Technology & Marketing Law Blog: July 2012 Archives

Technology & Marketing Law Blog

« June 2012 | Main | August 2012 »

July 31, 2012

Online Kevorkian’s First Amendment Challenge to Assisted Suicide Convictions Unsuccessful -– State v. Melchert-Dinkel

[Post by Venkat Balasubramani, with comments from Eric]

State v. Melchert-Dinkel, A11-0987 (Minn. Ct. App.; July 17, 2012)

The State of Minnesota prosecuted a Minnesota nurse for engaging in Internet conversations with people who were contemplating suicide. The individuals who committed suicide lived in England (Mark Drybrough, age 31) and Canada (Nadia Kajouji, age 19). (Melchert-Dinkel corresponded with others who allegedly committed suicide, but the prosecution focused on these two.) It’s a sick but interesting case that addresses the First Amendment issue of when the state can criminalize speech that encourages (or causes) others to kill themselves.

Victim 1 - Drybrough: Drybrough spent time on a website where users posted messages about “life, depression, and suicide.” Melchert-Dinkel corresponded with him, posing as “Li Dao, a 25-year-old female nurse in Minnesota.” Drybrough mused about methods of hanging one’s self, and Melchert-Dinkel responded as Li-Dao, offering advice on what would and wouldn't work. He also asked Drybrough about whether he had a timeline for when he would take the final step and purported to share his own suicidal thoughts and plans. The exchanges between Drybrough and Melchert-Dinkel are chilling and reproduced in detail in the court’s opinion. In one response, Drybrough indicated to Melchert-Dinkel that he was “not yet ready to die with ‘Li Dao.” Unfortunately, five days later, he hanged himself.

Victim 2 - Kajouji: Melchert-Dinkel found Kajouji on a message board where “users post messages describing various suicide methods.” In response to one of her posts, Melchert-Dinkel engaged in a long back-and-forth with Kajouji. This time he posted as “cami” and used the “falcon_girl_507@hotmail.com” email address. He portrayed himself as a 31 year old emergency room nurse who, “mirroring Kajouji, suffered from severe depression for many years, had undergone treatment, had not improved despite treatment, had decided to end 'her' life by suicide soon, and had considered the effectiveness of various methods of suicide.” Kajouji talked about a plan to stage a drowning accident, but Melchert-Dinkel advised that hanging was superior to drowning for a variety of reasons. He provided Kajouji with advice on the topic, and went so far as to say that he could counsel Kajouji on completing the task while watching along on a webcam. She ultimately drowned herself.

The two suicides occurred in 2005 and 2008, respectively. Tipped off (among other things) by someone who was concerned that a Minnesota resident was encouraging people to kill themselves, the authorities tracked down the posts and communications to Melchert-Dinkel’s computer. Initially he denied making the posts (blaming them on his daughters), but he eventually admitted he asked some 15-20 people to commit their suicide online so he could watch. He said he entered into some 10 mutual “suicide pacts,” although he never had any intentions of actually killing himself.

He was charged with two counts of “advising and encouraging” suicide in violation of a Minnesota statute. He waived his right to a jury trial. The trial court rejected his First Amendment challenge to the prosecution and found him guilty on both counts. On appeal, Melchert-Dinkel argued both that the statute was vague and overbroad, and also that as applied to him violated his First Amendment rights.

Overbreadth: The court says right out of the gate that Melchert-Dinkel’s speech is outside the bounds of protected speech because it’s speech that is “integral to harmful, proscribable conduct.” While suicide is not illegal under Minnesota law, Minnesota's prohibition on assisting suicide is deeply rooted. Assisted suicide was criminalized in 1886 in Minnesota, and this law has long-remained on the books. Melchert-Dinkel argued that while physically assisting suicide is one thing, actually encouraging someone to commit suicide should be treated differently. The court says that this is similar to the general prohibition against aiding and abetting someone else to commit a crime.

Turning to his overbreadth argument, the court says that the statute only prohibits a narrow category of speech and only restricts someone from “speak[ing] in a manner that purposefully urges or helps another person to kill herself.” It doesn’t touch political or social communication on this topic, such as advocating assisted suicide, promoting suicide acceptance, protesting against laws that oppose suicide, and increasing awareness of the “myriad issues that bear on suicidal ideations, suicide methods, or purported suicide benefits.” Given Melchert-Dinkel’s inability to come up with examples of First Amendment communications that fall under the statute, the court declined to employ the “strong medicine” of overbreadth.

Melchert-Dinkel did raise one overbreadth argument that merited the court’s attention: the proscription on “encouraging” others to commit suicide. The court says “encourage” may capture “supportive or agreeable” communications that the speaker does not necessarily intend to result in a suicide, but the court says that these may fall at the edges of the statute. At its core, the statute prohibits people who actively encourage others to commit suicide, intending for it to occur. Moreover, the statute also prohibits “advising and assisting” someone to kill themselves.

As applied challenge: Melchert-Dinkel’s as applied defense fares no better. The court makes its views clear when it introduces his argument:

[Melchert-Dinkel] contends that the First Amendment, which does not lift a finger to protect a charlatan who falsely advertises, or a slanderer who defames, or a perjurer who lies under oath, should be applied to protect him from mispresenting himself as a nurturing but suffering young nurse and intentionally prodding two suicidal, mentally ill strangers to hang themselves on camera in a phony suicide pact simply so that he could watch or take some sort of pleasure in their deaths.

The court says it is “confident that the Constitution does not immunize [his] morbid, predatory behavior simply because it appears in the form of written words.” Melchert-Dinkel also argued that his words do not satisfy the Brandenburg incitement test because nothing he said caused an “immediate” or imminent harmful response from the listener. The court says that his words did cause an imminent or immediate reaction, and also says that it’s not convinced that the reaction needs to be “immediate” under First Amendment law. Finally, he argued that his speech is protected because nothing he said actually caused the deaths of the individuals in question—they were already suicidal. The court says that the First Amendment does not require this sort of a causal link, but in any event, the evidence raises the inference of such a link.
____

The result in the case may seem appropriately driven by the natural revulsion for Melchert-Dinkel's conduct, but this shouldn't necessarily drive the legal analysis. In this respect, the Lori Drew case is an obvious parallel, even though the statute used to prosecute Drew was clearly not intended for her conduct, and interpreting the statute in the manner urged by the government would have easily captured otherwise innocent actors.

Coming back to this case, the court’s First Amendment analysis feels clunky in certain parts. It seems circular to say that the speech is not protected because it’s integral to criminal conduct .. when the crime is the speech itself. The analogy to aiding and abetting also feels out of place, given that suicide is not a crime under Minnesota law. To the extent he aided and assisted the victims, he was not helping them do anything that was criminal under Minnesota law. (This feels like something out of a law school exam question.) A final point is that the Supreme Court has been increasingly protective of speech in many respects. I don’t know if any of the recent decisions bear directly on the First Amendment analysis in this case, but it was interesting to not see any mention of cases like US v. Alvarez (stolen valor, where the Court did lift a finger to protect a charlatan); the video game case (Brown v. Entertainment Merchants Association); and Snyder v. Phelps (Westboro). The court did discuss US v. Stevens (the dogfighting depiction case) but it seemed to ignore the Supreme Court’s rejection of a “free floating First Amendment test” where the value of speech is measured against its societal costs. ("As a free-floating test for First Amendment coverage, that sentence is startling and dangerous.") In fact, this sort of weighing is exactly what the court ended up doing.

The final challenge is that I wasn't sold on the causation side--it's difficult to prove, but you don't get the sense that Melchert-Dinkel's online chats played the requisite causal role in the deaths of the victims. It's not as if he provided the means to take the final act where those means were not widely known or otherwise available (and his victims didn't necessarily seem to utilize his information anyway).

As a judge on this case, I would have struggled. I certainly see Eric's point below about Melchert-Dinkel providing a Kevorkian-like online counseling service, but the fact that he engaged directly with the victims was troubling. The fact that he engaged in subterfuge also makes him a tough First Amendment champion (but see US v. Alvarez). That said, what would have made this case much tougher is if Melchert-Dinkel had just published content that was generally available on methods of committing suicide and even generally encouraging individuals to commit suicide.
_____

Eric's Comments

It's easy to castigate Melchert-Dinkel. After all, he seemed to get perverse pleasure from steering people towards committing suicide, and his repeated requests that they webcast their deaths signal a sick voyeuristic interest in watching the event. However, after reading the opinion and the conversation transcripts, I also got a sense that Melchert-Dinkel viewed himself as providing a Dr. Kevorkian-like service. He wasn't only trying to maximize his own pleasure derived from other people's deaths, but he was trying to provide helpful information to people who were making literally the most important decision of their life: if and how they wanted to commit suicide. Obviously, as a society, we'd prefer it if Melchert-Dinkel deployed his energies to counsel people away from suicide--but from a free speech perspective, I wouldn't want to excise accurate and comprehensive information about if and how to commit suicide from the information ecosystem.

I can sort of rationalize the court's opinion by drawing the same distinction we make in legal circles about rendering legal advice. Publishing general information on legal topics to a mass audience isn't the practice of law; providing individualized counseling on legal topics in a one-to-one format typically is. The court implicitly drew this distinction, willing to uphold the conviction from a First Amendment challenge because of the one-to-one nature of Melchert-Dinkel's "counseling." Had his advice and guidance been less personalized, the court surely would have been more supportive of the underlying First Amendment interests.

Instead, I fear the court was so swayed by the unsavory aspects of Melchert-Dinkel's conduct (such as using fake personalities, making suicide pacts he never intended to keep, and his repeated requests for webcasting) that the opinion was insufficiently protective of the underlying and real First Amendment problems with Melchert-Dinkel's conviction. From my perspective, the statute is unquestionably too broad on its face, so at minimum the court should have limited the statute's application. Melchert-Dinkel's conduct and the suicides it contributed to are tragedies, but so is an opinion that doesn't respect the First Amendment.

Other coverage:

Volokh: Freedom of Speech No Defense for Urging A Particular Person to Commit Suicide (discussing the lower court opinion)

Posted by Venkat at 01:42 PM | Content Regulation

Backpage Gets Important 47 USC 230 Win Against Washington Law Trying to Combat Online Prostitution Ads (Forbes Cross-Post & More)

By Eric Goldman

[I've added some bonus content to the end of this Forbes cross-post]

In 1996, Congress enacted a powerful statutory immunity for user-generated content, located at 47 U.S.C. 230 ("Section 230"). Section 230 says that websites aren't liable for third party content except in three specific situations: intellectual property, communications privacy and federal criminal prosecutions. Over the past 16 years, courts have interpreted Section 230's immunity broadly, giving online providers a robust and predictable way to avoid liability for what their users say and do. As a result, Section 230 has become the foundation for the entire user-generated content industry--and all of the social welfare that goes along with it.

Despite these enormous social benefits, not everyone loves Section 230. With unfortunate frequency, state legislators consider enacting laws that conflict with Section 230's immunity.

Recently, the Washington state legislature enacted one such law in an overzealous effort to shut down online child prostitution. Even worse, the statute indirectly provided a roadmap for other legislatures to enact other laws that could eviscerate Section 230. Last week, in Backpage and Internet Archive v. McKenna, 2012 WL 3064543 (W.D. Wash. July 27, 2012), a federal judge rejected the Washington legislature's efforts, turning the case into a major victory for Section 230 and user-generated content.

Background

As part of a nationwide effort to combat "sex trafficking" and online prostitution, various regulators have tried to shut down online classified ads for "escorts" and other adult services. For many years, Craigslist was the leader for that kind of advertising, and in 2009 the Cook County (Illinois) Sheriff sued Craigslist for facilitating prostitution. A federal judge quickly rejected that lawsuit based on Section 230 because the sheriff was trying to hold Craigslist liable for third party advertisements. (Section 230 jurisprudence is clear that third party advertisements are just as protected by the immunity as other types of editorial content from third parties).

Despite that decisive ruling and the strong likelihood that Craigslist's activities were completely legal, attorneys generals from dozens of states kept hounding Craigslist for offering an "adult services" category. Eventually, despite having won in court, Craigslist gave up and shut down its adult services category.

While that gave the various anti-prostitution regulators a seeming victory, Craigslist's exit from the industry didn't change the underlying marketplace demand or supply for prostitution. As a result, the "escort" ads simply migrated elsewhere--largely to Backpage.com, affiliated with the Village Voice. As the ads migrated, so did the regulators' attention, and Backpage soon experienced the same regulatory fire that had been directed at Craigslist.

In 2011, Backpage won a lawsuit brought by a child prostitution victim on Section 230 grounds. Combined with Craigslist's Section 230, it was clear that any regulator seeking to shut down prostitution ads on Backpage--or any other web publication--would have to overcome Section 230 somehow.

The Washington state legislature thought it found such a workaround. Instead of holding Backpage liable for third party advertisements, SB 6251 imposes an age verification obligation on anyone that publishes online prostitution ads. Websites are criminally liable if they "know" they are publishing prostitution ads that depict underage models, but the statute says the websites have a criminal level of "knowledge" unless they can provide documentary proof that the depicted model is an adult. Thus, simply reviewing the ad and making a visual judgment of the model's age wouldn't satisfy the statute. This way, the statute criminalizes the website's failure to do its verification and record-keeping obligations instead of holding the website liable for the third party advertisements.

The Court's Ruling

In a thorough and thoughtful 39-page ruling, the judge preliminarily enjoins Washington from enforcing the law. (Previously, the judge had issued a temporary restraining order).

The judge said SB 6251 conflicts with Section 230 because (1) it imposes liability based on third party content, and (2) it gives websites a disincentive to monitor their website (in an effort to avoid the requisite "knowledge" that leads to criminal liability), something Congress was trying to encourage websites to do. Thus, by basing liability on a website's "knowledge" regarding third party content, the statute easily sets up the conflict with Section 230.

Washington tried to argue that Section 230 doesn't preempt state criminal prosecutions. While Section 230 expressly excludes federal prosecutions, the judge says it clearly immunizes websites from state criminal prosecutions based on third party content. See also the uncited Voicenet v. Corbett.

The judge enjoined the law on two other grounds as well. First, the judge says that the law probably violates the First Amendment, suggesting (among other reasons) that imposing a content pre-screening obligation on online publishers may cause too much self-censorship. The judge also questions why the legislature couldn't pursue a less restrictive statutory option of holding the advertisers, rather than third party publishers, liable for the advertisements.

Second, the judge says the law probably violates the Dormant Commerce Clause, a Constitutional doctrine that says only Congress, and not the states, can regulate interstate commerce. Personally, I think every state law purporting to regulate the Internet violates the Dormant Commerce Clause, but courts haven't reached that definitive conclusion yet. Nevertheless, this judge comes close, saying "the Internet is likely a unique aspect of commerce that demands national treatment." Thus, he correctly concludes that Washington's attempt to control Internet behavior in Washington would nevertheless cause Internet companies and users interacting wholly outside of Washington to change their behavior, something the Dormant Clause doesn't permit.

Implications

Perhaps we might consider age verification for prostitution ads an acceptable obligation in the abstract, but consider the implications. Other state legislatures could try to impose other types of verification and record-keeping obligations on user-generated content websites. For example, statutes could obligate websites to verify users' identities or geographic locations before allowing the users to publish content, or a statute could require websites to undertake specific obligations (or impose a general obligation) to verify factual assertions in content submitted by users. The statutes could then further impute bad knowledge to the website if they don't satisfy their verification and record-keeping obligations.

Following this basic regulatory structure, statutes like these could undo Section 230's basic immunity structure. They could make websites undertake costly and unwanted verification and record-keeping efforts, which could make it cost-prohibitive for user-generated content websites--especially new entrants to the market. The statutes could slow down and chill user contributions to the discourse. As I was quoted elsewhere in discussing this case, "imagine Twitter without real-time posting." Finally, the statutes could allow government prosecutors and private plaintiffs to hold websites liable for user content for erroneous verifications, resulting in crippling liability exposure. This ruling shuts down all of these potential statutory workarounds.

Unfortunately, a single federal district court ruling is hardly the last word on the topic (indeed, the Washington attorney general office's press release makes it clear they aren't finished with the matter). First, Washington might choose to appeal the ruling, although the opinion is solidly constructed and should fare well in the Ninth Circuit.

Second, state legislators will keep passing laws that conflict with Section 230. After all, state legislatures routinely and knowingly enact laws that obviously violate U.S. Supreme Court precedent, rationalizing that it's the legislators' job to pass laws and it's the judicial system's job to decide if those laws are constitutional. However, I don't see an easy way for state legislatures to work around the First Amendment and Dormant Commerce Clause deficiencies identified in this opinion, even if they could somehow work around the Section 230 conflict.

Third, the anti-online prostitution forces could rally to try to amend Section 230. Over the years, many special interest groups have talked about amending Section 230, but those efforts have rarely gone anywhere. I'd be surprised if this issue could lead to succeed where the other issues haven't. Amending Section 230 to address online prostitution would be a spectacularly bad idea for reasons I explained here.

For now, this opinion helps preserve the vitality of Section 230. That's something to celebrate.

Bonus: In a separate move, three Washington teenagers recently sued Backpage for facilitating child sex trafficking. See the News Tribune story. I'm still looking for a copy of the complaint, but on the surface it sounds just like the M.A. suit against Backpage, and I don't see it being any more successful at getting around the 47 USC 230 immunity.

UPDATE: Here is the complaint. J.S. v. Village Voice Media Holdings, LLC (Wash. Superior Ct. complaint filed July 27, 2012).

