January 27, 2012
Top Internet Law Developments of 2011
By Eric Goldman
As usual, I'm running late with my year-end recap. This post begins with my countdown of the top 5 Internet Law developments of 2011, then it lists other interesting developments and cases. It concludes with some of the most linked posts and then my editor's choice of some posts in 2011 that might have been a little overlooked. As usual, thanks for reading the blog in 2011!
Countdown: My Top 5 List of Developments in 2011
#5: Righthaven Implodes. Since the beginning, I've been skeptical of Righthaven's business model. Seriously, who else thinks it's a good idea to sue small-time mom-and-pop bloggers and non-profits on a one-by-one basis? However, even I had no idea that Righthaven would accelerate their own demise by routinely making basic litigation errors. A sketchy business model + a litigation shop that isn't very good at litigation = one dead start-up. It's always fun (in a bloodsporty way) to watch hubristic bullies get their just desserts, but watching the Randazza firm school the Righthaven litigators in Litigation 101 has been amazing. THAT'S how you litigate.
Righthaven lost often in 2011 (see my August reset). They lost fair use rulings (e.g., CIO, Choudry). They lost on standing grounds (e.g., Democratic Underground, Wolf). They were hit with sanctions. They were hit with hundreds of thousands of dollars of attorney fee shifts (e.g., Leon, Wolf, DiBiase). They even lost their domain name in an auction--a delicious irony given that Righthaven's complaints improperly demanded its defendants' domain names on the theory that it might need the domain name to satisfy a judgment against the defendant, when in fact it was Righthaven's domain name that was used to help satisfy a judgment against it!
Righthaven ended 2011 on death's door, but the trend of newspapers trolling for copyright litigation isn't going away. I'll be watching NewsRight closely in 2012.
#4: Medical Justice Gives Up. Speaking of hubristic bullies... You recall Medical Justice, the organization that helped doctors and other medical service providers take copyright assignments from patients in their as-yet-unwritten reviews so that the doctors could expeditiously remove unwanted reviews by sending 512(c)(3) takedown notices to review sites. It's an interesting legal hack, but it has some bad side-effects, including the fact that patients hated it, the copyright assignments almost certainly were void (for public policy reasons and others), doctors were hurting themselves by discouraging patient reviews (patients prefer to choose doctors when there's a critical mass of patient reviews), and (as our research uncovered) most consumer review sites ignored the doctors' 512(c)(3) takedown notices. Obviously, with those defects, Medical Justice wasn't exactly adding a ton of value to its clients. Medical Justice finally gave up, but too late to prevent a lawsuit against one of its clients and a complaint to the FTC. Chances are Medical Justice will be living with a long-term hangover from this entrepreneurial foray.
Seeing Medical Justice stop peddling anti-patient review tools was slightly satisfying, but that result was always a fait accompli. The reason Medical Justice's change of heart matters is that shady or clueless vendors keep developing new ways to suppress unwanted consumer reviews, and I hope Medical Justice's experiences will discourage other vendors from trying the copyright hack. I talk about these dynamics more in my paper on regulating reputational information.
#3: gTLD Expansion. It remains unclear exactly what ICANN's rollout of unlimited top level domains will do. Due to the expansion of new namespaces, brand owners face a long list of complicated--and potentially expensive--choices to make. Unfortunately, these choices don't really benefit society; instead, the gTLDs tax businesses while the benefits accrue to a small number of service providers (and, of course, ICANN itself). I think many businesses will reserve their name in multiple new gTLDs to prevent squatting--with the net effect that businesses will spend more money just to preserve the status quo. Meanwhile, most consumers are likely to be bewildered by the unlimited number of TLDs, which is just going to increase their tendency to rely on search engines and link directories rather than domain names to navigate to their desired destinations.
#2: Internet Consumer Privacy Lawsuits Tank. 2011 initially looked like the year of the Privacy Plaintiff. A torrent of privacy lawsuits had been filed, plaintiffs had wrested a few important and lucrative settlements, and Internet companies continue to make questionable privacy decisions that create a steady supply of potential new lawsuits.
But the path to riches didn't materialize. Instead, 2011 emerged as the year when privacy class action lawsuits mostly failed miserably. Courts principally rejected the lawsuits on standing grounds for lack of cognizable harm, but plaintiffs failed on other related grounds, such as a lack of damages negating the prima facie case. There were some exceptions where plaintiffs made a little progress (see, e.g., Claridge v. RockYou, Anderson v. Hannaford, Fraley v. Facebook). I'm sure the privacy plaintiffs' bar will be studying those rare successes to formulate a better battle plan--and to better prepare their cases and find strong named plaintiffs, a recurring omission that hasn't gotten a lot better over the year. However, for now, it's clear that the privacy plaintiffs' bar can't just show up in court and hold out their hands for a payday.
#1: Regulators Broke the Internet. We've always known that regulators could combat bad online activity by working "up the chain," i.e., by making upstream service providers liable for the bad acts or obligated to cut off the activity. However, for the most part, we've shared a tacit understanding that systematically going up the chain was a "nuclear" option--it would fix the specific problem but only at significant collateral cost that, on balance, makes the option unattractive.
I think we'll look back at 2011 as the year that tacit understanding broke down. In 2011, regulators around the world showed a seemingly insatiable demand for working up the chain. Although we in the USA like to think we're different from other repressive regimes, the evidence suggests otherwise. Some examples of "up the chain" activity in 2011:
* Arab Spring. Repressive regimes got local Internet access providers to turn off Internet access in the country.
* Operation in Our Sites. The Immigrations and Customs Enforcement (ICE) agency keeps seizing domain names of suspected foreign rogue websites on an ex parte basis, making errors and breaking the law in the process. Mike Masnick blew open the story on Dajaz1.com, which ICE seized on an ex parte basis, conducted secret proceedings for a year, and then gave back the domain name with no explanation.
* Graduated Response. Copyright owners got Internet access providers to voluntarily (?) agree to restrict, and eventually terminate, their users' accounts.
* Secondary liability against intermediaries. Rightowners keep expanding their intermediary targets, including lawsuits against ad networks and SEOs/web designers. To be fair, some of these lawsuits aren't going very far, and expansive secondary liability theories aren't new in 2011.
* Ex Parte Seizures. Rightsowners are asking for the moon against third party service providers in ex parte proceedings, and courts are giving it to them because the third parties aren't there to represent their own interests. We recap this epidemic in this post.
* SOPA and PIPA. These proposed bills were the finest examples of rightsowners pursuing the nuclear option regardless of the collateral damage. The bills' basic architecture was to attack a wide range of intermediaries for third party actions--domain name registrars, search engines, payment service providers, ad networks. By seeking to deputize the intermediaries, the bills sought to instantiate "up the chain" duties across virtually the entire Internet. Putting aside their other policy deficiencies, I think we should resist all laws predicated on that fundamental assumption of intermediary deputization. See my post on the OPEN bill for why I reject the compromise "follow the money" solution. Sadly, I stand virtually alone in my stance.
Other Interesting Developments.
Some other interesting developments this year:
* Patent Reform. The America Invents Act is the most dramatic patent reform bill in years, and it has many provisions that may affect Internet companies, including the joinder standards, the prior user defense, and the novelty/priority standards. The law doesn't fix the overall problems with bad Internet patents or unmeritorious assertions of those patents, but it nevertheless could make some dramatic changes in what Internet companies do.
* Google and Antitrust. Google has become the incumbent in search, and all of its rivals--especially the companies Google is disintermediating--are desperately seeking to knock it off its perch. I believe Google and antitrust was the #1 topic prompting reporter phone calls to me in 2011. We are waiting to see what comes from the FTC investigation into Google's practices, and the list of Google-haters keeps growing daily. At the same time, the anti-Google forces made surprisingly little actual progress in 2011, including suffering a conspicuous (and not even close) loss in the myTriggers case. See my paper on why I am so over the Google antitrust battles.
* DC's Obsession with Busting Silicon Valley Companies. Sometimes, it feels like DC insiders wake up in the morning and wonder, "What Silicon Valley company do I feel like busting today?" Drive down the 101 from San Francisco to San Jose and play the "Spot the FTC/DOJ Bust" bingo game. Some of DC's targets in 2011: Google Buzz, Twitter (finalized in 2011), Facebook, Google pharma ads, Apple and others for no-poaching restrictions, and others. Good times!
* Judges Order Litigants to Hand Over Passwords to Social Networking Sites. This year, several judges ordered litigants to turn over their Facebook passwords to their litigation opponents for discovery purposes. See, e.g., Zimmerman v. Weis (which I added to my Internet Law reader this year). In 10 years, we'll look back at this mini-trend and shake our heads at the judicial cluelessness. Social networking sites contain a mix of public and private information, and letting a litigation opponent root around the account is just as objectionable as making a litigant hand over the keys to his/her house so the opponent can rummage around.
Other Key Court Rulings in 2011
Some other interesting court decisions this year:
* Author's Guild v. Google. The court rejected the Google Book Search settlement agreement for good reasons, but it sent the parties back to square 1. Why the parties haven't been able to broker a legislative compromise is beyond me.
* Barclays v. theflyonthewall. The Second Circuit took a big bite out of the hot news doctrine. Unfortunately, the Second Circuit didn't kill the hot news doctrine outright, but the opinion leaves open very little room for hot news plaintiffs.
* Network Automation v. Advanced System Concepts. The most important keyword advertising ruling to come out in several years. While the ruling itself was a mixed bag for the litigants, the opinion tore down a number of crusty plaintiff-favorable legal doctrines that had cluttered up trademark jurisprudence for years--including virtually mooting the initial interest confusion doctrine and killing the "Internet trinity" bypass to the standard multi-factor likelihood of consumer confusion test. I've noticed that the opinion has already noticeably tilted courts towards more defense-favorable rulings.
* Betty Boop case (Fleischer Studio v. AVELA). For a few months, it looked like the Ninth Circuit had eliminated trademark merchandising rights in characters that were out-of-copyright. Then it changed its mind; but still it liberated Betty Boop to the world.
* PhoneDog v Kravitz. An interesting battle over ownership of a Twitter account.
* Levitt v Yelp/Ascentive v. PissedConsumer. 47 USC 230 still works really, really well as an immunity. In Levitt, Yelp got a 230 dismissal that Yelp had tried to get advertisers to pay to manage consumer reviews. In Ascentive, the court rebuffed a plaintiff's effort to use a trademark infringement claim against a consumer review website to work around 230.
* Habush v Cannon. Buying a person's name as the trigger for keyword advertising doesn't violate their publicity rights.
* UMG v. Shelter Capital. While everyone waits for the Second Circuit's decision in Viacom v. YouTube, the Ninth Circuit stole some of that thunder with a powerful endorsement of the 17 USC 512 safe harbor. Too bad Veoh didn't live long enough to enjoy the win.
* In re Rolando S. Rolando was convicted of felony identity theft for taking a classmate's Facebook page for a joyride. My vote for the most interesting Internet Law case of 2011, and an instant cyberlaw classic. I've already added it to my Internet Law reader, and the students seemed to enjoy discussing the case.
Some of the Most Linked Blog Posts in 2011 (Per Topsy)
* New Advertising & Marketing Law Casebook Available for Review
* Court Orders Plaintiff to Turn Over Facebook and MySpace Passwords in Discovery Dispute -- Zimmerman v. Weis Markets, Inc.
* "App Store" Isn't Generic, But Apple Can't Enforce Its Purported Trademark in the Term--Apple v. Amazon (Apple legal issues are always good link bait)
* Twitpic Modifies Terms and Claims Exclusive Rights to Distribute Photos Uploaded to Twitpic
* Republishing Entire Newspaper Story is Fair Use--Righthaven v. CIO
* Court Rules That Instant Message Conversation Modified the Terms of a Written Contract -- CX Digital v. Smoking Everywhere (the most popular post of the year by far--a modern Contract Law classic)
* Second Life Ordered to Stop Honoring a Copyright Owner's Takedown Notices--Amaretto Ranch Breedables v. Ozimals
Favorite "Overlooked" Posts
A few posts that maybe got overlooked a little:
* Cyberbullying and Restorative Justice [a Long-Delayed Post on DC v. RR]
* Racy Teen Photos Posted to Facebook Are Constitutionally Protected Speech--TV v. Smith-Green
* Marijuana Activist Can't Change His Name to "NJWeedman.com" -- In re Forchion
* Free-to-Consumers Ad-Supported Website Isn't Illegally Priced--Cammarata v. Bright Imperial
* What Would a Government-Operated Search Engine Look Like in the US?
Lists of Yore
Previous top 10 lists from 2010, 2009, 2008, 2007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 2005, 2004 and 2003.
Posted by Eric at 09:45 AM | Copyright , Derivative Liability , Domain Names , Evidence/Discovery , Internet History , Patents , Privacy/Security , Search Engines , Trademark | TrackBack
October 03, 2011
New Essay on 47 USC 230(c)(2)
By Eric Goldman
I have posted a new essay, Online User Account Termination and 47 U.S.C. §230(c)(2), to SSRN. I wrote this essay as a contribution to a virtual world symposium at UC Irvine, and it will be published in the UC Irvine Law Review.
The essay generally argues that 47 USC 230(c)(2) permits online providers, including virtual world operators, to terminate user accounts without liability. Academic commentators frequently ignore or fail to consider Section 230(c)(2)'s immunity when discussing user account terminations, so the essay tries to elevate Section 230(c)(2)'s profile in the discussions, especially for the virtual world community. To me, Section 230(c)(2)'s applicability to account terminations is clear, but the story is complicated and perhaps not free from controversy. In addition to explaining the nuts-and-bolts, I offer a brief theoretical defense of the immunity.
I believe this essay is the first law review article exclusively on 47 USC 230(c)(2), the overlooked and undertheorized sibling of Section 230(c)(1). (FWIW, I have another, much larger article in process on Section 230(c)(1) that I hope to complete next semester.) If I've missed a 230(c)(2)-specific article, please please please let me know. For that reason alone, I'm quite excited about this essay.
I'm also excited about this essay because it culminates a topic I've been contemplating since I began blogging--the implications of virtual world proprietors' rights to terminate for convenience. See, e.g., this post--one of my first on the blog--from 6 1/2 years ago. After all these years, I'm glad to finally organize my thoughts more completely.
The essay is in draft form, so I would gratefully welcome your comments.
________
The abstract:
An online provider’s termination of a user’s online account can be a major-and potentially even life-changing-event for the user. Account termination exiles the user from a virtual place the user wanted to be; termination disrupts any social network relationship ties in that venue, and prevents the user from sending or receiving messages there; and the user loses any virtual assets in the account, which could be anything from archived emails to accumulated game assets. The effects of account termination are especially acute in virtual worlds, where dedicated users may be spending a majority of their waking hours or have aggregated substantial in-game wealth. However, the problem arises in all online environments (including email, social networking and web hosting) where account termination disrupts investments made by users.
Because of the potentially significant consequences from online user account termination, user-rights advocates, especially in the virtual world context, have sought legal restrictions on online providers’ discretion to terminate users. However, these efforts are largely misdirected because of 47 U.S.C. §230(c)(2) (“Section 230(c)(2)”), a federal statutory immunity. This essay, written in conjunction with an April 2011 symposium at UC Irvine entitled "Governing the Magic Circle: Regulation of Virtual Worlds," explains Section 230(c)(2)’s role in immunizing online providers’ decisions to terminate user accounts. It also explains why this immunity is sound policy.
Posted by Eric at 09:10 AM | Derivative Liability , Internet History , Licensing/Contracts , Virtual Worlds | TrackBack
August 30, 2011
Fall 2011 Internet Law Reader and Syllabus
I have posted my Internet Law syllabus for Fall 2011. In addition, as I did last year, I have posted my Internet Law course reader to Scribd as a DRM-free pay-to-download PDF. You can also buy a print-on-demand copy at CafePress. If you are an academic and would like a free PDF, email me. If you are interested in adopting the reader for your class, definitely let me know and I can also share my PPT slide deck with you. If you are outside the US and therefore unable to pay due to Scribd's policies, contact me as well.
This year, I made the following changes to my course and the reader:
* Regarding keyword advertising, I replaced the Hearts on Fire case with the Network Automation case. I'm still not 100% sure how the Network Automation case will be interpreted by the lower courts, but the early rulings suggest the Network Automation case has tilted things a little more towards the defense.
* I added the Illinois v. Hemi case. The last thing I want to do is spend more time on Internet jurisdiction issues, but I was able to edit the case down to less than 2 pages. Even with that brief treatment, the opinion is helpful to illustrate the problems of geographic scienter for e-commerce sites, as well as the opinion's explicit repudiation of the dying Zippo precedent.
* I added Zimmerman v. Weis, which allowed a litigant to get the passwords to its opponent's Facebook account for discovery purposes. At its core, it's an e-discovery case, and I don't plan to spend a lot of time on that topic. However, I think the case will spur a lot of student thinking about the differences between a Facebook account and offline analogues from a privacy standpoint.
* I added the In re Rolando S. case, which said that taking someone else's Facebook account for a joyride was felony identity theft. I think this is one of the most thought-provoking Internet law cases from the past year. I'm going to be especially interested to see how the students respond to the case.
* I deleted the Mummagraphics and BMG v. Gonzalez cases. It's always painful to drop cases, but I needed to free up some space for these additions. The Mummagraphics case remains an important precedent, but it did duplicate with a lot of the discussion from the trespass to chattels material earlier in the semester. The BMG v. Gonzalez case was useful to punctuate the point that a fair use defense isn't going to succeed in the case of personal music downloading, but I think I can make that point effectively enough without the case.
In the reader, I also added a number of drawings, screenshots and other graphical materials to help with the material, plus I added some notes and questions after some of the cases. Progressively, the reader is turning into a real casebook.
My analogous blog posts from years past: 2010; 2009; 2008; 2007; 2006; 2005.
Posted by Eric at 08:47 AM | Internet History | TrackBack
May 25, 2011
Ohio Appeals Court: GoDaddy can be Held Liable for Wrongly Transferring Control Over Domain Name and Email Accounts -- Eysoldt v. ProScan
[Post by Venkat Balasubramani]
Eysoldt v. GoDaddy, et al., C-100528 (Ohio Ct. App.; May 18, 2011)
Actions against registrars for allowing domain names to be wrongly transferred have been relatively rare. Members of the Eysoldt family brought claims against GoDaddy alleging these types of claims. A jury ruled in their favor and the Ohio Court of Appeals declined to set aside the verdict.
Jeff Eysoldt registered Eysoldt.com through GoDaddy. He used this account for personal purposes--he stored photos and used it for email, and he allowed other family members to do so. He also registered and managed a domain name for his sister's business through this account. Separately, he entered into a business arrangement with ProScan, and the parties sought to build out a website which would promote cosmetic surgery centers. As part of this project with ProScan, he registered Myrejuvenate.com and placed this domain name in the same GoDaddy account as his personal domain name and his sister's domain name.
The relationship between Eysoldt and ProScan soured, and ProScan sought control of the domain name and the website. One of the ProScan executives called GoDaddy directly. GoDaddy's customer service representative saw that the domain name was registered under Eysoldt's name but "verified" the account information with the ProScan executive by confirming the method of payment and account number used to pay.
GoDaddy gave ProScan control over the Myrejuvenate.com domain name. Unfortunately, it also gave ProScan control over the other domain names and associated email accounts in Eysoldt's GoDaddy account. Eysoldt contacted GoDaddy to fix the problem, but he was told he had to fill out a verification form and fax this along with his drivers license. He did this, but GoDaddy responded to him that his face was not legible in the copy of the drivers license. The ProScan executive also contacted GoDaddy and asked that the domain names other than Myrejuvenate.com be transferred back to Eysoldt, but this too was unsuccessful.
Ultimately, Eysoldt sued GoDaddy. He sued ProScan as well but settled with them. The jury ruled in favor of the Eysoldt and awarded him $50,000 ($20,000 for invasion of privacy and $30,000 for conversion). Two other Eysoldt family members were awarded $10,000 each ($7,000 for invasion of privacy and $3,000 for conversion). (Here is a link to the verdict form.)
GoDaddy made several technical arguments on appeal and the court rejects them all.
Economic Loss doctrine: GoDaddy argued that Eysoldt's claims were barred by the economic loss rule, but the court says that this rule only applies to negligence claims and not to intentional torts.
Conversion: GoDaddy argued that a domain name cannot form the basis for a conversion action because it is intangible property. The court says (citing to CRS Recovery, Inc. v. Claxton) that times have changed. A domain name is readily identifiable and can be converted. GoDaddy also argued that the family members could not assert conversion claims because they testified that they lacked any ownership interest in the accounts. On this point, the court ruled that there was sufficient evidence from which a jury could conclude that GoDaddy converted the "conditional email and private communications [of the family members] that were contained in the GoDaddy account."
Invasion of Privacy: Finally, GoDaddy argued that there was insufficient evidence to support an invasion of privacy claim because there was no evidence that GoDaddy accessed the email accounts. The court rejects this argument also, noting that Eysoldt testified that someone had accessed the emails. According to the court, the harm flowed from the disclosure and not the misuse of the emails. In any event, the court cites to the fact that GoDaddy took control of personal emails, websites, and communications and just handed them over to a third party.
---
GoDaddy had a pretty tough argument here given the facts. To treat a domain name as anything other than valuable third party property would be a mistake by registrars. There was some confusion early on as to whether domain names are contract rights (which do not support conversion claims) instead of property, but courts have long moved on from this question. (See Kremen v. Cohen, CRS v. Claxton, Office Depot v. Zuccarini, Bosh v. Zavala, etc.) I'm surprised GoDaddy didn't raise an argument based on waivers or limitations of liability contained in its end user agreement, but the opinion does not discuss them.
The court's conclusion regarding the invasion of privacy claim is worth noting because the court did not take the approach numerous courts have taken in data breach cases and require any showing of out-of-pocket loss. The likely explanation for this is that the plaintiff here asserted claims under the "intrusion" theory, where the harm flows from the mere disclosure, rather than the misuse, of data, but this should require a showing that the accounts contained information that was of an intimate nature. The court alludes to this in describing what type of information was contained in these email accounts, but does not come out and explicitly state this or cite to any specific information which would support a claim of intrusion.
The court's conclusion that the other family members could recover for conversion also glosses over a few nuances. The sister had a domain name registered through GoDaddy, but the court does not connect the dots on how giving Proscan control over the GoDaddy account translates into a conversion claim for the other family members. The court instead focuses on the email accounts and notes:
[w]hile Jill and Mark [the other family members] acknowledged that the account was registered to Jeff, the evidence showed that each of them had email accounts set up within Jeff's account. Additionally, Jeff and Jill had created content for Jill's website for her business, Good Karma Cookies. When Go Daddy gave control of the account to Wallace and ProScan, Jill could not access her website. Likewise, Jill and Mark could not access their email accounts. Thus, as the trial court stated, 'there was sufficient evidence produced at trial that would support the jury finding that GoDaddy converted the conditional and private email communications of Mark and Jill Eysoldt that were contained in the GoDaddy account.'
The court's focus on control over email accounts and content does not square well with the cases which say that domain names can be converted because they are freely transferable and can be bought and sold. Under the court's approach, a registrar could be found liable for terminating access to an email or hosting account, and this sounds problematic.
[Eric's comment: indeed, I read this opinion as hinting that any cloud service provider could "convert" a user account's to the extent that service provider "wrongfully" "cuts off" the user's access to his/her own intangible files. I don't think the court means to go there, but holding that GoDaddy converted the emails (as opposed to the domain names) naturally leads to a very dark place.]
It's clear that courts are not reluctant to impose some sort of obligation on the part of registrars to guard against identity theft. Registrars may need to adopt authentication procedures as rigorous as the procedures that banks use to authenticate bank accounts. Of course, even this approach is not infallible, and not easy to implement, given that much of the customer service interaction between a registrar takes place over the phone. Another suggestion is for registrars to respond promptly to any claims by customers of domain name theft. Sending a canned response from customer service when a customer frantically emails saying that his or her domain name has been stolen is not going to look good in the eyes of the fact-finder.
I'm struck at how often people register business and personal domain names in the same account, and how often the web-person ends up registering the domain name for a project in his or her account, rather than in the name of the entity, or a separate account which both joint ventures have control over. The domain name as a bank account analogy is useful here, and if you are part of a joint venture, think about whether you would want to give your co-venturers sole control over the bank account.
Posted by Venkat at 09:20 AM | Domain Names , Internet History , Licensing/Contracts , Publicity/Privacy Rights
April 18, 2011
Judge Recognizes Loss of Value to PII as Basis of Standing for Data Breach Plaintiff -- Claridge v. RockYou
[Post by Venkat Balasubramani with comments from Eric]
Claridge v. RockYou, 2011 WL 1361588 (N.D. Cal.; Apr. 11, 2011)
RockYou is a developer and publisher of applications for use with Facebook, MySpace, hi5, and Bebo. RockYou's applications allow users to share photos, write text on a friend's page, or play games with other users. In order to sign up, users are asked to provide an email address and create a password. Users may also be required to provide their social network user name and passwords. RockYou displays advertisements on the apps. RockYou claims to have "more than 130 million unique customers using its application on a monthly basis."
RockYou was alerted to an alleged security problem with its SQL database in late December 2009 by an online security firm. Plaintiff claims that RockYou failed to act quickly enough to address this problem, and as a result
at least one confirmed hacker known as 'igigi' accessed RockYou's database, and in the process accessed and copied the email and social networking login credentials of at least 32 million registered RockYou users.
Plaintiff sued RockYou in a putative class action, alleging a slew of claims: breach of contract, the Stored Communications Act, negligence, California's anti-hacking statute, and California's unfair competition and consumer protection statutes.
Standing: RockYou argued that plaintiff lacked standing - i.e., that the unauthorized access of plaintiff's login credentials did not cause plaintiff any "concrete, tangible, non-speculative harm." In response, plaintiff argued that:
[RockYou's] customers, including plaintiff, 'pay' for the products and services they 'buy' from [RockYou] by providing their PII, and that the PII constitutes valuable property that is exchanged not only for [RockYou's] products and services, but also in exchange for [RockYou's] promise to employ commercially reasonable methods to safeguard the PII.
The court agreed with plaintiff and found that plaintiff alleged an injury in fact sufficient to confer standing. The court noted that the case law is mixed on the question of whether data breach plaintiffs have standing to sue. The court recognized the novel context in which the claims arose:
the unauthorized disclosure of personal information via the Internet - is itself relatively new, and therefore more likely to raise issues of law not yet settled in the courts.
Although the court expressed "doubts about the plaintiff's ultimate ability to prove [plaintiff's] damages theory," the court declines to dismiss on the basis of standing.
Contract Claims: The court initially rejects RockYou's request to dismiss the contract claims (based on a breach of RockYou's privacy policy) on the basis that plaintiff did not lose anything of value. For pleading purposes,
plaintiff . . . sufficiently alleged a general basis for harm by alleging that the breach of his PII has caused him to lose some ascertainable but unidentified 'value' and/or property right inherent in the PII.
RockYou argued that the privacy policy terms expressly provided that it could not be held liable for any unauthorized third party access to users' personal information, but the court disagrees, citing to RockYou's privacy policy. The policy disclaims liability where a third party accesses user information contained in RockYou's "secure servers," but the court notes that RockYou's servers were not in fact secure. The court also cites to flowery language in RockYou's privacy policy to the effect that RockYou takes "commercially reasonable . . . safeguards" to protect user information.
Consumer Protection Claims: Plaintiff loses on his California consumer protection act claims. With respect to his claim under California's unfair competition law, one of the two requirements is that the plaintiff has to have lost "money or other property" in order to bring a claim. The court holds that the UCL's standing requirements are stricter than Article III standing requirements, and require the plaintiff to have paid money or "parted with some particular item of property he formerly possessed." The court does not buy plaintiff's novel theory that plaintiff's "PII constitutes 'currency'" under the statute. No luck for plaintiff under the UCL.
Similarly, the court rejects plaintiff's claim under the California Consumer Legal Remedies Act, because the statute only applies to plaintiffs who "purchase or lease" goods or services for "personal, family, or household purposes." Here, plaintiff has not purchased or leased any goods or services.
__
Plaintiff's other claims received mixed results. The court dismissed the Computer Fraud and Abuse Act claim with leave to amend (plaintiff admitted that it cited the wrong statutory provision), found that RockYou was not liable under California's anti-hacking statute (section 502), and found that plaintiff adequately stated a negligence claim.
Data breach cases have uniformly rejected the claims of plaintiffs who have not actually lost any money out of pocket. Some cases have done so on the merits, and other cases have done so on the basis of standing (some cases, such as Krottner v. Starbucks, have rejected the claims on the merits but have expressly found standing). The big question is whether this ruling moves the needle in any way. I'm inclined to say no, but the way in which the plaintiff cast his claim and the court characterized it is interesting.
The privacy policy / breach of contract analysis was also interesting. There is case law expressing skepticism as to whether a privacy policy is even a contract that can support a breach of contract action ("When Does a Privacy Policy Breach Support a Breach of Contract Claim?"), but courts lately don't think twice about analyzing privacy policy claims under the breach of contract framework. Companies (for whatever reason) continue to include flowery language in their privacy policies that courts latch on to when putting them on the hook for privacy foibles.
Related posts:
9th Circuit Affirms Rejection of Data Breach Claims Against Gap -- Ruiz v. Gap
Acxiom Not Liable for Security Breach--Bell v. Acxiom
The [Non]enforceability of Privacy Promises--Pinero v. Jackson Hewitt
Claims Brought by Express Scripts Data Breach Plaintiffs Rejected on Standing Grounds -- Amburgy v. Express Scripts, Inc.
__
Eric's comments
There is a lot to dislike about this opinion.
First, RockYou's privacy policy promised "RockYou! uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information..." This is industry-standard fluff language in a privacy policy. I bet we could find tens of thousands of privacy policies with similar language. I believe the prevailing view among lawyers is that this language couldn't be actionable. It doesn't promise security or integrity; it just promises the company will deploy *some* safeguards. Further, the efforts are only supposed to be "commercially reasonable"--language which many lawyers believe is equivalent to "we'll try."
Here, the plaintiff attacks the language by arguing that RockYou didn't encrypt its data. Now, I recommend to clients that they encrypt their databases of user data in all circumstances, but is it commercially unreasonable to do so? The defendant doesn't get the decisive win it expected on that point. (The plaintiff also asserts that the defendant was derelict in patching a security flaw that allowed the bad guys to do an SQL injection attack, so the two arguments may have reinforced each other enough to convince the judge there may be something to this case). As Venkat suggests, it's time to cut the fluffy language from privacy policies. Courts and plaintiffs are overresponding to it.
Second, the court's decision not to use Article III standing to kick out the case was unfortunate. Although I am sympathetic that Article III standing dismissals are harsh on plaintiffs--they never get a chance to say anything--the doctrine has been very useful at squelching unmeritorious privacy cases early. This case is effectively indistinguishable from the other cases where Article III standing has been used; it's a garden-variety security breach with no known tangible consequences (other than lawyers looking for a little gravy). Based on the precedent, an Article III standing dismissal would have been a logical outcome.
The court's acquiescence to the plaintiff's argument ("defendant’s customers, including plaintiff, “pay” for the products and services they “buy”from defendant by providing their PII, and that the PII constitutes valuable property") smacks of the old academic debates in the late 1990s/early 2000s about whether personal data should be propertized. It was a weird debate because many of the academics who oppose copyright doctrinal expansion were simultaneously advocating for increased propertization of personal data as a privacy/anti-advertising technique. Personally, I had hoped all of those theories had been lost in the dustbins of history. Instead, this court moves in that direction. Privacy advocates might rejoice, but be careful what you wish for.
The court's embrace of a "novel" theory is especially frustrating because the court goes on to say that it has doubts about the plaintiffs' ability to prove damages in the end. So instead of doing the socially optimal thing--killing a meritless lawsuit early--the court embraces a theory likely to fuel privacy advocates to bring other meritless cases; while keeping this case open may very well cause both parties to spend a lot of money only to kill a meritless case later. This may be a situation where the judge is being just a bit too careful.
Third, assuming that personal data is "property," this isn't a situation where the vendor sold the data or misused it for advertising. Instead, there was no impairment to the users' "property right"; it was a security breach. So this is a particularly poor case for the personal-data-as-property meme.
One small piece of good news from this opinion: the court interprets California Penal Code Sec. 502 narrowly and effectively prevents the plaintiffs from converting it into a sword to be used against companies that get hacked. We don't have many Penal Code 502 rulings, but most of the extant rulings read the statute pretty broadly. I'm glad to see the court was more circumspect on that point.
Posted by Venkat at 09:19 AM | Internet History , Licensing/Contracts , Marketing , Privacy/Security , Trespass to Chattels | TrackBack
March 03, 2011
Jan.-Feb. 2011 Quick Links, Part 4
By Eric Goldman
Internet Freedom
* The EFF points out the inconsistency between Hillary Clinton's speech championing Internet freedom abroad when our own US government has gone rogue on its own citizens, including unlawful domain name seizures and an obsessive vendetta against Wikileaks.
* Fast Company: Why Twitter stood up for its users against the "secret" Wikileaks subpoena when other sites didn't.
47 USC 230
* Fleming v. Duncan: Yahoo wins 47 USC 230 motion to dismiss in Georgia state court.
* Neeley v. NameMedia, Inc., 2010 WL 5677069 (W.D. Ark. Dec. 16, 2010). 47 USC 230 preempts "outrage" claim over displaying nude photos in search results. A complementary follow-up ruling: Neeley v. NameMedia, Inc., 2011 WL 336174 (W.D. Ark. Jan 31, 2011).
* Several professors contributed essays to a book critical of 47 USC 230. Paul Levy takes them on.
* Jonathan I. Ezor, Busting Blocks: Revisiting 47 U.S.C. § 230 To Address The Lack Of Effective Legal Recourse For Wrongful Inclusion In Spam Filters, Richmond Journal of Law and Technology (Fall, 2010).
Spam
* Facebook, Inc. v. Fisher, 2011 WL 250395 (N.D. Cal. Jan. 26, 2011). Facebook gets $360M default judgment against spammers.
History
* Antone Johnson on the dot-com hangover of 2000-2002.
* 25 Best Startup Failure Post-Mortems of All Time.
Miscellaneous
* You can watch video from Next Digital Decade event. More on that event: 1, 2, 3. If you haven’t looked yet, you should check out the book.
* Unique Products Solutions v. Hy-Grade Valve (N.D. Ohio Feb. 24, 2011). Patent false marking qui tam process is unconstitutional.
* Shrader v. Biddinger, 2011 WL 678386 (10th Cir.(Okla.) Feb 28, 2011). In this Internet jurisdiction case, the Tenth Circuit adopts ALS Scan v. DSC as its test rather than Zippo.
* FairSearch.org has a new partial rival, Faretransparency.org, the web front for the Open Allies for Airfare Transparency, "a coalition representing all of the stakeholders in the travel booking industry, works to promote price transparency and full access to airline pricing and fee information." It's chaos in the online travel booking industry right now!
* Very useful table: State Cyberstalking, Cyberharassment and Cyberbullying Laws
* Evony sues its user for automated mapping of its site.
* ABA Journal: "For Federal Plaintiffs, Twombly and Iqbal Still Present a Catch-22"
* Direct Marketing Association v. Huber, No. 10-cv-01546-REB-CBS (D. Colo. Jan. 26, 2011). Judge strikes down Colorado's attempt to impose an "Amazon" tax as unconstitutional. My previous reference to the law.
* In the Silicon Valley, being the "Craigslist Congressman" might be considered a compliment. Unfortunately, that term will now be pejorative.
* Segal v. Amazon, 2:11-cv-00227 (S.D. Fla. Feb. 4, 2011). Amazon's participation agreement's venue selection clause upheld.
* Rep. Matheson wants to require age authentication to access online porn. Been there/done that 13 years ago with COPA. Lest you forget, it was unconstitutional.
Funny Stuff
* French second-graders are shown items like an old Fisher Price record player and 3.5 and 5 inch floppies and are totally baffled by them. Funny video.
* Great Dilbert strip riffing on the old joke of how you know if a lawyer is lying.
Posted by Eric at 11:53 AM | Content Regulation , Derivative Liability , Internet History , Patents , Spam | TrackBack
March 01, 2011
Jan.-Feb. 2011 Quick Links, Part 3 (Trademarks, Domain Names and Trade Secrets Edition)
By Eric Goldman
Trademarks and Domain Names
* From my perspective, the Department of Homeland Security (DHS) domain name seizures are one of the US government’s top 5 all-time worst assaults on the Internet’s integrity. DHS’s ICE division is grabbing domain names—the virtual equivalent of printing presses—citing half-baked legal theories and poorly researched factual claims without any advance notice or adversarial proceedings. This is exactly what we expect our government won’t do.
