October 14, 2011
Court Disregards Check-the-Box Agreement and Doesn't Enforce Venue Clause -- Dunstan v. comScore
[Post by Venkat Balasubramani with additional comments from Eric]
Dunstan v. comScore, Inc., 11-cv-05807 (N.D. Ill. Oct. 7, 2011)
Plaintiffs sued comScore, alleging that comScore improperly obtained and misused plaintiff's personal information, after plaintiffs downloaded and used comScore's software. comScore sought to have the lawsuit transferred to Virginia, which was the forum specified in a forum-selection clause in the software terms of use/EULA. The court denies comScore's motion.
A comScore Vice President testified that "before a user can install comScore software," a customer must "click the box acknowledging" that the customer read and agreed to the terms. Plaintiffs, on the other hand, alleged that the forum-selection clause was not "apparent" when they downloaded the software. They also alleged that the terms of service were "obscured" during the installation process. From the court's order, it seems like plaintiffs did not deny that they checked the box. The court resolves the apparent factual dispute as follows:
the court declines to infer that clicking a box acknowledging that a user has read an agreement indicates that the agreement was reasonably available to the user, particularly when the plaintiffs have alleged that the hyperlink to the agreement was obscured.
Whoa. Let's take another look at this sentence. The court is saying that just because a user checked a box acknowledging the user had read the agreement, this does not mean that the court can infer that the user was able to read the agreement. (???)
comScore cited to several cases where courts enforced "click-through" agreements, including Specht v. Netscape. The court says that none of the cases involved an allegation of an obscured hyperlink. According to the court, Specht acknowledged the possibility that "a click-through agreement is not enforceable if its terms are not reasonably apparent to the user." The court goes on to note:
it is not reasonable to expect a user casually downloading free software to search for such an agreement if it is not immediately available and obvious where to obtain it. As the Second Circuit noted, 'when products are 'free' and users are invited to download them in the absence of reasonably conspicuous notice that they are about to bind themselves to contract terms, the transactional circumstances cannot be fully analogized to those in the paper world of arm's-length bargaining.' [U]nder the circumstances alleged here, including that the location of the license agreement was not readily apparent, the court concludes that the forum-selection clause was not reasonably communicated to the plaintiffs . . . .
This is definitely a double-take-worthy decision. The court relies on Specht v. Netscape, but Specht is a browsewrap case, where the user did not have to indicate assent to the terms before downloading the software. Given the circumstances (free download) and the fact that the terms were not in an obvious location, the court in Specht declined to enforce the terms.
There's an easy way to solve the problem presented by Specht: have a mechanism to require the user to unequivocally indicate assent to the terms before downloading the software. Courts have upheld this type of contract formation because there is no ambiguity as to the user's assent to the terms, and this was the type of agreement comScore had in place here. The consumer cannot say that he or she did not read the terms because prior to downloading, the user has to indicate that they read the terms. (See for example Feldman v. Google, which Eric discusses in this blog post: "Google Adwords Contract Upheld (Again)".)
It's tough to understate the importance of certainty in online contracting and the predictability of online agreement enforceability. They're among the cornerstones of online commerce. Courts struggled with the enforceability of browsewrap terms, but check the box terms are widely acknowledged to be enforceable; at least there should be no bar as to mutual assent and basic contract formation. I'm not sure whether the formation process or the court went astray here (see Eric's comments below regarding the former--he makes good points regarding implementation). If there were no issues with the UI implementation or the browser, then the court's decision is off base.
[Interestingly, comScore did not argue that the dispute is subject to arbitration, which tends to indicate that the agreement did not have an arbitration clause.]
______
Eric's comments
I have a couple theories about what went wrong here. Theory #1 is that the judge was overly willing to accept a plaintiff's bald factual assertion that comScore didn't adequately present the contract. (The judge says, "At this stage, however, the court must take the plaintiffs’ word for it."). As Venkat indicates, judges have to do a little more gatekeeping than this, because plaintiffs will assert this defect in every lawsuit. If all it takes to survive a motion to dismiss is the plaintiff's bald assertion, the contracts are nearly worthless.
Theory #2 is that comScore didn't do its formation process properly. I think there is truth to this theory even if comScore went "by the book" and used what seemed like a mandatory non-leaky clickthrough agreement. It's the responsibility of software vendors/website vendors to present the contract in such an unambiguous/can't-miss-it process that NO ONE--plaintiffs' lawyers, judges, Grandma--could possibly fail to see it. The fact that the judge gave the plaintiffs the benefit of the doubt is prima facie evidence that comScore failed to do this well enough.
The case might remind us of two key lessons for lawyers advising companies implementing user agreements:
1) I don't care how brilliantly you draft your user agreement. It's also your job as a lawyer to advise your clients HOW to form the contract and to ensure they follow your advice. If your brilliant contract isn't properly formed, who cares what it says?
2) You need to look at the UI implementation across multiple browsers with a variety of settings. Even if your browser renders the agreement formation process just fine, another browser may chunk the display. This is even more crucial in the mobile environment, where UIs are even more constrained.
Posted by Venkat at 12:55 PM | Adware/Spyware , Licensing/Contracts , Privacy/Security
February 10, 2011
Comparative Domain Name and Keyword Regulation Talk Slides
By Eric Goldman
I have a busy semester of talks, so I will be rolling out some talk slides over the next few days. Today, I'm posting my talk slides from a talk I gave last month at the University of Houston as part of this event. I titled the talk "Domain Name and Keyword Regulation."
This is a newly updated version of a talk I gave in 2007 at McGeorge Law School. At the time, I was interested in how we codified various forms of domain name exceptionalism compared to other keyword navigation tools. (The impetus for that talk, in turn, comes from my Deregulating Relevancy article, where I make this point more fully). This time, I think I did a better job offering some reasons why domain names may truly differ from keywords, so perhaps the "exceptionalism" isn't as remarkable as I indicated in 2007 (or is justifiable in part).
Revisiting the talk after 4 years, what really caught my attention were the relative quantum of regulations targeted specifically at domain names and keywords, respectively. I did a search in Westlaw's federal and state statutory databases for "domain name," and I was overwhelmed with hundreds of search results. I'm amazed how many statutes call out domain names and, in some cases, subject domain names to exceptionalist regulation. I taxonomize these various types of domain name regulations in my slides.
In contrast, we still have virtually no keyword advertising-specific regulation. The only such law still on the books is the Alaska anti-adware law, a law that I believe everyone simply ignores (although perhaps it's been mooted by the demise of adware circa 2005). When I initially gave the talk in 2007, the Utah Spyware Control Act was still on the books, but Utah ultimately (and wisely IMO) repealed that law, and Utah's other flirtations with keyword regulations have fortunately petered out. Given how keyword advertising has eclipsed domain names in so many ways, I remain perplexed by this disparity in regulatory attention despite the distinguishing characteristics between the two.
Posted by Eric at 11:30 AM | Adware/Spyware , Domain Names , Internet History , Trademark | TrackBack
November 23, 2010
Wildcarding Subdomains Is OK; Reverse Domain Name Hijacking Isn't--Goforit v. Digimedia
By Eric Goldman
Goforit Entertainment LLC v. Digimedia.com LP, 2010 WL 4602549 (N.D. Tex. Oct. 25, 2010). See the related personal jurisdiction ruling from 2007 featuring a completely different but still ridiculously large and expensive cast of lawyers.
This is a super-interesting dispute involving two not-so-interesting litigants. The plaintiff Goforit runs a type of meta-search engine at goforit.com. After spending 5 minutes at the site, I couldn't identify a single reason why anyone would want to use it. Also inexplicably, Goforit appears to be quite pleased with its trademark rights in "Goforit," a term that seems more like an exhortation than a trademark.
The defendants own or operate many domain names, including "org.com," "com.org," "gov.org," and "org.net." All of these domain names have wildcarded subdomains, meaning that XYZ.com.org will lead to a working web page, no matter what "XYZ" is. (See my descriptive and normative discussion about wildcarding in my Deregulating Relevancy article). The resulting com.org web page presents a mostly useless directory of CPC links. I noticed that the pages now include a disclaimer at the top saying "xyz.com.org was not found on our servers. www.com.org is shown below" and a link at the bottom saying "Information on how you reached this site" which says:
Occasionally we receive inquiries from users who do not understand why they have accessed our site. Please be advised that you are not reaching our site as a result of spyware. We are not exactly sure why you have been directed here, however, we believe it is a result of the autosearch feature of Internet Explorer. If a site entered into the address bar cannot be accessed, Explorer apparently appends ".org" to the name and then tries to access that site. In the case of a search ending in .com, Explorer thus accesses our domain, "com.org."
Taking this statement at face value (which I recognize is questionable), this technical implementation seems like a goof by Microsoft and anyone else who automatically appends a TLD to an address bar entry. The court’s opinion doesn't mention either the disclaimer or the footer link, so they may post-date the lawsuit commencement. FWIW, the latest page in Archive.org from Aug. 2008 lacks the top disclaimer, although it does have the footer link.
Because the defendants are wildcarding their subdomains and various browsers or toolbars may be automatically adding ".com" or ".org" extensions, the net result is that users could enter "goforit" or "goforit.com" into their address bar and end up at the defendants' wildcarded com.org page, where they were presented CPC links. On the one hand, this wildcarding could have contributed to a type of consumer confusion--consumers putatively looking for goforit's navigational directory got the defendants’ navigational directory instead of, say, getting a 404. On the other hand, who cares? It's hard to believe many people were actually looking for goforit.com and yet had their browser redirect them to goforit.com.org, and those few brand-loyal users should have had no problem instantly spotting that they were in the wrong place.
So to boil the dispute down, a low-value no-name search engine is suing a low-value no-name domainer for a few allegedly misdirected users who quickly self-corrected. It's a little hard to work up a lot of sympathy in either direction. In this respect, the lawsuit vaguely reminded me of the unsympathetic marketers battling over dmv.org.
Two more oddities. First, making all favorable inferences for the plaintiff, how many users could possibly have been "diverted" from plaintiff to defendant? Second, after Goforit complained, the defendants "blocked" goforit as a wildcard, causing users who would have gotten to the defendants' site to get a 404 instead. So, adding it all up, exactly how much money could Goforit be legitimately seeking? I'm sure the defendants love the traffic they get from their scheme, but I can't imagine that the slice of their revenue attributable to "goforit" is greater than de minimis. And for this peppercorn, the plaintiff has been suing the defendants since 2006 through multiple courts--with no less than *TEN* lawyers from *THREE* different law firms listed as its counsel on this opinion. (FWIW, I count 4 lawyers from four different law firms working on the defense side, although there were multiple defendants who might have wanted their own lawyers). The entire litigation efforts seems like a nuclear flyswatter.
Fortunately, the parties' exorbitant expenditures do produce one good outcome: this opinion is one of the most conscientious and thoughtful ones I've seen this year. Huzzah for Chief District Judge Sidney A. Fitzwater!
Unfortunately for Goforit, the judge rules decisively in favor of the defendants. The court rejects Goforit’s claims over the wildcarding and sends defendants' counterclaims to the jury. I’m going to get into the minutiae of the opinion, so unless you are a hardcore domain name/trademark nerd, you should probably stop reading here.
ACPA Claim
The court rejects the cybersquatting claim because Goforit was complaining about third-level subdomains. The court says flatly: "as a matter of law, third level domain names are not covered by the ACPA." The court concludes:
Because third level domains--whether specifically designated or using Wildcard DNS--are not "registered with or assigned by any domain name registrar," a straightforward reading of the text shows that GEL cannot recover under the ACPA for defendants' use of Wildcard DNS in a third level domain.
Trademark Infringement
Goforit's trademark claim fails for lack of use in commerce. Goforit tried two arguments to establish use in commerce: "(1) defendants "used" the mark by registering a TLD website such as "com.org" and enabling Wildcard DNS, intending that third parties would enter addresses containing others' trademarks, such as "goforit.com.org"; and (2) defendants "displayed" the GOFORIT mark in the sale and advertising of their services by programming the address bar to display "goforit.com.org" after the Wildcard DNS directed the user to the "com.org" website."
On the first point, the court says that setting up a wildcarding scheme does not evidence the defendants' intent to use Goforit's trademarks. Citing the 2005 1-800 Contacts v. WhenU case, the court says:
Even if defendants could have foreseen that some third-party web users might type in a trademarked name to trigger the Wildcard DNS, the fact that the TLD websites' Wildcard function processes a trademarked input does not constitute a "use" in "sale or advertising" of services....the Wildcard function in the instant case does not handle the third-party user's trademark input as a trademark, but merely as a web address that internally redirects to the domain name's homepage....Defendants have never tried to leverage others' trademarks into profit by selling specific trademarked keywords to advertisers.
I note that the com.org website now shows the disclaimer--referencing the subdomain and possible trademark--on each page. I wonder if this would change the court's analysis.
On the second point, the court says:
A reasonable jury could only find that, in any instance when "goforit.com.org" appears in the address bar, this is because the user has somehow entered "goforit.com.org" into the address bar at some point, whether intentionally or by inadvertent misuse of shortcut keys, to trigger Wildcard DNS in the first place. It would be different if defendants had configured their website to display "GoForIt.com" on the user's address bar after redirecting users to the "com.org" site and displayed other indications of affiliation with GEL and its GOFORIT mark. But a reasonable jury could not find that there is anything deceptive in itself about calling a website what it actually is: when a user enters "goforit.com.org" into the address bar, the user may be redirected to "com.org," but that does not change the fact that the content the user is seeing is the actual content assigned to the "goforit.com.org" address.
False Designation of Origin
The court also rejects Goforit's claim that the defendants made a false designation of origin by retaining the goforit subdomain throughout a user's visit. The court says that Goforit did not produce any convincing evidence either of consumer confusion or any harm to it.
The court first does a traditional multi-factor trademark confusion test; a few comments about that:
Mark Strength: "Without any evidence of the GOFORIT mark's consumer recognition power, there is no proof that would enable a reasonable jury to find that any of the redirected users was even aware of GEL's GOFORIT mark."
Mark Similarity: the court says the relevant marks are "Goforit" compared with “com.org." The court effectively ignores the subdomain as irrelevant. Even if the Goforit trademark is compared with goforit.com.org, the court says a "reasonable jury could not find that a user would construe an address bar display, especially one that merely retains what was just inputted by the user, as a "mark" when nothing else in the page content indicates GOFORIT sponsorship or affiliation."
Product Similarity: "A reasonable jury could only find, however, that the similarity of product design is attributable to the fact that defendants' TLD Domain Name websites and GEL's GoForIt.com website are both web directories; the functional design choices are common to many web directory websites rather than distinctive to GEL, and GEL has not produced any evidence that defendants have copied any product feature that uniquely identifies GEL's services."
Actual Confusion: "According to Grant's testimony, users on message boards expressed confusion as to how they arrived at websites such as "com.org," but there is no summary judgment evidence that users mistook "com.org" to be affiliated with or approved by the websites they intended to reach. On the contrary, the fact that some users, after experiencing Wildcard DNS, suspected that they had been infected with spyware suggests that it was immediately apparent to users that defendants' websites, which lacked trademark and trade dress similarity with their target sites, were of a different origin." Perhaps this is one of the rare situations where being confused with spyware is a positive!
The court then turns to false advertising proper, saying "a reasonable jury could not find that the display of "goforit.com.org" is a literally false statement." The court considers implied falsity and rejects the elements of that:
GEL has failed to present any evidence that the redirected consumers would have found the display of "goforit" in the web address material in deciding whether to click on the advertisements on "com.org." Nor has GEL adduced evidence that would enable a reasonable jury to find that any of the affected users was even aware of "GoForIt.com" as a competing entity....because a reasonable jury could only find that "go for it" is a common expression in conversational English, and because myriad other websites unaffiliated with GEL incorporate "goforit" into their web addresses, a reasonable jury could not find that any of the users from the log files who typed "goforit" intended to go to GEL's website.
Reverse Domain Name Hijacking
After completely rejecting Goforit's claims, the court turns its attention to the defendants' counterclaims. Defendants sued for reverse domain name hijacking under 15 USC 1114(2)(D)(iv). As part of its scorched earth tactics, Goforit asked the defendants' registrar (Tucows) to impose a registration lock on all of defendants' domain names--including com.org and nearly 300 others.
Tucows did, in fact, impose the registration lock, which allegedly caused all kinds of problems for the defendants. I'm trying to figure out how Goforit convinced Tucows to lock all of the defendants' domain names. On the surface, Tucows isn't looking so great here either. [see update below]
The court says that even if Goforit had a plausible argument against com.org based on goforit.com.org (something the court left open), Goforit had no plausible argument that the other domain names violated its trademark rights. As a result, the court denied Goforit's summary judgment motion, putting the reverse domain name hijacking claim to a jury trial.
I did a little research on the ACPA reverse domain name hijacking provision. I found only 6 other cases in Westlaw citing to the damages provision in subsection (iv) (as opposed to the declaratory relief in subsection (v), which has been successfully invoked only a few times). As far as I can tell, no other (iv) case has resulted in a positive outcome for the domain name registrant. Therefore, I believe the defendants' success so far on the (iv) reverse domain name hijacking claim is the first of its kind.
Tortious Interference With Contract
The court also rejected Goforit's summary judgment on the defendants' claim for tortious interference with the defendants' contract with Tucows. There were some old cases that implied that the ACPA reverse domain name cybersquatting provisions preempted state law equivalents, so this ruling also appears to be novel.
UPDATE: I had an extended email discussion with Tucows about its role in this situation. My contact sent me the following statement:
"Tucows responded in this case as per our policy. When we receive notice of filed litigation, NOT simply a C&D or draft litigation, we lock the affected name(s). We also notify the registrant. Please remember that locking the name does not in any way disable the name, but simply ensures that the name stays in place while the rights are being sorted out. In these circumstances we are also happy to accommodate changes that a registrant may need to a setting such as DNS. Also, in the rare circumstance where this policy creates difficulties for a registrant, Tucows actively works with the registrant to find a solution that balances the registrant's rights with the need to see that an effective legal system sits behind all property rights, including domain names.
While we don't comment on specific matters, Digimedia is, and continues to be, a long time Tucows customer."
Posted by Eric at 10:04 AM | Adware/Spyware , Domain Names , Marketing , Trademark | TrackBack
April 06, 2010
Fourth Circuit: Email, ECF, and Domain Name Woes do not Excuse Failure to Respond to Summary Judgment Motion -- Robinson v. Wix Filtration
[Post by Venkat]
Robinson v. Wix Filtration Corp. LLC, 4th Cir. (Mar. 26, 2010) [scribd]
The Fourth Circuit recently held that the district court properly granted summary judgment in favor of a defendant, and rejected plaintiff's argument that counsel's failure to respond to a defense motion for summary judgment was excusable due to email, malware, and domain name issues.
As described by the court, plaintiff's counsel "was afflicted by a malware virus and . . . his counsel's firm's domain name had temporarily expired when the motion for summary judgment was filed." Counsel re-registered the domain name but the "e-mail accounts associated with the domain name were 'blacklisted' causing further e-mail problems."
The court found that plaintiff's failure to receive notice of the motion "resulted from counsel's conscious choice not to take any action with respect to his computer troubles." In the words of the court: "counsel made the affirmative decision to remain in the dark." Finding that a client must bear the consequences of his or her attorney's conduct, the court found that it was not an abuse of discretion for the trial court to refuse to set aside the judgment. The court found that plaintiff was not entitled to relief under either Rule 59(e) or 60(b).
One judge concurred, finding that the dismissal was a result of "counsel's unwise and misplaced strategic choice to litigate, ostrich-like, with his head in the sand." The concurring judge noted critically (in a footnote) that periodically checking the CM/ECF docketing system "simply was not a part of [counsel's] practice."
Judge King filed a spirited dissent, among other things, arguing that the Fourth Circuit's decision creates a "duty to monitor," and that the party should not in this case made to bear the consequences of counsel's actions. Interestingly, Judge King also argues that the exception to the rule (taken for granted as a matter of practice in many ECF jurisdictions) that ECF filing constitutes service should come into play. The dissenting opinion argues that once defense counsel became aware that plaintiff's counsel had email issues, defense counsel should have sent a paper copy of the motion in order to complete service. (The rules provide that ECF filing "is not effective if the serving party learns that [the Notice of Electronic Filing ] . . . did not reach the intended recipient," but by the time the defendant had notice of the other side's email problems, it was pretty much too late. And plaintiff's counsel should have probably checked the docket anyway, to see if a dispositive motion was filed when the deadline came and went.) Judge King also notes that imposing a "duty to monitor" will result in additional costs (in the form of PACER fees) which will fall on the shoulders of clients.
___
It's tough to not be sympathetic to plaintiff and to counsel for plaintiff. Everyone will have an email gaffe at some point in their career. (I'm not sure the failure to check the docket is as excusable.) That said, courts are not very tolerant of arguments that counsel did not respond to a motion or a deadline due to a failure to receive electronic notice. The "spam filter ate my CM/ECF notice" is often offered as an argument in these situations, but this argument typically does not get a lot of mileage. (See Shuey v. Schwab discussed in this post (court remands for consideration of the merits) and the other cases mentioned there.)
(h/t ABA Journal: "Lawyer’s Computer Virus Doesn’t Excuse Missed Dismissal Motion, 4th Circuit Says")
Posted by Venkat at 12:20 PM | Adware/Spyware , Spam
January 27, 2010
Utah May Repeal Its Spyware Control Act--SB 26
By Eric Goldman
It's that time of year again. The Utah legislature is back in session and cooking up new schemes to regulate the Internet. So far I only see one Internet-specific bill in queue, SB 26. Surprisingly, it does not directly attempt to regulate keyword advertising.
SB 26 is sponsored by Sen. Stephen H. Urquhart, who rocketed to national cyberlaw fame (infamy?) in 2004 when he sponsored Utah's Spyware Control Act. It was such a misguided law that it motivated me (in part) to write a 71 page magnum opus explaining its policy deficiencies. It was also hampered by its fairly obvious unconstitutionality, which was confirmed by a Utah court a few months after passage. (Note: I helped write an amicus brief in that court challenge, so you might interpret my assessment as an advocacy statement). Following the judicial thumping, then-Rep. Urquhart shepherded an amendment to the Spyware Control Act in 2005 that effectively neutered the law. Since then, I believe the law has sat largely dormant. The only court citation I know of was in the 2008 Overstock v. SmartBargains case, easily rejecting Overstock's mystifying attempt to make a claim under the superseded 2004 version of the law.
Among other items I'll discuss in a moment, SB 26 proposes to repeal the Spyware Control Act entirely. If passed, that would be a remarkable development because most legislators let their failed laws sit on the books unused. It takes some work to repeal a law, plus it can be a little embarrassing to repeal a law--especially after hyping up the law to get it passed initially (Urquhart had a lot of tough talk about spyware/adware in 2004-05, see, e.g., here). Kudos to Sen. Urquhart for having the fortitude to admit and fix his errors publicly.
While repealing the law would be a remarkable step on its own, it's even more remarkable in the context of the Utah legislature's track record of Internet regulation. By my count, repealing the Spyware Control Act would be at least the THIRD Utah Internet law that its legislature repealed in the past few years--the other two being Utah's 1995 digital signature act and its infamous Trademark Protection Act. For a legislature that meets only a couple of months a year, a trifecta of repealed Internet laws in the past couple of years is a stunning waste of scarce legislative resources. Wow.
As bad as that is, the three repealed laws don't even tell the full story of the Utah legislature's incompetence when it comes to Internet regulation. Recall Utah's failed attempt to line its coffers by taxing email (which turned into a big money-loser), and don't forget its repeated attempts to regulate Internet content that have spawned years of costly litigation (see, e.g., Free Speech Coalition v. Shurtleff). From my perspective, anyone looking objectively at the Utah legislature's track record of regulating the Internet would logically conclude that they should cut their losses and focus on other legislative priorities.
Unfortunately, SB 26 indicates that either hope springs eternal in the Utah legislature or they are doomed to forget the lessons of history. Despite doing some good by putting down the Spyware Control Act, the bill amazingly proposes more regulations of the Internet! To Sen. Urquhart's credit, the bill is largely clone-and-revise proposals from other places and not drafted from scratch, which may contribute less from a regulatory standpoint but at least they aren't quite as error prone. The proposed law has three main components:
1) anti-phishing/anti-pharming restrictions. I'm not sure where the original text came from. California has an anti-phishing law but I don't think this is a clone-and-revise of that law. Maybe it's cloned from another state's anti-phishing law. In any case, the anti-"phishing" proposal is noteworthy because the regulation doesn't restrict itself to email (presumably to avoid any risk of CAN-SPAM preemption). As a result, as currently drafted, it's an unlimited anti-pretexting law applicable to both online and offline conduct.
2) anti-spyware restrictions. After wiping out the Spyware Control Act, the new anti-spyware proposals are based on the California model of state anti-spyware laws, which have been followed by a couple dozen other states. The California model regulates various types of "intentionally deceptive" conduct regarding software activity. This is what Utah should have done in 2004-05 rather than trying to develop its own sui generis law. I generally don't have a problem with regulating intentionally deceptive software behavior, but it seems a little late to be enacting the laws now. Most of the regulations contemplate practices more common in 2003-06 and largely defunct now, so Utah is showing up late to a party that ended years ago.
3) a state version of the federal Anti-Cybersquatting Consumer Protection Act. I know some other states have enacted domain name protection laws (California comes to mind), but it's not clear what benefits these state laws have. As far as I know, California's law is almost never used. Tom O'Toole speculates that this bill will make it easier for Utah trademark owners to bring in rem lawsuits, but it's not clear to me how much this law will help given the rarity of ACPA in rem lawsuits (UDRPs are usually cheaper and faster for the same results) and already expansive jurisdictional principles under ACPA. Further, I wonder if this law is preempted either by the dormant commerce clause or via field preemption of the federal ACPA.
I should add that I’ve observed that Utah bills can change radically from draft to draft with little warning, even if the law is on the legislative floor for a final vote, so we'll have to see if this law transmogrifies through the process. And I am keeping a vigilant watch for any resurrected attempts to regulate keyword advertising.
Posted by Eric at 09:58 AM | Adware/Spyware , Domain Names , Internet History , Spam , Trademark | TrackBack
December 26, 2009
November-December 2009 Quick Links, Part 1
By Eric Goldman
Trademarks/Domain Names
* Yahoo and Mary Kay settled Mary Kay's trademark lawsuit over Yahoo's email shortcuts.
* uBID Inc. v. The GoDaddy Group Inc., No. 09-cv-2123 (N.D. Ill. Nov. 5, 2009). uBid’s anti-domain name parking lawsuit failed on jurisdictional grounds. Tom O'Toole explains why this is an unusual jurisdictional ruling.
* Trademark Blog: “Sellify, operator of ONEQUALITY.COM, sues Amazon over Amazon affiliates' alleged misuse of ONEQUALITY.COM as Google keywords.”
* In an unenlightening memo opinion, Second Circuit affirms the Cintas v. Unite Here opinion involving union activists’ web activities using a target company’s trademark. My initial blog post on the case.
* Bloomberg: Buyers of counterfeit luxury goods understand they are getting counterfeits, and many of them upgrade to the real thing eventually.
* Transamerica v. Moniker Online Services, 2009 WL 4715853 (S.D. Fla. Dec. 4, 2009). Domain name registrar does not qualify for ACPA's registrar safe harbor when: "Transamerica alleges that Oversee and the Moniker Defendants, together with the ostensible registrants-the John Doe Defendants-are the de facto registrants of the domain names in question. Transamerica claims that Moniker was not merely acting as a registrant in providing registration services to the John Doe Defendants for the infringing domain names, but instead was part of a scheme to profit from the use of the infringing names. As Transamerica points out, Moniker receives a fee each time an internet user clicks on one of the links attached to the infringing domain sites; such payment establishes at least partial ownership in the domain name." Troubling ruling.
* SafeWorks, LLC v. Spydercrane.com, LLC (W.D. Wash. Dec. 7, 2009). A trademark owner's preemptive registration of domain names containing typographical errors of the registrant's trademarks does not infringe a third party trademarks.
Marketing and Advertising
* In re Gemtronics (FTC ALJ decision Sept 16, 2009). A dietary supplement seller wasn't liable for comments on a website that it didn't own or control but (among other things) it had linked to. While this is great, I still believe the FTC needs to rethink its entire liability scheme of online content endorsement or adoption due to 47 USC 230. See 1, 2.
* Avvo settles Florida bar lawsuit and gets Florida to admit that client testimonials on Avvo aren't lawyer advertising. Rebecca explains why an analogous South Carolina regulation violates 47 USC 230.
* After the FDA spooked pharmaceutical companies to stop engaging in search advertising, the FDA held hearings on Internet pharmaceutical marketing. The Arnold & Porter recap. Ironically, BusinessWeek ran a story wondering if pharmaceutical ads reduce consumer demand.
* The FTC cracks down on online negative option/"continuity plan" offerings.
* In re Miva Inc. Securities Litigation, 2009 WL 3821146 (M.D. Fla. Nov. 16, 2009). The court dismissed a securities class action lawsuit over Miva's/FindWhat's investor disclosures relating to click fraud and spyware. My initial blog post on the case.
* NYT: False advertising litigation is a growth industry.
Search Engines
* A Milwaukee lawyer has alleged that another lawyer buying keyword advertising triggered by his name violates his publicity rights. I’ve posted the complaint to Scribd.
* Google is now personalizing search results for everyone, not just logged-in users. In 2006, I wrote about how universal personalization would affect SEO and concerns about search engine bias. Danny Sullivan believes Google’s change deserves "extraordinary attention."
* Google took out an ad from itself to explain why its image search results for Michelle Obama contained an offensive result. This is after it first tried to remove the image on the pretext that the website was hosting malware.
* Danny Sullivan asks some good questions about Google's integration of Twitter into its search database.
* BusinessWeek: Matt Cutts, Google’s search engine anti-spam superstar, talks about his job. He doesn't sound like the most fun person to travel with
* Rose Hagan, Google's chief trademark counsel, is retiring after 7 years at Google. She leaves behind big shoes to fill.
Posted by Eric at 02:59 PM | Adware/Spyware , Derivative Liability , Domain Names , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Trademark | TrackBack
August 06, 2009
State of the Net West Recap
By Eric Goldman
Yesterday, the High Tech Law Institute and the Advisory Committee to the Congressional Internet Caucus co-sponsored the Third Annual State of the Net West event at Santa Clara University. The featured participants were 3 members of Congress (Boucher, Goodlatte and Lofgren) and the White House CTO Aneesh Chopra, supplemented by 8 distinguished discussants. In a jam-packed morning, we covered a lot of interesting and important ground on broadband, privacy, antitrust, immigration and open government. This blog post recaps some highlights from the discussion.
Boucher on Broadband
Rep. Boucher emphasized the importance of broadband availability to economic activity and expressed concern that the US wasn't keeping up with broadband deployment (he said, "we can do better"). He offered three policy proposals for ways the federal government could help:
* revise the Universal Service Fund to allow dollars to be spent on broadband deployment; and require USF fund recipients 5 years from now to be offering broadband or be cut off from USF
* federally preempt state laws prohibiting municipal broadband offerings (which about 25 states have)
* get the FCC to develop a broadband deployment plan
He expressed disappointment with the guidelines that NTIA and the Department of Agriculture have adopted to give away the $7.2B broadband fund that was part of the stimulus package. It appears he will be encouraging both entities to rethink their guidelines.
My colleague Al Hammond was the broadband discussant. Al made a number of good points, including noting that broadband deployment is both a rural and low-income issue (Boucher appeared to be focusing more on the former) and raising concerns about municipalities not playing fair and the FCC overcounting actual broadband availability.
Boucher on Privacy
Rep. Boucher also gave a preview of the privacy bill he is planning to introduce next month. He started off by saying he likes ad targeting, especially first party targeting (he said he buys items based on customized recommendations). So he wants to encourage "appropriate" ad targeting, not eliminate it. His bill is expected to contain the following elements:
* websites collecting data will be required to post a prominent privacy policy
* users can opt-out of first party targeted ads. This also includes data sharing necessary to enable first party ads
* websites that want to share data with unaffiliated third parties will need opt-in. However, behavioral ad networks can proceed on an opt-out basis if they allow users to see and edit their behavioral profile, except for sensitive information categories that would always be opt-in
* both the FTC and state AGs would have enforcement authority
To the extent that the mandatory privacy policy and opt-out options codifies existing industry practices, this proposal generally seems benign but not worth the effort--the costs of the inevitably poor statutory drafting outweighs any benefit we might get from regulatory codification. Requiring opt-in would likely eliminate third party behavioral ad networks, which (as I've discussed before) is more likely to be a detriment than a win.
I was especially intrigued by the proposal that behavioral networks can flip from opt-in to opt-out by letting users access a user profile. I need to see more details about Boucher's thinking, but doesn't this superficially sound crazy? The most obvious problem is authentication of the user before seeing his or her profile. How would this be done? The networks usually don't know the identity of the specific individuals they are profiling, so they can't authenticate identity. And just tying profile access privileges to a cookie or machine sounds like a recipe for disaster for all shared computers. Plus, a web interface seems to increase the security risks that the bad guys can see profiles they shouldn't be able to see. On first blush, it sounds like this part of Boucher's proposal may need a complete rewrite, with unknown consequences for the entire structure of his proposal.
Mike Hintze of Microsoft was the privacy discussant. He espoused Microsoft's standard line that there should be a comprehensive privacy law.
In the Q&A, Boucher appeared willing to consider concurrent privacy enforcement authority by self-regulatory organizations, so long as they enforced the law's minimum requirements. But any self-regulatory effort wasn't a substitute for other aspects of his bill.
Lofgren on Antitrust
Rep. Lofgren said that if the Bush administration did too little on antitrust enforcement, the Judiciary committee is now concerned that Obama and Varney will do too much. Lofgren is particularly focused on the chilling effects of the mere threat of antitrust scrutiny, not just the actual successful prosecution in court of cases. Thus, an "informal" DOJ expression of interest can deter innovative activity by high tech companies.