Bonus #2: The case library:

* Backpage Reply Supporting Preliminary Injunction
* Internet Archive's Reply Supporting Preliminary Injunction
* Washington's Opposition to Preliminary Injunction
* Attorney General's Opposition to Preliminary Injunction
* Motion granting Internet Archive's intervention
* TRO ruling. Blog post.
* Backpage's TRO motion
* Complaint
* Washington SB 6251 bill page and bill text

Posted by Eric at 09:08 AM | Content Regulation , Derivative Liability , Marketing | TrackBack

July 28, 2012

4th Circuit Limits the Reach of the Computer Fraud and Abuse Act – WEC Carolina Energy Solutions v. Miller

[Post by Venkat Balasubramani, with comments from Eric]

WEC Carolina Energy Solutions LLC v. Miller, et al., 2012 WL 3039213 (4th Cir.; July 26, 2012)

We’ve blogged about the Computer Fraud and Abuse Act being stretched by plaintiffs in civil (particularly employment) cases. The Ninth Circuit in Nosal recently gave the statute a more limited interpretation, although it left some things unclear. (Here's our blog post on the Nosal en banc panel opinion: "Comments on the Ninth Circuit's En Banc Ruling in U.S. v. Nosal.") The Fourth Circuit recently followed Nosal’s approach and went one step further. Both of these rulings make it much more difficult for employers to use the Computer Fraud and Abuse Act against departing employees.

Miller worked at WEC. He resigned and made a proposal to a WEC customer on behalf of WEC's competitor, Arc Energy Services. WEC alleged that Miller used WEC proprietary information when he made this presentation and that, at Arc’s direction, he downloaded these materials before he left WEC.

Like most companies, WEC had a policy in place that restricted employees from misusing confidential information and trade secrets. The policy prohibited employees from using WEC information without authorization and also prohibited them from downloading the information to their personal computers. The key question was whether use of information in violation of the policy--but which was obtained from a computer that Miller was otherwise authorized to access--violated the access “without authorization” or “exceed[ed] authorized access” provisions of the CFAA.

The court notes the differing schools of thought on this issue, including the narrower interpretation embraced by the Ninth Circuit in Nosal. Given the CFAA is a criminal statute that also provides for a civil cause of action, the court says it should be construed strictly and courts should avoid interpretations “not clearly warranted by the text” (so potential defendants get fair warning that their conduct is unauthorized). Looking to the dictionary definition of “authorization” and the CFAA’s definition of “exceeds authorized access,” the court says that (1) without authorization refers to a situation where someone is not authorized to access a computer and accesses it, and (2) exceeds authorized access refers to when someone:

Has approval to access a computer, but uses his access to obtain or alter information that falls outside the bounds of his approved access. . . . Notably, neither of these definitions extends to the improper use of information validly accessed.

WEC pushed the position embraced by the original Nosal panel (that was subsequently vacated on rehearing) that inclusion of the word “so” in the definition of exceeds authorized access referred to the manner of access. Under this theory, if you violate a company policy when you use information, you have accessed the information “in a manner” that you are not authorized to do so. The Fourth Circuit says this conclusion is a “non sequitur.” In any event, the Fourth Circuit says that the Ninth Circuit’s en banc decision abandoning this approach made more sense.

The Fourth Circuit actually goes one step further and says that although Miller and the other defendants downloaded the information to their personal computers (which is arguably a “manner of access” expressly not authorized under WEC’s network policy and may even under the Nosal en banc panel's approach be enough to state a claim), even this is insufficient to state a cause of action under the CFAA. The Fourt Circuit says that inclusion of the word “so” in the definition of “exceeds authorized access” could just be a connector or included for emphasis, and doesn’t necessarily indicate an intent to prohibit the manner of access. Given that this is a criminal statute, the court is reluctant to construe it in a way that creates liability where the language is not 100% clear. (The court also notes that Nosal’s approach—that focuses on the manner of access—would capture the well intentioned employee who has no fraudulent intent but happens to download materials to his or her personal computer in order to work from home.)

The court also expressly rejects the “cessation-of-agency” theory espoused by the Seventh Circuit. Under this theory, if you use the network in breach of your implied duties, or you technically violate the policy and therefore are no longer authorized to utilize your employer’s network, your ongoing access of your employer’s network is in violation of the CFAA. The court says that this approach would suck in “millions of ordinary citizens” who happen to check Facebook or sporting event scores while at work.
_____

As the court acknowledges at the end of its opinion, this basically (mostly) shuts the door on employers using the Computer Fraud and Abuse Act against employees. While acknowledging that the decision will "likely will disappoint employers hoping for a means to rein in rogue employees," the court notes that employers are not necessarily out of luck. They have a panoply of other claims available to them, including misappropriation of trade secrets, conversion, tortious interference, and civil conspiracy.

I'm not a Court watcher, but the CFAA cases were long thought to have been likely candidates for Supreme Court review, given the differing interpretations of the Circuit courts. I would think this case makes the possibility of such review even more likely.

I'm curious about how this case affects the availability of a CFAA claim in the scraping context. I thought the court's comment about the viability of a CFAA claim where an employee is authorized to access a computer or network but not necessarily authorized to access certain categories of information left things somewhat unclear. Is the court talking about technical restrictions on the access to information or a policy-based restriction? Obviously the latter approach still leaves some room for employers to limit authorization for the access to information by certain employees and bring CFAA claims when these employees access such information.
_____

Eric's Comments

1) This case answers one of the open questions from the Nosal case: was Nosal limited to criminal CFAA prosecutions, or would it extend to civil cases as well? Following in Nosal's footsteps, this court interprets the civil CFAA claim narrowly in light of the statute's criminal angle. This bodes well for reining in the CFAA's footprints across all types of CFAA cases, not just employment cases.

2) Overall, this case illustrates how the CFAA wasn't designed for the employment context, and especially not for an era when many employees have company-issued computing devices (computers, laptops, tablets, PDAs, cellphones, etc., etc.). Like Nosal, this court implicitly rejects the argument that the CFAA automatically regulates the workplace simply because everyone uses company-supplied technology as part of their ordinary work patterns.

3) As a result, although plaintiff lawyers will keep pleading CFAA in employment cases for years, I think we're nearing the end of the CFAA as a standard claim in employer lawsuits against ex-employees.

4) While that may be good news, readers should pay close attention to the Protecting American Trade Secrets and Innovation Act of 2012. Perhaps the bill will go nowhere, but if it does, it would be a major step towards creating a general purpose federal cause of action for trade secret misappropriation. So as the CFAA wanes in importance in the employment context, a new federal trade secret claim ultimately could eclipse it.
_____

Other coverage:

Fourth Circuit: Computer Use Policies Don't Create CFAA Liability (Tom O'Toole)

Posted by Venkat at 09:14 AM | Privacy/Security , Trade Secrets , Trespass to Chattels

July 25, 2012

Franchisor Isn't Liable Under the TCPA for Franchisees' Text Message Campaign – Thomas v. Taco Bell

[Post by Venkat Balasubramani with comments from Eric]

Thomas v. Taco Bell Corp., SACV 09-01097-CJC(ANx) (C.D. Cal.; June 25, 2012)

Thomas allegedly received unauthorized text messages as part of an advertising campaign for Taco Bell's Nachos BellGrande ("[a] large platter of crisp, freshly prepared tortilla chips covered with hearty beans, seasoned ground beef, warm nacho cheese sauce, diced ripe tomatoes, and reduced fat sour cream"--I'm sure they taste as glorious as they sound).

The text messages in question were organized by the “Taco Bell Local Owners Advertising” association, an Illinois entity comprised of 12 owners of Taco Bell stores in the Chicago area. The Association retained ESW Partners, an advertising agency, who then contracted with ipsh!net, who actually sent the messages. Taco Bell Corp., the national franchisor, had some influence over the Association’s activities through a seat on the Association’s Board of Directors, and control of the pursestrings (the funds that were used by the Association for advertising were controlled by a division of the national franchisor). While the Association was free to conduct its own separate advertising, where funds from Taco Bell (the franchisor) were used to pay for a campaign, approval from Taco Bell was required. In this case, a division of Taco Bell ended up paying for the advertising campaign.

She sued several different entities in the chain alleging violations of the TCPA, but amended the complaint to name only two defendants: Taco Bell (the national franchisor) and the Association. The Association was dismissed on jurisdictional grounds. Another defendant was dismissed earlier on jurisdictional grounds as well. The key question was whether Taco Bell (the franchisor) could be on the hook for any alleged TCPA violations.

The court says that the TCPA imposes liability on someone who actually “makes” a call that violates the statute. While Thomas argued that the TCPA also imposes liability on someone on whose behalf the call was made (i.e., any party that “receives benefit from the text message”) but the court says that the language and intent of the TCPA does not envision derivative liability on such a broad standard. In the absence of a specific basis of vicarious liability, traditional (agency) standards govern. A principal-agent relationship, the court says, “means more than passive permission; it involves request, instruction, or command.”

The court says that Thomas’s evidence falls short in this regard. Thomas did not present any evidence that Taco Bell (the franchisor)

directed or supervised the manner and means of the text message campaign conducted by the Association, and its two agents, ESW and ipsh!. She presented no evidence . . . that Taco Bell created or developed the text message. Nor did she present any evidence . . . that Taco Bell played any role in the decision to distribute the message by way of a blast text.

Thomas argued that the existence of a policy under which Taco Bell would pay for the Association’s advertising demonstrated that Taco Bell controlled the advertising, but the court says that approval of the campaign is different from control over “the manner of marketing”. Thomas also argued that the presence of a Taco Bell employee on the Association’s Board of Directors and the fact that the employee cast a vote to approve this campaign also reflected the requisite control. The court says this is insufficient to create the type of agency relationship required for derivative liability under the TCPA. Thomas tried to marshal some other evidence in support of agency liability, but the court says this is all anecdotal and doesn’t reflect Taco Bell’s control over the means of marketing.

This could be somewhat of a blockbuster ruling under the TCPA. The big TCPA case out of the Ninth Circuit didn’t rule on derivative liability but made it painfully easy to sue anyone who sent an unsolicited text. (See Satterfield v. Simon & Schuster.) Incidentally, ipsh!, the entity that sent the messages in this case, was also involved in Satterfield and was actually a defendant in that case, but the Ninth Circuit did not delve into the relationship between ipsh! and Simon & Schuster from the standpoint of legal liability.

In the context of unsolicited text messages, Satterfield has been a boon for plaintiffs, and they have taken full advantage of the resulting litigation bonanza. We've blogged a bunch about TCPA cases, but this post from Tom O'Toole talks about a hockey team being sued for sending text messages ... to its fans!

The big question this case raises is whether this is just an instance of a plaintiff not having the right defendant available on the other side of the v., or whether it somehow changes things as far as plaintiffs’ attempts to hold advertisers—rather than their marketing agencies—liable. I would think it’s more of the former. Here, the plaintiffs sued multiple entities and at one point amended the complaint to name only the parent entity and the association. I'm not 100% clear as to why the plaintiff did not name ipsh. (It's possible plaintiffs settled with ipsh or there's some other explanation, other than the obvious issue of personal jurisdiction, for why the franchisor and association ended up being the only defendants.)

Interestingly, plaintiffs have been stymied consistently in trying to smack defendants with affiliate liability in lawsuits under CAN-SPAM. (See the cases mentioned in this post.) Might we see a similar dynamic play out in future TCPA lawsuits? (See also Anderson v. Domino's Pizza, Inc., et al., for a similar result under state law in a text spam case brought in Washington.)

FWIW, I predict this one will be appealed.
_________

Eric's Comments

Even though Ipsh wasn't in the courtroom, the ruling throws Ipsh under the bus, saying that Ipsh pushed the button on the campaign and therefore would be the prime mover behind any TCPA violation. If the campaign violated the TCPA, Ipsh would have been legally liable--perhaps along with other defendants, but possibly as the only defendant left holding the bag. Ipsh can try to put into place an airtight indemnity agreement with its customers (though those are rarer than unicorns), but this ruling can't be a confidence-booster about the vitality of its text-messaging business line. I further wonder if this ruling will spook the marketing services companies providing email campaign outsourcing? They are governed by a different statute, but they too are the ones who "push the button."

Meanwhile, assuming the facts are true, I don't understand how this text-messaging campaign got greenlighted given the obvious legal risks. Sure, it would be great to reach texting young adults who have the munchies via their most precious device, but text-messaging campaigns are always fraught with legal peril. When you add in the Grande legal costs of defending the resulting lawsuits--and the plaintiff lawyers love these kinds of lawsuits--the per-text-message costs of reaching 17,000 consumers never had a chance of being profitable no matter what the conversion rate of such ads. Plus, this isn't Taco Bell's first ride at the text-messaging litigation rodeo.

To me, the message is clear: text-messaging ad campaigns are lawsuit bait. Until the law becomes clearer and more favorable, marketers should permanently retire text-messages from their marketing campaign toolkits.

Posted by Venkat at 09:45 AM | Content Regulation , Derivative Liability , Marketing , Privacy/Security , Spam

July 23, 2012

Ex-Spouse Hit With 20K in Damages for Email Eavesdropping – Klumb v. Goan

[Post by Venkat Balasubramani]

Klumb v. Goan, 09-cv-115 (E.D. Tenn.; July 19, 2012)

Klumb, described by the court as “a wealthy man,” met and married Crystal Goan, a law student who later became a lawyer. As the court describes it, the relationship was “fraught with concerns of fidelity from the very beginning.” Before the two were married, Goan purchased Spectorsoft’s eBlaster product. She surreptitiously installed copies of eBlaster on officer computers that Klumb regularly used. As the court notes, eBlaster is a software program “that can perform various spyware functions.”

Goan used eBlaster to keep track of Klumb’s emails. She also intercepted three emails sent to Klumb and altered the emails to make it look like “[the sender] and [Klumb] were having an affair.” Apparently a finding of infidelity altered the split of property between the parties under the prenuptial agreement in place between the parties and under an agreed order entered in the divorce case that was initiated when the marriage soured. (As a sidenote, the court finds that after Klumb and Goan signed the agreed order, “defendant substituted one or more pages of the agreed order with new pages which included paragraph 5 [the part of the agreement that altered the property split upon a finding of infidelity].” While the installation of eBlaster and email snooping was bad enough, the court's discussion about the various versions of the agreed order and the prenuptial agreement does not paint Goan in a very positive light.)

The court takes into account the overall context of the dispute, and after noting that focusing a “wide lens” on the dispute will result in the “regrettable and unavoidable airing of dirty laundry,” recounts the factual background and testimony in painful detail.

As far as the legal issues, the court does not have any trouble finding that Goan’s interception of Klumb’s email violates the federal Wiretap Act and its Tennessee counterpart. Goan argued that the software did not intercept Klumb’s emails while they were in transit, but citing to US v. Szymuszkiewicz the court says that interception contemporaneous with receipt is interception just the same. The court rejects Goan’s defenses based on consent and based on the divorce settlement between the parties.

The court awards statutory damages in the amount of $10,000. Klumb asked for a greater statutory amount--a separate damage award for each instance in which Goan installed eBlaster on Klumb’s computers--but the court says that a plaintiff can only get more than the $10,000 statutory amount if “violations . . . occurred on more than one hundred separate days.” The court also tacks on $10,000 in punitive damages based on Goan’s “egregious conduct,” and awards Klumb fees and costs.

There’s not a whole lot to say about this dispute. Spouses (and girlfriends/boyfriends) resist the temptation to eavesdrop on email. Just don’t do it! It goes without saying that if you’re a lawyer you should pay particular attention to this admonition. Also, the scenarios in which use of software such as eBlaster is legally in the clear are probably much narrower than you think. It’s worth consulting with a lawyer before deploying this software (although in this situation it probably would not have helped, given that Goan was herself a lawyer).

A final note is that we’ve seen a few cases of email eavesdropping where liability was established but the damage awards ended up being less than blockbuster (Pure Power Boot Camp v. Warrior Fitness Boot Camp; Van Alstyne v. Electronic Scriptorium; see also Hillstone Restaurant Group v. Pietrylo).

Posted by Venkat at 04:41 PM | Evidence/Discovery , Privacy/Security

July 21, 2012

Offering P2P File-Sharing Software for Downloading May Be Copyright Inducement--David v. CBS Interactive

By Eric Goldman

David v. CBS Interactive Inc., CV 11-9437 DSF (C.D. Cal. July 13, 2012). The complaint.

When the Grokster Supreme Court opinion came out in 2005, there was a lot of confusion about the relationship between copyright "inducement" and contributory/vicarious infringement. Did the Supreme Court announce a new basis of derivative liability, or was inducement just a subset of contributory infringement? We haven't gotten a crystal-clear answer over the years, but this case provides a resounding one: the court says the defendants in this case may be liable for inducing infringement even though they aren't liable for contributory or vicarious infringement. Because this case demonstrates that inducement can completely bypass the existing derivative liability scheme, it's troubling.

The entire lawsuit is crazy. CBS now owns Download.com, a CNET property. Download.com distributed P2P file-sharing software along with a lot of other software. Users who downloaded P2P file-sharing software then used it in unknown ways, but presumably some of them used it to infringe. This sets up a "tertiary liability" claim against Download.com, where the software users are (in theory) the infringers, the P2P software manufacturers are the secondary infringers, and Download.com is a tertiary infringer by supporting the secondary infringer who supports the direct infringer. In case you were wondering, as far as I can tell, Section 512 doesn't apply because Download.com wasn't hosting the software at a user's direction (their editors chose which software to host) and Download.com wasn't linking to third party websites to complete the downloads (the software was delivered off Download.com's servers).

The court understood the problems with tertiary liability. Relying heavily on Perfect 10 v. Amazon, the court grants the motion to dismiss the contributory and vicarious copyright infringement claims.