Yet, I haven’t seen a proportionate blowback. Why aren’t affected domain name owners suing the government for improperly seizing their printing presses? (This takes me back to the 2-decade-old Steve Jackson Games case and the EFF’s founding). Why aren’t there Congressional hearings asking DHS to defend its behavior? Where aren’t other parts of the administration forcing DHS to justify itself? Why aren’t judges pushing DHS to do a better job of demonstrating their cases on an ex parte basis? I’m a little baffled why there hasn’t been a revolt against the DHS’s baldfaced abuse of government power. I confess I’m part of the problem in that I haven’t grabbed the pitchforks either, but I’m not sure how I can best help. If you have any thoughts, I’d welcome them.
A linkwrap on this topic:
- Techdirt raises some general questions.
- One of the DHS affidavits. Techdirt deconstructs it.
- Sen. Wyden seems like our only legislator paying attention.
- Wendy Seltzer explores the due process problems.
- An ICE representative tried to defend its actions, with no success.
- Another 18 names seized.
- In a crackdown aimed at child porn, DHS took down 84,000 websites "by mistake." This is exactly the kind of “mistake” that would not happen if due process were followed and speech restrictions were subject to adversarial proceedings.
- EFF on what the repeated DHS screwups teach us about the "wisdom" of COICA:
- Techdirt: “ICE Boss: It's Okay To Ignore The Constitution If It's To Protect Companies”
* Private Career Training Institutions Agency v. Vancouver Career College (Burnaby) Inc., 2011 BCCA 69 (BC Ct. App. Feb 11, 2011): "The burden was on the appellant to satisfy the judge that there were reasonable grounds to believe that the respondents’ use of keyword advertising was actually or potentially misleading. He found as a fact that the appellant had not established that the respondents’ keyword advertising was actually or potentially misleading. He stated that the appellant had not persuaded him that the respondents’ use of its competitors’ names in keyword advertising “could...lead a student astray or into making a harmful error of judgment”. There was evidence to support those findings."
* NY S953: New York is trying yet again to ban domain name sales to terrorist groups. My prior blog post.
* Kim v. Coach: class action suit for Coach sending trademark takedown notices to eBay for the resales of legitimate goods. AP story.
* Joe Mullin recaps our efforts to crack open the Rosetta Stone v. Google joint appendix.
* LinkedIn allows ad targeting by company name. Competitive poaching, anyone? Will they be the newest defendants in keyword ad lawsuits?
* Rebecca covers an interesting and complicated dispute over a comparable drug being linked to a patented drug in a pharmaceutical reference database, with some parallels to keyword advertising.
* The Supreme Court denied certiorari in the latest appeal in Moseley v. V Secret Catalogue Inc. Prof. McCarthy on the ruling for which certiorari was sought.
* Law.com: Digital Chocolate and Zynga Settle over 'Mafia Wars'
* Ford sues Ferrari for naming one of its race cars "F150" in celebration of Italy's 150th anniversary of unification.
* Subway seeks to trademark "footlong."
* Las Vegas Sun: Double Down Saloon v. Double Down Lounge.
* Technolawyer tries to enforce a trademark in “SmallLaw.”
* Fleischer Studios v. AVELA (9th Cir. Feb. 23, 2011). The Ninth Circuit says that the Betty Boop character is in the public domain. This is quite a remarkable opinion, but I particularly call your attention to the discussion about trademarks and merchandising (cites omitted):
Even a cursory examination, let alone a close one, of “the articles themselves, the defendant’s merchandising practices, and any evidence that consumers have actually inferred a connection between the defendant’s product and the trademark owner,” reveal that A.V.E.L.A. is not using Betty Boop as a trademark, but instead as a functional product. Just as in Job’s Daughters [a 1980 9th Circuit case the majority cites even though it wasn't cited by either party or the district court], Betty Boop “w[as] a prominent feature of each item so as to be visible to others when worn . . . .” A.V.E.L.A. “never designated the merchandise as ‘official’ [Fleischer] merchandise or otherwise affirmatively indicated sponsorship.” Fleischer “did not show a single instance in which a customer was misled about the origin, sponsorship, or endorsement of [A.V.E.L.A.’s products], nor that it received any complaints about [A.V.E.L.A.’s] wares.”...“The name and [Betty Boop image] were functional aesthetic components of the product, not trademarks. There could be, therefore, no infringement.”
The court goes on to discuss Dastar:
If we ruled that A.V.E.L.A.’s depictions of Betty Boop infringed Fleischer’s trademarks, the Betty Boop character would essentially never enter the public domain. Such a result would run directly contrary to Dastar.
I applaud the majority opinion's spirit, and this could be quite a revolutionary opinion if it truly sets Ninth Circuit precedent. However, I’ve repeatedly criticized the Ninth Circuit for making up the rules panel-by-panel (I know I'm not the only one), and I suspect this is just another one-off. Kate Spelman thinks this is a good case for en banc review (I agree).
* WSJ: A quick survey of major legal issues in franchising law.
* Meth Lab Cleanup LLC v. Spaulding Decon, LLC, 2010 WL 5572397(D. Idaho Oct. 25, 2010): "the mere fact that resulting harm from the alleged confusion over the contents of the parties' websites may be incurred by an Idaho company is not sufficient to show that Spaulding “directed” its conduct toward Idaho."
* Walgreens is elevating the profile of its house-branded products.
* Index of WIPO UDRP Panel Decisions
* Oddee: 12 Hilarious Knock-off Fails
Trade Secrets
* Has the original Coca-Cola recipe leaked out?
* Reality Blurred: The producers of Survivor sue over leaked information about the upcoming season, but they drop the suit once they learn the leak source.
* David S. Almeling et al, A Statistical Analysis of Trade Secret Litigation in State Courts
Posted by Eric at 01:44 PM | Domain Names , E-Commerce , Internet History , Trade Secrets , Trademark | TrackBack
February 10, 2011
Comparative Domain Name and Keyword Regulation Talk Slides
By Eric Goldman
I have a busy semester of talks, so I will be rolling out some talk slides over the next few days. Today, I'm posting my talk slides from a talk I gave last month at the University of Houston as part of this event. I titled the talk "Domain Name and Keyword Regulation."
This is a newly updated version of a talk I gave in 2007 at McGeorge Law School. At the time, I was interested in how we codified various forms of domain name exceptionalism compared to other keyword navigation tools. (The impetus for that talk, in turn, comes from my Deregulating Relevancy article, where I make this point more fully). This time, I think I did a better job offering some reasons why domain names may truly differ from keywords, so perhaps the "exceptionalism" isn't as remarkable as I indicated in 2007 (or is justifiable in part).
Revisiting the talk after 4 years, what really caught my attention were the relative quantum of regulations targeted specifically at domain names and keywords, respectively. I did a search in Westlaw's federal and state statutory databases for "domain name," and I was overwhelmed with hundreds of search results. I'm amazed how many statutes call out domain names and, in some cases, subject domain names to exceptionalist regulation. I taxonomize these various types of domain name regulations in my slides.
In contrast, we still have virtually no keyword advertising-specific regulation. The only such law still on the books is the Alaska anti-adware law, a law that I believe everyone simply ignores (although perhaps it's been mooted by the demise of adware circa 2005). When I initially gave the talk in 2007, the Utah Spyware Control Act was still on the books, but Utah ultimately (and wisely IMO) repealed that law, and Utah's other flirtations with keyword regulations have fortunately petered out. Given how keyword advertising has eclipsed domain names in so many ways, I remain perplexed by this disparity in regulatory attention despite the distinguishing characteristics between the two.
Posted by Eric at 11:30 AM | Adware/Spyware , Domain Names , Internet History , Trademark | TrackBack
February 01, 2011
Free-to-Consumers Ad-Supported Website Isn't Illegally Priced--Cammarata v. Bright Imperial
By Eric Goldman
Cammarata v. Bright Imperial Ltd., 2011 WL 227943 (Cal. App. Ct. Jan. 26, 2011). The complaint. The trial court ruling.
If you can't compete with free, can you litigate it away?
Kevin Cammarata ran subscription-based porn sites until he sold his business at an allegedly depressed sales price. The defendant runs an ad-supported porn site, RedTube.com, one of many porn websites with the suffix -tube.com as an homage to YouTube. Nothing about any of the websites implicated by this lawsuit is office-safe. The court, apparently with a straight face, sets the context by saying "the formerly profitable subscription-based websites 'have been brought to their knees' by the tube-based sites." (Once again reinforcing that the Internet is really just a series of tubes...?)
Unhappy with competing with free, Cammarata sued RedTube and some of its advertisers for unfair business practices. Cammarata's attorney, Jay Spillane, was quoted as saying "Tube sites have done injury to the business. We feel RedTube and other sites like them are crowding out competition when it comes to the online adult business.”
Crowding out competition? Is that another way of saying that new entrepreneurs are winning market share from incumbents?
The court summarizes the allegations against RedTube:
Cammarata contends that Bright's unlawful activities consist of (1) allowing customers to view adult entertainment videos on its website below cost for the purpose of injuring Cammarata's business and destroying his competition in violation of Business and Professions Code section 17043; (2) unlawfully using its videos as "loss leaders" in violation of Business and Professions Code section 17044; and (3) engaging in "unlawful, unfair, or fraudulent business practices or acts" in violation of Business and Professions Code section 17200. The advertising defendants are allegedly aiding and abetting Bright in accomplishing the conduct described above.
The trial court granted the defendants' anti-SLAPP motion. The appellate court upholds that ruling. Unless something changes, Cammarata should be writing a check to the defendants for their troubles.
Frankly, I'm not sure about the application of anti-SLAPP laws here. The court's treatment of the "public interest" is pretty lax--basically, the statutory "public interest" here is that lots of people are generally interested in porn ("Cammarata and Bright agree that there is a substantial public interest in the kind of sexually explicit videos shown on tube-sites such as Redtube"--news flash of the day!). Nevertheless, I'm glad it results in a fee shift given the sheer craziness and anti-consumer sentiments of the lawsuit.
Cammarata argued that he was suing over RedTube's pricing decisions, not its publication of videos. The court rejects this argument:
We reject Cammarata's argument that his causes of action arise from Bright's predatory pricing, not its speech, because here the product being priced is speech, not dog food. All of Cammarata's causes of action arise from Bright's conduct of placing speech on the Internet where it can be viewed for free by the public. This is the "predatory pricing" that Cammarata complains of.
The court then turns to the merits of Cammarata's complaint about pricing. At its core, his argument is that giving away content for free, supported by advertisers, is illegal under California law. Obviously, no court was going to agree. Could you imagine? Sirius could sue all of the broadcast radio stations. HBO could sue broadcast TV stations. Subscription newspapers could sue free newspapers. That would be quite a result. The court politely mocks Cammarata's arguments:
If Bright's business model sounds familiar it's because it's the business model typical of broadcast radio and television stations in the United States not to mention thousands of local newspapers and, more recently, tens of thousands of Internet websites including Youtube, CNN and Video.Yahoo.
The court rejects the arguments, saying that it's not below-cost pricing to run an ad-supported business, and Cammarata can't show that RedTube was trying to destroy his business. The court concludes with a snarky "don't let the door hit you on the way out":
If Cammarata's subscription-based website lost revenue after Redtube and other tube-based websites came on the scene it was because the tube-based business model is more efficient, not because of alleged predatory pricing by Bright.
It's true that subscription services often can't compete with free services. But as this case shows, if your competition is giving content away for free when you hope to charge users to enjoy comparable content, you better come up with a new business model pronto because the courts won't bail you out.
A historical perspective: If you never saw it, I wrote on Internet content price setting back in 1997 under my old name: Eric Schlachter, The Intellectual Property Renaissance in Cyberspace: Why Copyright Law Could Be Unimportant on the Internet, Berkeley Technology Law Journal, 1997. In the paper, I talk about price setting when marginal costs of content reproduction and distribution are zero; I then explore some 1990s-era ways of cross-subsidizing content production and publication. As any economist will tell you, the market price will be MR = MC, which if MC = 0 means P = 0. It's interesting to see folks still trying to fight that basic law of economics.
Posted by Eric at 09:54 AM | Copyright , Internet History , Marketing | TrackBack
January 31, 2011
Speakers Announced for "47 U.S.C. § 230: a 15 Year Retrospective" Conference, March 4, SCU
By Eric Goldman
On February 8, 1996--just about 15 years ago--President Clinton signed into law the Telecommunications Act of 1996, a lengthy law with significant implications for the entire telecommunications industry. As Justice Stevens wrote in Reno v. ACLU (1997), "The Telecommunications Act of 1996, Pub. L. 104-104, 110 Stat. 56, was an unusually important legislative enactment."
Tucked into a corner of that beefy bill was the Communications Decency Act, a law that defined its generation of Internet Law regulations and spawned a series of laws and court battles that took over a decade to resolve. Tucked away in a corner of the Communications Decency Act was Section 509, "Online Family Empowerment," a version of the Cox-Wyden bill that ultimately created 47 USC 230.
Of the many legacies of the Telecommunications Act of 1996, 47 USC 230 certainly looms large. It has become the cornerstone of the Web 2.0 economy, spawning the creation of many Internet giants we now use every day and creating countless billions of dollars of wealth. The law has also sparked extensive, and sometimes heated, debates over online free speech, content-based harms, and the legal and ethical responsibilities of online intermediaries.
On March 4, 2011, we will take a thorough look at 47 USC 230, its history, its implications and its future, from a wide range of perspectives. This event has been in development for more than a year, and I'm excited to see it finally come to fruition. Unlike many other cyberlaw conferences, which tend to encounter 47 USC 230 as a sub-component of the event's main topic, this conference puts the statute front-and-center for maximum geekery.
We have finally posted a tentative version of the day's agenda (subject to change, as always). The whole day is filled with highlights and expert speakers, but some of the parts I'm anticipating the most:
* former Rep. Chris Cox, who co-sponsored the Cox-Wyden bill that became 47 USC 230, will talk about the statute's origins and its legacy.
* Ken Zeran, the plaintiff in the seminal/watershed 47 USC 230 case Zeran v. AOL and an early victim of a "cyber-harassment" attack (before we even had the vocabulary to describe such things), will tell the story-behind-the-story of his litigation. I've heard parts of his story first-hand, and it has completely changed the way I think about the case.
* Chief Judge Alex Kozinski, who authored the majority opinion in Fair Housing Council v. Roommates.com, which some would argue is the most significant appellate court incursion into 230's immunity. Judge Kozinski has also recently articulated his views on Internet exceptionalism (he's against it). I'm not exactly sure what Judge Kozinski will say, but no matter what direction he chooses to go, it undoubtedly will be humorous and provocative.
The conference will be March 4, 2011, at Santa Clara University. You can see the complete speaker lineup, and register for the event, at the conference website. Registration costs $150 or less; we have lots of categories of discounted or free registration. If the registration fees pose a financial hardship for you, please contact us. If you can't make it, we plan to record the day's proceedings (assuming the speakers don't opt-out) and post the recordings online.
While making your travel plans, please note that we're informally celebrating Cyberlaw Week in the Bay Area during that time. You may be interested in two other related events:
* on the day before the 230 conference, the Stanford Technology Law Review is holding a conference entitled "Secondary and Intermediary Liability on the Internet" at Stanford. This has a nice list of speakers and topics that complement the 230 event very well.
* on the day after the 230 conference, we are hosting the inaugural Internet Law Works-in-Progress event at SCU, an annual event co-sponsored by SCU and the NY Law School. We anticipate having approximately 30 speakers present their cyberlaw works-in-progress. This is a closed-door event to allow for a high-level academic conversation, and we are restricting participants to folks who can contribute to an academic dialogue. If that describes you, we would like to welcome you as a participant. Although the deadline has passed, we're still willing to consider talk proposals and discussant requests.
So please come to one, two or all three of these events! I hope to see you there.
Posted by Eric at 11:14 AM | Derivative Liability , Internet History | TrackBack
January 27, 2011
Top 5 Cyberlaw Developments of 2010, Plus a 2010 Year-in-Review
By Eric Goldman
Earlier this Fall, I posted my top 8 trends in Internet law, and that's a good place to start if you want to see how I think things are developing. Because of that post, this year I'm shaking up the format of my year-end recap post a little bit. We'll start with the top 5 Cyberlaw events of 2010, but then we'll move to other topics. (This is a variation of my post to InformIT on Tuesday).
Top 5 Legal Developments
#5: Google pulls out of China. China's native search engines rejoice, but is this really a win for China's long term prospects? Meanwhile, I keep hoping Google will do the same in the EU too given how much the EU regulators hate Google.
#4: COICA and the pre-enactment COICA workaround, ICE's lawless seizure of 82 supposedly pirate-oriented domain names. Showing once again that domain name censorship is irresistible to government regulators.
#3: Righthaven goes on a litigation frenzy on behalf of newspapers. Which do you think will happen first--bloggers stop discussing newspaper articles for fear of being sued, or newspapers go out of business? What's amazing is that newspapers don't realize that the first will accelerate the second.
#2: Oracle gets $1.4B+ from SAP for competitive scraping. Oracle hit a grand slam with the damages in this case, ranking highly on several all-time-largest-awards charts.
And the top cyberlaw story of the year goes to...
#1: Wikileaks. Wikileaks finally forces us to confront many of the cyberspace governance issues we were debating in 1996. I'm sad to say that our government, and many private businesses, failed the test.
Other Key Developments
* Tiffany v. eBay. The Second Circuit thumps Tiffany's pathetic arguments and gives eBay a clean bill of trademark health. However, this ruling just preserved the status quo, so for my money, the much more important secondary trademark rulings involved providing other services to alleged counterfeiters. See Gucci v. Frontline, potentially exposing credit cards and other payment service providers to secondary liability for providing payment services to alleged counterfeiters, and Roger Cleveland Golf v. Price, potentially exposing SEOs/web designers to secondary liability as well.
* Viacom v. YouTube and Arista v. Limewire. These companion cases told us what we already knew: YouTube + 512(c) defense = good, P2P file sharing software vendor - DMCA safe harbor = bad.
* Sony v. Tenenbaum. I'm still waiting to see if this case is a blip or a watershed. It has the potential to make every copyright statutory damages case into a constitutional due process inquiry.
* Legally, it was a good year for Google. Google got a favorable trademark ruling in the ECJ. Google got a decisive win in its Rosetta Stone AdWords trademark case (and, as mentioned before, the YouTube case as well). Most of the other trademark plaintiffs lost or simply gave up.
* Legally, it was a lousy year for Google. Everyone in the world seems to be considering if they can run Google's algorithms better than it can: EU antitrust regulators, French antitrust regulators, the Texas AG, private plaintiffs, the New York Times and so many more. Google got trapped in a dangerous antitrust litigation in the unfavorable venue of Ohio state court. Google Street View has been a legal train wreck world-wide. The DOJ busted up a possible hiring cartel among Silicon Valley companies, and Google almost immediately handed out 10% pay raises for everyone. Buzz was a lousy product with a horrible launch, and it led to a multi-million dollar litigation kicker.
* It was a quiet year for 47 USC 230 litigation. From my perspective, quiet is good! The biggest defense win of the year: Milgram v. Orbitz. The biggest plaintiff win of the year: Swift v. Zynga.
* Perfect 10 v. Google. Google gets yet another win in this case, this time on 512(d)--one of the few cases interpreting the 512(d) safe harbor for linking to infringing content.
Notice I didn't put *any* of the Ninth Circuit Internet law jurisprudence on the list. There were plenty of interesting rulings this year: Krottner v. Starbucks, MDY v. Blizzard, Vernor v. Autodesk, DSPT v. Nahum, the Freecycle naked licensing case, Advertise.com v. AOL, Toyota v. Tabari, Visa v. JSL, CRS Recovery v. Laxton, Office Depot v. Zuccarini. However, I have lost all faith that 3 judge panel decisions by the Ninth Circuit have any binding precedential on other panels, so every case is effectively a one-off.
Less-Heralded But Nevertheless Interesting Disputes of the Year
Some under-the-radar legal disputes that I thought were more interesting than the overhyped stories:
* Barclays v. theflyonthewall. A brokerage house gets an injunction against the republication of its stock recommendations based on a hot news doctrine. The case is now on appeal to the Second Circuit. The case exposes the precarious business model of brokerage houses: they are content publishers trying to monetize via a commodity service, and brokerage house stock recommendations were exactly the kind of information John Perry Barlow explored in his 1994 Economy of Ideas article. Will the hot news doctrine prop up a doomed business model?
* Anderson v. Bell. Electronic signatures count towards the requirements for an election petition. This could launch a new era of citizen petitioning of the government.
* Snap-on v. O'Neil. A company can't scrape its own data from its outsourced vendor, seemingly authorizing the vendor to play hold-up games for companies that don't handle the contract correctly. The Eventbrite v. Cvent case provided some interesting contrast.
* Goforit v. Digimedia. A court upholds domain name wildcarding and says the TM owner/plainitff pursuing those wildcarded domain names may have engaged in reverse domain name hijacking.
* Lara Jade Coton v. TVX. The blog post title said it all: "Tip for Clean Living: Don't Use a 14 Year Old's Self-Portrait in Advertising for Porn."
Most Overhyped Stories
This year, for the first time, I'm separately breaking out a category for most overhyped stories of the year.
* Craigslist shuts down its adult services category. A toxic mix: Craigslist took a legally defensible but nevertheless obstinate position, and state AGs love to show their constituents how much they hate the Internet. When Craigslist finally gave in and shut down its adult services category (with a whining F-U), people went crazy.
* Borings get $1 for their trespassing claim. Google's Street View contractors made a mistake, drove up a private driveway, and captured what they saw. Google posted the photos until it got a complaint, then the homeowners with the odd surname ("Boring") went on a litigation frenzy. Their payoff for several years of litigation? $1. Not even enough for extra foam on a Starbucks mochachino.
* The Supreme Court's tech docket. Several fizzled out non-decisions from SCOTUS this year: Bilski, Quon, Costco. The Supreme Court is taking a steady diet of tech-related cases, but they are gun-shy about actually resolving them.
* Mark Hurd. Mark Hurd, Hewlett Packard's CEO, had an inappropriate relationship with an HP contractor/former B-list softcore porn actress and maybe fudged his expense reports. When he tried to take a job at HP's frenemy Oracle, HP got litigious, but it turns out their fur can be smoothed for a few million.
* Lost iPhone Prototype. Stop me if you've heard this joke before: an engineer walks in a bar and...loses a super-stealthy prototype of one of the most important new consumer technology launches ever...? I realize it's an uber-cool phone, but still, IT'S A PHONE, PEOPLE!
Our Snarkiest Company-Specific Posts
Occasionally, we get snarky about specific companies' practices. It's not our norm, but these posts sure do boost traffic. Companies in our crosshairs this year:
* The Problems With Google House Ads. Google's response to this post was pathetic and embarrassing.
* Scribd Puts My Old Uploads Behind a Paywall and Goes Onto My Shitlist. I still use Scribd, but I have zero loyalty.
* Hypocrisy Alert?! Expedia, a "FairSearch" Member, Marginalizes American Airlines in Its Search Results. If you're going to wave the "Search Neutrality" flag, please keep it hypocrisy-free.
* Facebook pulls a rare hat trick of snark this year: Q2 2010 Quick Links Part 3 (Special Facebook Edition), Facebook's Anti-Spam Filter Blocks Legitimate Conversations about Power.com, Distrust in the Cloud Part #2: Facebook Blocks J.mp Links and Takes Down Lots of Status Updates in the Process. I'm officially no longer in love with Facebook. I post the exact same content to Twitter and Facebook, so please follow me at Twitter instead.
* My RapLeaf Profile is Amusingly Mistaken. This is What the Fuss is All About?. In response to an article in the Wall Street Journal's "What They Know"/privacy plaintiffs lawyers full-employment series of articles.
Most Popular Blog Posts of the Year
1) Scribd Puts My Old Uploads Behind a Paywall and Goes Onto My Shitlist. Nearly 2X the traffic of #2. Putting profanity in the post title still works as a traffic booster.
2) Deleted Facebook and MySpace Posts Are Discoverable--Romano v. Steelcase (Topsy 100). I still can't figure out why this post was so popular; it just reminded us of something we already knew. See also the related but overreaching Millen v. Hummingbird Speedway.
3 & 5) #3: Twitter Clarifies Usage Rules, but AFP Still Claims Unbridled Right to Use Content Posted to "Twitter/TwitPic". Venkat also had an end-of-the-year hit with the #5 post, "Court Rejects Agence France-Presse's Attempt to Claim License to Haiti Earthquake Photos Through Twitter/Twitpic Terms of Service -- AFP v. Morel." Both posts were Topsy 100.
4) Viacom v. YouTube Summary Judgment Motions Highlights. Not surprisingly, the gossip about the lawsuit is way more popular than the blog post on the actual ruling.
One other post reached Topsy 100: "Ripoff Report Defeats Extortion Claim, But Plaintiffs Keep Trying--AEI v. Xcentric."
Lists of Yore
Previous top 10 lists from 2009, 2008, 2007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 2005, 2004 and 2003.
Posted by Eric at 06:56 AM | Content Regulation , Copyright , Derivative Liability , Domain Names , Evidence/Discovery , Internet History , Licensing/Contracts , Search Engines , Trademark , Trespass to Chattels | TrackBack
January 21, 2011
The Next Digital Decade Book Launch and Event Recap
By Eric Goldman
I’m pleased to call your attention to a new book called “The Next Digital Decade: Essays on the Future of the Internet,” edited by Berin Szoka and Adam Marcus of TechFreedom. This is a truly remarkable book. It contains 31 essays on various Internet law topics from some of the brightest and most provocative thinkers on Internet law topics. Please note that I have some self-interest in praising the book because I contributed 3 of the 31 essays, but I would be fawning over this book even if none of my essays were included. It’s that good.
What makes this book so special is that *every* essay I’ve read is top-notch. In contrast, in many essay collection books, the essays are spotty—some great, some clearly inferior. Berin and Adam did a fantastic job curating the collection. They also did a nice job tying the essays together into coherent chunks.
You can get the entire PDF as a FREE DOWNLOAD (love it!) and they have hard copies available for purchase if you (like me) are a luddite who prefers to read things in print.
In future blog posts, I will have more to say about some of the essays, including my chapter on Regulating Reputation as well as James Grimmelmann’s outstanding chapter on search “neutrality.” I have more to say on the search engine bias topic as well in a short essay that I intended to include in the book but didn’t get done in time.
As part of a book launch, earlier this week TechFreedom put together a symposium where book authors and other special friends discussed some of the themes in the book. Although the audience was well-stocked with techno-libertarians, the panels themselves were mostly nicely balanced, which led to a really great conversation. The remainder of this post reflects my notes from the day, which as usual are a blend of verbatim statements and my impressions of the speakers’ remarks.
Panel 1: Internet Optimism, Pessimism and Future of Online Culture
Participants:
Berin Szoka, TechFreedom (Moderator)
Andrew Keen, author of Cult of the Amateur
Adam Thierer, Mercatus Center
Prof. Ann Bartow, South Carolina School of Law
[Note: Jonathan Zittrain was supposed to participate but he was a last-minute scratch. That left a hole on the panel, as the panelists had prepared to discuss Jonathan’s work. So the panel ended up talking a lot about—and mostly criticizing—Zittrain’s work without Zittrain around to defend himself!]
Thierer: Two schools of Internet pessimism:
(1) people without much hope that Internet will improve society. They feel the good old days were better.
(2) people who are technology enthusiasts but are pessimistic about the future of technology. For example, Zittrain’s view of threats to generativity and Lessig’s view that code as law leads to perfect regulation. They feel we’re at the cusp of a dark age of openness.
Pasquale: Takes a “progressive” approach to Internet studies. Issues on his mind:
(1) Leading Internet powers are like utilities. We should be fearful of monopolies.
(2) Fusion between government and corporate sectors.
(3) Internet is accelerating inequality. Ex: Zittrain’s ubiquitous human computing.
Bartow: More women used to write about cyberlaw in the 1990s than now. Regarding Zittrain’s Future of the Internet, the Internet doesn’t need to be either open or closed; it could be somewhere in-between. She also noted that there’s not much “law” in Zittrain’s “cyberlaw.” He assumes technologists will lead the way. In typical Ann fashion, she provided a bonus tip: avoid doing a search on “lickety split” if you don’t want porn.
Keen: [Eric’s note: I had never seen Keen’s shtick first hand, and it was exactly what I anticipated: provocative statements mixed with out-and-out gratuitous trolling. I personally do not respond well to trolls, so I found his remarks mostly a massive turnoff, despite a few interesting nuggets interspersed here and then.
As part of his trolling, he started off with a series of gratuitous insults targeted at many of the other participants and audience members. In my world, it’s really not nice to deliberately insult a big chunk of your audience before you even get to your substantive points.]
He doesn’t understand what the law has to do with the Internet. Law professors have seized control over the debate. Law professors are paid by law schools to churn out articles that have no market value. In contrast, Keen is a paid author and therefore guided by market forces.
Keen wants to defend a professional creative class. He is interested in failure of new media to provide an economic environment to pay the creative class. (1) Curse of piracy. Some people take pleasure in demise of old media. (2) Internet as content monetization system. Keen is skeptical of Web 2.0.
[Two more observations about Keen’s trolling. First, I don’t necessarily care about preserving a “professional creative class.” I care about creative outputs and less about protecting one traditional way we get them. I wonder if we can get most or all of our socially desired outputs if we abolished the professional creative class completely. Second, I understand some people are elitist, but most of the time, they try to hide their elitism. In contrast, Keen was unapologetically elitist. This deliberately set up an unnecessarily divisive “us-vs.-them” dynamic that people usually try to avoid in polite society. Personally, I think we’ll get a lot farther looking for ways to work together rather than creating a class warfare dynamic. Then again, I’m a mere law professor paid by my law school to churn out worthless junk, so what do I know?]
Thierer: Keen is skeptical about the technological transition. Thierer’s response: “humans adapt.” In a multi-iteration game, players will change from iteration to iteration. Ex: AOL dominated the 1990s and look at them now.
If Keen is right, what do we want to do about it? We need to cope with the changes, not fight it. Pessimists: too quick to jump on current event catastrophes, without giving a chance for coping mechanisms to evolve. When things are darkest, biggest incentives to entrepreneurs. [The conversation took an odd turn when Frank said Thierer had ironically invoked Karl Marx, who had argue that we shouldn’t try to make things better for workers so they will have an increased willingness to revolt. I’m not sure who was more insulting: Keen trashing law professors or Pasquale calling Thierer a Marxist! But unlike Keen’s insults, I know Frank was just having fun with Thierer.]
Pasquale: we need more transparency about business practices to help government enforcers do their jobs better.
Bartow: Industry evolution cuts both ways. She gave two examples: (1) her local paper dropped coverage of the university when the paper went online and got the statistics showing the level of interest in those stories. (2) anti-virus software vendors need the continued release of new viruses to support their business model.
Thierer: compare where we are today to the past. In the past, we had information scarcity. Information overload is a much better problem to have.
Bartow: puzzled by Zittrain’s criticism of Onstar because it tracks folks when that’s the entire point of the service. Tradeoffs between tracking devices and the benefits of geolocation. A concern: technologists may not reflect women’s concerns given their backgrounds.
Szoka: Zittrain thinks everyone should want to tinker with technology, but some folks don’t want to tinker.
Audience Q&A
DelBianco: consumers are frustrated with the real problems with the Internet (crime, fraud, etc.). Governments are desperate for relevancy, so they may seize that opportunity to insert themselves into the process.
Keen: “I just have to respond to this libertarian stuff”: Zittrain’s book hasn’t been read outside of law schools. In the past, major historical events have required government management of the transition.
Pasquale: Europe is becoming the de facto regulator. If we don’t take the lead, they will fill the vacuum.
Q: Silicon Valley venture capitalists try to hit home runs by funding the new displacement technologies.
Szoka: business cycles are becoming shorter. Winners last for shorter times. Digital markets aren’t like Adam Smith’s perfect competition; but dominant players may be easier to oust today, so we might be willing to accept monopolies in the short term while new disruptive technologies are emerging that will organically trump the monopolist.
Panel 2: Internet Exceptionalism & Intermediary Deputization
Participants:
Adam Thierer, Mercatus Center (Moderator)
Prof. Eric Goldman, Santa Clara School of Law
Josh Goldfoot
Prof. H. Brian Holland, Texas Wesleyan School of Law
Prof. Mark MacCarthy, Georgetown University
Prof. Frank Pasquale, Seton Hall Law School
Me: two noteworthy dynamics (1) different types of Internet exceptionalism are proliferating, and (2) 230 liability umbrella allows for UGC experimentation like we’ve never seen before.
Holland: 230’s exceptionalism isn’t about absence of social norms. 230 enables the creation of social norms independent of legal norms. 230 sets initial condition (by mitigating legal norms, such as tort norms) and allows experimentation with new norms. Ex: Web 2.0 communities have, through contract and code, the ability to enforce their norms (we don’t just need government as only norms enforcer). Because Wikipedia isn’t forced by law to enforce, its users develop their own norms.
MacCarthy: Payment intermediaries have taken steps to police their networks. Ex: gambling, pharmaceuticals, child porn, tobacco, copyright infringement. These efforts were largely independent on legal regime in the 1990s—he thinks the payment systems didn’t qualify for First Amendment, 230, 512. Law enforcement thus reached out to payment intermediaries. He thinks this was a success. But on cost-benefit basis, it may not be worth regulating intermediaries. Plus, intermediaries have gotten the message and are voluntarily assuming responsibility. However, in the Wikileaks case, the intermediaries may have overreached.
Goldfoot: The Internet is a physical medium, and the online activities have offline payoffs. He favor a secondary liability regime similar to the secondary doctrines in copyright and patents.
Pasquale: We may need different rules for different niches in the Internet industry. Maybe it’s better to have only a couple of intermediaries, but we can trust them. If we get de facto monopolists, let’s call them a utility and embrace them accordingly.
Government agencies have difficulty getting the required expertise to understand and regulate industry. He favors bringing in expertise to the agencies. He praised the FTC for doing that with Christopher Soghoian and Ed Felten.
MacCarthy: the Internet is concentrating at every level due to network effects. So Frank’s consolidation is happening naturally. Combine with intermediaries’ willingness to police users, and we get back to media consolidation we saw with broadcasters and newspapers. So what do we do about private censorship? We’re not going to go back to FCC controls of media consolidation.
Goldman: I dispute the empirical assumption in MacCarthy’s claim of consolidation. Regarding Pasquale, I don’t trust either the government or its oversight.
Holland: More worried about Facebook than Google. Need data portability.
Pasquale: JuicyCampus/cyber-cesspools. He prefers users migrate to Facebook, which has rules, than at cesspools. [Eric’s comment: Really? I have a hard time encouraging anyone to use Facebook. See Q2 2010 Quick Links Part 3 (Special Facebook Edition), Facebook's Anti-Spam Filter Blocks Legitimate Conversations about Power.com, Distrust in the Cloud Part #2: Facebook Blocks J.mp Links and Takes Down Lots of Status Updates in the Process]
Goldman: government embrace of leading industry players may sterilize competition/innovation. With Facebook, if we lock it in as a government-monitored “utility,” will we prevent its displacer from emerging? Also, WRT JuicyCampus and People’s Dirt, the marketplace worked just fine—they both got drummed out.
MacCarthy: there are small numbers of gatekeepers at each level. Media world is always a concentrated market. How do we deal with their consolidated power?
Alex Howard from audience challenging MacCarthy: Top 10 blogs aren’t old line media (ex: Huffington Post, Mashable, Engadget, TechCrunch). Indeed, old line media are syndicating these new media players.
Goldman: even if mass-market topics consolidate on the Internet, the conversations in sub-communities are way more interesting and not consolidated at all.
Holland: small audiences are OK.
Goldfoot: should consider secondary liability on tort-by-tort basis, not blanket basis.
Audience Q&A
Milton Mueller: 230 establishes rules that enhance freedom. Contrast: utility.
Pasquale: competition/innovation isn’t our own goal. Let’s not forget that the public sector done some good things.
Braden Cox: why not extend 230 to offline world?
Goldman: I will argue for that at our 47 USC 230 conference on March 4.
Goldfoot: secondary liability has its role, such as in products liability, but maybe we could reduce liability for defamation because no one sues on those torts.
DelBianco: COICA goes after ad networks.
Goldman: If you’re going to regulate the payment systems, you have to regulate the ad networks too. Unfortunately, there is ongoing pressure to put a range of service providers to websites on the hook. We’re seeing lots of activity in this area in IP arena, but not in areas covered by 230.