She also expressed skepticism that antitrust laws remain effective at protecting technology markets, which are marked by fast innovation and low barriers to entry. (I believe her exact words were "traditional antitrust measures of marketplace behavior might no longer work.") At minimum, any technology-related antitrust enforcement actions should be focused on improving innovation rather than trying to manage current marketplace prices.
Finally, she said that copyright restrictions should be considered in antitrust inquiries. Mike Masnick has more to say on this.
Michael Katz of UC Berkeley was the most colorful respondent. He shared Lofgren's concern that antitrust law may be counterproductively squelching innovation, especially when companies try to capture antitrust enforcers to hassle competitors. He had especially harsh words for the FCC, calling it much less disciplined than the DOJ and observing how the FCC can blackmail companies using its leverage. He also complained that the FCC's review of mergers takes too long, and as an example of their lack of discipline, the FCC will impose merger conditions that have nothing to do with the merger.
Tim Bresnahan of Stanford and my colleague Cathy Sandoval were the other respondents.
At the end of her talk, Lofgren praised the Google Book Search settlement, saying that in some ways it lowers barriers to entry. She also said she was grateful that Google appears to have found a back-door way to liberate orphan works given that she wasn't able to pass an orphan works bill. I'm all in favor of orphan works reform, but a class action settlement seems like a weird way to get there.
Chopra on Open Government
Aneesh Chopra is the new White House CTO, a role that never existed before, which puts Chopra at Obama's elbow on all technology issues. This was Chopra's first Silicon Valley trip since he undertook his new role. His first talk was on Tuesday night at a Churchill Club event; we were his second. Lots of people were very interested in learning more about him. He was the big draw for the press, and we got an unprecedented number of walks-in based in part (we think) on his talk. He was also mobbed before and after his talk--everyone seemed to want a piece of his attention (then again, I'd love to have a chance to kick some stuff around with him one-on-one myself!).
It's easy to see why Chopra sparks such curiosity. My impressions were that he was genuinely affable, smooth without being slick, substantive without being bookish, a big fan of crowdsourcing and an even bigger fan of assessment and measurement of outcomes.
He started off by discussing the importance of technology and how the US's rate of technological performance is lagging against other countries. He then identified three ways to "turn the ship around":
1. invest in innovation building blocks, such as a smart/secure infrastructure, more R&D and improved workforce expertise
2. healthcare reform, especially improvements to the information technology side of healthcare delivery
3. an improved education system, including distance learning and more emphasis on lifelong learning
He then discussed open government issues and gave examples of ways technology can facilitate participatory governance.
Goodlatte and Discussants on Immigration
Rep. Goodlatte laid out the Republican's high tech agenda, which includes:
* skilled workforce, including immigration reform
* patent reform
* trade issues
* taxation, including efforts to define when activity in a state triggers tax obligations
* net neutrality (don't regulate but improve antitrust enforcement)
* privacy (opt-out except for sensitive information)
The panel then drilled down on immigration reform. I was really excited to have this panel because workforce issues are so central to the Silicon Valley's "secret sauce" and yet I couldn't recall a time that the HTLI had sponsored a discussion about them. Obviously immigration issues are age-old and are well-trodden, but I nevertheless found the discussion helpful--with the one caveat that everyone on the panel agreed with everyone else, so there was a lot of preaching to the choir. I learned an interesting factoid that both Reps. Goodlatte and Lofgren were formerly immigration attorneys, so they have some front-line domain expertise in this area.
First discussant was AnnaLee Saxenian of UC Berkeley. She talked about how skilled immigrants have fueled innovation in this country. She gave a number of stats in support of this, including that a majority of Silicon Valley engineers are foreign-born, and a high percentage of technology entrepreneurs and patent applicants are foreign-born individuals. She also noted that foreign-born skilled works create net new jobs and also help build better ties to their home country.
We benefit from the best and the brightest from around the world, who come to the US because of our higher education system and historically have chosen to stay. However, she is concerned about this retention because of bureaucratic barriers. She is also concerned that companies, frustrated by their lack of access to development talent, will offshore their R&D.
Finally, she pointed out that immigration discussions kludge together the issues of skilled and low-skilled workers, even though their issues are very different.
Keith Wolfe of Google reinforced many of AnnaLee's points from Google's specific experiences.
My colleague Deep Gulasekaram was the last discussant. He pointed out that free marketplaces may require free movement of labor, which isn't consistent with our current immigration policy. He raised concerns about state and local anti-immigration policies and the negative consequences of tying foreign workers to specific jobs (by linking their visa to the job).
Rep. Lofgren added a few remarks:
* Obama told her that it's time for comprehensive immigration reform. [This led to a polite back-and-forth between Lofgren, who favors comprehensive reform, and Goodlatte, who would settle for piecemeal immigration reform]
* Immigration reform is not a substitute for educating the US workforce
* We should give permanence to people we want to keep (i.e., not keep them on some treadmill with the possibility of a forced exit, which prevents their long-term life planning)
* We need to address the family of skilled immigrants, not just the immigrants themselves
More Coverage of the Event
* ABC 7 News
* KCBS radio
* Zusha Ellison of the Recorder
* Joyce Cutler of BNA (BNA subscription required)
* Mike Masnick
* Joel West
* Colette Vogele
* Warren's Washington Internet Daily also ran a story (not web-linkable) "Boucher Promises Online Privacy Bill Draft Soon"
* The extensive Twitter discussion at hashtag #sotnw. Twitterers included @ipolicy, @caminick, @persistance, @miss_eli, @techpolicygirl, @cathygellis, @mmasnick, @nextgenweb, @marianmerritt, @larrymagid, @christinela, @mblatkin, @seangarrettnow, @vogelelaw (who didn't always use the hashtag--we will try to publish a standardized hashtag at future events). Whew! Apologies if I missed anyone. I can't recall seeing more Twitterers in an audience--everyone seemed to have their Twitter page up constantly. As usual, I didn't turn on my computer at the conference (I take notes by hand and blog them later), so my comments seem woefully out-of-date already!
We plan to post the event audio soon so you can listen for yourself. I'll announce the audio posting at my Twitter account when it's live.
UPDATE: Audio now available: Download (item 27) or Stream
Posted by Eric at 10:54 AM | Adware/Spyware , Copyright , E-Commerce , General , Internet History , Marketing , Patents , Privacy/Security | TrackBack
July 06, 2009
June 2009 Quick Links, Part 1
By Eric Goldman
Just a reminder that I post some items to Twitter that don’t make it into these monthly recaps. If you want even more, you can track a superset of my online activities at Friendfeed.
Search Engines
* All Things Digital had an interesting 3 part series on the role of humans in configuring Google's algorithms: Scott Huffman; Matt Cutts; Amit Singhal. My initial 2005 blog post on the topic.
* More evidence of the deleterious consequences of latency on users' enjoyment of search results pages.
* Google is stumping in favor of its book search settlement deal and putting on the "charm offensive."
* Wired on niche search engines competing around the edges of Google.
* Google has dropped its feature that allowed quoted sources to reply in Google News.
* First, kosher phones. Now, kosher search engines.
Trademark
* Wendy Davis on a trademark lawsuit against Craigslist for allegedly infringing ad copy supplied by one of its users.
* Rookie mistake: Tony LaRussa publicly announced a settlement deal in his trademark lawsuit against Twitter before the papers were signed. Guess what....NO DEAL! UPDATE: A deal was struck subsequently.
* Speaking of which...the WSJ on Twittersquatting.
* WSJ: Europe's High Court Tries On a Bunny Suit Made of Chocolate. The EU struggles with trademarkability of chocolate bunnies.
* Productive People, LLC v. Ives Design (D. Ariz. May 29, 2009). TRO against a domainer.
* Oddee: 10 of the Worst Restaurant Names ever.
Copyright
* Supreme Court declined certiorari in the Cartoon Network v. CSC case.
* Arista Records LLC v. Usenet.com, Inc., 2009 WL 1873589 (S.D.N.Y. June 30, 2009). Usenet service provider committed (1) direct copyright infringement (because it “actively engaged in the process so as to satisfy the “volitional-conduct” requirement for direct infringement”) as well as contributory infringement, vicarious infringement and inducement of infringement. This case was colored by defendants’ evidence spoliation and the lack of a viable 512 defense; in situations like this, courts smack down defendants hard. The court’s analysis would be troubling for many online service providers if this case isn’t an outlier. Mike Masnick has more on the import (or lack thereof) of this case.
* Brave New Films 501(C)(4) v. Weiner, 2009 WL 1622385 (N.D. Cal. Jun 10, 2009). BNF was denied summary judgment on its declaratory judgment request because (a) Savage never threatened BNF directly, and (b) ORTN, which did threaten BNF directly, isn't the copyright owner. My previous coverage of this case.
User Agreements
* In the Matter of Sears Holdings Management Corporation. The FTC busted Sears for installing tracking software/spyware, even though Sears (1) asked all users to expressly opt-in, (2) paid users $10 to install the software, and (3) made full disclosure of the thorough tracking function of the spyware in the user agreement, albeit late in the installation process and in a buried fashion.
* Universal Grading Service v. eBay Inc., No. 08-CV-3557 (E.D.N.Y. June 10, 2009). eBay venue selection clause upheld.
* McMillan v. Wells Fargo, 2009 WL 1686431 (N.D. Cal. June 12, 2009). Wells Fargo asks some customers to agree to four different documents with differing governing law/venue selection clauses, leading to massive judicial confusion about how to determine governing law and venue.
* I’m using EFF's new "TOSBack" tool to track changes to major online services' user agreements. For my commentary on an article by Becher/Zarsky predicting the development of tools like this, see my writeup.
Posted by Eric at 04:54 PM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , Licensing/Contracts , Marketing , Search Engines , Trademark | TrackBack
June 26, 2009
Anti-Spyware Company Protected by 47 USC 230(c)(2)--Zango v. Kaspersky
By Eric Goldman
Zango, Inc. v. Kaspersky Lab, Inc., 2009 WL 1796746 (9th Cir. June 25, 2009)
The case involves Kaspersky, an anti-spyware software vendor, and Zango, the former purveyor of adware (I say "former" because Zango shut down a few months ago). Kaspersky classified Zango's software as adware and did some other things that allegedly interfered with Kaspersky users' ability to download and enjoy Zango software. Zango sued Kaspersky, and Kaspersky defended on 230(c)(2) grounds.
Note: 47 USC 230(c)(2) is the underlitigated/under-discussed sibling of 230(c)(1), which provides nearly absolute immunity for third party online content and actions.
In my opinion, 230(c)(2) fairly clearly protects all types of online filtering decisions, and this panel confirms that it protects anti-spyware classifications. As the court concludes:
a provider of access tools that filter, screen, allow, or disallow content that the provider or user considers obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable is protected from liability by 47 U.S.C. § 230(c)(2)(B) for any action taken to make available to others the technical means to restrict access to that material.
While I think this is the right result, both normatively and descriptively, 230(c)(2) is not exactly the best-drafted statute, and this panel (being the first appellate court to work through the language) appeared to struggle with some of its frayed edges.
For example, to become eligible for 230 protection, the defendant must be a provider or user of a service that "provides or enables computer access by multiple users to a computer server." [In this case, Kaspersky didn’t claim it was a user.] How does this language apply to an anti-spyware software provider? Typically, anti-spyware software phones home for new spyware definitions, but if a phone-home capability qualifies for 230 protection, then many/most software vendors should qualify (so long as they offer some filtering capability). I’m personally OK with that result, but I suspect it takes the statute beyond the drafters’ initial intent.
The panel also sidestepped some other drafting problems in 230(c)(2), including:
* does it immunize decisions to filter other software, as opposed to filtering content? The drafting clearly meant to immunize filters of porn and similar kid-unfriendly content, but the language doesn’t apply as clearly to software filtering.
* must the filtering provider make its categorizations in good faith? The court ducks this question. However, Judge Fisher’s concurrence expresses concern that 230(c)(2) might literally protect a vendor’s anti-competitive or capricious blocking. He gives an example of “a web browser configured by its provider to filter third-party search engine results so they would never yield websites critical of the browser company or favorable to its competitors. Such covert, anticompetitive blocking arguably fits into the statutory category of immune actions.” I agree with this, although I’m also confident that any such browser provider would lose its customer base if such biases were ever publicly exposed. Therefore, legal liability may not be necessary to discourage this behavior.
Ultimately, this ruling may not affect the litigants very much, as Zango has already gone belly-up, making this effectively an advisory opinion. However, I think this ruling is important for everyone else for two reasons:
First, the Ninth Circuit's last two 230 opinions (Roommates.com and Barnes) have exhibited some hostility to expansive 230 readings. In refreshing contrast, this opinion gives a robust interpretation to 230’s immunizations.
Second, this opinion is terrific news for vendors of anti-spam/anti-spyware/anti-virus services. Although we have long suspected that they would be protected under 230(c)(2), this opinion codifies their immunization as Ninth Circuit law. As a result, these vendors should continue to have a high degree of freedom to make judgments about how to best serve their customers. On the flip side, this opinion confirms that anyone blacklisted by these software vendors can’t use judicial proceedings to change the classification. Fortunately, most reputable vendors offer an extra-judicial mechanism to correct their misclassification errors.
It remains less clear if this opinion protects search engines for their ranking determinations. The statutory words interpreted in this opinion aren’t germane to search engines. Even so, the panel’s broad reading of 230(c)(2) can’t be bad news for the search engines.
The case library:
* Ninth Circuit oral arguments
* Zango's reply brief [warning: 3+ MB file]
* Amicus brief by CDT in favor of Kaspersky
* Kaspersky's answering brief [warning: 5MB file]
* National Business Coalition on E-Commerce and Privacy amicus brief in favor of Zango
* Zango's appeal brief [warning: 2.1MB file]
* The district court's dismissal and my commentary
* TRO Denial and my commentary
* Kaspersky's Response to TRO Motion
* Zango's TRO motion
Posted by Eric at 01:13 PM | Adware/Spyware , Derivative Liability | TrackBack
May 03, 2009
April 2009 Quick Links
By Eric Goldman
[Just a reminder that I am posting some “quick links” exclusively to my Twitter account, so if you want to keep up with everything, follow me at Twitter or subscribe to the RSS feed.]
Marketing/Spam
* Zango is dead (and so is adware), Ken Smith, Zango's CTO, conducts a post mortem: What Zango Got Wrong and What Zango Got Right. Mike Masnick's post-mortem.
* The FDA's instructions about pharmaceutical search marketing have led to lots of confusion. See Search Engine Land and the NYT.
* NYT: "Never Mind What It Costs. Can I Get 70% Off?"
* Tsan Abrahamson on social media and marketing law.
* Asis Internet Servs. v. Consumerbargaingiveaways. A district court diverges from Mummagraphics and says CAN-SPAM does not preempt CA's anti-spam law even if there is no common law fraud.
* Jackson v. American Plaza Corp., No. 08-8980 (S.D.N.Y. April 28, 2009), A Craiglist advertiser isn't a third party beneficiary of Craigslist's contract for purposes of stopping another advertiser from breaching the contract (in this case, spamming the forum).
Defamation
* Gardner v. Martino (9th Cir. April 24, 2009). I'm not a fan of talk radio, and the 9th Circuit apparently isn't either. The court upheld an anti-SLAPP dismissal of a defamation claim against the radio talk show host because "The Tom Martino Show is a radio talk show program that contains many of the elements that would reduce the audience’s expectation of learning an objective fact: drama, hyperbolic language, an opinionated and arrogant host, and heated controversy." Accord DiMeo v. Max. As Marc Randazza notes, rulings like this pose a challenge for those who think contextually ridiculous statements should be treated as "cyberbullying" or "cyber-harassment." Cf. the Finkel v. Facebook case involving asinine but clearly meaningless chatter on a private Facebook page.
* Some big defamation losses reported by CMLP:
- Blogger hit with $1.8M damage award.
- $12.5M defamation judgment against a gripe site.
* CMLP has a page organizing all of its 47 USC 230 material.
Intellectual Property
* Publicly republishing a private email leads to a default judgment of copyright infringement.
* Bryant v. Europadisk, Ltd., 2009 WL 1059777 (S.D.N.Y. April 15, 2009). In 2000, musicians authorized distributors to distribute their [hard copy] recordings, which the defendants ultimately ripped and allowed Amazon and Rhapsody to deliver via downloading. The resulting lawsuit turned on the interpretation of the license agreement term “internet sites.” The court says the term "is not ambiguous and does not extend to websites selling digital copies of songs. At the time the parties entered into the agreements, The Orchard sold physical copies only. As its Vice President explained by affidavit testimony, digital downloads of music did not become a “viable business” until iTunes was launched in approximately April 2004, long after Media Right and Gloryvision entered into contract."
* Octomom is seeking trademark registrations.
Miscellaneous
* GeoCities is shutting down.
* eBay will referee customer disputes.
* Wilson Sonsini's VC financing term sheet generator.
* Oddee: 10 Most Bizarre [Online] Gaming Incidents
Posted by Eric at 06:31 AM | Adware/Spyware , Content Regulation , Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Spam , Trademark , Virtual Worlds | TrackBack
April 12, 2009
Q1 2009 Quick Links, Part 4
By Eric Goldman
Security
* Massachusetts Data Security regulations were amended.
* In Facebook v. Power.com, Facebook brought another lawsuit to block extraction of user data from the site (similar to the Facebook v. ConnectU lawsuit). Venkat, Masnick, News.com, NYT, Justia. In this case, I wonder if Facebook has adequately distinguished between Power.com's behavior and the operation of its own "Find a Friend" service that taps into third party email servers to extract email addresses. Power.com’s response.
* Andritz, Inc. v. Southern Maintenance Contractor, LLC, 2009 WL 48187 (M.D. Ga. Jan. 7, 2009). IP infringement isn't a cognizable harm under the Computer Fraud & Abuse Act.
Adware/Spyware
* Who says Valentine's Day is just a Hallmark holiday? Sales of spyware and other tools to track cheating SOs also increase around Valentine's Day.
* Susan Brenner on the Cybercrimes Treaty and the US's decision not to criminalize possession of malware as required by the treaty.
Venture Capital
* BusinessWeek: Silicon Valley innovation is being stifled by VCs who only want to make small bets, not big bets. But VC investing is faddish, so the wind might change tomorrow.
* $600M of VC investments in virtual worlds.
Contracts
* Burcham v. Expedia, Inc., 2009 U.S. Dist. LEXIS 17104 (E.D. Mo. Mar. 6, 2009). Buyer was bound to user agreement even though he argued (without any evidence) that someone else established the account he used. This dovetails nicely with the broad reading of who is bound by an online user agreement; see my discussion in the Lori Drew case. Jeff Neuburger's writeup. Aside: I wonder if Expedia will be insulated by 47 USC 230 for the allegedly wrong description of amenities if they got the description of the hotel from third parties. For an analogous result involving the binding of users who didn't agree to the initial contract, see CoStar Realty Information, Inc. v. Field, 2009 WL 841132 (D. Md. March 31, 2009).
* Fractional Villas Inc. v. Tahoe Clubhouse, No. 08cv1396 (S.D. Cal. Feb. 25, 2009). Citing the RMG case, the court says that merely visiting a site may be sufficient to bind visitors to a browsewrap. However, in this case, there was insufficient evidence that the defendant had ever visited the site.
* Cherny v. Emigrant Bank, 2009 U.S. Dist. Lexis 2486 (March 12, 2009). Latest case that breach of privacy policy isn’t actionable unless there are actual damages. Venkat’s writeup.
* A stat I fully believe: "studies have shown that more than half of all companies cannot even locate signed copies of 10% or more of their contracts." The Zen Master asks: if both parties think they have entered a contract but neither can find a copy, do they have a contract? (this has really happened to me before).
Taxes
* Amazon v. New York and Overstock v. New York (N.Y. Sup. Ct. Jan. 12, 2009). Kudos to New York for finally figuring out a way to break the Internet and defeat the Internet Tax Freedom Act by treating Amazon Associates as traveling salespeople for sales tax collection purposes. I imagine every state in the country will jump on this bandwagon, at which point some e-tailers will kill their affiliate program and others will end up imposing sales tax collection nationwide.
* Pitt County v. Hotels.com, L.P. (4th Cir. Jan. 14, 2009), Online travel aggregators aren't "retailers" (as referenced in the statute) for purposes of collecting local hotel occupancy taxes.
General
* Some interesting cyberspace exceptionalism developments involving cases where paper presentation may be different from electronic presentation of the exact same content. In Smith v. Under Armour, Inc., 2008 WL 5486764, web payment confirmations displayed on-screen are not "printed" within the meaning of the Fair and Accurate Credit Transactions Act. Accord Smith v. Zazzle.com, Inc., 2008 U.S. Dist. LEXIS 101050. See generally this Proskauer recap. In Saulic v. Symantec Corp., a California law prohibiting data collection with credit card sales was held inapplicable online.
* Sudduth v. Donnelly, 2009 WL 918090 (N.D. Ill. April 1, 2009). Plaintiff got stiffed on his eBay transaction and sued eBay for 1983 equal protection and conspiracy claims as well as a Title VI civil rights claim. Because eBay isn't a state actor, however, the court dismissed eBay.
* My colleague Steve Diamond is blogging every detail of the battle for SAG's soul over at his new blog, King Harvest. For example, he summarizes the travails of the Screen Actor's Guild.
* Oddee: 10 Geekiest T-Shirts. I own a t-shirt that says "I'm Blogging This" (a gift from a former student) and a mug that says "Vegetarian Blogger" (gift from a colleague).
* Oddee: 15 Most Unfortunate Town Names. I think Licking County should have been a contender.
* Is there any better sign of Cyberlaw's maturity than the publication of Internet Law in a Nutshell
* Oddee: 12 Most Ridiculous Lawsuits. I welcome your nominations for the most ridiculous Internet lawsuits of all time. I hope to write that up some day.
* Happy birthday, Gmail! Best email software I've ever used. The battles over Gmail privacy seem so...2004!
Free Stuff
* The Ninth Circuit recently updated its website...with RSS feeds!
* Nolo Press' "NDAs for Free." Potentially useful site.
* I have one extra copy of my Fall 2008 Cyberspace Law course reader. First person to send an email with their mailing address gets it. [CLAIMED]
Posted by Eric at 12:03 PM | Adware/Spyware , E-Commerce , Licensing/Contracts , Privacy/Security , Trade Secrets , Virtual Worlds | TrackBack
March 04, 2009
Utah Trying to Regulate Keyword Advertising....Again!? Utah HB 450
By Eric Goldman
When I first heard that the Utah legislature is considering yet another law to regulate keyword advertising, I thought: Are you kidding me? After all, Utah has pursued these regulations twice with disastrous results. The first time, in 2004, Utah's attempt to regulate adware-mediated keyword advertising was declared unconstitutional, and Utah amended the law in 2005 to make it irrelevant. In 2007, Utah tried again, passing a law that restricted keyword advertising across-the-board. That law was a spectacular failure, garnering derision both within Utah--especially from angry Utah citizens shocked that their elected representatives passed a law that the state AG thought was unconstitutional and that was going to cost valuable taxpayer money to defend in court--and globally as everyone wondered if the Utah legislature was really that crazy. In 2008, the legislature tucked its tail between its legs and repealed the 2007 law.
With this track record, the Utah legislature wants to try regulating keyword advertising again...? Are you kidding me?
Then again, perhaps this latest foray really isn't all that surprising. My sources tell me that 1-800 Contacts is the prime mover behind this statute, and 1-800 Contacts has testified in support of the law. 1-800 Contacts has an hard-to-explain love/hate relationship with keyword advertising. 1-800 Contacts has been a repeat litigant against keyword advertising, including being the losing plaintiff in the landmark 1-800 Contacts v. WhenU case, and 1-800 Contacts has continued to bring other lawsuits against competitive retailers (such as the LensWorld case I blogged about a year ago). At the same time, 1-800 Contacts has been a buyer of trademarked keyword ads, and it was one of the companies that protested the 2007 law because it was concerned the law would limit its own advertising practices (although, at the last minute, 1-800 Contacts flip-flopped and tried to sneak in new restrictions on keyword advertising into the putative repeal of the 2007 law). Clearly, 1-800 Contacts has a complex attitude towards keyword advertising, although it might just be pure duplicity. Either way, with 1-800 Contacts’ flip in 2008 and its continued litigation against keyword advertising, it’s not unexpected that they might try to bend the ear of the apparently pliable Utah legislature.
The Proposed Law
The 2004-05 laws banned trademark-triggered pop-up ads triggered by adware. The 2007 law allowed trademark owners to register their marks with a newly created Utah administrative registry (which never got created) and prohibited keyword buyers and sellers from using registered marks as triggers for keyword advertising. HB 450, the proposed 2009 law, takes a very different approach than the 2007 law:
Fewer Defendants. The law only applies to keyword buyers (advertisers). Unlike the last two laws, keyword sellers such as search engines are immune from liability under this law. However, the law is expansive in other ways: the law expressly holds an advertiser liable for affiliates' keyword purchases (a currently open point in trademark law), and the law expressly references telephone directory assistance advertiser as being within its scope.
Opt Out. The law only applies after the trademark owner sends a takedown notice/cease & desist demand to the advertiser. Further, if the advertiser stops within 10 days of the takedown notice, it is not liable for any remedies under this law. (They might still be liable under other legal doctrines).
Limited Remedies. My reading of the law is that the only remedies against an advertiser are an injunction and attorneys fees--no damages. I'm not 100% sure about this because some states have laws that create damage claims outside the scope of any specific statute (I'm thinking of California B&P 17200). I don't know if Utah has a catchall provision like that.
Geographic Restrictions. One of the most deficient aspects of Utah's 2007 law was that it required advertisers throughout the country to check the new registry before buying keyword advertising on a third party trademark, even if the advertiser, the keyword seller and the trademark owner all had zero connection with Utah. This law tries much more clearly to restrict its reach to Utah. First, the law only applies to ads "in Utah," whatever that means. Second, the law only restricts keyword buys made from sellers that allow "an advertiser to limit the display of advertisements by geographic location." I'm not exactly sure what this means--after all, a site like eBay segregates its listing database by country; does that mean eBay gives advertisers geographic choices?--but it's clear that an advertiser purchasing ads from a seller that doesn't offer any geolocation choices isn't covered by the law. Third, the law doesn't apply if segregating Utah ad viewers from non-Utah ad viewers isn't "technologically feasible" or would impose "an undue financial burden." I'm not saying that this law will survive a dormant commerce clause challenge--personally, I think all state regulation of the Internet is inherently suspect--but the law certainly tried to limit its reach to Utah.
Narrow Scope. The law applies when "the delivery or display of an advertisement in Utah...is the product of a bad-faith attempt to profit from the registrant's mark by diverting a consumer from the registrant, the registrant's authorized licensees, or another source authorized by the registrant." The statute provides for a multi-factor evaluation of what constitutes a "bad faith diversion" by keyword advertising, with the first factor being that the ad "is likely to create an initial, misleading impression that the person is a legitimate source of the goods or services" (which itself is subject to another multi-factor evaluation). Personally, I don't think there is such a thing as bad faith diversion or initial misleading impressions with respect to truthful ad copy, so this ought to be a null set. Even so, the law lists a number of categorical exclusions from its coverage, including:
* advertiser belief that the ad is fair use. Note: the bill uses the term "fair use" several times, even though this term is not well-defined in trademark law. So it isn't clear to me if "fair use" meant descriptive fair use, nominative use, both, neither, or yet something else.
* the sale is permissible under the First Sale doctrine. This should exclude keyword buys by other parties in a trademark owner's distribution channel. However, as I recently blogged, courts are struggling with the First Sale doctrine's application to e-commerce.
* "(a) fair use of a mark in comparative commercial advertising or promotion to identify the competing goods or services of the owner of the famous mark; (b) noncommercial use of a mark; and (c) all forms of news reporting and news commentary." This is an interesting set of exclusions; it looks like the drafter tried to (incompletely) mimic the federal dilution exclusions. However, the implicit redundancy with the other fair use aspect mentioned above also raises a question why (a) only applies to famous marks. That's either a drafting error or a significant limitation on that prong.
So What Does This Law Do?
From my reading, it appears that this law does not apply to gripe ads or trademark conflicts within a distribution channel. Therefore, I think the law really only applies to advertising on competitors' trademarks, and even then, only some of the ads.
Given the application to competitive keyword advertising and the focus on an injunction as a remedy, this law covers only limited circumstances that are not already addressed by the search engines' trademark policies, which provide an extrajudicial "injunction." Indeed, this law is nearly co-extensive with Yahoo's and Microsoft's trademark policies. On the other hand, the law would govern situations that Google isn't remediating with its trademark policy because it could force advertisers off keywords that Google would happily sell. Furthermore, the ambiguous application of the law to keyword buys from places other than search engines, such as telephone directory assistance services, may implicate some keyword sellers who don't currently have trademark policies.
Conclusion
If I'm right that this law simply codifies current search engine trademarks policies and extends them some, then this law isn't as problematic as Utah's last two efforts. But it also makes me wonder--what's the point? Doesn't Utah have more important problems to solve???
Even if the law is less troublesome than the last two, let's be clear: this is not a good proposal. As with Utah's past two efforts, this law has nothing to do with improving consumer welfare. Instead, it would allow companies to suppress competition by helping companies keep their competitors from gaining exposure among the company's potential customers; meaning that companies won't have to work as hard competing on price and quality. I understand why companies such as 1-800 Contacts, who has a pattern of trying to use legal tricks to suppress competitors, would find it attractive to ply their local legislators for some corporate welfare. But why any legislator would waste their time with such an unabashed anti-competitive, anti-consumer request is simply beyond me. As I have explained elsewhere, policy-makers should be helping consumers get relevant content, not enacting laws to take it away from them.
The bill is making its way through the Utah House, and my observation of Utah legislative proceedings is that bills can be amended substantially from beginning to end. So this bill could get better, or it could get much worse. Fortunately, a coalition of Internet companies is lobbying against the bill, and the bill barely survived its first committee hearing on an 8-6 vote. Thus, it's not guaranteed that this law will make it through. My hope is that the Utah legislators will recognize the law’s depravity and their own poor track record in the area and squelch this latest effort.
Posted by Eric at 09:55 PM | Adware/Spyware , Derivative Liability , Domain Names , Marketing , Search Engines , Trademark | TrackBack
February 24, 2009
Zango v. Kaspersky Ninth Circuit Oral Arguments
By Eric Goldman
The Ninth Circuit has posted the audio of the February 2, 2009 oral arguments in Zango v. Kaspersky, the important 47 USC 230(c)(2) case about vendors' abilities to classify third party content as spam, viruses, adware/spyware, etc. The judges were Betty Fletcher, Pamela Rymer and Raymond Fisher.
The judges' questions were pretty good. Judge Fisher was by far the most spirited jurist at this hearing. It was interesting to hear him tell Zango's counsel that he thought Batzel and Roommates.com are irrelevant to the case. But Judge Fisher also asked a tough question of Kaspersky's counsel about why McAfee has blocked him from getting to websites he wanted.
HT: Venkat
The case library:
* Zango's reply brief [warning: 3+ MB file]
* Amicus brief by CDT in favor of Kaspersky
* Kaspersky's answering brief [warning: 5MB file]
* National Business Coalition on E-Commerce and Privacy amicus brief in favor of Zango
* Zango's appeal brief [warning: 2.1MB file]
* The district court's dismissal and my commentary
* TRO Denial and my commentary
* Kaspersky's Response to TRO Motion
* Zango's TRO motion
Posted by Eric at 05:44 PM | Adware/Spyware , Derivative Liability | TrackBack
February 06, 2009
2008 Cyberlaw Year-in-Review
By Eric Goldman
It's a sign of my schedule that I'm just now getting to this, and this post will be more pithy than I initially conceived. This post recaps some of the Cyberlaw highlights from last year. Frankly, the two biggest stories of 2008 were the financial markets meltdown and the ascension of President Obama, neither of which have a lot of Cyberlaw angles. In light of those big developments, Cyberlaw in 2008 was comparatively quiet. However, there is still plenty of interesting developments to revisit.
Broad Themes
A few broad themes emerged last year:
* Ludicrous trademark claims. 2008 hardly had a monopoly on dumb trademark claims; those are perennial. But 2008 certainly saw some asinine entries, including putative Cyberlawyer Eric Menhart's claim to own a trademark in the term "Cyberlaw," Jones Day's efforts to claim that a web page referencing its name as the employer of some homebuyers violated its trademark rights, and putative Cyberlawyer John Dozier's claim that if his name is used as anchor text, the link must go to his website or it violates his trademark right.
* This was a good year for expansive readings and applications of user agreements. Some examples:
- the Lori Drew prosecution, where Lori was convicted of violating an agreement that someone else clicked through.
- Jacobsen v. Katzer, where a user of copyrighted material is bound by a contract that he/she never clicked through at all.
- AV v. iParadigms, where kids were not allowed to void a user agreement despite their status as minors (and despite the fact that some of them had no meaningful choice about whether or not to consent).
- JuicyCampus enforcement action, where the New Jersey Attorney General's office tried to treat a negative user behavioral restriction in a user agreement as an affirmative marketing representation that such user behavior would not occur on the site.
* One of the long-standing Cyberlaw memes is that websites must either be passive conduits to avoid liability or active editors to manage their liability, but if a website chooses the latter, the website is liable for any editorial mistakes. That is, if the website edits its site but misses something, it's fully liable for what it missed. This simply isn't true under 47 USC 230, which allows websites to choose to be passive, active or anything in between without varying liability. In the IP context, this passive v. active meme has had more traction, but 2008 saw two solid cases suggesting that if a website tries to police its premises and fails, courts will be sympathetic and excuse any omissions. Example #1: Tiffany v. eBay, where the court gave eBay extra credit for its VeRO program as a basis to excuse any counterfeit goods that slip through. Example #2: Io v. Veoh, where the court was more willing to excuse Veoh because it had undertaken extra policing efforts than was required for the 17 USC 512 safe harbor. Finally, although not an IP case, the court in Cisneros v. Yahoo also lauded search engines for their affirmative efforts to block gambling ads, which the court acknowledged was a hard challenge.