On contributory infringement, the court says that Download.com lacked specific knowledge of users' infringing acts. Download.com's general knowledge that users could infringe with P2P file-sharing software wasn't enough; and the fact that Download.com gave examples of software use to download copyright-protected files didn't change this element (more on this in a bit). The court further rejects that Download.com made a material contribution to the infringements because Download.com didn't offer any infringing files from its website, "Defendants could not take simple steps to stop the infringement" because stopping further software downloads wouldn't cut off infringement by the software already downloaded, and "courts have yet to find contributory liability based on a tertiary actor’s conduct."

On vicarious infringement, the court says:

Defendants control whether infringing third parties can access the P2P software through their site, but do not have the right to stop users from using the software to download copyrighted material illegally. Similar to the search engine in Perfect-10 Amazon, Defendants exercise control over their index and search results, curating the programs available through their services. This does not equate to control over direct infringement.

This result is consistent with courts' rejection of other tertiary liability claims. See, e.g., Elsevier v. Chitika and UMG v. Veoh (the ruling involving Veoh's investors).

OK, so far so good--no tertiary contributory or vicarious infringement. But then the court held that the plaintiffs nevertheless properly alleged an inducement claim based on the following allegations:

Plaintiffs allege that Defendants distributed several P2P programs, and reviewed the programs in relation to other P2P programs known for copyright infringement, such as Napster and Limewire....Plaintiffs also allege that Defendants posted videos to their websites demonstrating how to use specific P2P programs by searching for songs by copyrighted artists, and posted articles and how-to guides that included references to Napster, Limewire, and downloading copyrighted material.

Notice the inference here: Napster and LimeWire were "known for copyright infringement," so merely comparing a software program to those "bad" actors is verboten? Seriously? The defendants point out the possible free speech implications, but the court doesn't care:

Defendants here are alleged to have distributed specific P2P software, while simultaneously providing explicit commentary on that software’s effectiveness in infringing copyright. Such behavior moves beyond opinion into the realm of conduct and does not directly implicate any First Amendment issues.

The court then sends a strong--and harsh--message to Download.com that it may want to settle:

This is not a particularly close or challenging case for inducement based on the facts alleged. Here, Defendants are alleged to have taken the unusual and ill-advised steps of distributing software programs that are capable of widespread copyright infringement while simultaneously demonstrating how to infringe copyrights using that software and evaluating the various programs as to their effectiveness in copying copyrighted material....It would not be difficult to avoid liability by either (1) only providing editorial content without distributing the software or (2) distributing the software without demonstrating or advocating its use for violating copyrights. The Court is confident that most reasonable parties could find their way to accomplish their general goals without running afoul of inducement liability.

As far as I can recall, this is the first time an inducement claim has survived when the contributory and vicarious infringement claims were expressly rejected. Am I'm forgetting any case? I believe Arista v. LimeWire and Columbia v. Fung, two flagship inducement defense losses, never completely rejected the contributory or vicarious infringement claims even though their outcomes also turned on inducement.

This case illustrates an ongoing lesson that a defendant's advertising/marketing can affect the copyright analysis. Inducement allegations often focus on marketing copy, so it's essential that any player dealing with sensitive copyright issues run all marketing copy by competent counsel. This case further extends inducement to "editorial" content. As the court says, the principle is easy enough to comply with; indeed, I thought by now everyone knows that you should never provide examples demonstrating how to download files under copyright protection--just use public domain examples instead. If Download.com didn't run a tight enough ship, this judge appears to be eager to throw Download.com under the bus.

I would be more troubled by this ruling if I thought it had any applicability outside the P2P file-sharing context, but I doubt it. Instead, I see this case as yet another P2P exceptionalism case, where copyright law goes into a weird distortion field any time it gets near P2P file-sharing. Basically, P2P file-sharing software has developed such a toxic brand that judges treat anyone who touches it as evil. That's wrong as a matter of the facts--P2P file-sharing software can be used for both social beneficial and infringing activities--and should be wrong as a matter of law.

Still, any time inducement succeeds on a standalone basis, it just encourages more tertiary liability-style lawsuits both in and outside the P2P file-sharing software context. Just what we need.

Posted by Eric at 11:20 AM | Copyright , Derivative Liability , Marketing | TrackBack

July 19, 2012

Judge Koh Puts the Kibosh on LinkedIn Referral ID Class Action -- Low v. LinkedIn

[Post by Venkat Balasubramani]

Low v. LinkedIn, 11-CV-01468-LHK (N.D. Cal.; July 12, 2012)

This case involves the fact that LinkedIn put users' unique identifiers into its URLs, allowing advertisers (and others) to associate that unique identifier with users--and, potentially, access the info on their profile pages--when they clicked on a link on LinkedIn. Judge Koh had previously dismissed the case with leave to amend. Low amended his complaint, and the second time around Judge Koh dismisses it with prejudice. Here’s our blog post on the initial dismissal of the lawsuit: LinkedIn Beats Referrer URL Privacy Class Action on Article III Standing Grounds--Low v. LinkedIn.

Standing: citing to Edwards v. First American Corp. and Jewel v. NSA, the court says that plaintiffs have alleged violations of statutory rights as well as (state) constitutional rights and get over the standing hurdle.

Stored Communications Act: Plaintiffs’ claims under the Stored Communications Act claims require the plaintiffs to show that LinkedIn provides either “remote computing services” or “electronic communication services.” The court also says that the analysis looks to whether LinkedIn was acting in this capacity with respect to the particular information that was allegedly wrongfully disclosed. In this case, the court concludes that the LinkedIn was not functioning as a remote computing service with respect to the LinkedIn user ID and URL of the profile pages that the user used to view third party profiles. The unique IDs are created by LinkedIn for its own purposes and are not sent to LinkedIn for storage or processing by plaintiffs.

Invasion of Privacy: The court says that invasion of privacy claims must meet “high standards” for the types of invasion that are actionable—“there must be an egregious breach of the social norms underlying the privacy right.” The court says that disclosure of the LinkedIn ID and the profile page is not the type of information that amounts to a serious invasion. Additionally, although plaintiffs claimed that the information could be used to glean plaintiffs’ browsing history and used to identify plaintiffs, there was no allegation that this actually occurred.

False advertising law: Plaintiffs failed to allege reliance on any purported misrepresentations by LinkedIn. Although one of the named plaintiffs had paid for a premium LinkedIn subscription and satisfied the monetary loss elements, the court still finds that there was no allegation that plaintiffs viewed any representations within LinkedIn’s privacy policy and made a purchasing decision based on these representations.

Breach of contract: Plaintiffs’ breach of contract claims fails because they have not alleged sufficient damages. The sole basis for damages is the loss in value to plaintiffs’ information. The court again reiterates skepticism that this has value in plaintiffs’ hands to begin with, but she says that even if it does, any sort of diminution in value would not be a cognizable form of contract damages.

Other claims: The court also dismisses the claims for conversion (browsing history and personally identifiable information is not property); unjust enrichment (no standalone claim); and negligence (no damages).
__

In his comments to the original post about this case, Eric noted that this was a “low-merit” privacy lawsuit that had little chance of success the second time around. Sure enough, Judge Koh dismantles plaintiffs’ claims and sends them packing.

It’s worth noting that the FTC’s enforcement action against MySpace involved allegations against MySpace that were somewhat similar to the plaintiffs’ allegations against LinkedIn in this case: in both situations, the companies involved allowed third parties to tie the user’s unique identifiers with their public profiles. (See Ed Felten’s blog post on the MySpace settlement--"Syncing and the FTC's MySpace Settlement"):

What made the possible syncing problematic in the case of Myspace was that (1) Myspace enabled ad networks to use Myspace’s Friend ID pseudonym to get personal information about the associated user, and (2) Myspace promised its users that it would not share that personal information with third parties.

The FTC has been increasingly aggressive in its enforcement actions around the privacy practices of online entities. While the court ruled that LinkedIn could not be held liable in a civil lawsuit brought by plaintiffs, it’s an open question as to whether these practices could land it in the crosshairs of the FTC.

Other coverage:

InsidePrivacy: Low Case Against LinkedIn Dismissed In Its Entirety
FourthAmendment.com: N.D.Cal.: LinkedIn not a remote computing service and does not provide electronic communication services, so it can't be sued under SCA

Posted by Venkat at 08:57 AM | Licensing/Contracts , Marketing , Privacy/Security , Publicity/Privacy Rights

July 18, 2012

Why Defensive Domain Name Registrations Aren’t a Good Deal for Small Businesses (Forbes Cross-Post)

By Eric Goldman

[Introductory note: every article has a backstory, but some backstories are more complicated than others. Earlier this year, I was commissioned by a well-known publication to participate in a point/counterpoint regarding registering domain names in new TLDs. The publication wanted me to argue against small businesses registering domain names in new TLDs, and my piece was to be companioned with a counterpoint piece arguing in favor of registering in new TLDs. After several drafts by me, the publication felt my article (presented below) wasn't extreme enough; they wanted me to argue that small businesses NEVER should register in a new TLD under any circumstance. Because I couldn't argue that in good conscience, the publication paid me a nominal "kill fee" and cut me loose. I'll be interested to see if you think my position wasn't extreme enough--or perhaps too extreme already! (Feel free to comment at the Forbes cross-post). In any case, I wished the publication good luck finding a credible non-shill who would espouse such a hard line and put this draft into the blog queue for the requisite embargo period. That's now over, so I'm delighted to share with you what they paid me to write:]

Conventional wisdom says businesses should preemptively buy domain names to keep them out of the hands of competitors, griping customers, pornographers or other malefactors. This process is sometimes called “defensive” domain name registration.

In theory, defensive registrations save money. For a relatively low upfront cost (a single .com domain name costs about $10 a year), a business avoids spending thousands or even hundreds of thousands of dollars trying to get the name back from a malefactor—if it’s possible to get the name back at all.

This conventional wisdom plays on the worst fears of small businesses: If you don’t buy lots of domain names right now, you will forever lose control of your brand, and then you will lose your customers. Your business will be destroyed because you were too cheap to spend a few extra bucks buying just one more low-cost domain name.

Don’t fall for these scare tactics. They are part of a cynical sales pitch from domain name vendors hoping to get your hard-earned money by manufacturing new opportunities for mischievous domain name registrations—and then making you pay to prevent that possibility.

It’s easy for businesses, especially small businesses, to overspend on domain names. [For an example, see the story of Nuts.com.] A small business' domain name portfolio should consist of one, or at most a handful, of domain names for each brand it uses. A well-chosen domain name, tied to each brand you have, will reinforce your customers’ brand perceptions of you and make it easy for your customers to find you. If you have that, you’ve got what you need. For most small businesses, other domain names are a waste of money.

Think about how your customers will find you. Most customers will find you via search engines or through social media. Some will type in your domain name into their browsers; of those, some folks will mistype your domain name, but often their browser will prompt them to correct the error. No one guesses domain names any more.

So if you control a domain name where your customers can find you, congratulations…and mission accomplished! Does it really matter what other people do at other domain names? These domain name registrations out of your control might be frustrating, but they are typically inconsequential to your goal of maximizing your profits. You’ll only really want to respond when domain names use your trademarks to confuse your customers, and only then when enforcing your trademarks is cost-benefit justified.

Indeed, no matter what you do, malefactors will be able to register variations of your brand as domain names if they want. There are simply too many domain name registration possibilities for you to preempt them all. There are hundreds of top-level domains; plus obvious variations of the brand name (i.e., “brandsucks.TLD” or variations with dashes or hyphens); plus typographical errors of the brand. All of that adds up to hundreds or thousands of possible domain name purchases for each brand you have. And as new top-level domain names keep rolling out, each time you'll be cajoled to buy more.

Most businesses, especially small businesses, do not get good value from a big portfolio of stockpiled domain names being held “just in case.” You’re spending money to procure and maintain assets that you aren’t using and may never use. For most small businesses, these unused assets produce a poor return-on-investment (ROI).

So what should small businesses do as top-level domains keep expanding? You should treat domain name purchases as another marketing expense and, as usual, invest your marketing dollars to yield the highest ROI.

You’ll usually get better investment returns from ensuring existing and new customers can find you than in investing in unused domain name assets. Take the dollars you might spend on domain names and invest in improving your website’s search engine rankings (i.e., search engine optimization), buying search engine advertising to reach new customers (i.e., search engine marketing) and running social media promotions. After all, search engines and social media are where most of your customers will find you.

You should also invest your marketing dollars into improving your goods or services. In the end, the single best way to compete is to deliver more value to your customers than your competitors deliver. In the Internet age, if you have something unique to offer, your customers will evangelize you. Give them more reasons to sing your praises.

With the launch of each new top-level domain, the marketers will tempt—or scare—small businesses into wasting their money on new domains. Resist that urge. Instead, develop a sound plan for spending your marketing dollars, stick with it, and have no regrets.

Posted by Eric at 09:32 AM | Domain Names , Marketing , Trademark | TrackBack

July 17, 2012

PissedConsumer Defeats Trademark Claim...On a Motion to Dismiss!?--deVere v. Opinion Corp.

By Eric Goldman

deVere Group GmbH v. Opinion Corp., 2012 WL 2884986 (E.D.N.Y. July 13, 2012)

Here's something you don't see every day: a trademark infringement lawsuit defeated for lack of consumer confusion--on a 12b6 motion to dismiss. For several years, trademark academics have been discussing ways to create a "fast lane" for unmeritorious trademark cases. I don't recall ever discussing the possibility of adjudicating likelihood of consumer confusion on a motion to dismiss (where the legal standard requires the judge to treat the plaintiffs' allegations as true) because that was just too crazy--even though it does provide the desired "fast lane" without resorting to murky statutory issues like the "trademark use in commerce" requirement. Still, I can't imagine this fast lane will survive appellate review, so we shouldn't get too excited yet.

The plaintiff is a Swiss financial consulting company. The defendant in this case is PissedConsumer, a gripe site for consumer complaints. PissedConsumer has superseded Ripoff Report as the leading gripe site defendant, as I've blogged three other PissedConsumer cases in the past 7 months (Ascentive, Vo and Amerigas).

In the recent Amerigas ruling (not cited in this opinion), the court denied PissedConsumer's 12b6 motion to dismiss the trademark claim. This court reaches the opposite conclusion. The uncited Vo ruling similarly granted PissedConsumer's motion to dismiss for the trademark claim, but unlike this ruling, that was in state court and the trademark ruling was overshadowed by other aspects of the case (which is part of the reason I didn't put 2+2 together when blogging that opinion). However, like the Vo court, the state court judge effectively gave no deference to the plaintiff's allegations, which seems like it could be a problem if subsequently challenged.

Back to the deVere opinion. Running through a truncated likelihood of consumer confusion mutli-factor analysis, the court says PissedConsumer isn't deVere's competitor, there's no chance PissedConsumer will "bridge the gap" to become a competitor, deVere didn't allege bad faith and deVere didn't allege actual consumer confusion. The court bypasses the remaining factors, something an appeals court probably won't do. Instead, the court says that judicial precedent has held that gripe sites don't create consumer confusion. Pointing to the Ascentive case, the court says:

there is no likelihood that a consumer visiting PissedConsumer.com would mistakenly believe that deVere sponsored or approved the contents of that website. The term “pissed” in the website name is clearly negative, as is the commentary on the website about deVere’s services – terms like “stole,” “WARNING,” “fraudsters,” and “scams” figure prominently.

To overcome this, the plaintiffs invoked the doctrinal crutch of initial interest confusion. The court doesn't want to hear it:

The doctrine is not applicable here. PissedConsumer.com does not divert Internet users away from deVere’s website because deVere does not have a website that competes for business with PissedConsumer.com; Opinion Corp. provides a forum for customer criticism of businesses, while deVere provides financial services....Initial interest confusion does not arise “in circumstances where the products in question are used for substantially different purposes and therefore the merchants are not in close competitive proximity.” Big Star Entertainment, Inc. v. Next Big Star, Inc., 105 F. Supp. 2d 185, 209-10 (S.D.N.Y. 2000). Accordingly, deVere’s allegations “do not create any plausible inference of intentional deception”; there is no risk that a customer seeking deVere financial services would mistakenly visit and divert their business to PissedConsumer.com. Cintas, 601 F. Supp. 2d at 579.

On the one hand, deVere may have just failed to marshal the right allegations into its complaint, a fairly easy thing to correct. On the other hand, everything the court says is 100% correct, and kudos for this judge pulling the trigger early rather than letting a bogus trademark case fester at significant expense to both parties. In my opinion, this result is what should be happening. Sadly, I fear an appellate panel will unwind this judge's bold move.

UPDATE: Rebecca sent some other recent examples of trademark claims failing on a motion to dismiss, including The Hangover II case, Forest River v. Heartland RV and Architectural Mailboxes v. Epoch.

Posted by Eric at 11:22 AM | Trademark | TrackBack

July 16, 2012

Announcing a New Casebook: “Advertising & Marketing Law: Cases & Materials” by Tushnet & Goldman

By Eric Goldman

I’m thrilled to announce the public release of a new casebook, Advertising & Marketing Law: Cases and Materials by Rebecca Tushnet and me. We are publishing the book as a DRM-free PDF download at Scribd for only $10. [UPDATE: We are also selling the book via Gumroad with less hassle for buyers--give it a try.] The book is 870 pages and nearly 400,000 words of advertising and marketing law nirvana—a massive 40MB file chock full of photos (often showing the ad copy at issue), edited cases, explanatory narrative, tables/charts, diagrams and more. You’ll laugh, you’ll cry, and you may even want to do a jig. You can see the detailed table of contents at Scribd. The chapter titles:

Chapter 0: Preface
Chapter 1: Overview
Chapter 2: What is an Advertisement?
Chapter 3: False Advertising Overview
Chapter 4: Deception
Chapter 5: Omissions and Disclosures
Chapter 6: Special Topics in Competitor Lawsuits
Chapter 7: Other Business Torts
Chapter 8: False Advertising Practice and Remedies
Chapter 9: Copyrights
Chapter 10: Brand Protection and Usage
Chapter 11: Competitive Restrictions
Chapter 12: Featuring People in Ads
Chapter 13: Privacy
Chapter 14: Promotions
Chapter 15: The Advertising Industry Ecosystem—Intermediaries and Their Regulation
Chapter 16: Case Studies

If you want to get a sense of the entire book, we’ve posted a free sample chapter (Chapter 12 about publicity rights and endorsements) to SSRN.