Goldfoot: to be responsible, intermediaries must know what’s going and must be able to stop it.
David Johnson: Internet as global network. What entity is doing the deputization?
Goldfoot: international users delegate the power to the companies they use. Russian citizen accepts US law by using Facebook.
Jonathan Allen: does FCC net neutrality rules affect other Internet players?
Goldman: I’m seeing a quest to impose neutrality at every layer of telecom stack.
Panel 3: Who Will Govern the Net in 2020?
Participants:
Berin Szoka, TechFreedom (Moderator)
Prof. David Johnson, New York Law School
Prof. Milton Mueller, Syracuse University
Shane Tews, VeriSign
Chris Wolf, Hogan Lovells
This panel did not quite come together as the event organizers probably expected. David Johnson started out by describing himself as an “optimistic exceptionalist communitarian,” and it progressively got more esoteric from there. Part of the problem is that David J. and Milton enthusiastically agreed with each other, and the other two panelists didn’t really challenge them very much. Lovefests are fine but tend to make for less interesting panels.
The topics mostly addressed Internet transnational regulation and Internet community self-regulation. From my perspective, this conversation didn’t really seem that much different from a conversation we might have had a dozen years ago.
Chat with FCC Commissioner Robert McDowell
Moderated by Declan McCullagh.
Declan: why aren’t FCC Net Neutrality rules yet published in Federal Register?
McD: might be buried in bowels of the government
Declan: did FCC step in due to Congressional vacuum?
McD: we didn’t have the authority to step in
Declan: where can government facilitate technological innovation?
McD: tax policy—Ex: extend R&D credit. Get government out of the way.
Declan: Comcast/Level 3 dispute. Should FCC in peering disputes?
McD: FCC may not have jurisdiction, it shouldn’t be involved. Peering relationships have been working out fine. If there’s an antitrust problem, it should be reviewed by antitrust authorities.
Declan: Comcast/NBC
McD: Comcast consented to the net neutrality order because they were before regulatory agency.
Declan: will FCC authority wither away as more data moves to packet-switching?
McD: the Internet has shrunk the universal service pool, but we shouldn’t worry about fund shrinkage. As technology and consumer practices evolve, what is FCC’s role? Spectrum scarcity may be technologically mooted someday and undercut the rationale for FCC regulation, but this is long term.
Declan: should we be optimistic about next decade?
McD: Yes. We’re just entering golden age of wireless. But I worry about what government might do. Government is a blunt regulatory instrument.
Declan: predictions on Congress and Net Neutrality?
McD: No. I do what Congress wants. Congress could introduce legislation.
Declan: who will file first lawsuit over Net Neutrality?
McD: someone unhappy with the order! [the next day, Verizon sued in the DC Circuit]. He thinks FCC order will fail in courts.
Politico: which condition in Comcast/NBC merger are you most unhappy about?
McD: net neutrality condition. It makes one marketplace player live by the rule even if the rule is overturned; that’s misguided public policy.
Andrew Keen: there seems to be consensus that some compromise on net neutrality was needed.
McD: what was broken that the government needed to fix? Answer: nothing. The few examples of net neutrality problems all were fixed by existing law. Plus, there could be a chain reaction internationally. Are we inviting the other countries to impose their view of what’s reasonable regulation for the Internet? Plus, marketplace will be unsettled during litigation.
Thierer: FCC isn’t very transparent about releasing information.
McD: direct that comment to the chairman, who controls the process.
Mueller: Canada has done some net neutrality work. Good example?
McD: we know about it. Like us, the EU didn’t regulate net neutrality either. Most common request we get at the FCC: please regulate my rivals.
Q: hasn’t congress told the FCC to think in a stovepipe way?
McD: Yes, but statute should be modernized over time.
Posted by Eric at 11:20 AM | Derivative Liability , Internet History | TrackBack
January 14, 2011
My 2005 Prediction of Wikipedia's Failure By 2010 Was Wrong
By Eric Goldman
“Prediction is very difficult, especially about the future.”
-- attributed to Niels Bohr
I’ve written a few notorious posts in my 6 years of blogging, but none more so than my December 2005 prediction that Wikipedia would fail in 5 years. Those 5 years are up, and this post admits that my prediction is wrong. In this post, I’ll also look at how Wikipedia has changed since 2005. Although these changes don’t validate my prediction, Wikipedia circa 2011 differs in important ways from Wikipedia circa 2005.
Why Did Wikipedia Beat the Odds?
My initial prediction focused on the threats posed by spammers and vandals. With Wikipedia’s free editability, spammers and vandals can easily manipulate content to advance their own interests. Standing between them and success are Wikipedia volunteers. With millions of financially motivated spammers and thousands of dedicated volunteers, the volunteers seemed outgunned. How have they been able to vanquish the spammers and vandals to date?
In my opinion, the biggest change was Wikipedia’s (re)adoption of Google’s nofollow tag in 2007. Prior to that, spammers had significant incentives to insert links into Wikipedia pages for the link juice, no matter how many Wikipedia readers clicked on the links. After implementing the nofollow tag, spammers’ payoffs for getting links into Wikipedia decreased substantially. There are still other ways that marketers can manipulate Wikipedia (such as editing their own entries), but these efforts are small potatoes compared to SEO bots.
In addition, the Wikipedia community has done an admirable job developing anti-spam technological tools available to its volunteers. Anti-spam efforts remain principally a manual effort, but improved anti-spam tools has increased the leverage of the remaining volunteers.
Other Ways Wikipedia Has Changed Over 5 Years
While these factors have been pretty effective at keeping the spammers and vandals at bay (so far), other changes to Wikipedia have been less salutary.
* Xenophobia. Over the past 5 years, the Wikipedia community has closed ranks and become somewhat insular. Wikipedia offers technological tools to the public at large to edit the database, but as I explain in my Wikipedia’s Labor Squeeze article, the practical capacity to make edits that stick is limited to a much smaller universe of contributors. Joining that club is relatively easy, in the sense that it merely requires a person to “show up,” contribute and get along with other community members. At the same time, club membership is hard because it must be a concerted effort over time. Drive-by edits by uninvested contributors are unlikely to stick.
Xenophobia poses a serious challenge to the community because it makes it much harder to recruit and absorb new power contributors. Thus, community xenophobia may be one of Wikipedia’s biggest strategic challenges.
As I’ve watched Wikipedia close ranks, I’ve started to wonder if xenophobia is endemic to UGC websites. I’ve seen the phenomenon occur with other UGC sites, so perhaps it’s unavoidable. An interesting question worth a more intensive study.
* Increased Wikipedia staff. This isn’t a negative per se, but it is noteworthy. Wikipedia’s staff has grown substantially over the past few years (I believe it’s approximately doubled in the last two years or so). I don’t believe the new staff members have displaced any key editorial services traditionally performed by the community. However, the headcount growth reflects an implicit decision that Wikipedia cannot expand solely on self-coordinated volunteer efforts. With its growth, Wikipedia’s staff is increasingly looking like the staff of an editorially controlled publication.
As an example, consider the Wikipedia Public Policy Initiative, which I’m participating in. In my Wikipedia’s Labor Squeeze article, I discussed how Wikipedia could source new content, and possibly new contributors, by working with educators who incorporate Wikipedia participation into their courses. (To be clear, many other people made that suggestion too). Without Wikipedia staff coordinating the effort, some educators might independently do this themselves. However, with the Public Policy Initiative, Wikipedia is allocating FTEs to fix the coordination problem. I expect Wikipedia staff intervention will produce more and better contributions, but notice that it becomes much more expensive content to produce given the FTEs’ amortized costs.
* Increased technological barriers to participation. On its home page, Wikipedia still uses the introductory tagline “the free encyclopedia that anyone can edit.” However, the site has struggled with free editability over the years. A variety of (mostly minor) technological restrictions have been implemented over the years to limit contributions from untrusted sources.
From my perspective, the most important technological control is “Flagged Revisions” (rebranded “Pending Changes”), which allows only trusted editors to immediately make public edits. All other contributions sit in a tank until a trusted editor approves them. Flagged Revisions is a substitute to Wikipedia’s traditional full protect/semi protect approach to restricting edits on problematic pages. As a substitute, Flagged Revisions is more flexible than protection because people can still contribute to an affected page (although the contributions aren’t immediately public and may never be approved).
Instead of being used only on problematic pages, Flagged Revisions could restrict editing site-wide. It’s used for that purpose in some Wikipedia versions, but not in the English language version. When Flagged Revisions is used to widely control editing, it undercuts the tagline that Wikipedia is a place anyone can edit. That still may be technically true, but making distinctions between editor trustworthiness means that untrusted contributors may not actually be able to edit.
Thus, if the English language version of Wikipedia had broadly adopted Flagged Revisions before the end of 2010, I was going to declare my prediction as mostly correct. Unfortunately for my prediction, widespread implementation of Flagged Revisions hasn’t happened yet. However, as I initially predicted in my 2005 post:
Wikipedia will have to change its open access nature. Instead, Wikipedia will have to lock down lots of pages from being edited at all. Or Wikipedia will have to install some reputational management system to limit who has the right to post or edit content.
I may not have gotten the timing right, but I wonder if this fate remains inevitable.
* Several measures of editor engagement have peaked. There are several possible explanations for why contributions and contributors are down from historical highs, including:
- the community’s xenophobia, freezing out newcomers
- the “old guard”—the initial cohort of power Wikipedians—may be progressively turning over or burning out
- Wikipedia may have reached a plateau in terms of coverage and quality, so less work still needs to be done
Whatever the reason for these numerical declines, they pose a serious challenge to Wikipedia’s freshness. Wikipedia currently does a very good job keeping highly trafficked articles up-to-date. For example, when a celebrity has a major new development, that celebrity’s page is often updated that same day. However, I routinely find long tail pages that are poorly maintained and conspicuously out-of-date. Stagnancy could seriously undercut Wikipedia’s credibility over time; if the site looks like a ghost town, readers will become less trusting of the site, and that will enhance the attractiveness of competitors.
Looking Ahead
Over the years, it’s become clear to me that searchers want and need an encyclopedic entry in their top search results. In many circumstances, a relatively objective factual source improves the iterative search process. Wikipedia has unquestionably met that need, which is one reason why it remains so popular.
However, it’s less clear that Wikipedia’s current labor model and site architecture is the only—or even the best—way to deliver encyclopedic search results. Other labor models or site architectures could usurp Wikipedia’s current approach while delivering the same basic value proposition to searchers. It seems likely that any successful encyclopedic site will rely on crowdsourcing to ensure enough support for long-tail topics. However, free editability may be less important to the end result.
Wikipedia remains a community that can be baffling and exasperating at times, but I also routinely find the site’s content useful and interesting. I visit it daily as part of satisfying my intellectual curiosity. Happy 10th anniversary, Wikipedia!
My Prior Posts on Wikipedia
* Catching Up With Wikipedia (Feb. 2010)
* Offering Students a Graded Wiki Option—My Experiences, and Some Lessons (Feb. 2010)
* Why More Wikipedia Editing Restrictions Are Inevitable, and Some Comments on Flagged Revisions for Living People's Biographies (Aug. 2009)
* Wikipedia and Rules Proliferation (Aug. 2009)
* Decay Rates of Committed Online Community Members--an Epinions Case Study (Jan. 2009)
* Wikipedia Revisited: the Wikipedia Community's Xenophobia (Jan. 2008)
* Wikipedia and Search Engine Marketing (SEM) / Search Engine Optimization (SEO) (May 2007)
* Wikipedia Will Fail in Four Years (Dec. 2006)
* Wikipedia Will Fail Within 5 Years (Dec. 2005)
Also see my 2009 law review article, Wikipedia’s Labor Squeeze and its Consequences
Posted by Eric at 03:00 PM | Content Regulation , Internet History | TrackBack
July 29, 2010
Internet Law Syllabus and Reader for Fall 2010
By Eric Goldman
I have posted my syllabus for this semester's Internet Law course, my 16th year teaching the course. This blog post describes some of the latest developments with the class, including the changes from my 2009 course reader. For a more general discussion of the course's pedagogy, see my Teaching Cyberlaw article.
Course Titling
The most obvious change is that I renamed the course to "Internet Law" from "Cyberspace Law"/"Cyberlaw." I discuss the titling choices/dilemmas in my Teaching Cyberlaw article. Though it took a few years to pull the trigger, James Grimmelmann's 2007 post helped convince me that I should rename the course.
Grading
Last year, I tried an experiment of allowing students to write a wiki entry for part of their course grade. I recapped my experiences with that experiment in this blog post. Although I might be willing to try the experiment again, this semester my teaching load will be too demanding as it is, so I didn't think I could find enough time to support the students' wiki writing.
As a result, the class is back to a 100% final exam. As you can see, for the first time I'm letting students choose when to take their exam within a set window. If you've offered exams on that basis and have any suggestions for me, I would be grateful to hear them.
Added/Subtracted Reader Material
It's been an interesting year for Internet law, but I ended up adding only two new cases: Viacom v YouTube and Tiffany v eBay.
To decide what I add, I made a rough list of the most significant developments of 2010 so far. A preview of what might make the top 10 list at the end of the year:
* Supreme Court cases that weren't: Bilski, Quon
* Trademark intermediary liability: Tiffany v eBay; Gucci v. Frontline
* Copyright intermediary liability: Viacom v YouTube; Arista v Lime Group
* Sony v Tenenbaum
* Google and China
* Google/Facebook product gaffes (Buzz, Street View, Instant Personalization) and the plaintiff bar's excited responses to those gaffes
* Trademark owners giving up their lawsuits against Google (Rescuecom, Parts Geek and
http://blog.ericgoldman.org/archives/2010/07/yet_another_tm.htm">Ezzo). Also, Rosetta Stone v. Google (whenever the opinion issues)
* Barclays v theflyonthewall. One of the most interesting cases of the year.
Honorable mentions:
* Conflicting 3rd Circuit cases re student MySpace profiles
* Utah repealed its Spyware Control Act
* Anderson v. Bell (electronic signatures count for election petitions)
* Snap-on v. O'Neil. Perhaps the most interesting case of the year so far.
* FTC v. Twitter
* the new 1201 exceptions and the Fifth Circuit's puzzling 1201 ruling in MGE v. GE
Materials I dropped from the reader this year:
* Perfect 10 v. Amazon. I never knew how to teach the Perfect 10 troika of 2007 cases, and in practice I ended up skipping this case last year to conserve time. I think the Viacom v. YouTube decision is a worthwhile substitute, even if it deals with different issues.
* Parker v. Yahoo. This was intended as a recap, but it covers some of the same ground as Ticketmaster v. RMG (which is popular with the students, BTW), and I also cut it for lack of time.
* the UDRP rules. I had included them for completeness, but I never really taught them in detail.
* My slides on keyword advertising and blog/social networking law.
Also, I learned that the federal cyberpiracy protections for individuals, formerly codified at 15 USC 1129, moved to 15 USC 8131. Just so you know!
BTW, I had been looking for years for a good keyword advertising case to teach. Last year, I thought the Hearts on Fire v. Blue Nile case worked well. It does a pretty good job framing the issues. I was also happy concluding the semester with the Moreno v. Hanford Sentinel case--it was a great pedagogical wrap-up.
Electronic Casebook
My other big news about the course is that I have converted my reader into an electronic casebook. This may not sound like much, but it took me a fair amount of time to re-edit the cases and collate the materials.
Eventually, I will probably turn the electronic casebook into an official "published" casebook that can be adopted by other professors. That will require more work to supplement the case materials with pictures, notes, comments, explanatory material, etc. I didn't have time to do that this semester. Maybe next year.
However, I am making the electronic file available at Scribd as a $5 download. You can also buy a print-on-demand version from CafePress for $30 + shipping. This is a bit of an experiment to gauge general interest in the materials. Please let me know what you think of the experiment.
If you are a professor interested in adopting the materials for your course, I'm happy to provide you with a free editable copy of the materials (free to you and free for your students). Just email me.
Past Posts
My analogous blog posts from years past: 2009; 2008; 2007; 2006; 2005.
Upcoming Events
Two upcoming HTLI academic events this year are potentially interesting to cyberlaw specialists, so I'll mention them here. On November 5, we'll have a symposium on the First Sale/exhaustion doctrines, which will address a number of Internet legal issues. Then, on March 4, 2011, we'll have our 47 USC 230 15-year retrospective/geekfest royale, an event you will NOT want to miss! Registration has just opened, and this event could sell out, so get your seat early.
Posted by Eric at 09:23 AM | General , Internet History | TrackBack
July 20, 2010
Book Review: Building Web Reputation Systems by Farmer & Glass
By Eric Goldman
Building Web Reputation Systems by F. Randall Farmer & Bryce Glass (O’Reilly 2010) [affiliate link]
As you may know, for the past couple of years, I have been researching how we regulate reputation systems. My most recent recap of my progress-to-date. As part of researching other disciplines’ approaches to reputation systems, I was pleasantly surprised to find this book, which discusses web reputation systems from a technical/product development standpoint. I'm not aware of other books directly on point, so that alone makes the book noteworthy. [If you know of analogous books that I should look at, I'd be grateful for the references.]
The word “reputation” is a complex and nuanced word. This book defines reputation as “information used to make a value judgment about an object or a person.” Notice how this definition treats reputation as actionable information (i.e., making a “judgment”). I favor that approach; my work also uses an actionable definition of reputation.
Their definition equally treats both objects and people as having “reputation,” and this does not work. In general, people are dynamic, i.e., they can change behavior; while content is static, i.e., an item of content does not change its character unless subsequently edited. This single definition of "reputation" created significant tension throughout the book. Recognizing this, the authors often bifurcated the discussion to separately address the process of establishing a person’s “reputation” (which they confusingly called “karma”). However, the book primarily focuses on grading and sorting content items, especially user-generated content, and I personally would not describe content items as having a “reputation.” As a result, I think the book is mistitled. It principally addresses content filtering, not “reputation” as I use the term.
Although this analytical tension pervades the book, the book nevertheless contained a lot of useful insights about both content filtering and establishing user trustworthiness. The authors have a lot of experience building filtering systems for different websites, so the book is packed with the kind of first-hand observations that only an insider can offer. There’s no substitute for the voice of experience when designing Web 2.0 UGC systems, and this book provides an easy and accessible way to learn some tips and tricks.
The book emphasizes the authors’ contributions to the reputation system at Yahoo Answers, and rightly so. Yahoo Answers has emerged into a bona fide success story and recently trumpeted its billionth answer. In my opinion, the book’s high point is Chapter 10, a case study of how Yahoo Answers developed a new filtering and reputation system that helped turbocharge the Yahoo Answers community.
Although the book doesn’t say this directly, two key lessons from Yahoo Answers’ evolution are:
1) UGC websites should let users vote on content, but not all user votes should be weighted equally.
2) UGC websites do not need to publish all user-supplied content items in an equally prominent manner. Perhaps some content should be obscure/hard-to-find until other users validate it.
The book pitches these conclusions as novel, but they seemed fairly intuitive to me. We implemented a very similar system embodying these two points back in 2000-01 at Epinions. Epinions allowed users to grade each others’ content; we weighted votes differentially based on users’ credibility; and we displayed ungraded and poorly graded content only to registered users (a small fraction of our readers). The fact that the authors “discovered” these conclusions at Yahoo Answers shows the dire need for books like this to help websites implement best UGC management practices without reinventing the wheel.
The fact that the authors didn’t acknowledge the Epinions precedent (and other systems like it) highlights another weakness of the book. There is a deep academic literature addressing the book’s topics (especially on content filtering and user incentive systems), but the book barely acknowledges this literature. For example, several times the authors cite Dan Ariely's Predictably Irrational for descriptions of human psychology and foibles. That's a perfectly credible citation, but it should be one of many literature citations, not the only citation. Instead of dipping into the rich academic literature, the book almost exclusively relies on the authors’ experience-based impressions. These impressions are a valuable information source that makes the book worth reading. However, because those impressions aren’t tempered with more rigorous academic findings, it’s not clear to me at all that the authors’ conclusions represent true best practices...or even state-of-the-art.
Because of its many structural flaws, this edition will not become a classic. Nevertheless, I have enthusiastically recommended the book to several UGC start-ups because the book provides a good repository of high-value experience-based perspectives that are not readily available elsewhere. Even if the book’s recommendations are debatable, it’s a debate worth having.
Posted by Eric at 06:39 AM | E-Commerce , Internet History | TrackBack
July 15, 2010
eBay Venue Selection Clause Upheld in Texas
By Eric Goldman
In re eBay, Inc., 2010 WL 2695803 (Tex. App. Ct. July 8, 2010)
In Comb v. PayPal, 218 F. Supp. 2d 1165 (N.D. Cal. 2002), PayPal defended a putative class action by invoking the arbitration clause in its user agreement. Judge Fogel tossed the arbitration clause on unconscionability grounds, noting (among other defects) the cost/benefit problem facing plaintiffs: their case values individually were much smaller than the arbitration costs, and arbitration blocked class adjudication. This ruling was quite influential. Since then, online user agreements--and especially mandatory venue selection clauses--have become vulnerable to unconscionability challenges and other collateral challenges on their enforceability. At this point, a vendor's attempt to destroy class consolidation through a mandatory arbitration clause is virtually per se unconscionable.
The Comb case involved PayPal's venue selection clause, but eBay's user agreement had a basically identical clause. With this clear warning sign, eBay revised its venue selection clause. eBay now uses a bifurcated approach. The baseline is mandatory venue in a Santa Clara County, California court. However, if the dispute amount is less than $10,000, the plaintiff can select arbitration that does not involve in-person hearings. I personally think eBay's approach is pretty savvy, and I have modeled some clients' venue selection clauses on it. It responds to the Comb v. PayPal concerns about the arbitration costs for small disputes by creating a "fast lane" for small disputes, while still keeping the important disputes in eBay's home court.
This recent ruling shows the strength of eBay's current approach. Richards is the victim of a busted eBay Motors transaction, apparently incurring an $18,000 loss. eBay apparently takes the position that the transaction took place off-website and therefore outside the scope of eBay's Vehicle Protection Program. Richards sued eBay and the car seller in his home court. eBay responded with its mandatory venue selection clause. Apparently, the trial court rejected eBay's motion, but the appellate court easily reverses the trial court and orders the trial judge to enforce eBay's clause.
Richards attacked the venue selection clause per Comb. The court distinguishes Comb on several bases:
* PayPal had frozen small amounts of money; there is nothing like that at issue here.
* there was no issue about case consolidation. Instead, Richards chose to pursue his case individually.
* Richards didn't show that his unrecoverable costs to litigate in California were greater than litigating in Texas.
From my perspective, the key is that Richards' dispute value of $18,000 exceeds the threshold for efficient ADR option in the user agreement; but it's also a big enough case value for the court to accept that Richards could afford to litigate the case individually (as, in fact, he was doing in Texas).
Related blog posts:
* Terminated eBay Vendor Gets Day in Court Against eBay--Crawford v. Consumer Depot
* Note about Tricome v. eBay
* Note about Universal Grading Service v. eBay
* eBay User Agreement Upheld, Part II--Durick v. eBay
* eBay User Agreement Upheld--Nazaruk v. eBay (upheld on appeal)
Posted by Eric at 07:33 AM | E-Commerce , Internet History , Licensing/Contracts | TrackBack
March 31, 2010
March 2010 Quick Links
By Eric Goldman
Internet Exceptionalism
* Stern v. Sony Corp., CV 09-7710 PA (C.D. Cal. Feb. 8 2010) "to the extent Plaintiff is suing Sony as a manufacturer of video games, and the provider of online services, Sony is not a ‘place of public accommodation’ and is therefore not liable for violating Title III of the ADA" Nice complement to the Estavillo case. My prior post on Internet exceptionalism.
Online Competition
* Microsoft’s head algorithms guru says that Google's search engine beat Microsoft because Microsoft ignored the long tail of search queries. If Google and Microsoft made different product design choices and the marketplace liked Google's choices better, doesn’t this make it hard for Microsoft to complain about Google’s "anti-competitive" practices? I wonder if this talk was pre-cleared by Microsoft’s antitrust counsel.
* SJ Mercury News: Google's most recent 10-K lists some new self-identified competitors, including Yelp, Kayak & WebMD. By identifying some vertical players as competitors, such as Kayak and WebMD, does Google lend credence to the arguments by TradeComet and myTriggers that Google does compete with vertical search engines?
* In re eBay Seller Antitrust Litigation, 2010 WL 760433 (N.D. Cal. March 4, 2010). eBay wins summary judgment in an antitrust challenge: "Despite the voluminous briefing permitted in connection with both of the instant motions-which includes hundreds of pages of supporting documents-Plaintiffs have not drawn the Court's attention to any actual proof of antitrust injury caused by eBay's alleged anticompetive acts-on an individual or a classwide level."
Online Pornography
* U.S. v. Beckett, 2010 WL 776049 (11th Cir. March 9, 2010). A man posed as a 17 year old girl on MySpace and AOL, engaged boys in discussions, induced them to send nude photos, and then coerced them to have sex with him to prevent his dissemination of the photos.
* Miller v. Mitchell, No. 09-2144 (3rd Cir. March 17, 2010). This is the case where the government prosecutor threatened to bring felony charges against girls for "sexting." The court upholds a preliminary injunction against requiring the girls to go through an education program in lieu of felony prosecution.
* U.S. v. Durdley, 2010 WL 916107 (N.D. Fla. March 11, 2010). No privacy expectations in a flash drive left in a public computer.
Online Security
* Cormac Herley of Microsoft Research, "So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users." In my observations, users are actually intensely rational when it comes to privacy and security issues, and privacy and security advocates who don't fully account for this user behavior do so at their peril.
* Reuters takes a deep look at Innovation Marketing, a Russian scareware operation.
User-Generated Content
* Josh King explains why Avvo supports the proposed federal anti-SLAPP law.
* T.V. ex rel. B.V. v. Smith-Green Community School Corp., 2010 WL 935574 (N.D. Ind. March 11, 2010). Denying class formation for a lawsuit in response to a ridiculously harsh school suspension for a MySpace photo of ribald off-campus activity.
* Melton v. Boustred, 2010 WL 881919 (Cal. App. Ct. Mar 12, 2010). Boustred throws a ragin' party and advertises it via a MySpace open invitation. The plaintiffs show up and were beaten and stabbed at the party by unknown assailants. The court concludes that Boustred isn't liable for the physical injuries. Note to self: stay away from parties advertised via MySpace.
* Yelp Litigation Mania!
- Cats & Dogs Animal Hospital v. Yelp first amended complaint
- LaPausky v. Yelp complaint. A write-up.
- Levitt v. Yelp complaint.
- ClickZ: Ex-Yelper Helps Law Firms Go After Yelp
Anonymity
* Park West Galleries, Inc. v. Global Fine Art Registry, LLC, 2010 WL 742580 (E.D. Mich. Feb. 26, 2010). Using an online pseudonym can lengthen the defamation statute of limitations.
* White v. Baker, 2010 WL 1009758 (N.D. Ga. March 3, 2010). Mandatory reporting of Internet usernames by registered sex offenders violates the First Amendment.
Advertising and Marketing
* ClickZ: New Facebook Policies Clamp Down on 'Loose' Ad Copy.
* Coyote Pub., Inc. v. Miller, 2010 WL 816936 (9th Cir. March 11, 2010). Upholding the constitutionality of Nevada's restrictions on advertising prostitution.
Trademark
* WSJ: It's a crowded namespace for bands.
* 1-800Contacts, Inc. v. Memorial Eye, P.A., 2010 WL 988524 (D. Utah March 15, 2010). It was not objectively baseless for 1-800 Contacts to bring a trademark enforcement action over competitive keyword advertising.
* Rhea Drysdale tells how she busted the trademark application for "SEO."
* The Utah governor has signed SB 26, which (among other things) creates a bastardized version of ACPA. My initial comments on the proposed bill.
Copyright
* James Grimmelmann on Reed Elsevier v. Muchnick.
* Ben Sheffner has some updates in the Scribd lawsuits. My initial post on Scott v. Scribd.
* Ars Technica on an experiment to block users who are using ad blocking software from accessing its site.
General
* Hudson v. University of Puerto Rico, 2010 WL 1131462 (D. Minn. March 23, 2010). Passive blog does not confer general jurisdiction.
* Doe 1 v. AOL LLC (N.D. Cal. Feb. 1, 2010). "Plaintiffs' claims for violation of the ECPA (Count I), unjust enrichment (Count VI) and for public disclosure of private facts (Count VII) are subject to the forum selection clause because none are California consumer law claims." Prior blog post.
* Commonwealth v. Interactive Media Ent’mt and Gaming Ass’n, Inc., No. 2009-SC-000043-MR (Ky. Mar. 18, 2010). Challenge to Kentucky's seizure of 141 gambling-related domain names tossed on standing grounds. Prior blog post.
Posted by Eric at 08:42 AM | Content Regulation , Copyright , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Trademark , Virtual Worlds | TrackBack
March 22, 2010
Search Engine Legal Developments to Watch in 2010
By Eric Goldman
I recently spoke on a panel about search engines and the law at SMX West. I previewed four major trends in search engine law to watch in 2010:
1) Competition issues. Antitrust/competition law has become a big part of the search engine industry. There are two main flash points: Google’s high percentage of the search advertising business and Google’s black box algorithm for organic search results. Both facets are troubling to competitors and regulators, but they are creating extra friction with “vertical search engines” that portray themselves as competition for Google.
Recent antitrust/competition battles:
* Google-DoubleClick acquisition scrutiny
* Google-Yahoo search syndication deal killed by DOJ
* >a href="http://blog.ericgoldman.org/archives/2009/07/microsoftyahoo.htm">Microsoft-Yahoo deal
* DOJ and Microsoft opposition to Google Book Search settlement
* Person, KinderStart and Langdon civil lawsuits against Google
Present battles:
a) EU complaints from a UK price comparison site, Foundem, a French legal search engine called ejustice.fr, and Microsoft's Ciao! from Bing. Wired: “Google says the companies accuse it of wielding its dominance as a search engine to squelch competition by preventing people from finding their vertical search engines.”
b) US actions: TradeComet and myTriggers. Do these lawsuits have Microsoft ties? In a blog post “Competition Authorities and Search,” Microsoft came out of the closet and admitted it was harassing Google on antitrust issues.
The underlying battle: who should decide what content and ads that searchers see? Two main options: search engines or regulators. Seems like an easy call to me. See my Search Engine Bias article. An under-addressed issue: the role of 47 USC 230(c)(2) in search engines' filtering decisions.
2) keyword advertising lawsuits against Google. 8 lawsuits are pending. The Rosetta Stone case scheduled for trial in May. There are no known US legislative initiatives, especially now that the Utah legislature has adjourned for the year. We are all anxiously awaiting the issuance of the ECJ opinion tomorrow at 1:30 am CA time (I'll blog it as fast as I can).
3) Search engines and copyright. Pending US cases include Viacom v. YouTube, Perfect 10 v. Google and the Google Book Search settlement. Plus, Google's tussles with AP, News Corp. and other news organizations.
4) Search engine compliance with foreign laws, including the Google-China flap and the Google Videos conviction in Italy. This has stirred the pot in Congress again. The latest: Sen. Durbin’s is threatening to force Web companies to join the Global Network Initiative and stop dealing with repressive regimes…which is a resurrection of Chris Smith’s Global Online Freedom Act. Hypocrisy alert! In light of point #1, will the US itself be put on the list of repressive regimes? Plus, as we’ve seen, Google’s single-handed efforts to take down the Chinese government haven’t worked so well.
Posted by Eric at 10:15 AM | Content Regulation , Copyright , Derivative Liability , Internet History , Search Engines , Trademark | TrackBack
March 18, 2010
Viacom v. YouTube Summary Judgment Motions Highlights
By Eric Goldman
Who doesn’t enjoy a good old-fashioned mud-slingin' showdown? That’s exactly what we’ve got on our hands in the dueling summary judgment motions from Viacom and YouTube in the long-running copyright infringement case (see my initial post from March 2007). While we might have some voyeuristic fun watching the sparks, the latest salvos prove that the parties are both losers for not finding a way to settle this case. Only the lawyers win when two heavyweight contenders get locked into a cosmic death struggle. Everyone else would be better off if Viacom and YouTube instead had poured their millions of dollars of legal fees towards developing innovative and profitable ways to serve consumers’ interests. It’s ridiculous that they can’t find a way to do this.
Combined together, the filings tell a “Tale of Two YouTubes.” Viacom focuses on YouTube of Yore, circa 2005-06, while YouTube’s brief largely focuses on YouTube of Now. In that sense, the briefs largely talked past each other.
By focusing on the past, however, it shows that time is slowly working against Viacom in two ways. First, the legal precedent since Viacom’s filing has been largely YouTube-favorable. The three Veoh opinions (Io v. Veoh, UMG v. Veoh 1, and UMG v. Veoh 2) have filled in some key legal gaps that existed at the time of Viacom’s filing. While the Veoh cases aren’t binding on the judge, this judge now can follow in someone else’s footsteps rather than trail-blaze. Viacom does cite the Columbia v. Fung case, which helps its cause some, but I think YouTube gets the better of that exchange.
Perhaps more importantly, the intervening time has been good to YouTube as a business and as a brand. In this sense, compare Grokster to YouTube. At the time of the Grokster cases, it was still very much an open question whether Grokster would ever evolve into a tool where legitimate activity dominated. While we might still have had that same question about YouTube in 2006, by 2010 YouTube has answered that question resoundingly. YouTube’s business practices have matured, everyone has had positive legitimate experiences with YouTube (even behind-the-curve judges), and it’s clear that major legitimate players have adopted YouTube as a platform for their legitimate activities. For example, YouTube’s brief makes the point that all of the 2008 presidential candidates published YouTube videos as part of their campaign. I’m guessing no 2004 presidential candidates used Grokster for campaign purposes.
So as time goes on, YouTube solidifies a brand as a legitimate part of our information infrastructure. As we learn that the YouTube story has a happy ending, I suspect judges become less interested in punishing YouTube for past practices. For this reason (and others), I thought a lot of Viacom’s inducement arguments ran hollow because they ran counter to my brand impressions of YouTube. I would also note that Viacom appears to be giving up its litigation over activity after May 2008, so even Viacom seems to be happy with YouTube in its current form.
This raises an interesting legal point that I can’t resolve. Let’s assume for sake of argument that Viacom is right that YouTube induced infringement in 2005-06. Let’s also assume that no one is arguing that YouTube currently induces infringement (after all, Viacom isn’t contesting post-May 2008 activity). How do we determine when YouTube flipped the switch from inducing to not? And does flipping the switch cure any of the past infringement, or does it only cut off future claims? Because we have so few cases of inducement, we really don’t know how the doctrine works with a site that morphs over time.
I thought both YouTube and Viacom scored points against each other in the briefs. I’ll summarize some of those points below, but first I want to highlight a few standout points for both parties:
In YouTube’s case, I could not get over that Viacom has TWICE withdrawn clips from its complaint. I thought the first time Viacom did that was embarrassing and damaging to Viacom’s case, but then Viacom admitted that it didn’t catch all of its errors on the first withdrawal and therefore had to make a second withdrawal of clips. WTF? How hard it is for Viacom to accurately determine which clips it has not permitted to show on YouTube? Whether it intended to or not, Viacom has answered that question to its detriment: hard enough that an entire brigade of extremely expensive lawyers obligated to do factual investigations by Rule 11 can’t get the facts right the first OR SECOND time. For me, this undercuts Viacom’s credibility to its core. Rather than YouTube simply making intuition-based arguments to the judge that it’s really hard to figure out legitimate vs. illegitimate clips, Viacom’s failings have proven to the judge that it’s too hard—too hard for lawyers charging upwards of $1k an hour despite having unrestricted access to accurate information in their clients’ possession, and clearly too hard for YouTube’s slightly-above-minimum-wage customer support representatives with no such information advantages.
YouTube also scored points for its descriptions of Viacom’s stealth marketing practices. Although these facts only help YouTube’s legal posture a little, the lawsuit’s discovery process has unveiled some non-public information about Viacom’s practices that should be interesting to the FTC and state attorney generals. Viacom’s alleged stealth marketing practices are aggressive—close to the permissible line, if not over it. As a result, they might be exactly the kind of consumer misdirection and inauthentic online content that the FTC has been railing against, and we know the FTC is looking for test cases in this area. So, a lawsuit that began as Viacom v. YouTube might morph into FTC v. Viacom. This is one of the known risks of picking a fight—once started, you can’t control where it goes.