* Despite some adverse rulings early in the year, punctuated by the Ninth Circuit's en banc ruling in Roommates.com, the 47 USC 230 immunization is still extremely robust. We saw a number of expansive and pro-defense rulings per 230 throughout the year, including Craigslist, Doe v. MySpace, Cisneros v. Yahoo and Goddard v. Google. Perhaps more importantly, in the three 230 cases I've seen since Roommates.com that cited to the opinion, all three cited the opinion in ruling for the defense.
* Battles over keyword advertising are hardly over, even though Utah officially backed off its attempt to ban them. The ABA IP Section tried to get into the act, and American Airlines sued Google, settled, and then sued Yahoo.
Top 11 Cyberlaw Developments of 2008
#11: Utah Trademark Protection Act repealed. The Utah Trademark Protection Act had the potential to throw the entire keyword advertising business into turmoil. Instead, now that it's repealed, it just remains as a dramatic reminder of the Utah legislature's incompetence regarding Internet legislation.
# 9 and 10: Fair Housing Council v. Roommates.com and Goddard v. Google. The Roommates.com en banc opinion makes the list based mostly on its potential consequences, not its actual effect. It remains one of the most significant pro-plaintiff incursions into the solidly defense-favorable interpretations of 47 USC 230, but it's so riddled with contradictory and ambiguous language that no one really knows what to do with it. I think Judge Fogel's reading of the case in Goddard v. Google has the potential to become the defining interpretation of the case, and his solidly defense-favorable reading of the precedent in excusing Google for ads placed by its advertisers may only reinforce how little Roommates.com changed the law.
#8: AV v. iParadigms. This case was a terrific win for online fair use enthusiasts because the for-profit commercialization of a database of third party copyrighted works was still deemed fair use. The upholding of the contract against the minors forced to enter into it was also significant. Before this ruling, my assumption is that any plaintiff trying to form a class action lawsuit in the face of an adverse user agreement could always form the class on behalf of any minors who had the right to void the contract. This case seems to shut down that loophole in user agreement protection.
#7: Io v. Veoh. The 17 USC 512(c) safe harbor has been law for over a decade and has produced a couple dozen rulings, but few are cleaner and more decisive for the defense than this one. It was a textbook example of a court rejecting the many different arguments plaintiffs make to kick a defendant out of the safe harbor, and as mentioned before, it was a great validation for Veoh's decision to do more than 512 required.
#6: Jacobsen v. Katzer. From a doctrinal standpoint, this case raises really difficult questions about how a copyright consumer can be bound to terms that he/she never "assented" to. Even so, this case had huge implications because it effectively validated that open source licenses can be binding on licensees, giving much more legal credibility to the entire multi-billion open source software industry. However, an odd footnote: on remand, the district court denied an injunction for the plaintiff, raising more issues about what exactly the plaintiff won at the Federal Circuit.
#5: Tiffany v. eBay. A fantastic validation of eBay's practices against a very serious and sympathetic challenger who had plenty of evidence that counterfeit goods were being sold on eBay's site. The case also shows that courts can grow tired of IP owners simply making up their own rules about how online sites should protect them and then suing the sites for breaching these artificial rules.
#4: Mazur v. eBay. A more scary case to 47 USC 230 defense enthusiasts than the Roommates.com opinion. The court says that eBay isn't protected by 230 for some of the marketing representations it makes, even if those representations are rendered untrue by third parties. While this makes a lot of doctrinal sense, it is also a green light for plaintiffs to mine a website's marketing representations as a way to bypass the otherwise-fatal consequences of 230 on a lawsuit triggered by user behavior or content.
#3: Google Book Search settlement. This makes the list for two independent reasons. First, many folks were hoping the case would establish solid precedent on online fair use, and the settlement ended that hope. Second, the proposed Book Rights Registry has the potential to reshape a number of major industries, including the book publishing business, the book retailing industry and the library industry.
#2: the Lori Drew prosecution. I think this may have been the most polarizing Cyberlaw development of 2008, exposing deep divides in people's appetite for punishing bad conduct online. It's hard to assess the overall implications of her conviction because no one rallied to praise Lori Drew's choices, and her case is still a ways from a final legal outcome. However, the possible implications of the case were so complex that it took a special three part series for me to explore its nuances (1, 2, 3).
#1: Cartoon Network v. CSC (the "Cablevision" case). Boy, the more I think about this case, the more important it becomes. The case upends our assumption that if we see it online, it's fixed, creating a new class of unfixed electronic works. Also, the court treats the users, not the service, as making the requisite copies, which reinforces the possibility that online providers can be just "dumb technology providers" for copyright law purposes and reinvigorates the possible defense that a service provider's copying is just done as a proxy for its users. However, the Supreme Court's ambiguous response to the cert petition--not yes, not no, but a request to the Solicitor General for comments--leaves this decision in a precarious position.
Other Developments of Special Note
47 USC 230
* Doe v. MySpace. The Fifth Circuit soundly rejects the argument that MySpace had an obligation to police its “premises.”
* Craigslist. Judge Easterbrook's language in Doe v. GTE had given plaintiffs some hope that the Seventh Circuit would provide a friendly venue to plaintiffs trying to overcome 47 USC 230. Judge Easterbrook may still love his language (which he quoted extensively in the Craigslist ruling), but his practical and no-nonsense ruling for the defense squelches the hope that the Seventh Circuit will become a plaintiff's haven.
* New Jersey's enforcement action against JuicyCampus. State AG offices HATE 47 USC 230.
Affiliate Liability
* Impulse Media. A jury thumped the FTC's overly expansive views of affiliate liability for spam.
* NY v. Direct Revenue. A state judge emphatically rejected the NY AG's office's expansive views of affiliate liability for adware.
Trademarks/Domain Names
* American Airlines' lawsuits against Google and Yahoo. No one I know fully understands why American Airlines sued Google for selling its trademarks for keyword ads. No one I know understands what concessions Google gave to American Airlines to settle the case. And no one I know understands why American Airlines decided to sue Yahoo after procuring the Google settlement. It's all a big mystery.
* NSI's grabbing of domain names in response to WHOIS queries. Is there any better example of ICANN's failings to police domain name retailers than to have one retailer selling a scarce good grabbing the good exclusively (blocking attempted sales by all other retailers) when a customer merely inquires about it?
* Kentucky's attempted seizure of 141 gambling-related domain names. As I wrote before, "Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name."
* Eric Menhart, a lawyer who claims to practice Cyberlaw, doesn't know that Cyberlaw is a generic term.
* New gTLDs. Maybe I should reserve this development for 2009...if it happens.
Others
* McCain complains about 512(c)(3) notices taking down his YouTube videos. Surprise! 512(c)(3) notices are unforgiving. Sen. McCain, now that you've had a first-hand taste of their power, maybe you'd like to revisit the statute to see if it's producing the right incentives?
* FCC's bust of Comcast. The pro-regulatory forces were queued up to pounce on any examples where an IAP violated Net Neutrality principles, and Comcast's chicanery in forging reset packets was impossible for anyone to defend.
* NebuAd's flameout. Behavioral ad targeting is in our future unless regulators stop it. NebuAd won't be the winning provider of targeting services, but legislators will keep trying to regulate it further out of existence nonetheless.
Posted by Eric at 05:50 PM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack
November 18, 2008
October 2008 Quick Links, Part 2
By Eric Goldman
Spam
* Kramer v. Perez. An Iowa court awards $236M in damages in a spam case. Venkat's comments.
* After the government lost its jury trial against Impulse Media, the court denied Impulse Media attorneys fees.
Contracts
* AT&T put its own emailed notice of amended contract terms into its spam folder. Whoops! Due to spam filters and other automated blocks, it is becoming almost impossible for websites to communicate with their users by email.
* An estimate of the massive "tax" imposed on consumers by reading privacy policies. Of course the financial drain is overstated because many people make a rational decision not to read every privacy policy, plus not every person has to read a privacy policy for marketplace responses to be effective.
* The Blizzard v. MDY WOWGlider case has reached a stipulated damages amount of $6M.
* Pulaski & Middleman, LLC v. Google Inc., 5:2008cv03888 (N.D. Cal. complaint filed August 14, 2008). The Justia page. Yet another me-too lawsuit against Google over serving ads to parked domains and error pages.
* An Israeli GPL enforcement action settled.
Trademarks/Domain Names
* Kentucky v. 141 Domain Names. Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name. More recently, the seizure was stayed.
* Speaking of inappropriate seizures, the Feds are trying to seize the trademarks of the Mongols motorcycle group. DOJ press release. LA Times article.
* Best Western Intern., Inc. v. Doe, 2008 WL 4630313 (D. Ariz. Oct. 20, 2008). Prior blog post in this case. The judge is losing patience: "These filings are wasteful in the extreme. The Court is not a forum for the parties to expend every possible dollar seeking to litigate every conceivable issue, no matter how insubstantial. The Court will no longer tolerate the excesses of this case."
* The Verizon v. Navigation Catalyst Systems domainer lawsuit settled.
* 50 Cent brings yet another questionable lawsuit. (1, 2).
Advertising
* Goddard v. Google Inc., 2008 WL 4542792 (N.D. Cal. Oct. 10, 2008). The case against Google for deceptive mobile phone ads will stay in federal court.
* Eyeblaster, Inc. v. Federal Insurance Co., 2008 WL 4539497 (D. Minn. Oct. 7, 2008). This is a collateral lawsuit to Sefton v. Eyeblaster alleging that Eyeblaster distributed spyware. Eyeblaster tendered the claim to its insurer. This court holds that the CGL policy doesn't apply because the claim relates to software problems, not physical damage to the users' computers. Further the E&O policy doesn't apply because Sefton alleges that Eyeblaster intentionally installed the spyware, bumping Eyeblaster into one of the policy's exclusions.
* Are consumers becoming more tolerant of pop-up ads? For more on consumer acceptance of new advertising formats, see here.
* A big damages award in NetQuote v. Byrd.
Posted by Eric at 06:42 AM | Adware/Spyware , Domain Names , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Spam , Trademark | TrackBack
October 14, 2008
September 2008 Quick Links, Part 3
By Eric Goldman
eBay
* Universal Grading Service v. eBay, Inc. More fallout from the National Numismatic v. eBay case--another lawsuit alleging antitrust and defamation because eBay designated some coin rating services as preferred and impliedly devalued others.
* Windsor Auctions v. eBay has been refiled in a new jurisdiction.
* Mehmet v. Paypal, Inc., 2008 WL 3495541 (N.D. Cal. Aug. 12, 2008). Upholding the consequential damages waiver in PayPal’s user agreement.
* A company's failure in the marketplace can drive up the value of its collectibles on eBay.
* Stelor Productions, Inc. v. Google, Inc., 2008 WL 4218107 (S.D. Fla. Sept. 15, 2008). In the lawsuit alleging that Google causes reverse confusion of Googles.com [warning: annoying music ahead], the plaintiff doesn't get to depose Sergey or Larry yet. Rose Hagan, Google’s long-time chief trademark counsel, is the lucky substitute.
* Lots of rhetoric in the Google/Yahoo ad syndication deal. Google’s advocacy website. Google Chief Economist Hal Varian explains why the deal won’t raise ad prices in the auction. Randall Stross weighs in.
* Google has changed course and now allows religious groups to advertise on the keyword “abortion.”
* Kubit v. Google Groups, 2:2008cv00738 (M.D. Fla. complaint filed Sept. 29, 2008):
I then would like to sue Google Groups for not removing the posts when I repeatedly asked them to for 2 years. I believe I am entitled to at least a small amount of compensation for the emotional distress and lost business income that has resulted from them allowing these posts to remain on their Google Groups, even though I offered them VERY solid proof that I do not have HIV. If they had stopped the posts when they first occurred, they would not have proliferated to hundreds of websites. I became suicidal for a period of time after the posts started. I incurred a lot of emotional pain and fear because of the posts and had to seek psychiatric and psychological help to get my life back together. I still suffer from fears of dating, living a public business life and trusting others.
Yes, this is a pro se complaint. Yes, it is preempted by 47 USC 230.
Marketing/Advertising
* NebuAd is dead (1, 2). Even so, the lure of intermediaries aggregating deep data about consumers for commercial purposes will never die.
* Is Gator/Claria dead?
* The EU passed a non-binding resolution against sexual stereotypes in advertising.
* Celebrity branded merchandise run amok.
Miscellaneous
* Valleywag: "The 5 most laughable terms of service on the Net." For more laughs, see Mark Lemley’s Terms of Use paper.
* Murakowski v. University of Delaware, 2008 WL 4104087 (D. Del. Sept. 4, 2008). This reminded me a lot of the Jake Baker case from the mid-1990s.
* The Virginia Supreme Court reversed itself on the Jaynes anti-spam prosecution, and Jaynes walks. Does Virginia routinely pass unconstitutional laws?
* Becker v. Toca, 2008 WL 4443050 (E.D. La. Sept. 26, 2008). Ex-wife's alleged delivery of "Infostealer" program to grab passwords from ex-husband could violate the ECPA, SCA and CFAA.
* Interesting article on ESPN’s exclusive distribution and bundling agreements with Internet access providers.
* Silly? Horrifying? A sign of the apocalypse?
Posted by Eric at 06:17 PM | Adware/Spyware , Content Regulation , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Spam | TrackBack
August 27, 2008
7Search Sues McAfee For Red Flagging It
By Eric Goldman
7Search.com v. McAfee, Inc., 1:2008cv04831 (N.D. Ill. complaint filed Aug. 25, 2008). The Justia page.
I don't have a good sense of how many lawsuits have been filed against anti-spyware vendors for classifying third party software as "adware" or "spyware." I've blogged on a few (including Kaspersky, PC Tools and Symantec v. Hotbar), and Ben Edelman maintains a larger catalog of such lawsuits (not sure how up-to-date this is). However, I don't know if these lawsuits are relatively rare (as Ben's chart implies) or if they are multitudinous but most quietly fly under the radar screen.
If there aren't many unpublicized lawsuits, that may reflect that suing an anti-spyware vendor over its classification decisions almost never makes sense. First, many vendors have a private adjudicatory/appellate process that resolves many potential disputes without a lawsuit. Certainly, most vendors don't want to make errors, which undermines their own credibility, and most reputable vendors want to fix their mistakes. Second, lawsuits bring generally unwanted publicity to the plaintiff, calling extra attention to their alleged deficiencies and bringing out all of the gripers. Third, the costs of the lawsuit may be more than the value of any frustrated transactions. Finally, many of the lawsuits have low probabilities of legal success for the reasons I'll discuss in a moment. So there is good reason to believe classification-related lawsuits such as this one are rare. (I'm not saying that grumbles or C&Ds are rare; I'm just referring to formal lawsuits).
In this lawsuit, 7Search says that it was in the toolbar business but stopped offering downloads from its site in 2003. However, McAfee's SiteAdviser gives 7Search the big red X and says "Feedback from credible users suggests that downloads on this site may contain what some people would consider adware, spyware, or other potentially unwanted programs." 7Search claims that this statement is false because it isn't offering any downloads at all. 7Search thus alleges false advertising (Lanham 43(a)), deceptive trade practices, defamation and unfair competition.
The most obvious barrier to 7Search's lawsuit is 47 USC 230. Both (c)(1) and (c)(2) could be implicated. (c)(1) is less likely, but if in fact McAfee is republishing information from third parties (as suggested by the statement's reference to "credible users"), they may be able to claim (c)(1) for the republication. Either way, (c)(2)--the immunization for filtering decisions--is directly on point and potentially immediately fatal to the lawsuit. Zango's lawsuit against Kaspersky was soundly and quickly knocked out on 230(c)(2) grounds (though that is now on appeal to the Ninth Circuit), and a district court in Illinois gave broad deference to the Zango ruling in finding that Comcast could claim 230(c)(2) for email filtering decisions.
At the same time, 7Search alleges that McAfee's classifications were in bad faith. If so, then 230(c)(2) wouldn't apply even under the liberal Kaspersky or Comcast approaches, both of which required subjective good faith. We'll have to see how McAfee responds to determine if 7Search's allegation has any chance of getting traction.
There are two other possible holes in the potential 230 coverage for this lawsuit. First, courts have been inconsistent whether a false advertising 43(a) claim under the Lanham Act fits within the "IP" exclusion to 230. Second, most of 7Search's gripe goes to McAfee's statement that bad downloads are available--words chosen by McAfee to describe its filtering decision. It remains unclear if 230(c)(2) protects an intermediary's characterization of its filtering decision as much as it protects the filtering decision itself--just like 230(c)(1) may protect against liability for third party information but may not protect against marketing representations rendered untrue by third party content or actions.
In any case, I think this lawsuit and others over classification decisions raise interesting and important issues that I plan to explore in my Economics of Reputational Information project. We want skillful intermediaries to digest the overwhelming amount of information available in the marketplace and make reputational judgments that speed up our consumer decision-making. On that basis, we definitely don't want reputational judgments removed from marketplace actors and put into the hands of the judges. However, we also want the reputational intermediaries to make factually accurate judgments because their misjudgments also could distort marketplace decision-making.
Posted by Eric at 03:54 PM | Adware/Spyware , Derivative Liability , Marketing , Trademark | TrackBack
August 20, 2008
Competitive Pop-up Ads Aren't Unfair Competition or Tortious Interference--Overstock v. SmartBargains
By Eric Goldman
Overstock.com, Inc. v. SmartBargains, Inc., 2008 UT 55 (Utah Sup. Ct. Aug. 19, 2008)
In light of the death of adware and the fact that almost all of us have moved on, it is jarring to see adware opinions still emerging. This case, percolating in the courts four years, is quite a throwback.
In 2004, Overstock sued SmartBargains for buying adware-delivered pop-up ads that were triggered by user visits to Overstock.com. There have been a lot of keyword advertising cases since then, but this case is unusual because (for reasons not clear to me) Overstock did not make the more typical trademark infringement claim or even the less common trademark dilution claim.
Instead, Overstock asserted three causes of action: (1) violation of the initial Utah Spyware Control Act passed in 2004, (2) unfair competition, and (3) tortious interference with prospective business relations. The Spyware Control Act claim was mooted when the statute was deemed unconstitutional and further mooted when the legislature amended the law, so Overstock did not pursue that claim further. The district court also ruled against Overstock on the other 2, and Overstock appealed to the Utah Supreme Court. [for reasons that aren't clear to me, this case apparently bypassed the Utah appeals court.]
The Supreme Court had little difficulty disposing of the remaining claims. The pop-up ads didn't constitute unfair competition (in Utah, an anti-passing off claim) in this case because SmartBargains' pop-ups appeared in a separate window and displayed the SmartBargains' logo. The tortious interference claim gets tossed for exactly the right reason--competitive ads are a good thing, not bad. The court says "SmartBargains’ pop-ups indisputably exist to compete with Overstock. Competition is not an improper purpose, even though other byproducts of competition may exist." Case dismissed.
In one sense, this case isn't all that important. With respect to lawsuits over competitive online ads, most of the action relates to trademark infringement and particularly what constitutes a trademark use in commerce. But this case is important because it's fairly typical for plaintiffs in those lawsuits to add a laundry list of additional claims with the hope that something sticks. As this case shows, the laundry list claims are junky and easily disposed of, and a state supreme court ruling to that effect is a nice and useful precedent for defendants.
Even so, I wonder about the political ramifications of this ruling. Overstock's attitude towards keyword advertising has been erratic. On the one hand, it went to the Utah legislature to protest the Utah Trademark Protection Act because it apparently buys keyword ads on third party trademarks. On the other hand, it supported Utah's initial Spyware Control Act, it was the first to try to take advantage of the law, and it was willing to pursue this silly lawsuit for over 4 years. In response to this loss, will Overstock flip--just like its Utah Internet retailing peer 1-800 Contacts flipped--and go seek out a friendly and easily persuaded Utah state legislator to give it a tailor-made anti-keyword advertising statute? Stranger things have happened in Utah...
HT: Evan Brown
Posted by Eric at 07:15 AM | Adware/Spyware , Marketing , Trademark | TrackBack
August 08, 2008
Affiliate Liability Extravaganza
By Eric Goldman
[Note: I recently published a version of this article at InformIT. Here's the pre-edited version I sent them.]
Introduction
This article discusses marketers’ liability for the actions of their marketing affiliates (what I refer to as “affiliate liability”). The affiliate liability issue has become red-hot recently because numerous plaintiffs have taken aggressive legal positions seeking to expand the boundaries of affiliate liability. In three recent rulings, courts have emphatically rejected these expansive liability arguments. Even so, it seems likely that plaintiffs will continue to look for ways to expand affiliate liability, and despite the favorable rulings, defendants often settle a lawsuit alleging affiliate liability rather than establish their rights in court.
Affiliate Marketing—Good and Bad
Marketers create affiliate programs to outsource marketing decisions to domain experts. For example, independent third parties may have better or cheaper access to subcommunities of potentially interested consumers than a marketer’s employees. An affiliate marketing program compensates these local experts for work and expertise involved to take the marketer’s message to those consumer communities. When it works properly, affiliate marketing programs can play an important role in the broad “invisible hand” economic phenomenon of allocating scarce resources to consumers who value them the most.
Affiliate marketing doesn’t always have this salutary effect. Affiliate marketing programs create payoffs to motivate affiliate behavior, and inevitably some affiliates will try to obtain the payoff without doing the desired activity. Thus, even if the marketer would prefer otherwise, some affiliates might do “whatever it takes” to get paid, including using false advertising or illegitimate marketing mechanisms. Further, the fact that the marketer outsources some choices to affiliates (a necessary part of any affiliate program) can lead to “diffuse responsibility” where the marketer and affiliates point fingers at each other if something goes wrong. Sometimes, when there are multiple tiers of affiliates, it can become effectively impossible to assign responsibility for the wrongdoing.
To bypass these legal entanglements, plaintiffs have sought ways to hold marketers vicariously (automatically) liable for their affiliates’ actions. However, these efforts “break” standard tort law by trying to treat independent contractors as if they are principal-agents without the requisite supervision or authority that typically triggers agency liability. As a result, overexpansive theories of affiliate liability cause marketers to internalize too many costs, curtailing potentially socially beneficial marketing activities or leading to overinvestment in socially wasteful liability minimization schemes.
Plaintiffs Gone Wild: Two Recent Efforts to Expand Affiliate Liability
There have been countless affiliate liability enforcement actions, but I’ll focus on two recent initiatives.
New York Sales Tax Law
State and local taxing jurisdictions have long coveted a way to impose sales tax collection responsibilities on non-resident Internet vendors. In general, these efforts have been stymied by the Supreme Court’s decision in Quill Corp. v. North Dakota, 504 U.S. 298 (1992), which requires a vendor to have a physical presence in the jurisdiction before the taxing entity can impose sales tax collection obligations on it.
New York, however, developed a nifty workaround. In April, it passed a law (Chapter 57, N.Y. Laws of 2008) declaring that a vendor’s marketing affiliates in New York constituted a physical presence in New York by the vendor. If so, New York can impose sales tax collection obligations on remote vendors due to their New York affiliates. As part of its crafty plan, New York tried to induce compliance with a carrot—if remote vendors voluntarily agreed to collect and pay sales tax from New York residents going forward, then New York would grant them amnesty for any back sales tax collection obligations.
Neat trick, but…a small problem: affiliates are independent contractors of the vendor, so this effort to treat them as legally related entities surely doesn’t comply with the Constitution. I suspect a court will confirm this flaw because both Amazon and Overstock.com have sued New York over the law. At the same time, to minimize its risk, Overstock has also tossed all of its New York affiliates overboard. One might question the wisdom of the New York legislators prompting marketers to cut off opportunities for New York online entrepreneurs.
Trademark Owners Claiming Marketers Are Liable for their Affiliates’ Marketing
Another trend: trademark owners are trying to hold a marketer liable for the alleged trademark infringement committed by its affiliates, such as when affiliates purchase the third party trademark as a keyword trigger for search engine ads. Plaintiffs have alleged affiliate liability in at least three lawsuits in the past couple of months:
* DSW v. Zappos.com (S.D. Ohio complaint filed May 12, 2008). For more, see SEOmoz.
* NameSafe v. LifeLock (M.D. Tenn. complaint filed June 26, 2008). For more, see Techdirt and News.com.
* Rosetta Stone v. Rocket Languages (C.D. Cal. complaint dated July 2, 2008). For more, see the WSJ Law Blog.
Courts Weigh In—and Plaintiffs’ Expansive Theories Don’t Fare Well
The efforts to extend liability in the sales tax and trademark contexts are novel, and it’s hard to predict the final outcome because we have limited direct precedent to consult. However, looking at some recent rulings in other contexts, there is good reason to believe that both legal theories go way too far.
CAN-SPAM
Unlike many other areas of the law, CAN-SPAM (15 USC 7705 and 7706) specifically authorizes affiliate liability in the statute. The Federal Trade Commission (FTC) has routinely invoked this provision in its pursuit of marketers promoted by affiliate-initiated spam (for one of the more recent examples, see the FTC’s press release on one of its porn spam busts and settlements). Further, typically when the FTC targets a marketer on an affiliate liability theory, the marketer rolls over and settles rather than fight.
But…a small problem: the FTC’s expansive interpretation of the affiliate liability statute—the basis it has used to procure these settlements from marketers—may not actually reflect the law. In an outcome that didn’t get nearly the press it deserved, in an lawsuit against Impulse Media earlier this year, the FTC took its affiliate liability theories to a jury and lost. This is a huge verdict because (1) the FTC rarely loses in court, and (2) perhaps more importantly, when average citizens evaluate the FTC’s expansive affiliate liability theories, they may balk.
Oddly, the FTC didn’t take no for an answer. It subsequently asked the judge to enjoin Impulse Media even though Impulse Media won the jury verdict. Talk about chutzpah! Not surprisingly, the court declined the request. US v. Impulse Media, 2008 WL 1968307 (W.D. Wash. May 1, 2008).
In another lawsuit, ASIS Internet Services, v. Optin Global, Inc., 2008 WL 1902217 (N.D. Cal. March 27, 2008; unsealed April 29, 2008), a civil plaintiff, ASIS (a serial anti-spam litigant), invoked the CAN-SPAM affiliate liability provision in its anti-spam lawsuit against 20 defendants. One defendant never showed; 18 defendants settled up (as mentioned, the typical response); and only one defendant—Azoogle—persisted in court.
Azoogle is a lead generation company for upstream marketers, and it relies on downstream affiliates to help it generate leads for its clients. Some of those downstream affiliates generate leads via spam. In this ruling, the court rejects Azoogle’s liability for spam sent by its marketing affiliates:
Although ASIS has pointed to significant evidence that Azoogle, during the relevant time period, did little to investigate the third party vendors it engaged, there is no evidence in the record from which a jury could conclude that Azoogle, in contracting with Seamless Media, made a deliberate choice not to know that Seamless Media would engage third parties to send out spam on Azoogle's behalf. The evidence cited by ASIS to establish knowledge on Azoogle's part is entirely speculative. Even assuming it is true that the Emails were sent by a single individual and that the lead was typed into a web site that was copied from Azoogle's lowrateadvisors site, this is insufficient to show that Azoogle consciously avoided knowing that the Emails would be sent. Further, while ASIS relies primarily on the allegation that Azoogle failed to adequately investigate its third-party vendors, ASIS has pointed to no evidence that if Azoogle had investigated Seamless Media prior to entering into the Insertion Order, it would have learned facts sufficient to show that Seamless Media was likely to engage in CAN-SPAM violations. There is no evidence in the record that would put Azoogle on notice that Seamless Media, or Seamless Media's vendors, obtained leads from spammers. Indeed, the only evidence on this subject is that Seamless Media had a good reputation at the time, and was obliged by its contract with Azoogle to follow the law.
Adware
Another recent affiliate liability decision is the remarkable ruling in People v. Direct Revenue LLC, 2008 WL 1849855 (N.Y. Sup. Ct. March 12, 2008), another case that did not get the attention it deserved. Disclosure note: I helped file an amicus brief in this case.
In 2006, the NY Attorney General’s office (NYAG) made the apparent decision that adware vendor DirectRevenue needed to be shut down by any means necessary, and it launched a multi-front attack on DirectRevenue. It publicly posted a website with information about DirectRevenue that had no apparent purpose other than to denigrate DirectRevenue’s reputation. It bullied DirectRevenue’s advertisers, ultimately procuring, and then releasing a hyperbolic press release about, an insignificant settlement that spooked potential advertisers away from DirectRevenue. And finally, it sued DirectRevenue directly.
The NYAG’s actions had their desired effect. Perhaps due in part to the NYAG’s campaign to close DirectRevenue down, DirectRevenue did in fact go out of business. Congratulations to the NYAG for achieving its apparent goal.
But…a small problem: the NYAG’s assessment of DirectRevenue’s legitimacy may have, in fact, been itself lawless, because the court emphatically rejected all of NYAG’s legal theories. This might be amusingly ironic if the NYAG’s anti-DirectRevenue campaign wasn’t such a chilling and crushing misuse of governmental powers.
The opinion is worth reading in its entirety, especially where the court affirms the EULA formation and limits extraterritorial liability. However, apropos to this post, the court rejected DirectRevenue’s liability for allegedly illegitimate software installations made by its affiliates, saying “petitioner has not shown that respondent should be held liable for the actions of those third parties under a theory of agency or ratification, or otherwise.” The court explains:
Dismissal is required with respect to the 22 [installations by] third parties, who petitioner concedes were independent contractors rather than agents of Direct Revenue. A principal is generally not liable for the acts of an independent contractor because of the lack of control over how the contractor's work is performed (Chainani v. Bd. of Educ., 87 N.Y.2d 370, 380-81 [1995]). Neither may the principal be charged with the conduct of even more remote subcontractors (People v. Synergy6, Inc., Index No 404027/03 [Sup Ct N.Y. Co 2006][unpublished disposition][Attorney General's action for deceptive practices and false advertising under GBL dismissed as against email marketing company where fraudulent emails were sent by company retained by agent]). Although exceptions exist, such as where the contractor was negligently retained or supervised (Saini v. Tonju Assocs., 299 A.D.2d 244, 245 [1st Dept 2002]) or where the principal has ratified the wrongful acts (Kormanyos v. Champlain Valley Fed. Sav. and Loan Assoc. of Plattsburgh, 182 A.D.2d 1036, 1038 [3d Dept 1992]), the record here does not support any grounds for departure from the usual rule.
As noted, under the SDA, Direct Revenue contractually required its distributors to obtain consent of consumers consistent with the terms of the EULA. The SDA also forbade the distributors from holding themselves out as respondent's agents. Respondent was not authorized or obligated to control their work, particularly since many of them additionally acted as distributors for various other advertisers. Although in Sotelo v. Direct Revenue, 384 Supp2d 1219 (ND Ill 2005) the court upheld a cause of action against respondent for negligent supervision of distributors, the issue arose on a motion to dismiss and the court thus restricted its inquiry to the four corners of the complaint. Notably, the court stated that it was precluded at that procedural juncture from considering respondent's evidence that the distributors were independent contractors, evidence which, as here, included the SDA.
…
The theory that respondents ratified the alleged third party misconduct also fails. The allegations that respondent had general and/or constructive knowledge of some distributors' wrongful practices are insufficient to impose liability (see, Synergy6, supra; Del Signore v. Pyramid Sec. Servs., Inc., 147 A.D.2d 759, 760-61 [3d Dept 1989][mere knowledge of litigation and complaints against security company for undue force by guards insufficient to impose liability upon hiring firm]; see also Hamilton v. Beretta USA Corp., 96 N.Y.2d 222, 237 [2001]). Moreover, it is conceded that in those few instances in which respondent obtained actual knowledge of a distributor's misconduct, it took significant steps to modify its procedures. A finding of ratification cannot be found upon such facts, notwithstanding that respondent may have benefited financially from its relationship with the distributors before remedial measures were implemented (see Synergy6, supra).
It is my understanding that the NYAG has filed a notice of appeal in this case to preserve its options, but it is still deciding if it will pursue the appeal.
Unfortunately, I’m not aware of the Synergy6 opinion being available electronically, which is a shame because it’s an interesting and relatively early rejection of the NYAG’s expansive affiliate liability doctrines. Due to that ruling (which involved email marketing instead of adware), the NYAG already had good reason to suspect that its predicate theories were dubious, which makes its decision to pursue those theories against DirectRevenue even more lamentable.
Conclusion
This post highlights two seemingly inconsistent trends. Trend #1 is that plaintiffs (private actors or government agencies) are taking very expansive positions on affiliate liability. Trend #2 is that when tested, expansive affiliate liability theories are failing in the courts. These two trends seem to be in conflict with each other. My hope is that trend #2 becomes so strong that it overrides trend #1, i.e., plaintiffs and government actors get the message that they have gone too far.
Unfortunately, in the interim, many defendants will capitulate and settle an expansive affiliate liability claim—even if it’s lawless—because it’s the cheapest path to resolution or because the precedent isn’t strong enough to ensure victory. Perhaps some defendants will realize that the trend is in their favor and will fight back accordingly. More judicial clarity about the line between permissible and impermissible behavior would benefit everyone.
It is also possible that the legal ambiguities of affiliate liability will be resolved by statute. However, despite the defendants’ string of court victories, I see the chances of legislative intervention to curtail expansive affiliate liability doctrines as nil. If anything, it’s more likely that future legislation will codify liability expansion.
For a rare in-depth analysis of affiliate liability, see Jean Noonan and Michael Goodman, Third-party liability for federal law violations in direct-to-consumer marketing: telemarketing, fax, and e-mail 63 Bus. Law. 585-596 (2008) [ABA subscription required to download].
Posted by Eric at 08:04 AM | Adware/Spyware , Derivative Liability , Marketing , Spam , Trademark | TrackBack
July 01, 2008
June 2008 Quick Links
By Eric Goldman
Trademarks/Domain Names
* Utah Lighthouse Ministry v. Foundation for Apologetic Information and Research, 2008 WL 22043807 (10th Cir. May 29, 2008). CMLP writeup. Nice 10th Circuit win for a gripe site against trademark infringement and cybersquatting. This case, plus the SKI VAIL case, indicate that the 10th circuit is making progress undoing the harm it created in the Australian Gold v. Hatfield case.
