf]

Cicero is a lawyer who lives and practices in the state of Ohio. He sued defendant based on 85 marketing emails sent on behalf of the Dish Network (47) and DirecTV (38). He alleged that the emails were misleading because they “failed to state on the face of the email all of the applicable terms and conditions” of the offers and because the emails used the word “FREE” in the emails and the services in fact were not free.

During his deposition, plaintiff testified that he knew when “looking at an email” that it violated Ohio’s consumer protection statute, and he knew this as far back as 2008, due to his experiences in a lawsuit with EchoStar. He also testified that he “began to eventually save [the emails] and collect them” for purposes of litigation. [The record does not detail Cicero's involvement in the EchoStar lawsuit, but we've blogged about Ferron v. EchoStar previously: "Lawyer-Spam Plaintiff Loses in the Sixth Circuit Over Allegedly Misleading DISH Network Emails;" "Email Ad Network Isn't Liable for Unsolicited Email."]

The court says the key issue is whether plaintiff can recover, despite evidence which “affirmatively show[ed] the plaintiff possessed particular knowledge of the facts that prevented him from being deceived by a supplier’s conduct.” The court looks to the Sixth Circuit’s decision in EchoStar, as well as several other cases which plaintiff was involved in and says that plaintiff cannot sue where he knew the emails were misleading when he received them. The court says:

because he had previously researched this issue and because he was involved in prior litigation involving the same subject matter a year before the instant case was filed, he was aware of what could potentially be a deceptive consumer sales practice prior to ever having received any of the emails that are the subject of this lawsuit. Additionally, [plaintiff] admitted at his deposition that because he believed the emails at issue here were in violation of the [Ohio Consumer Protection Statute], he began saving subsequent emails for litigation purposes.
...
the record affirmatively establishes that appellant, through prior litigation, had prior knowledge of the facts such that he was not and could not be deceived by [defendant's] acts because he was aware of the terms he alleges were excluded before he received the emails in question.

Defendant also argued that the alleged misstatements in the emails were not material and that it could not be held liable for the actions of third parties (presumably third party emailers) but the court did not reach either of these grounds.
__

Another court that's less than sympathetic towards a lawyer-plaintiff. Quel dommage. (Woods v. Google was the most recent example of this, but there are many others.) Courts are also not sympathetic to claims which they perceive as manufactured. (See, e.g., the spam cases.) This lawsuit combined both of these elements--a lawyer-plaintiff, who saved up allegedly misleading emails so he could file suit--so it's hardly surprising that the court gives him the boot.

This lawsuit reminds me a lot of the Reunion.com case, which grappled with the question of whether a plaintiff actually had to rely on misleading statements in emails or could claim that he or she had been damaged by merely opening an email. (See Ethan Ackerman's post from 2009 that speaks to this question: "Reunion.com Revisited.") Strangely, the court in this case does not even address the issue of whether the plaintiff spent any money in reliance of the misleading emails in question. Given the plaintiff's admission that he knew the emails were misleading and collected them for the purposes of litigating his claims, the court bypassed this issue. Nevertheless, I would think that since the plaintiff was suing based on a consumer protection statute, he would have to show that he actually incurred some damages based on the misstatements in question?

Post-script: After the court of appeals issued its opinion in this case, it issued an opinion in Ferron v. Dish Network, LLC, reversing the trial court's dismissal of Ferron's claims against the Dish Network based on alleged violations of Ohio's Telephone Solicitation Sales Act and Ohio's Consumer Protection Statute. (Here's a link to the opinion: [pdf].) The opinion is interesting, and given that we've posted on other Ferron cases, it probably warrants a separate blog post, which will be forthcoming.

Posted by Venkat at 09:37 AM | Marketing

November 08, 2011

Australian Court Says Google Isn’t Liable for Advertiser’s Misleading Ad--ACCC v. Trading Post (Guest Blog Post)

By Guest Blogger Mark Bender, with some comments by Eric

Australian Competition and Consumer Commission v Trading Post Australia Pty Ltd [2011] FCA 1086 (September 22, 2011, corrected October 10, 2011)

[Eric’s introduction: Mark Bender is a business law lecturer at Monash University in Australia and an expert in Australian online trademark law. When this opinion came out in September, I flagged it for possible blogging. However, I was put off by the opinion’s 357 paragraphs—not unusually long by foreign standards, but it proved too much for me to handle! Fortunately, Mark agreed to write this guest blog post about the opinion:]

History

The Australian Competition and Consumer Commission ('ACCC'), comparable to the US Federal Trade Commission (FTC), commenced proceedings in the Federal Court of Australia against Trading Post Australia Pty Ltd ('Trading Post') and Google Inc., Google Ireland Limited and Google Australia Pty Ltd (collectively, 'Google') for breaches of the Trade Practices Act 1974 (Cth) ('TPA') in July 2007. As a result of legislative changes, the provisions of this statute are now found in the Competition and Consumer Act.