From Viacom’s brief, two references really stood out. First, Viacom found an email where Google employees characterized YouTube (pre-acquisition) as a “video Grokster.” Viacom argues that YouTube was like Grokster factually and therefore should be treated like Grokster legally. The Google email admits (in the lay sense, not the legal sense) this factual equivalence. Google can legally discredit the email's importance, but it can’t easily avoid talking out of both sides of its mouth.
Second, I was struck by the fact that Chad Hurley lost his entire email repository. I’ve had that happen to me too, so that fact standing alone isn’t damning. However, the brief goes on to say that when he was grilled about his co-founder’s email stash, Hurley developed “serial amnesia.” The combination did make me wonder about this situation.
As I read the brief, I made some brief notes about points of particular interest. Those notes:
YouTube’s Summary Judgment Motion
I thought both briefs were well-written and generally effective. However, the YouTube brief successfully struck a conversational tone—a nice balance between formality and accessibility.
[note: my references are to the PDF’s page numbering, not the brief’s page number at the page bottom]
PDF Page 21: Viacom sent a bulk takedown request covering about 100,000 clips on February 2, 2007, but this purge didn’t reduce YouTube traffic or increase Viacom’s traffic.
PDF Page 24: plaintiffs are suing over at least one clip of 1 second. 1 second???
PDF page 34: YouTube has terminated 400,000+ user accounts for infringement out of its 250M accounts. Although that’s a low percentage, that’s a surprisingly high absolute number.
PDF page 40 (FN 9): some litigated clips never got a takedown notice at all.
PDF page 45: YouTube says it did lacked “red flags” knowledge of infringing activity because, in some cases, the copyrights were obscure.
PDF page 47: No red flags because copyright owners routinely voluntarily upload lots of copyrighted material to YouTube, and copyright owners try to cover their tracks. Copyright owners do this because YouTube marketing works. Copyright owners’ embrace of “viral marketing”/“stealth marketing” eliminates any potential red flags.
PDF page 49-50: Details of Viacom’s stealth marketing efforts:
* It uses an “army” of third party marketing agents (at least 18 firms)
* Account names don’t indicate a Viacom relationship
* Email addresses aren’t linked to Viacom
* Clips are deliberately uploaded from networks not tied to Viacom, such as Kinko’s
* Clips are deliberately altered videos to make them look stolen. I thought this was the most damning fact. It’s disingenuous to rail against piracy and yet try to take advantage of the marketing benefits of seemingly unauthorized copying.
PDF page 50: Viacom has released clips with the intent that users spread them virally.
PDF page 53: Viacom has a deliberate and complex strategy for leaving up clips. This part of the brief was confusing so I didn’t fully follow the timeline. Here’s what I understood about Viacom’s “leave-up” policy. Through Oct. 2006: leave up clips less than 5 minutes. Oct 2006: Viacom tells BayTSP to leave up all clips shorter than 2.5 minutes [or is it 3 minutes?]. Then, Viacom expanded the leave-up policy to include every clip shorter than a full episode; and in some cases, even full episodes were expressly left up.
PDF page 54-55: Viacom found 316 clips of South Park and took down only 1.
PDF page 56: “If Viacom deliberately refrained from sending takedown notices for certain videos, how could it be that YouTube was obligated to remove those same videos on sight—without any request from Viacom?”
PDF page 59-60: No red flags because some copyright owners granted licenses that permitted YouTube uploading. Also, some clips may be subject to joint ownership, and YouTube can’t tell if one of the joint owners had consented.
PDF page 61: no red flags because of fair use/de minimis use. I was surprised that the Lenz case wasn’t explored.
PDF page 73: Viacom had complex whitelists of YouTube accounts that wouldn’t be challenged.
PDF page 75: Viacom sued over clips it had authorized for posting.
PDF page 99: less than 1% of YouTube clips have been subject to a takedown notice. Again, I am surprised that this was appropriately rounded to 1%; I would have expected an even smaller fraction.
PDF page 105: Viacom spent over $1M advertising on YouTube from 2006-08. All of which (and more) YouTube has reinvested in its litigation against Viacom.
Viacom Summary Judgment Motion
PDF page 9 (FN 1): This was a confusing footnote, but a crucial one. It appears that Viacom is only interested in infringement pre-May 2008 (before YouTube deployed digital fingerprinting for Viacom). The way I read it, Viacom isn’t going to pursue any claims for activity post-May 2008. Thus, Viacom apparently is acquiescing to—or even happy with—YouTube’s current practices. Consistent with the Tale of Two YouTubes, Viacom reinforces that it’s really only interested in the past, not the present.
Viacom complains that it took too long for YouTube to deploy the digital fingerprinting for it. It says that YouTube withheld the tool as part of a quid-pro-quo to require content owners to sign a license and revenue share deal.
PDF page 14: YouTube founder Karim uploaded infringing content himself.
PDF page 14-15: YouTube was a junkie for traffic to infringing content—it wanted and needed the traffic. They felt they would lose 80% of their traffic if they did a crackdown of obviously infringing clips.
PDF page 17: YouTube tried and then removed the ability for every user to flag clips for copyright infringement. I personally think Viacom overemphasized this point. Service providers are trapped in a dilemma. If they do more screening than 512 requires, copyright owners say that evidences their right and ability to control (indeed, Viacom itself makes that argument in its brief). But if they don’t do more, copyright owners complain that they could have done more. Good grief. With respect to user flagging of copyright infringement, users are a terrible source of credible information about what constitutes copyright infringement (at least, when it’s not their works involved), so the user flagging tool inevitably would generate too many false positives. Requiring 512(c)(3) notices is a logical way to avoid the deluge of false positives.
PDF page 17: Dunton surveyed top clips on YouTube and thought 70%+ were copyrighted. Later, Dunton said 75-80% of clip views were from copyrighted content.
PDF page 19: Karim says in a board meeting that the site would benefit from preemptive takedowns of blatantly illegal content, but no changes were made.
PDF Page 22: pre-acquisition, a Google employee referred to YouTube as a “video Grokster” and a “rogue enabler of content theft.”
PDF Page 22: Google’s investment banker Credit Suisse reported to Google that 60%+ of YouTube’s views were of “premium” content, of which only 10% was authorized.
PDF Page 29-30: Hurley lost all of his emails, and Schmidt deletes all emails after he reads them (guess he doesn’t use Gmail’s “archive” feature). Hurley developed “serial amnesia” when confronted with Karim’s emails.
Posted by Eric at 04:08 PM | Copyright , Derivative Liability , Internet History | TrackBack
March 02, 2010
February 2010 Quick Links
By Eric Goldman
Copyright
* Mavericks Recording Co. v. Harper (5th Cir. Feb. 25, 2010). 17 USC 402(d) precludes an innocent infringement defense in P2P downloading case when the record companies place proper copyright notices on their works. This is consistent with language from BMG v. Gonzalez in the Seventh Circuit.
* Perfect 10 and Amazon settle on confidential terms; Perfect 10 v. Google will keep going. Previous blog coverage of this case (1, 2, 3, 4, 5).
* Veoh won in court (1, 2, 3) but still got knocked out of the marketplace.
* Project DoD, Inc. v. Federici, 2010 WL 559115 (D. Me. Feb. 11, 2010). In a 512(f) lawsuit I blogged about in December, the judge upheld the magistrate report dismissing for lack of personal jurisdiction because the plaintiff had moved and no longer had ties to Maine.
* MCS Music America, Inc. v. YAHOO Inc., 2010 WL 500430 (M.D. Tenn. Feb. 5, 2010). MCS sued Yahoo over infringement of its songs, and the court says that it can only get statutory damages for each song infringed. This means that if Yahoo performed 8 different covers of the song, MCS is only entitled to statutory damages for one infringed work.
Trademark
* Monex Deposit Co. v. Gilliam, 2010 WL 325570 (C.D. Cal. Jan, 25, 2010). The courts says a gripe site called "MonexFraud.com" may cause initial interest confusion of the Monex trademark. Are you kidding me?
* Typographically erroneous phone numbers always struck me as a much greater problem than "typosquatters."
Contracts
* Asch Webhosting, Inc. v. Adelphia Business Solutions Investment, LLC (3rd Cir. Jan. 25, 2010). 3rd Circuit upholds consequential damages waiver in B2B Internet connectivity contract. Prior blog discussion.
Blogging/Social Networking Sites
* Cats & Dogs Animal Hospital v. Yelp (C.D. Cal. complaint filed Feb. 24, 2010). The plaintiffs allege that Yelp violates California B&P 17200 by using a pay-for-play scheme.
* Rick Frenkel speaks about his Troll Tracker blogging days.
* In re Perry, 2010 WL 374770 (Bankr. S.D. Tex. Feb. 3, 2010). Emailing links to a third party's defamatory blog constituted "publication" of the blog for defamation purposes. The court doesn't discuss 47 USC 230 at all!
* Cunningham v. West Virginia, 2010 WL 415257 (S.D. W.Va. Jan. 26, 2010). MySpace does not impermissibly discriminate against sex offenders.
* Evans v. Bayer, 2010 WL 521119(S.D. Fla. Feb 12, 2010). A student's off-campus creation of a Facebook Group called "Ms. Sarah Phelps is the worst teacher I've ever met" may not be an appropriate grounds for school discipline.
* Snowball fight leads to a rampage at Macy's? Blame Facebook!
* Marshall v. City of Savannah, 2010 WL 537852 (11th Cir. Feb. 17, 2010). A probationary firefighter posted an official fire department photo on her MySpace page. After a reprimand, the employment relationship deteriorated and she was fired. The 11th Circuit affirms the dismissal of her discrimination and retaliation claims.
* BoingBoing gets an anti-SLAPP win--including its attorneys' fees--in a defamation lawsuit over one of its blog posts. The anti-SLAPP ruling.
* Berkery v. Estate of Stuart, 2010 WL 610631 (N.J. Super. A.D. Feb. 23, 2010). "The investigative function an author performs is not substantively different from an investigative journalist. The dispositive element is not the form of the investigative process. In an era marked by a diminution of the classic newsmedia and the print investigative journalist and the proliferation of investigative reporting in media such as cable television, documentary journalism-both televisions and movies-internet reporting and blogging, the need for protection remains the same. Whether Hornblum was writing a book, news article, a screenplay or a blog, the substance of his body of work remains the same."
Search Engines
* After some innuendo about Microsoft’s role in harassing Google on antitrust/competition issues, Microsoft effectively admits as much. Also see this Wall Street Journal article on the Microsoft-Google tussles.
* Search Engine Land: Google AdSense Using Search History In Contextual Matching
* Munger v. State, 2010 WL 537641(N.C. App. Feb. 16, 2010). Rejecting a taxpayer challenge against a NC law designed to provide financial incentives for Google to build a facility there.
* Lengthy Wired article on Google's algorithm.
* Nature: Chinese researchers don’t want to lose access to Google. My blog post on this topic.
* Business Insider: In Case You Had Any Doubts About Where Google's Revenue Comes From
Advertising
* Thomas O'Toole: Does "No Contract" Really Mean No Contract?
* MediaPost: Start-Up Links 65 Million IP Addresses To Users, Readies Targeting Platform. This is not going to end well.
* More troubling words for online advertisers from FTC BCP Director David Vladeck.
* Zelotes v. Rousseau (Conn. Grievance Committee). Attorneys participating in an Internet lead generation system that allocated leads geographically didn't violate the attorney Rules of Professional Conduct.
Online Crimes
* F.T.C. v. Pricewert LLC, 2010 WL 329913 (N.D. Cal. Jan. 20, 2010). FTC gets a default injunction against an Internet access provider that allegedly provided connectivity for activities such as child pornography, botnets, spyware, and viruses.
* US v. Little. The Eleventh Circuit disagrees with the Ninth Circuit regarding the appropriate geographic scope to measure the obscenity of Internet material.
* 3 Google executives were convicted in Italy of criminal privacy violations for a user-uploaded video to Google Video. NYT article. Google's response. A refresher on the Felix Somm conviction from 1998.
* Online ticket sellers are getting the smackdown. Criminal prosecutions of online ticket brokers who allegedly played dirty in jumping the queue. The FTC cracks down on Ticketmaster and warns other online ticket sellers.
Posted by Eric at 05:04 PM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Search Engines , Trademark | TrackBack
March 01, 2010
Ninth Circuit: Creditor Can Execute Against Domain Name Where Registry is Located -- Office Depot v. Zuccarini
[Post by Venkat]
The Ninth Circuit affirmed the district court's ruling in Office Depot v. Zuccarini [Scribd link], agreeing that a creditor may levy against a domain name in the jurisdiction where the domain name registry is located. The decision is significant for two reasons. First, it affirms (or reaffirms) that domain names are property subject to the claims of creditors. Second, it allows creditors to proceed against domain names where the registry is located, thus allowing creditors to proceed against domain names in one proceeding and more importantly levy against domain names located abroad (where the registry is located in the United States). Overall, this makes getting at a domain name much easier for creditors.
Background: Office Depot originally obtained a judgment against frequent cybersquatting defendant John Zuccarini. Office Depot then assigned the judgment to DS Holdings. Office Depot obtained the judgment in 2000 and it's surprising that 10 years later the judgment is finally being enforced against something. Although Zuccarini is proceeding pro se, it seems like he was or became well versed in putting up roadblocks and delaying resolution of the litigation.
DS went after 190 .com domain names that were registered in Zuccarini's name. DS originally tried unsuccessfully to have the domain names transferred directly to it. (This was the technique successfully used by the plaintiff in Bosh v. Zavala.) Later, DS sought to have a receiver appointed over the domain names. The district court granted DS's request to have the receiver appointed, and Zuccarini appealed. Zuccarini's appeal focused on whether it was proper to appoint the receiver in the Northern District of California, since the domain names were not necessarily "located" there.
The court's ruling: The court runs through basic principles of in rem jurisdiction and what rules apply. The court then looks to federal rules to determine where the receiver should be appointed in this case. Finding no applicable federal rule, the court looks to California law. California law provides that a writ of execution may be issued "in the county where the levy is to be made." With this in the background, the two questions presented by the court are: (1) "are domain names property that is subject to execution?" and (2) "if so, where are the domain names located for purposes of execution?"
With respect to the first question, the court cites to Kremen v. Cohen, and easily concludes that (under California law) "domain names are intangible property subject to a writ of execution." Kremen undermined Network Solutions, Inc. v. Umbro Int’l, Inc., 259 Va. 759, 770 (Va. 2000), a Virginia case widely cited for the proposition that creditors cannot get at domain names because domain names are contract rights rather then property. To the extent Kremen did not refute Umbro, this decision definitely provides the necessary ammunition to creditors. (Again, collection is state-specific, and apart from the analysis of the nature of domain names, the outcome in these cases turns on the statute in question, which vary from state to state. That said, I think given the robust marketplace in domain names, Umbro's conception of the domain name as a personal services agreement seems outdated, and most courts will easily recognize this.)
With respect to the second question, the court acknowledges that "attaching a situs to intangible property is ... a legal fiction," and the determination must be made in a "context-specific" manner. Fairness was relevant to the court's determination of the appropriate situs, and the court was understandably not receptive to Zuccarini's policy arguments that allowing a court to issue an order directed to the registry would mean that every .com and .net domain name could be levied through courts in the Northern District of California. The court also looked to the ACPA, which provides for in rem jurisdiction over certain cases where the "registrar, registry, or other domain name authority" is located. Although this was not an ACPA case, the court found the structure set up by the statute persuasive and that the writ was appropriately issued from Northern District of California since VeriSign (the registry for .com domains) is located there.
My reaction: The decision clears up two things. Although post Kremen v. Cohen there shouldn't have been much dispute that domain names are property which are subject to the claims of creditors, the case clears up any lingering doubt that may have existed. (Kremen and this case applied California law, but the result shouldn't vary much across other states.) Second, the decision makes clear that a court which has jurisdiction over the registry can issue an order allowing the creditor to get at the domain names. The case also implicitly affirms that getting a receiver appointed to sell the domain names is the appropriate route for the creditor. Getting the name transferred to the creditor is not a remedy allowed under California law (Palacio Del Mar Homeowners Ass'n, Inc. v. McMahon). Additionally, a transfer of domain names from a cybersquatter to a judgment creditor raises some issues around potential infringement of third party rights through sales or other exploitation of the domain names. (See this post on Bosh v. Zavala for some discussion of those issues.) The method ultimately used by DS in this case (a receiver) avoids all of these issues, or at least shifts them over to the receiver rather than the creditor.
One of the more significant aspects of the case is that the ruling makes clear that regardless of whether a domain name is registered through a foreign registrar, a court having jurisdiction over the registry can issue an order directing transfer of the domain names to a receiver. With respect to .com and .net domain names, this means that creditors can try to get at these domain names through proceeding in the Northern District of California (as the court notes, VeriSign is the registry for .com and .net domain names and is headquartered in Mountain View). While the ACPA allows plaintiffs to file in rem suits where the registry is located, it's nice (for creditors) to have a similar ruling in the post-judgment context, and one from the Ninth Circuit as well.
Will this cause a rush of similar claims to be filed in the Northern District of California? It's tough to say, but even post Kremen, it does not seem like there's been a ton of post-judgment collections activity with respect to domain names. From a practitioner's standpoint, it's certainly nice to have this rule on the books.
An odd footnote: Zuccarini is a colorful character whose internet exploits have gotten him in trouble with the law. He was arrested in 2003. (Here's a post at CircleID rounding up reactions to his arrest.) According to his Wikipedia entry which contains a link to a Bureau of Prisons search, he was released in 2005.
Previous post: "Domain names as property subject to creditor claims -- Bosh v. Zavala"
Additional coverage: Mike Atkins covers the ruling in a post here.
Posted by Venkat at 06:58 AM | Domain Names , Internet History , Trademark
February 16, 2010
Kozinski and Goldfoot on Cyberspace Exceptionalism and Internet Regulation
By Eric Goldman
Alex Kozinski & Josh Goldfoot, A Declaration of the Dependence of Cyberspace, 32 Colum. J.L. & Arts 365 (2009).
Introduction
In early 1996, in response to Congress' enactment of the Communications Decency Act (the first comprehensive attempt to regulate the Internet), John Perry Barlow published his cyberspace exceptionalist screed, “A Declaration of the Independence of Cyberspace.” The manifesto (naively, IMO) tells government regulators that they are outdated and should not—and cannot—regulate the Internet.
Judge Kozinski, chief judge of the Ninth Circuit, and Josh Goldfoot, a trial attorney in the DOJ's CCIPs division, use Barlow's article as an entry point to discuss Internet exceptionalism/regulation generally. Although the article expresses the authors’ personal views, the article amplifies some themes Judge Kozinski has been developing in his recent Internet jurisprudence, most notably the Roommates.com case and Perfect 10 v. Visa. Because Judge Kozinski plays a crucial role on the federal appellate court governing both Hollywood and the Silicon Valley, this article is worth a close look.
Internet Exceptionalism
Judge Kozinski made his distaste for Internet exceptionalism clear in the Roommates.com opinion. In this article, the authors explain this view more thoroughly:
It is a mistake to fall into Barlow's trap of believing that the set of human interactions that is conducted online can be neatly grouped together into a discrete “cyberspace” that operates under its own rules. Technological innovations give us new capabilities, but they don't change the fundamental ways that humans deal with each other....[W]hen the internet is involved in a controversy only because the parties happened to use it to communicate, new legal rules will rarely be necessary. When the substance of the offense is that something was communicated, then the harm occurs regardless of the tools used to communicate....[T]he vast majority of internet cases that have reached the courts have not required new legal rules to solve them.
While I generally agree with this, I also think it’s an antiquated sentiment. Whether or not cyberspace exceptionalist law are logical or even appropriate, legislators have found them irresistible, resulting in dozens or hundreds of Internet-specific statutes. I explore this dynamic in my article “The Third Wave of Internet Exceptionalism.” So to the extent the authors are arguing that we don’t need new cyberspace-specific laws, that ship sailed a long time ago.
The authors conclude that "the internet is doing wonderfully. It has survived speculative booms and busts, made millionaires out of many and, unfortunately, rude bloggers out of more than a few. The lack of a special internet civil code has not hurt its development."
I agree that the Internet is doing wonderfully, but I would assign causality differently. Legislatures in the 1990s passed a number of Internet-favorable laws, such as the Internet Tax Freedom Act, which kept taxing authorities from loving the Internet to death, and 47 USC 230, which provided a crucial immunity to online intermediaries. Reverse-engineering the Internet’s success is a tricky science, but my hypothesis is that the success is partially due to these “special Internet civil codes,” not due to their absence. For more on this with respect to 47 USC 230, see my talk notes from the Denver University Cyber Civil Rights event.
”Death of the Internet” and “Death of Innovation” Arguments
The authors address two common arguments that Internet defendants make to support favorable exceptionalist rulings, including that an adverse ruling (1) will end the Internet or (2) harm innovation.
They suggest that "end of the Internet" arguments can be powerful (specifically addressing Judge McKoewn’s doomsday concerns in her Roommates.com dissent):
The argument that a legal holding will bring the internet to a standstill makes most judges listen closely. Just think of the panic that was created when the Blackberry server went down for a few hours. No one in a black robe wants to be responsible for anything like that, and when intelligent, hard-working, thoughtful colleagues argue that this will be the effect of one of your rulings, you have to think long and hard about whether you want to go that way. It tests the courage of your convictions.
While end-of-the-Internet arguments can grab judges' attention, I have to assume that the litigant loses credibility if the claim is overstated. So use the argument sparingly, like when your client's loss will pry beloved Crackberries out of the judges' hands.
The authors are less impressed with the "death of innovation" argument.
[P]romoting innovation alone cannot be a sufficient justification for exempting innovators from the law. An unfortunate result of our complex legal system is that almost everyone is confused about what the law means, and everyone engaged in a business of any complexity at some point has to consult a lawyer. If the need to obey the law stifles innovation, that stifling is just another cost of having a society ruled by law. In this sense, the internet is no different than the pharmaceutical industry or the auto industry: they face formidable legal regulation, yet they continue to innovate.
There is an even more fundamental reason why it would be unwise to exempt the innovators who create the technology that will shape the course of our lives: granting them that exemption will yield a generation of technology that facilitates the behavior that our society has decided to prohibit. If the internet is still being developed, then we should do what we can to guide its development in a direction that promotes compliance with the law.
I’m sympathetic to this point. Personally, I feel like arguments that a ruling or law will harm “innovation” are often make-weight. “Innovation” is ill-defined and difficult to measure (i.e., some folks believe patent applications/issuances quantify innovation, but we know better), and it is politically incorrect to oppose “innovation” (you might as well oppose other incontrovertible ideals like freedom, Mother Teresa and puppies). Thus, the “harms innovation” argument automatically, and often unfairly, puts the opponent on the defensive—they can either try to debate what’s better for innovation or stand silently and look like they oppose innovation. But debates about what’s best for “innovation” are almost always irresolute because innovation can take many forms, and we do not know what precise mixture of government intervention and deregulation will foster socially optimal levels of innovation. For more on this, see, e.g., Niva Elkin-Koren and Eli Salzberger’s analysis of Coasean allocations on innovation.
At the same time, the authors’ arguments are a little disquieting because they imply that innovation can result in only one of two outcomes—legal or illegal, with nothing gray in between. From my perspective, much (most?) Internet entrepreneurship/“innovation” exists between the two endpoints of the legality continuum. For example, in 1996, I believe many legal experts would have said that unconsented spidering and indexing of a website was probably illegal (a question that has not been definitively resolved even today)—so if we wanted to avoid possibly illegal innovation, Google would not exist today. As a result, it might sound great to channel innovation towards only clearly legal activities, but I don’t really think that’s what we want.
Secondary Liability and Anonymity
The article also has some troubling remarks on secondary liability and anonymity:
If the legal rules change, and companies are held liable more often for what their users do, then the cost of anonymity would shift away from victims and toward the providers. In this world, providers will be more careful about identifying users. Perhaps online assertions of identity will be backed up with offline proof; providers will be more careful about providing potential scam artists in distant jurisdictions with the tools to practice their craft. All this would be expensive for service providers, but not as expensive as it is for injured parties today.
I would like to see some empirical support for the last sentence’s comparison of expenses. It’s not self-evident to me. Further, if we are going to do a cost accounting, we also need to consider what socially beneficial activity is dissuaded by service provider authentication of identity.
The authors continue:
Secondary liability should not reach every company that plays any hand in assisting the online wrong-doer, of course. Before secondary liability attaches, the plaintiff must show that the defendant provided a crucial service, knew of the illegal activity, and had a right and a cost-justified ability to control the infringer's actions. This rule will in almost every case exclude electrical utilities, landlords, and others whose contributions to illegal activity are minuscule.
This argument is consistent with traditional tort principles (as well as Judge Kozinski’s dissent in Perfect 10 v. Visa regarding copyright liability). 47 USC 230’s immunity breaks these venerable principles. As I’ve noted before, bright judges imbued in the common law can have a tough time with Congress’ rejection of traditional tort principles (as well as the concomitant reduction in judicial discretion).
Meanwhile, I’m wondering about the qualifier in the last sentence (“in almost every case”). Unless specified in a statute, I can’t imagine *any* circumstances where it would be appropriate to hold people who make “minuscule contributions” responsible for third party torts—especially electrical utilities, who as regulated monopolies usually have no discretion about whether or not to provide power to their customers.
Conclusion
Although in general most Ninth Circuit Internet rulings have reached the right result, recent Ninth Circuit rulings have shown some hostility towards 47 USC 230 specifically and Internet defendants generally. I am concerned that the Ninth Circuit has become a dangerous circuit for Internet defendants, and this article does not dispel my fears. I think Internet defendants should carefully weigh the pros and cons before appealing a case to the Ninth Circuit. The wild card factor is high, and the likelihood of getting an incomprehensible legal standard is higher still.
Posted by Eric at 01:40 PM | Derivative Liability , Internet History | TrackBack
February 09, 2010
Catching Up With Wikipedia
By Eric Goldman
I recently posted the final published version of my article Wikipedia’s Labor Squeeze and its Consequences. In the course of updating the draft, I reviewed the news coverage of Wikipedia from the second half of 2009, and I thought I would share some of the more interesting tidbits that caught my eye.
Flagged Protection v. Flagged Revisions
The biggest news from the second half of 2009 was the August announcement from the Buenos Aires Wikimania that the English-language Wikipedia was rolling out Flagged Revisions for living people's biographies. It was first reported by Noam Cohen at the New York Times and then repeated in countless articles. I think the announcement took everyone by surprise because it seemed to come from out of the blue. Several other Wikipedia versions deploy Flagged Revisions, but before Wikimania, the consensus had been to try Flagged Protection and Patrolled Revisions--not Flagged Revisions--on the English-language Wikipedia.
[Some of you may be wondering: what's the difference? A lot! With Flagged Revisions, most user edits are invisible to logged-out readers until a more trusted editor approves them. Flagged Protection is a variation of Full Protection and Semi-Protection. Edits from less trusted users to protected articles are invisible to logged-out readers until a more trusted editor approves them. Flagged Protection substitutes for Full Protection, where less trusted users cannot make any edits to the protected articles whatsoever; and semi-protection, where only some users can make edits to those articles. The percentage of articles currently fully- or semi-protected is very low--I believe less than 1%--and presumably Flagged Protection would be used equally sparingly. In contrast, the media announcements indicated that Flagged Revisions would apply to all living people's biographies, a significant minority of Wikipedia entries. Patrolled Revisions is more procedural than substantive; it's merely a way for editors to communicate with each other that they have verified previous edits.]
The fact that Wikipedia apparently leapfrogged Flagged Protection to adopt the much more restrictive Flagged Revisions seemed like an ominous development and perhaps an indication that the vandals and spammers were winning more than we thought. The public angst over Wikipedia's announced move was deafening. People seemed to be genuinely shocked that Wikipedia might make a wholesale move from an open edit site to something substantially more restrictive.
However, this angst was misdirected. Despite multiple efforts to get clear information from Wikipedia (including this unbelievably confusing blog post), it turns out that the English-language Wikipedia isn't adopting Flagged Revisions at all but instead is proceeding with its trial of Flagged Protection. I think Farhad Manjoo properly captured our collective frustration in his TIME article entitled Jimmy Wales Quietly Edits Wikipedia’s New Edit Policy: “In several interviews, including many with TIME, officials at the Wikimedia Foundation, the nonprofit that manages Wikipedia, explained that the user-edited online encyclopedia would soon impose restrictions on articles about living people.” I really don't understand how or why Wikipedia successfully misdirected us for weeks, but they could have easily avoided a lot of confusion with a clearer announcement and more prompt corrections.
So the bottom line is that, despite the August drama, Wikipedia is not flipping its default to closed editing yet.
Nevertheless, as I explain in my Wikipedia Labor Squeezes article, Wikipedia inevitably will adopt more restrictive editing policies. It's just a matter of time. Accordingly, I will not be surprised when Wikipedia announces more restrictions. In contrast, judging from the reaction to the August announcement, I expect most people will be shocked when they next hear of Wikipedia's next effort to deploy a more restrictive editing policy.
Wikitrust
In late August, Wired reported that Wikipedia was adopting Wikitrust, a tool that automatically color-codes edits to an entry to show the projected credibility of those edits. Thus, at a glance, a reader can tell which parts of an entry are more likely to be accurate and which parts should be scrutinized more closely. Amazingly, though, this was also a botched announcement (read the update to the Wired article). Wikipedia is only conducting a trial of Wikitrust.
A Couple Other Interesting Factoids
From New Scientist: ""Occasional" editors, those who make just a single edit a month, have 25 per cent of their changes erased, or reverted, by other editors, a proportion that in 2003 was 10 per cent. The revert rate for editors who make between two and nine changes a month grew from 5 to 15 per cent over the same period."
From NY Times: Wikipedia contributors are 80% male, 65%+ single, 85%+ childless and 70% under 30 years old. As I explain in my article, this is a group that will experience significant life changes, which in turn will reduce or eliminate the time they have to contribute to Wikipedia. Will sufficient numbers of replacements emerge?
From an article entitled The Singularity is Not Near: Slowing Growth of Wikipedia
- "the number of active editors and the number of edits, both measured monthly, has stopped growing since the beginning of 2007"
- "The rate of reverts-per-edits (or new contributions rejected) and the number of pages protected has kept increasing. Occasional editors experience a greater percentage of reverts per edits in comparison to the more prolific editors."
The Wall Street Journal Article
On November 23, the Wall Street Journal published an A1 article entitled I spoke with the reporter in June but my remarks only made the sidebar. The lead paragraph thesis is that "unprecedented numbers of the millions of online volunteers who write, edit and police [Wikipedia] are quitting." Citing research by Felipe Ortega, the article says that the English-language Wikipedia suffered a net editor loss of 49,000 in Q1 2009 (compared with a net loss of 4,900 in Q1 2008). It's worth reading the entire article. It stirred the pot quite a bit.
Erik Moeller, Wikipedia's Deputy Director, responded to the article with (among other things) a different cut at the numbers:
Studying the number of actual participants in a given month shows that Wikipedia participation as a whole has declined slightly from its peak 2.5 years ago, and has remained stable since then. (See WikiStats data for all Wikipedia languages combined.) On the English Wikipedia, the peak number of active editors (5 edits per month) was 54,510 in March 2007. After a more significant decline by about 25%, it has been stable over the last year at a level of approximately 40,000.
My Prediction
Consider this blog post my 4+ year check-in on my prediction in December 2005 that Wikipedia would fail in 5 years. In that post, I didn't tightly define what I meant by "failure," and frankly my "failure" rhetoric has been unintentionally and unnecessarily inflammatory. In all cases, I'm not rooting for Wikipedia's failure (however defined).
However, I remain baffled by the folks who are so enraptured by Wikipedia's mystique that they believe the site will defy gravity. Whatever you take away from the data points I cite in this post, I think it's undeniable that Wikipedia is changing in material ways. Bright minds might disagree about whether those changes are good or bad. From my perspective, Wikipedia's evolution has followed a fairly predictable path. Like many UGC websites, contributor activity peaks and then declines, and the transition from first generation contributors to second generation contributors naturally has some bumps. More structurally, Wikipedia has followed an entirely predictable evolution of progressively tighter editorial policies, and I anticipate even tighter editorial controls are come (to be accompanied by shocked public outcries each time).
As for my prediction, I'm waiting to see what develops this year, especially at Wikimania in August. Whether I'm right or wrong, I'll post my 5 year assessment of my prediction in December.
Posted by Eric at 11:48 AM | Content Regulation , Internet History | TrackBack
February 02, 2010
FTC Privacy Roundtable Recap
By Eric Goldman
[Introductory note: I have repeatedly criticized the FTC on this blog, and this post may implicitly criticize them as well. At the same time, I want to share a couple of compliments for the FTC. First, the FTC did a terrific job preparing for this event. For the panel I participated on, we had two official group organizing calls, plus I had at least 3 individual calls as well. I can’t recall another event which had more pre-event preparation efforts. Second, I remain consistently impressed with the dedication of the FTC staff attorneys. The FTC attorneys I've met uniformly seem to be trying to do the right thing, even if bright minds might disagree about what that is.]
Last week, the FTC held the second of three privacy roundtables at UC Berkeley. A large crowd (I estimate 200+ people) showed up, and I know that many other people watched online. Combined with my conversations with the FTC folks prior to the event, I took away a few meta-observations:
1) The FTC is Facebook-obsessed. FTC staff kept citing Facebook examples. It's clear that the FTC is paying extraordinarily close attention to Facebook.
2) The FTC has embraced the idea of "data as currency." The concept is that online services that don't make consumers pay with cash instead make consumers "pay" by providing their personal data. This didn't come up much at the second roundtable, although I understand it was a big issue at the first.
It's a little dispiriting to see this argument gain traction. I have repeatedly criticized this concept before (see my Coasean Analysis of Marketing and Data Mining and Attention Consumption articles), so I will only briefly recap its deficiencies here. Basically, the concept treats the provision of personal data as an automatic detriment to the consumer, which creates a zero-sum game—just like the transfer of cash, the service provider wins at the consumer's expense. Although consumers may suffer negative consequences from providing their personal data to service providers, the overall concept is wrong because many service provider-consumer relationships are "win-win" where both the consumer and the service provider are better off due to the data transfer. I build some economic formulas in my articles to explain these scenarios with more rigor. Win-win can occur, for example, if the service provider can provide better services to the consumer based on access to personal data. Personalized search is one example. Ultimately, any policy proposals predicated on treating data as currency are likely to overregulate by reducing or eliminating potential win-win scenarios.
3) The term "privacy enhancing technologies" or PETs lacks a consensus definition. Because we didn't agree on what qualifies as a PET, we couldn't determine if they had been successful or not.
Construed narrowly as add-on technologies that guard against specific vectors of privacy intrusions, it's clear that PETs have failed as a mass-market offering. Hardcore privacy folks may seek out tools that advance their interests, and they may even be willing to pay for those tools, but most folks don't care enough to pursue such solutions--even those available for free. (I highlight this tension in my 2002 Forbes editorial.)
However, if we construe PETs more broadly, they have been massively successful. For example, I would consider anti-spam/anti-spyware/anti-virus software as PETs. Obviously those software programs have other benefits, such as security protection, but they solve a variety of privacy-related problems too. For example, my Gmail spam filter learns my preferences and, over time, blocks some types of unwanted emails (such as repeat emails meant for other “egoldman”s like Emma Goldman) from showing up in my in-box. Similarly, PETs have been incorporated into the browsers and provide default protection to their users. If we can get past the one-off single-vector conception of PETs, we may find lots of successful examples.
4) The online "privacy" dialogue hasn't advanced very far in the past 15 years. I felt like much of the 2010 roundtable's discussion would have been apropos 15 years ago. For example, instead of discussing cookies in 1995, in 2010 we are discussing flash cookies and supercookies. There's no real difference in the underlying principles; we're simply at a new point in the technological arms race. Just like technology evolved to provide user control over cookies, it will eventually catch up to flash cookies and supercookies and super-duper-cookies or whatever the next iteration of persistent client-side identifiers is called. Unless we look past the specific technological implementations and focus on broader concepts, we are doomed to repeat the same conversations.
5) Due to the semantic ambiguity of the word "privacy," "privacy" inquiries are guaranteed to fail. Ultimately, I found much of the roundtable discussion unenlightening because the "privacy" umbrella is too broad and ambiguous. From my perspective, the term "privacy" is always fatally ambiguous to any productive conversation; I just don't understand what it means. As a result, at the roundtable, panelists were simultaneously discussing privacy, security, anonymity and a variety of other concepts. The result was a jumbled doctrinal mess and a lot of talking past each other.