* Georgia has a new anti-phishing law (16-9-109.1) that acts as a para-trademark law. See my comments on the analogous California anti-phishing law.
* After initiating a trademark lawsuit against a consumer review site and soundly losing in court, Lifestyle Lift paid $17,500 to settle its own lawsuit and avoid claims for legal fees under Rule 11 and the Lanham Act.
* Marty reports on a German case saying that white-text-on-a-white-background is a trademark use.
* Update on the battle over the trademark registration for "SEO."
* Will TLD proliferation lead to a new open era in domain name administration, or will the resulting anarchy just reinforce that top search engine placement is the really important online real estate? It seems like the currently limited number of TLDs has some benefits from a bounded rationality standpoint, and those benefits will be lost in a cacophony of unknown TLDs.
Patents
* My colleague Colleen Chien has posted "Patently Protectionist? An Empirical Analysis of Patent Cases at the International Trade Commission" (forthcoming William & Mary Law Review). She empirically demonstrates that the ITC mostly involves disputes between two domestic litigants, making it a redundant battleground with federal district court but nevertheless an attractive venue for plaintiffs due to a number of procedural advantages. She makes a number of recommendations to eliminate the litigation gamesmanship offered by having parallel venues. Check it out.
Search Engines
* Udi Manber, chief algorithm keeper for Google, reiterates why it's silly for lawyers and judges to put too much legal emphasis on the relative placement of search engine results, saying "it's definitely the case that if you do the same search on a different cluster, you may get slightly different results at a given time. It's also the case that if you do the same search on different days you may get different results, because some of the results are things we indexed five minutes ago."
(Over)Regulation
* In response to an enforcement effort by the NY AG's office, several Internet access providers have blocked access to newsgroups that are putatively sources of child pornography. See the NYT story and the NY AG press release. In practice, this means wholesale takedowns of newsgroups that may have nothing to do with child porn. For example, Verizon is killing all USENET hierarchies except comp.*, misc.*, news.*, rec.*, sci.*, soc.*, and talk.*. Wired suggests this is the death of online intermediary freedom as conceptualized in 47 USC 230. Of course, 230 never protected intermediaries from criminal exposure for child porn, and this isn't the first time that an access provider has knuckled under to the NY AG's office. See the BuffNet enforcement action from 2001.
* Ohm, Paul. The myth of the superuser: fear, risk, and harm online. 41 UC Davis L. Rev. 1327-1402 (2008). A neat article on how regulators manufacture a fake bogeyman, the unbeatable "superuser," as a justification for expansive regulatory power.
* No evidence that data breach disclosure laws actually help reduce identity theft. Surprised?
* The FTC wants civil enforcement authority for spyware actions. Haven't they heard that the adware battle is already over...and they won?
Contracts
* Mark Radcliffe expresses concern about the ALI's proposed software licensing project on open source licenses.
* Sarah Bird on a messy contract lawsuit involving an SEO contractor.
Anonymity
* Tendler v. www.jewishsurvivors.blogspot.com, 2008 WL 2352497 (Cal. App. Ct. June 10, 2008). A subpoena request to identify a blogger doesn't support an anti-SLAPP cause of action.
* In the AutoAdmit lawsuit, Doe 21's motions to squash the subpoena and proceed anonymously were both denied. David Hoffman provides an update on the case.
Event Tickets
* Chicago has moved against eBay for reselling tickets in violation of its amusement tax law.
* The Ticketmaster v. RMG case ended with a default judgment granting a permanent injunction and $18.2M in damages.
General
* Vanity Fair: How the Web Was Won.
* Paul Levy blogs about a plaintiff's effort to bypass 230 by suing the authors of complaints about the vendor and then joining the consumer complaint site as a necessary party as a cost-increasing tactic.
* BusinessWeek on emerging technological tools to protect workers' attention against unwanted/untimely interruptions.
* Text message-savvy kids educate the North Carolina DMV about the meaning of the term "WTF," which was used on a license plate example on the DMV's website.
* I have one free pass to OMMA Behavioral in San Francisco July 21. First person to send me an email asking for the pass gets it.
Posted by Eric at 12:32 PM | Adware/Spyware , Content Regulation , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Patents , Privacy/Security , Search Engines , Trademark | TrackBack
May 20, 2008
Zango Files Reply Brief in Zango v. Kaspersky
By Eric Goldman
Zango has filed its reply brief in Zango v. Kaspersky [warning: 3+ MB file]. Some points that caught my attention:
* the brief starts out by quoting one of Kozinski's unfortunate rhetorical detours in Roommates.com that 230 wasn't intended to create a lawless no-man's land on the Internet. I'm sure some Zango haters would note the irony of Zango thinking this language benefits them. From my perspective, this is just another example of plaintiffs cutting and pasting pieces of the Roommates.com opinion to try to bolster their case.
* the brief doesn't acknowledge the existence of the significantly adverse e360insight case. Zango wasn't required to cite it, but the CDT brief did mention it, and I expect this precedent to figure prominently in the ruling.
* I thought this was an interesting statement (on page 19 of the PDF): "Notwithstanding the overheated protestations of Kaspersky and the holier-than-thou ideologues that it relies upon, millions of people find Zango not only acceptable, but desirable."
The case library:
* Amicus brief by CDT in favor of Kaspersky
* Kaspersky's answering brief [warning: 5MB file].
* National Business Coalition on E-Commerce and Privacy amicus brief in favor of Zango
* Zango's appeal brief [warning: 2.1MB file]
* The district court's dismissal and my commentary
* TRO Denial and my commentary
* Kaspersky's Response to TRO Motion
* Zango's TRO motion
Posted by Eric at 06:46 AM | Adware/Spyware , Derivative Liability | TrackBack
May 06, 2008
CDT Files Amicus Brief in Zango v. Kaspersky
By Eric Goldman
The Center for Democracy and Technology has authored a brief, for itself, anti-spyware vendors and other advocacy groups, in favor of Kaspersky in the Zango v. Kaspersky case. I thought this brief was a useful contribution to the discourse. The brief focuses heavily on the issue of empowering users' control over their desktops, which is the critical issue but a complicated one when users give instructions that may conflict with each other. The brief addresses this issue squarely:
Two scenarios illustrate the interplay of “consent” in the anti-spyware context. First, assume that a user did consent to the installation of Zango software, but later concluded that the software and resulting advertisements were harassing and objectionable. Kaspersky Lab (and most anti-spyware services and tools) offers the ability to disable Zango software, and for a user to choose to install Kaspersky software to block Zango’s advertisements is fully consistent with the user’s true choice (notwithstanding the assumed initial consent to install the Zango software).
Second, if the Kaspersky Lab software is installed on a computer before someone attempts to download and install the Zango software (and Kaspersky software blocks the Zango installation), that is quite possibly also fully consistent with the wishes of the user. By installing anti-spyware software, the user is asking to be protected from spyware even if the user does not immediately recognize certain downloaded software as spyware. Moreover, it may well be that the owner of the computer (such as a parent or an employer) decided to install anti-spyware software such as Kaspersky Lab’s, and then some other users (such as a child or employee) attempts to install Zango software (and that installation is blocked). In that scenario, the anti-spyware software is in fact doing precisely the job that it was asked to do.
I think both of these examples tell a story of how a user's putatively inconsistent instructions could be reconciled. But these examples are also pretty stylized, so minor changes in the facts would expose situations where the reconciliation might be tougher.
The case library:
* Kaspersky's answering brief [warning: 5MB file].
* National Business Coalition on E-Commerce and Privacy amicus brief in favor of Zango
* Zango's appeal brief [warning: 2.1MB file]
* The district court's dismissal and my commentary
* TRO Denial and my commentary
* Kaspersky's Response to TRO Motion
* Zango's TRO motion
Posted by Eric at 05:35 PM | Adware/Spyware , Derivative Liability | TrackBack
May 01, 2008
Adware is Dead. Long Live Adware!
By Eric Goldman
In late January, I attended the Anti-Spyware Coalition's Public Workshop entitled Spyware: What's Worked, What's Left, and What's Coming. I was on a panel entitled "Is Adware Dead?" with Alissa Cooper from CDT and Colin O'Malley from TRUSTe. This is a timely topic because I've been pondering this question myself for a while now. This blog post recaps some of my thoughts.
Adware Is Dead
At the workshop, everyone agreed that adware is dead, although we may have been using different definitions of adware. (Commissioner Leibowitz declared adware "mostly dead," invoking the phrase from the Princess Bride). I was a little surprised to see such broad consensus on this topic. Let's explore what happened.
Looking back, it's clear that the 2003-06 period was a wild time for the adware industry. Several new entrants sought to build "legitimate" businesses on client-side software that displayed advertising, and others were seeking technical exploits for more nefarious purposes.
Collectively, these efforts sparked the Great Adware Wars of the 2000s. This was a time of mania, with everyone scrambling for the largest network of installs. In turn, vendors attempted lots of aggressive practices, such as bundled installs with obscure notice/consent, difficult uninstalls, loosely controlled/uncontrolled third party distribution chains, and overgrazing of user attention once a desktop install was achieved.
I'm declaring that the Great Adware Wars of the 2000s are over, and the anti-adware forces won. The signs of a decline in the adware industry are everywhere. Most obviously, most of the entrants are out of the business. Of the players trying to run legit adware companies, arguably only Zango persists in its client-side software business model circa 2004.
Why Did Adware Die?
It's hard to tell exactly what ended the Great Adware Wars. Some possible contributing factors:
* enforcement actions by the FTC, state AGs and private litigants (including class action lawsuits)
* new laws, including the laws passed by Utah and Alaska
* technological responses, including enhanced filtering/labeling by anti-spyware vendors
* changes in the economics. In particular, paying third party distributors for installs spurred a lot of unprofitable behavior, so installation economics improved. At the same time, due to the enforcement actions and negative publicity, advertisers have become increasingly gun-shy about advertising via adware. There is some anecdotal evidence that advertisers are now including anti-adware policies in their agency agreements. It's not clear that such policies are actually being enforced, but collectively they send a signal that suppresses the demand for advertising inventory in adware.
* changes in user behavior, due to user education and press attention to adware. Adware has become a dirty/tainted word, and that taint suppresses demand up and down the chain.
Ultimately, I think the single biggest contributing factor to the demise of adware is that it often provides a lousy consumer experience. Even when adware doesn't carpetbomb users with ads, it is still largely based on interruption marketing (a term from Seth Godin's excellent book Permission Marketing
In the end, I believe lousy consumer experiences always fail in the marketplace. The adware being deployed during the Great Adware Wars didn't prove otherwise.
What Consequences from the Death of Adware?
The Great Adware Wars are over. Now what?
Regulatory Proliferation
Even though the war is over, regulators haven’t gotten the message. In fact, I predict that we will see continued efforts to regulate 2005-era adware. Why? If the threat has been neutralized, shouldn't regulators focus their attention elsewhere?
This is a classic public choice problem. Everyone hates pop-up ads and scary adware, so regulators can pander to their constituencies' fears. At the same time, no one is opposing these efforts--the adware companies have largely vanished (not that they were ever a potent lobbying force in the first place), and no one else will stand up in their stead. As a result, regulators seeking some publicity bounce for being “tough on Internet threats” can easily enact ineffectual laws to combat past problems. (As an example of this, see the continued unopposed efforts of the Humane Society to ban Internet hunting).
Long Live Adware!
Adware circa 2003-06 may be dead, but adware in the broad sense--client-side software that displays advertising--will never die. Instead, as I argue here, adware is an inevitable part of our future for several reasons.
First, client-side software can interact with the user whenever they are using their computer. As a result, the vendor doesn’t have to worry about Internet connectivity. Plus, each vendor wants to be able to reach the consumer 100% of the time, not just when the user is visiting its servers.
Second, client-side software has access to the very best data about a user. Server-side applications generally only see the data made available when users are communicating with it. This partially explains the Facebook Beacon offering; it's an attempt by Facebook to aggregate data about user behavior that's captured by third party servers (i.e., data that Facebook ordinarily wouldn't see). But even compared with Beacon, client-side software will see more--and better--data.
At the conference, it was pointed out that behavioral targeting doesn't necessarily improve with deeper datasets. While this is true, it also remains true that a website never knows if the user has transacted with its competitor (i.e., when I searched for flights at both American and United's websites, the losing company has no idea if I transacted with its competitor or not). Client-side applications can see all of this valuable information.
As a result, vendors will always want to get onto users' hard drives and watch the users' communication flows from there. Thus, the race for client-side installations will remain an omnipresent fixture of our technological environment.
At the same time, the residual legislative and regulatory efforts--made in a vacuum without a direct threat and without any counterbalancing lobbying--has a serious risk of inhibiting the development of beneficial client-side applications. Simply put, in the legislative grandstanding to put the "nail in the coffin" of adware, regulators might in fact distort the innovation cycles of software developers who can improve users' lives. It's this risk of collateral fallout that drives my objection to most types of anti-adware regulation, and when I see stupid and regressive state laws (like the Utah Spyware Control Act, or Alaska's anti-adware law, or the screwed up Utah Trademark Protection Act), the potential harm on innovation is palpable.
So here's my proposal. Let's take a moment to pause and celebrate the end of the Great Adware Wars of the 2000s, and congratulate the many people who worked very hard to contribute to its demise. Then, let's all collectively vow to move on and focus our energies on looking forward to the next round of bona fide and serious threats, instead of looking backwards at perceived threats already vanquished.
Posted by Eric at 08:10 AM | Adware/Spyware | TrackBack
April 29, 2008
Kaspersky Files Answering Brief in Zango v. Kaspersky
By Eric Goldman
Continuing my coverage of the Zango v. Kaspersky litigation over 230(c)(2), Kaspersky has filed its answering brief (warning: 5MB file). If you want to save time, the actual argument starts on page 32 of the PDF.
The case library:
* National Business Coalition on E-Commerce and Privacy amicus brief in favor of Zango
* Zango's appeal brief [warning: 2.1MB file]
* The district court's dismissal and my commentary
* TRO Denial and my commentary
* Kaspersky's Response to TRO Motion
* Zango's TRO motion
Posted by Eric at 05:53 PM | Adware/Spyware , Derivative Liability | TrackBack
April 09, 2008
Pro-Zango Amicus Brief in Zango v. Kaspersky
By Eric Goldman
The National Business Coalition on E-Commerce and Privacy has filed an amicus brief supporting Zango in Zango v. Kaspersky, the lawsuit over an anti-spyware vendor's classification of third party software as "spyware." I'm not familiar with this coalition and I couldn't find a website for it. If you have any information about them, please let me know. The brief itself conducts a very run-of-the-mill statutory and legislative history analysis, so it doesn't give much color about the coalition or why it cares about this case.
UPDATE: "Among its members are Experian, Fidelity Investments, the Investment Company Institute, Charles Schwab & Co., Inc., Deere & Company, Inc., JP Morgan Chase, General Motors Corp., Vanguard Group, UPS, CheckFree, Eastman Kodak, Bank of America, and The Assurant." This makes me even more curious why these companies would be interested in the issue.
UPDATE: Wendy Davis at MediaPost reports: "The coalition's members operate Web sites that place cookies on users' computers when they visit the site. The group is concerned that the trial judge's decision would immunize spyware removal companies that market software that deletes their members' cookies." Hmm...are they planning to sue CookiePal or any web browser software vendor that sets a default to reject all cookies?
The case library:
* Zango's appeal brief [warning: 2.1MB file]
* The district court's dismissal and my commentary
* TRO Denial and my commentary
* Kaspersky's Response to TRO Motion
* Zango's TRO motion
Posted by Eric at 10:17 AM | Adware/Spyware , Derivative Liability | TrackBack
March 30, 2008
Zango's Brief in Zango v. Kaspersky Ninth Circuit Appeal
By Eric Goldman
Zango has filed its initial appellate brief in Zango v. Kaspersky [warning: 2.1MB file], the case addressing the liability of anti-spyware vendors for their classification decisions. Characteristically, Zango goes on the offensive, declaring that Kaspersky's software is the real "badware" here.
Other materials in this case:
* The district court's dismissal and my commentary
* TRO Denial and my commentary
* Kaspersky's Response to TRO Motion
* Zango's TRO motion
Posted by Eric at 01:45 PM | Adware/Spyware , Derivative Liability | TrackBack
December 28, 2007
December 2007 Quick Links
By Eric Goldman
Marketing
* I've blogged about Various, which operates AdultFriendFinder.com, before. They made the news recently in two ways. First, they sold to Penthouse for half-a-billion dollars. Second, they settled with the FTC for "pelting" users with unwanted sexually graphic pop-up ads. Do you think these developments are linked in any way... ? Could it be that Various was willing to settle up with the FTC on any terms so that they could get a half-billion dollar check? In this respect, I'm reminded of the MySpace/Intermix $7.5M settlement with the NY Attorney General's office in a dubious enforcement action that was immediately followed by MySpace's sale to News Corp. for $580M. Hey government enforcement agencies--if you can spot hot dot-coms that are negotiating mergers and bring an enforcement action, you can name your price!
* Abrams v. Facebook, the lawsuit over Facebook sending text messages to old phone numbers, has settled. See Michael Erdman and the AP.
* Newsday circulation fraud case (involving inflated circulation numbers) nets $83M restitution, $15M criminal settlement, and nine criminal convictions.
* Texas AG Abbott is prosecuting two companies under COPPA. As far as I know, this is the first state-level enforcement action under COPPA.
* Florida AG Michael Palecki looks to be targeting online advertisers for ads placed by their affiliates.
* The Do-Not-Call registry has become an even less dynamic reflection of preferences.
Copyright
* The Second Circuit kicked out the settlement struck in Tasini's aftermath because it covered unregistered copyrights. Rebecca makes some good points.
* Perez Hilton drops YouTube because they took down one of his videos in response to a takedown notice. On the one hand, this shows that there can be marketplace mechanisms that give feedback to intermediaries based on the restrictiveness of their takedown policies. On the other hand, YouTube was a free service; what did you expect?
* Michael Savage, a radio personality, is suing a website for posting audio clips of his rants as part of the website's criticism of him. See the NYT and CMLP.
* A special master has been appointed in the Grokster case to determine the possible filtering options available to Streamcast. I'm actually amazed that this case is still going!
Reviews and Ratings
* WSJ: Restaurants are giving away free meals to online reviewers to try to get improved consumer ratings.
* BrokerCheck, a regulator-sponsored website for consumer gripes about securities brokers, deletes negative gripes if the complaint settles.
* Retail store signage ("shelf talkers") routinely overstate the Wine Spectator ratings assigned to wine on the shelves.
Best of Mike Masnick
Mike Masnick of Techdirt is a terrific blogger who is smart, prodigious and opinionated. This month he had some noteworthy posts (even by his standards), including:
* Some wise words about Fark's trademark application for NSFW.
* “Noncompete Agreements Are The DRM Of Human Capital.”
* "Anything Goes Wrong Online? Yell 'Net Neutrality' As Loud As Possible!"
Search Engines
* Google appears to have categorically wiped out PageRank for bloggers participating in PayPerPost.
* Danny's sensible remarks on the role of humans in Google's algorithmic search results.
* Search engines pay $31.5M to settle up for running gambling ads. A significant share of this settlement amount is actually public service ads, not cash. Note that enforcement of federal criminal gambling laws is one of the few exceptions to 47 USC 230; if this had been an enforcement of state anti-gambling criminal laws or a civil action, it should have been preempted.
General
* "Like the proverbial tree falling in a forest, the unauthorized use of a trademark that is never perceived by anyone cannot be said to create a likelihood of consumer confusion." Custom Manufacturing and Engineering Inc. v. Midway Services Inc. (11th Cir. Nov. 21, 2007). This statement was made in the context of a counterfeit component part, but it sounds like a good reason to reject liability for including trademarks in keyword metatags.
* Todd Hollis is suing DontDateHimGirl.com a second time. Last time the court sidestepped 230. This time, I hope the court will use 230 to terminate the lawsuit permanently.
* Mark Radcliffe's "2007 Top Ten Free and Open Source Software Legal Issues"
* A nice recap on "location-based mobile services," the delivery of services predicated on GPS devices in cellphones. UPDATE: It looks like mobile marketing/privacy is the topic du jour (or, at least, a topic worthy of end-of-the-year recaps). AP weighs in on the same topic.
* Kaspersky flags Windows Explorer as a virus and then reverses itself, calling this a false positive. Then again, many people consider Microsoft software "malicious code," so maybe the positive wasn't so false after all.
Posted by Eric at 09:39 AM | Adware/Spyware , Copyright , Derivative Liability , Marketing , Search Engines , Trademark | TrackBack
December 13, 2007
Oct.-Nov. 2007 Quick Links, Part 1
By Eric Goldman
I was so jammed at the beginning of November that I didn't have time to post my quick links from October. Never fear; that omission is being corrected with a double shot of quick links covering October and November:
Wikipedia
* Slashdot: Has Wikipedia peaked? If true, I'm not surprised.
* The new status symbol of the digital age? A personal Wikipedia page. FWIW, my personal Wikipedia page was crunched and rolled into a general criticism of Wikipedia page. I found this ironic given that the Wikipedians had already caucused about the merits of my page and decided not to kill it; and then a single Wikipedian swept through and ignored that decision. Sounds like the process worked really well there, guys.
* The newest fork from Wikipedia: Veropedia.
Google
* Webmasters give preference to the Googlebot over other search engine robots in robots.txt files.
* Searchers prefer Google results in a blind taste test. But...searchers also prefer search results when they are branded Google!
* For years, people have speculated that Google advertisers get extra bounce in organic search results. Search Engine Guide lays out the case.
* Carl Person isn't giving up in his (unquestionably futile) fight against Google. The latest: he's appealed his case to the Ninth Circuit. HT Links & Law.
Adware/Spyware
* FTC Commissioner Leibowitz thinks bigger civil fines would help shut down more spyware operators. Then again, it seems like the market is doing that job for them; another adware vendor, DirectRevenue, has gone under.
* Zango has appealed Zango v. Kaspersky to the Ninth Circuit. I wasn't a fan of this lawsuit from the outset, so pursuing the case sounds like a mistake to me.
Virtual Worlds
* Herman Miller (maker of the famous Aeron chairs--I had one at Epinions) is combating the makers of fake virtual Aeron chairs in Second Life.
* Bragg v. Linden Lab has settled. The case involved a claim that Linden Lab improperly impounded some virtual assets.
* Wired: "Cheaters in multiplayer online games beware: Game developers are turning to advanced financial fraud-detection software to keep you from crooking your way to online riches."
47 USC 230
* Roskowski v. Corvallis Police Officers' Ass'n, 2007 WL 2963633 (9th Cir. Oct. 10, 2007). A summary opinion upholding a dismissal based on 47 USC 230. See my blog post on the district court ruling. Michael Erhman's comments.
* The US Supreme Court denied certiorari in Perfect 10 v. ccBill.
* The AutoAdmit plaintiffs filed an amended complaint that dropped Ciolli as a defendant and reworked the substantive allegations. Coverage: Above the Law, Concurring Opinions (1, 2), WSJ Law Blog.
* A former student informed me that a judge on the show Boston Legal (the Nov. 13 episode, "Attack of the Xenophobes," episode 74) applied 47 USC 230--correctly!--to dismiss a lawsuit against YouTube for a defamatory video. See the episode recap.
Online Contracts
* Adsit Co. v. Gustin (Ind. Ct. App. Oct. 16, 2007). Daughter-in-law gives credit card number to mom-in-law to complete online transaction. Court holds that mom-in-law acted as daughter-in-law’s agent and thus bound the daughter-in-law to the vendor’s clickthrough agreement. Accord: the Hofer and Abramson cases.
* Whitnum v. Yahoo, Inc., 2007 WL 2609825 (NY Supreme Court, Sept. 5, 2007). Woman sought damages because Yahoo shut down her website the same day she got a good publicity hit. Yahoo pointed to the liability limits in its user agreement, and the court found that those limits supported a motion to dismiss. Given the ubiquity of similar provisions in web hosting contracts, this case nicely illustrates that web hosting customers really don’t have any recourse if their vendor just shuts them down. This is also why I find 17 USC 512(g) (the DMCA limit on liability if a web host honors a counter-notification) so baffling—web hosts don’t need any help from the statutory safe harbor when they have already eliminated the risk through their contracts.
Posted by Eric at 02:05 PM | Adware/Spyware , Derivative Liability , Licensing/Contracts , Search Engines , Virtual Worlds | TrackBack
November 21, 2007
Search Redirection Tool Could Be Trespass to Chattels--Burgess v. EForce
By Eric Goldman
Burgess v. EForce Media, Inc., 2007 WL 3355369 (W.D.N.C. Nov. 9, 2007)
Every now and then a consumer goes on a me-vs.-the-world bender and decides to unilaterally save society by suing everyone in sight. Burgess' anger over unwanted advertising may have sparked such a campaign. His previous appearance on the blog involved his pro se lawsuit against American Express and many other major brand names for unwanted pop-up ads. In that ruling, the court intimated that advertisers could be liable for contributory trespass to chattels.
In this companion action, Burgess sued a number of defendants for spam. The court rejects his CAN-SPAM claim for lack of standing (he doesn't qualify for the limited private causes of action).
Burgess also sued for the installation of search redirection client software, claiming it was a privacy invasion, trespass to chattels, and "illegal conduct." The defendants first tries to dismiss the claims as preempted by CAN-SPAM, but CAN-SPAM's preemption clause does not apply to generally applicable laws like privacy invasions and trespass to chattels. Nevertheless, the magistrate report (approved by the judge) dismisses the privacy invasion claim for failure to state a claim, saying:
While the undersigned shares in plaintiff's frustration with the internet and the unconscionable applications that interfere with one's use and enjoyment of technology--and at times display offensive websites--frustration of purpose is not an invasion of privacy. Further, the undersigned cannot find any North Carolina case recognizing a cause of action for invasion of privacy based on computer viruses that redirect internet searches or inquiries, or any cases that would suggest that similar such conduct in other fields would support such a claim.
The "illegal conduct" claim was also dismissed.
On the other hand, building on Burgess prior ruling in state court, this court refuses to dismiss the trespass to chattels claim. Citing to Sotelo and others, the court says that Burgess' "pro se pleadings are not a model of clarity but nevertheless suffice to state a claim for trespass to chattels. He sufficiently alleges actual possession of his computer and 'unauthorized, unlawful interference' with his use of this personal property." So the Sotelo precedent marches on, even though this court (as with the prior Burgess court) doesn't acknowledge Hamidi, Mummagraphics or the other cases that would put these expansive trespass to chattels rulings in serious doubt.
As a result, Burgess' case lives to see another day. I'm sure we haven't heard the last from him!
Posted by Eric at 02:32 PM | Adware/Spyware , Publicity/Privacy Rights , Search Engines , Spam , Trespass to Chattels | TrackBack
August 29, 2007
Anti-Spyware Vendor Protected by 47 USC 230(c)(2)--Zango v. Kaspersky
By Eric Goldman
Zango Inc. v. Kaspersky Lab, Inc., No. C07-0807-JCC (W.D. Wash. Aug. 28, 2007)
There has been a fair amount of hand-wringing/teeth-gnashing over the legal liability of anti-spyware vendors when they label a software program as spyware or some other synonym. On the one hand, vendors might present those labels in a way that causes consumers to overreact to the actual threat, or vendors may make factual errors, and either case can have significant adverse effects on the affected software manufacturer. On the other hand, if vendors are liable whenever software manufacturers don't like their labels, the vendors will make labeling decisions based on risk management, not editorial criteria, and that may degrade the tool's utility to consumers.
That's what makes this ruling so important. The court says, clearly and unambiguously, that anti-spyware vendors' labeling judgments are completely protected by 47 USC 230(c)(2), a statute designed to protect online filtering judgments. In support of this conclusion, the court says that:
1) Kaspersky qualifies as an interactive computer service provider (specifically, as an access software provider)
2) The labeled software does not have to be actually "objectionable;" the vendor qualifies for protection so long as it subjectively considers the software objectionable.
3) There is no "good faith" standard in the statute for the vendor's decision to consider software objectionable.
230(c)(2) has been interpreted fairly infrequently, but a few decisions have applied it to anti-spam vendors and search engine filtering. As best I can remember, this is the first time the statute has been applied to protect anti-spyware vendors. (Am I forgetting any?). As a result of this decision, we should see a decrease in software manufacturers' efforts to strongarm vendors into recharacterizing their software. There will still be private negotiations/discussions between vendors and software manufacturers (which is often a healthy process), but any software manufacturer's threat to escalate the matter to litigation should be fairly empty.
This should close the book on Zango's ill-fated legal initiative from May to change anti-spyware vendors' characterizations of its software. Some previous coverage of those cases: Zango loses TRO against PC Tools; Zango loses TRO against Kaspersky. Yesterday, Zango announced that it voluntarily dismissed the lawsuit against PC Tools; and this ruling appears to put an emphatic end to Zango's lawsuit against Kaspersky.
Posted by Eric at 02:08 PM | Adware/Spyware , Derivative Liability | TrackBack
August 13, 2007
2007 Cyberspace Law Syllabus
By Eric Goldman
I've posted my 2007 Cyberlaw syllabus. Unlike the past few years, which were a little slow cyberlaw-wise, the past 12 months saw a lot of important developments. Let me recap some of changes I made to my reader reflecting these developments:
Additions
Copyright: I added the Cablevision case (after editing out some of the mind-numbing description of cable technology), which provides an interesting exposition on how the source of bits matters in copyright law (we'll reinforce that message with the Amazon.com "server test"). I companioned the Cablevision with the Field case to show a very different philosophy about "volitional" server activity, so I'll ask the students to see if they can reconcile the two cases.
I struggled with how to handle the Ninth Circuit's troika of Perfect 10 opinions. The opinions are long, complicated and irresolute, but it's hard to discuss one without discussing the other two. I decided to include all three but I don't feel great about that decision, given that it takes 115 pages (about 1/6 of my total reader) to work through the three cases, and I'm not sure students will come away any smarter about Ninth Circuit online copyright law after reading all three.
Trademark. I substituted the FragranceNet case for the 1-800 Contacts v. WhenU case. The 1-800 Contacts case remains a very important keyword law precedent, but as a teaching case it was just so-so. The adware subject matter increased the complexity, and it punted on the most interesting question of search engine liability. However, most of the other recent keyword law cases have been even less teachable. Fortunately, the FragranceNet case does a pretty job of recapping the 1-800 Contacts case as well as other recent decisions, and it frames the policy issues nicely. I've paired it with the Playboy v. Netscape case, which will make a good compare/contrast. However, if the Second Circuit gets off its duff, I'd be thrilled to substitute in the court's opinion in the Rescuecom appeal. (I'd be even more thrilled if the court reaches the "right" result!).
I also updated my materials to reflect the Trademark Dilution Revision Act.
230. I continue to stick by the seminal Zeran case, which remains both powerful precedent and a colorful teaching case. However, this year I added the Ninth Circuit hairball Roommates.com opinion. I really didn't want to--it's such a messy opinion--but I think for now the case represents a vitally important incursion into 230 law that any good Cyberlawyer needs to know about it (even if they don't know what to do about it). If we're lucky, perhaps the Ninth Circuit will rehear the case en banc and issue a new and more lucid opinion before I have to teach the existing opinion.
In addition, I created a new module on "blogs and social networking sites" and added the Doe v. MySpace case, a great opinion for exploring the differences between online and offline "premises."
Spam. I teach spam at the semester's end, when time is running out, so we'll see what I'm actually able to cover this year. I've added two recent cases: the Mummagraphics case, which wiped out a lot of state anti-spam laws and has a nice interplay with trespass to chattels, and the MySpace v. theglobe.com case, which has an odd contrast with Mummagraphics on the state anti-spam statutory analysis; plus it shows how online contracts can substitute for legislative rights.
Other. I added some explanatory material, including my standard dog-and-pony CLE presentations on keyword law and blog law and my brief distillation of social networking site law. I also updated the CRS on Spyware.
Other Changes
* I eliminated my standalone section on "search engines" and folded the material into the rest of the reader. I think there's pedagogical value to isolating and deeply exploring search engine issues, which is why I initially segregated the material. However, search engine issues crop up throughout the foundational material, so I'm not sure that segregation worked.
* I deleted the following material:
- Corbis v. Amazon. This was an excellent case to teach 512, but I think the ccBill case superseded it in a number of respects.
- the district court opinion in Perfect 10 v. Google, which was superseded by the Perfect 10 v. Amazon Ninth Circuit opinion.
- 1-800 Contacts v. WhenU (as discussed above)
- Alaska SB 140, which I ran out of time to discuss last year.
Deliberately Excluded
* The Utah anti-keyword advertising law represents one of the most important statutory changes of the year, but I omitted it because I anticipate Utah will modify it, and there's no point teaching a moot law.
* I skipped the Unlawful Internet Gambling Enforcement Act. I've generally shied away from teaching online gambling in Cyberlaw; the topic requires a lot of time to teach, making it hard to squeeze into a semester-long survey course. Plus, the new law is an analytical mess, so I'm not sure what the students would get out of the discussion.
* We were so excited to get the California Supreme Court's Barrett v. Rosenthal ruling, but the actual opinion doesn't add much to Zeran, so I thought it wasn't worth the time.
Posted by Eric at 07:57 AM | Adware/Spyware , Copyright , Derivative Liability , Internet History , Search Engines , Spam , Trademark | TrackBack
August 01, 2007
July 2007 Quick Links, Part II
By Eric Goldman
Virtual Worlds
* After a remarkable run as media darlings, Second Life is now experiencing some of the inevitable backlash. Case in point: Wired's "How Madison Avenue Is Wasting Millions on a Deserted Second Life." In this respect, Second Life reminds me a little of Keen.com--both provide fantastic platforms for monetizing user-generated content, but that powerful economic platform is likely to take root primarily in the sin businesses (porn, gambling, etc.). (FWIW, Keen.com appears to have cleaned up the dial-a-porn and is now focused exclusively on dial-a-horoscopes). As a result, it will be interesting to see what happens to Second Life's numbers in response to their anti-gambling crackdown. Meanwhile, lawyers--the classic late adopters--are gushing about Second Life's potential as a business generator--an interesting counter-perspective to the Wired article.