The ACCC alleged breaches of Section 52 of the TPA, which provides that 'A corporation shall not, in trade or commerce, engage in conduct that is misleading or deceptive or is likely to mislead or deceive.' The ACCC also alleged breaches of Section 53(d), which provides that 'A corporation shall not, in trade or commerce, in connexion with the supply or possible supply of goods or services or in connection with the promotion by any means of the supply or use of goods or services; represent that the corporation has a sponsorship, approval or affiliation it does not have'.

Facts

Trading Post was formerly Australia's leading classified periodical, and it may be familiar to some from references in the Australian legal film, The Castle. It published weekly and contained advertising by both private sellers and traders. As with other traditional print businesses, it transitioned to the online environment and is entirely web-based. Traditionally, the Trading Post had been a primary method for the sale and purchase of used motor vehicles.

Trading Post used Google's AdWord service to display some advertisements on Google's search result pages. An example of the advertisement is:

Kloster Ford

www.tradingpost.com.au New/Used Fords – Search 90,000 + auto ads online. Great finds daily!

Kloster Ford is a Ford motor vehicle dealer. It had no association with Trading Post and did not consent to Trading Post’s use of the Kloster Ford name.

The appearance of 'Kloster Ford' in the headline of the advertisement distinguishes this case from the scenario where the use of another's name or trade mark is used merely as a keyword to trigger the display of an advertisement. The headline in the Kloster Ford advertisement was generated by Google's keyword insertion tool, based on Trading Post specifying 'Kloster Ford' as a keyword.

The Case

The ACCC's case was comprised of two parts.

Google’s Alleged Failure To Distinguish Adequately Between Organic Search Results and Paid Advertisements

The ACCC alleged that a number of factors contributed to their argument that Google engaged in misleading and deceptive conduct, included that Google failed adequately to distinguish between search results and advertisements and failed to identify advertisements as such, based on the allegedly similar appearance and nature of search results and advertisements.

The ACCC argued that this failure to distinguish was contributed to by:

* both advertisements and organic results being generated by the same search term and pertaining to the same general subject matter of the search term
* both advertisements and search results being listed below the heading and appearing together on the left side of the result page

The ACCC alleged the overall impressions created by these factors was that the contents of the search results page are generated by the Google Search Tool and displayed in order of relevance and are not advertisements.

The ACCC argued that Google's shading and labeling of the sponsored links were 'insufficient to counteract the overall impressions'. They further argued that the phrase 'sponsored links' is 'itself ambiguous'; and 'does not have, as its primary meaning, advertisement'.

In considering whether conduct is misleading and deceptive, the conduct as a whole is to be considered 'in light of the relevant surrounding facts and circumstances' (Butcher v Lachlan Elder Realty Pty Ltd [2004] HCA 60).

The court observed that 'there was no evidence called to show that any person had been mislead into thinking that the Kloster Ford advertisement or the Charlestown Toyota advertisement (or any of the other advertisements about which the ACCC complained) was not an advertisement. Nor was there any survey or other evidence based upon observation or experiment adduced by the ACCC to show that users of the Google search engine were likely to be mislead into thinking that sponsored links are not advertisements or that they are no different to organic search results'.

In considering all of the circumstances, it was held that reasonable internet users would not be misled or deceived as to the nature of the sponsored links. It was considered unlikely that the 'sponsored links' label was likely to go unnoticed, though the judge indicates that advertisement might be a clearer term than 'sponsored link'. It was observed that there are not 'likely to be any ordinary and reasonable people within the relevant class who believed that Google was advertisement free'.

The Use of Competitors’ Names in the Headlines

The court considered that the publication of the Kloster Ford advertisement could give rise to eight different possible representations:

A: by clicking on the headline of the Kloster Ford advertisement, a person would be taken to a website associated with Kloster Ford;
B: there was an association between Trading Post and Kloster Ford;
C: there was an affiliation between Trading Post and Kloster Ford;
D: Kloster Ford approved of the link between its name and the Trading Post Site;
E: Kloster Ford had paid for the link between its name and the Trading Post Site;
F: Kloster Ford was a sponsor of the Trading Post Site;
G: information regarding Kloster Ford could be found at the Trading Post Site; and
H: information regarding Kloster Ford car sales could be found at the Trading Post Site.

The court found that representations B, C, G and H had been conveyed by Trading Post and were likely to mislead or deceive ordinary and reasonable members of the relevant class. Google was held not have conveyed these representations.

The court held that Google was not liable for the use of the Kloster Ford name as it was

satisfied that the keyword “kloster ford” was not selected or recommended by Google. Of course, Google made available to Trading Post and other advertisers the technical facility that enabled keywords to be uploaded which, if made the subject of a search by a user of the Google search engine, might then generate top left or right side sponsored links. And Google also made available to Trading Post and other advertisers the technical facility which allowed for keyword insertion to occur. However, it was Trading Post, not Google, that choose to use these facilities to produce headlines containing the name Kloster Ford in response to search queries including those words.