At the same time, the "privacy" umbrella hindered the inclusion of non-privacy concepts that might have helped overcome the deja vu tendency. The panel titles were:
Panel 1: "technology and privacy"
Panel 2: "privacy implications of social networking and other platform providers"
Panel 3: "privacy implications of cloud computing"
Panel 4: "privacy implications of mobile computing"
Panel 5: "technology and policy"
My latest project on reputation is relevant to the issues discussed at the roundtable, but where does "reputation" fit into these panels? Everywhere--and nowhere. Similarly, I was hoping to discuss the implications of 47 USC 230(c)(2), the immunization for filtering technologies, but where does that fit in? I hoped to discuss it in the first panel but we ran out of time. Using a classic "privacy" structure for the discussion implicitly stifles these important non-privacy considerations from emerging. As a result, this structure almost guarantees a "same old, same old" discussion by precluding new concepts from joining the discourse.
Before the panel, lame-duck Commissioner Pamela Jones Harbour gave some opening remarks. She expressed displeasure with Facebook's resetting of privacy defaults and disagreed with Mark Zuckerberg's quoted remarks that the technology change reflects emerging social attitudes. She also gave a lengthy shout-out to Paul Ohm's paper on de-anonymization/re-identification of non-PII. Note that we will have an evening panel event featuring Paul Ohm at SCU on April 7. Please put that on your calendar now. Paul's paper is already affecting the considerations of FTC Commissioners; come hear what the fuss is about.
After Commissioner Harbour, David Vladeck (head of the FTC's Bureau of Consumer Protection) gave some opening remarks as well. He summarized three conclusions from the first roundtable:
* Consumers don’t understand commercial information-collection practices (ex: data brokers, behavioral targeting).
* Lengthy privacy policies aren’t effective, but privacy disclosures are important.
* Consumers care about privacy.
He concluded his remarks with an ominous threat. He noted that the FTC continues to bring privacy-related enforcement actions, and in particular (a quote from his prepared remarks) "we are currently examining practices that undermine the effectiveness of tools consumers can use to opt out of behavioral advertising, and we hope to announce law enforcement actions in this area this year." I'm not sure what this means. Perhaps the FTC is fed up with NAI's behavioral ad network opt-out tool? I have not been able to make the tool work properly for years.
Finally, I'll mention a few thoughts from the social networking panel, which featured Erika Rottenberg of LinkedIn, Nicole Wong of Google and Tim Sparapani of Facebook. Given all the Facebook-bashing throughout the day, Tim was in the hot seat!
One of Tim’s talking points was that 35% of users customized their privacy settings in response to Facebook's privacy default resetting and its subsequent requirement that they review the settings. 35% user participation would be a remarkably high percentage for any website, and it’s incredible for Facebook with 350M claimed users.
Tim's other talking points didn't go over as well. He claimed that there are no barriers to entry for other social networking sites. This is technically true but woefully incomplete. It could very well be that the optimal number of social networking sites that consumers can actively embrace is precisely one, and there is good reasons to believe that social networking sites experience powerful network effects. See, e.g., Reuter's article about the tipping point between MySpace and Facebook.
Further, although the friendship relations are sticky, Facebook’s real stickiness comes from the self-published content on Facebook that cannot be exported to another site. Tim completely chunked the question about data portability from Facebook, slavishly espousing his talking point that Facebook will delete user accounts on their request--a non-sequitur that made most people in the audience quietly groan. We all understand that Facebook will kill content upon request, but the question on the table was how Facebook will allow users to move their extensive content to a competitor. Tim ducked that question because Facebook doesn't enable it. Facebook does not offer a front door for data portability, and Facebook has been shutting down the backdoor by suing folks like Power.com who try to create an unsanctioned portability method. To be clear, I'm not 100% convinced that Power.com is the good guy in that dispute, but I'm pretty confident that Facebook doesn't tolerate backdoor data portability.
Even so, I think Facebook's biggest threat is itself. Few users will get so mad that they will delete their accounts (I still have my Orkut and Friendster accounts, for example). Instead, Facebook should be concerned that users will simply reduce their usage because they get burned out or lose trust in Facebook. Ultimately this will cause users to migrate elsewhere, so the end game for Facebook could be a whimper, not a bang.
As an example of this latter phenomenon, Tim’s talking points claimed that Facebook gives users control over who they want to share every piece of data at the time they publish the data. He rightly praised this granularity but I am still grumbly that Facebook killed the setting that kept my comments and likes off my profile page. Now, if I don't want those items to show, I have to manually delete each one. So I do have control over my publications as Tim touted, but the additional transaction costs cause me to comment on and like other posts less frequently than I used to. This seems like more of a bug than a feature in my book.
In contrast to Facebook, Nicole Wong hammered the point that Google embraces data portability and builds it into the design of many of its services. As she said (I'm paraphrasing her), because users can leave with a click, we have to better with every product every day, and it makes us build better products. That's the spirit! Facebook, are you listening?
Posted by Eric at 04:04 PM | Internet History , Privacy/Security | TrackBack
January 27, 2010
Utah May Repeal Its Spyware Control Act--SB 26
By Eric Goldman
It's that time of year again. The Utah legislature is back in session and cooking up new schemes to regulate the Internet. So far I only see one Internet-specific bill in queue, SB 26. Surprisingly, it does not directly attempt to regulate keyword advertising.
SB 26 is sponsored by Sen. Stephen H. Urquhart, who rocketed to national cyberlaw fame (infamy?) in 2004 when he sponsored Utah's Spyware Control Act. It was such a misguided law that it motivated me (in part) to write a 71 page magnum opus explaining its policy deficiencies. It was also hampered by its fairly obvious unconstitutionality, which was confirmed by a Utah court a few months after passage. (Note: I helped write an amicus brief in that court challenge, so you might interpret my assessment as an advocacy statement). Following the judicial thumping, then-Rep. Urquhart shepherded an amendment to the Spyware Control Act in 2005 that effectively neutered the law. Since then, I believe the law has sat largely dormant. The only court citation I know of was in the 2008 Overstock v. SmartBargains case, easily rejecting Overstock's mystifying attempt to make a claim under the superseded 2004 version of the law.
Among other items I'll discuss in a moment, SB 26 proposes to repeal the Spyware Control Act entirely. If passed, that would be a remarkable development because most legislators let their failed laws sit on the books unused. It takes some work to repeal a law, plus it can be a little embarrassing to repeal a law--especially after hyping up the law to get it passed initially (Urquhart had a lot of tough talk about spyware/adware in 2004-05, see, e.g., here). Kudos to Sen. Urquhart for having the fortitude to admit and fix his errors publicly.
While repealing the law would be a remarkable step on its own, it's even more remarkable in the context of the Utah legislature's track record of Internet regulation. By my count, repealing the Spyware Control Act would be at least the THIRD Utah Internet law that its legislature repealed in the past few years--the other two being Utah's 1995 digital signature act and its infamous Trademark Protection Act. For a legislature that meets only a couple of months a year, a trifecta of repealed Internet laws in the past couple of years is a stunning waste of scarce legislative resources. Wow.
As bad as that is, the three repealed laws don't even tell the full story of the Utah legislature's incompetence when it comes to Internet regulation. Recall Utah's failed attempt to line its coffers by taxing email (which turned into a big money-loser), and don't forget its repeated attempts to regulate Internet content that have spawned years of costly litigation (see, e.g., Free Speech Coalition v. Shurtleff). From my perspective, anyone looking objectively at the Utah legislature's track record of regulating the Internet would logically conclude that they should cut their losses and focus on other legislative priorities.
Unfortunately, SB 26 indicates that either hope springs eternal in the Utah legislature or they are doomed to forget the lessons of history. Despite doing some good by putting down the Spyware Control Act, the bill amazingly proposes more regulations of the Internet! To Sen. Urquhart's credit, the bill is largely clone-and-revise proposals from other places and not drafted from scratch, which may contribute less from a regulatory standpoint but at least they aren't quite as error prone. The proposed law has three main components:
1) anti-phishing/anti-pharming restrictions. I'm not sure where the original text came from. California has an anti-phishing law but I don't think this is a clone-and-revise of that law. Maybe it's cloned from another state's anti-phishing law. In any case, the anti-"phishing" proposal is noteworthy because the regulation doesn't restrict itself to email (presumably to avoid any risk of CAN-SPAM preemption). As a result, as currently drafted, it's an unlimited anti-pretexting law applicable to both online and offline conduct.
2) anti-spyware restrictions. After wiping out the Spyware Control Act, the new anti-spyware proposals are based on the California model of state anti-spyware laws, which have been followed by a couple dozen other states. The California model regulates various types of "intentionally deceptive" conduct regarding software activity. This is what Utah should have done in 2004-05 rather than trying to develop its own sui generis law. I generally don't have a problem with regulating intentionally deceptive software behavior, but it seems a little late to be enacting the laws now. Most of the regulations contemplate practices more common in 2003-06 and largely defunct now, so Utah is showing up late to a party that ended years ago.
3) a state version of the federal Anti-Cybersquatting Consumer Protection Act. I know some other states have enacted domain name protection laws (California comes to mind), but it's not clear what benefits these state laws have. As far as I know, California's law is almost never used. Tom O'Toole speculates that this bill will make it easier for Utah trademark owners to bring in rem lawsuits, but it's not clear to me how much this law will help given the rarity of ACPA in rem lawsuits (UDRPs are usually cheaper and faster for the same results) and already expansive jurisdictional principles under ACPA. Further, I wonder if this law is preempted either by the dormant commerce clause or via field preemption of the federal ACPA.
I should add that I’ve observed that Utah bills can change radically from draft to draft with little warning, even if the law is on the legislative floor for a final vote, so we'll have to see if this law transmogrifies through the process. And I am keeping a vigilant watch for any resurrected attempts to regulate keyword advertising.
Posted by Eric at 09:58 AM | Adware/Spyware , Domain Names , Internet History , Spam , Trademark | TrackBack
January 18, 2010
File Names Can Help Predict File Content in Child Porn Prosecution--US v. Beatty
By Eric Goldman
United States v. Beatty, 2009 WL 5220643 (W.D. Pa. Dec. 31, 2009)
This is a child porn prosecution. Using Phex P2P software, an undercover investigator accessed the Gnutella network and conducted searches using search terms known to be used by child pornographers. The investigator identified IP address 76.188.64.82 with 11 files with troubling titles such as:
* r@ygold-pedo-13yo brother fucks 11yo sister and sperm inside 61943812.mpg
* (Pthc) 14yo Isabel-(Rape and Fuck) (R@ygold).mpg
* Little young girl hardfucked by me-7 yrs R@ygold illegal pedo sex.mpg
* (Hussyfan) (pthc) (r@ygold ) (babyshivid) Jessica 11y o get fucktgood.mpg
The investigator then matched hash tag fingerprints of the 11 files with child porn files in a database maintained by the Wyoming Internet Crimes Against Children (ICAC) Task Force. Subsequently, the investigator connected Beatty to the IP address. Based on this information, the government got a search warrant for Beatty's home, found hundreds of incriminating files on his home computer, and got incriminating statements in an interview.
Beatty challenged the government's right to search his home computer. The judge and the litigants agree that the government can legally conduct remote warrantless searches of P2P share directories, but the government apparently argued that they were free by extension to look through Beatty's entire computer. The judge rejected such a broad position, saying:
even if the Defendant suffered no Fourth Amendment intrusion by virtue of Trooper Pearson's conduct in remotely accessing certain shared computer files, the Defendant nevertheless retained a reasonable expectation of privacy in his computer and his home such that he possesses "standing" to challenge the merits of the subject search
This shifts the inquiry to the officers' probable cause for the warrant. Apparently, the investigator did not download the files to review them or attach the files as evidence when requesting the search warrant. I'm not sure why the investigator didn't do either step other than to avoid the toxicity of child porn generally. As a result, Beatty challenged the warrant because the warrant-approving magistrate did not see the files directly or get an affidavit from the investigator stating what he saw in the files. However, the magistrate did have the file names and the matching hash tags. Beatty challenged both.
The judge and the litigants agree that file names do not dispositively predict the actual file's content. As we know, file names can be inaccurate for a variety of reasons: plain error, semantic ambiguity, an effort to surreptitiously install malware, and as a way of increasing the content's perceived illicit value (see, e.g., the discussion in the uncited Perfect 10 v. ccBill case about websites with names like "illegal.net" and "stolencelebritypics.com"). The court correctly concludes that "common knowledge dictates that actual file content cannot be definitively determined from the file name alone."
Nevertheless, the court says that file names have some predictive value:
one can also envision circumstances where the file name is so explicit and detailed in its description as to permit at least a reasonable inference as to what the actual file is likely to show. Many, if not most, of the files at issue here had titles that contained highly graphic references to specific sexual acts-including ejaculation, sexual intercourse, oral sex, and anal sex-involving children ranging in age from 7 to 13 years. Several of the files also reference terms such as "child_sex," "pedofilia," "illegal pedo sex," "incest," or "Lolita." The unmistakable inference which arises from such highly descriptive file names, is that the content includes material pertaining to the sexual exploitation of children-i.e., evidence of criminal activity, if not outright contraband. Given the number of files in question and the pointed references in their titles to specific sexual acts involving young children-described in the most coarse and vulgar terms, this inference is a strong one.
I'm reminded of the admonishments that airport security is not a joking matter, so don't make jokes about having a bomb while going through the airport security line. (I've seen a few airports, including the New Orleans airport, post reminders about this). Similarly, child porn is so toxic that no one in their right mind would falsely use a file title suggesting the file is child porn.
The judge also credits the file titles because accurate file titles enable searches by others. So, if you want to distribute child porn in a searchable way (a seemingly illogical proposition because, as this case illustrates, doing so puts you on a fast track to Club Fed), then you need to use keywords that match search terms. The court says:
As a matter of common sense, the very fact that individuals utilize search terms with P2P software to produce results (i.e., file names ) consistent with their chosen search terms suggests a substantial degree of correlation between file names and file content; if file names were, as a general rule, completely random and bearing no relation whatsoever to their content, then there would be no point in conducting a search in the first place and the whole purpose of peer-to-peer file sharing would be frustrated because there would be no meaningful method for locating the sought-after file content.
I agree with this only superficially. It's true that searchable metadata must have some relationship to the underlying content to make a successful match, but community outsiders might think the metadata looks inaccurate or even completely random. Consider how Napster users used alternative spellings to route around the court-ordered blocks on various names. Now, go one step further: if a group of Napster users agree (in an offsite discussion forum) to tag Britney Spears' songs using "Lolita" (a not wholly inappropriate appellation given some of the videos she made before the age of majority), then a block on searches for "Britney Spears" will eliminate an obvious matchmaking route but will fail to stop matchmaking completely. Indeed, subcommunities can develop multiple synonyms that are opaque to outsiders. For more on this, look at the Urban Dictionary to see how slang can have multiple meanings, and note my article on how a single search term can have dozens of possible meanings. As a result, the search matchmaking process may be more complicated--and the value of "accurate" file descriptors is lower--than the court contemplates.
In any case, it wasn't clear how much traction Beatty expected from reducing the predictive value of file names. Ultimately, the search warrant was issued based on the combination of the file names with the fingerprint matches. It's not like the investigator or the judge had no idea what the files might contain--they had a hash value fingerprint matching a known child porn file. (Beatty unsuccessfully argued that the underlying fingerprinted files should not be credited as known child porn ) Then again, there is no reason why law enforcement isn't routinely preserving copies of suspect files they think are child porn and describing the file contents (or submitting the files) when seeking search warrants, easy steps that would have largely mooted Beatty's challenges.
Posted by Eric at 10:23 AM | Content Regulation , Internet History , Privacy/Security , Search Engines | TrackBack
January 11, 2010
Top Cyberlaw Developments of 2009 (Eric's List)
By Eric Goldman
Guest blogger John Ottaviani recently dropped by to offer his perspectives on 2009’s top Cyberlaw developments. While I like his list a lot, I independently developed my own top 10 list that has a different emphasis. You might enjoy the contrasts. My list:
#10: Louis Vuitton v. Akanoc. After the judge ordered a web host to stand trial, a jury awarded the trademark owner $32 million due to the web host’s contributions to trademark infringement by its customers. This case stands out for the big damages award and as a rare example where an online provider was held liable under a contributory trademark liability theory. Many trademark practitioners are scratching their heads trying to figure out the import of this case, however. Does this case represent a dangerous new frontier of online liability? Was this a bad jury verdict fueled by poor defense lawyering? Or was this an appropriate outcome because the web host actually engaged in bad behavior that distinguishes it from most “legitimate” web hosts? 2010 may help us understand if this case is part of a new trend or an aberration.
#9: Gordon v. Virtumundo. We’ve seen a lot of silly anti-spam litigation, including the emergence of an entirely new group of entrepreneurs called “spam litigation entrepreneurs” who try to make a living on anti-spam lawsuits. These folks have a true love-hate relationship with spam; they hate it so much that they devote their lives to fighting it, but they love getting spam because each one is a potential revenue source. In general, judges hate spam a lot too, so over the years we have seen a number of doctrinally unsupportable results where judges bent the law to make sure spammers lost.
However, the judicial pendulum has swung in the opposite direction, and in Gordon v. Virtumundo, the Ninth Circuit destroyed a serial anti-spam plaintiff’s entrepreneurial business in a doctrinally questionable but strongly worded opinion. In short order, a number of other spam litigation entrepreneurs have seen their lawsuits shut down with emphasis. Due to this ruling, the era of anti-spammers partying in courts may be on the wane.
#8: Zango v. Kaspersky. The question raised in this issue is simple to state but hard to answer: who should decide what constitutes spam, spyware or a virus? Vendors of software designed to curb these threats would like unfettered discretion to make their classifications; businesses who are classified as a threat would like judges to overturn adverse decisions. As it turns out, in a relatively obscure provision (47 USC 230(c)(2)), in 1996 Congress said that software vendors get to make classifications decisions and unhappy businesses can’t complain about them. In June, the Ninth Circuit upheld Kaspersky’s decision to classify Zango’s software as a threat and rejected Zango’s efforts to take the classification decision out of Kaspersky’s hands. This ruling gives enormous freedom to vendors of anti-spam/anti-spyware/anti-virus software to do their best to keep us safe.
#7: Columbia Pictures v. Fung. This case came out just before the Christmas holiday, so it got lost in the holiday hoopla a bit, but it’s a case of potentially significant import. First, it held that the specific torrent sites at issue induced copyright infringement. Second, the court denied the torrent sites’ eligibility for the DMCA online safe harbors. In part, the court said that an inducing website was categorically disqualified from the DMCA online safe harbors. Like the Akanoc case, it’s not entirely clear if this result was a legal aberration or an appropriate reaction to the defendants’ poor choices. Either way, it is possible that more “legitimate” websites may change their behavior to minimize their exposure based on the legal precedents in this case. If they do, this case could have a major impact on UGC websites.
#6: Lori Drew’s acquittal. Megan Maier’s suicide remains a heartbreaking tragedy, but unfortunately, overzealous prosecutors compounded the tragedy by prosecuting Lori Drew using bogus legal doctrines. The tragic facts got a jury to convict Drew of some misdemeanor crimes. Fortunately, the judge recognized the legal errors of the prosecution’s theory and the jury’s conclusions and granted Drew an acquittal despite the jury findings. The judge finally got to the right result as a matter of Cyberlaw, but the case remains a chilling testament to prosecutorial power.
#5: Harris v. Blockbuster. The rule is really clear. Service providers can't amend online user agreements in the provider’s sole discretion without notice. As the Ninth Circuit informed us in 2007, those contracts don’t fare well in court. So although these provisions are in just about every online user agreement, they don’t work--as Blockbuster found out the hard way.
As part of the litigation detritus from the Facebook Beacon experiment, users sued Blockbuster for sharing their rental transactions with Facebook and all of their friends, allegedly in violation of the Video Privacy Protection Act. Blockbuster tried to bust the class action by invoking the contract’s arbitration clause. Instead, because Blockbuster had the impermissible amendment provision in its user agreement, the court said the contract was illusory and refused to send the case to arbitration.
This case should signal the end of the ridiculous amendment clauses. We’ll see how long it takes the lawyers to give the provisions up.
#4: Battles Over the First Sale Doctrine. We have seen numerous legal battles this year over the First Sale defenses in both copyright and trademark law.
Copyright owners try to engage in price discrimination by carving up the world into geographic territories with different prices for the same product. If they can use copyright law to keep the cheap products from entering the other geographic market, this keeps the product from effectively price-competing with itself.
This year, two cases involved European textbooks which were functionally equivalent to the textbooks being sold in the United States at higher prices. Entrepreneurs were buying the cheap European texts, shipping them to the US and then selling them online. The entrepreneurs invoked the First Sale doctrine, which says that copyright law can’t prohibit the legitimate purchaser of a tangible copyrighted item from reselling the item to whomever they want at whatever price they want.
However, copyright law has another provision that allows copyright owners to block the importation of copyrighted works into the United States. In the 1998 Quality King case, the US Supreme Court said that the First Sale doctrine trumped the importation right when the goods were manufactured in the US, sold overseas, and then imported back to the US. However, in Pearson v. Liu and John Wiley & Sons v. Kirtsaeng, the judges said that the importation right trumps the First Sale doctrine when the goods were initially manufactured overseas. This issue is ripe for further adjudication, though. A similar importation case, Costco v. Omega, is pending before the US Supreme Court, which is deciding whether or not it wants to hear the case. If it does, we may get clearer instructions about the interplay between the First Sale doctrine and the copyright importation right.
Copyright’s First Sale doctrine was also at issue in Vernor v. Autodesk, where the purchaser of a software disk wanted to resell the disk on eBay despite restrictions in the software licensing agreement barring such resales. The court held that the First Sale doctrine applied and allowed the resale. There are other cases percolating through the court system involving the resale of tangible media contained copyrighted material despite contractual restrictions on resale, so this issue remains a hot one.
Trademark owners also try to prevent competition with their products that leak out of their official channels of distribution. eBay has been the site of a couple battles over the First Sale doctrine in trademark law. In Mary Kay v. Weber, the court held that the trademark First Sale doctrine may not permit the eBay resale of expired cosmetics by a Mary Kay independent beauty consultant. In Beltronics v. Midwest, a trademark owner shut down the eBay resale of radar detectors that had leaked out of the manufacturer’s channel and were being sold (at a cheaper price) without the manufacturer’s warranty.
Clearly, the First Sale doctrine matters a lot to eBay and other consumer-to-consumer e-commerce websites. With a possible pending Supreme Court case and lots of IP owners looking to stifle competition from goods they have already profited from, expect the First Sale doctrines to get lots of attention in 2010.
#3: 47 USC 230. In my opinion, 47 USC 230 is the most important Cyberlaw statute, so new 230 developments will make my top 10 list for the foreseeable future. This year, there were three federal appellate court rulings interpreting 47 USC 230(c)(1):
* in Barnes v. Yahoo, the Ninth Circuit held that 230 protected a website’s negligent delay in removing user content. However, if the website had promised removal to the user, the user could have a viable claim for promissory estoppel that would not be preempted by 230.
* in FTC v. Accusearch, the Tenth Circuit held that a website’s resale of pretexted phone records—even if those records were supplied by third party suppliers—did not qualify for 47 USC 230 protection because of their illegality.
* in Nemet Chevrolet v. ConsumerAffairs.com, the Fourth Circuit held that a consumer review website was not liable for user-supplied reviews, even when the website worked with the user to submit the review, and despite the plaintiff’s unsubstantiated claims that the website had fabricated the reviews itself.
Really, the big 47 USC 230 news in 2009 is the absence of big news. Specifically, 2009 reinforced that the Ninth Circuit’s 2008 Roommates.com decision—one of the most significant defense losses under 47 USC 230—did not rip open a major hole in the statutory protection of websites. Of the 13 cases that I have seen that have cited the Roommates.com en banc opinion, eleven have cited the case in favor of the defense. (See the list here). The two exceptions are the Accusearch case, mentioned above, and the New England Patriots’ lawsuit against StubHub over season ticket resales, an odd opinion that may not have much influence. Therefore, despite our fears about Roommates.com, the 47 USC 230 immunity remained healthy and vibrant in 2009. For more on this topic, see my special recap of 47 USC 230's year-in-review for 2009.
#2: Keyword Advertising Battles. Keyword advertising battles are another perennial topic on these year-in-review lists. A multi-billion dollar a year industry has sprung up around the sale of keyword-triggered advertising, including some keywords that may be third party trademarks, and trademark owners don’t like it at all. This has led to a multi-front battle between trademark owners, keyword advertising sellers (such as Google), and keyword advertising buyers.
One of the biggest Cyberlaw cases of the year was the Second Circuit’s ruling in Rescuecom v. Google. In the district court in 2006, Google won an easy victory against a trademark owner because the court said that Google did not make the requisite “use in commerce” of the trademark. The Second Circuit reversed the district court, sending the case back for further proceedings. The reversal does not ensure Google’s defeat; Google will now litigate other legal doctrines and might very well win on one of those. However, the Second Circuit’s opinion largely spells the end of any “use in commerce” defense by either keyword advertising sellers or buyers.
Because of the “use in commerce” defense’s demise, keyword advertising cases will now likely turn on whether the advertisements create a likelihood of consumer confusion. One case, Hearts on Fire v. Blue Nile, offered up a new and complicated test for gauging consumer confusion. If other courts adopt this test, keyword advertising cases will get even more expensive and complicated—highlighting how important it was that the Rescuecom case eliminated an easy way to end these lawsuits early.
Meanwhile, despite the fact that keyword advertising battles have been taking place for at least a decade, we have not heard what a jury thinks about the practice—until the November jury ruling in Fair Isaac v. Experian. In that case, the jury found for the defense that the keyword-triggered ads did not create the requisite likelihood of consumer confusion. It remains to be seen if other juries reach the same conclusion. If they do, keyword advertising lawsuits should slowly fade away over time because the trademark owners can’t win in the end.
As for now, keyword litigation is going strong and hardly fading away. In Spring, Google made two changes to its trademark policies where it voluntarily agrees to take down certain types of ads at the trademark owner’s request. In May, Google extended its more liberal US-based policy to nearly 200 other countries, replacing the more restrictive policies it had in place there. Shortly thereafter, Google modified its US policy to do less for trademark owners in situations involving product resales, review websites and sales of complementary/replacement parts. Trademark owners were none too pleased with these changes. In response to these changes and the door opened by the Second Circuit Rescuecom decision, Google got hit with about a dozen new lawsuits, including some class action lawsuits, of which I believe 10 are currently still active.
Finally, all of the wrangling in court and over voluntary trademark policies could be mooted by legislative action, and for the third time, the Utah state legislature considered resolving the keyword advertising issue itself. A law regulating keyword advertising passed the Utah house but died in the Utah senate. Expect the pro-regulatory forces to round up the troops for a fourth try in 2010.
#1: FTC Endorsement Guidelines for Bloggers. The Obama administration has breathed new life into a pro-regulatory FTC, and the FTC sure is interested in all things Internet. The FTC has been nosing around Internet privacy and Internet marketing practices pretty carefully, and I expect 2010 to bring more FTC pronouncements designed to tackle the Internet.
But nothing stirred up a hornet’s nest of confusion and anger in 2009 like the FTC’s Endorsement and Testimonials Guidelines. I think it’s fair to say that the FTC’s guidelines rollout was a complete failure. As usual, the FTC’s guidelines were mealy-mouthed and filled with conditional statements (the FTC hates to lay out bright line rules that might constrain their future discretion). However, the FTC’s general gist was clear: bloggers should disclose when they receive financial or other consideration for their blog posts.
Unfortunately, this general principle leaves open some fairly fundamental questions, like when is disclosure required in situations less clear than straight cash-for-posting, and where should disclosure be made, especially in space-constrained media like Twitter. Needless to say, unhappy bloggers can be very noisy, so blogger response to the FTC’s announcement was loud and vituperative. The FTC tried to backpedal a little by saying that it did not intend to pursue individual bloggers, but this announcement only reinforced that bloggers do not understand what the FTC wants from them.
Meanwhile, the FTC’s proposed guidelines also took an interesting position about an advertiser’s liability for rogue blogger’s posts. This position is generally consistent with government enforcement agencies’ views that commercial players can be legally responsible for content they endorse or link to (see, e.g., my comments on the SEC’s liability-for-linking policy), but this position runs directly contrary to 47 USC 230’s provisions that say A isn’t liable for B’s online content. As a result, I believe that part of the FTC’s proposed guidelines violate 47 USC 230 and would not survive a court challenge.
Overall, the firestorm over the FTC’s Endorsement and Testimonials guidelines is a small part of a larger effort to regulatorily separate advertising from content. The Internet has collapsed those distinctions, perhaps irreparably, so regulators may be trying to accomplish the impossible. Nevertheless, the FTC seems determined to prop up the distinction, and I expect 2010 will bring more FTC efforts on this front.
* * * * *
While that concludes my top 10 list, there were a number of other interesting developments in 2009 that are worth a brief note:
* Moreno v. Hanford Sentinel. A woman trashed her hometown in an obscure but public MySpace posting and learned there is no “do-over” for Internet content publication. My vote for the most factually interesting Cyberlaw case of 2009.
* Google’s keyword metatag announcement. Courts generally treat the inclusion of third party trademarks in keyword metatags as per se trademark infringement. But Google has confirmed that it ignores keyword metatags. Will courts get the message?
* Google Book Search settlement. If the Google Book Search settlement ever gets approved, it may reshape the book industry, redefine libraries, and make all kinds of other socially significant changes. But the list of opponents to the settlement is long and growing. Professor James Grimmelmann of New York Law School is our community’s maven for all things “GBS.”
* Kindle book deletion. The Kindle store sold e-books it didn’t have the right to sell, so it took them back. Users learned of a key factual difference between physical books and e-books—the vendor can remotely make e-books go poof.
* States’ efforts to impose sales tax efforts based on marketing affiliates. For years, states have been looking for ways to make online retailers collect sales tax for them. They are generally stopped by Supreme Court precedent, but in 2008 New York finally figured out a workaround. The New York statute said that marketing affiliates were like traveling salespeople and thus created the physical nexus required for a state to impose sales tax collection obligations. The New York statute survived its first legal challenge, which opened the floodgates of other states passing similar laws hoping to get their piece of the action. Meanwhile, online retailers aren’t just rolling over; instead, they are threatening to cut off (or actually cutting off) marketing affiliates in states that enact these laws—thus potentially costing the states income tax from the marketing affiliates’ revenue, and creating the potential for the entire affiliate industry to be torn apart.
* Maine kids privacy law. Maine thought it could pass a law banning marketing to kids. It was wrong. The state had to withdraw the law and go back to the drawing board.
* UMG v. Veoh. Veoh won another nice DMCA online safe harbor victory.
* US v. Kilbride. The Ninth Circuit says that online obscenity prosecutions need to evaluate national attitudes towards obscene content, not local community standards.
* Kentucky domain name seizure. Kentucky tried to grab 141 domain names that enabled Kentucky residents to engage in illegal gambling. But those domain names also serviced customers for whom the gambling was completely legal, so the Kentucky courts are rethinking the grab.
* FTC v. Sears. As another example of the new pro-regulatory winds blowing through the FTC, the FTC cracked down on Sears for installing spyware on users’ computers that looked at the users’ hard drives, even though Sears paid the users for the installation and disclosed the spyware’s snooping in the user agreement (though in an inconspicuous manner). This case has made a lot of lawyers concerned that adverse disclosures in user agreements won’t satisfy the FTC.
* Facebook the Drama Queen. Ah, Facebook. Love it. Hate it. Facebook is a pretty nifty site and part of my daily routine, but boy, they sure do have a knack for stirring up trouble.
- In February, they made a relatively modest change to their user agreement that caused people to freak out.
- In response to this, Facebook took the provocative step towards user self-governance. Facebook let users vote on some choices and promised to be bound by the results, but with an asterisk: Facebook decided what options users could vote on, and Facebook would honor those choices only if a prohibitively large number of users exercised their franchise. Still, it was a nice gesture towards cyberspace community self-governance.
- In summer, they tried to settle their Beacon litigation, but that also reminded folks of how much Beacon irritated them in the first place.
- Summer also brought allegations of click fraud on Facebook, and lawsuits followed.
- Finally, in Thanksgiving, Facebook rolled out some changes to its privacy options that it pitched as giving users more choices, but it also took away some choices and defaulted users into some options that surprised them.
Given this track record, is it unrealistic to expect more Facebook drama in 2010?
* Estavillo v. Sony. Speaking of self-governance, virtual world enthusiasts would love to establish the legal proposition that virtual worlds are legally equivalent to governments and therefore obligated to restrain their actions just like governments are. One virtual world enthusiast sued Sony for kicking him off the network, claiming that Sony was legally governed as a “company town” and therefore lacked the discretion to kick him off. WRONG (and it wasn’t even close).
* Wikipedia's policy change. In August, the English-language Wikipedia announced that it was going to tighten up its editorial policies, and people Freaked Out. (In fact, I have predicted that Wikipedia cannot avoid increased editorial restrictions over time, so this change should not have been surprising). However, it turns out that everyone got it wrong, and Wikipedia’s editorial changes are far less dramatic (and consequential) than initially reported. I will post a separate recap on Wikipedia shortly.
If you would like a stroll down memory lane, you can see my previous top 10 lists from 2008, 2007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 2005, 2004 and 2003.
Posted by Eric at 10:46 AM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark , Virtual Worlds | TrackBack
December 21, 2009
Website Initially Denied 230 Dismissal But Gets It on Appeal--Shiamili v. Real Estate Group
By Eric Goldman
Shiamili v. Real Estate Group of New York, Inc., 2009 WL 4842470 (N.Y. App. Div. Dec. 17, 2009)
Unfortunately, I am only working from a short and opaque appellate memo. It appears that the defendant operated a website that "administered and chose" to publish user comments. A third party posted an allegedly defamatory comment about the plaintiff, an NYC real estate broker, to the website. On this basis, we know that the website isn't liable for the post per 47 USC 230. I don't think I could do a comprehensive census of message board/user comment cases, but similar defense wins in the past 5 years include Finkel v. Facebook, Cornelius v. DeLuca, Joyner v. Lazzareschi, Raggi v. Las Vegas Police, Higher Balance v. Quantum, Best Western v. Furber, Gregerson v. Vilana, Universal Communications System v. Lycos, Eckert v. Microsoft, DiMeo v. Max, Hammer v. Amazon and Faegre & Benson v. Purdy (wow, this list is a blast from the past!). I'm not including the pure web hosting cases or any of the Ripoff Report cases, yet I'm sure there are other cases I'm forgetting. Indeed, given the airtight nature of the precedent, I personally think plaintiffs should be sanctioned for bringing such meritless cases.
Instead, the lower court initially denied the defendant's motion to dismiss in January 2009. Because this case is in state court, I don't have easy access to the state court opinion to see how the judge got it wrong. Fortunately, in a brief and unanimous opinion, the appellate court corrected this rogue trial court judge and dismissed the case per 230. Because the appellate opinion is so brief, I'm going to quote the court's substantive application of 230 to this case in its entirety:
Plaintiff's claim is barred by the CDA. The complaint makes no allegation that defendants authored any defamatory statements. It merely alleges that defendants “choose and administer content” that appears on the Web site. This is precisely the kind of function that the CDA immunizes ( see e.g. Fair Hous. Council, 521 F3d at 1173-1174; Batzel, 333 F3d at 1031). Even accepting as true all of plaintiff's allegations and giving it the benefit of all favorable inferences ( see Leon v. Martinez, 84 N.Y.2d 83, 87-88 [1994] ), the complaint does not raise an inference that defendants were “information content providers” within the meaning of the CDA. Plaintiff argues that defendants engaged in a calculated effort to encourage, keep and promote “bad” content on the Web site. However, message board postings do not cease to be data “provided by another information content provider” merely because “the construct and operation” of the Web site might have some influence on the content of the postings ( see Universal, 478 F3d at 422; see also Chicago Lawyers' Comm., 519 F3d at 671-672; Carafano v. Metrosplash.com, 339 F3d 1119, 1124-1125 [9th Cir2003] ).
Where, as here, there is no allegation that defendants authored the defamatory statements, it is not appropriate to permit discovery to determine if a cause of action exists ( see Walsh v. Liberty Mut. Ins. Co., 289 A.D.2d 842, 844 [2001]; see also Universal, 478 F3d at 425-42; cf. Fair Hous. Council, 521 F3d at 1174).