Although the book is targeted at law students, I think many other folks—students in other disciplines, lawyers, marketing and other businesspeople, policy-makers, etc.—will find the book a cost-effective and rewarding way to better understand a complicated and multi-faceted topic.

About Scribd: Scribd is a horribly limited platform for eBook publishing (and for doing just about everything else). [Among other limitations, I believe it only completes sales with US residents, and (for no good reason at all) it requires buyers to log in via Facebook to complete the purchase. If you can't complete a purchase via Scribd due to these limitations, email me and we'll set up a PayPal transaction.] [Update: I got an email from Scribd informing me that they just opened up international sales, and you must be logged into Scribd to make the purchase and you can (if you navigate around) find a way to log into Scribd without connecting with Facebook.] We are working on moving away from Scribd to a better eBook publishing platform...once we figure out what that is. If you have any recommendations, please email me.

Some of the many reasons why I’m so excited about the public release:

1) The Price. Compared to 99 cent or free eBooks, a $10 downloadable book may sound expensive. But, compared to the typical law school dead-trees casebook, $10 is a ridiculous bargain. Many print casebooks of comparable size cost $150 or more. In an era of rising tuition and hyper-competition for jobs, we just couldn’t justify asking students to pay that much.

Even better, a DRM-free PDF is more functional for readers than dead-trees books. Readers can load it onto laptops or other portable devices (although, as a PDF, it’s not completely mobile device-friendly—something we’re working on) and can copy it onto all of their computing devices. Readers can do full-text word searches. Depending on the reading client, readers can annotate and mark-up the book electronically. Readers can cut-and-paste material from the book into their course notes or outlines. Readers who want a hard copy can print it out (if needed, we provide a letter authorizing printing at a copyshop). And unlike some of the DRMed digital companions to dead-trees books, readers can keep the PDF indefinitely.

While we could easily justify a higher price than $10, we’re not exactly philanthropists. Here’s how I see the math: a $150 casebook may have a $110 price wholesale (or less). At 10% royalties to the authors, Rebecca and I would share $11. At the $10 download price, Scribd takes $2.25 a download, leaving us author royalties of $7.75. So discounting the retail price 93% perhaps reduces our royalties by less than 30%. Let’s hear it for disintermediation! Plus, just like any demand curve, the lower price point should lead to higher sales, which may, in fact, make our approach profit-maximizing. (Just so we don’t delude ourselves, we’re not talking big numbers in any case).

With such cheap pricing, we do have a request for readers: if you like the book so much you want to share it with your friends or colleagues, please send them over to the Scribd download page so they can purchase their own copy. You’ll still get kudos from your friends when they realize what a bargain you found for them.

2) Culmination of a Multi-Year Effort. I’ve been contemplating an advertising law casebook since at least 2006, when I had an epiphany about advertising law. I’ll blog more about that epiphany in a future blog post. Looking back through my emails, Rebecca and I first discussed this project in December 2007. Since then, Rebecca and I each have invested hundreds (possibly thousands) of hours on the casebook.

While we’ve deemed the book ready for public release, it’s not “done.” I’d say it’s only about 90% done. Unfortunately, you’re going to notice some of the unfinished 10%, starting with the crap-ass book “cover” I whipped up in about 5 minutes some time around midnight one night last week, and continuing with the countless typos and formatting errors you’ll find throughout the book. We’ll be fixing errors as we find them, so please send us your corrections and suggestions. Because Rebecca and I own the copyright and completely control the publication schedule, we anticipate issuing new versions fairly frequently. No promises, but I anticipate we’ll publish annual editions for at least the next few years.

Furthermore, although the book is already robust, we have a long list of desired improvements. In addition to the ordinary casebook maintenance, we hope future editions will include a better front cover, working hyperlinks, more case studies, a fully enabled eBook version suitable for mobile devices, and much more. We are also working on publishing a print-on-demand version.

3) Building an Advertising Law Academic Community. Before now, there wasn't a law school casebook optimized for a standalone Advertising Law course. As a result, historically the small community of Advertising Law professors each independently built their own teaching materials. We hope this casebook proves useful to that existing community (indeed, some of them have already used beta versions of the casebook over the past couple of years). We also hope that the casebook encourages other professors to start teaching the course for the first time. We think the course is an excellent addition to the law school curricula, and in a later post, I’ll explain the many virtues of teaching an Advertising and Marketing Law course. If you’re currently teaching the course or are interested in doing so, please email me and I’ll send you a complimentary PDF.

We offer a variety of supplemental resources to help new (and existing) instructors ramp up to teach the course, including:

* a rudimentary teaching manual. This is another area we’ll be improving over time
* the Georgetown Intellectual Property Teaching Resources database, a treasure trove of useful digital artifacts and props. Email Rebecca for access to the database, and see her article Sight, Sound and Meaning: Teaching Intellectual Property with Audiovisual Materials
* copies of both Rebecca’s and my PowerPoint slide decks, teaching notes and syllabi

Overall, the casebook is a critical step—but only one step—in a larger and longer-term effort to organize and expand the community of teachers and scholars in Advertising and Marketing Law. Some of the other community-building endeavors we plan to pursue:

* an email list for Advertising Law professors
* an AALS section
* a work-in-progress series or other regular face-to-face opportunities for scholarly and pedagogical exchanges

We look forward to that journey. Thanks for being a part of it.

Posted by Eric at 09:51 AM | Marketing | TrackBack

July 15, 2012

Yet Another Case Says Section 230 Immunizes Newspapers from User Comments--Hadley v. GateHouse Media

By Eric Goldman

Hadley v. GateHouse Media Freeport Holdings, Inc., 2012 WL 2866463 (N.D.Ill. July 10, 2012)

One of the safest bets in Section 230 jurisprudence is that a traditional media publisher won't be liable for user comments to its website. Last year I posted some research on Section 230 cases and message boards, and I showed that traditional media publishers easily won all of the cases I knew about.

This case adds to the canon. In a brief opinion, the court easily finds that the Stephenson County, Illinois Journal-Standard isn't liable for a comment by pseudonymous user "Fuboy" implying that Hadley (apparently a local politician) had committed sex crimes. Hadley half-heartedly argued that because Fuboy's identity was unknown, it could have been a Journal-Standard employee. This argument is a truism, yet it can work with judges who are dislike Section 230 and want some reason to deny the motion to dismiss (see, e.g., Vo v. PissedConsumer and my discussion about this topic). However, this judge was properly unswayed, saying that, at most, the allegation would be "sheer speculation." Without any reason to bypass Section 230, the court grants the 12b6 motion to dismiss.

Related Section 230 cases (all easy defense wins):

* Spreadbury v. Bitterroot Library
* Delle v. Worcester Telegram & Gazette Corp.
* Miles v. Raycom Media
* Collins v. Purdue University

Posted by Eric at 07:12 AM | Derivative Liability | TrackBack

July 13, 2012

Court Dismisses Data Breach Claims Against Countrywide – Holmes v. Countrywide

[Post by Venkat Balasubramani]

Holmes v. Countrywide Financial Corp., et al., 08-CV-00205-R (W.D. Ky.; July 12, 2012)

In August 2008, a Countrywide employee engaged in a scheme to steal confidential customer information from Countrywide. An investigation found that the employee gained access to data from 2.4 million loan customers, and sold this information to unknown third parties for the whopping amount of $70,000. Countrywide sent notification letters to affected customers and offered two years worth of free credit monitoring.

Countrywide was hit with several class action lawsuits as a result of this data breach. The lawsuits were consolidated and eventually settled. Holmes and some members of his proposed class objected to the settlement which the court approved, notwithstanding the objections. Eventually, Holmes and Stiers (and their spouses) filed their own non-class complaint against Countrywide. One of the plaintiffs purchased credit monitoring services. The other expended sums for changing their telephone numbers due to the increased volume of telemarketing calls they received.

Standing: The court says that plaintiffs have standing under Sixth Circuit law (also citing to Krottner v. Starbucks). The credit monitoring and money spent to change the telephone number were sufficient to satisfy injury for Article III standing purposes.

The Merits: Plaintiffs don’t fare so well on the merits.

Risk of future identity theft:

It is an understatement to say that courts are skeptical of litigants’ claims for risk of future identity theft . . . . The animosity toward these types of lawsuits encompasses the most common scenarios where financial information is put at risk: instances where personal information is lost or misplaced through carelessness . . . and instances where criminals penetrate a company’s computer system and steal information.

The court cites to Pinero v. Jackson Hewitt as a prime example of this skepticism and also notes that Kentucky and New Jersey law both preclude recover for speculative or illusory damages.

Credit monitoring:

The court says that credit monitoring expenses are not recoverable as a general rule: “[c]onstruing the reach of state law and the requirements to show a compensable injury, case after case has discarded claims by litigants to collect damages for the electronic monitoring of their financial accounts and credit history.”

The court says that some courts have allowed recover for prophylactic measures by analogy to medical monitoring cases. However, Kentucky law does not allow recovery for risk of future injury, and federal courts construing New Jersey law have expressly rejected recovery for credit monitoring payments. Plaintiffs relied heavily on the Hannaford Brothers case, but the court distinguishes that case on the basis that in Hannaford, fraudulent charges were made to plaintiffs’ accounts, forcing them to pay fees for replacement cards (and other bank fees). In contrast, in this case, there was no allegation of such misuse (a single loan application in one of the plaintiff’s names were rejected) or out of pocket loss to plaintiffs.

Telephone cancellation fees:

The court says it’s unable to find any legal theory under which plaintiffs can recoup their phone cancellation fees. The court cites to a slew of cases holding that an increase in spam or unwanted calls is not compensable injury. In light of this, “[t]he court struggles to grasp how the cancellation of [plaintiffs’] telephone services to avoid the calls would be compensable . . . .”

Time spent monitoring credit:

Finally, the court says that time spent by plaintiffs monitoring credit also cannot form the basis of any legally compensable injury.

Causes of action:

After going through the categories of injury, the court ends up rejecting the causes of action asserted by plaintiffs: (1) unjust enrichment (plaintiffs can’t bring an unjust enrichment claim where there’s a contract and no breach of the agreement); (2) fraud (“the only financial damages [plaintiffs] suffered were self inflicted”); (3) breach of the duty of good faith (no injury); (4) data breach notification statutes (no private cause of action); (5) consumer fraud laws (no loss other than attorneys’ fees); and (6) Fair Credit Reporting Act (no consumer reports were “furnished” by Countrywide).

A fairly predictable result, given the precedent that has been built up over the past five or so years. No out of pocket loss equals no recovery. As I mentioned in my post about Hannaford, I would characterize that case as a “slight” win for the plaintiffs, and the result here bears that out. That case was not of much help to these plaintiffs. The class settlement probably did not provide much by way of monetary relief to the class, but these plaintiffs would have been better off opting in.

Previous posts:

Starbucks Data Breach Plaintiffs Rebuffed by Ninth Circuit -- Krottner v. Starbucks
9th Circuit Affirms Rejection of Data Breach Claims Against Gap -- Ruiz v. Gap
LinkedIn Beats Referrer URL Privacy Class Action on Article III Standing Grounds--Low v. LinkedIn
Third Circuit Says Data Breach Plaintiffs Lack Standing Absent Misuse of Data -- Reilly v. Ceridian
First Circuit Rejects Data Insecurity Claims on the Basis of Article III Standing--Katz v Pershing
New Essay: The Irony of Privacy Class Action Lawsuits
Another Data Loss Case Tossed on Article III Grounds--Whitaker v. Health Net
Reidentification Theory Doesn't Save Privacy Lawsuit--Steinberg v. CVS Caremark
Men's Journal Beats Lawsuit Alleging Violation of California’s “Shine the Light” Privacy Statute -- Boorstein v. Men’s Journal

Posted by Venkat at 04:08 PM | Privacy/Security

July 12, 2012

Having a Facebook or Twitter Account Shouldn't Mean Mandatory California Vacations if You Get Sued (Forbes Cross-Post)

By Eric Goldman

[Given how I feel about blogging on civil procedure topics, it's ironic that my first substantive post to Tertium Quid is about Internet jurisdiction of all things. Still, this was an easy rehash of some recent blog posts that I could synthesize for a broader audience. I promise you that I will not be blogging on civil procedure topics at Tertium Quid very often, and that the rest of July's upcoming posts should be on more interesting topics!

BTW, If you didn't see, after I initially posted it, I did supplement my post on Judge Corley's DFSB ruling with cites to more cases supporting her view that Twitter/Facebook accounts alone don't produce California jurisdiction. See FN1 to that post.]
____________

Two California judges recently disagreed on whether a plaintiff can sue you in California simply because you have a Facebook or Twitter account. Fortunately, the more recent ruling reached the logical conclusion that you shouldn't have to take a mandatory California vacation just because you tweet.

Background

Questions about personal jurisdiction on the Internet—that is, when a court has the right to handle a lawsuit against the defendant—are among the most venerable (and most frequently litigated) issues in Internet law. The earliest such case I know of dates back to 1986, about a decade before the Internet became widely available. The seminal Internet jurisdiction case, Zippo v. Zippo dot com from 1997, has been cited in nearly a thousand other legal opinions.

Despite the volume of legal rulings on the topic, the rules of Internet jurisdiction remain quite unpredictable. It’s often unclear when our online activities expose us to being sued in courts clear across the country.

Social Media and Jurisdiction

That includes the simple act of using a social media account at sites like Facebook or Twitter. Not surprisingly, many social networking websites are headquartered in California (usually the Silicon Valley or San Francisco). You already know (if you read the terms of service…you did that, right?) that any lawsuit involving Facebook and Twitter will have to be in their home court in California, but if someone else sues you in California, will you have to cash in your frequent flier miles to defend yourself there?

That proposition may sound preposterous, but at least one district court has said yes. In December, a federal judge in the Northern District of California upheld personal jurisdiction over an Australian defendant in part because he “uses California companies Facebook, Twitter, and YouTube to promote the websites he operates.” My blog post on that ruling.

Fortunately, recently a different federal judge in the same district reached a different conclusion. My blog post on the case. The judge wisely said:

this Court disagrees that using the Internet accounts of companies based in California is sufficient to support a finding that a defendant expressly aimed his conduct at California. To adopt Plaintiffs' reasoning would render the “expressly aimed” prong of the Calder test essentially meaningless as it has become ubiquitous for businesses—large and small—to maintain Facebook or Twitter accounts for marketing purposes and would subject millions of persons around the globe to personal jurisdiction in California.

A few other cases addressing this issue have reached this latter conclusion as well. Ideally, this means you should be free to continue enjoying Facebook or Twitter without stressing about defending lawsuits in California courts.

Jurisdiction in a Cloud Computing Era

As a practical matter, most Internet users have no idea where the websites we use are physically “located”—and more importantly, we don’t care. So long as we can access the website over the web, the website’s physical location usually is completely immaterial to our enjoyment of the website; and web users rarely choose websites based on where those sites are physically located. In the era of “cloud computing,” any legal rule that depended on the physical location of the websites we use would be illogical. Let’s hope courts keep reaching the right conclusion on that point.

Posted by Eric at 08:37 AM | General , Internet History | TrackBack

July 11, 2012

"Cloud Computing: Is Anything Private?" Talk Notes

By Eric Goldman

Last month, I spoke at Cal State Northridge to a group of academic computer users (i.e., faculty and staff) on the topic of "Cloud Computing: Is Anything Private?" My talk slides. Check out my "fun" with PowerPoint's clip art/photos!

I didn't pick the talk title, but it was a little liberating to step back and discuss the implications of being users of cloud services. As you may recall, I've had my issues with cloud services, such as my fracas with Scribd when it put users' older documents behind a Scribd paywall and vitiated the entire point of using Scribd (i.e., to archive documents for public consumption). I also gave the examples of Kodak Gallery blackmailing photo-hosting users to pay up or their photos go offline (my collection of 200+ photos from my 2008 trip to the Arctic National Wildlife Refuge were the casualty of that one) and when Pandora inadvertently disclosed playlists to the world at large. Furthermore, I called out Twitter as an example of a vendor I trust (although after their anti-user move to cut off LinkedIn's app, I'm not so sure), and I called out Facebook as a vendor that regularly provides textbook examples of what cloud vendors shouldn't do.

Posted by Eric at 04:45 PM | Privacy/Security | TrackBack

July 10, 2012

No Negligence Claim for Infringement via Shared Internet Connection (Preempted by Copyright Act) – Liberty Media v. Tabora

[Post by Venkat Balasubramani]

Liberty Media Holdings, LLC v. Tabora & Whetstone, 12 Civ. 2234 (LAK) (S.D.N.Y.; July 9, 2012)

A question that was floating around in the blogosphere was whether you can be sued for maintaining an open wi-fi connection where a third party engages in file-sharing using your connection. A district court judge in New York answered that question in the negative. (This case involved a shared internet connection, rather than open wi-fi, but this shouldn't change the result.)

Liberty Media sued Whetstone and Tabora, who were roommates. Liberty alleged that Whetstone “regularly pirat[ed] copyrighted content.” Liberty alleged that Tabora “knowingly participated and . . . declined to put a stop to Whetstone’s [alleged infringement,] despite having had the ability to have done so.” Although Liberty asserted claims for direct and contributory infringement against both defendants, it also asserted a claim for negligence aginst Tabora.

The court says that the negligence claim against Tabora is preempted by the Copyright Act:

[t]he right that Liberty seeks to vindicate by its state law negligence claim – the imposition on one who knowingly contributes to a direct infringement by another – already is protected by the Copyright Act under the doctrine of contributory infringement.