It was also held that 'Google merely communicated what Trading Post represented without adopting or endorsing any of it' and that

the technology employed in on-line advertising may be quite different to that associated with the publication of advertisements in newspapers or magazines or the broadcasting of television or radio advertisements, it is nevertheless clear that the publisher or broadcaster of such advertisements always provides at least some of the technical facilities that permit the relevant advertisement to be seen or heard. It does not follow that these publishers or broadcasters have thereby endorsed or adopted any information conveyed by the advertisement or that they have done anything more than pass it on for what it is worth.

The court considered previous decisions where a range of intermediaries, including real estate agents (Butcher v Lachlan Elder Realty Pty Ltd [2004] HCA 60), television broadcasters (Universal Telecasters (Qld) Ltd v Guthrie [1978] FCA 9) and newspapers (Australian Ocean Line Pty Ltd v West Australian Newspapers Ltd [(1985) [1985] FCA 37), had not been liable for misleading and deceptive conduct for merely displaying advertising.

Outcome

Although the ruling was good news for Google, the news is mixed for advertisers. The court declared that using an unrelated businesses name in the headline of an advertisement can be misleading and deceptive and can represent an affiliation where none exists. I would have this said was fairly well-settled law.

Whilst there is some discussion of the unique nature of search, the issue of whether the use of another's business name or trade mark as a keyword can amount to misleading and deceptive conduct was not definitively stated (this was not at issue in the case). Even so, it does appear that any such liability would not be Google’s. The court says that 'Trading Post, not Google, that choose to use these facilities to produce headlines containing the name Kloster Ford in response to search queries including those words' .

The court ordered Trading Post to pay $28,000 to the ACCC 'by way of agreed contribution to the applicant’s costs'. Obviously, $28,000 is a minuscule fraction of the cost of the proceeding. Before the action, Trading Post was acquired by our largest telco (their first-half net profit was just under $1.2 billion), so the payment amount is trivial to them.

Meanwhile, the court ordered the ACCC to pay Google’s costs, making this a money-losing lawsuit for the Australian public.

Appeal

The ACCC have appealed the decision (see their press release), insofar as it related to Google's liability, and are expected to argue that 'Google would have been unable to show that it had no reason to suspect that publication of these advertisements was a breach of the Act'.

The ACCC 'considers that the Full Court may find that Google made the representations in question and find Google directly responsible for the publication.'

In their appeal, the ACCC also put the view that Google’s role, including the keyword insertion system, were fundamental to the representations being made.

The ACCC are also questioning the extent to which the previous Federal Court decisions considered by Justice Nicholas, which related to publishers of advertisements in traditional media (real estate agents, television broadcasters and newspapers), can be applied to search engine advertising.
___________

Eric’s Comments

I’m struck by how much the court’s analysis depends on empirical questions about consumer perceptions. In the Internet context, consumer perceptions, of course, are constantly changing. As time passes, consumers learn how to navigate and parse new user interfaces, plus Google keeps changing its interfaces (such as changing the ad labeling from “sponsored links” to “ad”). Trying to track these changes over the four years of litigation seems futile!

This case is a win for Google, but perhaps only superficially. Obviously, the court dismissed Google’s liability, and surely Google is pleased about that. However, like the Google ECJ opinion, the opinion throws Google’s advertisers under the bus—and what’s bad for Google’s advertisers could be bad for Google’s revenues. To the extent advertisers feel liability exposure from running ads on Google, they may reduce their advertising. Fortunately, it seems like the opinion could be read to apply only when an advertiser uses a third party trademark as the ad headline, which I suspect is a fairly rare occurrence.

As for Google's culpability when it suggests ad copy for advertisers to include in their ads, this case reminded me a little of the Roommates.com case and its predecessor, the Carafano case. In all of these cases, the website gave prompts to the "speaker" about what to say, but the speaker ultimately adopted the words as its own. I expect situations like this will continue to give courts some trouble, but it sounds like the court made a sensible ruling in this case.

Posted by Eric at 09:28 AM | Marketing , Search Engines , Trademark | TrackBack

November 07, 2011

Good News/Bad News About the Number of Blogs Eligible for the 17 USC 512 Safe Harbor

By Eric Goldman

My 2006 article about blog law included the following passage (footnotes omitted):

few blogs satisfy the numerous technical prerequisites for § 512 eligibility, such as registering their websites with the U.S. Copyright Office. To assess this, on April 18, 2006, I searched the Copyright Office’s database of § 512 registrations and found only ten registrations containing the word “blog.”

In preparing comments on the Copyright Office's proposed amendments to the 512 designation of agent requirements, I decided to redo this pseudo-empirical study. On November 3, I went to the Copyright Office's database of registrations and searched for the character string "blog" in the name of the registered names/websites. I came up with over 200 hits. At the bottom of the post, I lay out the numerical details.