Two observations:
1) I believe there are some folks who believe that a website becomes liable for any user content it "encourages." This is one possible reading of Roommates.com, and it underlies the government enforcement agencies' (e.g., SEC and FTC) content endorsement theories. However, I don't see precedent supporting that proposition at all. This case, like so many others, doesn't care if the website encourages the allegedly tortious content. Instead, the only relevant inquiry is whether the content originated from a third party. If so, 230 applies without any need for further inquiry.
2) This is yet another case where the court cited Roommates.com in favor of the defense. The updated census of Roommates.com citations:
Roommates.com Cited for Defense (10 cases): GW Equity v. Xcentric, Best Western v. Furber, Goddard v. Google (and second ruling) Joyner v. Lazzareschi, Atlantic Records v. Project Playlist, Barnes v. Yahoo (note: although the case was a partial loss for the defendant, the Roommates.com discussion came in the defense-favorable part), Doe IX v. MySpace, Doe II v. MySpace, Dart v. Craigslist and now Shiamili v. Real Estate Group
Roommates.com Cited for Plaintiff (2 cases): NPS v. StubHub, FTC v. Accusearch
The 10th Circuit beachhead for Roommates.com is troubling, but overall I think it's entirely clear that Roommates.com has not changed 230 jurisprudence in any meaningful way--except that it may be giving plaintiffs false hope of success and causing them to overinvest in their cases.
UPDATE: The trial court opinion, which quotes some of the allegedly defamatory posts.
UPDATE 2: The complaint. This has a full list of the alleged defamatory postings. It also indicates that the venue in question was a website/blog called "shittyhabitats.com," apparently now defunct. The archive.org page from Feb. 2, 2007 and Feb. 5, 2008.
Posted by Eric at 09:18 AM | Derivative Liability , Internet History | TrackBack
December 14, 2009
Another Cautionary Tale of Joint Website Ownership--TEG v. Phelps [UPDATED]
By Eric Goldman
Third Education Group, Inc. v. Phelps, 675 F. Supp. 2d 916 (E.D. Wis. Nov. 25, 2009). Motion to amend denied January 19, 2010.
[UPDATE: In the initial version of this post, Richard Phelps’ story was part of a broader narrative about the potential problems of website co-ownership. However, his behavior in response to my post warrants its own discussion. Seeking to redress his perceived problems with my initial post, he has done all of the following:
* he emailed me multiple times
* he emailed my boss (the Dean) multiple times
* he emailed my colleagues multiple times
* he emailed an unrelated blogger at least two times
* he had his attorney call me to request changes to my post
* most recently, he has promised/threatened that he “will be filing a complaint about your behavior with California authorities and, for that matter, any others that might be available.”
All of this in response to a relatively obscure blog post that currently sees de minimis traffic. The stress of being uncertain about Phelps’ next moves to pressure me has literally kept me up at nights. As a result, I have decided to make changes to this post to respond to a detailed email that Phelps sent me on May 16. Normally I would post or extensively quote his May 16 email so you could read his words verbatim and form your own conclusions, but he asked me not to post it; nor can I characterize his views of the post’s deficiencies in my own words for fear of introducing new ambiguity that might generate further grist. Nevertheless, my hope is that the modifications below resolve Phelps’ concerns so that he will leave me alone. To facilitate that result, I sent him the following email:
“I am sorry for any aggravation my blog post has caused you. I have modified my blog post to acknowledge every point you raised in your May 16, 2010 email. Having done so, please do not contact me directly in the future by email, phone, letter, in person or otherwise. If, for some reason, you believe there is still something we need to discuss, please have your attorney or other representative contact me; I am willing to speak with him or her. Although my colleagues have not mentioned your emails to me (other than the Dean, who believes this is an academic freedom issue), I am sure they would be grateful if you did not contact them either.”
Most of Phelps’ concerns were based on my recap of the court’s opinion. I encourage you to read the opinion yourself so that you can decide if I mischaracterized the opinion or if Phelps seeks to relitigate factual points that the judge decided against him.]
Corporate divorces are ugly. They may lack the high-stakes drama associated with child custody disputes, but in all other respects they can be just as emotional and messy as spousal divorces. Fortunately, parties to a corporate marriage can avoid some heartache by forming proper "prenuptial agreements." Unfortunately, the courts are filled with examples of cases where this wasn't done (or wasn't done properly).
A year ago, I blogged on one such case, Mikhlyn v. Bove, a fine example of a web empire literally and perhaps irreparably split in two by a falling out of the principals. Today's case, Third Education Group v. Phelps, offers up another cautionary tale of corporate divorce along those lines. If you are jointly running a website or blog and you haven't properly documented your relationship with your compatriots, this post is for you.
In 2002, Phelps and Thompson decided to start an online publication focused on education policy called "Third Education Group." They effectively formed a "voluntary association" (I believe the Wisconsin equivalent of an implied partnership) to implement the journal. [UPDATE: Phelps disputes the italicized language. I was partially referring to the court’s factual finding: “In early 2002, after recognizing that they shared mutual interests and were concerned that current educational policy publications were generally devoted to the ideology of one of the two major political parties, Phelps and Thompson began discussing creating an online educational policy journal that would offer a different, middle perspective. Efforts were made, largely by Phelps, to first see if their idea for a journal could be affiliated with an existing entity, or to obtain sponsors or funding for their project.”]
In 2004, on behalf of the voluntary association, Phelps registered two domain names and applied for a trademark registration, both listing only himself as the owner. [UPDATE: Phelps disputes the italicized language. Regarding the domain names, I was partially referring to the court’s opinion: “The undisputed evidence demonstrates that the domain names thirdeducationgroup.org and thirdeducationgroup.net were registered for TEG and were not simply Phelps' personal website….Although registered in Phelps' name, at the time he registered these domain names, the evidence clearly established that he was doing so on behalf of TEG.” The court’s discussion about the trademark registration is a little more complicated but was implicit in the court’s finding that the corporation automatically obtained all of the assets (including the trademark registration) generated by the voluntary association. The court says: “The evidence demonstrates that Phelps and Thompson intended TEG, Inc. to succeed the unincorporated association; there is absolutely no evidence to permit the court to conclude that Phelps and Thompson intended the unincorporated association to coexist alongside the corporation and to retain control of the trademark or any other property. The evidence demonstrates that in every way, the parties intended TEG, Inc. to be the successor to the unincorporated association.”]
In 2005, Phelps and Thompson formed a 501(c)(3) non-profit corporation to succeed the voluntary association. Phelps was president and a director of the corporation. Phelps and Thompson did not sign any type of assignment agreement to move the voluntary association's assets into the corporation. [UPDATE: Phelps disputes the italicized language, pointing to an IRS Form 1023 that the relevant players signed. I was partially referring to the opinion’s language that: “the property of the association passed to the corporation, and the absence of an assignment does not affect TEG, Inc.'s right to the trademark.”]
In 2006, after an editorial dispute, the parties' relationship turned sour. In response, Phelps locked off the corporation's websites from further changes, and the corporation stripped him of his officer and director status. [UPDATE: Phelps disputes the italicized language. I was partially referring to the court’s language that: “The evidence demonstrates that by at least March 12, 2006, two days before the resolution and thus a time when it is undisputed that Phelps was both a director and president of TEG, Inc., he blocked Thompson (and anyone else associated with the corporation) from making changes to the corporation's website.”]
Phelps pointed the domain names to his new venture, also called "Third Educational Group, Inc." Meanwhile, locked out of its websites, the corporation registered new domain names, copied its old articles from the old website and then reposted them on its new website. [UPDATE: Phelps disputes the italicized language. I was partially referring to the court’s findings of fact: “After being locked out of its own websites, the Wisconsin corporation copied much of its website content from the sites now controlled by Phelps, and reposted it under the domain name tegr.org.”] Phelps then sent 512(c)(3) takedown notices to the new website host, which successfully put the new website offline. Cross-lawsuits ensued.
[UPDATE: In my prior post, I included a reference and link to a litigation recap from Thompson’s perspective. When Phelps’ attorney contacted me, his only request was that I remove the link. The attorney did not mention any concerns about other factual characterizations. If you would like to see Thompson’s perspectives about the litigation, you can find them through a search. Meanwhile, with the hopes that the link was, in fact, Phelps’ main irritant, and given its relatively inconsequential contribution to the post’s narrative, I have removed it.]
For aficionados of disputes over jointly developed online properties, you may recognize some common elements:
* the person who controls the domain name registrations has de facto control over the empire. [UPDATE: Phelps disputes the italicized inference for reasons I did not understand.] Yet another reminder to keep domain name registration contacts up to date.
* when a business relationship turns sour, it's not unusual for one aggrieved participant to fight the other participant in every Internet venue where the other tries to resurrect the joint effort.
* it is almost impossible to imagine that the venture produces enough cash to economically justify the type of death spiral litigation it spawned. Instead, the litigation is usually about settling personal scores--typically the most expensive litigation around.
* courts often issue a "split the baby" ruling in these cases, rarely giving one side a clean victory over the other.
This case has a classic split-the-baby result. The court concludes:
* the corporation succeeded to the legal rights in the trademark "Third Education Group." Phelps had argued that the trademark rights remained with the voluntary association, which would have given Phelps joint rights to the trademark.
* Phelps violated his fiduciary duties as an officer and director when he locked everyone else out of the company's website. [UPDATE: Phelps disputes the italicized language. I was partially referring to the opinion’s language that: “it is the conclusion of this court that Phelps breached a fiduciary duty owed to TEG, Inc. by asserting and retaining personal control over the corporation's domain names.”]
* Phelps' 512(c)(3) takedown notices did not give rise to a 512(f) claim for misrepresented takedown notices because, for several reasons, Phelps had a subjective good faith belief in their legitimacy.
* although Phelps infringed the corporation's trademark rights in "Third Education Group" and violated his fiduciary duties, the corporation could not show any damages from Phelps' behavior and therefore did not get any damage awards. The court specifically rejected any claim under the Lanham Act's fee-shifting clause for exceptional cases.
* the court also rejected the corporation's emotionally punitive injunction requests and will take a closer look at the appropriate scope of injunctive relief.
So who won this ruling? Nominally, Third Education Group did because it won on the trademark and fiduciary duty claims, but it's not that satisfying of a victory without any damages or a punitive injunction. As usual, then, the only possible winner in messy litigation is the lawyers, and even then only if they get paid.
For another recent example of a well-meaning but under-documented collaboration that devolved into bitter litigation, see LunaTrex v. Cafasso, 2009 WL 4506321 (S.D. Ind. Dec. 1, 2009), involving a team that came together chasing the $20M Google Lunar X prize but didn't dot the is and cross the ts well enough to avoid a messy battle. As the court says:
After a lengthy discussion of numerous ideas that evolved, the group eventually chose the name LunaTrex. (As will be seen, with the benefit of hindsight it is clear that the group also should have spent some more time talking about organization, structure, ownership, and other legal formalities.)
I've written more about messy online divorces in my 2006 Co-Blogging Law article. I think the Third Education Group court did a good job being sensitive to the unintended consequences of a voluntary relationship going south. For example, the court says
Phelps had much more than a mere good faith belief that he was entitled to use the mark. This was not a case of an individual, for example, mistakenly believing he had a license. Rather, in the present case, the objective evidence was on Phelps' side. He was the one who undisputedly came up with the mark. He was the one who paid to register the mark. He was the one in whose name the mark was registered. And he was the one primarily responsible for establishing the use of the mark. He did this, not as one person in a large organization, but rather as an individual who had joined with another collaborator and in doing so, likely without an understanding of the legal ramifications, formed an unincorporated association. (emphasis added)
This is consistent with the hope I expressed in my Co-Blogging article:
the common law typically can handle the idiosyncrasies of blogging in a sensible and contextually sensitive manner. In that respect, judges evaluating blogs should recognize that unexpected or counterintuitive rulings could significantly destabilize the blogging community. Fortunately, many of the legal doctrines discussed in this essay, including partnership and employment law, are naturally flexible. Judges should use that flexibility to balance the many considerations around blogging
[UPDATE: In Third Education Group, Inc. v. Phelps, 2009 WL 5216988 (E.D. Wis.
December 30, 2009), the court had more to say about this litigation. I quote a portion of the court’s opinion (rather than provide a summary that might prompt a further response from Phelps):
“Phelps should not derive any benefit from the use of the thirdeducationgroup domain names. To do so would run afoul of this court's order. Phelps acknowledges as much and agrees to be enjoined from use, but contends that he should be permitted to retain possession of the domain names, leaving them inactive. Phelps contends that he should be permitted to retain possession because he was the one who undertook and financed the initial registration; he paid for the registration and it is his name alone on the registration. Cynically, but based on the history between the parties, one might suspect that Phelps is motivated less by notions of principle and maybe seeks to retain the domain efforts as one last ditch effort to frustrate TEG, Inc.
On the other hand, perhaps there is a good reason why the relevant domain names should be left blank. When Phelps split with TEG, Inc., TEG, Inc. went on to establish itself at tegr.org while Phelps continued to operate the thirdeducationgroup websites (at least until the court determined that the trademark did not belong to him, at which point the websites appear to have gone blank). If TEG, Inc. were to suddenly reappear on the thirdeducationgroup websites, individuals who may have previously understood that these websites were under the control of Phelps might be confused and believe that it is Phelps behind the sites rather than TEG, Inc. A primary purpose of federal trademark law is to prevent consumer confusion and ordering Phelps to surrender the domain names to TEG, Inc. might only exacerbate these problems. But this is only speculation by the court.
Principles of equity warrant that TEG, Inc. control the domain names. Thereafter, it will be the decision of TEG, Inc. as to what action to take, if any, in regard to these names. It is the conclusion of the court that the thirdeducationgroup domain names are the lawful property of TEG, Inc. As the court previously noted,
The undisputed evidence demonstrates that the domain names thirdeducationgroup.org and thirdeducationgroup.net were registered for TEG and were not simply Phelps' personal website. Although registered in Phelps' name, at the time he registered these domain names, the evidence clearly established that he was doing so on behalf of TEG. As such, the domain names belonged to TEG.
(Docket No. 138 at 13 (citations omitted).)
In failing to provide access to these websites to TEG, Inc., Phelps breached the fiduciary duty he owed to TEG, Inc. Returning these domain names to the control of TEG, Inc. is required to remedy Phelps' breach of fiduciary duty. Accordingly, the court shall order Phelps to take all necessary actions to transfer or assign any interest in and control over the thirdeducationgroup domain names to TEG, Inc.
IT IS HEREBY ORDERED that for the reasons stated herein and stated in the court's prior decision, (Docket No. 138), the court enters a permanent injunction, which is affixed hereto, containing the following provisions:
1. Richard Phelps is permanently enjoined and restrained from using “Third Education Group” or any confusingly similar term as a name or mark for any goods, services, internet domain names, websites, or organization or other entity regarding education research, policy, or theory.
2. Richard Phelps is permanently enjoined and restrained from diluting the distinctive quality of the name and mark “Third Education Group.”
3. Richard Phelps is permanently enjoined and restrained from representing that he retains or has had any affiliation with Third Education Group, Inc. during the period of this injunction.
4. Richard Phelps shall take all necessary steps to transfer all rights and interest he has in any domain name containing the terms Third Education Group acquired prior to March 14, 2006 to Third Education Group, Inc.
5. In accordance with 15 U.S.C. § 1119, the Director of the Patent and Trademark Office shall rectify the register with respect to the registration of any party to this action so as to identify Third Education Group, Inc. as the Owner / Registrant of the mark “Third Education Group.””]
Posted by Eric at 07:33 AM | Copyright , Domain Names , Internet History , Trademark | TrackBack
December 11, 2009
Denver University “Cyber Civil Rights” Symposium Recap
By Eric Goldman
The week before Thanksgiving, I attended an unusual symposium sponsored by the University of Denver Law Review entitled “Cyber Civil Rights: New Challenges for Civil Rights and Civil Liberties in our Networked Age.” The symposium covered standard Cyberlaw topics, but the raison d'être was University of Maryland law professor Danielle Citron’s two recent articles on online harassment of women: "Law's Expressive Value in Combating Cyber Gender Harassment" (Michigan Law Review) and "Cyber Civil Rights" (Boston University Law Review). It is unusual for a law school to celebrate another school’s professor and her research, especially when the professor is fairly junior. Nevertheless, Danielle’s participation brought together academics from both the Cyberlaw and civil rights communities, which provided a rare and interesting mix of folks..
First Panel
Danielle Citron started off by recapping her two papers. Online participation, such as blogging, is essential to professional standing, and employers are reviewing online profiles of prospective employees as part of their hiring considerations. However, women are being targeted for abuse online. These attacks are harming women by changing their online and offline activities, reducing their job opportunities, and causing women to change their gender representations online. Further, folks are trivializing these problems. Women are underreporting the attacks, and law enforcement only intervenes when there are offline harms. New laws can serve an expressive function to communicate that online attacks against women are socially unacceptable. The new laws can validate women’s feelings that they have been harmed and encourage law enforcement to pursue more cases.
Commenting on the papers, Robert Kaczorowski of Fordham Law (and Danielle’s stepdad) made an extended analogy between the Ku Klux Klan and cybermobs.
Wendy Seltzer asked if we could deemphasize the effect of words rather than prohibit them. Danielle responded that we don’t know how seriously to take any particular threat.
An audience member asked if is there a difference between mobs and individual actors who are just taking advantage of being anonymous. Danielle answered that groups can become more extreme online. I think this point deserves more exploration: a series of uncoordinated individual decisions to “pile on” to an attack can look like a coordinated attack to the victim. This is part of why I thought the KKK references were puzzling—KKK activities are clearly coordinated, while online attacks against women can succeed without any coordination or ongoing connection between the attackers.
Paul Ohm argued that that legal solutions are better for cyber civil rights problems than technological solutions. Paul discussed what he labeled “Felten’s Third Law.” (He doesn’t know of two earlier laws named for Ed Felten; he just assumes they exist given Ed’s impressive and influential oeuvre). As articulated by Paul, Felten’s Third Law is that in Cyberlaw conflicts, lawyers love technical solutions and technologists love legal solutions. In other words, we love the solution we don’t know because we assume it has to be better than the one we do. As both a law professor and technologist, Paul picks law over technology for these problems.
Paul categorically rejects any technical solution that would create a “fully identified Internet.” For example, we should not mandate server log retention because we know the logs will be co-opted to regulate other forms of unwanted content, not just online harassment.
Wendy Seltzer discussed the unintended consequences of legal intervention. For example, mandatory Internet filtering in school libraries hasn’t stopped kids from bypassing the filters, but it has facilitated a marketplace for improving filtering technologies that has benefited repressive regimes. Another example: anti-circumvention technology fails to restrict copying but has reduced innovation around DRMed content. Wendy also noted how norms can help curb abuses. For example, while there are online cesspools, she praised Wikipedia’s evolving guidelines for living people’s biographies.
In response, Danielle admitted that her solutions need to be more surgical. She said she might consider moving from a notice-and-takedown model to a notice-and-preserve model for intermediaries.
Second Panel
This panel was composed of three women academics from the civil rights community, so it was a noticeable shift from the typical Cyberlaw academic discussion.
Mary Anne Franks is a University of Chicago Bigelow Fellow and soon-to-be full-time law professor. She expresses our collective disappointment that cyberspace isn’t a utopia that allows people to escape offline discrimination and harassment. She laments that women can lose control of their identities online, such as when someone creates a fake online profile in their names.
She then addressed how cyberspace is unique/special/different with respect to gender harassment. Many commentators try to duck cyberspace exceptionalism, so it was refreshing to see her tackle the issue squarely. Existing offline discrimination/harassment laws assume interactions between repeat players at work and school; online harassment can be divorced totally from any existing social networks. However, because the online activities still harm targeted individuals at work and school, we should treat the harms the same. Offline, there are switching costs to changing jobs or school; online, search engines’ consolidation of results for search on a person’s name creates a different type of switching cost. In terms of supervisory power, she thinks web operators have analogous control to employers or school administrators. Thus, when web operators receive notice of online harassment, they should have a duty to do something about it. Offline, employers can develop a variety of responses and policies to combat workplace harassment. Web operators should have similar latitude; for example, they can delete offending posts or suspend/ban accounts.
Helen Norton, a University of Colorado law professor, did not share Danielle’s optimism (expressed in her first article) that existing discrimination laws can curb online harassment. Instead, Helen thinks a new civil rights statute is needed, but she might limit its remedies to exclude money damages. Helen is pessimistic that there will be regulation any time soon, noting that it can take years to enact civil rights legislation. Helen would also like to see more precise definitions of the exact harms that women are experiencing only online.
Nancy Ehrenreich, a Denver University law professor, began her talk by saying that we should not overstate the Internet’s benefits. She then clarified that we should not assume that disadvantaged folks can overcome barriers online. For example, we impose cultural categories on people in every interaction, so even if people try to mask their identity online, they can’t really escape. She wondered why we aren’t talking about an anti-discrimination law for the web. Her concern is that discrimination denies individuals access to the Internet.
In Q&A, Paul Ohm observed that civil rights scholars often invoke free speech as the countervailing concern to their desired regulations, but Cyberlaw scholars are often more interested in other “generative” effects of the Internet, such as new business models, new labor models and new modes of production.
Panel 3
James Grimmelmann (see his slides) started with the Skanks in NYC case. In that case, the defendant criticized someone else in her social network on a blog, calling the plaintiff (among other unflattering things) a “skank.” The plaintiff sued to obtain the blogger’s identity. After a successful unmasking, the plaintiff dropped the lawsuit, having successfully publicly shamed the blogger.
James hypothesized that this unmasking and shaming was an appropriate remedy—the blogger got shamed (like “an eye for an eye”), and unmasking is a better outcome than other legal remedies like damage suits. James then posited a thought exercise that provided plaintiffs with an expedited unmasking procedure if they drop any damages claim. This would have a number of benefits. Unmasking curbs online harassment is especially effective at busting online mobs. Also, an unmasking remedy avoids messy debates over the First Amendment’s scope, and it may be more desirable than trying to hold online providers liable.
Having advanced his own strawman, James then cut it down. In some cases, defamation remedies may be more desirable, and plaintiffs may not know that until they learn the putative wrongdoer’s identity. In other cases, plaintiffs who just want unmasking would appreciate a lower legal hurdle. Also, we provide legal protection for anonymity for good reasons.
James’ lessons from the thought exercise: we should consider ways to decouple an unmasking remedy from litigation. At the same time, we need to protect defendants from pretextual unmasking; in some cases, retaliation is a big concern, and we should incorporate this concern into the unmasking decision.
From Chris Wolf’s talk (see his full remarks), the most interesting thing I learned is that 18 states have laws banning wearing masks in public, enacted to suppress KKK activities. This was the second speaker’s KKK reference of the day, and it made me wonder if we were experiencing some variation of Godwin’s Law.
Panel 4
Viva Moffat observed that secondary liability issues generate the most heat in online harassment discussions. She expressed concern that imposing legal duties on third parties may not help law’s norm-shaping effect, and it’s not appropriate to impose liability just because the provider has deeper pockets or the direct actor can’t be found. She also suggested that imposing liability on third parties creates a greater risk of collateral damage than direct liability. [Note: I would like to know more about this last assertion. I suspect we cannot make a utilitarian calculation a priori]. As a result, she favors focusing more efforts on sharpening direct liability.
Ed Felten talked about identifying and anonymizing online activity. He explained the usual sequence of events in chasing bad online content:
log file => IP address => identity => justice
But the IP address => identity step breaks down when users use an anonymizing proxy or the user’s network uses network address translation (used by home wireless routers or in coffee shops) and all connected devices’ requests share a single IP address. He said that a majority of Internet connections use NAT.
Because IP address tracebacks can dead-end at the intermediary, an IP address can reveal too little information. However, even when users aren’t investigatory targets, IP addresses can reveal too much information, such as geolocation. This paradox—IP addresses simultaneously reveal both too much and too little information—reflects that the IP address system was built for routing, not identification. So could we design a better authenticating technology?
He then conducted a “semi-realistic” thought experiment of a new technological “tag” that could be used instead of IP addresses. This tag could have the following attributes:
* can be placed by any intermediary
* conveys no information about the sender unless unwrapped by the intermediary (presumably for good legal cause)
* unwrapping the tag yields the best identity information the intermediary has
* the tag’s use is voluntary as a technical matter
* the tag is removable as a technical matter
I then batted clean-up. A summary of my remarks:
Today’s conversation has revisited long-standing Cyberlaw issues, such as:
* anonymity v. accountability, and who should be responsible for online content and actions
* cyberspace as a physical place. See, e.g., Noah v. AOL (an online discrimination case), National Federation of the Blind v. Target (also an online discrimination case) and Estavillo v. Sony
* cyberspace exceptionalism and cyberspace utopianism (on the latter point, see my article on search engine utopianism)
* when is the optimal time to regulate rapidly evolving technology? Early, when the technology is still in its infancy, or later, when market forces and new technological evolutions may have cured the early problems?
Danielle’s articles convinced me that women are experiencing serious harms online that men—including me—could easily trivialize. Danielle’s articles also convinced me that online harassment has strong parallels to the 1970s legal evolution of workplace harassment doctrines, where a big part of the battle was to get people to take the harms seriously.
While I find a lot of descriptive value in Danielle’s work, the normative implications are not as clear. As usual with attempts to regulate rapidly evolving technology, there are many important but overwhelmingly hard definitional challenges, such as who is an “intermediary,” what are “online mobs” and what constitutes online “harassment.” For example, I do not think the Skanks in NYC incident is an online harassment case or an “attack,” but James Grimmelmann’s talk assumed those characterizations.
While we can debate what should be the right level of regulatory intervention, we should not overlook that Congress already enacted a law squarely governing intermediary liability for online harassment: 47 USC 230. The angst that prompted this conference—bad behavior online—is the logical consequences of 230’s broad immunity. The statute enables websites to adopt policies that they will not police user content or retain server logs of user activity. These choices aren’t a surprise or a per se abuse of the immunity; instead, they are the unavoidable implications of Congress’ action.
We might question Congress’ wisdom in adopting 230, but we should not diminish its potential importance to the Internet as we know it. [In Q&A, Chris Wolf asked about the comparative experience in countries that don’t have such broad immunity. In those countries, we know that websites take down user content much more freely, and I believe that the most interesting UGC innovations are all taking place here in the US, not countries with more restrictive UGC liability.] I can, at most, only prove correlation and not causation, but I believe 230 is one of the main causal reasons why the Internet has succeeded so well.
When I speak around the country about 230, I often encounter folks who generally accept 230’s immunity scope but want just one new exception, i.e., their pet topic. If everyone got their “just one” exception, the law would be eviscerated. (I said it would be Swiss-cheesed to death; maybe I should have said it would be overcome by a thousand duck bites). I’m not rejecting new exceptions categorically (they should be each considered on their own merits), but in aggregate 230’s immunization benefits are actually quite precarious. I believe 230 works precisely because of its strength and simplicity, so adding more exceptions could significantly reduce its efficacy.
I concluded my remarks by observing that online harassment is a subspecies of bullying and incivil behavior in our society. While we can and should work to curb online harassment, I am more interested in addressing bullying and incivility in all its forms, wherever it takes place.
In this regard, I have been impressed by how my son’s school is proactively addressing bullying. See more about this effort, called Project Cornerstone. The school is teaching kids not to bully or to tolerate being bullied, and the project gives bullied kids tools to go on the offensive against bullies. There’s no guarantee that anti-bullying programs will work in the short or long run, but I remain hopeful that online harassment today partially reflects that many current Internet users never got any anti-bullying education. Perhaps, then, online harassment issues will naturally abate (without any regulatory intervention) as new generation of Internet users, better educated about bullying, come onto the Internet.
Following my remarks, we had more Q&A.
Paul Ohm Q: Some cyber folks argue against secondary liability because they believe that a victim can pursue a direct action, but Ed’s talk suggests that user anonymity will continue to be possible.
Mary Anne Franks: civil rights isn’t about individual claims because victims have to bear too high a burden to pursue claims. Instead, civil rights are about changing large-scale social norms. The goal is to achieve anti-discrimination by any means necessary. Thus, civil rights scholars have already discussed and concluded that it’s appropriate to impose liability on intermediaries like employers and schools.
Danielle: intermediaries are the lowest cost avoiders.
James Grimmelmann: no, the harassers are the lowest cost avoiders. Civil rights folks would get more support from the Cyberlaw crowd if they focused their regulatory desires towards intermediaries who are in active concert with the bad actors.
Danielle's Wrap-Up
We all agree that:
* education can make a big difference
* online communities need to self-police
* there are numerous limits to using the law as a solution, including that lawsuits don’t make sense and 230’s immunity.
We don’t agree on what to do next. There are First Amendment limits, and technology doesn’t offer any panaceas.
Posted by Eric at 07:12 AM | Content Regulation , Derivative Liability , Internet History , Publicity/Privacy Rights | TrackBack
December 02, 2009
Case Western “Signifiers in Cyberspace” Conference Recap
By Eric Goldman
In mid-November, I attended a conference at Case Western Reserve University School of Law in Cleveland, Ohio entitled “Signifiers in Cyberspace: Domain Names & Online Trademarks.” My notes:
David Fewer spoke about Canada’s WHOIS policy. The old Canadian registry policy published registrant information without restriction. Then, the registry proposed a new policy not to publish personal information in the WHOIS database for individual registrants and for organizations that can show harm from publication. To reveal registrant information in those situations, a warrant would be required. That policy got amended to allow warrantless access for cybercrime enforcement, registered IP infringement and ID theft. Fewer argued that the amended policy violates Canadian privacy laws (PIPEDA) because consumers are not given adequate disclosures, the exclusions from the privacy policy are arbitrary, and consumers aren’t given the required option not to participate.
Corynne McSherry of EFF discussed how TM owners are bypassing direct challenges against gripers and instead putting pressure on domain name registrars. She focused on the Yes Man spoof website of the New York Times, which included a parody ad of the De Beers diamond manufacturer. Humorless De Beers sought relief from Joker.com, the parodist’s registrar. EFF has responded to De Beers that the parody is legitimate because it has no commercial aspect, it’s nominative use, and the First Amendment applies. The EFF is also encouraging Joker.com to ignore De Beers because it (as the registrar) can’t be liable for the registered domain name. So why is Joker.com even entertaining De Beers’ complaint? Corynne notes the registrar’s revenue from any single domain name registration is less than legal cost of investigating and responding. Corynne discussed how parodists and gripers can minimize their legal risk (I blogged on these recommendations in May).
I remain very interested in situations where domain name registrars apply their own takedown policies to their customers. For example, I’ve previously mentioned GoDaddy’s “itchy trigger finger” when it comes to intervening with its registrants. I suspect there is significant heterogeneity among registrars’ interventionist tendencies. I think this is an area worth exploring. If you have other examples of domain name registrar intervention in its customers' content, please share them.
Stacey Dogan spoke about the aftermath of the Rescuecom ruling. Stacey is disappointed that courts aren't adopting her arguments to use the “trademark use in commerce” doctrine to insulate intermediaries (she calls it her “biggest failure in life”). She described three post-Rescuecom uncertainties: (1) what acts by intermediaries constitute TM infringement? (2) on what doctrinal basis? (direct v. contributory), and (3) what remedies do the intermediaries face?
Stacey thinks courts need to be more precise about the nexus between defendant behavior and TM owner harm. This should lead to better distinctions between direct and contributory infringement.
She offered a taxonomy of claims against intermediaries:
* General confusion = when the intermediary creates confusion through the blurring of ads and editorial content. Stacey thinks these aren’t TM issues. But if commingling is the problem, then the remedy should be an injunction requiring the intermediary to label the ads.
* Strict liability = when the search engine is automatically on the hook for its involvement with the ads. Stacey says courts should reject this approach due to the search engines' lack of proximate causation for consumer confusion. If a search engine faces any liability, it should be solely on the basis of contributory infringement (with its higher scienter bar).
* Failure to act = when the search engine fails to respond to TM owner’s takedown notice. She said we don’t see this in search engine cases [a point I disagree with given that the TM owner vs. search engine lawsuits all represent a failing of the search engines’ voluntary TM policies]; instead, she was thinking of the Tiffany case. Stacey thinks the failure of act prong is where the legal action should be. She wants courts to map out appropriate scienter levels. General knowledge of infringement isn’t enough, and courts should let defendants make reasonable judgments about whether the advertiser will qualify for any trademark defenses. If the advertiser is obviously infringing, and intermediary gets notice and fails to act, she thinks contributory liability could be appropriate.
Graeme Dinwoodie believes the ECJ will not follow the Advocate General’s opinion in the Google case. He explored two parallels between the AG’s opinion and Rescuecom: Both get away from trademark use of commerce, and both consider underlying policy values. Graeme thinks search engine defendants should move away from disputing the lack of harm to the trademark owner; instead, he thinks they will get more traction by showing the countervailing benefits of their advertising. For example, he thinks they should be showing how keyword advertising can facilitate investment and innovation.
Jeffrey Samuels shared his perspectives as a panelist in 200 UDRP proceedings. Since the UDRP’s implementation, there have been about 25,000 UDRP decisions. 40% are US registrations. 75% involve .com. 75% are defaults.
The UDRP isn’t designed to solve all domain name disputes. He gave an example of a domain name registration containing a celebrity child’s name. The UDRP isn't helpful because a 2 week old kid doesn’t have protectable trademark rights.
“The UDRP is hardly a model of clarity.” All cases are fact-dependent. If a UDRP proceeding has unusual facts, he recommends requesting a 3 member panel--these proceedings get more carefully evaluated opinions and minimize the effects of any one panelist’s idiosyncratic views.
Some issues that regularly arise in UDRP proceedings:
* What the TM owner has to do to establish its rights. The majority view is that a registration anywhere in the world suffices. Common law rights generally require presenting sufficient evidence validating the rights.
* There remains a split of authority on “sucks” sites.
* In the early days, panelists used to run through the multi-factor likelihood of confusion factors. That’s rarely done today. Now, most panelists just make sight and sound comparison.
Karl Auerbach discussed two interrelated issues: (1) ICANN lacks any political authority for its “Internet governance” role, and (2) technology does not require that ICANN monopolize DNS root services. He argues that we would benefit from competition among DNS root services. His argument reminds me a bit of the net neutrality debate. We can hypothesize many possible net neutrality problems, but most of them go away with vigorous competition. Similarly, ICANN’s often-ridiculous shenanigans would be less vexing in the face of bona fide competition for DNS root services.
Dan Hunter spoke about a new paper he’s writing with Mark McKenna. Their target is the fundamental trademark principle that trademark law protects against consumer confusion. They think consumer confusion is an imperfect proxy for our normative goal of protecting consumers. Some confusion is endemic in a complex society; and some methods of communication, like humor, require confusion to work. Therefore, they want to move away from trying to block consumer confusion and instead refocus trademark law on reducing errors in consumer decision-making. This seems like a fruitful endeavor, but they are also taking a swipe against the consumer search cost justification for trademark law, a move I didn't follow.
Bill McGeveran recapped his recent work on social networking sites and gave a preview of his next article. His target is fake online profiles such as the Tony La Russa fake Twitter account. He expects to see more pressure to create IP rights in personal identities.
I spoke about trademarks and behavioral targeting, and in particular the competition among marketers for consumer preference information. For example, I believe the anti-deep packet inspection pushback wasn’t based solely on privacy concerns. Instead, destination websites fear that an IAP will disintermediate them and use its prime access to consumer preference information to steer customers to competitors. (See this blog post for more on that point). My (very brief) slides.
Posted by Eric at 07:16 AM | Derivative Liability , Domain Names , Internet History , Publicity/Privacy Rights , Search Engines , Trademark | TrackBack
October 27, 2009
Zittrain on the Dark Sides of Crowdsourcing
By Eric Goldman
Last week, Cyberlaw expert/rock star Jonathan Zittrain of Harvard Law School (visiting at Stanford Law School this term) spoke as part of SCU's lecture series on IT, Ethics and Law. An overflow crowd of over 100 people came to the talk, and as usual Jonathan did a wonderful job. You should attend his talks if you have a chance. They are always highly entertaining and thought-provoking.
Overview
Jonathan's talk was opaquely titled "Minds for Sale: Ubiquitous Human Computing and the Future of the Internet." I think his talk really covered the Dark Sides of Crowdsourcing. Normally, such a talk would immediately raise red flags about the speaker’s intentions and net-savviness. However, Jonathan has sterling credentials as a crowdsourcing enthusiast, so he can raise concerns without sounding shrill or regressive.
He pointed to numerous examples throughout his talk, but one of his principal targets is Amazon.com's Mechanical Turk. Mechanical Turk describes itself as "a marketplace of work. We give businesses and developers access to an on-demand, scalable workforce. Workers select from thousands of tasks and work whenever it's convenient." LiveOps is also on his mind; the site hires individuals to provide live customer support for third party businesses from their homes on a flexible and dynamic basis.