I initially read the order as dismissing the claims for direct infringement based on the fact that the pleadings didn't adequately state a claim for direct infringement against Tabora, but Marc Randazza (GC for Liberty Media) pointed out via email that the court dismissed the claims for direct infringement (with leave to amend) due to a discrepancy in the title of the work at issue. Although the court doesn’t squarely address Liberty’s claim for direct infringement against Tabora, it dismisses the complaint against Tabora in its entirety. This can be read to mean that the mere provision of an internet connection isn’t sufficient to satisfy the test for contributory infringement. This makes sense, as standing alone, it would be a pretty expansive theory of infringement to argue that merely making available an internet connection is sufficient to trigger liability for the acts of those using the connection.

See also: this post from EFF (Corynne McSherry) as to why this theory is unlikely to gain much traction and shouldn't even be viewed as debatable. The post also mentions a Section 230 barrier which the court did not need to reach in this case. (EFF also filed an amicus brief in this case, which you can access here.)

[Note: I corrected the last paragraph and added a parenthetical to the first paragraph.]

Posted by Venkat at 02:59 PM | Copyright , Derivative Liability

July 09, 2012

Google Sued Again for AdWords Trademark Infringement--Home Decor Center v. Google

By Eric Goldman

Home Decor Center v. Google, CV12-05706 (C.D. Cal. notice of removal filed July 2, 2012)

After the 4th Circuit's Rosetta Stone v. Google ruling, I wrote:

Just like Google got hit with over a dozen lawsuits in the wake of Google's Second Circuit "loss" in the Rescuecom case, I imagine a bunch of low-merit suits will follow this ruling too.

The floodgates haven't opened yet, but we're seeing more litigation against Google now than we did in the year prior to the Rosetta Stone ruling.

This lawsuit initially was filed in California state court in late May but just showed up on my radar when Google and Home Depot removed it to federal court. As with several other recent keyword lawsuits against Google, the plaintiff's real beef is with its competitor--in this case, Home Depot, who allegedly ran confusing ads promoting "HomeDecorators.com" but referencing "Home Decor Center" in its ad copy.

The complaint allegations aren't very clear (typical), but Exhibit A (especially pages 18-19 of the PDF) does show some oddities. For example, page 19 indicates that a search for "homedecorcentet.com" (note the typo) triggered an ad with a title of "HomeDecorCenter.com" and the remaining ad copy references and links to HomeDecorator.com. Page 18 is harder to read but shows a similar result. Especially given the typo, this type of ad probably isn't the result of some odd algorithmic ad generator, so I'm curious to learn more about how this happened. I believe the plaintiff could have stopped these ad copy references by filing a trademark complaint with Google, so I'm also curious how Google addressed the plaintiff's cease-and-desist (the complaint says nothing changed).

Of course, "Home Decor Center" is a very descriptive trademark. Indeed, just this January, they filed for trademark registration on the supplemental register. So even if all of the plaintiffs' allegations are true, among the many possibilities is that Home Depot and Google concluded that the plaintiff hasn't achieved secondary meaning or that descriptive fair use applies. As I've commented before, the trademark owners with the most marginal trademarks are often the most highly litigious. (See, e.g., one of my poster children for ridiculous trademark lawsuits, 1-800 Contacts).

Are more lawsuits like this in the works for Google? Almost certainly. Will lawsuits like this pose a problem for Google? No. I think both the CYBERsitter and Home Decor Center fit the "low merit" categorization I initially projected. In fact, it wouldn't surprise me if both plaintiffs voluntarily drop Google so they can conserve their resources to fight their real target, their competitor.

Minor personnel note: Gary Bostwick is handling this case for Google instead of Google's typical AdWords defense attorney, Margret Caruso.

Roster of pending AdWords trademark suits against Google:

* Jurin v. Google. [latest post]
* Rosetta Stone v. Google [latest post]
* CYBERsitter v. Google
* Home Decor Center v. Google

Posted by Eric at 01:01 PM | Derivative Liability , Search Engines , Trademark | TrackBack

Court Orders Production of Five Years' Worth of Facebook and MySpace Posts – Thompson v. Autoliv

[Post by Venkat Balasubramani]

Thompson v. Autoliv ASP, Inc., et al., 09-cv-01375-PMP-VCF (D. Nev.; June 20, 2012)

Another discovery dispute over social networking evidence.

Thompson was involved in an automobile accident and suffered serious injuries. She asserted that she suffered a range of injuries and damages, including: ongoing medical treatment, therapy, a lost scholarship, the loss of ability to play the violin, emotional distress, depression, emotional volatility. Among other defendants, she sued the seatbelt and airbag manufacturers.

One of the defendants said it obtained wall posts and photographs from plaintiff’s “public Facebook profile” that depicted things including the following:

(i) Plaintiff's ability to swing on a swing set, dance, and engage in water sports; (ii) Plaintiff's ability to care for children and pets; (iii) Plaintiff's social activities, including consumption of alcohol, bowling with friends, and late night partying; (iv) Plaintiff's sleeping habits; (v) Plaintiff's personal relationships; (vi) Plaintiff's post accident physical recovery; (vii) Plaintiff's employment; (viii) the effect of Plaintiff's medications on her emotional, physical and sexual habits; (ix) offers by Plaintiff to share medications with others; and (x) Plaintiff's enrollment in institutions of higher education.

Defendant sought everything from plaintiff’s Facebook and MySpace account (wall posts, photographs, and messages from April 2007 to the present). In response, plaintiff provided a redacted copy of her Facebook account history and a few photographs. Defendant also sought to require plaintiff to produce her account for in camera inspection.

The court rejects the request for in camera inspection, but it says that based on the photographs and materials defendant already obtained, the requested materials from plaintiff’s Facebook account are clearly relevant. The court also notes that there is no applicable privilege. Nevertheless, the court acknowledges that litigation does not permit “complete and open public display of plaintiff’s life.” The court says that it’s appropriate to balance defendant’s need for the information against plaintiff’s rights under Rule 26 (to be free from annoyance, embarrassment, oppression, or undue burden in discovery).

The court orders plaintiff to disclose (to defense counsel only) all information from her Facebook and MySpace accounts in an electronic storage device along with an “index of redacted social networking site communications." If defense counsel believes that material is relevant and but hadn’t been previously provided, defense counsel should provide a list to plaintiff of such materials. If plaintiff disagrees and thinks those materials should not be discoverable, then the parties shall submit the material to the court for review along with their arguments as to discoverability. Defense counsel shall return the storage device and not disclose or copy the material.

___

Virtually every court to have addressed the issue agrees that something is not off-limits just because it's posted to Facebook and also that a party seeking discovery of social networking information should not be allowed to "rummage around" in the other party's account. Here there was a threshold showing of relevance, interestingly through access of publicly available photos and posts, and the issue in front of the court was a logistical one. Courts have tackled this logistical issue in a variety of ways, ranging from offering to friend the party whose account is at issue to requiring the party to turn over the passwords to opposing counsel. The court's solution in this case seems like a preferable method, although there are two drawbacks: (1) the defense lawyer is not supposed to turn over any information to the client, but lawyers and clients sometimes do not respect these boundaries in practice; and (2) the lawyer may be exposed to information that he or she would not appropriately have access to in discovery which may provide an unfair advantage with respect to categories of embarrassing or private information that may otherwise be off-limits.

I still think some sort of "index" is the best route, where the party whose information is sought produces something similar to a privilege log, and the party seeking discovery can argue why certain entries or photos should be produced.

[NB: I wasn't entirely clear on what the court meant by the "index of redacted social networking communications."]

Added: Bruce Boyden (@ Madisonian) has a post "detailing exactly what’s wrong with an order compelling production of an entire social networking account. . . ." ("The Proper Procedure for Facebook Discovery, Part I"). Also, Molly DiBianca has a post on a different Facebook discovery dispute (Trail v. Lesko): "Access to a Party’s Facebook Account During Discovery."

Previous posts:

"Court Orders Disclosure of Facebook and MySpace Passwords in Personal Injury Case -- McMillen v. Hummingbird Speedway"
"Judge Offers to Facebook 'Friend' Witnesses in Order to Resolve Discovery Dispute -- Barnes v. CUS Nashville"
"Facebook Messages/Wall Posts, Civil Discovery, and the Stored Communications Act -- Crispin v. Audigier"
"Plaintiff Can't be Forced to Accept Defense Counsel's Facebook Friend Request in Personal Injury Case -- Piccolo v. Paterson"
"Court Orders Plaintiff to Turn Over Facebook and MySpace Passwords in Discovery Dispute -- Zimmerman v. Weis Markets, Inc."

Other posts on social media evidence undermining a litigant's position

* Protip: Kegstands and Vertigo Are Inconsistent With Each Other--Johnson v. Ingalls
* Social Media Photos Foil Yet Another Litigant--Clement v. Johnson's Warehouse
* YouTube Video Impeaches Witness' Credibility--Ensign Yacht v. Arrigoni
* Facebook Entries Negate Car Crash Victims' Physical Injury Claims
* Contrary MySpace Evidence Strikes a Litigant Again--HAC, Inc. v. Box
* MySpace Postings Foil Another Litigant--Sedie v. U.S.
* Disturbingly Humorous MySpace Posts Used as Impeaching Evidence in Spousal Abuse Case--Embry v. State
* Latest Example of Social Networking Site Evidence Contradicting In-Court Testimony--People v. Franco

Other coverage:

K&L Gates: Court Orders Production of Five Years of Content from Facebook, MySpace for Opposing Counsel's Review

Posted by Venkat at 10:19 AM | Evidence/Discovery , Privacy/Security

Now Blogging at "Tertium Quid" at Forbes

By Eric Goldman

I've launched a new blog called "Tertium Quid" through the Forbes blogging platform. My introductory post there gives some background and explains the name. I expect to cover a lot of the same topics I currently cover here at this blog, but I will try to do so in a way that's more friendly to Forbes readers, i.e., the topics there will be a little broader (I probably won't do as many case-specific posts), I'll provide more background and context on the issues, the posts probably will be a little shorter, and I'll use less legal jargon and fewer acronyms. (I know some of you hate the acronyms).

What does this mean for you as a reader of this blog? Not much, really. I still plan to do my normal blogging here as I've done for the past 7+ years (I still view this as my blogging "home"), plus Venkat will keep rolling, plus we'll still have the occasional guest posts, plus I am working on more innovations. Furthermore, I will cross-post most (if not all) of my Forbes posts here after the exclusivity period expires; I'll label all of those posts in the title "Forbes Cross-Post" so you'll know the posts originally came from Forbes. As a result, if you're happy with the way things are, you're already at the right place.

Nevertheless, let me suggest two reasons why you might decide to bookmark Tertium Quid or add it to your RSS reader. First, you'll get to see those posts a little earlier than if you wait until they appear here. Second, the Forbes blog platform has commenting functionality, something this blog hasn't had since 2006. I know some of you have desperately wanted an easy way to publicly call me out. Well, here's your chance! Ideally, we'll be able to spur some intelligent value-added conversation over there.

I know many of you are longtime blog readers, and I'll take this opportunity to tell you how much I appreciate that you allocate a piece of your frenetic day to read the blog. Obviously I blog because I love doing it, but knowing that you find the blog useful to you is incredibly gratifying.

Posted by Eric at 08:43 AM | General | TrackBack

July 08, 2012

H1 2012 Quick Links, Part 5 (Consumer Reviews, Content Regulation, Miscellaneous)

By Eric Goldman

[This is the last of the quick links for now. Hope you've enjoyed them!]

Consumer Reviews

* Deeply troubling development: Vacation rental companies are inserting non-disparagement clauses into their contracts to suppress negative online reviews.

* Ascentive, LLC v. Opinion Corp., 2012 WL 1569573 (E.D.N.Y. May 3, 2012). Ascentive voluntarily dismissed its lawsuits against PissedConsumer without prejudice. Prior blog post.

* The FTC busted Spokeo for running an unintentional credit reporting agency and for self-promoting using fake reviews. FTC blog post #1 and #2. NY Times coverage.

* Ruby v. Freedom USA: A business paid money to settle up with a disgruntled customer conditioned on the customer removing his gripes from the Internet. In this motion, the business seeks to force the content takedowns.

* Reddit initially populated its site with content posted by its founders under fake accounts.

* Washington Post: More questions about the integrity of TripAdvisor reviews.

Content Regulation

* State v. Schmitz, 2012 WL 2499948 (Ohio App. Ct. June 29, 2012):

Schmitz argues that his identity fraud conviction is based on insufficient evidence because everyone knew the MySpace page he created actually belonged to him and not Kalb. According to Schmitz, he never intended to hold himself out as Kalb. He only used Kalb's name as his “alter-ego.”… At trial, Schmitz admitted that he created the MySpace page and posted its entries. The MySpace exhibit the State introduced informs the reader on the top of the page that “[S]andy [K]alb has joined MySpace!” Farther down the page, the exhibit reads “sandy b nee elgar kalb's MySpace Blog.” Moreover, every posted message on the page ends with “Posted by sandy b nee elgar kalb,” “Posted by sandy kalb,” or “Posted by Sandy Kalb nee Elgar.” None of the entries identify Schmitz as the author. Although the individuals who testified at trial knew that Kalb was not responsible for the content of the MySpace page, they reached that conclusion because they knew Kalb and were aware of the situation between Kalb and Smith. It would be reasonable for any person reading the page without the benefit of that additional information to assume Kalb authored one or more of the posts on the MySpace page. Viewing the evidence in a light most favorable to the State, a rational trier of fact could have found that the State proved the elements of identity fraud. Schmitz' argument that his identity fraud conviction is based on insufficient evidence lacks merit.

Accord In re Rolando S.

* Summit Bank v. Rogers, 2012 WL 1925535 (Cal. App. Ct. May 29, 2012). Disparaging remarks on Craigslist about a bank are protected by CA’s anti-SLAPP law: “Public forum comment criticizing, or even periodically praising, the performance of public corporations have been found protected by the anti-SLAPP statute.” Along the way, the court invalidates a century-old criminal law against defaming a bank as unconstitutional. The court also indicates that some online venues may be harder to establish defamation:

because Rogers‘s alleged defamatory statements appeared in a section of the Craigslist Web site entitled “Rants and Raves,” the reader of the statements should be predisposed to view them with a certain amount of skepticism, and with an understanding that they will likely present one-sided viewpoints rather than assertions of provable facts.

Accord: DiMeo v. Max and Finkel v. Dauber.

* Cincinnati Enquirer: Sarah Jones has been indicted for having sex with her underage student. Also, WLWT. The indictment.

Jones’ deposition in her lawsuit against TheDirty. Nevetheless, the appellate court rejected TheDirty's interlocutory appeal. Prior blog post.

* ABA Journal: $900k judgment in Internet defamation case.

* Yoder v. University of Louisville, 2012 WL 1078819 (W.D. Ky. March 30, 2012). The First Amendment doesn’t protect a nursing student who violated a promise not to share patient data by posting about a patient to MySpace. Prior blog post. Accord Tatro v. University of Minnesota.

* Simmons v. Danhauer & Associates LLC, 2012 WL 1237795 (4th Cir. April 13, 2012). Affirming the dismissal of a lawsuit over online auction irregularities, but expressly declining to rely on 47 USC 230. Prior blog post.

* Obsidian Finance Group, LLC v. Cox, 2012 WL 1065484 (D. Or. March 27, 2012): "defendant had presented no evidence as to any single one of the characteristics which would tend to establish oneself as a member of the “media.” In addition, the uncontroverted evidence at trial was that after receiving a demand to stop posting what plaintiffs believed to be false and defamatory material on several websites, including allegations that Padrick had committed tax fraud, defendant offered “PR,” “search engine management,” and online reputation repair services to Obsidian Finance, for a price of $2,500 per month. Ex. 33. The suggestion was that defendant offered to repair the very damage she caused for a small but tasteful monthly fee. This feature, along with the absence of other media features, led me to conclude that defendant was not media."

* Mehrban v. Daneshrad, 2012 WL 1493875 (Cal. App. Ct. April 30, 2012): “Mehrban's claims relating to Daneshrad's statements on the internet, on her blog, on radio programs and similar public fora, expressing her views on the merits of collaborative law (and how her own dissolution would have benefited from such an approach), are the primary basis for his complaint. Those statements concern a matter of public interest [for anti-SLAPP purposes].”

* I.P. v. State, 2012 Ark. App. 273, (Ark. App. Ct. April 18, 2012). Student disciplined for making the following Facebook post: “F**k shooting up the school, i'm going in there with f**king SHURIKENS: and f**king KATANAS! And NINJA REFLEXES!”

* Nate Anderson of Ars Technica took a deep look at a child porn sting operation.

* Bradburn v. North Cent. Regional Library Dist., 2012 WL 1200448 (E.D. Wash. April 10, 2012): "NCRL's use of FortiGuard to filter its patrons' Internet access and its decision to not disable the filter upon an adult patron's request complies with the First Amendment."

* American Civil Liberties Union of Illinois v. Alvarez, 2012 WL 1592618 (7th Cir. May 8, 2012). Illinois statute restricting the recording of interactions with police is unconstitutional.

* The ACLU and Shurtleff settled litigation over Utah’s baby-CDA law.

* Sino Clean Energy Inc. v. Little, 2012 WL 1849658 (N.Y. Sup. Ct. May 21, 2012). Jurisdictional ruling in a battle over a pseudonymous Internet blogger (AlfredLittle) who allegedly bashed the plaintiffs’ stock while short-selling the stock.