[Procedural note: I know this methodology is a hack. First, the Copyright Office has a lag of weeks/months between filing and publication. Second, many blogs don't have the word "blog" in their title for registration purposes but may be covered nonetheless. Third, a single entity might be counted multiple times in my count; for example, Weblogs, Inc. counted as at least 3 hits. Fourth, I'm not even sure what constitutes a "blog" any more. I'm sure there are many other objections. The count isn't super-precise. It's more of a directional indicator.]

Thus, the good news is that my 2011 census produced more than 20x the number of hits I got five years ago. Clearly the word has spread in the blogging community of the value of filing for 512 protection. But, the bad news is that even if 200+ blogs are covered by the agent designation--and therefore have satisfied one of the formalities prerequisites for a 512(c) safe harbor--it's a tiny fraction of the blogs that might ultimately want the 512 safe harbor because, for example, they allow user comments. Indeed, Righthaven repeatedly sued defendants over user-uploaded articles/comments to blogs and websites that hadn't made the requisite filing and therefore couldn't claim the safe harbor at all. So while it's heartening to see the growth in blogs eligible for 512 coverage, the overall number of covered blogs remains disconcertingly low.

FWIW, as a personal note, this blog isn't covered by a 512 designation of agent. I'm obviously aware of the statute, but comments have been off since 2006. The only posts that might be covered by my 512 filing are those of my co-bloggers, such as Venkat, and I've decided to take the risk that they will post infringing material and that a 512 designation would have been available in the co-blogger situation.
_____

The number of times the character string "blog" appeared per letter in the Copyright Office database: A - 2 // B - 50 // C - 12 // D - 6 // E - 1 // F - 7 // G - 6 // H - 16 // I - 6 // J - 1 // K - 6 // L - 6 // M - 13 // N - 9 // O - 1 // P - 10 // Q - 0 // R - 4 // S - 13 // T - 9 // U - 3 // V - 1 // W - 23 // X - 0 // Y - 1 // Z - 3 // Other - 0. Total = 209.

Posted by Eric at 08:54 AM | Copyright , Derivative Liability | TrackBack

November 06, 2011

October 2011 Quick Links

By Eric Goldman

Copyright

* MUST READ from Techdirt: MPAA Helped Police Seize 'Pirated' DVDs That Were Actually Fully Authorized. On the topic of errors in determining copyright infringement, the incident a powerful reminder both that even those "in the know" overclaim copyright infringement, and that the targets of such overclaiming can suffer catastrophic losses. That makes the incident an important reminder of the value of procedural safeguards in the copyright setting.

* An amended Capitol v MP3Tunes opinion explains why 17 USC 512 applies to state copyright claims (see pages 14-17). Prior blog coverage.

* Megaupload settles with Perfect 10, and the judge vacated her opinion. Prior blog coverage.

* Permanent injunction issued against Zediva. Prior blog coverage.

* Supplemental briefing requested in Viacom v. YouTube:

The parties are hereby ordered to submit letter briefs, not exceeding ten pages doublespaced, on the following questions: (1) whether and how the red-flag knowledge provision would apply under the Defendants’ “specific” knowledge construction of § 512(c)(1)(A); and (2) whether YouTube’s “syndication” of videos to third parties falls outside the scope of safe harbor protection for activities that occur “by reason of . . . storage at the direction of a user” under § 512(c)(1).

Mark Lemley on Viacom v. YouTube.

* Mick Haig Productions, e.K. v. Does, 2011 WL 5104095 (N.D. Tex. Sept. 9, 2011). In a mass copyright lawsuit, the plaintiff's lawyer issues subpoenas without authorization to identify the defendants and gets sanctioned $10k for it.

* Righthaven LLC v. Newman, 2011 WL 4762322 (D. Nev. 2011):

the restated SAAs are not a simple attempt to clarify or supplement the facts pleaded in the complaint with additional facts that were present at the time of filing. Rather, the restated SAAs present a new set of facts with respect to the alleged copyright ownership, which is impermissible because Righthaven may not amend the defects in the jurisdictional facts themselves. See Newman–Green, 490 U.S. at 830. Next, the restated SAAs' terms substantially contradict the original SAA. Again, defects of allegations may be amended, but not defects in the facts themselves.

* Righthaven LLC v. Inform Technologies, Inc., 2011 WL 4904431(D. Nev. Oct 14, 2011). Upholding personal jurisdiction in Nevada but issuing an order to show cause why the suit shouldn't be dismissed for lack of standing.

* Righthaven v. Newsblaze (D. Nev. Nov. 4, 2011). Another Nevada judge, this time Judge Jones, dismisses a Righthaven case for lack of standing.

* Sam Francis Foundation v eBay complaint: Class action suit against eBay under CA's "resale royalty" statute.

* Google got a good copyright win in a German case over its image search service.