* World Copyright Law Report: "Some residents have been using a rogue version of a program called CopyBot to make a copy of anything in the Second Life world, thus threatening to undermine the whole basis of the Second Life economy."
Wikipedia
* More marketers wake up to the value of inserting links into Wikipedia despite Wikipedia's nofollow tag. See my earlier explanation of this. Meanwhile, a Wikipedia administrator talks about what Wikipedians consider white hat practices for marketers.
* Willing to cite to Wikipedia in your legal briefs? Need some custom-tailored authority to support your argument? Edit Wikipedia to say what you want!
* Mike Godwin has become Wikimedia’s GC. You may recall that Mike and I bet about Wikipedia’s future; it appears he has raised the stakes on that bet substantially!
User Generated Content
* "GC's Client from Hell": Whole Food's CEO John Mackey pseudonymously posted about his company's stock and his competitor's stock on Yahoo Finance. The WSJ article has some of the juiciest postings. The NYT on CEO "sock puppetry."
* A restaurant owner used consumer reviews from Yelp as part of deciding to fire employees.
* Interesting interview with the pseudonymous founder of a pay-for-Diggs business.
Blogs
* The ABA Journal has entered the crowded field of blawg directories with one of their own.
* Blawgworld 2007: 77 blawgers chose their favorite posts, which were compiled into an e-book. The compilation turns out to be a great way to get noisy blawgers to promote their brilliant contributions to the e-book, which generates traffic and link love for the publisher, which in turn creates a nice delivery vehicle for sponsored content/advertising.
Miscellaneous
* Asch Webhosting, Inc. v. Adelphia Business Solutions Investment, LLC, 2007 U.S. Dist. LEXIS 52932 (D. N.J. July 23, 2007). IAP terminates customer based on complaints that customer was a spammer. Court holds that the consequential damages waiver applies, effectively negating customer's alleged damages. Rejecting the customer's argument that the termination was in bad faith, the court says: "Plaintiff’s arguments about the accuracy of the spamming complaints do not change the Court’s determination because regardless of the ultimate accuracy or veracity of the spamming complaints, defendant was entitled to rely on those complaints so long as it did so in good faith, and plaintiff has not demonstrated any bad faith by defendant." HT: Technology Law Update.
* Consumer Law & Policy Blog: "companies in two recently filed federal cases explicitly invoke [the recent Supreme Court decision in] Leegin as a justification for terminating the eBay auctions of competitors that charge lower prices online."
* Declan on whether anti-spyware vendors are screening for "fedware" (government keystroke loggers designed to capture data before it's encrypted).
Fun
* More proof that technology can save lives: During a power outage at a hospital, doctors were able to complete a surgery using the light of open cellphones.
* I’m a new fan of Oddee. Some recent posts (it helps to think about sexual connotations when interpreting the photos):
- "15 Unfortunately Placed Ads."
- "Most Unfortunate Logos Ever"
- "Unfortunate Business Names.”
Posted by Eric at 11:06 AM | Adware/Spyware , E-Commerce , General , Internet History , Marketing , Spam , Virtual Worlds | TrackBack
July 19, 2007
Advertiser Liability for "Contributory" Trespass to Chattels Redux--Burgess v. American Express
By Eric Goldman
Burgess v. American Express Co., 2007 NCBC 15 (N.C. Superior Ct. May 21, 2007)
David Fish points to an interesting new ruling on the subject of advertiser liability for pop-up advertising (I'm inferring that the pop-ups were delivered via adware, although the opinion doesn't use that term). As part of a procedural request by a defendant/advertiser, the court says:
Burgess’s claim is premised on the appearance of unauthorized “pop-up” messages on his computer displaying the Defendants’ advertisements. Burgess alleges specifically that Target (and other Defendants), through the services of a third-party intermediary, delivered unauthorized “pop-up” advertisements to his computer and thereby caused damage to the same....Construing these allegations in the light most favorable to Burgess, he has at least alleged a claim for trespass to chattels under North Carolina common law. [cite to Sotelo] ...The Court is also satisfied that Burgess has alleged actual harm; although, I note that actual damage is not required to pursue a claim for trespass to chattels in North Carolina, at least where the claim is based on unlawful interference.
While the plaintiff has a lot more work to do before winning this case, this ruling is still interesting because it reinforces the potential that advertisers can be directly/contributorily liable for a trespass to chattels based on how their advertising is delivered. Not only is this a stupid result legally, but I remain shocked that these opinions fail to discuss Intel v. Hamidi or the more recent Mummagraphics case, both of which should make pop-up ad-based claims for trespass to chattels tenuous at best. I hope the defense lawyers can convince the judge to look at broader precedent than just the Sotelo case.
Some previous posts on advertiser liability for adware/trespass to chattels:
* Utah Bans Keyword Advertising (April 2007)
* Advertisers Settle NY Anti-Adware Action (January 2007)
* WSJ Debate on Advertiser Liability for Adware (April 2006)
* The FTC, Adware Advertising and Badges of Shame (December 2005)
* Adware Witchhunt Gone Awry (October 2005)
* Downloading Software onto Home Computer May Be Trespass to Chattels--Sotelo v. DirectRevenue (Sept. 2005)
* Are Adware Advertisers Responsible for Adware? (August 2005) [points to my CNET editorial on this topic]
* AP Story on Advertiser Responsibility for Adware (June 2005)
* Edelman on "Intermediaries' Role in the Spyware Mess" (May 2005)
* LA Times on Adware Advertisers--Including 1800 Contacts? (May 2005)
* Utah Amends Spyware Control Act (March 2005)
Posted by Eric at 02:06 PM | Adware/Spyware , Derivative Liability , Marketing , Trespass to Chattels | TrackBack
July 02, 2007
June 2007 Quick Links
By Eric Goldman
* Spam cases are coming at a regular clip, and it's tricky divining the latest state of the law. Two recent cases that caught my attention:
- US v. Impulse Media Group, 2007 WL 1725560 (W.D. Wash. June 8, 2007). This case involved a porn site that used affiliate marketers who didn't comply with the porn spam labeling requirements. The government argued that the advertiser should be strictly liable for this breach, but the court fairly emphatically rejected that (same as Cyberheat). But the news isn't all good for the defense, as the court also rejected its SJ motion, showing that the question of scienter about affiliate behavior remains a tough one for courts. Venkat's writeup.
- Kleffman v. Vonage Holdings Corp., No. 07-2406 (C.D. Cal. May 22, 2007). A nice complement to the Facebook v. ConnectU case, each holding that aspects of California's anti-spam laws are preempted by CAN-SPAM. In this case, the targeted behavior was the fact that the emailer may have used multiple email addresses to bypass electronic spam filters, but there wasn't anything false/deceptive about each email itself. See the BNA write-up and Venkat's writeup. I've lost track of the preemption cases, but it seems like state anti-spam laws are really getting munched after the Mummagraphics case.
* NYT on the pros/cons of captchas.
* Goodmail has expanded its pay-to-email system to Comcast, Cox, Roadrunner and Verizon.
Intellectual Property
* In Explorologist v. Sapient, involving the posting of a video deconstructing Uri Geller's act, the defendant is arguing (per CCBill) that 47 USC 230 preempts British copyright law.
* A rushed high school yearbook editor downloads lots of Facebook photos and adds them to the yearbook to fill space. Not a good idea!
* Techdirt: Who owns the right to license the design of military weapons to toy manufacturers?
* Marty on intellectual property protection for sexual activity.
Contracts
* A California man claims he bought a Gateway computer that never displayed text properly. Is he bound to the clickthrough agreement displayed on bootup? If this is the only way Gateway presented its contract, the answer should be no.
* At a conference at Southwestern Law School, I heard Prof. Lon Sobel talk about "idea submission" law. He illustrated the phenomenon that "where there's a hit, there's a writ": he suggested that hit TV shows produce an average of 6 "you stole my idea” demand letters. The great 1980s movie Coming to America produced 12 such letters, which resulted in 7 actual lawsuits. Interestingly, Prof. Sobel made the case (implicitly, not explicitly) that there is no separate law of "idea submissions," but rather any such doctrines are subsumed within standard contract law.
eBay
* eBay has changed its stance towards fighting counterfeiters, and it now does more policing itself.
* eBay shill bidder pays $400k to settle with NY AG.
Social Networking/Blogs
* The NCAA kicked a reporter out of the stadium for live-blogging the event. Tip to NCAA: It’s neither possible nor wise to control the flow of real-time information. Get over it. HT: Techdirt.
* Just came across this article: Stacey Schesser, MySpace on the record: The admissibility of social website content under the Federal Rules of Evidence, First Monday, volume 11, number 12 (December 2006).
* Wired: 7 MySpace sex offenders busted.
Marketing/Advertising
* AMCO Ins. Co. v. Lauren-Spencer, Inc., 2007 WL 1795970 (S.D. Ohio June 20, 2007). Insured offers jewelry from a website. Third party claims that the insured's jewelry constituted copyright infringement. Insured tenders the lawsuit to her insurance company under the advertising injury policy. Insurance company seeks a DJ of no coverage. The court says that the website constitutes advertising for the products, and so the policy applies to photos of the allegedly infringing jewelry items, even if the photos themselves were created by the insured. Observation #1: The advertising injury policy is very helpful to web businesses. Observation #2: Due to cases like this, I suspect insurance companies are reducing their willingness to offer advertising injury coverage to web businesses.
* Taylor v. XRG, Inc., 2007 WL 1816142 (Ohio App. Ct. June 21, 2007). The defendant was a vendor retained by bulk fax senders that handled consumer responses, including opt-outs from future faxes. Court held that the vendor wasn't liable for any TCPA/state anti-junk fax laws allegedly broken by the fax sender.
* Newish ad format: ads running 2 seconds in duration.
Search
* It's taken me a while to digest some of Google's new efforts. First, Google released two tools (a new toolbar button and a new personalized tab) to anticipate searchers' needs based on their past searches. Second, Google expanded its search history to incorporate all aspects of a user's searching through its services (what it calls "web history"). Meanwhile, Google has reduced its storage of personalized search data from 18-24 months to 18 months before that data gets anonymized. FWIW, I've been using Google personalized search since November 2005 (presumably, some of my data will be flushed any time now). Google has now captured almost 12,000 searches (with a high so far of 255 searches in a single day). Despite this, Google still doesn’t do a good job making predictions for me.
* Another great study from Jim Jansen (see the last one I blogged about). This one presented identical search results branded from different search engines and found that consumer ratings of relevancy varied based on the brand (Yahoo and Google came out on top). The logical inference--branding does matter to perceptions of relevancy. HT: SEL.
* Matt Cutts on the various ways humans affect Google search.
Domain Names
* Denmark's .dk TLD registry has enacted rules targeted at wiping out domainers. See here (Sec. 8.3.6).
* What's hotter than iPhones? iPhone-related domain names.
Adware/Spyware
* Declan on the latest legislative rally against spyware, the Senate's Counter SPY Act.
* The FTC issued final approval for the DirectRevenue settlement of $1.5M. Commissioner Leibowitz dissented, saying the cash payment was too light.
Online Reputations
* Avvo has filed a motion to dismiss the lawsuit over its ratings of attorneys. The motion is very heavy on the 1st amendment and very light on 230. HT: WSJ Law Blog.
* The Washington Post gushes about Reputation Defender and its competitors, without really acknowledging the value of reputational accountability or the potential for takedown/pushdown abuse.
* Entrepreneurs figured out a way to game FICO scores. Fair Isaac will try to close the loophole.
* Ed Magedson of Rip-Off Report was the victim of a vicious harassment campaign demanding that he remove complaints from the site.
* Lengthy NYT article on Wikpedia. Not much new there, but it does hint at the young age of Wikipedians, and it talks about how "pride of ownership" motivates Wikipedians.
Other
* June 26 was the 10 year anniversary of the classic Reno v. ACLU Supreme Court opinion.
* The NYT has launched a new technology blog called BITS.
Posted by Eric at 02:37 PM | Adware/Spyware , Content Regulation , Copyright , Derivative Liability , Domain Names , Internet History , Licensing/Contracts , Marketing , Search Engines , Spam , Trademark | TrackBack
June 06, 2007
SPY Act Passes House...Again
By Eric Goldman
For the third year in a row, the House passed the SPY Act. I was hopeful that the House's passing of the I-SPY Act would forestall further action on this bill, but unfortunately I was wrong. The SPY Act is a terrible solution to problems that may be already self-correcting, so let's hope the Senate either takes a pass on both bills or at least takes a pass on the SPY Act a third time.
Posted by Eric at 05:29 PM | Adware/Spyware | TrackBack
Zango Also Loses Kaspersky TRO Motion
By Eric Goldman
Zango, Inc. v. Kaspersky Lab Inc., C07-0807-JCC (W.D. Wash. TRO motion denied June 6, 2007)
Yesterday, Zango's TRO request against PC Tools was denied but Zango claimed the result was nevertheless a "victory for consumer choice" because PC Tools had made important classification changes. Today, the same judge denied Zango's TRO request against Kaspersky Lab even though Kaspersky hasn't made commensurate classification changes. Is this result a loss for consumer choice?
Like yesterday's opinion, the court's opinion is short and plainly stated, and it repeatedly points readers to yesterday's opinion. The only substantive differences are (1) Kaspersky made fewer technical changes, but the court says that this fact isn't significant enough to reach a different result, and (2) the court suggests, but does not conclude, that a 230(c) defense might be meritorious.
The opinion doesn't say it, but I think implicitly the two opinions signal very clearly that Zango will need to present much stronger evidence of its problem if it hopes to ultimately prevail. Or, if it can't present stronger evidence, this judge doesn't look like he will be easily impressed. On that basis, Zango may find the better choice is to pursue out-of-court options.
UPDATE: Zango says this ruling puts "Consumer Choice on Hold."
Posted by Eric at 11:01 AM | Adware/Spyware | TrackBack
June 05, 2007
Zango Loses TRO Motion Against PC Tools But Claims Win
By Eric Goldman
Zango, Inc. v. PC Tools Pty Ltd., C07-0797-JCC (W. D. Wash. TRO denied June 5, 2007)
The judge denied Zango's TRO request against PC Tools. The actual opinion is efficient and somewhat non-committal, as befits an opinion written quickly in response to a TRO request. However, the court's opinion reflected that it was aware of Zango's historical practices and understood the public benefit from giving space for anti-spyware tools to do their thing. Venkat's take: "This Order would make me reconsider if I were Zango."
Despite the TRO loss, Zango claims this as a "victory for consumer choice" because the lawsuit caused PC Tools to substantially change its categorization of Zango, giving Zango the results it sought anyway.
Regardless of these developments, I'm failry confident this story isn't over. I suspect PC Tools and Zango will have continued categorization spats in the future. And, the lawsuit against Kaspersky is still pending, so perhaps that will give us some more useful insights into this legal area.
Posted by Eric at 07:59 PM | Adware/Spyware | TrackBack
PC Tools & Kaspersky Respond to Zango Lawsuit
By Eric Goldman
PC Tools and Kaspersky have responded to Zango's TRO requests in Zango v. PC Tools and Zango v. Kaspersky.
PC Tools' response reads like a typical anti-spyware gripefest about Zango generally, only some of which actually responds to Zango's TRO motion. (For an analogous circumstance, see Symantec's gratuitous smear of Hotbar in a similar lawsuit). Then again, Zango had to know that its dirty laundry was going to be aired when it filed this lawsuit. I thought it was particularly interesting that PC Tools didn't raise the 230(c)(2) defense--not sure why they didn't do so, because it seems like the quickest path to success.
Kaspersky's response claims (among other defenses) that Kaspersky USA is an independent entity from the true classifying organization in Moscow. I'm not sure how a court will handle the factual issues raised by this contention; TROs hearings don't normally engage in extensive fact-finding.
Both motions rely heavily on the New.net v. Lavasoft (see, e.g., the stern anti-SLAPP and dismissal opinion in that case). Also, in case you're curious, Ben Edelman is PC Tools' expert and Ray Everett-Church is Kaspersky's expert.
HT: Venkat. See Venkat's comments here.
Posted by Eric at 01:34 PM | Adware/Spyware | TrackBack
May 31, 2007
House Passes I-SPY Act
By Eric Goldman
Internet Spyware (I-SPY) Prevention Act of 2007 (HR 1525)
The House passed the I-SPY Act, sending it on to the Senate. This is the House's third time passing anti-spyware legislation. The past two years, the House passed the SPY Act, only to have the bill die in the Senate. We'll see what the Senate does this year.
As regular readers know, I've opposed just about every anti-spyware/anti-adware law proposed/enacted. So, it may surprise you that I think the House's passage of I-SPY is good news. This doesn't mean that I-SPY is necessary or even wise. From my perspective, I-SPY's main operative provisions overlap existing provisions in the Computer Fraud & Abuse Act. Thus, I don't think the law creates any new limitations, which makes the law a harmless/ineffective trifle.
However, I-SPY is good news because it's unlikely the House and Senate will pass two anti-spyware laws this session (and perhaps for a very long time). Thus, I-SPY may displace further action on the SPY Act, which is positive because the SPY Act is a terrible bill. The SPY Act tries to codify a set of bad practices and banish them; but, the practices targeted by the SPY Act aren't universally bad, and the technological specificity of the SPY Act will render it useless in the face of new technology, social practices and business practices. So I'm hoping that the Senate takes up I-SPY, passes it, and closes this chapter on Congressional efforts to regulate spyware. They have plenty of other important things to worry about.
Posted by John Ottaviani at 11:21 AM | Adware/Spyware | TrackBack
May 30, 2007
Zango's Busy Litigation Docket
By Eric Goldman
I got a tip that Zango's lawsuit against PC Tools had been removed to federal court, which prompted me to search for "Zango" in PACER for the Western District of Washington. I learned that Zango has a surprisingly busy litigation docket, with 4 lawsuits filed in its home court in the past two months:
* I previously blogged on Zango v. PC Tools. That case has been removed to federal court (W.D. Wash., case no. 2:07-cv-00797-JCC).
* Zango filed a similar but less well-publicized lawsuit against anti-virus software vendor Kaspersky, which also has been removed to federal court. Zango Inc. v. Kaspersky Lab Inc., 2:07-cv-00807-JCC (W.D. Wash.). Because the lawsuit was initially filed in state court, PACER doesn't have the complaint. However, here's Zango's motion for a TRO.
In addition to these 2 lawsuits against anti-spyware software vendors, Zango claims it's been stiffed by two advertisers to the tune of about $1M:
* Zango Inc. v. Internet Brands Inc., 2:07-cv-00506-RSL (W.D. Wash. complaint filed April 6, 2007). See the complaint.
* Zango Inc v. Mainstream Advertising, 2:07-cv-00507-MJP (W.D. Wash. complaint filed April 6, 2007). See the complaint.
Looks like it's a rough-and-tumble world out there!
Posted by Eric at 09:44 AM | Adware/Spyware , Licensing/Contracts , Marketing | TrackBack
May 29, 2007
Zango Claims Spyware Doctor SE Surreptitiously Deletes Its Software
By Eric Goldman
Zango, Inc. v. PC Tools Pty Ltd., 07-2-15844-8SEA (Wash. Superior Ct. complaint filed May 15, 2007)
We've seen a fair amount of tussling between adware vendors and anti-spyware software vendors, including a battle over the incorporation of' "good samaritan" immunizations for anti-spyware vendors in proposed anti-spyware legislation (see, e.g., here and here). However, litigation between the two camps has been relatively rare, so this case (if it doesn't settle like most of the precedents) might help shape the contours of anti-spyware software vendors' duties as well as influence the pending anti-spyware legislation in Congress.
Here, Zango claims that PC Tools' software, Spyware Doctor Starter Edition, (1) mislabels Zango's software as an "elevated risk" and (2) automatically disables Zango's software from functioning without giving users notice, which prevents new installs and prevents current users from using existing installs--including those users who have paid a premium subscription allowing them to use Zango's software pop-up-free. While these effects alone would be problematic for Zango even if Spyware Doctor were an obscure program, Spyware Doctor SE has the added profile of being bundled in the Google Pack.
While I can see why Zango would be upset enough about this situation to sue, bringing a lawsuit has numerous downsides. First, the facts may not be in its favor; SunbeltBlog has had difficulty replicating some of the results. Second, lawsuits over classifications threaten anti-spyware vendors' editorial integrity (and PC Tools is claiming that was Zango's intent), but fortunately those editorial judgments should be completely protected by 47 USC 230(c)(2). Third, Zango isn't particularly popular in the anti-spyware crowd, so their enforcement actions bring extra scrutiny.
With the respect to the claim that Spyware Doctor disables Zango, this case reminds me of the fracas (that matured into a lawsuit) between Avenue Media and DirectRevenue back in 2004, where Avenue Media claimed that competitor DirectRevenue was surreptitiously kicking its software off users' hard drives (the case reached a detente).
While it would be tempting to dismiss the Avenue Media/DirectRevenue lawsuit as a piratical battle between untouchables, there are other examples where company A deletes company B's software with minimal notice. Most prominently, I still can't fathom how Microsoft gets away with unilaterally wiping software off users' hard drives (my recollection is that AOL has done the same thing, but I can't find my documentation of it now). At some point we're going to have reach a social consensus about what level of user authorization is required for one software program to annihilate another program. Maybe this case will help us understand that issue a little better.
Posted by Eric at 01:14 PM | Adware/Spyware , Privacy/Security | TrackBack
May 09, 2007
Utah Trademark Protection Act Updates (from BNA)
By Eric Goldman
As I previously reported, Utah legislators met with industry representatives to discuss the Utah Trademark Protection Act on April 25. BNA [BNA subscription required] provides a fresh update on developments since the April 25 meeting. According to the BNA article:
the governor has directed the Division of Corporations and Commercial Code in the state Department of Commerce to hold off on implementing the law "for at least a couple of months" while changes to the legislation are considered....If an agreement is reached soon, changes could be enacted during a special session likely to occur this summer.
I like the way that Paul Rogers, a lobbyist for some of the technology companies, summarized his take-away from the April 25 meeting:
"I don't think they had thought it through, in terms of how it will affect the consumers' interests," he said. "We told them we're not going to comply--we're going to sue. They said, 'Don't sue--we get it, we've gone too far. Let us see if we can fix it or repeal it.' "
Personally, I recommend option #2.
Posted by Eric at 09:57 AM | Adware/Spyware , Domain Names , Search Engines , Trademark | TrackBack
April 27, 2007
Utah Legislators Realizing They Screwed Up By Banning Keyword Advertising
By Eric Goldman
Linda Fantin at the Salt Lake Tribune reports on the meeting between Utah legislators and various technology companies (Google, eBay, Microsoft, AOL, Yahoo, 1-800 Contacts and Overstock.com) to discuss the recently enacted Utah Trademark Protection Act banning trademark-triggered keyword advertising.
Based on the SL Trib article, it looks like the Utah legislators are beginning to realize that they got in over their heads (Sen. Eastman's defensive bravado that he "makes no apologies" notwithstanding). For example, the article says that the legislators didn't understand that Utah technology companies 1-800 Contacts and Overstock.com routinely buy other parties' trademarks to trigger ads--even though this is a well-documented fact. Rep. David Clark lamented that "I wish we had had this interaction with industry 60 days ago...We would have all been better off." Great point! The world would be a better place if legislators did their homework first before blasting their legislative guns.
Based on this meeting, it appears the law is in stasis for now. The Utah legislators haven't promised to amend or repeal the law (at least, not yet), but Rep. Clark admitted that "we understand we've got some work to do" and the AOL/1-800 Contacts lobbyist walked away from the meeting thinking litigation wasn't going to be necessary. Meanwhile, according to Sen. Eastman, no efforts will be made to create the registry until further discussions take place.
UPDATE: If you missed it, in an April 11 editorial, the Salt Lake Tribune urged the Utah legislature to unilaterally repeal the law.
Posted by Eric at 04:18 PM | Adware/Spyware , Derivative Liability , Marketing , Search Engines , Trademark | TrackBack
April 25, 2007
Academic Debate over Trademark Use in Commerce
By Eric Goldman
As regular blog readers know, a hot area in online trademark law is the "trademark use in commerce" element of the plaintiff's prima facie case. This element has been dispositive in several noteworthy defense wins, including the 1-800 Contacts v. WhenU and Rescuecom v. Google cases. Yet, some experts, such as Prof. McCarthy, believe that the prima facie case doesn't require the plaintiff to show that the defendant made a trademark use in commerce.
This debate has led to 2 companion articles by 4 top trademark scholars. First, Graeme Dinwoodie and Mark Janis wrote Confusion Over Use: Contextualism in Trademark Law. In the article, Dinwoodie/Janis agree with McCarthy that trademark use in commerce isn't a separate element of the plaintiff's prima facie case because, otherwise, the trademark fair use statutory provision makes no sense. Therefore, Dinwoodie/Janis favor a contextual analysis of infringement which effectively omits the trademark use in commerce element and instead focuses on the likelihood of confusion factor.
Mark Lemley and Stacey Dogan responded with Grounding Trademark Law Through Trademark Use. This article argues that the trademark use in commerce element historically helped distinguish between direct and contributory infringers (i.e., if the defendant hadn't made a TM use in commerce, its only liability would be contributory).
As I've said before, I think the statute is unresolvably irresolute, so statutory arguments aren't likely to help us reach a consensus any time soon. From a normative standpoint, I think Lemley and Dogan have the better argument in this debate, but for different reasons than the ones they articulate. I think the use in commerce requirement acts to keep "commercial referential uses" outside the boundaries of trademark law. I'll explain this in more detail soon.
The Dinwoodie/Janis abstract:
This paper tackles an intellectual property theory that many scholars regard as fundamental to future policy debates over the scope of trademark protection: the trademark use theory. We argue that trademark use theory is flawed and should be rejected. The adoption of trademark use theory has immediate practical implications for disputes about the use of trademarks in online advertising, merchandising, and product design, and has long-term consequences for other trademark generally. We critique the theory both descriptively and prescriptively. We argue that trademark use theory over-extends the search costs rationale for the trademark system, and that it unhelpfully elevates formalism over contextual analysis in trademark law rulemaking. The theory seeks determinate trademark rules in order to encourage a climate of certainty for innovators, but the concepts on which it is founded are likely to degenerate. We show that trademark use theorists ignores the multivalence of trademark law, and that adopting trademark use doctrines would result in less transparent trademark decisionmaking. Instead, we propose that trademark law retain its traditional preference for contextual analysis. We show in particular how a contextual analysis would offer an approach to trademark disputes involving online advertising that better captures the potential of trademark law to police new information markets. Our analysis contemplates individualized assessments according to common law standards, but opens up policy space for the development of limited statutory safe harbors for intermediaries such as search engines.
The Lemley/Dogan abstract:
The debate over trademark use has become a hot-button issue in intellectual property (IP) law. In Confusion over Use: Contextualism in Trademark Law, Graeme Dinwoodie and Mark Janis characterize it as a dispute over whether to limit trademark holder rights in a new and unanticipated way. Yet there is another – in our view more historically accurate - way to frame the trademark use debate: the question is whether courts should, absent specific statutory authorization, allow trademark holders to assert a new and unprecedented form of trademark infringement claim. The pop-up and keyword cases involve attempts to impose third-party liability under the guise of direct infringement suits. Dinwoodie and Janis's thorough account notwithstanding, it remains the fact that, before the recent spate of Internet-related cases, no court had ever recognized a trademark claim of the sort that trademark holders are now asserting. Trademark infringement suits have always involved allegations of infringement by parties who use marks in connection with the promotion of their own goods and services. The question raised by the trademark use cases, as we view it, is whether courts should countenance a radical departure from that traditional model without specific instruction from Congress. We think they should not.
In this paper, we explain the origins of trademark use doctrine in traditional limits on the scope of the trademark right and in the distinction between direct and contributory infringement. We also explain why we cannot simply rely on the likelihood of consumer confusion test to solve the problems the trademark use doctrine addresses, and we examine the difficult problem of defining the scope of the trademark use doctrine.
Posted by Eric at 02:10 PM | Adware/Spyware , Search Engines , Trademark | TrackBack
April 12, 2007
Keyword Law Talk
By Eric Goldman
Tomorrow I'm giving a talk in Dallas entitled "Keyword Law." In light of the new Utah law, this turns out to be an interesting time to speak on the topic!
Posted by Eric at 03:53 PM | Adware/Spyware , Search Engines , Trademark | TrackBack
April 09, 2007
Keyword Advertising as Corporate Identity Theft—Sen. Eastman Defends New Utah Law Banning Keyword Advertising
By Eric Goldman
Last month, Utah quietly passed SB 236 to outlaw keyword advertising. Last week, SB 236’s sponsor, Sen. Dan Eastman, blogged a defense of the law. I really respect Sen. Eastman for engaging his critics in the blogosphere, but his response also illustrates how Utah passed such a rotten and anti-consumer law.
Sen. Eastman’s blog post is entitled “Identity Theft: The Next Generation,” and he explains that keyword advertising is a “creative new kind of identity theft.” Apparently, then, banning competitive keyword advertising should prevent a type of corporate identity theft. While invoking the Big Scary Threat of “identity theft” is a clever rhetorical move, it’s also analytically indefensible. Identity theft occurs when someone makes a false representation, but this law bans competitive keyword advertising that is completely truthful and does not confuse anyone.
Along the way, Sen. Eastman picks some colorful verbs to describe competitive keyword advertising, analogizing competitive keyword advertising to “carjacking” someone’s trademark (should we call this “markjacking”?) and suggesting that searchers presented with a comparative ad are being “shanghaied by a pirate.” These chosen verbs imply that somehow searchers are being forcibly deprived of their rights, as if a thief is holding a gun to the searcher’s head, saying “GIVE ME YOUR CLICK,” or that a careless searcher will wake up one morning with a bad headache trapped on a square-rigged ship as an indentured servant. But, there is no compulsion taking place with keyword advertising; searchers aren’t being forced to do something they don’t want to do. Search engines present keyword advertising, and searchers click on it when they think it’s relevant. Search engines increase consumer choice, not limit it, so in my opinion the only people being shanghaied here are Utah citizens harmed by this law and its bogus justifications.
Sen. Eastman also declares: “I make no apologies. Utah is a highly tech-savvy, super business-friendly state. We have more computers per capita than anywhere else in the nation.”
I can’t argue with his business-friendly characterization, as this law amply confirms that Utah happily sells out consumers to help businesses seeking to limit fair and legitimate competition. However, his reference to the number of computers in Utah is more puzzling. Utah residents may own a lot of computers, but the Utah legislature appears to be trying to render those computers useless by passing a dizzying array of regressive, anti-consumer, anti-Internet laws.
Finally, Sen. Eastman’s intransigence (“I make no apologies”) is understandable but unfortunate. This law will fail in the courts, and it would be a true public service to declare a “mea culpa” than to waste a lot of Utah taxpayers’ money in a futile defense of the law.
In addition to Sen. Eastman's post, Matthew Prince, CEO of Unspam, also blogged his own defense of the law. I'm still trying to parse Unspam's interest in this law--are they hoping to become the electronic registration mark's database vendor?
In any case, I thoroughly dissected Prince's proffered rationales (such as the bogus claim that Mazda "diverts" searchers for Pontiac) in this article, so I'll spare you the rehash here. However, I will address one legal point: it's misleading to suggest that the "Trademark Protection Act merely extends the same rights already enjoyed by mark holders throughout the rest of the world to Utah." Just like US courts, foreign courts are struggling to determine the proper application of their trademark laws to competitive keyword advertising, so there are numerous foreign rulings validating the legitimacy of competitive keyword advertising (see, e.g., Israel's endorsement of the practice in the Matim Li v. Crazy Line case).
UPDATE: It appears that Matthew Prince knows more about the dormant commerce clause than Utah's General Counsel. If this law isn't generating profits for Unspam, it's very generous of Unspam to give Matthew so much time to write lengthy legal memoranda.
Posted by Eric at 11:25 AM | Adware/Spyware , Search Engines , Trademark | TrackBack
April 03, 2007
Utah Bans Keyword Advertising [Updated]
By Eric Goldman
Utah SB 236 (the "Trademark Protection Act"), enacted March 19, 2007
Legislators enact stupid laws all of the time, but some laws transcend mere stupidity and produce a single 3 letter response: WTF? And no legislature has passed more WTF Internet laws than Utah's. Consider this track record:
* in 1995, Utah enacted the nation's first digital signature legislation designed to spur PKI-based digital signatures. But no one cared, and no company ever qualified for the statutory safe harbor. Completely unused, last year Utah repealed the law entirely after 11 years of futility.
* In 2005, Utah passed a law requiring Internet access providers to allow Utah's AG nee porn czar to designate porn websites as off-limits in Utah. Utah had to repeal some of that law, but litigation over the remainder is ongoing.
* Utah recently enacted a "don't email the kids" registry. Putting aside the major problems of state-based email laws (i.e., mapping geographic-based laws onto a borderless email infrastructure), email is much more suited to client-side filtering than centralized do-not-contact registries, and there's always the risk of bad actors getting their hands on the database of kids' email addresses. As a result, this law is such a bad idea that even the consumer protection-oriented FTC advocated against it.
Based on this list alone, I think it's safe to say that Utah has an unrivaled track record of enacting dumb, regressive, unproductive Internet laws. But Utah's 3 year battle against keyword advertising represents the strongest support for this assertion.
In 2004, Utah enacted the Spyware Control Act, a completely misguided (and misnomered) law designed to protect a few noisy Utah trademark owners with weak trademarks (such as 1-800 Contacts and Overstock.com) from legitimate competition via adware. In the process, the law took technology out of consumers' hands--even if consumers wanted and valued the technology. I have previously deconstructed in great detail why this law was terrible policy.