The Problems
From the worker's perspective, Jonathan raised several potential concerns about Internet marketplaces for labor, including:
* surveillance. LiveOps can track and monitor every aspect of workers’ performance, including when they were online and where they connected from. This does depend on the employer’s specific technological architecture; I’m not sure if Mechanical Turk gets such deep looks into its workers' behavior.
* alienation. Online workers are often retained to do pieces of a larger project without understanding the whole project. Thus, they may apply existing rote skills but not broaden their expertise.
* moral valence. Because workers may not understand the greater project, they could help projects that are morally objectionable without realizing it. Jonathan gave some terrific examples, such as spammers distributing the work of breaking CAPTCHAs and the government asking citizens to identify folks in group/crowd photos for law enforcement or possibly dissident-busting purposes.
Jonathan also raised some systematic concerns that could arise from these online labor marketplaces, including:
* without uniform labor laws, employers could trigger a race to the bottom where the work flows to jurisdictions with the laxest worker protections. We’ve already seen an analogous situation as states try to enact “Amazon affiliate sales tax” laws designed to trigger sales tax collection obligations based on the presence of marketing affiliates in the state, which has prompted some Internet companies to dump affiliates overboard in some of those states based solely on their regulatory policy.
* crowding out. As it becomes easier for workers to monetize their time in smaller units, they may become less willing to contribute their labor to non-paying enterprises like Wikipedia. I address some of these dynamics in my Wikipedia paper.
Possible Solutions
Jonathan identified some possible solutions, including:
* revitalized labor standards, such as minimum wage laws or anti-child labor laws. As one example, he proposed that worker reputation should be “portable” so that good workers for an online enterprise can have their accomplishments follow them to future employers. Ironically, this may be unintended Internet exceptionalism because IMO worker reputation isn’t portable in physical space due to the collapse of the job reference market.
* unionize online workers. Unionization was a natural proposal given the talk’s tenor, but I found it anachronistic. How can unions be relevant to online labor markets where people can "change jobs" with a few clicks of a mouse? The Internet has much more competition among employers than any geographically restricted labor market, and the employees’ friction to change jobs online is so much lower than it is in physical space. For example, unhappy Mechanical Turkers can easily click to a large number of competitive websites that will gladly pay them for their contributions. At the same time, the Internet globalizes labor forces in ways that are unprecedented in physical space, so the value for “commodity” labor plummets. Both dynamics seem to doom any efforts to unionize online labor.
* disclosure. Employers should have to disclose who they are and why they are asking for the work to be done.
* opt-out. When people are doing work without knowing it, they should have the opportunity to opt-out. For example, the RECAPTCHA project uses human CAPTCHA-solving to correct OCR scanning errors. Zittrain thinks people should be given a choice not to provide those services.
Jonathan's final takeaway message was to express a general reservation that money is pervading our relationships and activities. He gave the example of how a Mechanical Turk employer offered to pay other Turkers to do kind acts--something, Jonathan pointed out, is oxymoronic because paying people to be kind means they aren’t actually being “kind.”
My Comments
Whether intended or not, Jonathan’s talk had a strong Marxist undercurrent that is tough for many of us to embrace. The Internet makes labor markets more efficient. It also increases the heterogeneity of ways that people can find gainful employment they can perform at the time and place of their choosing. Both generally sound like strongly positive developments to me.
I thought Jonathan’s strongest point was his dystopian view of bad actors (e.g., repressive governments and spammers) crowdsourcing socially detrimental work without workers knowing it. Disclosing the employer’s identity and motivations would be a partial but necessarily incomplete solution. More transparency would prevent people from inadvertently contributing to bad projects, but some people need cash so desperately that they will take it regardless of the moral valence. (I'm ignoring the malcontents who would gladly pay for the chance to facilitate social disruption).
Jonathan’s talk became harder to follow as he addressed examples well beyond online labor marketplaces. Specifically, a number of his examples seemed to conflate work activities, play activities and other ways that people voluntarily allocate their time. (FWIW, I’ve been accused by Timothy B. Lee of doing the same thing in my Wikipedia paper). For example, he treated Google’s use of website links for its PageRank algorithm as a form of “work” where Google gets the benefit of individual linking decisions. (In turn, he lauded Google’s nofollow link as a good example of how laborers can have an opt-out mechanism). While we collectively create value for Google by establishing links to third party sites, I don’t see how linkers are “working” for Google. Instead, I think the links are a positive externality captured by Google. We create positive externalities through our online (and offline) activities all of the time, and I think trying to characterize those as “work” is not the right direction. See, e.g., Frischmann and Lemley’s critique of regulatory overresponses to spillovers.
Similarly, Jonathan gave examples of “games” where the players provide valuable outputs to the game organizers through their ordinary gameplay. An example is where people are asked to tag photos as part of a game, where the tagging can become commercially valuable metadata. In this situation, the game organizers get an undisclosed private benefit (the beneficial work) from what is otherwise a fair market transaction (people voluntarily enjoying the game). Normally, we don’t worry about undisclosed private benefits; in fact, they occur in most economic transactions, even in efficient marketplaces. While increased disclosure about the game organizer’s motivations might help game players make more informed decisions about whether to play the game or how to price their participation, it’s not clear to me that such disclosures would actually help the game player’s make better decisions or enjoy the game more.
Terri Griffith, a colleague of mine in the SCU business school, wrote up her perspectives on the talk.
UPDATE: Mike Sardina, an SCU Law student, also wrote up a recap with commentary.
UPDATE 2: The Markkula Center provided a summary of the talk, and SCU student Courtney Meehan posted on it as well.
Posted by Eric at 12:06 PM | General , Internet History , Virtual Worlds | TrackBack
October 17, 2009
Q3 2009 Quick Links, Part 3
By Eric Goldman
Copyright
* AP v. All Headline News settles. My initial blog post. The settlement order.
* The Turnitin case has settled. My blog post on the district court ruling.
* Corbis Corp. v. Starr, No. 3:07CV3741 (N.D. Ohio Sept. 2, 2009).. Company that retained web developer could be liable for copyright infringing photos included in the developed website. David Johnson's coverage.
* Creative Commons commissioned a study of what people think qualifies as “commercial” or “non-commercial” activity. While this is relevant to how CC drafts its various license flavors, these words also have significant import to many facets of the law, including copyright (such as the fair use test) and trademark (such as the definition of “use in commerce”). The executive summary:
Both creators and users generally consider uses that earn users money or involve online advertising to be commercial, while uses by organizations, by individuals, or for charitable purposes are less commercial but not decidedly noncommercial. Similarly, uses by for-profit companies are typically considered more commercial. Perceptions of the many use cases studied suggest that with the exception of uses that earn users money or involve advertising – at least until specific case scenarios are presented that disrupt those generalized views of commerciality – there is more uncertainty than clarity around whether specific uses of online content are commercial or noncommercial.
eBooks
* Advocates for the blind sue Arizona State University for distributing electronic textbooks via the Kindle.
* Rebecca on the relationship between the Kindle 1984 debacle and the Google Book Search settlement. See also this Slate article.
Search Engines
* Train2Game v. Google, [2009] EWHC 1765 (QB): UK opinion that Google isn't liable for its search results snippets.
* CEO Bartz said Yahoo was never a search company. What??? Danny Sullivan calls her out for her "revisionist history."
* Greg Linden: Google AdWords Now Personalized.
* ThirdVoice redux: Google launches SideWiki. Let the legal games begin! (See, e.g., this BusinessWeek article). I’d be more worked up if Google had a more successful track record with non-search offerings, especially user-generated content projects. Lively, anyone?
Marketing
* Some craziness in Maine, when the legislature tried to restrict marketing to kids. PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature. The Maine AG said she won't enforce it, and subsequently the law was given a timeout so the Maine legislature can rethink the error of its ways.
* eBay is changing to a per-click model for paying affiliates, where the per-click amount is reset daily based on actual value delivered by the affiliate.
* Ethical Quandary: Faxed attorney newsletter doesn’t violate TCPA.
Posted by Eric at 04:47 PM | Copyright , Derivative Liability , Internet History , Marketing , Search Engines | TrackBack
September 22, 2009
Google Confirms That Keyword Metatags Don't Matter
By Eric Goldman
Few Internet technologies have horked cyberlaw as much as keyword metatags. Back in the 1990s, some search engines indexed keyword metatags, which encouraged some websites to stuff their keyword metatags as a way of gaming the rankings. Judges took a dim view of this practice, largely because the surreptitious nature of keyword metatags seemed inherently sinister, regardless of their efficacy. In the interim, search engines wizened up. Some search engines stopped indexing keyword metatags, and others greatly diminished the credit they assigned to keyword metatags. As a result, for the better part of this century, keyword metatags have had either zero or de minimis effect on search engine placement.
However, the anti-keyword metatag legal doctrines developed in the 1990s have persisted, even as the technology changed. Although occasionally judges have gotten it right (see, e.g., Standard Process v. Banks). most courts still treat the presence of a third party trademark in keyword metatags as essentially a per se trademark infringement--even if the keyword metatags didn't (and couldn't) change the search results ordering or any consumer's behavior. For a quick sense of the ridiculous state of keyword metatag jurisprudence, take a look at my recent blog posts on the topic.
The current state of nature has put keyword metatag defendants in a bind. On the one hand, the law treats the inclusion of third party trademarks as per se trademark infringement. On the other hand, everyone in the industry knows they are irrelevant but search engines have been less than forthcoming about the components of their search engine algorithms, leaving scanty citable material to support that proposition. And judges, deciding between the weight of a dozen years of anti-keyword metatag legal precedence and not-from-the-horse's-mouth assessments of keyword metatag efficacy, not surprisingly continue to stick with the outdated legal precedent.
This makes Google's announcement yesterday so exciting. Google's star techie Matt Cutts says in plain language that Google's core search algorithm ignores keyword metatags. This isn't news in the sense that we've known this about Google for years, but I believe this is Google's first public confirmation of keyword metatag's irrelevancy. Matt's short video clip goes so far to tell trademark owners to quit suing over keyword metatags. Amen!
I've long believed that trademark law shouldn't intervene even if search engines index keyword metatags because merely appearing in the search engine results for a third party trademark (without more) should be legally immaterial. Even if you don't agree with me on that proposition, I trust most everyone can agree that trademark law should ignore keyword metatags if search engines do. Now that we have confirmation that the dominant search engine disregards keyword metatags, let's hope judges do the same.
Posted by Eric at 10:02 AM | Internet History , Search Engines , Trademark | TrackBack
August 25, 2009
Why More Wikipedia Editing Restrictions Are Inevitable, and Some Comments on Flagged Revisions for Living People's Biographies
By Eric Goldman
I have posted my latest article, "Wikipedia’s Labor Squeeze and its Consequences," to SSRN. The article will be published in the Journal of Telecommunications and High Technology Law in the relatively near future. The article is still in draft form, and I gratefully welcome your comments. Please take a look.
The article traces its roots to my Dec. 2005 prediction that Wikipedia will fail in 5 years. I have continued to blog informally about Wikipedia since then, but I only decided to write a more formal academic defense of my prediction late last year. This article is that defense, but you'll notice that I don't refer to "failure" in the article. In my presentations and earlier drafts of this article, I found that predicting Wikipedia's "failure" produced very emotional responses that overwhelmed consideration of my argument's merits. I still think my 2005 predictions look pretty good (using my self-selected definition of "failure"), but I deliberately directed the article towards the "why" rather than the "when."
As a result, the article explains why evolutionary changes in Wikipedia's labor supply is forcing Wikipedia to change its basic architectural design of permissive user editability. Flagged revisions is a prime example of the ongoing architectural shift. With flagged revisions, every user has the technical capacity to edit a Wikipedia entry, but submitted revisions remain hidden from public view until a trusted editor approves them for publication. Accordingly, flagged revisions significantly changes the Wikipedia experience. It delays publication of most contributions, it buries some contributions without ever being published at all, and it creates a significant workload for editors. For example, the German Wikipedia deploys flagged revisions site-wide and publication delays are up to three weeks.
Yesterday, Wikipedia announced that it is deploying Flagged Revisions for biographies of living people. Wikipedia has been on red alert with biographies since the John Seigenthaler incident in September 2005, so it's not surprising that Wikipedia will tighten the reins there first.
However, I think this change is just one more intermediate step in Wikipedia's ongoing process of restricting user editability, and it is not the final restrictive step Wikipedia will take. For reasons I outline in the article, I expect Wikipedia eventually will deploy Flagged Revisions, or some other stringent form of editorial lock-down, across the entire site, not just for living people's biographies. I explore some other possible alternatives in the paper, but I conclude that substantial restrictions to user editability are Wikipedia's only viable long-term solution to preserve site credibility.
People who have reviewed the article have asked about the article's relationship to Benkler's Wealth of Networks and its related commentary. Those works have explored the phenomenon and implications of large-scale online volunteerism, including a convincing proof that people will contribute their labor to online collaborative enterprises without any direct financial compensation. However, I've seen less attention paid to the exact reasons why people volunteer for these projects. My article focuses on the "why" in some detail, but even then, I make some assumptions and guesses. Despite extensive academic research into the Wikipedia community, we still lack a complete and clear empirical picture of why people join the community and, perhaps just as important, why people leave. I offer up my theoretical considerations, but more empirical work remains to be done.
If you want more discussion on this topic, during the paper's development, I gave a talk at University of Colorado Boulder that sparked some online responses:
* the talk itself (in the middle of the video)
* Ars Technica coverage
* ZDNet's paraphrase of the Ars Technica post
* p2pnet
* Blorge
* Thinking Spaces
* Futureismic
The presentation led to an NPR Interview with more comments and a response from What Jeff Learned Today.
Posted by Eric at 09:09 AM | Internet History , Marketing , Spam | TrackBack
August 12, 2009
2009 Cyberspace Law Syllabus and Some Comments
By Eric Goldman
I have posted my syllabus for this semester's Cyberspace Law course. This blog post describes the changes from my 2008 course reader. For more on my pedagogical approaches to the course, see my Teaching Cyberlaw article.
Trademark
* Deleted the Tiffany v. eBay case. This is a really rich and fascinating case, but it is really long and I ran out of time to cover it last year. Also, it will be mooted in the not-too-distant future by a Second Circuit opinion.
* Replaced the Playboy v. Netscape and FragranceNet keyword advertising cases with Hearts on Fire v. Blue Nile. The Hearts on Fire case isn't a perfect teaching case, but it discusses use in commerce, likelihood of consumer confusion/initial interest confusion, and a bit of the policy issues. I suspect a number of my Cyberlaw colleagues are teaching the Rescuecom case, but I chose not to. First, it is doctrinally narrow. Second, it is a confusing opinion. Third, I tried to teach it as a last-minute substitution in my IP survey course last semester and was not satisfied with the results. Finally, it involves the less common fact pattern of keyword sales rather than keyword purchases. So I decided that this year the Hearts on Fire case could cover all the necessary issues adequately.
An interesting note: this is the first time in 15 years that I am not teaching a Playboy case in Cyberlaw. Frankly, I had expected to teach at least one Playboy case in Cyberlaw forevermore!
* Added Google's trademark policy. I'm a little surprised it never occurred to me before to include this in my reader.
* Updated my all-new keyword advertising slides from my May presentation.
Copyright
* Deleted the Perfect 10 v. ccBill and Perfect 10 v. Visa cases. I have been struggling with how to teach the Ninth Circuit's Perfect 10 troika of cases for the last couple of years. The troika was over 100 pages of reading that nevertheless left students befuddled after all that work. But I felt constrained because the troika is the most definitive statement of Ninth Circuit law, and it is insightful to see the cases evolve. Nevertheless, I decided that the Amazon case was the most doctrinally significant, so I kept that and ditched the other 2.
* Added Io v. Veoh. To make up for taking out the Perfect 10 cases, I've added this case, which I think is a very clear exposition of a DMCA online safe harbor case.
* Added Parker v. Yahoo. I think this will be a good case to tie together some copyright doctrinal threads as well as provide a nice compare/contrast with the Ticketmaster v. RMG case.
Trespass to Chattels
* Replaced the Computer Fraud & Abuse Act statute with the most recently amended version.
* Included a slide that synthesizes the various trespass to chattel doctrines into a summary format.
Contracts
* Added the Harris v. Blockbuster case. It's a short case that efficiently makes several powerful pedagogical points--including perhaps most importantly, the perils of robo-drafting by copying language from other people's agreements.
Blogs and Social Networking Sites
* Replaced my old materials on blog law and social networking sites law with my most recent talk on both from February.
* Added my Third Wave of Internet Exceptionalism article
* Added the Moreno v. Hanford Sentinel case as an end-of-the-semester review case. As I said when I first blogged on the case, I think "this is one of the most interesting cases I've seen in a while," and I'm really excited about teaching it. I think it will be an excellent issue-spotting opportunity for students as well as a powerful reminder of the power of published words (and how those words can unintentionally affect the people we love).
Change to the Grading Options
My other big change this year is that I am giving students the option to write a wiki entry on a cyberlaw topic as part of their grade. This was inspired by my forthcoming paper on Wikipedia (which you'll hear more about soon). In connection with that paper, I was researching alternative labor sources that could power Wikipedia, and students working as part of a class assignment was one option I explore in the paper (with some reservations). As part of "eating my own dog food" (a terrible idiom that seems to be prevalent in the Silicon Valley), I figured I should give it a try myself. As you can see, the wiki-drafting is optional, not mandatory, so I'll be interested to see how many students choose the option. I'll also be interested to see what happens when the students actually try to submit their work to Wikipedia. I have a mental image of a massive buzzsaw, but perhaps I'm being too cynical.
Posted by Eric at 09:36 AM | Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Search Engines , Trademark , Trespass to Chattels | TrackBack
August 07, 2009
An End to Spam Litigation Factories?--Gordon v. Virtumundo
By Eric Goldman
Gordon v. Virtumundo, Inc., No. 07-35487 (9th Cir. Aug. 6, 2009)
When CAN-SPAM was passed in 2003, it was fairly clear that Congress wasn’t trying to enable broad private enforcement. Everyone knew that rabid anti-spammers would seize any new statutory right for a litigation frenzy. As this court says, "lawmakers were wary of the possibility, if not the likelihood, that the siren song of substantial statutory damages would entice opportunistic plaintiffs to join the fray, which would lead to undesirable results." Although I personally think Congress would better served all of us by omitting all private enforcement rights in CAN-SPAM, unquestionably the private rights in CAN-SPAM are drafted narrowly to prevent their abuses.
That hasn't stopped some zealous anti-spammers from testing the limits of CAN-SPAM's private enforcement remedies anyway. James Gordon has been one of the most active. He is a "professional plaintiff" who has operated a spam "litigation factory" by configuring his technology to try to trap spammers. In effect, he goes out of his way to look for spam. As the court says, “the burdens Gordon complains of are almost exclusively self-imposed and purposefully undertaken."
As it turns out, this business model does not fare well in court. He lost this case in the district court and subsequently was ordered to pay over $100k in legal fees to the defendant under CAN-SPAM's fee-switching provision. On appeal, the Ninth Circuit has even less kind words for him, saying that CAN-SPAM “was enacted to protect individuals and legitimate businesses—not to support a litigation mill for entrepreneurs like Gordon." As a result, the court issues a broad but muddy opinion that shuts down Gordon’s litigation factory and presumably others like his, but has a less clear effect on other CAN-SPAM defendants.
"Internet Access Service"
CAN-SPAM's private enforcement rights only accrue to "Internet access services." This phrase is troublesome in part because it differs from other possible statutory synonyms for online actors like "interactive computer service" (47 USC 230), "online service provider" (DMCA), "electronic communication service" and "remote computer service" (ECPA), etc. This verbiage proliferation raises questions about the scope of governed entities (who’s covered and who isn’t) and why different online actors are being treated differently (if they are). I hope future legislative drafters will recognize the costs of using different terms for online actors.
In CAN-SPAM, Congress defined an “Internet access service” as "a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services." Check out Ethan’s lengthy but irresolute deconstruction of this definition from last year.
Read literally, this definition seemingly covers all Internet services because they allow users to access their "other" services. However, the Ninth Circuit doesn’t think that's what Congress meant, although it’s not sure about the boundaries either. Instead, the Ninth Circuit "decline[s] this opportunity to set forth a general test or define the outer bounds of what it means to be a provider of ‘Internet access service.’" Gee, thanks.
Nevertheless, the Ninth Circuit had no problem saying that Gordon wasn't an Internet access service. I can’t pin down a specific reason why Gordon wasn’t covered while, according to the court, his service providers (Verizon and GoDaddy) might be. Ultimately, I think the court rejects Gordon's transparent efforts to manufacture a claim.
"Adversely Affected"
A CAN-SPAM private litigant also needs to show that it was “adversely affected” by the spam. The court doesn’t offer a single definition of adverse effect, but it does try to draw some boundaries that leave Gordon out.
In general, the court tries to narrow the scope of cognizable harms in two ways. First, the court segregates consumer-related harms from service provider-related harms. I was heartened to see this because better harm delineation was a central point of my (uncited) 2004 article "Where's the Beef? Dissecting Spam's Purported Harms." Back in the earlier part of this decade, anti-spam advocates would routinely lump together a laundry list of gripes about spam in ways that would degrade policy-makers’ ability to target policy responses to the harm. For example, CAN-SPAM suffers heavily from this schizophrenia about the targeted harm. This court makes it clear that consumer-related harms aren’t part of the CAN-SPAM private litigation calculus.
Second, the court tries to distinguish between the fixed and variable costs of spam fighting and implies that the fixed costs should be ignored when calculating adverse effect. The court’s handling of this distinction is hardly deft. It says repeatedly that we have to assume that IAS providers are absorbing some spam costs as part of their normal costs of operation. For example, the court says:
the harm must be of significance to a bona fide IAS provider—something beyond the mere annoyance of spam and greater than the negligible burdens typically borne by an IAS provider in the ordinary course of business. In most cases, evidence of some combination of operational or technical impairments and related financial costs attributable to unwanted commercial e-mail would suffice
And the court says:
We expect a legitimate service provider to secure adequate bandwidth and storage capacity and take reasonable precautions, such as implementing spam filters, as part of its normal operations….network slowdowns, server crashes, increased bandwidth usage, and hardware and software upgrades bear no inherent relationship to spam or spamming practices. On the contrary, we expect these issues to arise as a matter of course and for legitimate reasons as technology, online media, and Internet services continue to advance and develop. Therefore, evidence of what could be routine business concerns and operating costs is not alone sufficient to unlock the treasure trove of the CAN-SPAM Act’s statutory damages.
Reading these quotes, it seems like the court is trying to zero out the fixed costs borne by anyone connected to the Internet, which would then focus the analysis on only those marginal/variable consequences attributable to a specific spam campaign. However, the court does not want to raise the bar that high, at least not for “legitimate” service providers (which the court thinks clearly excludes Gordon). As the court says:
the threshold of standing should not pose a high bar for the legitimate service operations contemplated by Congress. In some civil actions—where, for example, well-recognized ISPs or plainly legitimate Internet access service providers file suit—adequate harm might be presumed because any reasonable person would agree that such entities dedicate considerable resources to and incur significant financial costs in dealing with spam.
So I’m not quite sure what to make of this language. On the one hand, the court’s acknowledgement that complex societies impose some unwanted but unavoidable costs seems to raise the harm bar pretty high for CAN-SPAM plaintiffs. On the other hand, the court is willing to presume harm for “good” plaintiffs. So why won’t the court make such presumptions for Gordon? Mostly because he “came to the nuisance” (my words, not the court). As the court says:
Gordon purposefully refuses to implement spam filters in a typical manner or otherwise make any attempt to block allegedly unwanted spam or exclude such messages from users’ email inboxes...Gordon made no real effort to avoid, block, or delete commercial e-mail, but instead has voluntarily assumed the role of a spam sleuth. He expends time and resources seeking out and capturing massive volumes of spam, which he collects and then organizes for use in his prolific lawsuits. He admits setting up domains as “spam traps” with the sole purpose of snagging as many e-mail marketing messages as possible.
So my reading of this discussion is that the court sets up a bifurcated “adverse effect” analysis. If you’re a commercial email service provider, you presumptively get access to CAN-SPAM’s “treasure trove.” If you’re a spam troll, nuts to you.
Preemption of State Laws
One of CAN-SPAM's main raisons d'etre was to preempt the rapid proliferation of state anti-spam laws in the early part of this decade (especially California's opt-in anti-spam law). I naively assumed that CAN-SPAM's preemption clause would drive states out of the anti-spam regulation business altogether (a separate rant, but I'm not a fan of any state attempts to regulate Internet activity). No such luck. Following CAN-SPAM’s enactment, nearly every state enacted NEW anti-spam laws designed to fit within the preemption exceptions. This renewed activity at the state level has contributed to the anti-spam litigation frenzy, because the plaintiffs can use both state and federal claims to extract settlements and concessions from defendants.
In 2006, in Omega Travel v. Mummagraphics, the Fourth Circuit took a lot of the wind out of plaintiffs' sails by holding that state anti-spam laws survived CAN-SPAM preemption only as applied to fraud or material misrepresentations, not garden-variety errors or immaterial deception. Here, the Ninth Circuit adopts the Mummagraphics standard, which presumably eviscerates several state laws in Ninth Circuit-governed jurisdictions.
Applying the Mummagraphics’ standard to Gordon’s case wipes out his Washington state anti-spam claim. Gordon argued that, although he was not misled or deceived, Virtumundo’s “from line” violated Washington law because it does not clearly identify Virtumundo as the sender. He also argued that to avoid being deceptive, Virtumundo’s email subject lines must have either Virtumundo’s or its client’s name. The court rejects these arguments because "Gordon offers no proof that any headers have been altered to impair a recipient’s ability to identify, locate, or respond to the person who initiated the email. Nor does he present evidence that Virtumundo’s practice is aimed at misleading recipients as to the identity of the sender."
Expect to see more state laws bite the dust in the face of this preemption analysis.
Implications
This case is exceedingly interesting and important because it destroys the arguments of anti-spam plaintiffs trying to manufacture technical violations of CAN-SPAM for their profit. Not only does the opinion send an unmistakable message to the lower courts to toss these plaintiffs out on their keister, but it sends the harsh message that these plaintiffs ought to rethink their legal hubris. As the court says, “As should be apparent here, ‘the law’ that Gordon purportedly enforces relates more to his subjective view of what the law ought to be, and differs substantially from the law itself.” Ouch. The court has apparently just invalidated the fantastic laws that some anti-spam plaintiffs dream up in their heads.
This case is also important because it puts state anti-spam laws even more clearly on the ropes. It has been an impressive but pathetic display of futility watching the states trip over themselves trying to show that they are tough on spam when their efforts are all irrelevant in light of the Fourth Circuit's and now Ninth Circuit's interpretations of CAN-SPAM. Fortunately (?), most of the states have moved on to being tough on cyberbullying instead of beating up on spammers.
It is less clear to me if the court’s discussion about “Internet access services” and “adverse effect” will have broader import on private CAN-SPAM litigation. The court deliberately sidestepped definitive interpretations of both terms, so I expect the interpretive slate is mostly clean outside of the spam litigation factories.
One final point. Spam remains actively litigated in the courts and the subject of some policy discussion, but do you still fret about the spam you receive personally? I get the sense that this panel was not that impressed with Gordon’s efforts in part because spam isn’t as big a deal for the judges as it used to be. Certainly that’s true in my case. I get about 100 spams a day, 90+% of which Gmail appropriately filters into my spam folder (with very few misclassifications of legit email as spam). As a result, it takes me just a minute or two a day to burn through the spam accruals. Not surprisingly, at least for me, good spam filters have solved the problem much better than any legislative intervention.
I understand that spam is a bigger issue for email service providers, especially now that more than 100% of all emails are spam (according to the ridiculously overhyped stats put out by vendors of anti-spam solutions). CAN-SPAM partially offers a solution to these individuals, along with other doctrines like the Computer Fraud & Abuse Act and possibly the common law trespass to chattels doctrine. However, at this point, so much of the anti-spam battle has to be fought technologically, not in the courts, due to the sheer volume and dispersed nature of the putative defendants. As a result, it doesn’t really seem to matter to the overall quantum of spam in our society if courts read CAN-SPAM broadly or narrowly.
Other comments on this case:
* Venkat
* Jeff Neuburger
UPDATE: Ken Magill reports on how Gordon has lost his house belongings due to his persistence.
Posted by Eric at 12:40 PM | Internet History , Marketing , Spam | TrackBack
August 06, 2009
State of the Net West Recap
By Eric Goldman
Yesterday, the High Tech Law Institute and the Advisory Committee to the Congressional Internet Caucus co-sponsored the Third Annual State of the Net West event at Santa Clara University. The featured participants were 3 members of Congress (Boucher, Goodlatte and Lofgren) and the White House CTO Aneesh Chopra, supplemented by 8 distinguished discussants. In a jam-packed morning, we covered a lot of interesting and important ground on broadband, privacy, antitrust, immigration and open government. This blog post recaps some highlights from the discussion.
Boucher on Broadband
Rep. Boucher emphasized the importance of broadband availability to economic activity and expressed concern that the US wasn't keeping up with broadband deployment (he said, "we can do better"). He offered three policy proposals for ways the federal government could help:
* revise the Universal Service Fund to allow dollars to be spent on broadband deployment; and require USF fund recipients 5 years from now to be offering broadband or be cut off from USF
* federally preempt state laws prohibiting municipal broadband offerings (which about 25 states have)
* get the FCC to develop a broadband deployment plan
He expressed disappointment with the guidelines that NTIA and the Department of Agriculture have adopted to give away the $7.2B broadband fund that was part of the stimulus package. It appears he will be encouraging both entities to rethink their guidelines.
My colleague Al Hammond was the broadband discussant. Al made a number of good points, including noting that broadband deployment is both a rural and low-income issue (Boucher appeared to be focusing more on the former) and raising concerns about municipalities not playing fair and the FCC overcounting actual broadband availability.
Boucher on Privacy
Rep. Boucher also gave a preview of the privacy bill he is planning to introduce next month. He started off by saying he likes ad targeting, especially first party targeting (he said he buys items based on customized recommendations). So he wants to encourage "appropriate" ad targeting, not eliminate it. His bill is expected to contain the following elements:
* websites collecting data will be required to post a prominent privacy policy
* users can opt-out of first party targeted ads. This also includes data sharing necessary to enable first party ads
* websites that want to share data with unaffiliated third parties will need opt-in. However, behavioral ad networks can proceed on an opt-out basis if they allow users to see and edit their behavioral profile, except for sensitive information categories that would always be opt-in
* both the FTC and state AGs would have enforcement authority
To the extent that the mandatory privacy policy and opt-out options codifies existing industry practices, this proposal generally seems benign but not worth the effort--the costs of the inevitably poor statutory drafting outweighs any benefit we might get from regulatory codification. Requiring opt-in would likely eliminate third party behavioral ad networks, which (as I've discussed before) is more likely to be a detriment than a win.
I was especially intrigued by the proposal that behavioral networks can flip from opt-in to opt-out by letting users access a user profile. I need to see more details about Boucher's thinking, but doesn't this superficially sound crazy? The most obvious problem is authentication of the user before seeing his or her profile. How would this be done? The networks usually don't know the identity of the specific individuals they are profiling, so they can't authenticate identity. And just tying profile access privileges to a cookie or machine sounds like a recipe for disaster for all shared computers. Plus, a web interface seems to increase the security risks that the bad guys can see profiles they shouldn't be able to see. On first blush, it sounds like this part of Boucher's proposal may need a complete rewrite, with unknown consequences for the entire structure of his proposal.
Mike Hintze of Microsoft was the privacy discussant. He espoused Microsoft's standard line that there should be a comprehensive privacy law.
In the Q&A, Boucher appeared willing to consider concurrent privacy enforcement authority by self-regulatory organizations, so long as they enforced the law's minimum requirements. But any self-regulatory effort wasn't a substitute for other aspects of his bill.
Lofgren on Antitrust
Rep. Lofgren said that if the Bush administration did too little on antitrust enforcement, the Judiciary committee is now concerned that Obama and Varney will do too much. Lofgren is particularly focused on the chilling effects of the mere threat of antitrust scrutiny, not just the actual successful prosecution in court of cases. Thus, an "informal" DOJ expression of interest can deter innovative activity by high tech companies.
She also expressed skepticism that antitrust laws remain effective at protecting technology markets, which are marked by fast innovation and low barriers to entry. (I believe her exact words were "traditional antitrust measures of marketplace behavior might no longer work.") At minimum, any technology-related antitrust enforcement actions should be focused on improving innovation rather than trying to manage current marketplace prices.
Finally, she said that copyright restrictions should be considered in antitrust inquiries. Mike Masnick has more to say on this.
Michael Katz of UC Berkeley was the most colorful respondent. He shared Lofgren's concern that antitrust law may be counterproductively squelching innovation, especially when companies try to capture antitrust enforcers to hassle competitors. He had especially harsh words for the FCC, calling it much less disciplined than the DOJ and observing how the FCC can blackmail companies using its leverage. He also complained that the FCC's review of mergers takes too long, and as an example of their lack of discipline, the FCC will impose merger conditions that have nothing to do with the merger.
Tim Bresnahan of Stanford and my colleague Cathy Sandoval were the other respondents.
At the end of her talk, Lofgren praised the Google Book Search settlement, saying that in some ways it lowers barriers to entry. She also said she was grateful that Google appears to have found a back-door way to liberate orphan works given that she wasn't able to pass an orphan works bill. I'm all in favor of orphan works reform, but a class action settlement seems like a weird way to get there.
Chopra on Open Government
Aneesh Chopra is the new White House CTO, a role that never existed before, which puts Chopra at Obama's elbow on all technology issues. This was Chopra's first Silicon Valley trip since he undertook his new role. His first talk was on Tuesday night at a Churchill Club event; we were his second. Lots of people were very interested in learning more about him. He was the big draw for the press, and we got an unprecedented number of walks-in based in part (we think) on his talk. He was also mobbed before and after his talk--everyone seemed to want a piece of his attention (then again, I'd love to have a chance to kick some stuff around with him one-on-one myself!).
It's easy to see why Chopra sparks such curiosity. My impressions were that he was genuinely affable, smooth without being slick, substantive without being bookish, a big fan of crowdsourcing and an even bigger fan of assessment and measurement of outcomes.
He started off by discussing the importance of technology and how the US's rate of technological performance is lagging against other countries. He then identified three ways to "turn the ship around":
1. invest in innovation building blocks, such as a smart/secure infrastructure, more R&D and improved workforce expertise
2. healthcare reform, especially improvements to the information technology side of healthcare delivery
3. an improved education system, including distance learning and more emphasis on lifelong learning
He then discussed open government issues and gave examples of ways technology can facilitate participatory governance.
Goodlatte and Discussants on Immigration
Rep. Goodlatte laid out the Republican's high tech agenda, which includes:
* skilled workforce, including immigration reform
* patent reform
* trade issues
* taxation, including efforts to define when activity in a state triggers tax obligations
* net neutrality (don't regulate but improve antitrust enforcement)
* privacy (opt-out except for sensitive information)
The panel then drilled down on immigration reform. I was really excited to have this panel because workforce issues are so central to the Silicon Valley's "secret sauce" and yet I couldn't recall a time that the HTLI had sponsored a discussion about them. Obviously immigration issues are age-old and are well-trodden, but I nevertheless found the discussion helpful--with the one caveat that everyone on the panel agreed with everyone else, so there was a lot of preaching to the choir. I learned an interesting factoid that both Reps. Goodlatte and Lofgren were formerly immigration attorneys, so they have some front-line domain expertise in this area.
First discussant was AnnaLee Saxenian of UC Berkeley. She talked about how skilled immigrants have fueled innovation in this country. She gave a number of stats in support of this, including that a majority of Silicon Valley engineers are foreign-born, and a high percentage of technology entrepreneurs and patent applicants are foreign-born individuals. She also noted that foreign-born skilled works create net new jobs and also help build better ties to their home country.
We benefit from the best and the brightest from around the world, who come to the US because of our higher education system and historically have chosen to stay. However, she is concerned about this retention because of bureaucratic barriers. She is also concerned that companies, frustrated by their lack of access to development talent, will offshore their R&D.
Finally, she pointed out that immigration discussions kludge together the issues of skilled and low-skilled workers, even though their issues are very different.
Keith Wolfe of Google reinforced many of AnnaLee's points from Google's specific experiences.