* Wired: U.S. Copyright Czar Cozied Up to Content Industry, E-Mails Show

Search Engines

* Google implements SSL on its search results pages and knocks out search terms from the referrer URL. This may sound like a privacy win, but it also means that Google will increase the gap between its database and the databases of indexed websites. So this is a backdoor way for Google to hoard data for itself...and perhaps increase incentives for advertisers to pay. More on this point from Danny Sullivan: "if Google thinks this needs to be done for privacy reasons, then it needs to block referrers for everyone and not still allow them to work for advertisers. That move is one of the most disturbing, hypocritical things I’ve ever seen Google do."

* Google Buzz is dead, but Google has a 20 year hangover with the FTC, which approved the settlement. Prior blog post. Francoise Gilbert offers some lessons.

* Search Engine Land: Organic Click-Thru Rates Tumbling; Only 52% Click On Page One, Study Suggests

* News.com: Google's whimsical Easter eggs.

Content Regulation

* Darm v. Craig, the Oregon Twitter libel lawsuit, settled.

* Language Line Services, Inc. v. Language Services Associates, LLC, 2011 WL 5024281(N.D. Cal. Oct 13, 2011). Complicated dispute between two competitors. Many claims based on one competitor's blog post were stricken under CA's anti-SLAPP law. Rebecca’s coverage.

* Crookes v Newton, 2011 SCC 47 (Can Sup Ct): Linking to defamatory content on 3rd party site isn't "publication" of linked content.

* Hollywood Reporter: Misappropriation of personality claim in Hurt Locker case gets anti-SLAPPed.

Miscellaneous

* Ninth Circuit will rehear the Nosal case en banc. Prior blog post. Tom O’Toole’s reset.

* Zing Brothers LLC v. Bevstar LLC (D. Utah Oct. 14, 2011: “This specific inclusion of Utah in the drop down list of states, and the website statements that orders are solicited anywhere "inside the USA" is sufficient to establish that this site is "something more" than a non-targeted transaction site.”

* Ferris & Salter P.C. v. Thomson Reuters Corp. (E.D. Mich. Oct. 19, 2011): “There is no basis under Michigan law or, for that matter, in the vast majority of those states whose courts have considered the issue, to deem computer consultants and service providers professionals…. Thus, the Court concludes that—under Minnesota or Michigan law—no professional negligence action will lie against computer engineers and technicians.”

* From the Chronicle of Higher Ed: What Wikipedia Deletes, and Why.

* A new article tries to answer the question, "Why did Wikipedia succeed while other encyclopedias failed?" My Wikipedia article touched on this issue.

* Actors' unions ask IMDb not to publish the age of actors. NY Times coverage.

* Tom O’Toole: ICANN's .xxx sunrise period was a success--for ICANN.

* A behind-the-scenes look at the creation of the Paris Hilton brand:

* I was on TWiL 134 with Denise Howell, Evan Brown and Ernie Svenson. Listen in.

Posted by Eric at 03:35 PM | Content Regulation , Copyright , Derivative Liability , Search Engines | TrackBack

November 04, 2011

Stebbins' Lawsuit Against Google Dismissed as "Frivolous"--Stebbins v. Google

By Eric Goldman

Stebbins v. Google, Inc., 2011 WL 5150879 (N.D. Cal. Oct. 27, 2011). Stebbins' motion to confirm arbitration award (the equivalent of his complaint in this case).

Arkansas resident David Stebbins appears to be cranking up a one-man pro se/pro per litigation machine based on mockably tendentious legal arguments and outrageous damages claims ($500B in this and other cases). Last Spring, I blogged about his unsuccessful lawsuit against Walmart, which tried some too-clever legal arguments that ended up failing resoundingly.

In a separate set of actions, Stebbins sued Microsoft and Google based on an almost-too-bizarre-to-explain legal theory. It goes something like this: YouTube's contract allows unilateral modification (which, crucially, only lets YouTube unilaterally modify the contract, a point Stebbins didn't internalize), so Stebbins emailed a modification of the contract terms to YouTube that included an arbitration clause and an "I automatically win the arbitration if you don't respond" clause. He then disputed YouTube's handling of his account, sent them a proposal to arbitrate the dispute for $500B, and declared himself the arbitration winner (without an actual arbitration) when YouTube didn't respond in time. He then filed a federal claim to enforce the arbitration judgment even though there wasn't a judgment since there was no arbitration proceeding.

The magistrate judge recommended dismissing the claim as frivolous, but Stebbins didn't consent to proceeding before a magistrate. So the case goes to Judge Koh and, in a straight-laced opinion, she reaches the same result. She says:

there was no actual arbitration. That is to say, no arbitrator or arbitration panel actually awarded a judgment. Thus, there has been no arbitration proceeding and no award "made pursuant to [an] arbitration."