Miscellaneous

* Newsweek, the Ruthless Overlords of Silicon Valley: "Though Silicon Valley’s newest billionaires may anoint themselves the saints of American capitalism, they’re beginning to resemble something else entirely: robber barons. Behind the hoodies and flip-flops lurk businesspeople as rapacious as the black-suited and top-hatted industrialists of the late-19th century. "

* Flint v Strava complaint: Biker's heirs sue UGC site over user-uploaded bike navigation courses. Doesn't 47 USC 230 preempt this claim?

* Direct Marketing Association v. Huber: Colorado's efforts to require online retailers to report sales to Colorado residents for tax collection purposes violates the dormant commerce clause.

* The Atlantic: A Note to Congress: The United Nations Isn't a Serious Threat to Internet Freedom—But You Are

* Larry Downes: Why CISPA Can’t Be Fixed. Prior blog post.

* Is there a difference in information retention when we read material electronically vs. on paper? As reported by Time, some social science suggests that electronic reading is less effective than reading on paper.

* Museum of Endangered Sounds.

* Profile of Mike Masnick.

* Some personal good news: earlier this year, the university promoted me from associate professor (with tenure) to full professor.

Posted by Eric at 10:12 AM | Content Regulation | TrackBack

July 07, 2012

H1 2012 Quick Links, Part 4 (Search Engines, eBay, Social Networking Sites)

By Eric Goldman

[Note: if you click on any of the Scribd links below and get a warning that you're accessing adult content, ignore that. In only the latest of Scribd's f-ups, it has deployed a massively overinclusive adult content classifier that thinks dry legal briefs in business-to-business disputes are adult content. I agree that they aren't material that kids would find interesting, but the big scary warning for (as just one example) an antitrust brief from the Ohio AG is absolutely ridiculous. I've asked Scribd to manually reclassify the documents as kid-safe, but not surprisingly given Scribd's track record, customer support isn't exactly their strong suit. The good news is that I largely moved away from using Scribd a few months ago, but I do have some backlogged legacy links I'm posting through these quick links.]

Search Engines

* Why I left Google: "The Google I was passionate about was a technology company that empowered its employees to innovate. The Google I left was an advertising company with a single corporate-mandated focus....It turns out that there was one place where the Google innovation machine faltered and that one place mattered a lot: competing with Facebook."

* Gizmodo: The Case Against Google.

* From a complaint: "GOOGLE, as the self-appointed curator of all the World’s knowledge, has usurped the 5th Estate."

* Search Engine Land: Rhode Island is getting a disproportionate share of Google's penalty in the illegal pharmaceuticals ads case. Partially related: WSJ: Did the DOJ apologize to Google for post-settlement statements about the illegal pharma ad situation?

* Facebook is cooking up a new search initiative.

* Perfect 10 v. Yandex NV, 2012 U.S. Dist. LEXIS 80661 (N.D. Cal. June 11, 2012). Perfect 10 gets jurisdictional discovery to see if it can establish personal jurisdiction over Yandex.

* Stebbins v. U.S., 2012 WL 1664155 (Fed. Cl. Ct. May 14, 2012). David Stebbins loses again, this time in his suit against the United States for not honoring his purported arbitration award against Google/Yahoo. Prior blog post.

* Getachew v. 7-Eleven, Inc., 2012 WL 872745 (D. Colo. March 14, 2012) and Getachew v. 7-Eleven, Inc., 2012 WL 872755 (D. Colo. January 30, 2012). One of those employment disputes where Google gets dragged in. Fortunately, Google was dismissed for failure of service of process.

* Trkulja v Yahoo, [2012] VSC 88 (Victoria Sup. Ct. March 15, 2012). Yahoo hit with a $225k (AU) damage award for publishing defamatory search results. Some background. The same outcome wouldn’t happen in the US due to 47 USC 230. See, e.g., Parker v. Google, Maughan v Google, and Murawski v Pataki.

* Australian Competition and Consumer Commission (ACCC) wins appeal against Google.

* WSJ: Facebook, Google to Stand Trial in India. The court order.

* Matt Cutts made a video about search quality raters. Prior blog post.

* SF Gate: Google's search anthropologist.

* Google commissioned papers by Eugene Volokh (search results are protected by the First Amendment) and Marvin Ammori (on remedies for search bias). My latest article on this topic.

* Filings in the myTriggers appeal:

- Amended Brief of Defendant and Counterclaim Plaintiff-Appellant My Triggers
- Reply Brief of Defendent and Counterclaim Plaintiff-Appellant My Triggers
- Brief of Plaintiff and Counterclaim Defendant-Appellee Google
- Amicus Brief of Ohio AG Supporting Defendant and Counterclaim Plaintiff-Appellant My Triggers

Prior blog post.

eBay

* Block v. eBay, Inc., 2012 WL 1601471 (N.D. Cal. May 7, 2012). eBay’s proxy bidding does not violate the eBay user agreement’s declarations that eBay isn’t involved in the transaction and isn’t the bidder’s agent. This has been appealed to the Ninth Circuit.

* Smith v. eBay Corp., 2012 WL 1951971 (N.D. Cal. May 29, 2012). Antitrust lawsuit against eBay for linking eBay and Paypal survives motion to strike.

* Custom LED, LLC v. eBay, Inc., 2012 WL 1909333 (N.D. Cal. May 24, 2012). Lawsuit over eBay’s featured item program survives motion to dismiss.

* Faboozi v. Stubhub, Inc. (ND Cal. Feb. 15, 2012). StubHub wins a case over various challenges to its ticket sales.

Social Networking Sites

* AdAge: How Content Is Really Shared: Close Friends, Not 'Influencers':

Our data show that online sharing, even at viral scale, takes place through many small groups, not via the single status post or tweet of a few influencers. While influential people may be able to reach a wide audience, their impact is short-lived. Content goes viral when it spreads beyond a particular sphere of influence and spreads across the social web via ordinarily people sharing with their friends.

At BuzzFeed, we looked at the 50 stories that had received the most Facebook traffic since mid-2007. A handful of these posts had millions of Facebook referrers, and even the smallest had nearly 100,000 Facebook views. But the median ratio of Facebook views to shares was merely 9-to-1.

This means that for every Facebook share, only nine people visited the story. Even the largest stories on Facebook are the product of lots of intimate sharing -- not one person sharing and hundreds of thousands of people clicking.

The median for Twitter was even lower, at 5-to-1. Reddit, which has traffic concentrated on its popular front page, had a median of only 36.

* Just how big of a threat is Pinterest to Twitter and Facebook? Big! AdWeek, MediaPost and Fortune.

* State v. Hall, 2012 WL 988606 (Ariz. App. Ct. March 22, 2012). A probationer is restricted from using "electronic bulletin board systems." He accesses Facebook and MySpace. The court holds that social networking sites are "electronic bulletin board systems" such that the probationer violated the terms of his probation. The consequence: he goes back to jail for 10 YEARS. Kashmir Hill’s coverage.

* Cohen v. NJ Parole Bd., 2012 WL 1601159 (D.N.J. May 7, 2012). Regarding restrictions imposed on a sexual offender probationer: “the restriction of access to social networking services on the Internet is limited in scope and appears to be geared to the nature of defendant's sex offender conviction. Thus, it does not appear to be unconstitutionally broad or vague, nor is it violative of plaintiff's First Amendment rights. A complete or total ban on any Internet access has not been imposed.”

* Maryland bans employers asking for Facebook passwords. SB433 and HB964.

* Wired took a deep look at Klout. I’m completely unimpressed with Klout. It seems to reward quantity equally with quality, and it is too dependent on recency.

Posted by Eric at 01:07 PM | Content Regulation , E-Commerce , Search Engines | TrackBack

July 06, 2012

H1 2012 Quick Links, Part 3 (Advertising & Privacy)

By Eric Goldman

Advertising

* Gomez-Jimenez v. New York Law School: False advertising lawsuit against NYLS dismissed. Rebecca's coverage.

* Marketing Land: Pew Survey: 68% View Targeted Ads Negatively; 59% Have Noticed Targeting.

Partially related: Search Engine Land: Pew Report: 65% View Personalized Search As Bad; 73% See It As Privacy Invasion.

* Britain’s ASA holds an advertiser liable for user-posted YouTube videos.

Related: Cogent Solutions Group, LLC v. Hyalogic, LLC, 2012 WL 1083513 (E.D. Ky. March 30, 2012): "CSG cannot meet the high threshold of clear and convincing evidence to show that Hyalogic was responsible for posting the YouTube video. Hyalogic contends that the video was posted by an unrelated Malaysian company that was “acting independently” and uploaded the YouTube video to the Internet “without permission.”…CSG argues that Hyalogic's website provides contact information for many international retail partners, including partners located in Malaysia….This listing of “retail partners” referencing companies in Malaysia on Hyalogic's website merely supports a weak inference; it does not prove by clear and convincing evidence that Hyalogic caused the YouTube video to be uploaded to the Internet when the affidavit of Landis directly refutes this assertion. Landis states, “Hyalogic did not cause that video to be posted on YouTube—it was posted, without permission, by [a] user with the screen name “purewhiteclean,” operated by a Malaysian company which sells Hyalogic's products (the company is otherwise unrelated to Hyalogic).”…CSG offers no evidence, other than its own speculation, to show that this company is related to Hyalogic."

* AdAge: Class action lawyers are trolling through NAD proceedings looking for cases.

Related: Technology Review: Why Privacy Is Big Business for Trial Lawyers

* More evidence that search advertising provides substantial incremental lift in organic search referrals. Related from Search Engine Land: "even when advertisers show up in the number one organic search result position, 50% of clicks they get on ads are not replaced by clicks on organic search results when the ads don’t appear."

* Marketing Land: Study suggests clicks on display ads have almost no correlation with conversion.

* AdWeek: SheKnows.com editors caught encouraging staffers to click on ads shown on the website.

* Ascentive settles false advertising lawsuit that it was "scareware" for $9.6M.

* Adscend settles “clickjacking” lawsuit by Facebook. It also settled with the Washington state regulators for $100k, which Adscend claimed was a win for it.

Privacy

* Slaughter v. Aon Consulting, 10C-09-001 (Del. Superior Ct. Jan. 31, 2012). Dismissing a class action over a data breach because of "nationwide credit card theft trends, the potentially catastrophic effect of data breaches, and Chinese hacking methods. While Stump raises reasons for concern, his report never states Aon’s breach caused Plaintiffs’ actual harm, nor does it show there is a probability that harm will occur. No named plaintiff has suffered an actual, demonstrated injury."

The court continues: "In summary, the string of dismissals is unbroken. No court has allowed a similar case to go to trial. The fact that there is a string of cases is troubling. Perhaps, the legislature or the Restatement needs to consider this problem. Meanwhile, the court is unaware of a similar case where a plaintiff has gotten past the dismissal stage."

* U.S. v. Fulford, 2012 WL 750548 (S.D. Ala. March 7, 2012):

What we do know is that the Internet is a medium through which people can and routinely do assume fictitious identities. Some do it to heckle professional athletes or disparage musicians. Others do it to air unpopular political or social views, thus allowing their voices to be heard from behind a comforting veil of anonymity. Still others may fabricate a persona on the Web to promote nefarious objectives, such as trying to conceal unlawful activity or endeavoring to defraud or trick other users into providing confidential information, sending money, or distributing pornographic images. And, of course, law enforcement agents regularly go undercover on the Internet to identify and investigate criminal activity. The point is not whether, normatively speaking, Internet anonymity is inherently good or bad. The point is that it is pervasive. As a practical reality, surfing the Internet is akin to attending a masquerade ball in the land of Oz on Halloween. No one is who they seem to be.

* NYT: Verifying Ages Online Is a Daunting Task, Even for Experts

* Can "anonymous" website commenters be reidentified through linguistic analysis? If so, this could be huge.

* NY Times: Panopticon redux: kids have toned down their Spring Break revelries due to the ubiquity of cellphone cameras.

* To help prop up publisher paywalls, Google puts together an offering that makes consumers' private information the price of admission to paywalled content. AdWeek’s coverage. Wired's coverage.

* In re Facebook Privacy Litigation has been appealed to the 9th Circuit. Prior blog post.

* NY Times: On Facebook, the Semantics of Visibility vs. Privacy

* Valentine v. Wideopen West Finance, LLC, 2012 WL 1021809 (N.D. Ill. March 26, 2012). A deep packet inspection (DPI) case gets sent to arbitration.

* The FTC busts Wyndham for lax security based on language that is found in thousands of privacy policies. The FTC has been busting companies for a number of years for lax security, but I’m still questioning the basic premise of these enforcement actions.

* FCC ruling in Google Street View wi-fi case. NY Times coverage (1, 2).

* SJ Mercury News: Is an FTC investigation of Google's Safari/Google+ mistake coming imminently?

* ZDNet: State AGs affix target to online privacy issues

* MediaPost: the Bose v. Interclick case ends a little mysteriously. Prior blog post.

* IAPP on the F.A.A. v. Cooper ruling.

* The FTC approved its RockYou settlement.

* The average website has 14 third party tracking tags.

Posted by Eric at 02:43 PM | Marketing , Privacy/Security | TrackBack

Confirmatory Opt-Out Text Message Doesn't Violate TCPA – Ibey v. Taco Bell

[Post by Venkat Balasubramani]

Ibey v. Taco Bell Corp., 12 CV 0583 (HVG) (S.D. Cal.; June 18, 2012)

Plaintiff responded to an invitation to complete a survey about Taco Bell and “voluntarily sent a text message . . . to the number 93138.” In response to his text, he received instructions on how to complete the survey. He then changed his mind and sent a “STOP” message. In response to the STOP message, he received a confirmatory text message from Taco Bell acknowledging that he would receive no further messages.

He sued, alleging that the confirmatory message violated the TCPA. Taco Bell moved to dismiss or in the alternative for summary judgment. The court grants the motion to dismiss.

The court says that plaintiff “expressly consented” to contact by Taco Bell, and that

[Taco Bell’s] sending a single, confirmatory text message in response to an opt-out request from Plaintiff, who voluntarily provided his phone number by sending the initial text message, does not appear to demonstrate an invasion of privacy contemplated by Congress in enacting the TCPA.

In order to assert a claim under the TCPA, the plaintiff must also allege that the text was sent using equipment that had the capacity to generate random or sequential numbers. (See Satterfield.) The court says that plaintiff failed to make this allegation. In fact, the court says that if the facts are as they had been pled by plaintiff, Taco Bell would be entitled to summary judgment. Although the court grants plaintiff leave to amend, judging from the tone of the court's order, Ibey would be wise to drop his claims. (Ibey moved to reconsider the court's order, you can access his motion here.)

There has been at least one case going the other way – i.e., holding that even confirmatory opt-out messages can violate the TCPA. (See Ryabyshchuk v. Citibank.) This case is distinguishable from Ryabyshchuk on the basis that consent was not an issue here. Plaintiff admitted that he voluntarily texted Taco Bell in the first place. In any event, it’s nice to see this court come to the conclusion that should be glaringly obvious: a confirmatory opt-out message shouldn’t violate the TCPA or separately form the basis for liability.

This decision notwithstanding, companies should consider avoiding sending a confirmatory opt-out message to avoid the hassle of litigating these types of claims.

Related posts:

Posted by Venkat at 12:16 PM | Content Regulation , E-Commerce , Marketing , Spam

The "I Didn't Understand Facebook's Privacy Settings" Argument Isn't Persuasive to Judges--Sumien v. CareFlite

By Eric Goldman

Sumien v. CareFlite, 2012 WL 2579525 (Tex. App. Ct. July 5, 2012). Appellate court docket.

Sumien and Roberts were CareFlite EMTs. Roberts posted on a third employee's Facebook wall how she wanted to slap a patient. Responding to pushback on that post, Roberts subsequently posted to her Facebook wall (presumably as a status update, although the court doesn't clarify that):

Yes, I DO get upset on some calls when my patient goes off in the house and I have to have a firefighter ride in with me because I fear for MY own safety. I think that is a valid excuse for wanting to use some sort of restraints. Just saying.

To which Sumien replied in a comment (thus readable to at least Roberts' friends):

"Yeah like a boot to the head.... Seriously yeah restraints or actual HELP from PD instead of the norm."

The opinion doesn't clarify exactly who was Facebook friends with each other, but at minimum Roberts and Haynes were friends, and Haynes was the sister of Calvert, CareFlite's compliance officer. The court says Haynes complained about the post. Haynes read Sumien's comment on Roberts' Facebook wall and then delivered Sumien's contents to Calvert. If Calvert and Roberts were friends (or if Roberts' wall was open to the public), Calvert also could have checked out Sumien's comments directly.

CareFlite subsequently fired both Roberts and Sumien. While Roberts' patient-slapping reference may have been troubling (it wasn't quoted in the court opinion), I don't see anything obviously problematic in Sumien's comment. The grammar makes it clear that the "boot to the head" reference was a joke (maybe not that funny, but I can see how it tried) and complaining about the workplace conditions seems like the kind of thing that the NLRB is hyper-sensitive about. I have to imagine there's a backstory to the employer's issues with Sumien. Otherwise, if this is the worst Sumien did, the employer apparently overreacted.

Sumien sued CareFlite for wrongful termination and privacy invasions. The lower court dismissed all of the claims. This ruling only addresses Sumien's appeal of his intrusion into seclusion claim (which appears to be the only issue Sumien appealed...?). The court efficiently rejected all of Sumien's arguments.

Sumien tried two arguments (his privacy interest in discussing patient issues outweighs public interest in disclosure; he can't be fired for discussing workplace issues online) that the court says are irrelevant to the intrusion into seclusion claim. Then, Sumien tries a last-ditch "I'm clueless about Facebook" argument:

Sumien contends that CareFlite intruded upon his seclusion because he did not realize that Roberts’s Facebook “friends” could view the comment that he posted on Roberts’s “wall.”