Unfortunately, our system doesn't have good checks/balances against dumb laws other than voting the politicos out (hey, Utah readers--hint hint). Fortunately, the initial implementation of the Utah Spyware Control Act was so grossly and obviously unconstitutional that a judge had no problem quickly enjoining the law in summer 2004.
Recognizing the futility of defending that law, Utah abandoned it and amended the Spyware Control Act in 2005 to merge it with trademark law. These amendments effectively eviscerated the law because, as amended, the law required plaintiffs to establish that keyword advertising via adware made a trademark use in commerce. This legal proposition was soundly rejected in the Second Circuit's subsequent holding in 1-800 Contacts v. WhenU. After that ruling (even though it wasn't binding on Utah courts), it's relatively clear that the post-2005 Spyware Control Act failed.
Apparently undeterred by its first two misfires with the Spyware Control Act, Utah has tried to enact regressive anti-consumer legislation for a third time. This time, they've stopped messing around with adware vendors. Instead, they have made a frontal assault on all keyword advertising across-the-board. So this law now appears to cover anyone selling keyword ads, including every major search engines (including Google), many adware vendors, and plenty of other e-commerce sites (eBay, Amazon, etc.).
Specifically, the law creates a new intellectual property right called an "electronic registration mark," defined as a "word, term, or name that represents a business, goods, or a service." This definition may be broad enough to protect domain names even if the domain names are otherwise generic or unprotectable under TM law. Owners of eligible words can register the terms in a new registry by paying a nominal fee.
Once registered, an infringement occurs if another person "uses an electronic registration mark to cause the delivery or display of an advertisement for a business, goods, or a service: (i) of the same class, as defined in Section 70-3a-308, other than the business, goods, or service of the registrant of the electronic registration mark; or (ii) if that advertisement is likely to cause confusion between the business, goods, or service of the registrant of the electronic registration mark and the business, goods, or service advertised."
I read this law to restrict all competitive ad buys of registered terms, even if the advertiser is engaged in comparative advertising that would be completely permissible under existing trademark law and not confusing to any consumer. (Interestingly, the law apparently excludes ad buys by affiliates unless their ad buy causes confusion.) Both the advertiser and the ad vendor are on the hook for an infringement.
To try to limit the law's effect to just Utah, the law only applies if the ad is displayed in Utah or the advertiser or keyword vendor is located in Utah. This caveat tries to overcome the obvious dormant commerce clause problems with this law. Utah, of course, is familiar with this problem given that the first version of the Spyware Control Act was struck down on DCC grounds.
But does this qualifier save the law? The practical reality is that every advertiser, wherever they are located, would have to check Utah's registry before buying keywords that might contain a trademark of a competitor, either because the competitor might be located in Utah or the competitor might have a registration nonetheless and the ads will be displayed to Utah residents (there's no way to buy keyword ads that exclude delivery to Utah residents). So I'm 100% convinced that this law has an extraterritorial effect.
However, I've made the same argument about state do-not-spam registries (where a sender based outside Utah must check the Utah registry before sending) and other state anti-spam laws, yet most of those laws have survived a DCC challenge--including a very recent DCC challenge to Utah's don't-spam-the-kids registry (See Free Speech Coalition v. Shurtleff, 2:05CV949DAK (D. Utah March 23, 2007)). Despite that, Utah's general counsel informed the legislature that the law probably violated the DCC, and I can't imagine judges won't find that compelling. Further, there are other grounds for a challenge here, including the First Amendment and other types of preemption. So I'm reasonably confident that the law ultimately will be struck down on some basis when challenged, although plenty of resources will be needlessly spent in the process.
Irrespective of the legal analysis, I'd be remiss if I didn't say what we're all thinking: this law is terrible policy created by a legislature out of control. We've learned over the last 15 years that keywords are a uniquely empowering tool to enable consumers to express their interests more accurately, concisely and cheaply than other alternatives, which in turn enables intermediaries like search engines to cater to their informational interests. The result is lower search costs for consumers, which in turn creates big social welfare payoffs by making more socially beneficial matches between consumers and producers. So as a matter of social policy, we should be encouraging the use of keywords, not banning it (see my extended support for this argument here (and, to a lesser extent, here)).
UPDATE: Whoops, I can't believe I forgot to mention this. On top of the major DCC problems with the law, there's a very good argument that search engine/online intermediary liability under this law is preempted by 47 USC 230. Last week, the Ninth Circuit in Perfect 10 v. CCBill held that 47 USC 230 preempted all state IP claims, including state TM laws. Online intermediaries can argue that advertisers select the keywords and provide the ads, meaning those items are "provided by another information content provider," in which case online intermediaries should not be liable for that content. This argument won't help advertisers themselves, so the law still creates plenty of friction for online advertising and could still hurt online intermediaries by suppressing demand for their ad inventory. However, if other courts buy the Ninth Circuit's reading of 47 USC 230, any frontal assault on Google or adware companies using this law might very well fail.
UPDATE 2: In response to this post and others, Sen. Eastman has blogged an explanation/defense of the law. I link to his post and provide more commentary in this post.
Posted by Eric at 01:58 PM | Adware/Spyware , Derivative Liability , E-Commerce , Search Engines , Trademark | TrackBack
March 25, 2007
Miva Securities Litigation Rejects Most Click Fraud/Syndication Fraud Claims
By Eric Goldman
In re Miva, Inc. Securities Litigation, 2007 WL 809686 (M.D. Fla. Mar. 15, 2007)
Stockholders of Miva (formerly FindWhat) sued Miva, alleging that Miva had inflated its stock price by making false public statements. In this ruling, Miva successfully dismisses most of the allegations, substantially narrowing the lawsuit. While Miva would have liked to dismiss the complaint entirely, Miva can still find some solace in the fact that the court clearly was underwhelmed by the overreaching nature of the plaintiffs' claims.
The Allegations
The court reports the plaintiffs' allegations at the center of the lawsuit:
two of FindWhat's main revenue generating distribution partners (Saveli Kossenko and Dmitri l/n/u), who represented 36% of FindWhat's revenues, were using illegal means to inflate revenues. This included the use of spyware, browser hijacking software, and “non-human traffic.” The use of such illicit methods of creating internet traffic, commonly referred to as “click-fraud,” meant that advertisers were not forwarded legitimate leads of consumers interested in acquiring their products. This resulted in advertisers refusing to place high bids with FindWhat, causing FindWhat's revenue shortfall to worsen…
Based on this, the plaintiffs introduced eleven public statements to show that Miva was painting a rosier picture than reality, including the following statements:
1) 9/3/03 press release: "Through FindWhat.com, online marketers are able to cost-effectively promote their websites and find highly qualified prospects who have already expressed an interest in their product or service." The court says that the plaintiffs did not allege that the defendants knew its two distributors were sketchy in September 2003.
2) 9/19/03 press release: "The FindWhat.com Network includes hundreds of distribution partners, such as CNET's Search.com, Excite, Webcrawler, MetaCrawler, Dogpile, and Microsoft Internet Explorer Autosearch." The implication is that the defendants had a high quality distribution network when they didn't. The court soundly rejects this contention, saying:
Stating that the FindWhat network “includes hundreds of distribution partners” and identifying seven of the well-known distribution partners says and implies nothing about the Saveli and Dmitri traffic. The press release did not claim these distribution partners were representative of the others, and made no assertion as to the traffic attributed to any of them.
3) 10/20/03 press release: "FindWhat.com's services are a source of revenue and relevant keyword-targeted listings for its partners, while providing its managed advertisers with exposure to potential customers across the Internet. As with the Yellow Pages in the offline world, FindWhat.com's managed advertisers get their message in front of prospects at the exact time they are looking for the advertisers' products and services. Unlike the Yellow Pages, advertisers only pay for those visitors that “walk” into their virtual stores." The court says that this quote does not address the quality of FindWhat's network.
4) 12/10/03 press release: "FindWhat.com operates online marketplaces that connect the consumers and businesses that are most likely to purchase specific goods and services with the advertisers that provide those goods and services....This cost-effective, pay-for-performance model allows Web advertisers to pay only for those prospects which click-through to their sites, and increase their potential for exposure through the millions of advertisements distributed throughout the network per day." The court says this press release predates Miva's alleged knowledge of click fraud in its network, which (as alleged by plaintiffs) started June 2004.
5) 3/5/04 10-K: "We expect that our consultants, agents, resellers, distributors, subcontractors, and other business partners will adhere to lawful and ethical business practices. It is important to our company's reputation that we avoid doing business with companies which violate applicable laws or have reputations which could harm our business. Our policy prohibits engaging agents or other third parties to do indirectly what we as a company should not do under our own policies outlined in this code....The FindWhat.com Network is dedicated to delivering high-quality keyword ads as a result of an Internet user's search query. As such, we have written and strictly enforce advertising guidelines to try to ensure high relevancy standards....We are dedicated to delivering high-quality traffic to our advertisers' websites. We employ an integrated system of numerous automated and human processes that continually monitor traffic quality, often eliminating any charges for low quality traffic proactively from the advertisers' accounts. We enforce strict guidelines with our Network partners to ensure the quality of traffic on the system....We purchase Internet traffic from our distribution partners. Expressed as a percentage of revenue, Internet traffic purchases from one distribution partner represented over 10% of total revenue for each of fiscal 2003 and 2001 and Internet purchases from two individual distribution partners represented over 10% of total revenue for fiscal 2002....During the years ending December 31, 2003, 2002, and 2001, no advertiser represented more than 10% of the Company's total revenue. The Company purchases Internet traffic from distribution partners. Expressed as a percentage of revenues for the year ending December 31, 2003, Internet traffic purchases from one distribution partner represented over 10% of total revenue, for the year ending December 31, 2002, Internet traffic purchases from two distribution partners each represented over 10% of total revenue, and in the year ending December 31, 2001, Internet traffic purchases from one distribution partner represented over 10% of total revenue. However, none of these distribution partners represented more than 15% of total revenue during the three-year period ended December 31, 2003."
Plaintiffs take several swipes at this language, including (a) its 2 distribution partners had acted unethically, (b) the math doesn't add up when 2 distribution partners were about 1/3 of total revenues, and (c) Miva had failed to strictly enforce its policies against the distribution partners.
The court says that there was no promise that all business partners were ethical, dedication to a high-quality network isn't inconsistent with having some bad apples in the network, Miva properly disclosed that 2 distributors represented over 10% of revenue, and these statements were mostly protected forward-looking statements tempered with appropriate cautionary statements.
6) 7/6/04 conference call statements about revenue growth. The court says these statements weren't alleged to be untrue. Also, the plaintiffs alleged that Miva had an obligation to disclose bid deflation, but the court says that this wasn't required in a between-reporting-period conference call.
7) 11/1/04 conference call: an analyst asked about Miva's traffic sources, Although the Miva execs gave a garbled and ambiguous response, the court says that both execs' responses were the equivalent of "no comment."
8) 12/16/04 Jeffries research report. The court says that statements in that report don't bind Miva because they were made by an independent analyst.
9) 2/23/05 press release: Miva made some projections for 2005 revenue, which plaintiffs say were tainted by the fact that they included revenue from the questionable distributors. The court says that these projections were protected forward looking statements.
10) 2/23/05 conference call: Miva claimed that it has terminated specific rogue distributors, but plaintiffs introduced evidence that in fact Miva hadn't terminated those distributors. The court said that this was adequately pled.
11) 3/16/05 10-K. "Plaintiffs allege that statements made in the Form, “[w]e do not rely on ‘spyware’ for any purpose and it is not part of our product offering,” were false and misleading because the two largest distribution partners did in fact rely upon spyware. (¶¶ 89-90.) Additionally, statements made in the Form assuring that FindWhat was implementing screening policies and procedures to minimize fraudulent clicks were allegedly false and misleading because Defendants knew or should have known that the majority of their distribution network relied on click fraud, (¶¶ 91-92); statements made that “none of the traffic purchased from any of these distribution partners represented over 10% of consolidated revenue in 2004” were false and misleading because the percentage of revenue generated by two distribution partners exceeded the threshold without disclosure, (¶¶ 93-94); and statements that distribution partners were taken off line in the fourth quarter of 2004 were untrue. (¶ 96.)" The court said that these were adequately pled.
Implications
All told, the court dismissed the lawsuit for 9 of the 11 statements identified by the plaintiffs, leaving only statements #10 and 11 for further proceedings. As with the other recent Miva click-fraud ruling, Miva would have loved to see the entire lawsuit dismissed, but the lawsuit’s narrowing still represents good news for them.
This lawsuit also illustrates how hard it will be for the plaintiffs to succeed in the "syndication fraud" lawsuit against Yahoo from last year. Although Yahoo used different language, the court’s ruling regarding statements #2 and 3 pertain directly to the gist of the Yahoo plaintiffs’ allegations. That lawsuit is currently on hold while the parties try mediation and settlement discussions, but as part of those discussions I suspect Yahoo will be pointing this opinion out to the plaintiffs.
Posted by Eric at 03:05 PM | Adware/Spyware , E-Commerce , Marketing , Search Engines | TrackBack
March 12, 2007
Affiliate Spam Liability is Fact Question--US v. Cyberheat
By Eric Goldman
U.S. v. Cyberheat, Inc., 2007 WL 686678 (D. Ariz. March 2, 2007)
This case deals with one of the great unresolved Cyberlaw questions: when is an online advertiser liable for the downstream behavior of its media outlets? This question is so important because advertising fuels the Internet economy, both the good--such as the great social benefits produced by ad-supported search engines--and the bad--such as unwanted spam and pernicious spyware. Accordingly, it is critical that advertiser liability policy be set very carefully. Set correctly, bad spam/spyware could dry up. Set incorrectly, the Internet ecology could be destroyed.
Typically, consumer protection advocates favor strict liability for online advertisers. Thus, regardless of advertiser scienter, advertisers should have absolute liability for running ads via unwanted adware or spam. On the plus side, such a theory would probably have the desired benefit of cutting off the flow of advertising to spam and adware.
On the minus side, strict liability for online advertisers also would reduce online advertising across-the-board. Advertisers don’t want the additional liability, nor would they want to spend the time/money to monitor downstream behavior. Perhaps more importantly, I am not aware of any equivalent liability on the part of offline advertisers, so strict liability for online advertisers would represent a type of cyberspace exceptionalism that would likely direct dollars away from online advertisement back to offline advertising.
Interestingly, we have surprisingly little law involving online advertiser liability for media outlets. Statutorily, advertiser liability was enacted in CAN-SPAM and the Utah/Alaska anti-adware laws, but I'm not aware of other statutes. From a case law standpoint, there is surprisingly little precedent. Two relatively recent spam cases, Fenn and Hypertouch, have implicitly rejected strict liability for advertisers (the Fenn case dealt with Utah's anti-spam statute, not CAN-SPAM); in both cases, the advertiser’s use of a contract prohibiting advertising by spam was sufficient to cut off liability for downstream behavior. The Cyberheat case pointed to another case I hadn’t caught before, the Fare Deals v. World Choice Travel.com case, 180 F. Supp. 2d 678 (D. Md. 2001), which also rejected advertiser liability (in that case, for ads running on a website that allegedly infringed trademarks). Finally, there was the recently hyped settlement between the NY Attorney Generals' office and three adware advertisers. However, it's hard to divine much precedent from a settlement, and the chicken-scratch settlement terms imply that the defendants didn't settle because they were quaking in their boots over their legal liability.
(There are other cases, and I haven't done a complete regression to validate this point--but I trust the point is clear that the case law is scrappy and defense-favorable).
The dearth of relevant case law makes the newest case on the topic, US v. Cyberheat, so interesting. The FTC went guns ablazin’ after a porn website for spam sent by its affiliates that allegedly violated CAN-SPAM, arguing under the terms of the statutory advertising liability provision that the advertiser is strictly liable for these spam or should be liable under an implied negligence theory (the case doesn’t use the term “implied negligence,” but the term is designed to characterize the FTC's theory that the facts so clearly establish negligence that the defendant should be liable without any further showing about its mental state).
This tussle over the appropriate scienter requirement appeared to overwhelm the judge, and we get a pretty garbled opinion in response. However, we get one clear statement here: the judge unambiguously rejects strict liability for the affiliate's behavior. Instead, after chasing his tail articulating various vicarious liability/respondeat superior/agency theories, the judge concludes that the advertiser is liable for the affiliate spam only if the advertiser had sufficient knowledge of and control over the affiliates' behavior.
But...how much knowledge and control is sufficient? I have no idea, and frankly, I don't think the judge does either. However, let's look at the facts alleged by the FTC that weren't sufficient to win summary judgment:
* the advertiser didn't have a significant screening process for retaining affiliates
* the advertiser didn't ask affiliates if they planned to do email marketing
* the advertiser had an agreement prohibiting spam but terminated affiliates slowly/inconsistently even when the advertiser received consumer complaints about an affiliate's behavior
* when the advertiser terminated affiliates, it didn't always terminate multiple accounts held by the same affiliate
* the advertiser provided web hosting, marketing and promotional tools to affiliates, including (I believe) serving up the porn images displayed in the emails when opened
The advertiser's principal counterarguments were that it had its contract restriction against spam and that the affiliates were independent contractors. (It was unclear to what extent the advertiser disputed the other facts alleged by the FTC).
So this case will go to trial to determine the advertiser's knowledge/control and whether it acted reasonably under these circumstances. While the FTC might still win this case, this ruling nevertheless must be a sobering wake-up call that the government can't simply allege that liability follows ad dollars and expect to win.
More commentary on this case: Venkat and Reasonable Basis.
Posted by Eric at 03:42 PM | Adware/Spyware , Derivative Liability , Marketing , Spam | TrackBack
February 24, 2007
Domain Name Regulation Talk and McGeorge ICANN Conference Recap
By Eric Goldman
Yesterday, I went to the McGeorge conference on ICANN and domain names. My slides from my talk entitled Keyword Regulation and Domain Name Exceptionalism. I made the point (first outlined in my Deregulating Relevancy article) that domain names are just a subset of navigational keywords, yet we've developed a pretty extensive list of domain name-specific regulations. I argued that we should harmonize the regulatory treatment of keywords by deregulating domain names.
A couple of other noteworthy talks from the event:
* Dr. Filomena Chirico from Tilburg University spoke about "Restrictions on Competition in Internet Governance"--basically, an antitrust analysis of the domain name market. The analysis was nicely presented but, I think, misses a critical point--she focuses on domain names as a standalone market, while I think there's significant cross-elasticity of demand between domain names and other types of marketing/keyword purchases.
* Dr. Todd Davies of Stanford gave an excellent talk entitled "Communication Infrastructure and Information as Forms of Private Property: A Behavioral Perspective on Technology Evolution." Effectively, this was a behavioral economics analysis of developing IP regulations. He then applied these principles to ICANN, showing that establishing ICANN creates a number of predictable problems from a behavioral economics approach, so we would be better off without ICANN trying to regulate domain names. He brought a number of interesting and valuable social science tools to the process of developing IP regulations. For example, he pointed to the psychology principle of "loss avoidance" and showed that endowing a person with IP rights creates the prospect of loss avoidance if that person feels like they are being deprived of their property. I've seen a lot of discussions about the problems of creating IP rights, but I'm not sure if I can recall seeing the loss avoidance principle raised as part of the reasons why IP owners fight so hard to protect their rights and howl whenever there is a proposed scale-back of rights. This looks worth exploring.
* Clark Kelso, California's Chief Information Officer (and a professor at McGeorge), gave the lunchtime keynote talk. He started the talk by listing a parade of horribles about Internet content/behavior (porn, spam, security threats, etc.) which led him to characterize the Internet as a "sewer" that needed substantive regulation to clean it up. In Q&A, I asked him if the Internet was more of a sewer than any other communication medium (his response indicated that he probably didn't understand my point). I shudder to think that he might be advancing the "Internet-as-sewer" meme throughout the corridors of power in Sacramento. Clark also came out swinging against net neutrality regulation. It will be interesting to see if the Schwarzenegger administration takes a more aggressive stance in that debate.
Posted by Eric at 08:52 AM | Adware/Spyware , Domain Names , Search Engines , Trademark | TrackBack
February 06, 2007
Ezor on Email Blocklists
By Eric Goldman
Jonthan Ezor has posted a short paper (10 pages + endnotes), Busting Blocks: Appropriate Legal Remedies For Wrongful Inclusion In Spam Filters Under U.S. Law, to SSRN. This article deals with thorny issues created by email blocklist services, although he focuses specifically on volunteer organizations. The article discusses an email marketer's recourse for incorrectly being listed as a spammer on a spam blocklist, including defamation and intentional interference with prospective business relationship claims, as well as the limits of those claims under 230(c)(1) and 230(c)(2). He concludes that blocklist vendors should use objective criteria, should have an appeals process to correct mistaken listings, and should be surgical in blocklisting IP addresses. He also concludes that vendors should be:
held to professional standards of conduct, including objectivity, reasonable care, and (to the extent their activities cause harm) accountability. The alternative, relying on their good faith and internal procedures, is no longer acceptable, given how critical e-mail has become.
The issues raised by blocklist services are complex, and they span a variety of rating services online, including spyware filters, Google's PageRank and eBay's feedback forum. On the one hand, filters are simply in the opinion "industry," and they add significant value by centralizing behavior monitoring because it's too expensive for each of us to independently form our own opinions.
On the other hand, by ceding control to filter vendors, we have to trust that these vendors will make good choices. There have been plenty of examples where filter vendors have made questionable choices--the RBL was notorious for being arbitrary and unresponsive, but I've heard plenty of complaints from software vendors upset by their characterizations as adware/spyware and even more complaints from websites unhappy about the operation of Google's PageRank filter. So the centralization of opinion formation can have significant private (and perhaps social) costs if done poorly, and I'm not entirely clear that the market for centralized opinions is particularly efficient.
Thus, opinion vendors can have a lot of power but may not be fully accountable for wielding that power unwisely. Despite this, I favor the production of such opinions, so from a legal standpoint, I think filters should be broadly protected for their choices. On the other hand, we as consumers of filters need to be vigilant about the filters we trust.
Posted by Eric at 10:43 AM | Adware/Spyware , Derivative Liability , Spam | TrackBack
January 31, 2007
Advertisers Settle NY Anti-Adware Action
By Eric Goldman
Earlier this week, the New York Attorney General's (NYAG) office issued a press release with the blazing all caps headline:
GROUNDBREAKING SETTLEMENTS HOLD ONLINE ADVERTISERS RESPONSIBLE FOR DISPLAYING ADS THROUGH DECEPTIVELY INSTALLED “ADWARE” PROGRAMS
Groundbreaking...or groundless? After all, as I've posited before, the argument that advertisers can be liable for the actions of their advertising venues has almost no legal support. So this settlement may be groundbreaking, but a cynic could argue that the settlement is also legally groundless.
So why settle if the advertisers didn't break the law? Arguably, the settlements merely represent the logical decision by innocent parties under pressure by out-of-control prosecutors who impose massive costs on their targets just by initiating an investigation. I think the specific settlement terms provide some perspective on this. Each of the three advertisers (Priceline, Travelocity, and Cingular Wireless) agreed to three basic operative terms:
* checks in an amount ranging between $30-$35k--an amount vastly dwarfed by the cost of litigating an NYAG enforcement action. Basically, these checks are a small fraction of the nuisance value of the lawsuits.
* a promise to include certain covenants in downstream ad agency or advertising partner agreements restricting the placement of ads into impermissible adware. This is a little bit of a pain because the advertisers may get some pushback from their business partners on the specific terms, but for the most part, this is a meaningless provision. It's easy for the settling advertisers to put the required language into their standard ad buy agreements (or some rider) and satisfy this burden.
* Knowing that talk is cheap, the NYAG added some bite to the previous obligation. Not only must the advertisers include language in their contract, but they must do quarterly audits to confirm that their ads aren't showing up on adware. THAT sounds like a fun job for an employee. Not only does this obligation burn some employee time every quarter, but they will need to buy that employee a disposable computer!
So, what do we learn from this settlement? Not much. We learned a long time ago that if Spitzer's office called with a baseless demand, generally the cheapest and most expeditious course of action is to strike a deal even if it makes your skin crawl. In this case, the decision was easy: settling cost a check that's less than the cost of litigating the defense, plus the loss of a few hours of an employee's time each quarter. Sounds like a pretty cheap way of getting out of prosecutorial cross-hairs.
But what should the advertising industry do in the wake of this enforcement action and settlement? One obvious solution is that every advertiser could contractually require that their ad agencies blacklist adware. This would be a nuisance, especially because it would impose extra burdens on advertisers who have never even used adware, and the value of proactively blacklisting depends in part on advertisers' risk tolerances and predictions of how Cuomo will run the NYAG office now that Spitzer has moved on. (It remains to be seen if Cuomo has the same appetite for bringing dubious enforcement actions as Spitzer.)
Alternatively, advertisers may gravitate towards a standard like the Trusted Download program. Requiring that downstream ad partners adhere to the Trusted Download standards will give advertisers significant legal cover the next time prosecutors get frisky.
Meanwhile, from an academic standpoint, I'm troubled that the advertising industry might change its practices based on a legal theory that the NYAG didn't prove in court and could be legally baseless. Therefore, I renew my call for anyone to articulate the legal doctrine on which advertisers should be liable for the behavior of their advertising venues (excluding spam, which is statutory), preferably with supporting caselaw precedent. I'm all ears.
Posted by Eric at 10:04 PM | Adware/Spyware , Derivative Liability , Marketing | TrackBack
November 02, 2006
Keyword Law and Blog Law Presentations
By Eric Goldman
I took a lovely (but wet) 30 hour trip to Portland to give 2 talks:
* Keyword Law talk (substantially revised from my last talk on the topic August 2005)
* Blog Law talk (modestly revised from my last talk on the topic April 2006)
Posted by Eric at 08:21 PM | Adware/Spyware , Derivative Liability , Search Engines , Trademark | TrackBack
October 25, 2006
NY v. DirectRevenue Hearing Transcript
By Eric Goldman
I previously blogged on the New York v. DirectRevenue case and the amicus brief that David Post, Scott Christie and I filed. Last week, there was a hearing on DirectRevenue's motion to dismiss. The transcript. Note that all transcript references to "Mr. Christie" actually should be to Justin Brookman of the NYAG's office.
One exchange that caught my attention: the judge got feisty with Brookman over the NYAG's continued misuse of the term "spyware" to describe software that lacks a report-back feature (see the Merriam-Webster definition of spyware). On page 17, the judge says to Brookman:
Wait a minute. You called it spyware. And then when your adversary says wait a minute, none of this is alleged in their papers. Forget spyware. It's not spyware unless you tell me different.
I've complained before about the problems created by the lack of standard nomenclature for adware and spyware. This sloppy nomenclature can benefit plaintiffs to the extent they can use the term "spyware" as a scary smear tactic. But as the judge's retort indicates, it can also backfire when judges realize that the term is being used to misportray the facts.
Posted by Eric at 02:51 PM | Adware/Spyware | Comments (3) | TrackBack
October 13, 2006
One Judge's Derisive View of Junk Faxes as Conversion
By Eric Goldman
Rossario's Fine Jewelry, Inc. v. Paddock Publications, Inc., 443 F. Supp. 2d 976 (N.D. Ill. Aug. 17, 2006).
I've blogged before on courts' rejection of a common law conversion claim based on the receipt of junk faxes. I've always viewed such claims as not really passing the smell test because of the de minimis nature of the putative harm. So I couldn't resist Judge Shadur's crunchiness when presented with this issue (Rossario is the recipient and Paddock is the sender):
What Rossario's counsel identifies as the "property" purportedly converted by Paddock is the "ink or toner and paper" in Paddock's [sic--I think the court meant Rossario's] fax machine that were consumed in generating the one-page fax production. As modern a development as the fax may be, that contention reconfirms the teaching of Ecclesiastes 1:9 that "[t]here is no new thing under the sun," for the ancient maxim "de minimis non curat lex" might well have been coined for this occasion.
More importantly, even apart from the niggling nature of the claim in those terms, it is lacking in the formal requirements of a conversion claim....
...it would impermissibly warp the concept of "conversion" if that label were to be attached to Rossario's property (ink, toner and paper) that never came into Paddock's possession at all--that was never "unlawfully held" by Paddock and as to which Paddock could be said to have "assumed control, dominion or ownership over the property" (Cirrincione v. Johnson, 184 Ill.2d 109, 114-15, 234 Ill.Dec. 455, 703 N.E.2d 67, 70 (1998)) only by stretching that language beyond its normal meaning....
Under Rossario's approach this Court could well charge it and its counsel with "conversion" for the Court's having had to waste paper and ink in the just-completed analysis...
Uh, in case this wasn't clear, claim dismissed!
Posted by Eric at 09:22 AM | Adware/Spyware , Marketing | TrackBack
October 11, 2006
Article on Regulating Marketing--A Coasean Analysis of Marketing
By Eric Goldman
Eric Goldman, A Coasean Analysis of Marketing, 2006 Wis. L. Rev. __ (forthcoming).
In 2001, I had a career-altering epiphany while I was working at Epinions (this is the topic that prompted me to consider becoming a full-time academic). Epinions was morphing from a content generation engine (generating consumer reviews of products and services) into a shopbot where a core value proposition was to refer users to vendors to consummate transactions. As we made this transition, I realized that we were really entering the attention broker business. We aggregated consumer attention, principally from search engine referrals, using copyrighted content (the consumer reviews) as marketing to capture consumer attention. We then redirected that attention to vendors for our economic benefit. To the extent we bought the consumer's attention (say, through paid search listings), we were just in the attention arbitrage business (i.e., we wanted to sell the attention for more than we paid to buy it).
As a result, I realized that we competed against every other attention broker, including adware vendors (who were nascent in 2001), spammers, and every other marketing intermediary. But I couldn't resolve an underlying question--what gave us (or anyone) the right to broker a consumer's attention? Who "owned" attention, and when was it permissible to profit from someone else's attention?
It took me 5 years and 8 complete rewrites to complete my paper, A Coasean Analysis of Marketing, that answers these questions. This was one of the hardest things I've ever done professionally. It was truly a labor of love!
Part of my difficulty is that I ultimately realized that "attention" wasn't the real issue (and, in fact, it was distracting me). Instead, "attention brokering" is really a matching problem--marketers and consumers want to match with each other, but the matching process is costly. In particular, the key challenge is that consumers incur costs to express their preferences, a problem exacerbated by rising data glut.
Thus, the only sustainable solution allows consumers to express and manage their preferences at a near-zero cost. This will require a technological, not legal, solution, and the technology will look a lot like what we currently call adware and spyware. In turn, we may be doing ourselves a disservice if our efforts to regulate adware and spyware inhibit the development of technology that provides improved marketer-consumer matching in an information overload environment.
Certainly, many of these themes will be familiar to blog readers. However, this article ties together numerous threads that I've addressed on an ad hoc basis and, for the first time, lays out my vision comprehensively. Thus, I hope you'll take a look at it. I welcome your comments and thoughts.
Some discussion about the article from around the blogosphere:
* Peter Huang's comments
* Frank Pasquale's comments
* Conglomerate Junior Scholars Workshop comments (including responses to Peter's and Frank's comments)
* Daniel Solove's comments
The abstract:
Consumers claim to hate marketing - mostly, because they get too much unwanted marketing. In response, regulators develop medium-by-medium marketing suppression regulations. Unfortunately, these ad hoc solutions do little to satisfy consumers, and dynamic technologies and business practices quickly render them moot. Instead of continuing this cycle, there would be some benefit to developing a cross-media marketing regulatory scheme.
However, any holistic solution must be predicated on a clear rationale for regulating marketing. The most common justification is that marketing imposes a negative externality on consumers, but this argument ignores the private and social welfare created by marketing and can lead to cost overinternalization and marketing undersupply.
The Coase Theorem also suggests that social welfare improves by reducing the costs of matching marketers with interested consumers. To achieve this, consumers need a low cost but accurate mechanism to manifest their preferences. This Article shows that typical regulatory and marketplace solutions do not provide effective mechanisms.
Instead, marketer-consumer matchmaking will improve from technology that will automatically infer consumer preferences and use these inferences to filter incoming marketing and seek out wanted content. This technology is rapidly emerging, but regulation of surreptitious monitoring devices (like adware and spyware) may inadvertently block the development of this socially-beneficial technology. As a result, current regulatory overreactions to developing technology may counterproductively foreclose social welfare improvements
Posted by Eric at 11:33 AM | Adware/Spyware , E-Commerce , Marketing , Privacy/Security , Search Engines , Spam | TrackBack
October 09, 2006
Must Websites Comply with the ADA (and State-Law Equivalents)? National Federation of the Blind v. Target
By Eric Goldman
National Federation of the Blind v. Target Corp., No. C 06-01801 (N.D. Cal. Sept. 6, 2006)
This case got a fair amount of attention when it first came out, so I'm a little late to this party. However, I think there were some key points from this case that got overlooked.
Must Websites Comply with the ADA?
To the limited extent addressed by the precedent, websites have not been obligated to comply with the ADA (or similar anti-discrimination laws). See, e.g., Access Now v. Southwest Airlines; Noah v. AOL. This is because the laws apply to physical spaces, not virtual spaces. This opinion breaks with the precedent by denying a motion to dismiss by target.com. Thus, this case could stand for the proposition that websites may be required to comply with the ADA.
However, I think this opinion is substantially narrower than that. The court says that target.com may be tightly integrated with Target's physical stores to the point where the inability to use the website may interfere with blind people's ability to fully enjoy the physical stores. (On that front, FN 4 is telling: "It appears from a review of the website in question—which the court notes is not in evidence but nonetheless does raise some questions—that Target treats Target.com as an extension of its stores, as part of its overall integrated merchandising efforts.")
Thus, this reasoning should only apply to "bricks 'n' clicks" retailers who have both physical and online stores and integrate the two. Thus, the reasoning does not apply to pure e-commerce retailers with no offline stores or to web publishers of any sort. It should also exclude retailers who completely separate their online and offline stores.
(Having said that, it's a no-brainer that businesses should try to accommodate blind visitors to their websites; not only are blind visitors a valuable market segment, but it's the right thing to do).