The court goes on to label Stebbins' filings "frivolous," "indisputably meritless" and "clearly baseless," concluding:

Plaintiff's claim is based on an indisputably meritless legal theory. Additionally...[i]t is fundamentally contradictory for Plaintiff to assert the existence of an arbitration award on the basis of a contract clause that states that no arbitration proceeding is to take place, and no award need be entered.

As I've suggested before, tendentious online contract formation claims do not fare well in courts. Even if the plaintiff can stitch together a theory of contract formation, judges quickly cut through any hyper-formalism to reach sensible results. If your contract formation theory depends on overly formalistic interpretations of contract law, don't be surprised if it will fail in court.

Posted by Eric at 12:45 PM | Licensing/Contracts , Search Engines | TrackBack

Minnesota Appeals Court Says Tracking Statute Excludes Use of GPS to Track Jointly Owned Vehicle -- State v. Hormann

[Post by Venkat Balasubramani]

State v. Hormann, A10-18722 (Minn. Ct. App. October 19, 2011)

Hormann was charged with installing a tracking device on his then-wife's car, in violation of a Minnesota statute prohibiting the use of, among other things, tracking devices without a court order. (Minn. Stat. 626A.35.)

As recounted in the order, in March 2010, the victim had a mechanic inspect the car, and the mechanic found a tracking device magnetically attached to the underside of the car. In January of that year, the victim testified about an incident involving domestic violence. In response, the victim moved out, but the defendant sent her text messages "commenting on where she had been and otherwise indicating that he was . . . monitoring her movements." She also testified that the defendant allegedly put spyware on her cell phone that "allowed him to intercept her text messages and that he also seemed to know everything she was doing on the family computer." The defendant was also involved in an incident where the defendant allegedly located the victim in a lakeside cabin, "entered the cabin, and physically attacked an acquaintance of [the victim's]."

The statute excluded the use of a mobile tracking device when it was used to track an object with the "consent of the owner." Hormann argued that because he had an ownership interest in the vehicle, the statute could not be used to convict him.

The court finds that the statute's use of the word "owner" is ambiguous in this context, and the drafters did not anticipate the scenario where an object has more than one owner. The court looks to Minnesota's vehicle-title rule for the definition of "owner." The vehicle-title statute defined owner to include a person who has "property in [sic] or title to a vehicle." A person entitled to "use" the vehicle was encompassed within the definition of "owner."

The court found that Hormann was entitled to use the vehicle. The vehicle was purchased with marital funds and thus presumptively marital property. There was also evidence in the record that Hormann used the vehicle on occasion. (At oral argument, the state conceded that it would not prosecute Hormann for auto theft if Hormann was found to be driving the vehicle, even without the victim's consent.) The evidence with respect to title to the vehicle was also favorable to Hormann. While the victim was shown to be the sole registered owner, Hormann produced evidence that the victim signed title over to Hormann (the testimony at trial showed that this transfer was done to facilitate the sale of the vehicle and the transfer was never recorded). According to the court, this transfer demonstrates how "incidents of formal ownership of marital property may not accurately reflect who is using a vehicle."

The court applies the rule of lenity to construe the statutory ambiguity narrowly, and holds that the exception applies where the vehicle or object has multiple owners, and one of the owners consents to the tracking device.
__

Divorces are fertile ground for privacy issues, and in previous posts I've speculated about the effect of joint ownership rules on privacy violations. A New Jersey (civil) case involved GPS tracking, and although the court did not raise the issue and there was no statute expressly aimed at tracking, I wondered about the fact that "since the wife owned the car, she could have argued that she had the right to track its movements." (The New Jersey case was decided largely on the grounds that the vehicle in question was on publicly visible roadways, where the driver enjoyed a diminished expectation of privacy.) The issues can be less clear when it comes to emails, since spouses sometimes maintain joint email accounts, and there's not always a clear "owner" of a particular account. On the other hand, statutes which are aimed at communications provide for exceptions based on the consent of the parties to the communications, and ownership of a phone or an email account will not provide an easy out under those statutes. In this case, the victim alleged that the now-former husband infringed on her privacy in other ways (e.g., installing spyware on her computer and her cell phone), but the focus of the charge was the tracking.

It may be too early to have a meaningful tally, but I wonder if courts are more tolerant of spouses who engage in tracking while in the midst of a divorce or separation. As always, soon-to-be ex spouses who track and listen in should beware.

Additional coverage:

Kashmir Hill: "Scary Stalker Husband In The Legal Clear To Track Wife's Car" ("If you co-own it, you can track it.")

Posted by Venkat at 09:45 AM | Privacy/Security

November 03, 2011

Ninth Circuit Affirms Google's Section 230 Win Over a Negative Business Review--Black v. Google

By Eric Goldman

Black v. Google, Inc., 2011 WL 5188426 (9th Cir. Nov. 1, 2011). The complaint. The district court ruling.

The Blacks sued Google over a negative third party review of their business published in an unspecified Google property. This lawsuit was obviously preempted by 47 USC 230 from the get-go, so I easily fit my prediction of the case's outcome into a tweet. In August 2010, the district court dismissed the lawsuit on Section 230 grounds in an efficient opinion.