The court doesn't care, saying Sumien

did not present any evidence to show that his misunderstanding meant that CareFlite intentionally intruded upon his seclusion

Intrusion into seclusion claims are often weak, and it was a poor fit for this situation. The ruling reminded me a little of the court's rejection of Moreno's privacy claim in Moreno v. Hanford Sentinel, where Moreno posted a screed to her low-visibility MySpace page that had unrestricted public access, to which the court said that she had no privacy interest in that effectively public venue.

There are several lessons to reiterate here:

1) Not all communication platforms are equally appropriate for every discussion. If you don't understand how the communication platform works, don't use it for anything you don't want the world to know! Instead, stick to DMs or email, and recognize that even then "private" messages have a knack of leaking out to the wrong people.

2) In particular, commenting on someone else's Facebook status report is not a private communication to that person. That should be obvious to even casual Facebook users, but apparently Sumien didn't get it.

3) People in the healthcare industry (broadly conceived) should be especially careful about discussing patient-related matters in any online venue. We've seen problems with online discussions by people in the healthcare industry literally from cradle (Yoder, Byrnes) to grave (Tatro).

* Accessing an Employee's Facebook Posts by "Shoulder Surfing" a Coworker's Page States Privacy Claim -- Ehling v. Monmouth Ocean Hosp.
* Facebook "Likes" Aren't Speech Protected By the First Amendment–Bland v. Roberts
* Facebook Posts Complaining About Supervisor Conduct do Not Support Retaliation Claim – DeBord v. Mercy Health System
* Employee Wins Harassment Claim Based in Part on Co-Workers' Offsite Blog Posts
* Overreactive Guidance for Social Networking Du Jour -- NLRB Edition
* Private Employers and Employee Facebook Gaffes [Revisited] and the prior post Do Employers Really Tread a Minefield When Firing Employees for Facebook Gaffes?
* School District Didn't Violate First Amendment for Reassigning Teacher Who Blogged--Richerson v. Beckon
* Employee Blogging Risks

Posted by Eric at 11:03 AM | Content Regulation , Privacy/Security , Publicity/Privacy Rights | TrackBack

July 05, 2012

Men's Journal Beats Lawsuit Alleging Violation of California’s “Shine the Light” Privacy Statute -- Boorstein v. Men’s Journal

[Post by Venkat Balasubramani with comments from Eric]

Boorstein v. Men’s Journal LLC, 12-771 DSF (Ex) (C.D. Cal.; June 14, 2012)

California’s Shine the Light (STL) statute is a little unusual in that it mandates that businesses make specific disclosures about their privacy practices. For the most part, when it comes to telling consumers what you will do with consumer information and restrictions on how you will use such information, your own privacy policy and the FTC Act are the main regulations that companies need to worry about. The STL law is designed to inform users as to how their information is being used for direct marketing purposes. It doesn’t necessarily impose any substantive restrictions on the use of such information, but it requires websites to disclose (at the consumer’s request) how their information is being used. To this end, businesses are supposed to designate contact information where consumers can request how their information is being distributed. Alternatively, the business can comply with the statute by allowing consumers to opt-in or opt-out of distribution of their information. It’s an interesting attempt by the California legislature to give consumers more control and choice, but as this case illustrates, things didn’t really work out that way.

Boorstein sued (on behalf of a putative class) alleging that Men’s Journal did not comply with the statute because it failed to provide consumers with the appropriate contact information to enable consumers to make requests under the STL statute. Boorstein did not allege that he took any steps to find out this information (or otherwise find out about Men's Journal's information sharing practices) by contacting Men’s Journal. Boorstein simply alleged that Men's Journal's failure to designate contact information alone was sufficient to allege a violation of the statute.

The court says no go.

No standing as a result of loss of economic value to Boorstein’s information: First, the court says that Boorstein did not suffer economic injury that was caused by a violation of the statute. It’s questionable in the first place whether Boorsteein’s information has economic value in Boorstein’s hands. (See, e.g., Del Vecchio v. Amazon, among other cases.) In any event, the court says the statute does not actually prohibit the exploitation of consumer information for marketing purposes. Additionally, the statute is backward looking, and only requires businesses to disclose their use of consumer information for the “immediately preceding calendar year.” End result: even to the extent plaintiff's personal information is property that can be appropriated by Men's Journal, any harm Boorstein suffered isn't caused by the alleged statutory violation.

Failure to provide contact information is not an “injury” under the STL law: The court also says that Men’s Journal’s failure to display the contact information alone does not state a claim under the STL law. The law requires some sort of “injury” flowing from a violation, and as mentioned above, the court says there’s no injury to the value of Boorstein's personal information that results from the alleged statutory violation. Case law only recognizes “information injury” (failure to provide required information) where the information is requested but not provided. Boorstein’s failure to allege that he requested the contact information from Men's Journal undermines his claim. The court also says that Boorstein’s injury is “procedural,” rather than “informational.”

Boorstein’s argument based on the Men’s Journal subscription fee fails: Boorstein also made the typical consumer protection argument that the price of the Men’s Journal subscription included the value of the designated contact information for STL law purposes, and Men’s Journal’s failure to provide this information means that he has been cheated out of his bargain. [Say what?] The court says that Boorstein’s allegation that Men’s Journal impliedly represented that it would "abide by all applicable laws" doesn’t mean that Men’s Journal agreed to provide contact information as part of the subscription price--or, more importantly, that Boorstein would not have subscribed had he known the contact information would not be forthcoming. The court also says that Boorstein cannot make out a UCL claim because he has not lost “money or property” as a result of Men’s Journal’s violations of the statute. As already mentioned, he would have subscribed anyway, so Boorstein can’t use the subscription price as part of his “money or other property” argument. Similarly, he also can’t use the value of his personal information in order to support his UCL claim.

A few observations:

1. The "personal information as property" meme is not gaining much traction. In fact, apart from an initial decision or two that recognized this as a possible theory (for standing purposes), courts have pretty resoundingly rejected it. (Del Vecchio v. Amazon and In re iPhone App Litigation are two recent examples.) Perhaps a blockbuster appellate ruling will come along to rescue privacy plaintiffs. Until then, the trial courts are not buying this argument at all.

2. The "privacy as part of the purchase price" argument is also something that plaintiffs often raise, but courts don’t like this either. It’s worth noting that in this case, even the plaintiff’s own allegations (as the court described them) didn’t expressly say that he would not have bought the magazine subscription had he known he would not have been provided contact information. There's an obvious reason for this.

3. The court doesn’t get into Article III standing here, and instead relies on lack of statutory standing. To me, the two standing concepts all run together into a big quagmire, but when dealing with a state law in federal court, it seems preferable to rely on statutory standing as a bar. (First American v. Edwards, the then-pending Supreme Court case in which Facebook and other companies weighed in on as amici, involved standing under a federal statute. But in an anticlimactic move, the Supreme Court dismissed the case without ruling on it. I didn't think a ruling in First American's favor in this case would have dramatically changed the landscape, but the lack of a decision from the Supreme Court moots this issue for now.)

4. Obviously, this ruling puts a slight crimp in the legislature’s vision of using STL to give consumers additional control over how their information is used. The court's ruling doesn’t leave consumers in a great position. Even if Boorstein had requested the information and it wasn’t provided, would he be able to obtain damages under the statute? STL provides for statutory penalties, but the tone of the ruling is that Boorstein hadn’t been damaged anyway (or damaged in a way that was tied to the statutory violation), so it’s possible that the court would have come out the same way even if Boorstein had made the necessary request.
____

Eric's Comments:

California's "Shine the Light" statute is a textbook example of a miscalibrated privacy statute (which I would argue describes almost all privacy statutes). It starts from a simple premise--consumers just want to know if a business is selling their personal information to marketers--and, to effectuate this premise, imposes substantial compliance costs and obligations on businesses (mostly just creating traps for the unwary) without any clear countervailing benefit for consumers or society at large. Not only do I question the basic premise that consumers "just want to know" about sales of their private info to marketers (see my Coasean Analysis of Marketing article), but as this and related cases illustrate, the private cause of action means that the statute almost certainly will be enforced by privacy class action lawyers who are more interested in their own quick profits than in advancing consumer welfare (see my Irony of Privacy Class Action Litigation article). There are a number of good cautionary lessons that legislators, and the privacy advocates who egg them on, could learn from this statute and this ruling, but I'm skeptical either legislators or privacy advocates will take the time to reflect on those lessons.
____

Venkat's follow-up comment:

I mildly dissent from Eric's position questioning "the basic premise that consumers 'just want to know' about sales of their private info to marketers." I may be idiosyncratic and in the minority in this regard, but particularly when it comes to magazine subscriptions I would love to know where my information ends up. (My instinct is that a big chunk of my junk mail is a result of the three or four magazine subscriptions I have in place.) I'm not sure I would change my purchasing decisions dramatically, but knowing this bit of information may tip the balance a bit or cause me to try to pressure the companies into not making my information available to third parties for direct marketing purposes. [On a loosely related note, those who are trying to get rid of junk mail may want to check out PaperKarma, an app that lets you take photos of and upload junk mail and then sends an unsubscribe request on your behalf.]

Other coverage:

First Reported Shine the Light Suit Dismissed for Failure to State Cognizable Injury
'Shine The Light' Lawsuit Against 'Men's Journal' Dismissed
Federal Judge Dismisses Shine-the-Light Suit

Posted by Venkat at 12:10 PM | E-Commerce , Marketing , Privacy/Security , Spam

By Eric Goldman

* The scandal continues: Techdirt reports the Dajaz1 seizure was held up for months because the government was waiting for the RIAA to provide supporting evidence that never materialized. Wait, ICE seized an asset (that is used for free expression) based on unverified assertions…and then held onto it for A YEAR? Techdirt then reports: RIAA Tries To Downplay Its Role In The Feds' Unjustifiable Censorship Of Dajaz1. I cannot believe that no one has lost their job over this scandal yet. Shame on the Obama administration.

* Techdirt: Feds Tie Themselves In Legal Knots Arguing For Domain Forfeiture In Rojadirecta Case.

* The Supreme Court granted certiorari in Kirtsaeng v. John Wiley & Sons, Inc. Prior blog post.

Related: an appropriate denouement to Costco v. Omega: the court awards Costco nearly $400,000 in legal fees under the Copyright Act’s fee shifting provision. Prior blog post.

* Authors Guild v. Google, Inc., 2012 WL 1951790 (S.D.N.Y. May 31, 2012). Class certified in Google Book Search case. James Grimmelmann’s coverage.

* Brownmark Films v. Comedy Partners (7th Cir. June 7, 2012). Fair use parody supported early dismissal of copyright infringement claim. A case that never should have been brought.

* The Ninth Circuit asked for additional briefs in the UMG v. Shelter Capital case in light of Viacom v. YouTube. The parties’ briefs.

* The jury foreman’s remarks about Oracle v. Google (hint: it wasn’t a close call). Prior blog post.

* Is the long-running Perfect 10 v. Google case finally over? Prior blog post.

* Coverage of Cambridge University Press v. Becker (the Georgia State coursepack case) from James Grimmelmann and Inside Higher Ed.

* Graham v. Sotheby’s: California's resale royalties law violates the dormant commerce clause. This case has been appealed to the Ninth Circuit.

* Some pro se appeals: Ouellette to the Ninth Circuit (prior blog post) and Obodai to the Second Circuit (prior blog post). I suspect we’ll see not-for-publication memorandum opinions dismissing the appeals in both cases.

* Graduated Response coming into effect in July (but did it actually start July 1?). Prior blog post.

Relatedly, the Center for Copyright Information has launched its website. It probably would be more accurate to call it “The Center for Biased Copyright Maximalist Information.” Gigi Sohn explains why she joined the board. The EFF says we should "press reset" on the whole project. News.com coverage.

* Rebecca on the Big Brother/Glass Houses “reality” TV copyright lawsuit, CBS Broadcasting, Inc. v. American Broadcasting Companies, Inc., 2:12-cv-04073-GAF-JEM (C.D. Cal. June 21, 2012).

* Righthaven v. Democratic Underground:

1. That Counterclaimants Democratic Underground and David Allen have committed no volitional act giving rise to a claim for direct copyright infringement. Counterclaimants neither posted the excerpt nor encouraged the posting. Nor did they have any knowledge of the posting until after this suit was filed. See Religious Tech. Ctr. v. Netcom On-line Commnc’n Servs., 907F. Supp. 1361 (N.D. Cal. 1995) (direct copyright infringement requires “some element of volition or causation which is lacking where a defendant’s system is merely used to create a copy by a third party”); see also CoStar Group, Inc. v. LoopNet, Inc., 373 F.3d 544 (4th Cir. 2004) and Cartoon Network LP v. CSC Holdings, Inc, 536 F.3d 121 (2d Cir. 2008).

2. That the act of posting this five-sentence excerpt of a fifty sentence news article on a political discussion forum is a fair use pursuant to 17 U.S.C. § 107, and that the fair use doctrine provides a complete defense to the claim of copyright infringement from which this suit arose. Judgment on the Counterclaim is accordingly entered in favor of Democratic Underground and against Counter Defendant Stephens Media, LLC.

For this case, Managing IP recognized Fenwick & West and Electronic Frontier Foundation for the US Copyright Case of the Year. The judge also awarded another $131k fee shift against Righthaven

* More Righthaven:

- a judge transferred all of Righthaven's copyright interests to a receiver for auction
- two more Righthaven appeals dismissed.
- Righthaven v. Allec. Righthaven's copyright assignment agreement with Stevo Designs also failed to give Righthaven standing to sue.
- Steve Gibson of Righthaven threw outside counsel Mangano under the bus and claimed he can't act as Righthaven's lawyer in court (even though Gibson has made appearances as a lawyer for Righthaven before). Let the mocking of Gibson continue. It would be shocking if all of the Righthaven-associated attorneys emerge with their licenses unscathed.

* Stevo Design v SBR Marketing. Costa Rica website didn't infringe copyrights in US when plaintiff doesn't identify a single US user. Compare the DFSB litigation.

* Bell v Steele. (No 3) [2012] FCA 246 (16 March 2012). A successful threats action over a copyright demand letter in Australia.

* Maximized Living, Inc. v. Google, Inc., 2012 WL 1439034 (N.D. Cal. March 30, 2012). Defeating a 17 USC 512(h) subpoena doesn’t warrant a 17 USC 505 fee shift. The judge adopted the magistrate report, 2012 WL 1438988 (N.D. Cal. April 25, 2012). Prior blog post.

* MP3Tunes files for bankruptcy. CNET News.com. Techdirt. NY Times. Prior blog post.

* James Grimmelmann recaps Teller's copyright lawsuit over a magic illusion.

* LA Times on “mockbusters”—quickly and cheaply produced knockoff movies that “draft” off Hollywood blockbusters.

* NYT on rampant copying of gameplay among apps.

* If you buy a DVD that includes a code to download the movie, can the download code be sold separately? eBay says no. I don’t see how the First Sale doctrine helps buyers here. But then again, I don’t think copyright law lets people resell “used” CDs/DVDs if they’ve ripped the files to their computers.

* Raw Films, Ltd. v. John Does 1-15, 2012 WL 1019067 (E.D. Pa. March 26, 2012). Participating in a BitTorrent swarm means the lawsuit "arise out of the same series of transactions or occurrences and because common questions of law or fact seem to be raised with respect to all Doe defendants by virtue of the use of BitTorrent to transmit the same copy of the plaintiff's Work."

* Ars Technica: A debrief of Paramount executive Alfred Perry's law school speaking tour about online copyright.

* Overlaps between MPAA and the US government.

* NYT: Documentary Filmmaker Wins Against I.R.S., Which Saw Her as a Hobbyist. See Storey v. C.I.R., T.C. Memo. 2012-115 (U.S. Tax Ct. April 19, 2012).

* After creating a key online copyright precedent in their litigation against each other, CoStar and LoopNet are merging.

Posted by Eric at 10:22 AM | Copyright , Derivative Liability | TrackBack

July 04, 2012

Judge Koh Whittles Down iPhone App Privacy Lawsuit – In re iPhone Application Litig.

[Post by Venkat Balasubramani]

In re iPhone Application Litig., 11-MD-02250-LHK (N.D. Cal.; June 12, 2012)

Plaintiffs brought a putative class action against Apple and several “mobile industry defendants.” The basic allegations are that apps available for free in the app store improperly allowed for the disclosure of personal information to the mobile industry defendants, who have acquired personal details (addresses, current whereabouts, unique device identifier, gender, age, zip code, and time zone) from plaintiffs and tracked them. Judge Koh granted the bulk of defendants’ motion to dismiss with prejudice in open court and recently issued a written order setting forth the court’s reasons. It’s a thorough order that digs in to privacy claims under federal statutes, and well worth reading in its entirety. (Kudos to Judge Koh. She consistently cranks out some must-read orders in this corner of the blogosphere.)

Standing: Citing to the Ninth Circuit’s opinion in Edwards v. First American Corp., among other cases, the court says that plaintiffs’ allegations that defendants violated the Wiretap Act and Stored Communications Act in accessing plaintiffs’ own personal information is sufficient to confer standing. (See this post from Wendy Davis that talks about ongoing litigation involving Video Privacy Protection Act claims against Hulu and discusses the issue of how the Supreme Court's ruling in the Edwards case can affect other privacy cases. Between the time Judge Koh issued her order and I finished up this blog post, the Supreme Court dismissed Edwards without a ruling, leaving intact the Ninth Circuit's opinion.)

Stored Communications Act: The SCA requires plaintiff to show that defendants accessed “a facility through which an electronic communications service” is provided without authorization and accesses wire or electronic communications that are “in storage”.