In any case, the court just refused a motion to dismiss. As a result, Target's ultimate liability remains to be determined. It may be noteworthy that the judge denied the motion for a preliminary injunction despite the favorable legal ruling to the plaintiff.
Must Websites Comply with State-Level ADA Equivalents?
I think the even more important ruling in this case relates to the dormant commerce clause (DCC). Based on the DCC, Target tried to dismiss claims under some California state laws that overlap the ADA. This is not a new issue on the Internet--there is a pretty good list of DCC cases, but with an odd split. In one line of cases, I believe every court that has opined on state anti-Internet porn laws have deemed them invalid under the DCC. In contrast, most other courts, especially those involving anti-spam laws, have upheld state Internet regulation from DCC challenges.
Here, Target argues that the CA ADA-equivalents will have an extraterritorial effect by forcing Target to change its website even for non-CA residents. Judge Patel breezily dismissed this argument, saying that Target should just build a CA-specific website to comply with CA law. She continued:
Pataki asserts that someone who puts content on the internet has “no way to determine the characteristics of their audience . . . [such as] age and geographical location.” Pataki, 969 F. Supp. at 167. This is simply incorrect. It is common practice for websites for entities operating in multiple countries to have a single site that directs customers to different versions based upon language. Websites can determine the location of a user from information they provide, such as a credit card number, or from the internet service provider an individual uses. It may, or may not, be prohibitively expensive for a website to tailor its content based on the location of its users, but it is certainly technically feasible.
It's true that this is technically feasible, but that's hardly insightful. Other than outcomes that break the laws of physics, anything is possible with the proper application of time and money. But this argument misses two critical points.
First, applying CA law here to require Target to display an interstitial page to request geographic information from web visitors may regulate the interaction between two entities not resident in CA. (This is harder to see when Target chooses to do business generally in CA, but consider this argument in the context of the Alaska anti-adware law where I believe no adware vendor is resident in Alaska but they still must ask non-Alaskan residents for geographic information due to the Alaska law.) This is exactly the kind of extraterritorial effect that the DCC should preclude. This is also a place where the Internet is just different from offline circumstances because of an implicit tautology: the laws require websites to authenticate visitors to determine if these visitors trigger the website's requirement to comply with the law--thus, the laws required the websites to take certain steps even in the circumstances where the laws don't apply because the interaction is between two non-residents. (Which is almost certainly true in 99%+ of adware downloads putatively governed by "ask geography before downloading" requirement of the Alaska anti-adware law).
Second, and more importantly, this would be a terrible policy result. It's hard to imagine the counterfactual Internet where every website visitor is bombarded by interstitials or pop-ups from every website requesting geographic information before they can proceed to see the website's contents. This would be a horrible user experience that would inhibit the seamless floating from website to website that characterizes the web's link economy. We just won't go across websites as freely as we do today. Also, some users would be uncomfortable with providing geographic information to the website. (Some users provide this geographic information unwittingly through their IP addresses, but many do not).
The battle over geographic authentication rages on, and this case's pithy analysis doesn't do much to advance our understanding. Nevertheless, it gives us another important data point that our days of being able to browse the web without constant self-reporting of geography may be numbered. Personally, if that comes to pass, I'll miss the Internet the way it is today.
Posted by Eric at 02:50 PM | Adware/Spyware , Content Regulation , E-Commerce , Spam | TrackBack
September 22, 2006
New York v. Direct Revenue Amicus Brief
By Eric Goldman
David Post, Scott Christie and I have filed an amicus brief in New York v. Direct Revenue LLC, No. 401325/06 (N.Y. Supreme Ct.), one of Spitzer's office's high-profile enforcement actions against adware companies.
Among other aggressive positions, the NYAG's office argues that Direct Revenue committed deceptive trade practices by disclosing certain information only in the EULA. Our amicus brief notes the potential implications of this argument given the ubiquity of clickthrough agreements as a disclosure mechanism on the Internet. We don't opine on Direct Revenue's specific practices, but we express concern that the expedited procedure chosen by the NYAG's office isn't the right venue to set precedent implicating the practices of millions of companies.
Posted by Eric at 10:45 AM | Adware/Spyware , E-Commerce , Licensing/Contracts | Comments (1) | TrackBack
September 16, 2006
Internet Law Updates Talk
By Eric Goldman
Yesterday I gave a talk called "Internet Law Updates" at an event sponsored by the California State Bar's IP Section. My slides.
Posted by Eric at 02:06 PM | Adware/Spyware , Copyright , Search Engines , Trademark | Comments (1) | TrackBack
September 07, 2006
Adware, Spam and Some of My Other Favorite Topics
By Eric Goldman
There has been a flurry of interesting legal developments in the last few days:
* The plaintiffs voluntarily and unilaterally dismissed (with prejudice) Simios v. 180solutions, one of several putative class actions against adware vendors. See the 180solutions press release.
* The Battaglia v. DirectRevenue lawsuit, another of the putative class actions against adware vendors, has preliminarily settled. As David Fish points out, the settlement offers very little additional value for consumers beyond the settlement in the Sotelo case. Plaintiff's counsel gets $45,000--a pretty small payday for a case like this.
* The FTC case against Enternet Media has reached a stipulated order/settlement, including a $2M+ payment to the FTC. Enternet Media allegedly was one of the companies flashing banner/pop-up ads warning that your computer was infected and they would help; when users took advantage of their "help," they allegedly installed a bunch of harmful software onto users' computers.
* Jaynes v. Virginia, 2006 WL 2527678 (Va. App. Ct. Sept. 5, 2006). Virginia's intermediate appellate court upheld Virginia's harsh anti-spam law against both jurisdictional and First Amendment challenges. I believe Ethan Ackerman will guest-blog a more thorough analysis of this case soon. For now, Venkat has a thoughtful discussion. According to the Washington Post, Jeremy Jaynes will appeal the appellate ruling. If he can't overturn the ruling, he's facing an incredible 9 years in jail.
* Lands' End, Inc. v. Remy, 2006 WL 2521321 (W.D. Wis. Sept. 1, 2006). An affiliate registers some typosquatted domain names as a way of "diverting" consumers through those URLs to get the affiliate commission. The court denies the defendants SJ on the ACPA, fraud and breach of contract claims, but they do get SJ on the false advertising claim. Rebecca has the recap.
* According to Reuters, Bertelsmann is paying $60 million to settle Vivideni's lawsuit over Bertelsmann's investment in (and support of) Napster. (It's not clear how this settlement relates to Vivendi's acquisition of BMG). This lawsuit was particularly interesting because it tested the boundaries of investor liability for investing in copyright-infringing companies (a liability normally we expect to be precluded by the corporate veil). John O's discussion of some previous rulings in this case. Note that Bertelsmann was not the only investor-defendant in the case, so it may still be ongoing.
* The lawsuit over the fictional status of James Frey's putatively non-fiction book A Million Little Pieces has preliminarily settled. Buyers can get a full refund, but only if they jump through some significant hoops (like sending in an actual part of the book or packaging, plus a sworn statement that the purchaser would not have bought the book if they knew it was partially fiction). The publisher's liability is capped at $2.35M, which includes refunds, attorneys' fees and a donation to charity. Note that the publishers had offered rescission earlier in the case, but some plaintiffs were seeking compensation for their lost time/attention. It appears the publisher successfully limited its liability to rescission, and by making the barriers high enough, the publisher won't even have to make rescissions across-the-board.
Posted by Eric at 10:43 AM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , Spam , Trademark | TrackBack
August 31, 2006
Alaska's Anti-Adware Law--A One-Year Status Report
By Eric Goldman
A year ago today, Alaska enacted the most expansive anti-adware law to date. This post gives a quick status report on the law.
So, what's happened in the past year? As far as I can tell, nothing. I've not heard of any preemptive challenges or any enforcement actions. Radio silence.
Contrast this with Utah's enactment of its problematic anti-adware law in 2004--the law was promptly challenged on Constitutional grounds, the court quickly issued an injunction, and the legislature amended the law within a year to render it largely irrelevant. As far as I know, Utah's law also sits unused. Overstock.com did sue SmartBargains under the initial version of the act; I'm not sure what happened to that claim after the law was enjoined.
I'm always fascinated when laws are passed with lots of fanfare and then sit dormant. Why hasn't the Alaska law generated any action (pro or con) yet? I think the secret may lie in some odd language that I overlooked when I initially dissected the statute. The law defines a pop-up ad as:
material offering for sale or advertising the availability or quality of a property, good, or service that is displayed on a user's computer screen, without any request or consent of the user, separate from an Internet website that a user intentionally accesses (emphasis added)
What does it mean that a user "requests" or "consents" to a pop-up ad? It could mean that the user must consent to each pop-up ad individually immediately prior to its delivery--a bizarre HCI process, but one that would be consistent with the apparent legislative intent. Alternatively, it could mean that a user's consent to receive pop-ups at the time of software installation suffices as consent for all subsequent pop-up ads delivered by that software. This interpretation is consistent with the express statutory language, but then it raises the question (like the question raised when Utah amended its Spyware Control Act)--what's the point of such a toothless law?
This statutory interpretation issue may explain why there hasn't been any action under the law. From the adware vendor's side, the express statutory language may provide them enough cover that there's no need to rally up the troops for a heavy-duty Constitutional challenge. Meanwhile, plaintiffs may be scratching their head trying to figure out if they have a valid cause of action.
There are, of course, other possible explanations for the seeming lack of action, including:
* there may be some lawsuit I'm not aware of (please let me know if I've missed something)
* 1 year may be too short a time period to evaluate the law.
* some adware vendors may be shunning Alaska. See, e.g., HotBar's license, which says "Special Notice to Alaska Residents: Unfortunately, according to Alaska's SB 140 Act, users who reside in Alaska may not install the Hotbar software. Therefore, by downloading or installing the Hotbar software you declare and represent that your computer is not located in the state of Alaska. To the extent that our system is able to recognize that your computer is located in the state of Alaska, we will not enable you to download the software." Superficially, perhaps the law has changed the behavior of some adware vendors. However, I don't know what Hotbar does to detect Alaskan IP addresses or otherwise detect Alaskan computers, but these procedures generally are imperfect. As a result, depending on the rest of Hotbar's interaction with users, it could be that some Alaskans may still be downloading the software in a manner inconsistent with the statute.
I can't resolve these alternative explanations yet, but for now, my vote is that this law is sufficiently poorly drafted that it will never be used by anyone. If so, consistent with other state-level attempts to regulate the Internet, Alaska may have muffed its effort. Fortunately, if this law is truly irrelevant, Alaska's muffing will be relatively harmless.
Nevertheless, Alaska's muffing may have some bearing on Congress' motivation to pass an anti-adware/anti-spyware law. For the most part, the other anti-spyware laws passed by the states add little to the legal regulatory environment (the "intentionally deceptive" standard is both duplicative of other laws and a very high threshold), so coping with them does not require vendors to do something special. However, putatively Alaska and Utah's laws were much broader, as they were intended to outlaw an entire industry--which motivates industry players to seek preemption of state laws. Yet, if both laws are effectively irrelevant, adware vendors have less incentive to push Congress for a preempting law.
Posted by Eric at 03:30 PM | Adware/Spyware , Internet History , Licensing/Contracts | TrackBack
August 12, 2006
Brand Spillovers Talk
By Eric Goldman
Yesterday, at the IP Scholars Conference at Boalt, I presented my paper currently titled "Brand Spillovers." This is the evolution of my project from last year I was calling Trademark Adjacency. I'm still trying to think through this issue, so I would welcome your comments/input.
My slides
My "draft" paper (really, more of a high-level sketch)
Rebecca Tushnet's writeup of the talk
Posted by Eric at 12:50 PM | Adware/Spyware , Derivative Liability , Search Engines , Trademark | TrackBack
July 06, 2006
Merriam-Webster Defines "Spyware"
By Eric Goldman
A lot of attention has been directed to Merriam-Webster's addition of Google to its dictionary--as a verb, no less. I'm sure the Google trademark department isn't thrilled about the genericide implications of this.
Meanwhile, this announcement overshadowed another significant addition to the dictionary: Merriam-Webster also defined the term "spyware" as follows:
software that is installed in a computer without the user's knowledge and transmits information about the user's computer activities over the Internet
I thought this was a competent and pithy (22 words!) definition. It captures what I think are the three essential elements of spyware:
* the software watches user behavior
* the software reports this information somewhere other than the user's hard drive
* the software isn't consensual
Perhaps this definition will become the long-desired standard definition of spyware. Productive dialogue is only possible with standardized nomenclature, and the Anti-Spyware Coalition definitions, while competent, haven't really emerged as the standard.
Posted by Eric at 05:42 PM | Adware/Spyware | Comments (2)
June 28, 2006
CDT Report on Spyware Enforcement Actions
By Eric Goldman
The Center for Democracy & Technology has provided a public service by releasing its report, "Spyware Enforcement." The report describes, in table format, various federal and state enforcement actions against spyware purveyors. The report summarizes the action:
Since [2004], law enforcement officials have increasingly applied statutes – some long-standing, some relatively new – to spyware cases. Leading the charge has been the FTC, which to date has brought six cases under its unfair and deceptive practices authority. The Department of Justice has actively pursued spyware purveyors under the CFAA and the Wiretap Act, with 11 cases to date. And three attorneys general at the state level have filed spyware lawsuits under state fraud and consumer protection laws, with two more cases initiated under new state spyware statutes.
In addition to these government enforcement actions, also note that there have been dozens of adware- or spyware-related civil lawsuits. I don't have a single page categorizing all of these, but I've blogged repeatedly on this topic here.
UPDATE: Fred von Lohmann comments:"The report is a useful reminder to Congress that we may not need more new laws to tackle the spyware problem. As we've pointed out in the past, if Congress weighs in with new laws, those laws may do more harm than good (especially once the lobbyists for adware companies get into the game)."
Posted by Eric at 10:35 AM | Adware/Spyware
June 27, 2006
June 2006 Quick Links
By Eric Goldman
I have had virtually no Internet access over the past 10 days due to my move and travels, so my Bloglines account was bulging with more than 1700 articles. Here's a quick look at some of the items that have caught my attention this month:
* The FTC announced its own data breach due to a stolen laptop. Hmm...is it just me, or is this incident dripping with irony?
* Microsoft appears to be in its "benevolent" dictator mode again. Last year I blogged about how Microsoft made the unilateral decision to wipe some "malicious" software off users' computers without user notice or consent. (If it makes you feel any better, AOL has done the same thing). Now, Microsoft is installing mandatory software that phones home and doesn't tell users it's phoning home. Most people would categorize the phone home capability as spyware, and I'll be interested to see how the undisclosed feature doesn't violate 18 USC 1030(a)(2)(C). Yet, as Andy Patrizio wonders, where's the outrage? The consumer protection lawsuits? Andy writes:
All manner of hell broke loose over the major phone companies reportedly cooperating with the National Security Agency over international phone calls, but the news that Microsoft is watching every single Windows XP PC has been met with deafening silence.
Suzi rounds up the situation.
[UPDATE: First lawsiut over WGA filed. I'm sure more are coming.]
* JP Enterprises v. Yahoo, No. 06-cv-01046-REB-PAC (D. Colo. amended complaint filed June 6, 2006). Complaint against Yahoo Dating and other dating sites for purchasing keywords of a competitor, LoveCity. I'm not optimistic about the plaintiff's chances here, given that it doesn't seem to understand the differences between metatags and keyword triggers. Also, note the irony that Yahoo is buying ads from competitor Google.
* The WSJ writes about the accuracy of recommendation engines. The article explains how consumers make some decisions based on brand perceptions rather than actual utility they derive from the product. As a result, recommendation engines do a better job serving consumer desires by watching consumer behavior rather than relying on self-reported consumer preferences.
This also raises interesting implications for the role of brands in the search process. Brands may help consumers find what they think they are looking for, but at the same time may interfere with utility maximization. To avoid this, one recommendation engine contemplated hiding brands from the consumers.
* Heidi Cohen states the obvious. (Well, she and I think it's obvious, but apparently most marketers still don't get it.) Marketers are in the content publishing business, so they need to think like publishers, not marketers. And, from a policy standpoint, this continues to reinforce the illusory line between marketing content and editorial content.
* Another shocker: Marketers pay-for-placement in editorial content in print publications.
* Michael Scott (from his new blog, Singularity) writes a fun article about the implications of three generations of cyberlawyers: the veteran "computer lawyers" from the 1980s (that includes him), the dot com boomers from the 1990s (which I belong to), and the post-dot com busters from the 2000s.
* More evidence of "banner blindness." As usual, consumers can organically adjust to annoying marketer tactics if legislators avoid jumping into the fray.
* Finally, an article on fake consumer reviews. This is hardly the first article on the topic, but interestingly it hints that some merchants may be outsourcing/offshoring the creation of fake reviews. Forget click fraud shops in India and gold farming in China; those are passe. Instead, here's a new possible tort for you plaintiffs' lawyers--review "fraud"?
Posted by Eric at 05:50 PM | Adware/Spyware , General , Internet History , Licensing/Contracts , Marketing , Privacy/Security , Trademark
May 26, 2006
Merck v. Mediplan Redux--Keyword Purchases Really Aren't Trademark Use
By Eric Goldman
Merck & Co. v. Mediplan Health Consulting, Inc., 2006 WL 1418616 (SDNY motion for reconsideration denied May 24, 2006)
In late March, the legality of the search engine keyword advertising industry got very murky due to two inconsistent rulings within the span of 10 days. One case, Edina Realty v. TheMLSOnline.com from Minnesota, held that keyword purchases could constitute a "use in commerce" for trademark infringement purposes, while Merck v. Mediplan from the Southern District of New York held that such purchases were not a trademark use in commerce.
Worse, these opinions didn't cross-reference each other, so the courts did not try to reconcile their positions. Further, the Edina Realty case recently settled, eliminating the possibility that the Edina Realty court (or an appellate court) would clarify the interaction between the two cases.
Fortunately, Merck sought reconsideration of its ruling, and this week the Southern District of New York issued a clarifying ruling that has turned into a big win for keyword advertisers. This is the first ruling explicitly confirming that the landmark 1-800 Contacts v. WhenU case from last summer, which dealt with adware and pop-ups, applies to search engine keywords. As such, I think this is an important ruling that may have greater precedential impact than either of the previous rulings from March.
Merck moved for reconsideration on two grounds: (1) the court should have considered the Edina Realty precedent (which had just come out 10 days earlier), and (2) the court failed to recognize meaningful differences between keyword-triggered pop-up ads and keyword-triggered search results.
The Edina Realty Precedent
The court said that the Edina Realty ruling (which was thinly reasoned on the specific point) did not persuade the judge to change his views. Instead, the judge felt bound by the 1-800 Contacts precedent, which said that not all commercial activities qualify as a "use in commerce." The court says, "in the search engine context, defendants do not ‘place’ the ZOCOR marks on goods, containers, displays, or associated documents, nor do they use the marks to indicate source or sponsorship....This internal use of the keyword ‘Zocor’ is not use of the mark in the trademark sense."
Differences Between Pop-Up Ads/Adware and Search Engines
In an even more significant clarification, the court confirms that the 1-800 Contacts reasoning extends beyond WhenU's comparatively unique directory-matching process to cover search engine keywords. The court correctly understood that in both the adware and search engine context, the machines "use" keywords to trigger ad content, but that matching takes place outside the searcher's view and thus does not indicate source or sponsorship. Thus, where the Second Circuit avoided opining on the standard search engine keyword context (see footnote 11 of the Second Circuit opinion), this court thinks the Second Circuit's rationale cleanly covers the situation.
Conclusion
This is a great win for the defense. Not only did the initial ruling fully validate the defense-side arguments, but this ruling clarifies the ambiguity created by the Edina Realty case and further explicitly confirms that the Second Circuit 1-800 Contacts precedent extends to search engine keywords. And, from my (admittedly biased) perspective, this court got the analysis 100% right.
This will not be the last ruling on this topic, but perhaps the tide is turning against plaintiffs here. If, in fact, the Second Circuit has concluded that search engine keyword usage isn't a trademark use in commerce, then an important and influential appellate court will have blessed the basic practices of search engines and their advertisers, making it more difficult for plaintiffs to find a friendly court. Thus, this ruling increases the likelihood that purchasing (or selling) keyword advertising doesn't violate trademark law.
Of course, it remains to be seen if the Second Circuit will agree with the Merck court's reading of the 1-800 Contacts precedent. It wouldn't surprise me if Merck asks them to do so.
Meanwhile, if the Merck court is right about the reach of the 1-800 Contacts precedent, then I think future defendants have a very strong basis to claim that keyword metatag usage isn’t a trademark use in commerce either. If so, then perhaps this case will help put an end to the ridiculous cases treating keyword metatag usage as per se trademark infringement.
UPDATE: Rebecca Tushnet has some thoughtful remarks on the linguistics of the "use in commerce" defintion in the statute.
Posted by Eric at 11:42 AM | Adware/Spyware , Search Engines , Trademark
May 11, 2006
Quick Links May 2006
By Eric Goldman
My blogging queue has gotten too thick. Here's some items that caught my attention that I've been meaning to blog and simply haven't gotten to.
* I previously blogged about Chris Wilson, the website operator who allowed users to post pornography and was then prosecuted for distributing pornography under state law. I argued then that such prosecutions were immunized by 230. According to AP, in January, Chris pleaded no contest to 5 counts of possession of obscene material (this news report sounds garbled; the crime of possessing obscene material, without more, should protected by Stanley v. Georgia). For this, in April, he was sentenced to 5 years probation.
* Deborah Wilcox has written an article about situations when trademark owners should NOT send a trademark cease-and-desist letter. Given how many trademark plaintiffs' lawyers mistakenly shoot first and ask questions later, this article raises an important but overlooked perspective.
* The blogosphere is doubling every six months. 4 million bloggers update their blogs at least weekly.
* Cedric reports that, in February, Google finally won an AdWords case in France.
* 310,000 consumers were affected by Lexis-Nexis' data breach. Lexis-Nexis offered them a free year of credit monitoring services. Only 6% took Lexis-Nexis up on the offer, a number that's similar to other such offers (Citibank only had a 4% signup rate). Bob Sullivan tries to figure out why. Among the theories:
- consumers discarded/ignored the notification as junk mail
- consumers were suspicious that the free offer wasn't going to be free in the end
- consumers are apathetic about privacy issues
I have my own speculation about this, but I think the time for relying on intuition is long past. Instead, I think further empirical research is critical before more legislatures robotically rubber-stamp existing legislation designed to remediate data breaches. I remain suspicious that these mandated solutions are doing nothing to help the problem, and may in fact be exacerbating the problems.
* Barton Beebe's slides from his presentation, US Contextual Advertising Law, at the Fordham International IP conference in April.
Posted by Eric at 09:03 AM | Adware/Spyware , Content Regulation , General , Privacy/Security , Search Engines , Trademark
May 09, 2006
Ebates Sued for Trespass to Chattels--Sotelo v. Ebates
By Eric Goldman
Sotelo v. Ebates Shopping.com, No. 06C-2531 (N.D. Ill. complaint filed May 5, 2006)
The Collins Law Firm has filed a third class action lawsuit over adware, this time targeting Ebate's Moe Money Maker client software. The complaint alleges that Moe Money Maker interferes with other client-side software and that Ebates misrepresents the nature of Moe Money Maker in its marketing. Similar to the other complaints from the Collins Law Firm, this complaint alleges the following causes of action:
1) Computer Fraud & Abuse Act
2) Electronic Communications Privacy Act
3) Trespass to Chattels under common law
4) Illinois Consumer Fraud Act
5) Negligence
6) Computer Tampering
7) Invasion of Privacy under common law
8) Cal. B&P 17200 and Civ. Code 1021.5
The Chicago Tribune article on this lawsuit and Collins generally.
A status report on the other adware-related civil litigation that I know about:
* Sotelo v. DirectRevenue. Settled in March (Suzi's report on the settlement). It appears that settlement freed up Sotelo's time to become lead plaintiff again. I've recommended to David Fish that Sotelo should buy some really good anti-spyware software.
* Simios v. 180solutions. Case is in discovery.
* Michaeli v. eXact Advertising. Motion to dismiss filed Dec. 12, 2005 and still pending.
* Consumer Advocates Rights Enforcement Society v. 180solutions (a/k/a Battalgia v. DirectRevenue), No. 2:05-cv-02547-LKK-PAN (E.D. Cal). According to PACER, the last reported action was a motion to dismiss filed April 24 (principally on procedural grounds).
* Kerrins v. Intermix Media. The case appears to be proceeding. A trial date has been set for January 2007, but the parties could settle before that.
If you are aware of others that I missed, I'd love to hear about it.
Posted by Eric at 11:51 AM | Adware/Spyware , Licensing/Contracts , Publicity/Privacy Rights , Trespass to Chattels
May 08, 2006
Yahoo "Syndication Fraud" Lawsuits--Crafts by Veronica v. Yahoo and Draucker Development v. Yahoo
By Eric Goldman
Crafts by Veronica v. Yahoo, Inc., No. 2:06-cv-01985-JCL-MF (D. N.J. complaint filed May 1, 2006)
Draucker Development v. Yahoo, Inc., No. CV06-2737 (C.D. Cal. complaint filed May 4, 2006)
Two companion lawsuits against Yahoo for what the plaintiffs characterize as "syndication fraud." These complaints allege that Yahoo made false promises about where it would put advertisers' pay-per-click (PPC) ads. Specifically, Yahoo ran the plaintiffs' ads via adware and on typosquatting pages when advertisers believed that their ads would not appear in such formats (and presumably paid a premium to avoid such placement).
However, despite the serious-sounding use of the term "fraud," this is actually a fairly garden-variety breach of contract action, and a weak one at that.
The Complaint and Its Deficiencies
The complaint levels three principal charges against Yahoo: Yahoo promised that (1) advertisements would be “highly targeted,” (2) Yahoo would run ads on “popular” and “high-quality” sites, and (3) the ads would appear along with “relevant articles [and] product reviews.” Yahoo purported violated these promises by placing advertisers’ ads in adware and on typosquatted pages.
Let’s look more closely at these allegations.
Highly Targeted
The complaint repeatedly says that Yahoo promised that the ads would be highly targeted. But there’s a big problem: Yahoo didn’t say this, according to the plaintiffs’ own evidence. The complaint points to the following language from one of Yahoo's marketing pages:
You already know how Yahoo!'s flagship product Sponsored Search delivers highly targeted customer leads to your business by allowing you to control placement within sponsored search results across the Web.
Notice the bolded language—Yahoo says it delivers highly targeted customer leads, not highly targeted ads. If Yahoo promised highly targeted ads, arguably it was promsing a certain type of placement--but it didn't promise this. Thus, the difference between targeted ads and targeted leads could be fatal to the complaint—the plaintiffs never allege that they got poorly targeted customer leads, so the plaintiffs’ allegations don’t make a prima facie case of a breach.
This raises an interesting question—plaintiffs clearly know what Yahoo said, so why do the plaintiffs repeatedly mischaracterize Yahoo’s statement throughout the complaint? At best, this is sloppy work by the plaintiffs. At worst, the plaintiffs are blatantly and intentionally misleading the court. Either way, there’s a certain irony when plaintiffs in a misrepresentation case misrepresent the facts to the court, isn’t there? (Maybe Yahoo should bring an action against the plaintiffs for “complaint fraud”?).
My hypothesis is that the plaintiffs don’t want to litigate over lead quality because doing so would destroy the class. To determine lead quality, the court would have to look at each individual plaintiff’s situation to see what leads they got and how they converted, and thus there may not be enough commonality of interests to support a class action. To avoid this pitfall, perhaps the plaintiffs decided that the only way to keep a class action would be to misrepresent what Yahoo said. Other explanations could account for the misrepresentation, but I’m skeptical that it was mere sloppiness.
Let’s put aside the plaintiffs’ misdirection and assume that somewhere Yahoo has actually promised that the ads would be highly targeted. The words “highly targeted” are capable of multiple meanings. For example, the ads were targeted by keyword rather than by category or demographics, so arguably the ads were highly targeted regardless of where they were displayed.
However, the plaintiffs offer no basis to suggest why their interpretation is better than any other interpretation—they don’t cite to any evidence of the term’s meanings (such as private definitions created by the parties, or course of conduct, or industry convention). Instead, the plaintiffs only cite their subjective definition of the term. I’m not sure if this is enough to survive a motion to dismiss.
Popular and High-Quality Websites
Yahoo's marketing page also says:
The Content Match distribution network consists of popular, high-quality sites such as Yahoo! and MSN.com, providing you with better leads that are more likely to convert to sales.
Below this statement, the page gives some more examples that the complaint cites, including sites like Microsoft, CNN and the Wall Street Journal. I’ll stipulate that these sites should fulfill anyone’s definition of popular and high-quality. However, intermixed with these examples, Yahoo gave more examples of what it meant by “popular” and “high-quality,” including sites that I’ve never heard of, such as Away Network and Go2Net. By selectively cutting and pasting only the most prominent sites, the complaint tries to overstate Yahoo’s promise. Instead, plaintiffs who read this page should have gotten the impression that Yahoo’s network included a range of sites, some well-branded and others relatively obscure.
Articles and Product Reviews
Yahoo also says that:
Content Match™ complements your Sponsored Search campaign by displaying your existing listings along with relevant articles, product reviews and more, thereby providing an additional source of targeted leads.
Yahoo uses this same language in other places, such as the very lengthy Yahoo! Search Marketing Advertiser Workbook (see the glossary on page 97—referenced as page 98 in the complaint and labeled as page 109 in the file).
Notice what Yahoo actually said: “and more.” The complaint repeatedly omits those two words because it prefers to focus on the other words. But what do the words “and more” mean? They seem to contemplate that Yahoo would put ads in other contexts, and this negates the claim of a breach.
What Did the Contract Say?
The complaint works hard to pull in language from various marketing collateral, but interestingly it does not mention (not even once!) the centerpiece document in any breach of contract action: the contract that Yahoo and the advertisers actually entered into. I've not seen Yahoo's contract, but I'm assuming it has standard provisions such as a disclaimer of warranty and an entire agreement clause that may squash these extra-contract statements. Also, I wouldn't be a bit surprised if it specifically disclaims promises about where the ads would go or the likelihood of conversion. Either way, plaintiffs will have an uphill battle getting traction from language outside of the contract when the language in the actual contract may shut down these arguments pretty squarely.
Did the Plaintiffs Monitor Their Campaigns?
Let’s assume that plaintiffs read Yahoo’s marketing collateral and didn’t read their contract. Did the plaintiffs monitor their campaigns? There was lots of opportunity for plaintiffs to realize what Yahoo was doing if they monitored their campaign, and their resulting choices would be very telling. When plaintiffs learned of the purported deception, did the plaintiffs terminate the campaign or complain to Yahoo? Or did they keep on buying new ads despite their new-found knowledge? Recall the irony when a click fraud plaintiff (Click Defense) claimed that Google engaged in click fraud while it kept on advertising via Google.
Two Other Observations
(1) The plaintiffs had a massive mound of material to mine for misstatements by Yahoo—Yahoo’s website, securities filings, press releases, press quotes, etc. While not required, typically plaintiffs put the most egregious, most shocking misstatements by the defendant right into the complaint. Yet, given the universe of Yahoo’s public statements, I think it’s telling that the plaintiffs could marshal up language that, I think, is pretty feeble overall. To make the prima facie case, the plaintiffs pulled a few minor statements from some secondary marketing collateral and then heavily manipulate those statements (such as leaving out the “and more,” omitting some of the obscure syndication partners that Yahoo expressly enumerated, repeatedly mischaracterizing the “highly targeted” reference) to try to establish some basis for arguing breach. If this is the worst language that Yahoo communicated, I think they did pretty well (a lot better than I could do when I was an in-house counsel at Epinions!).
(2) Under standard contract law, “puffery” isn’t actionable. For example, if a car salesperson says “this is a wonderful car” in the sales process, the buyer can’t sue later if the buyer thinks the car wasn’t wonderful. The language cited by the plaintiff looks a lot like puffery, especially statements like “popular” or “high quality.”
Conclusion
Let’s be clear what this complaint isn’t about—it’s not about protecting consumers. Consumers may hate adware or typosquatting but this lawsuit doesn’t protect consumers from either. Instead, this is a dispute between Yahoo and advertisers over how much advertisers should pay for the advertising they got. And on that front, there’s little evidence that advertisers didn’t get exactly what they bargained for. They wanted advertising; they got advertising. There’s not even an assertion that the advertising performed poorly. I’m struggling to see a real problem here.
As a result, I think these lawsuits are nothing more than a shakedown for cash. Even unmeritorious class action lawsuits are expensive to defend, so the plaintiffs’ lawyers can exploit those defense costs for their personal largesse. They can make this argument to defendants: settle with me for a fraction of your total expected defense costs, and we’re both better off (defendants save some defense costs, plaintiffs’ lawyers grab some personal loot).
In particular, I’ve been trying to figure out why the plaintiffs (and a largely overlapping group of plaintiffs’ lawyers) filed two separate but virtually identical lawsuits. However, it does make sense as part of a shakedown. By opening up two battlefronts, the plaintiffs increase Yahoo’s defense costs, which should increase the incentive to settle (and the dollar value of a settlement).
It may be cheaper for Yahoo to settle than fight, but I hope Yahoo doesn’t reward the extortionists. Extortion shouldn’t pay, and I hope the plaintiffs find this out the hard way.
UPDATE: Evan Schaeffer offers a different possible explanation for why the plaintiffs filed overlapping lawsuits:
it's possible the plaintiffs' lawyers filed similar lawsuits in different forums because they plan to ask the MDL panel to consolidate the cases. By being in control of the majority of the transferred cases, it increases the likelihood that the lawyers will be able to control the litigation once the cases are consolidated
Posted by Eric at 01:00 PM | Adware/Spyware , Domain Names , Licensing/Contracts , Search Engines , Trademark | Comments (1)
April 17, 2006
Winn on Adware Contracts
By Eric Goldman
The Berkeley Technology Law Journal has published Jane K. Winn, Contracting Spyware by Contract, 20 Berkeley Tech. L.J. 1345 (2005), a follow-up to her presentation at the Boalt Spyware Conference in April 2005.