The Ninth Circuit didn't find this case any more challenging than the district court did. In a brief unpublished memo opinion, the court upheld the district court's ruling. The main substantive sentence of the Ninth Circuit's opinion:

The district court properly dismissed plaintiffs’ action as precluded by section 230(c)(1) of the Communications Decency Act (“CDA”) because plaintiffs seek to impose liability on Google for content created by a third party. See Fair Hous. Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157, 1162 (9th Cir. 2008) (en banc) (“Section 230 of the CDA immunizes providers of interactive computer services against liability arising from content created by third parties . . . .”); Carafano v. Metrosplash.com, Inc., 339 F.3d 1119, 1122 (9th Cir. 2003) (“Through [section 230 of the CDA], Congress granted most Internet services immunity from liability for publishing false or defamatory material so long as the information was provided by another party.”).

Posted by Eric at 08:52 AM | Derivative Liability | TrackBack

November 02, 2011

Yahoo Partially Defeats Lawsuit Over Wrongful Account Termination--Buza v. Yahoo

By Eric Goldman

Buza v. Yahoo, Inc., 2011 WL 5041174 (N.D. Cal. Oct. 24, 2011). The complaint.

Buza claims Yahoo terminated two GeoCities accounts related to his advocacy efforts. Buza is proceeding pro se, which is typical for user lawsuits over wrongful account termination. He sued Yahoo in state court. Yahoo tried to remove to federal court. In this ruling, Judge Seeborg dismisses the federal claims and sends the others back to state court. I'm sure Yahoo wished Judge Seeborg had cleaned out the case entirely, but I bet Yahoo will get there soon enough.

Buza claimed that Yahoo violated his First Amendment rights. As I explain in my article on wrongful account termination, plaintiffs often invoke the Constitution to get around any statutory immunities, but Constitutional claims routinely go nowhere. It's 100% clear that privately owned online service providers like Yahoo aren't state actors and therefore aren't restricted by the Constitution. The court says:

Buza's response that Yahoo!'s services should be seen as a "public forum" in which the guarantees of the First Amendment apply is not tenable under federal law. As a private actor, Yahoo! has every right to control the content of material on its servers, and appearing on websites that it hosts.

Similar recent cases in this vein include Young v. Facebook, Estavillo v. Sony and Jayne v. Google Founders.

Buza also brought an ECPA/SCA (18 USC 2701) claim for unlawful access to stored communications. The court dismisses because the restrictions don't apply to the service provider's access of those communications.

Having disposed of the federal claims, Judge Seeborg sends the case back to state court to deal with the remaining claims, which include a violation of California's state constitution, "intellectual property," trespass to chattels and breach of contract. The judge expresses some skepticism about some of these claims, but having decided he could quickly clean his docket of the case, he doesn't go any further than necessary to send the case back to state court.

My understanding is that Yahoo didn't raise a 47 USC 230(c)(2) defense, the federal immunity for service providers' filtering decisions. I explore this point in detail in ">my recent 230(c)(2) article. 230(c)(2) can't trump federal constitutional claims, but it should (?) trump state constitutional claims. 230(c)(2) doesn't apply to IP claims per a statutory exclusion, but the Ninth Circuit in Perfect 10 v. ccBill said that 230 trumps state IP claims (the judge says no federal IPs are at issue). The immunity likely trumps the trespass to chattels claim, although I don't recall seeing that issue tested before. And I explain in my article, 230(c)(2) could very well trump the contract breach claim. (This judge could have also disposed of the contract claim based on express terms giving Yahoo the power to pull the plug on websites, but the state court judge will have do that).

Because the immunity is a federal statute, it would have been appropriate for the federal court to interpret its application to the state claims before remanding. This discussion suggests that had the immunity been raised, Judge Seeborg might have completely ended the case on 230(c)(2) grounds without sending anything back to state court.

Posted by Eric at 09:33 AM | Derivative Liability , Licensing/Contracts , Privacy/Security , Trespass to Chattels | TrackBack

November 01, 2011

Call for Papers, 2nd Annual Internet Law Work-in-Progress Symposium, NYC, March 24, 2012

By Eric Goldman

For more information about this work-in-progress series, you might check out my recap from the inaugural event. This is a wonderful event in a fantastic location with a group of terrific scholars. I am eagerly looking forward to it, and I hope to see you there. Note the request for a preliminary RSVP by the end of this month.
_______________

Second Internet Law Work-in-Progress Symposium
Call for Papers

March 24, 2012, New York
***Please note the new date***

The Institute for Information Law and Policy at New York Law School and the High Tech Law Institute at Santa Clara University School of Law are pleased to host the second annual work-in-progress series for internet law scholarship. In order to avoid a conflict with Peter Yu's longstanding cyberlaw event, we've brought forward the date of our event by one week. New York Law School will host the event on March 24, 2012 in downtown Manhattan.