Judge Koh says: (1) plaintiffs' iPhones are not “facilities through which electronic communications services” are provided; (2) the data in question is not in “storage” that is either incidental to transmission or for backup purposes; and (3) the exception allowing access by service providers applies to the mobile industry defendants (but not to Apple). The most interesting of these conclusions is the first one, and this conclusion is contrary to several cases that have gone the other way (that this court says “provide little analysis on this point of law”). Citing to Crowley v. Cybersource, the court says that treating computers or devices of end users (as opposed to service providers) as facilities would render other parts of the statute illogical.

Wiretap Act: Plaintiffs’ Wiretap Act claims require them to show that defendants intercepted “the content” of wire, oral, or electronic communications. The court agrees with Apple that the identities of parties to a communication and “other call data” is not “content” under the Wiretap Act. Plaintiffs cited to In re Pharmatrak for the proposition that the “contents” of a communication includes any personally identifiable information, but the court disagrees, noting that Pharmatrak relied on a Supreme Court case from the 70s that discussed an earlier version of the Wiretap Act. The statute was since amended to specifically take out “information concerning the identity of the parties” to a communication. [Apple also argued that it shouldn’t be held liable for any interception because it was an intended recipient of the information, but the court rejects this argument.]

Computer Fraud and Abuse Act: The court says there are two problems with plaintiffs’ claims under the Computer Fraud and Abuse Act. First, plaintiffs voluntarily downloaded the apps and thus would have “serious difficulty pleading a CFAA violation.” Additionally, the court says that plaintiffs will not be able to satisfy the $5,000 damage threshold necessary to assert a CFAA claim. The argument that the use of personal information benefited the mobile industry defendants and generated a benefit of over $5,000 to them does not fly with the court (citing In re Zynga and Del Vecchio v. Amazon). Second, the court also finds plaintiffs’ argument that creation of the location history files consumed the devices’ memory and shortened battery life to not be “plausible.” Damage means there has to be some notable impairment of performance, and the court says plaintiffs cannot demonstrate that here.

California Constitution: The California Constitution protects against privacy intrusions by both public and private actors. In order to be actionable, the defendant’s intrusion must be sufficiently serious in nature to constitute “an egregious breach of the social norms underlying the privacy right.” The court says plaintiffs’ allegations fall short on this score.

Other State Law Claims: Plaintiffs asserted a slew of other state law claims, the bulk of which fell by the wayside. These included conversion (personal data is not the type of property that can be converted); trespass (citing Intel v. Hamidi); negligence (as to negligence claims against Apple, hello, Section 230). The court did allow two state law claims to go forward: (1) Consumer Legal Remedies Act claims and (2) claims under California unfair competition statute.

Judge Koh's ruling is extremely thorough and holds the plaintiffs' claims up to some harsh scrutiny. It's not difficult to see that it will be widely cited in privacy cases. Two things that are most significant about this ruling (other than the fact that it thoroughly neuters a class action that at first glance seems like it would get over the motion to dismiss hurdle):

First, the court's ruling that plaintiffs' devices are not facilities under the Stored Communications Act will be relevant in a variety of scenarios. I recently blogged about claims brought against an employer for "shoulder surfing" an employee-co-worker's Facebook page, and a Stored Communications Act claim under this scenario doesn't look so promising in light of Judge Koh's ruling. (See “Accessing an Employee's Facebook Posts by "Shoulder Surfing" a Coworker's Page States Privacy Claim.”) It's worth noting that in the Computer Fraud and Abuse Act scenario, mobile phones have been found to constitute protected computers.

Second, the court also affirms that privacy plaintiffs will not be able to satisfy the jurisdictional threshold by asserting that they suffered $5,000 worth of loss to their personal information. The court's position that while personal information may be property in the metaphysical sense, this does not translate into loss for CFAA purposes, is part of a growing body of cases that have rejected attempts by privacy plaintiffs to rely on defendants' exploitation of personal information for the proposition that this information has economic value.

It's interesting that after blasting the federal claims, the court allows the UCL claims to proceed. Plaintiffs' allegations were pretty slim here and if this is all that is necessary, plaintiffs will be able to overcome a motion to dismiss every time.

Finally, I remain curious about the applicability of Section 230 in this scenario and why Apple doesn't push this issue. (I'm sure they have some reason for doing so; maybe Barnes v. Yahoo is an easy workaround for plaintiffs.)

Related posts:

Posted by Venkat at 02:44 PM | E-Commerce , Privacy/Security , Trespass to Chattels

H1 2012 Quick Links, Part 1 (Trademarks/Domain Names, Patents, Trade Secrets, IP)

By Eric Goldman

[Eric's note: I had an incredibly busy travel schedule since late March. My destinations included Akron, NYC, Seattle, Concord (NH), Boston, Chicago, Vancouver, the California Channel Islands (a blog post is coming later this week about that trip on my Goldman's Observations blog), San Diego, Houston, Belgium (a blog post is coming about that trip too, eventually), Lansing (MI), Healdsburg (CA), Napa, Berkeley and Northridge. It's been great for my frequent flier miles and lousy for my ability to maintain my "quick links," which ballooned to hundreds of items over the past 4 months. As a result, I'm going to be posting the backlog over the next few days and then reassessing how I approach blogging these second-tier items to develop a more sustainable system. As always, thanks for reading.]

Trademarks/Domain Names

* Another trademark case turns on relative search engine placement: Hasbro, Inc. v. Asus Computer International, Inc., CV 11-10437 PSG (C.D. Cal. March 23, 2012):

Hasbro points to the fact that a Google search for “optimus prime tablet” picks up Asus’s “Transformer Prime” tablet, a search for “Transformer prime” causes Amazon to search its own site for “Asus transformer prime,” and that a search for “transformers prime” returns “several Asus hits and Transformers Prime hits.”…According to Hasbro, this “overlap in search results is bound to cause confusion.”…The Court disagrees. First, for the most part, the Google search for “Transformer Prime” returns results related to Asus’s products, while the results generated by the “Transformers Prime” search relate to Hasbro’s animated series…. Second, although the “Transformers Prime” Google search results offered by Hasbro show hits relating to the Transformers Prime animated series and the Eee Pad Transformer Prime tablet, Hasbro makes no argument that these products are related…. Furthermore, any concern that a consumer using Hasbro’s mark to search for Hasbro’s product might be confused by a results page that shows both Hasbro’s and Asus’s product is ameliorated when the sources of the respective products are clearly identified…. The nature of Asus’s product also supports this finding, as buyers of high-end computer products are even less likely to be flummoxed by search engine results than the general population.

* John Crane Production Solutions, Inc. v. R2R and D, LLC, 2012 WL 951723 (N.D. Tex. March 21, 2012): "even a sophisticated purchaser can be subject to initial interest confusion...The court finds that the purchasers of fiberglass sucker rods exercise a high degree of care and sophistication in making their purchases. This factor weighs heavily in favor of a finding of no likelihood of confusion." Another example of IIC’s irrelevancy to a case's ultimate outcome.

* Fancaster, Inc. v. Comcast Corp., 2012 WL 815124 (D.N.J. March 9, 2012). Abandoning a trademark doesn’t divest the trademark owner of ACPA standing for past statutory damages. Prior blog post.

* Two Plus Two Pub., LLC v. Boyd, 2012 WL 724678 (D. Nev. March 1, 2012). The domain name twoplustwopoker.com constituted an ACPA violation of plaintiff's "Two Plus Two" trademark in publishing poker-related materials. Prior blog post.

* Ron Paul drops unmasking effort. Prior blog post.

* Bogoni v Gomez, 2011 WL 6957599 (S.D.N.Y. Dec. 28, 2011) and Bogoni v. Gomez, 2012 WL 745548 (S.D.N.Y. Jan. 6, 2012). Man wins cybersquatting claim against a “friend” who registered his name as a domain name and then tried to sell it back to him. NY Times coverage.

* John Ottaviani reports on a lawsuits against JC Penney for buying keyword ads triggered by brand name of goods it didn’t sell.

* Update on the Lens.com v. 1-800 Contacts antitrust lawsuit. Prior blog post.

* Spanish keyword advertising ruling goes against the defendant.

* Facebook is now claiming trademark rights in "Face" and "Book" in its Statement of Rights and Responsibilities (SRR).

* Facebook’s lawsuit against Faceporn dismissed for lack of jurisdiction. Prior blog post.

* NY Times: Nutsonline.com switched to Nuts.com at a very high price, yet traffic and sales plummet for months.

* Gibson v. Bordelon, 2011 WL 7763787 (N.D. Tex. October 31, 2011). A para-trademark case. A Texas statute prevents usage of a combination of the word “Texas” in conjunction with the words “Workers' Compensation” or “Workers' Comp.” This may prevent a lawyer from running a website/blog at the domain name “texasworkerscomplaw.com.”

Patents

* Washington Post: “In the smartphone market alone, $15-20 billion has already been spent by technology companies on building defenses, says Stanford Law School professor Mark Lemley…. Lemley estimates that more than $500 million has been squandered on legal fees.”

* Twitter's Innovator's Patent Agreement. WSJ coverage. An interesting idea. I see this as much more about recruiting new engineers than about reforming the entire patent ecosystem. As such, it’s a potentially very effective differentiator, even if Twitter never actually files for patents under the scheme.

Note the alternative: Twitter could simply not file for the patents at all. The fact that Twitter will still seek patents, while voluntarily defanging them, is a damning indictment of the patent system. Twitter clearly doesn't want the patents to restrict competitive imitation, but it's still spending tens of thousands of dollars per patent on the hope that the patents might help it achieve freedom to operate. This phenomenon is one of the reasons we're holding our "Solutions to the Software Patent Problem" conference at SCU in Fall (registration now open!).

* Wired takes a look at how the Nortel patents have been deployed for trolling.

* Brad Burnham: The Freedom to Innovate

* Patent “troll” is going after city bus systems. Who pays for this? Taxpayers.

* TechCrunch: Facebook countersues Yahoo for patent infringement using a patent by an employee now at Yahoo.

* Inside Higher Ed: Universities don’t want to talk about their relationships with Intellectual Ventures.

* Hollywood Reporter: U.S. Patent Examiner Cites Borat's Famous Swimsuit in Rejecting Claimed Invention

Intellectual Property and Trade Secrets

* Bill Gallagher, Trademark and Copyright Enforcement in the Shadow of IP Law. An interesting ethnographic study of how IP lawyers ply their craft.

* Everything you need to know about the Trans-Pacific Partnership (TPP) and IP

* From the USPTO: Intellectual Property and the U.S. Economy: Industries in Focus

* From the White House: IPEC 2011 Annual Report on Intellectual Property Enforcement

* Trade Secret Litigator: Non-compete restricting on-air radio personalities from working at other nearby radio stations doesn’t restrict them from broadcasting via Internet radio.

* WSJ: Litigation battles over the Pepsi cola formula.

Posted by Eric at 10:03 AM | Patents , Trade Secrets , Trademark | TrackBack

July 02, 2012

Angie's List's Telephone and Fax Information Services May Be Immunized by Section 230--Courtney v. Vereb

By Eric Goldman

Courtney v. Vereb, 2012 WL 2405313 (E.D. La. June 25, 2012)

Courtney and Vereb are both psychiatric professionals. Vereb posted allegedly defamatory comments about Courtney to Angie's List in 2009. Courtney says he discovered the comments in December 2011 and contacted Angie's List, who told him that he should reply in the comments. In February 2012, Angie's List changed course and removed the comments for violating its policy that competitors can't opine about each other. Courtney then sued Vereb and Angie's List.

The court easily grants Angie's List's motion to dismiss based on Section 230. Although it's not a surprise, I believe this is the first time Angie's List has qualified for Section 230 immunity. (Admittedly, I don't fully understand what happened in Sieber v. Brownstone Publishing).

To get around Section 230, the plaintiff tried two arguments. First, he argued that Angie's List also distributed consumer reviews via phone and fax. The court rejects the argument:

This argument is creative, but unsupported by the case law; Plaintiff did not provide, and the Court has been unable to locate, cases in which a website which offers users the option of receiving hard copies of online information via telephone or fax was deemed to be “not merely just an ‘interactive computer service.’ “...The Court finds that excluding websites which offer this type of additional service from the protection of the CDA would be contrary to the policy behind the statute, which was “to promote the continued development of the internet” by allowing it to expand “unfettered by federal or state regulation.”

Wait, a memory game about Section 230 precedent? CHALLENGE ACCEPTED!

I also couldn't find any Section 230 cases regarding the distribution of content via fax or telephone (I'm not sure how the latter is done--by doing text-to-speech or by having an employee read the review?). However, I can point to at least two cases where a court said Section 230's immunity didn't apply to hard-copy publication of third party content that was received in electronic format (Parisi v. Sinclair dicta in n.3 and Curran v. Amazon). The court didn't cite to either.

Even though the court didn't explore this issue in any depth, I believe 47 USC 230 applies to telephone-based information services (e.g., 900 numbers) and possibly even content publishers that distribute via fax. The statutory language doesn't limit itself to websites; it covers "any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server." The automated telephone or fax servers should satisfy the "computer server" requirement. With the growth in computer-like client devices, such as smartphones, does an automated fax or telephone service (especially text-to-speech) mean that those devices are engaged in "computer access"? It might.

The ruling on Section 230's applicability to fax and telephone information services is indeed novel and perhaps unpredecented. However, I doubt this case is the definitive final word on that topic.

Courtney's second anti-Section 230 argument is that Angie's List "requests that individuals, as part of their report generation process, provide additional content about the professional against whom they are report," which turns Angie's List into a first-party developer of the content. I didn't understand this allegation, but it seems to be a Roommates.com type attack on the immunity. Perhaps it means Angie's List tries to get users to provide structured objective data to complement their unstructured consumer review. The court rejects the argument:

Plaintiff fails to provide, and the Court has been unable to locate, binding case law establishing that a website's use of a questionnaire renders it a “content provider” of information provided in response to same.

Obviously the court cut some corners by saying it couldn't find *binding* caselaw about Section 230 and questionnaires. I believe that's a true statement given the paucity of Fifth Circuit Section 230 cases (I believe Doe v. MySpace is the only one?), but the court could have gotten into Carafano, Roommates.com and many related cases if it wanted to. The fact the court sidestepped that obvious issue by invoking the requirement of binding precedent tells us the judge just wanted this case off his docket.

I've mentioned before that doctors seem unusually litigious about consumer reviews, and this case provides more support for that proposition. For more on that topic, see my post Doctors' Online Reputation Management and Patient Reviews (Talk Notes from ASAPS Annual Meeting).

Posted by Eric at 09:41 AM | Derivative Liability | TrackBack

Search

Categories

Archives

Recent Entries

July 31, 2012

Online Kevorkian’s First Amendment Challenge to Assisted Suicide Convictions Unsuccessful -– State v. Melchert-Dinkel

Backpage Gets Important 47 USC 230 Win Against Washington Law Trying to Combat Online Prostitution Ads (Forbes Cross-Post & More)

July 28, 2012

4th Circuit Limits the Reach of the Computer Fraud and Abuse Act – WEC Carolina Energy Solutions v. Miller

July 25, 2012

Franchisor Isn't Liable Under the TCPA for Franchisees' Text Message Campaign – Thomas v. Taco Bell

July 23, 2012

Ex-Spouse Hit With 20K in Damages for Email Eavesdropping – Klumb v. Goan

July 21, 2012

Offering P2P File-Sharing Software for Downloading May Be Copyright Inducement--David v. CBS Interactive

July 19, 2012

Judge Koh Puts the Kibosh on LinkedIn Referral ID Class Action -- Low v. LinkedIn

July 18, 2012

Why Defensive Domain Name Registrations Aren’t a Good Deal for Small Businesses (Forbes Cross-Post)

July 17, 2012

PissedConsumer Defeats Trademark Claim...On a Motion to Dismiss!?--deVere v. Opinion Corp.

July 16, 2012

Announcing a New Casebook: “Advertising & Marketing Law: Cases & Materials” by Tushnet & Goldman

July 15, 2012

Yet Another Case Says Section 230 Immunizes Newspapers from User Comments--Hadley v. GateHouse Media

July 13, 2012

Court Dismisses Data Breach Claims Against Countrywide – Holmes v. Countrywide

July 12, 2012

Having a Facebook or Twitter Account Shouldn't Mean Mandatory California Vacations if You Get Sued (Forbes Cross-Post)

July 11, 2012

"Cloud Computing: Is Anything Private?" Talk Notes

July 10, 2012

No Negligence Claim for Infringement via Shared Internet Connection (Preempted by Copyright Act) – Liberty Media v. Tabora

July 09, 2012

Google Sued Again for AdWords Trademark Infringement--Home Decor Center v. Google

Court Orders Production of Five Years' Worth of Facebook and MySpace Posts – Thompson v. Autoliv

Now Blogging at "Tertium Quid" at Forbes

July 08, 2012

H1 2012 Quick Links, Part 5 (Consumer Reviews, Content Regulation, Miscellaneous)

July 07, 2012

H1 2012 Quick Links, Part 4 (Search Engines, eBay, Social Networking Sites)

July 06, 2012

H1 2012 Quick Links, Part 3 (Advertising & Privacy)

Confirmatory Opt-Out Text Message Doesn't Violate TCPA – Ibey v. Taco Bell

The "I Didn't Understand Facebook's Privacy Settings" Argument Isn't Persuasive to Judges--Sumien v. CareFlite

July 05, 2012

Men's Journal Beats Lawsuit Alleging Violation of California’s “Shine the Light” Privacy Statute -- Boorstein v. Men’s Journal

H1 2012 Quick Links, Part 2 (Copyright)

July 04, 2012

Judge Koh Whittles Down iPhone App Privacy Lawsuit – In re iPhone Application Litig.

H1 2012 Quick Links, Part 1 (Trademarks/Domain Names, Patents, Trade Secrets, IP)

July 02, 2012

Angie's List's Telephone and Fax Information Services May Be Immunized by Section 230--Courtney v. Vereb