Jane details the phenomenon that I’ve described as the “crisis of contract” online. People may manifest assent to adware from a legal formalities perspective, but we don’t really believe that they manifested assent. She thinks it would be a mistake to develop a one-off “solution” to the crisis of adware contracts (she analogizes such responses to the “dismal failure” of ad hoc solutions in the privacy context). Instead, she favors an across-the-board change in American contract law to incorporate the principles of the EU’s Unfair Contract Terms Directive.
Unlike many other adware commentators, Jane carefully distinguishes between existing law (adware contracts usually enforceable) and her preferred policy result (adware contracts should usually be invalid as “unfair marketing”). Thus, although she doesn’t like the existing contracting practices, she acknowledges that “in the absence of a conflict between contract terms and fundamental public policy of the forum, or evidence of misconduct so egregious that it might rise to the level of unconscionable, courts are likely to find that adware EULAs are enforceable contracts.”
The abstract:
The question of what constitutes "spyware" is controversial because many programs that are adware in the eyes of their distributors may be perceived as spyware in the eyes of the end user. Many of these programs are loaded on the computers of end users after the end user has agreed to the terms of a license presented in a click-through interface. This paper analyzes whether it might be possible to reduce the volume of unwanted software loaded on end users' computers by applying contract law doctrine more strictly. Unwanted programs are often bundled with programs that the end user wants, but the disclosure that additional programs will be downloaded is usually buried deeply within dense form contracts. Even though this makes it difficult for end users to recognize that they are agreeing to have multiple programs installed at once and that some of those programs may be objectionable, US courts are unlikely to invalidate those disclosures. This is because in business to consumer online contracting cases in the US, courts have tended to be very deferential to the intentions of the merchants in designing the contract interfaces. In the EU, by contrast, such conduct by software distributors would not be binding on consumers. Under unfair contract terms laws in place in EU member states, consumer objections to bundled software could not be overridden by terms hidden in standard form contracts.
Posted by Eric at 02:44 PM | Adware/Spyware , Licensing/Contracts | Comments (2)
April 12, 2006
WSJ Debate on Advertiser Liability for Adware
By Eric Goldman
Today, the Wall Street Journal published an email debate between me and Ari Schwartz of the Center for Democracy and Technology about advertiser responsibility for adware.
Regular blog readers know that this has been a hot button issue of mine for some time because I think it's vitally important. The contours of liability will determine the future viability of the adware business. And depending on the precedents set in the adware context, advertisers could face liability for the acts of media vendors in other media. These have tremendous consequences for the flow of both advertising information and for ad-supported editorial content.
Ari is a great sparring partner and someone I respect a lot, but unfortunately the word "responsibility" is inherently ambiguous. As a result, in our debate Ari focused a lot on branding consequences to advertisers from running ads delivered by adware, while I focused mostly on existing legal precedents. The fact that we emphasize different aspects of this issue shows how easy it is for people to talk past each other on this topic. Nevertheless, I believe the WSJ debate is one of the more extensive and detailed discussions on the topic of advertiser liability for adware, so I highly commend it to you.
Posted by Eric at 09:19 AM | Adware/Spyware , Derivative Liability , Marketing
March 22, 2006
CDT Report on Adware Advertising
By Eric Goldman
The Center for Democracy and Technology has released "Following the Money: How Advertising Dollars Encourage Nuisance and Harmful Adware and What Can be Done to Reverse the Trend."
The report details the complex web of relationships between advertisers, agencies, adware vendors and software vendors that can lead to big brand advertisers having their ads unwittingly delivered via adware. This isn't really news; Ben Edelman (and others) have demonstrated this for some time, and last year PCWorld ran a good article on this very topic.
The real question is: what to do about it? FTC Commissioner Leibowitz's solution is to shame the advertisers. The plaintiff lawyers are trying to hold the advertisers legally responsible. In its report, CDT offers an alternative: advertisers should adopt and enforce advertising placement policies. Again, this isn't really new; TRUSTe has launched a "trusted download program" that is designed to serve as a proxy for advertisers' policies.
The most interesting part of the report is where CDT describes how it contacted 18 advertisers who ran ads via 180solutions. Only 7 replied to CDT. 2 advertisers adopted advertising policies in response to the contact, but the other 5 had policies that were breached by running ads on 180solutions.
Personally, I don't find this very surprising. It is expensive for companies to monitor vendor behavior/contract compliance in all contexts. Let me offer a personal example.
When I was in-house counsel, I had effectively zero ability to monitor our vendors' compliance with our contract provisions. I could write the prettiest contract with the terms that we really wanted, but the contract goes into someone's desk drawer and the terms are effectively forgotten. To overcome this, we would have needed to make monitoring part of someone's job, but that is a very expensive solution (especially when we were a very small company with too much to do and not enough people to do it).
At the same time, when we were someone else's vendor, I built and disseminated various charts to outline our promises/responsibilities. However, ensuring my co-workers' compliance with those responsibilities was difficult/impossible. One of my worst realizations as in-house counsel is that I needed to clone myself and look over the shoulders of each and every employee of our company, because each person's decisions affected our compliance with our contractual obligations. Clearly, this isn't scalable, and my efforts to scale using employee education did little to improve the situation.
The lesson I learned, then, is that it's easy to put policies in place, but ensuring adherence to those policies by employees and third party vendors is hard--perhaps impossible. And there was absolutely no hope of policing third party behavior unless it was someone's job responsibility.
In the adware advertising context, most advertisers are not going to be willing to incur significant costs to police their vendors. They'd rather pour those dollars into actual advertising, and other media don't require such costs. So smart advertisers would either (a) redirect their ad dollars into enforcement-free media, or (b) cut corners and minimize/skip the monitoring process. We've already seen what most advertisers choose under the current model.
This brings me to my most fundamental confusion about adware advertising. Every advertising-supported media vendor has the capacity to break the law, and yet we don't expect advertisers to be the policemen of those media. On the contrary, we often want advertisers to subsidize the costs of producing editorial content for the positive externalities created by that content. (See Edwin Baker's Advertising and a Democratic Press.)
So what's so unique about adware that we are creating a form of cyberspace exceptionalism? Some adware is legitimately installed and some isn't; expecting adware advertisers to incur the monitoring/enforcement costs to figure out which is which (especially when there's no direct relationship) makes no more sense to me than expecting newspaper advertisers to determine if newspapers commit trespass when they deliver their newspapers. For more on this point, see my CNET editorial.
Posted by Eric at 02:04 PM | Adware/Spyware , Derivative Liability , Marketing
March 04, 2006
San Francisco Presentation, March 15 12:30 pm
By Eric Goldman
I'm presenting my latest article, A Coasean Analysis of Marketing, at University of San Francisco on March 15. The talk is free and open to the public.
Although the title suggests that the talk will be heavy on economics theory, I'm giving a "economics-free" version of the talk. As an added incentive, I suspect the Q&A will be fun as audience members hammer me for my pro-spam, pro-adware arguments.
Details
What: "A Coasean Analysis of Marketing," alternatively titled "Regulating the Distribution of Marketing"
When: Wednesday, March 15, 12:30-1:30 pm
Where: University of San Francisco School of Law, 2130 Fulton Street, San Francisco. (Official university directions). Go to Kendrick 102.
How: RSVP to Julia Dunbar [jtdunbar@usfca.edu]
Cost: Free
If you're in the Bay Area, it would be a delight to see you there!
Posted by Eric at 08:00 AM | Adware/Spyware , Marketing , Spam
March 01, 2006
Symantec v. Hotbar Lawsuit Settles
By Eric Goldman
Symantec Corp. v. Hotbar.com, Inc., Case No. C05-02309 (notice of dismissal Feb. 1, 2006)
In June, Symantec sought a declaratory judgment that Symantec could characterize Hotbar's software as "adware." This lawsuit has settled. According to ComputerWorld, "the deal calls for Symantec to dismiss its suit, but continue to classify Hotbar's program files as low-risk adware."
It's good that this particular matter got resolved, but legal disputes over characterizing software as adware/spyware will not go away any time soon. As a result, there would be significant benefit to creating some unambiguous breathing room for anti-spyware vendors to make their characterizations without having to seek declaratory judgments to do so.
Hat tip to Geist's Internet Law News for catching this.
Posted by Eric at 03:31 PM | Adware/Spyware
February 25, 2006
NYU Workshop on Spyware March 16-17
By Eric Goldman
NYU's Information Law Institute and Princeton's Center for Information Technology Policy are putting on "A Workshop on Spyware," March 16-17, 2006 at NYU Law School. This looks like an interesting event that is worth checking out. Unfortunately, I won't be there, but I'm looking forward to reports from the event.
Posted by Eric at 07:29 AM | Adware/Spyware
February 14, 2006
Anti-Spyware Coalition Workshop Recap
By Eric Goldman
I attended the Anti-Spyware Coalition Public Workshop last week in Washington DC. This was a well-attended event (my guess is that 300+ people attended), with a good mix of anti-spyware vendors, anti-spyware activists, adware vendors, policy wonks/politicos and reporters. This post recaps some of my notes from the event.
A few consensus themes emerged from the talks:
1) No one really knows if the adware/spyware problem is getting better, worse or staying the same. There is conflicting statistical evidence addressing this problem, but no one is treating that evidence as dispositive. At the conference, there was some anecdotal evidence that the legitimate players are cleaning up their act while the cheats are using more egregious tactics, but there was contrary evidence on all sides. This metrics issue strikes me as critical; if things are improving already, there may be less justification for new spyware-specific regulations.
2) Consumers don't want to futz with different technologies for anti-spam, anti-virus, anti-spyware, anti-pop-up, etc. They just want their computers to work. Therefore, standalone anti-spyware products should be a short-term market opportunity. Over time, vendors necessarily will have to provide integrated services that give consumers what they want (a working computer).
3) A number of commentators expressed the view that, after a couple of decades of effort, we've solved the virus problem and are well underway with solving the spam problem. However, we are in an early stage fighting spyware, so it will take some time before anti-spyware technology turns the corner. Another way of viewing this is that regulators should be patient because industry hasn't had enough time to fix the problem.
4) The representatives of state AG offices seemed to agree that spyware-specific laws are nice but unnecessary. They feel that they have enough power under the catchall restriction on deceptive and unfair trade practices. The federal enforcers took a similar line that spyware-specific laws aren't needed.
Some comments about a few specific talks:
Justin Brooknan, from Spitzer's office, led the Intermix enforcement action. He described some of the background on that action. Justin had arrived at Spitzer's office 18 months earlier with a securities law background. Spitzer then told him to do something about spyware. They decided to focus on "mainstream" adware instead of malicious spyware because: (1) adware gets the most complaints from consumers, (2) they wanted to make the most impact, and (3) adware companies operate in a zone of "plausible deniability." He said the NYAG's office isn't anti-adware, but they think that consumers don't understand the value proposition. Justin thinks that the adware crowd is cleaning up their act since the Intermix action, so the NYAG's next action probably will be against malicious spyware.
FTC Commission Leibowitz spoke at lunch. He recited some basic FTC attitudes about adware/spyware, but then moved onto his hot button. He thinks advertising dollars fuel adware, so he wants the FTC to reduce demand for adware advertising. He then reiterated his proposal for "shaming" adware advertisers by publicly announcing whose ads run on adware (naming names).
Although some news reports treated Leibowitz's idea as a new proposal, Leibowitz has been championing this idea for at least a couple months--I blogged on it back in December. I did not have kind words for this idea in that post. To recap: If advertising via adware is illegal, bust the advertisers. If it's not illegal but the FTC thinks it should be, then lobby Congress to make it illegal. But if it's not illegal and Congress won't make it illegal, then on what grounds can the FTC delineate what it considers "shame-worthy"? Government manipulation of consumer perceptions (in this case, by communicating, under government authority, that advertisers have done something that the FTC thinks is legal but morally wrong) is called PROPAGANDA, and it's a terrible abuse of power. I recognize that Leibowitz's idea is appealingly simple, and it plays well with crowds, but I really hope that he rethinks his advocacy of it.
Following Leibowitz was Walt Mossberg of the WSJ. I don't normally read his column, so I wasn't well-prepared for his shtick. As a result, I was shocked at how error-riddled, uninformed and internally inconsistent his talk was.
Mossberg's basic point is that he owns his hard drive and no one should put stuff on it without robust notice and his consent. This point is fine so far as it goes, but converting this theoretical view into practical suggestions got Mossberg into a jam. For example, he argued that no one should place tracking cookies on his hard drive without permission, but then he struggled to explain why he didn't mind the nonconsensual placement of other cookies.
He also argued that he doesn't want his anti-virus vendor to notify him every time when there are new updates; instead, they should just install it without bothering him. I agree with him, but I and many other audience members immediately noticed an obvious inconsistency with his basic "my hard drive is my property" attitude. When asked about this in the Q&A, he mumbled something about users giving advance consent when installing the anti-virus software, but I'm not sure many of us were satisfied with his answer.
So, Mossberg appears to subscribe to the more-info-is-better view (I had thought behavioral economists had destroyed this thinking by now, but maybe some people haven't heard). In Mossberg's world, consumers get lots of notices about their computers (like, every time someone tries to place a tracking cookie) so they can make choices. This sounds like a very noisy world to me. Recognizing that this world may be too noisy, Mossberg doesn't want notifications that he doesn't need (like from his anti-virus vendor). I'm not exactly clear how Mossberg plans to distinguish good from bad notices on an ex ante basis.
(I could point out more examples of Mossberg's inconsistencies and ill-informed opinions, but I think I've given his talk more airtime than it deserves).
After lunch, I participated in the "industry self-regulation" panel. Our moderator Tori Case asked us: what's the biggest problem facing the industry?
Fran Maier of TRUSTe said the biggest problem is loss of consumer trust. Bill Day of WhenU said the biggest problem was rogue installations. I said that the biggest problem was the "crisis of contracts"--the disclosures and consent that vendors need to form a legally binding contract may not be enough to believe that consumers are making good private ordering decisions. Eric Howes of Sunbelt Software said the biggest problem is that the responsible players aren't accepting their responsibility. Jules P of AOL said it was hard to set appropriate defaults for consumers.
The next panel discussed legislative developments, particularly in Congress. It appears that the Senate has a low likelihood of passing anti-spyware legislation this session; there are a limited number of legislative days left, and the bill would have to pass unanimously to get through.
The Senate logjam appears to be attributable to 2 main factors. First, the two competing bills (Burns v. Allen) take very different approaches to the problem, and those approaches haven't been reconciled. Second, there appears to be some contentiousness over an immunity for anti-spyware technology that removes identified spyware. Personally, I would strongly favor an immunity for categorizing software as "spyware" or "adware" or whatever--the vendors' demand letters over these classifications strike me as silly but problematic. But according to an industry lobbyist, there have been only 4 lawsuits over these classifications, so from one perspective, this hasn't emerged as a big problem yet.
However, giving technology vendors the absolute liability-free right to blast software off someone's desktop may be too much, even for a defense-side guy like me. Remember in 2001 when the RIAA wanted the right to hack downloaders' computers and not be liable for any damages? Bad, bad idea.
In the final panel, US Attorney Mitch Dembin (who prosecuted some users of Loverspy) said that he felt the laws were pretty good ("we don't need new statutes--we have enough!"). Nevertheless, he proposed a couple of minor tweaks to the CFAA. He'd like to see 18 1030(a)(2) a felony instead of a misdemeanor, and he would like 1030(a)(5) to apply if someone damages 50 computers. I'm not sure either change is all that necessary, but these suggestions might warrant further consideration.
At a lot of these conferences, industry participants just get up and repeat the corporate line they've outlined many times before. Personally, I find those talks really boring. While there were a few rehash-y talks, for the most part I thought most of the speakers had something new and valuable to add to the dialogue. Thanks to Ari Schwartz and CDT for organizing an interesting conference.
Posted by Eric at 09:50 AM | Adware/Spyware
January 25, 2006
Wasted Time as a Damage--Paglinawan v. Frey
By Eric Goldman
Paglinawan v. Frey, No. 2:06-cv-00099-RSM (W.D. Wash. complaint filed Jan. 19, 2006).
James Frey publishes the book "A Million Little Pieces." It's marketed as a non-fiction book, but some of it is actually fiction. Readers are upset by the deception. What recourse?
Marketing a fictional book as non-fiction is a material misrepresentation. Normally, a material misrepresentation should create a rescission right, but I'm not sure about the privity issues. The author knew it was fiction, but the readers don't have a contract with the author. The publisher may not have known the book was fiction, in which case the publisher might claim mutual mistake rather than misrepresentation. At that point, the readers might have recourse, but it's not clear that they would.
But even if the publisher knew that some of the work was fictional, the publisher has unilaterally offered rescission (at least to the buyers it had privity with). So what more could any aggrieved reader want?
The readers want their time back--the time spent reading a book they thought was non-fiction but was partially fictional. But since a court can't manufacture time, the readers want the next best substitute--cash. They want the author and publisher to pay them for their wasted time.
I'm not sure the time was really wasted. If the story was good, it doesn't really matter if the book was fiction or non-fiction. Entertainment is entertainment, after all.
But let's assume the readers truly wasted their time. Should we recognize wasted time as a damage under contract law or other theories?
This is hardly a novel request, especially in the marketing context. I haven't done exhaustive research of this, but I can think of a couple of junk mail cases where wasted time was specifically rejected as an actionable damage. [Harris v. Time, Inc., 191 Cal. App. 3d 449 (1987); Smith v. Chase Manhattan Bank, 741 N.Y.S.2d 100 (N.Y. App. Div. 2002)] And, in perhaps an analogous context, recall that the Hamidi court specifically rejected the time wasted by a spam was a recognizable damage under common law trespass to chattels. As a result, I'm skeptical that a court is going to be sympathetic to the aggrieved readers' requests for damages for their wasted time.
On the other hand, should time-wasting become a proper basis for damages, I plan to nail the IRS first and airlines second.
Hat tip: ContractsProf blog
UPDATE: Overlawyered provides a few details of 2 other related lawsuits.
Posted by Eric at 03:52 PM | Adware/Spyware , Licensing/Contracts , Marketing , Spam
January 20, 2006
Anti-Spyware Coalition Conference February 9
By Eric Goldman
The Anti-Spyware Coalition has released the agenda and schedule for its Public Workshop: Defining the Problem, Developing Solutions on February 9 in Washington DC. If you're interested in adware/spyware policy-making and can easily get to DC, this looks like an event worth attending. I hope to see you there.
Posted by Eric at 11:40 AM | Adware/Spyware
January 16, 2006
Second Anti-Adware Lawsuit Survives Motion to Dismiss--Kerrins v. Intermix Media
By Eric Goldman
Kerrins v. Intermix Media, Inc., No. 2:05-cv-05408-RGK-SS (C.D. Cal. Jan. 10, 2006)
Blogging the latest developments in anti-adware/anti-spyware lawsuits has become a full-time job, which is why I've fallen behind. I'm now aware of 5 anti-adware class action lawsuits pending:
* Sotelo v. DirectRevenue
* Simios v. 180Solutions
* Michaeli v. eXact Advertising
* Consumer Advocates Rights Enforcement Society v. 180Solutions [sorry, I haven't had a chance to blog on this case yet, but you can find the complaint here]
* the newest one to emerge from the haze, Kerrins v. Intermix Media
All of this leaves me wondering--just how many of these anti-adware class action lawsuits are out there? I'm not even counting the FTC enforcement actions or any of the private litigation or government enforcement actions related to the Sony rootkit.
Back to the Kerrins case. On January 10, the judge ruled on Intermix Media's motion to dismiss Kerrins' putative class action. In a brief opinion, the court dismissed the unjust enrichment and California B&P 17200 claims.
However, the court refused to dismiss the trespass to chattels claim, saying that the "Plaintiff has alleged that Defendant's adware damaged his existing software and reduced the efficiency of his computer system. Plaintiff has also alleged that removal of the adware requires users to spend time and to hire a computer specialist."
Note that, in Intel v. Hamidi, the California Supreme Court were specifically rejected the latter two damages as non-actionable in common law trespass to chattels claims. Hamidi should be controlling precedent on this lawsuit, so it will be interesting to see if the court addresses Hamidi in future rulings.
The court also refused to dismiss the computer crime claim (Cal. Penal Code 502). Penal Code 502 is a quirky statute--like the old-line computer crimes statutes, it initially focused mostly on unauthorized access to/use of computer resources, but it has since transmogrified into a general anti-computer trespass statute with a civil cause of action. The court says that the plaintiff "alleges sufficient damage and interference to his computer system," so this cause of action survives the dismissal motion as well.
In discussing unjust enrichment and trespass to chattels, the court cites to the Sotelo case--reinforcing the importance of the Sotelo case as a precedent for these follow-on anti-adware lawsuits.
As a result of this minute order, Kerrins' trespass to chattels and computer crime causes of action will continue. (There may also be a third cause of action that survives--there is an internal inconsistency in the ruling, and the complaints and various motions/briefs are not in PACER). Of course, as with the Sotelo case, the plaintiffs have a lot more work to do before getting a payoff.
Posted by Eric at 02:27 PM | Adware/Spyware , Trespass to Chattels
December 11, 2005
The FTC, Adware Advertising and Badges of Shame
By Eric Goldman
New FTC Commissioner Jon Leibowitz has embraced one of the favorite causes of the anti-adware grumblers: dry up adware funding by making adware advertisers feel some pain. According to AdAge, he recently said that the FTC might publicly announce the companies who ran advertisements on adware that the FTC tries to bust, saying "The FTC could consider that when it brings adware cases, listing all the advertisers whose content was delivered without notice of consent." The idea is (I think)--if the FTC can't legally bust the advertisers, maybe it can pin a badge of shame on them.
There are some obvious flaws with Leibowitz's thinking. First, and foremost, the money trail is already well-documented by Ben Edelman and his compadres. What does the FTC bring to the party? Maybe better PR muscle than Ben? (I wouldn't bet on it!)
Second, because advertising money often flows through multiple layers of agencies and affiliates, an advertiser's decision to spend money can be fairly attenuated from the selection of a venue to run the ad. Therefore, characterizing the advertiser's role precisely will require the FTC to pick its words carefully. It's one thing for the FTC to say that X's ad was displayed by someone via a pop-up ad; it's another thing to say that X displayed the ad if the decision was made by ad agencies or affiliates downstream from X. Maybe the FTC will need a grammar lesson before it engages in its shaming campaign.
To be clear, I have no problem with the accurate flow of information. Advertisers should be accountable for the choices they make. But these corrective mechanisms will fail if tainted by grammatical sloppiness.
Third, from my perspective, it's a potentially serious abuse of governmental power for the government to get into the business of shaming people for activity that is legal. If the activity is illegal, the FTC should enforce the law (and explain why advertising via adware is illegal--something that Spitzer has conveniently avoided). If the activity is legal but the FTC thinks it should be illegal, the FTC should petition Congress to make it illegal or promulgate a rule under its delegated powers. But a government actor's use of shaming as a law-substitute is, in my opinion, way out of bounds.
Though Leibowitz may not have thought out his ideas very thoroughly, I do think he is part of a general movement towards regulating advertiser decisions about where to run advertising. CAN-SPAM was the first modern iteration in this process, but I doubt it's the last. I expect that, over time, every advertising placement decision will be fraught with legal peril. Personally, I think this regulatory regime will significantly distort social information flows, in many cases for the worse, but it may be unavoidable nonetheless.
Ironically, Claria and DirectRevenue have recently announced that they are migrating away from pop-up ads. So, as usual in the technology arena, the marketplace is already making progress at correcting some of its worst abuses before the government can even fire up its propaganda machine.
(Thanks to Chris Hoofnagle for calling my attention to the AdAge article).
Posted by Eric at 03:04 PM | Adware/Spyware , Derivative Liability , Marketing
November 29, 2005
Microsoft Will Be an Adware Vendor
By Eric Goldman
Microsoft is considering migrating some of its software titles to an ad-supported model instead of a consumer licensing fee model. This isn't exactly a new idea--this development has been anticipated for at least a decade. However, if Microsoft decides to scrap a licensing fee model (even for a limited number of software titles), this will be a Big Deal. Microsoft has made billions in licensing fees, and giving up upfront cash for the hope of ongoing ad revenues could radically shift their basic economic structure.
Ad-supported software makes a ton of sense to me. CNET reports that Microsoft makes only $2/copy from its Works product, and its Money software loses money. With the $2/copy revenue number, I'm convinced that Microsoft could do better--way better--with ads. Depending on CPCs, Microsoft could make that amount from as little as one click. Surely they can get several clicks during the years that a user uses that software install. Heck, I would gladly pay Microsoft $2/copy for the opportunity to plug Google AdSense into the software. If Microsoft cuts out an intermediary, the profits would be even greater.
From the consumer's perspective, I think ad-supported software is a good move. First, consumers won't have to pay upfront for software they may not even want. (Right now, consumers implicitly pay some license fees as part of the bundled price when they buy new computers). Second, the ads could have significant utility for consumers, especially if they are contextualized based on the consumer's behavior and data.
As for Microsoft, I think the move towards ad-supported software reinforces that Microsoft is a media company, not a technology company. Microsoft may currently sell functionality, but eventually it will be in the business of selling attention.
As that process matures, I expect to have a tough time recognizing the differences between adware and Microsoft ad-supported software. Many adware vendors already provide some software functionality as part of their adware bundle, and Microsoft will do the same. Therefore, the way I see it, Microsoft inevitably will become an adware vendor. Perhaps this confirms that adware is an essential part of our future information economy, current anti-adware sentiments notwithstanding.
Posted by Eric at 06:59 PM | Adware/Spyware , Copyright , E-Commerce , Licensing/Contracts , Marketing
November 28, 2005
Supreme Court Denies 1-800 Contacts Cert Petition
By Eric Goldman
Today the US Supreme Court denied 1-800 Contacts' petition for certiorari of the second circuit opinion in 1-800 Contacts v. WhenU. I'm not surprised by the denial, but the bigger question is--now what for 1-800 Contacts' campaign against WhenU? Will they drop the obsession? Or will they just move the battle front to Utah and Alaska and bring suit under those states' anti-adware laws?
Previous blog coverage:
WhenU's cert opposition
1-800 Contacts files for cert
The second circuit opinion
Alaska's anti-adware law
Utah's anti-adware law
Posted by Eric at 01:50 PM | Adware/Spyware , Derivative Liability , Trademark
November 21, 2005
Texas AG Sues Sony Under State Anti-Spyware Law
By Eric Goldman
Texas v. Sony BMG Music Entertainment (Tx. Dist. Ct. complaint filed Nov. 21, 2005).
From a legal standpoint, today wasn't a good day for Sony. In addition to being sued by the EFF, Texas decided to join the fray. Texas has brought a lawsuit against Sony based on Texas' new Consumer Protection Against Computer Spyware Act.
Based on the specific requirements of that statute, the alleged violations involve Sony's file naming conventions, Sony's masking of file names and Sony's implied claims that its software needed to be installed to enjoy the music on the CD. The claims do not involve any of the software's phone-home capabilities (which is what I thought was Sony's biggest legal problem), nor do they directly involve the challenges of uninstalling the software or the software's ability to be used by bad actors for malicious purposes.
I was amused by the extensive self-promotion of Texas AG Greg Abbott in the news release. Abbott's name is referenced no less than 6 times on the page (among other self-aggrandizement). I don't think there can be a serious question that Texas' lawsuit represents the typical exercise of prosecutorial discretion for political benefit. Does Texas need to correct a failure of private enforcement against Sony? No. Is this a strong case to test a newly-enacted statute? No (at least, not in my opinion). So why is Texas rushing to join the party? My instincts tell me that Abbott wants to break Spitzer's current monopoly as the only state AG who gets press as being tough on spyware.
Even though the prosecutorial motivation is questionable, there's no question that Sony's strongest--and perhaps only--move is to settle up with Texas, and quickly. There is no upside to a long-term battle on this topic, so the quicker that Sony makes amends for its choices, the quicker it can refocus on its core business.
UPDATE: Unsurprising announcement--Spitzer wants to grab some of the spotlight for himself.
UPDATE 2: Good grief--now spam-happy Florida AG Charlie Crist wants a piece of the action.
Posted by Eric at 05:16 PM | Adware/Spyware | Comments (1)
November 14, 2005
Spyware Litigation Recap
By Eric Goldman
There's been an explosion of litigation involving spyware/adware--so much that I've not been able to blog it all on a timely basis. This post "catches up" some of the lawsuits from the last couple of months.
In re. Trudeau. On November 7, a Minnesota attorney was disciplined for using spyware in her personal dealings.
FTC v. Enternet Media, No. CV05-7777 (C.D. Cal. complaint filed Oct. 27, 2005). The FTC got a TRO against some adware/spyware distributors, their principals and an affiliate. The defendants allegedly bundled adware and spyware with various freeware. According to Para. 38 of the complaint, the defendants had a EULA but did not encourage or require users to read it before the download commenced. (As a backup, the FTC claims the EULA disclosures were too general to adequately disclose the bundled software's implications). FTC press release.
Lawsuits against Sony for its DRM software. I've written about Sony's DRM software here and here. Not surprisingly, the lawsuits are mounting, including class actions in CA and NY.
FTC v. Odysseus Marketing (D. N.H. complaint dated Sept. 21, 2005). Software vendor and its principal sued for alleged spyware/adware. Interestingly, the FTC implicitly acknowledges that the EULA formation process and disclosures were pretty good. The complaint is a little vague (and I didn't have time to trace through the exhibits), but it appears that the EULA explains most of the software's operation, and users had to check a box acknowledging that they had read the T&Cs before downloading (see complaint Para. 14-20). Nevertheless, the FTC initiated the bust based on (1) false representations about how the software would anonymize P2P file sharing, (2) inadequate disclosure of bundled software coming along for the ride (this claim seems difficult given the EULA disclosures), and (3) inability to remove the software. I'm not convinced that these defendants should be free from liability, but to me it looks like the FTC is stretching a bit here. FTC press release.
Michaeli v. eXact Advertising, No. 05 CV 8331 (SDNY complaint filed Sept. 27, 2005). The third lawsuit in a troika of class action lawsuits against adware vendors (the Sotelo and Simios cases are the other two). The plaintiffs allege trespass to chattels, deceptive consumer acts under NY law (NY Gen. Bus. Law 349), false advertising under NY law (NY Gen. Bus. Law 350), common law negligence and unjust enrichment. See my write-ups on Sotelo and Simios for critiques about these causes of action. Suzi's comments.
I hate to state the obvious, but I can pass along a friendly tip to current/prospective law students: spyware/adware litigation appears to be a growth industry!
Posted by Eric at 08:54 AM | Adware/Spyware , Trespass to Chattels
November 07, 2005
Is Sony's DRM Spyware?
By Eric Goldman
Sony's DRM software generated lots of discussion and new information since my last post on the subject. The discussion (especially the many great comments I got in response to my previous post) has prompted me to change some of my thoughts—in particular, my statement that the DRM software isn’t spyware.
1) Sony's technological implementation of DRM exhibited some ineptitude, but Sony is being held to a rigorous standard because of DRM
ZDNet called Sony’s DRM “ineptware”—-software that doesn’t have a malicious intent but nevertheless can have a pernicious effect. For example, the software may make a computer unstable or slow. And the unnecessarily intrusive use of a rootkit “smokescreen” allows bad actors to hide behind the smokescreen.
However, Sony (and its upstream vendor First4Internet) hardly has cornered the market on inept software designs that lead to undesirable outcomes. There's plenty of brain-dead software implementations out there. Why beat up on Sony?
I continue to believe that the underlying problem is DRM. Many technologists and consumer advocates harbor a deep animus towards DRM, so Sony's technology failings are being held to a heightened standard.
I understand why there's so much antipathy towards DRM, but I don't think we should overreact to Sony's failings. In particular, sloppy software design isn't "spyware" or "malware," or else those terms become far too overinclusive and thus meaningless.
2) Most of Sony's failures to disclose are probably legally inconsequential, but the implied affirmative representation that the software could be uninstalled may be problematic
In my previous post, I said that Sony's EULA adequately obtained consent to install its software. I still stand by that statement, for the most part, but the issue is more nuanced than my statement might indicate. Specifically, there are 2 separate disclosure issues-—Sony’s affirmative disclosures and Sony’s failure to disclose--and they should be addressed separately.
Except for the “phone-home” aspect (discussed below), I’m not particularly troubled by Sony’s failures to disclose the details of its software. In general, vendors aren’t obligated to make every affirmative disclosure that every consumers might find interesting. In this situation, I think many disclosures desired by the technologists aren’t legally compelled or expected. Sony and its vendor have made dozens or hundreds of design choices to implement the software. Consumers don’t need to know those choices, would not change their behavior if the choices were disclosed affirmatively, and would be overwhelmed by complete disclosure.
In contrast, I’ve become less comfortable with Sony’s disclosures regarding the difficulties uninstalling its software. The difference is that Sony made some affirmative statements that implied the software could be uninstalled. If Sony created the false impression that the software could be uninstalled when it couldn't (or could be uninstalled only by breaking the OS), then Sony may have created some problems for itself.
3) If Sony's DRM software reports information back to a central server, this looks like spyware and could be legally problematic
Of the various problems with Sony’s technological implementation, I am most troubled by the allegations that Sony's software "phones home"; i.e., reports some information about each user back to a central server, including the combination of an IP address and a record of each album the user plays.
In my previous post, I said that Sony’s software wasn’t spyware. However, if the software is reporting back information about each user’s behavior, and that reporting back feature wasn't disclosed, then I agree with Suzi that surreptitious and undisclosed monitoring and reporting back of user activity sounds like spyware.
Further, if the reports are true, the software’s behavior could be a prima facie violation of the Computer Fraud & Abuse Act (18 USC 1030(a)(2)), which applies to an actor who:
"intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains...information from any protected computer…"
Every computer connected to the Internet is a protected computer. The software allegedly obtains information (at minimum, the album being played). The phone-home “feature” may exceed the authorization given by the user; I don't think that mere consent to installing the software acts as consent to the reporting