Call for Participation

The work-in-progress event was created for internet law scholars to receive feedback about their papers and projects from their academic peers. Last year over 30 leading internet law academics convened at Santa Clara Law to participate in this inaugural event. The organizers take a broad view of what constitutes "internet law" scholarship, and this year will be no different. We welcome all types of scholarly approaches (doctrinal, theoretical, empirical, etc.) and offer three ways to participate in the event:

Papers-in-Progress Presentation
This track is for paper drafts sufficiently advanced to share with event attendees. We anticipate giving extra speaking time to these presentations. To qualify for these slots, you will need to send a paper draft no later than Friday March 2, 2012. If we have to prioritize presentation requests based on capacity constraints, we plan to give greater priority to papers earlier in the drafting process that will most benefit from peer feedback, i.e., (a) papers that have not been circulated to publication venues will get higher priority than (b) papers that have been circulated to publication venues but do not yet have a publication commitment, which will get higher priority than (c) papers that have been accepted for publication.

Projects-in-Progress Presentation
This track is for research projects without a paper draft for attendees to review in advance. This might occur because your paper draft isn’t ready to share (or does not arrive before the March 2, 2012 cutoff) or because you would like to explore a paper idea before writing a draft. We intend to allocate less speaking time for these presentations than for papers-in-progress presentations.

Discussant
Space permitting, we welcome other scholars to join the conversation as active audience participants.

There is no event participation fee, but all participants are responsible for their own travel expenses. There are no publication obligations associated with presenting at the event.

How to Participate

So that we have an idea of the numbers, could you please let us know by November 30 if you think that you're going to be submitting a paper or would like otherwise to attend. This is not a binding commitment, but will help us plan space and timing. Papers, expressions of interests and queries can be sent to

Dan Hunter
Professor of Law & Director, Institute for Information Law & Policy, New York Law School
185 West Broadway
New York NY 10013
danieladhunter@gmail.com

Posted by Eric at 10:55 AM | General | TrackBack

Search

Categories

Archives

Recent Entries

November 30, 2011

Fraud Allegations Don't Trump 47 USC 230--Hopkins v. Doe

Pennsylvania Court Orders Personal Injury Plaintiff to Turn Over Facebook Password to Defendant -- Largent v. Reed

November 29, 2011

Facebook Settles With the FTC -- In re Facebook, Inc.

November 28, 2011

Court OKs Private Seizure of Domain Names Which Allegedly Sold Counterfeit Goods--Chanel, Inc. v. Does

Dangerous Copyright Office Proposal to Undercut the DMCA Online Safe Harbors

November 27, 2011

Redbox Can be Liable Under the Video Privacy Protection Act for Failure to Purge Video Rental Records -- Sterk v. Redbox

November 23, 2011

eBay Gets 47 USC 230 Dismissal of Products Liability Claim--Inman v. Technicolor

November 22, 2011

Court Awards Damages for Wrongful Disruption of Web Presence -- Ordonez v. Icon Sky Holdings

November 21, 2011

Can A Copyright Be Assigned By Email?--Hermosilla v. Coca-Cola

November 17, 2011

App Developer RockYou Settles Privacy Lawsuit--Claridge v. RockYou

November 15, 2011

Why I Oppose the Stop Online Piracy Act (SOPA)/E-PARASITES Act

November 14, 2011

LinkedIn Beats Referrer URL Privacy Class Action on Article III Standing Grounds--Low v. LinkedIn

November 10, 2011

Courts Says Employer's Lawsuit Against Ex-Employee Over Retention and Use of Twitter Account can Proceed--PhoneDog v. Kravitz

November 09, 2011

Employers Demanding the Right to Remotely Wipe Employees' Phones?

Ohio Court of Appeals: Lawyer-Plaintiff Can't Sue for Misleading Email Ads Which he Knew Were Misleading -- Cicero v. American Satelitte

November 08, 2011

Australian Court Says Google Isn’t Liable for Advertiser’s Misleading Ad--ACCC v. Trading Post (Guest Blog Post)

November 07, 2011

Good News/Bad News About the Number of Blogs Eligible for the 17 USC 512 Safe Harbor

November 06, 2011

October 2011 Quick Links

November 04, 2011

Stebbins' Lawsuit Against Google Dismissed as "Frivolous"--Stebbins v. Google

Minnesota Appeals Court Says Tracking Statute Excludes Use of GPS to Track Jointly Owned Vehicle -- State v. Hormann

November 03, 2011

Ninth Circuit Affirms Google's Section 230 Win Over a Negative Business Review--Black v. Google

November 02, 2011

Yahoo Partially Defeats Lawsuit Over Wrongful Account Termination--Buza v. Yahoo

November 01, 2011

Call for Papers, 2nd Annual Internet Law Work-in-Progress Symposium, NYC, March 24, 2012