My colleague Deep Gulasekaram was the last discussant. He pointed out that free marketplaces may require free movement of labor, which isn't consistent with our current immigration policy. He raised concerns about state and local anti-immigration policies and the negative consequences of tying foreign workers to specific jobs (by linking their visa to the job).
Rep. Lofgren added a few remarks:
* Obama told her that it's time for comprehensive immigration reform. [This led to a polite back-and-forth between Lofgren, who favors comprehensive reform, and Goodlatte, who would settle for piecemeal immigration reform]
* Immigration reform is not a substitute for educating the US workforce
* We should give permanence to people we want to keep (i.e., not keep them on some treadmill with the possibility of a forced exit, which prevents their long-term life planning)
* We need to address the family of skilled immigrants, not just the immigrants themselves
More Coverage of the Event
* ABC 7 News
* KCBS radio
* Zusha Ellison of the Recorder
* Joyce Cutler of BNA (BNA subscription required)
* Mike Masnick
* Joel West
* Colette Vogele
* Warren's Washington Internet Daily also ran a story (not web-linkable) "Boucher Promises Online Privacy Bill Draft Soon"
* The extensive Twitter discussion at hashtag #sotnw. Twitterers included @ipolicy, @caminick, @persistance, @miss_eli, @techpolicygirl, @cathygellis, @mmasnick, @nextgenweb, @marianmerritt, @larrymagid, @christinela, @mblatkin, @seangarrettnow, @vogelelaw (who didn't always use the hashtag--we will try to publish a standardized hashtag at future events). Whew! Apologies if I missed anyone. I can't recall seeing more Twitterers in an audience--everyone seemed to have their Twitter page up constantly. As usual, I didn't turn on my computer at the conference (I take notes by hand and blog them later), so my comments seem woefully out-of-date already!
We plan to post the event audio soon so you can listen for yourself. I'll announce the audio posting at my Twitter account when it's live.
UPDATE: Audio now available: Download (item 27) or Stream
Posted by Eric at 10:54 AM | Adware/Spyware , Copyright , E-Commerce , General , Internet History , Marketing , Patents , Privacy/Security | TrackBack
August 04, 2009
Wikipedia and Rules Proliferation
By Eric Goldman
I have previously mentioned how rule sets tend to expand over time. We've seen this with legislation; for example, consider how the Copyright Act has grown over time. Personally, I've seen code expansion over and over again in the context of negative behavioral restrictions in user-to-user communities. A 2008 article by Brian Butler, Elisabeth Joyce and Jacqueline Pike entitled "Don’t Look Now, But We’ve Created a Bureaucracy: The Nature and Roles of Policies and Rules in Wikipedia" provided yet another dramatic example of this phenomenon in the Wikipedia context. They write:
___________
One useful measure of increased complexity is the change in lengths in terms of word count alone of the policies from the first version to most current. All policies studied grew enormously.
• Copyrights: 341 words => 3200 words: 938%
• What Wikipedia is not: 541 words => 5031 words: 929%
• Civility: 1741 words => 2131 words: 124%
• Consensus: 132 words => 2054 words: 1557%
• Deletion: 405 words => 2349 words: 580%
• Ignore all rules: exceptional case
The first version of the Ignore all rules policy is only 23 words long, stating, “If rules make you nervous and depressed, and not desirous of participating in the Wiki, then ignore them and go about your business” [45]. The current version is actually shorter, only 16 words, and says, “If a rule prevents you from working with others to improve or maintain Wikipedia, ignore it” [45]. However, as suggested earlier in this paper, while the actual wording of this policy declined 69% and it appears on the surface to be the least bureaucratic of the policies, the supplemental page directly linked to this policy contains 579 words, indicating that the policy swelled over 3600% [45].
___________
There are some obvious detrimental consequences of this expansion. First, it facilitates wikilawyering. As the rules get more complicated, there are more ambiguities to debate and potentially more contradictory rules. Second, it becomes a bigger barrier to entry for newcomers or casual users; either they must try to master a greater and more complex rule set, or they are more likely to transgress and have their contributions reversed.
Posted by Eric at 10:35 AM | Internet History , Licensing/Contracts | TrackBack
May 03, 2009
April 2009 Quick Links
By Eric Goldman
[Just a reminder that I am posting some “quick links” exclusively to my Twitter account, so if you want to keep up with everything, follow me at Twitter or subscribe to the RSS feed.]
Marketing/Spam
* Zango is dead (and so is adware), Ken Smith, Zango's CTO, conducts a post mortem: What Zango Got Wrong and What Zango Got Right. Mike Masnick's post-mortem.
* The FDA's instructions about pharmaceutical search marketing have led to lots of confusion. See Search Engine Land and the NYT.
* NYT: "Never Mind What It Costs. Can I Get 70% Off?"
* Tsan Abrahamson on social media and marketing law.
* Asis Internet Servs. v. Consumerbargaingiveaways. A district court diverges from Mummagraphics and says CAN-SPAM does not preempt CA's anti-spam law even if there is no common law fraud.
* Jackson v. American Plaza Corp., No. 08-8980 (S.D.N.Y. April 28, 2009), A Craiglist advertiser isn't a third party beneficiary of Craigslist's contract for purposes of stopping another advertiser from breaching the contract (in this case, spamming the forum).
Defamation
* Gardner v. Martino (9th Cir. April 24, 2009). I'm not a fan of talk radio, and the 9th Circuit apparently isn't either. The court upheld an anti-SLAPP dismissal of a defamation claim against the radio talk show host because "The Tom Martino Show is a radio talk show program that contains many of the elements that would reduce the audience’s expectation of learning an objective fact: drama, hyperbolic language, an opinionated and arrogant host, and heated controversy." Accord DiMeo v. Max. As Marc Randazza notes, rulings like this pose a challenge for those who think contextually ridiculous statements should be treated as "cyberbullying" or "cyber-harassment." Cf. the Finkel v. Facebook case involving asinine but clearly meaningless chatter on a private Facebook page.
* Some big defamation losses reported by CMLP:
- Blogger hit with $1.8M damage award.
- $12.5M defamation judgment against a gripe site.
* CMLP has a page organizing all of its 47 USC 230 material.
Intellectual Property
* Publicly republishing a private email leads to a default judgment of copyright infringement.
* Bryant v. Europadisk, Ltd., 2009 WL 1059777 (S.D.N.Y. April 15, 2009). In 2000, musicians authorized distributors to distribute their [hard copy] recordings, which the defendants ultimately ripped and allowed Amazon and Rhapsody to deliver via downloading. The resulting lawsuit turned on the interpretation of the license agreement term “internet sites.” The court says the term "is not ambiguous and does not extend to websites selling digital copies of songs. At the time the parties entered into the agreements, The Orchard sold physical copies only. As its Vice President explained by affidavit testimony, digital downloads of music did not become a “viable business” until iTunes was launched in approximately April 2004, long after Media Right and Gloryvision entered into contract."
* Octomom is seeking trademark registrations.
Miscellaneous
* GeoCities is shutting down.
* eBay will referee customer disputes.
* Wilson Sonsini's VC financing term sheet generator.
* Oddee: 10 Most Bizarre [Online] Gaming Incidents
Posted by Eric at 06:31 AM | Adware/Spyware , Content Regulation , Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Spam , Trademark , Virtual Worlds | TrackBack
April 11, 2009
Q1 2009 Quick Links, Part 3
By Eric Goldman
Blogging and Social Networking Sites
* A new version of the EFF Legal Guide to Blogging. While you're there, consider joining EFF as a member. The EFF does first-rate work, and they can use all the support they can get in this economic downturn.
* Red Tape Chronicles: "Blogger: Cash4Gold tried to 'bribe' me."
* Klein v. City of Laguna Beach, 594 F. Supp. 2d 1142 (C.D. Cal. Jan. 23, 2009): "many of the cases striking down ordinances that restrict sound-amplification equipment are artifacts of a bygone age that offered activists few media of mass communication. Twenty, thirty, or fifty years ago, a sound truck was an important means of spreading a message to a large group of people. Now, one must only have a computer and a printer to publish a newsletter or handbill. The Internet, e-mail, text messaging, and widespread mobile communications devices have made it easier than ever to reach a large audience on a small budget. Indeed, it might be easier for Mr. Klein to reach the youth he wishes to target by using Facebook or MySpace."
* Maybe everyone already knew this, but I learned something interesting about Blogger. Apparently in some cases they will place an interstitial warning in front of certain user-posted content.
* Doninger v. Niehoff, 2009 WL 103322 (D. Conn. Jan. 15, 2009). On remand from the Second Circuit, the district court denies damages for a student whose off-campus blog entry led to school discipline. At the same time, Wendy Davis reports on how a Conn. Bill Would Protect Students' Free Speech Online:
* Funny article on Facebook's efforts to police against people who create funny account names, which sometimes ensnares people who actually have funny names like Batman, Six, Super, Pancake and Kisser.
* Facebook Sex-Extortion Plot: a boy pretends to be a girl, gets boys to send naked photos to him, and then threatens to go public with the photos unless they consent to sex with him.
* Dynamic Sports Nutrition, Inc. v. Roberts, 2009 WL 136023 (S.D. Tex. Jan. 16, 2009). A former employee republishing confidential information via his blog is enjoined.
* We now know that Facebook settled with ConnectU for $65M. However, ConnectU might get a little more cash after this information was inadvertently disclosed by its former counsel, Quinn Emanuel, in a marketing brochure.
* Facebook gets TRO against Wallace.
* Some people gave up Facebook for Lent.
* Reuters writes up a shocking study: many teens on MySpace post things they might regret.
* State v. Hause, 2009 WL 295404 (Ohio App. Ct. Feb. 9, 2009). Facebook photos help convict a woman for allowing minors to drink alcohol in her house.
* U.S. v. Villanueva, 2009 WL 455127 (11th Cir. Feb. 25, 2009). MySpace photo and YouTube video showing defendant holding firearms contribute to sentence enhancements for firearms charges.
* John Palfrey & Adam Thierer discuss Palfrey's arguments to "improve" 47 USC 230 by reversing Doe v. MySpace.
Defamation/Cyberbullying
* JuicyCampus has shut down. LA Times, Chronicle of Higher Education, CMLP.
* Lengthy article on the AutoAdmit lawsuits. And a mixed ruling in Ciolli v. Iravani.
* Noonan v. Staples (1st Cir. Feb. 13, 2009). Truth is NOT an absolute defense to defamation in Massachusetts, which apparently also has seceded from the Union because the First Amendment no longer seems to apply.
* Neuwirth v. Silverstein, 2009 WL 294737 (Cal. App. Ct. Feb. 9, 2009). Reiterating that a website can be a public forum for purposes of anti-SLAPP laws. The CMLP writeup.
* Douchebags Lawsuit dismissed. Marc Randazza mocks the lawsuit.
* Rios v. Fergusan, 2008 WL 5511215 (Conn. Super. Ct. Dec. 3, 2008). Connecticut court has jurisdiction to issue restraining order against North Carolina man who posted YouTube video threatening Connecticut woman.
* Fahmy v. Hogge, 2009 WL 33418 (C.D.Cal. Jan. 2, 2009). Court denies Fahme's motion to set aside the dismissal based on lack of jurisdiction because Fahme made the error that caused the dismissal.
* 24Grille v. TripAdvisor (complaint filed April 2, 2009). Restaurant sues TripAdvisor for anonymous TripAdvisor review. Hello 230!
* Censorious laws brewing in WV and NJ.
Yelp
I have been meaning to post about my experiences with Yelp as a reader and a writer, but that has been repeatedly deferred. So, instead, how about a quick recap of Yelp’s woes? Yelp has been under the microscope quite a bit in the last few months.
* Wendy Davis recaps all the Yelp-related litigation she and I could find--at least 5 known cases. CMLP recaps a couple of the lawsuits.
* This East Bay Express article about Yelp caused quite a stir. It was followed up with more attributed sources. A number of other media outlets covered Yelp, including News.com and the NYT. For a full rundown of Yelp haters, check out the Eater coverage.
Wikipedia
* 25 Biggest Blunders in Wikipedia History.
* Two books about Wikipedia I’ve been checking out.
- Wikipedia, the Missing Manual.
- How Wikipedia Works.
Pornography
* Mukasey v. A.C.L.U., No. 08-565. The Supreme Court declined the cert petition regarding the challenge to the 1998 Child Online Protection Act, officially killing the law after a decade of litigation. Putting aside the merits of the law, it would have been a huge shock to the Internet community to have a circa-1998 criminal act resurrected! I'd like to think Congress will be wiser than to try to criminalize Internet porn a third time, but the regulation of Internet porn is like a siren song to Congressmembers.
* State v. Hurst, 2009 WL 580453 (Ohio App. Ct. March 6, 2009). From the unfortunately-named Licking County courts, the defendant downloaded 14,000 pornographic photos into his work computer's local cache in a five day period (he acknowledged he spent 70% of his workday downloading porn). An expert said that about 50 of the photos were child pornographic. The defendant was convicted of possessing child pornography even though he argued that he didn't intentionally download the photos, getting a 39 month sentence and classified as a sex offender.
* Excellent article by Colette Vogele on suing over a sex tape.
Gambling
* The credit card payment systems blocked the New Hampshire Lottery due to the Unlawful Internet Gambling Enforcement Act of 2006.
* Peer-to-peer gambling OKed in Washington.
Posted by Eric at 12:53 PM | Content Regulation , Derivative Liability , Internet History , Privacy/Security | TrackBack
April 10, 2009
Q1 2009 Quick Links, Part 2
By Eric Goldman
Trademarks/Domain Names
* The ridiculous Jones Day v. BlockShopper case settled. The settlement agreement. The ABA Journal and Legal Blog Watch stories. Commentary from CMLP, Paul Levy, Tom O'Toole.
* The trial court denouement of the S&L Vitamins v. Australian Gold did not turn well for the defense--$6M jury award. The S&L Vitamins v. Australian Gold and Designer Skins v. S&L Vitamins cases subsequently settled. According to Ronald Coleman: "This settles, for our clients S&L Vitamins, Inc., the Australian Gold case and the related appeal in the Designer Skin case. All money judgments are vacated and parties bear their own fees. Our client agrees to move on to another line of work, however."
* Twelve Inches Around Corp. v. Cisco Systems, Inc., 2009 WL 928077 (S.D.N.Y. March 12, 2009). 17 USC 512(f) does not cover trademark takedown notices.
* Suarez Corp. v. Earthwise, 2008 U.S. Dist. LEXIS 92931 (W.D. Wash. Nov. 14, 2008). Including a competitor's name in a web page disclaimer creates initial interest confusion when the competitor's name is indexed by the search engines. Compare Promatek v. Equitrac, the 2002 7th Circuit case ordering the defendant to include the plaintiff's name on its web page as a cure for initial interest confusion.
* CRS Recovery v. Laxton, 2008 WL 4408001 (N.D. Cal. Sept. 26, 2008). Another California-based court says that domain names are property that can be converted. I'm amazed that these cases are still being brought.
* North American Bushman, Inc. v. Saari, 2009 WL 211932 (M.D. Pa. Jan. 27, 2009) The parties entered into a settlement agreement that "Plaintiffs further agree not to use, and in addition, to offer up or destroy, any material that includes, but is not limited to, the names, photos, images, embroideries, of likeness of [Defendant] James Saari and any of the a above named trade names and trademarks of Defendants." The court holds that this provision wasn't breached when third party users posted comments referencing the defendants in UGC areas of websites operated by the other party.
* Advice Co. v. Novak, 2009 WL 210503 (N.D. Cal. Jan. 23, 2009). Justia page. Stupid lawsuit alert! Attorneypages.com believes Attorneyyellowpages.com infringes its trademark. Case dismissed for lack of personal jurisdiction. Participating in Google AdSense doesn't automatically create jurisdiction in CA.
* DSW v. Zappos, which involved allegations of trademark infringement based on Zappo's affiliates, settled.
* An update on Google's AdWords woes in France.
* Kiva Kitchen & Bath Inc. v. Capital Distributing Inc., 2009 WL 890591 (5th Cir. April 2, 2009). The Fifth Circuit upholds enhanced damages under ACPA. Good discussion of the purpose of damages in the ACPA.
* Toys R Us buys the domain toys.com for over $5M. Is any domain name worth $5M any more?
* A 2007 interview with "Pokey" of Pokey.org fame. This is one of my favorite domain name disputes from the 1990s. A very smart cyberlawyer (Ian Ballon), on behalf of the trademark owners of Pokey & Gumby, unexpectedly got into a public tangle with a 12 year old kid nicknamed "Pokey" over the domain name pokey.org. Debating 12 year old kids in the press never turns out well.
Advertising/Marketing
* Some new material on behavioral advertising: an FTC report and a CRS report.
* Latest NYT article on human billboards. See my prior blog post.
* Privacy advocates are freaking out about Google Android and its ability to deliver location-based information and ads. But location-based information and ad targeting is inevitable...and a good thing.
* Action over mobile marketing: Mobile Messenger settled a false advertising suit with Florida for $1M, and another settlement. Google's response.
* The class in the "Vista Capable" lawsuit was decertified.
* Tsan's post on the latest FTC efforts to rein in testimonials on social networking sites and blogs. Unfortunately for the FTC, some of its efforts may be preempted by 47 USC 230.
* eBay v. Digital Point Solutions, 2009 WL 481269 (N.D. Cal. Feb. 24, 2009). eBay loses an intermediate round in its cookie stuffing lawsuit against Digital Point Solutions.
* e360, a serial defendant in spam cases, sued Choicepoint for selling it email addresses that led to the suits. Apparently neither e360 nor Choicepoint got the memo that the days of email list brokering are dead.
Search Engines
* Study: Google's search lead not matched by loyalty. A critical response.
* Is Google giving big brands extra credit in its organic search results rankings? Compare: media giants complaining they don't get enough weighting in organic results.
* Sign of improving consumer search skills: search queries are getting longer.
* Yahoo reserves the right to "auto-optimize" advertiser accounts by changing ads and advertiser bids automatically. This is not a popular move.
* Wired: The Plot to Kill Google.
Posted by Eric at 10:20 AM | Domain Names , Internet History , Marketing , Search Engines , Spam , Trademark | TrackBack
March 19, 2009
IEEE ComSoc SCV Talk: "Engineers' Role in Internet Law Development"
By Eric Goldman
Last week, I gave a talk at a meeting of the IEEE Communications Society, Santa Clara Valley chapter. I don't often get the chance to speak to a group of engineers, so I decided to go in a little different direction than my normal talks. I gave a procedure-oriented talk about how lawyers and engineers can work together to improve legal compliance. Along the way, I pointed to the Roommates.com and Cablevision cases as two case studies of how product design choices can influence the legal analysis (one good, one bad). My talk slides.
Posted by Eric at 10:25 AM | Copyright , Derivative Liability , Internet History | TrackBack
March 11, 2009
The Third Wave of Internet Exceptionalism
By Eric Goldman
[I initially wrote this as an editorial for our University magazine and republished that version through InformIT as well. Here's the original unedited version I submitted.]
From the beginning, the Internet has been viewed as something special and “unique.” For example, in 1996, a judge called the Internet “a unique and wholly new medium of worldwide human communication.”
The Internet’s perceived novelty has prompted regulators to engage in “Internet exceptionalism,” crafting Internet-specific laws that diverge from regulatory precedents in other media. Internet exceptionalism has come in three distinct waves:
The First Wave: Internet Utopianism
In the mid-1990s, some people fantasized about an Internet “utopia” that would overcome the problems inherent in other media. Some regulators, fearing disruption of this possible utopia, sought to treat the Internet more favorably than other media.
47 USC 230 (a law still on the books) is a flagship example of mid-1990s efforts to preserve Internet utopianism. The statute categorically immunizes online providers from liability for publishing most types of third party content. It was enacted (in part) “to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services, unfettered by Federal or State regulation.” The statute is clearly exceptionalist because it treats online providers more favorably than offline publishers—even when they publish identical content.
The Second Wave: Internet Paranoia
Later in the 1990s, the regulatory pendulum swung in the other direction. Regulators still embraced Internet exceptionalism, but instead of favoring the Internet, regulators treated the Internet more harshly than analogous offline activity.
For example, in 2005, a Texas website called Live-shot.com announced that it would offer “Internet hunting.” The website allowed paying customers to control, via the Internet, a gun on its game farm. An employee manually monitored the gun and could override the customer’s instructions. The website wanted to give people who could not otherwise hunt, such as paraplegics, the opportunity to enjoy the hunting experience.
The regulatory reaction to Internet hunting was swift and severe. Over 3 dozen states banned Internet hunting. California also banned Internet fishing for good measure. However, regulators never explained how Internet hunting is more objectionable than physical space hunting.
For example, California Sen. Debra Bowen criticized Internet hunting because it “isn't hunting; it's an inhumane, over the top, pay-per-view video game using live animals for target practice….Shooting live animals over the Internet takes absolutely zero hunting skills, and it ought to be offensive to every legitimate hunter.”
Sen. Bowen’s remarks reflect numerous unexpressed assumptions about the nature of “hunting” and what constitutes fair play. In the end, however, hunting may just be “hunting,” in which case the response to Internet hunting may just be a typical example of adverse Internet exceptionalism. [For more, check out my 2005 editorial on Internet hunting.]
The Third Wave: Exceptionalism Proliferation
The past few years have brought a new regulatory trend. Regulators are still engaged in Internet exceptionalism, but each new advance in Internet technology has prompted exceptionalist regulations towards that technology.
For example, the emergence of blogs and virtual worlds has helped initiate a push towards blog-specific and virtual world-specific regulation. In effect, Internet exceptionalism has splintered into pockets of smaller exceptionalist efforts.
Regulatory responses to social networking sites like Facebook and MySpace are a prime example of Internet exceptionalism splintering. Rather than regulating these sites like other websites, regulators have sought social networking site-specific laws, such as requirements to verify users’ age, combat sexual predators and suppress content that promotes violence. The result is that the regulation of social networking sites differs not only from offline enterprises but from other websites as well.
Implications
Internet exceptionalism is not inherently bad. In some cases, the Internet truly is unique, special or different and should be regulated accordingly. Unfortunately, more typically, exceptionalism cannot be analytically justified and instead reflects regulatory panic.
In these cases, regulatory exceptionalism can be harmful, especially to Internet entrepreneurs and their investors. It can distort the marketplace between web enterprises and their offline competition—occasionally advantaging the website (such as 47 USC 230), but typically hindering the web business’ ability to compete. In extreme cases, such as Internet hunting, unjustified regulatory intervention may put companies out of business.
Accordingly, before enacting exceptionalist Internet regulation, regulators should articulate how the Internet is unique, special or different and explain why these differences support exceptionalism. Unfortunately, emotional overreactions to perceived Internet threats or harms typically trump such a rational regulatory process. Knowing this tendency, perhaps we can better resist that temptation.
Posted by Eric at 12:20 PM | Content Regulation , Derivative Liability , Internet History | TrackBack
February 20, 2009
Facebook User Agreement Imbroglio Recap (and Some Comments of My Own)
By Eric Goldman
I didn't have a chance to blog on the Facebook user agreement amendment flap in real-time, but now that Facebook has rolled back its amendments and everyone is catching their breath, the Monday morning quarterbacking is proceeding in full earnest. Some of the articles that caught my attention:
* CNET News.com: "Facebook's about-face: Change we can believe in?"
* InternetNews: "Experts: Facebook Must Rethink TOS Stance"
* EFF: "Facebook's reaction is a tremendous victory for its users." I guess that's true, in the way that getting back to zero at a casino sometimes can be considered a win.
* Bill McGeveran powerfully (and with irony) demonstrates that Facebook's terms weren't all that unusual. Et tu, Consumerist?
Some of my own observations:
* When you're a high-profile company living in the media fishbowl like Facebook, there is no such thing as a minor amendment to your user agreement.
* Facebook's amendments--and the news reports about them--were confusing for two independent but often correlated problems. First, lay readers often misread user agreements, especially broad license grants that users mistakenly read as statements of ownership. This is a well-known and long-standing phenomenon; see, e.g., the flap over GeoCities' user agreement from a decade ago. So initial news reports on Facebook's amendments were garbled and perhaps overly dramatic.
Second, Internet lawyers often draft user agreements using legalese in ways that make the agreements indecipherable to lay readers...and, not infrequently, to other lawyers. Having drafted a lot of them in my life, I'm a pretty sophisticated reader of user agreements, yet it took me a fair amount of time to parse Facebook's license terms to figure out what they were saying--and, even then, I wasn't quite sure. In particular, the "perpetual" and "irrevocable" terms in the license agreement were in seeming conflict with Facebook's promise in the same license grant to honor a user's privacy settings. In other words, if a user can set the configurations to remove content from Facebook's purview and Facebook will honor those instructions, then how is Facebook's license grant irrevocable? Unless I'm missing something big, this looked to me like a drafting error by Facebook. (And check out Nancy Kim's op-ed identifying this exact issue--in March 2008).
This suggests a drafting lesson we might internalize from Facebook's hassles (Jonathan Zittrain makes a complementary point). We as Cyberlawyers are used to parroting the exact words from the applicable statutes and caselaw because it seemingly increases the precision of the agreement, but frankly I think Facebook and other Internet companies would do a whole lot better--both legally and in the court of public opinion--if it junked the legalese and actually tried to write license grants in real English.
* Partially obscured in the haze is the lurking question of whether Facebook can unilaterally amend its user agreement without providing any notice to users. I don't even see this as a close question. From my reading of the precedents, I think the answer is pretty emphatically NO, both as a matter of contract law (and see more; but compare MySpace v. theglobe.com) and FTC law (see, e.g., the Gateway Learning case). Without a doubt, I wouldn't want to be Facebook trying to defend the new incremental changes in court.
* I got a few inquiries about whether a lawsuit against Facebook would have been successful. As Ethan explained recently, there may be unexpected hurdles to any such lawsuits.
* Now that Facebook has stirred the hornet's nest, it's not clear that they can simply roll back to the prior version of the user agreement and put everyone back in the happy apple. Instead, having called attention to its licensing policies, Facebook will be lucky if the pre-amendment terms survive as those undergo critical and jaundiced scrutiny from users. David Kirkpatrick touches on this.
* No matter how Facebook resolves its agreement, this episode has been damaging to its trust relationship with its users. It gives users yet another reason to question whether Facebook is a site we can trust. For users who lived through the Newsfeed and Beacon episodes, this may be a three-strike situation. For others, the fracas is yet another wedge in the users' relationship with Facebook. Trust is hard to earn and easy to lose.
Having said that, in the past couple of quarters, Facebook has been riding a strong network effects bull and seeing remarkable growth DESPITE Beacon. So Beacon clearly did not destroy users' trust in Facebook. At the same time, if users fall out of love of Facebook due to loss of trust, they will scale back their involvement with Facebook, which ultimately could negate the network effects benefits they are currently experiencing. IMO, this is the real risk created by Facebook's highly publicized problems.
Posted by Eric at 08:57 AM | Internet History , Licensing/Contracts , Privacy/Security | TrackBack
February 06, 2009
2008 Cyberlaw Year-in-Review
By Eric Goldman
It's a sign of my schedule that I'm just now getting to this, and this post will be more pithy than I initially conceived. This post recaps some of the Cyberlaw highlights from last year. Frankly, the two biggest stories of 2008 were the financial markets meltdown and the ascension of President Obama, neither of which have a lot of Cyberlaw angles. In light of those big developments, Cyberlaw in 2008 was comparatively quiet. However, there is still plenty of interesting developments to revisit.
Broad Themes
A few broad themes emerged last year:
* Ludicrous trademark claims. 2008 hardly had a monopoly on dumb trademark claims; those are perennial. But 2008 certainly saw some asinine entries, including putative Cyberlawyer Eric Menhart's claim to own a trademark in the term "Cyberlaw," Jones Day's efforts to claim that a web page referencing its name as the employer of some homebuyers violated its trademark rights, and putative Cyberlawyer John Dozier's claim that if his name is used as anchor text, the link must go to his website or it violates his trademark right.
* This was a good year for expansive readings and applications of user agreements. Some examples:
- the Lori Drew prosecution, where Lori was convicted of violating an agreement that someone else clicked through.
- Jacobsen v. Katzer, where a user of copyrighted material is bound by a contract that he/she never clicked through at all.
- AV v. iParadigms, where kids were not allowed to void a user agreement despite their status as minors (and despite the fact that some of them had no meaningful choice about whether or not to consent).
- JuicyCampus enforcement action, where the New Jersey Attorney General's office tried to treat a negative user behavioral restriction in a user agreement as an affirmative marketing representation that such user behavior would not occur on the site.
* One of the long-standing Cyberlaw memes is that websites must either be passive conduits to avoid liability or active editors to manage their liability, but if a website chooses the latter, the website is liable for any editorial mistakes. That is, if the website edits its site but misses something, it's fully liable for what it missed. This simply isn't true under 47 USC 230, which allows websites to choose to be passive, active or anything in between without varying liability. In the IP context, this passive v. active meme has had more traction, but 2008 saw two solid cases suggesting that if a website tries to police its premises and fails, courts will be sympathetic and excuse any omissions. Example #1: Tiffany v. eBay, where the court gave eBay extra credit for its VeRO program as a basis to excuse any counterfeit goods that slip through. Example #2: Io v. Veoh, where the court was more willing to excuse Veoh because it had undertaken extra policing efforts than was required for the 17 USC 512 safe harbor. Finally, although not an IP case, the court in Cisneros v. Yahoo also lauded search engines for their affirmative efforts to block gambling ads, which the court acknowledged was a hard challenge.
* Despite some adverse rulings early in the year, punctuated by the Ninth Circuit's en banc ruling in Roommates.com, the 47 USC 230 immunization is still extremely robust. We saw a number of expansive and pro-defense rulings per 230 throughout the year, including Craigslist, Doe v. MySpace, Cisneros v. Yahoo and Goddard v. Google. Perhaps more importantly, in the three 230 cases I've seen since Roommates.com that cited to the opinion, all three cited the opinion in ruling for the defense.
* Battles over keyword advertising are hardly over, even though Utah officially backed off its attempt to ban them. The ABA IP Section tried to get into the act, and American Airlines sued Google, settled, and then sued Yahoo.
Top 11 Cyberlaw Developments of 2008
#11: Utah Trademark Protection Act repealed. The Utah Trademark Protection Act had the potential to throw the entire keyword advertising business into turmoil. Instead, now that it's repealed, it just remains as a dramatic reminder of the Utah legislature's incompetence regarding Internet legislation.
# 9 and 10: Fair Housing Council v. Roommates.com and Goddard v. Google. The Roommates.com en banc opinion makes the list based mostly on its potential consequences, not its actual effect. It remains one of the most significant pro-plaintiff incursions into the solidly defense-favorable interpretations of 47 USC 230, but it's so riddled with contradictory and ambiguous language that no one really knows what to do with it. I think Judge Fogel's reading of the case in Goddard v. Google has the potential to become the defining interpretation of the case, and his solidly defense-favorable reading of the precedent in excusing Google for ads placed by its advertisers may only reinforce how little Roommates.com changed the law.
#8: AV v. iParadigms. This case was a terrific win for online fair use enthusiasts because the for-profit commercialization of a database of third party copyrighted works was still deemed fair use. The upholding of the contract against the minors forced to enter into it was also significant. Before this ruling, my assumption is that any plaintiff trying to form a class action lawsuit in the face of an adverse user agreement could always form the class on behalf of any minors who had the right to void the contract. This case seems to shut down that loophole in user agreement protection.
#7: Io v. Veoh. The 17 USC 512(c) safe harbor has been law for over a decade and has produced a couple dozen rulings, but few are cleaner and more decisive for the defense than this one. It was a textbook example of a court rejecting the many different arguments plaintiffs make to kick a defendant out of the safe harbor, and as mentioned before, it was a great validation for Veoh's decision to do more than 512 required.
#6: Jacobsen v. Katzer. From a doctrinal standpoint, this case raises really difficult questions about how a copyright consumer can be bound to terms that he/she never "assented" to. Even so, this case had huge implications because it effectively validated that open source licenses can be binding on licensees, giving much more legal credibility to the entire multi-billion open source software industry. However, an odd footnote: on remand, the district court denied an injunction for the plaintiff, raising more issues about what exactly the plaintiff won at the Federal Circuit.
#5: Tiffany v. eBay. A fantastic validation of eBay's practices against a very serious and sympathetic challenger who had plenty of evidence that counterfeit goods were being sold on eBay's site. The case also shows that courts can grow tired of IP owners simply making up their own rules about how online sites should protect them and then suing the sites for breaching these artificial rules.
#4: Mazur v. eBay. A more scary case to 47 USC 230 defense enthusiasts than the Roommates.com opinion. The court says that eBay isn't protected by 230 for some of the marketing representations it makes, even if those representations are rendered untrue by third parties. While this makes a lot of doctrinal sense, it is also a green light for plaintiffs to mine a website's marketing representations as a way to bypass the otherwise-fatal consequences of 230 on a lawsuit triggered by user behavior or content.
#3: Google Book Search settlement. This makes the list for two independent reasons. First, many folks were hoping the case would establish solid precedent on online fair use, and the settlement ended that hope. Second, the proposed Book Rights Registry has the potential to reshape a number of major industries, including the book publishing business, the book retailing industry and the library industry.
#2: the Lori Drew prosecution. I think this may have been the most polarizing Cyberlaw development of 2008, exposing deep divides in people's appetite for punishing bad conduct online. It's hard to assess the overall implications of her conviction because no one rallied to praise Lori Drew's choices, and her case is still a ways from a final legal outcome. However, the possible implications of the case were so complex that it took a special three part series for me to explore its nuances (1, 2, 3).
#1: Cartoon Network v. CSC (the "Cablevision" case). Boy, the more I think about this case, the more important it becomes. The case upends our assumption that if we see it online, it's fixed, creating a new class of unfixed electronic works. Also, the court treats the users, not the service, as making the requisite copies, which reinforces the possibility that online providers can be just "dumb technology providers" for copyright law purposes and reinvigorates the possible defense that a service provider's copying is just done as a proxy for its users. However, the Supreme Court's ambiguous response to the cert petition--not yes, not no, but a request to the Solicitor General for comments--leaves this decision in a precarious position.
Other Developments of Special Note
47 USC 230
* Doe v. MySpace. The Fifth Circuit soundly rejects the argument that MySpace had an obligation to police its “premises.”
* Craigslist. Judge Easterbrook's language in Doe v. GTE had given plaintiffs some hope that the Seventh Circuit would provide a friendly venue to plaintiffs trying to overcome 47 USC 230. Judge Easterbrook may still love his language (which he quoted extensively in the Craigslist ruling), but his practical and no-nonsense ruling for the defense squelches the hope that the Seventh Circuit will become a plaintiff's haven.
* New Jersey's enforcement action against JuicyCampus. State AG offices HATE 47 USC 230.
Affiliate Liability
* Impulse Media. A jury thumped the FTC's overly expansive views of affiliate liability for spam.
* NY v. Direct Revenue. A state judge emphatically rejected the NY AG's office's expansive views of affiliate liability for adware.
Trademarks/Domain Names
* American Airlines' lawsuits against Google and Yahoo. No one I know fully understands why American Airlines sued Google for selling its trademarks for keyword ads. No one I know understands what concessions Google gave to American Airlines to settle the case. And no one I know understands why American Airlines decided to sue Yahoo after procuring the Google settlement. It's all a big mystery.
* NSI's grabbing of domain names in response to WHOIS queries. Is there any better example of ICANN's failings to police domain name retailers than to have one retailer selling a scarce good grabbing the good exclusively (blocking attempted sales by all other retailers) when a customer merely inquires about it?
* Kentucky's attempted seizure of 141 gambling-related domain names. As I wrote before, "Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name."
* Eric Menhart, a lawyer who claims to practice Cyberlaw, doesn't know that Cyberlaw is a generic term.
* New gTLDs. Maybe I should reserve this development for 2009...if it happens.
Others
* McCain complains about 512(c)(3) notices taking down his YouTube videos. Surprise! 512(c)(3) notices are unforgiving. Sen. McCain, now that you've had a first-hand taste of their power, maybe you'd like to revisit the statute to see if it's producing the right incentives?
* FCC's bust of Comcast. The pro-regulatory forces were queued up to pounce on any examples where an IAP violated Net Neutrality principles, and Comcast's chicanery in forging reset packets was impossible for anyone to defend.
* NebuAd's flameout. Behavioral ad targeting is in our future unless regulators stop it. NebuAd won't be the winning provider of targeting services, but legislators will keep trying to regulate it further out of existence nonetheless.
Posted by Eric at 05:50 PM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack
February 03, 2009
Social Networking Sites and Blogs Talk for Students
By Eric Goldman
Today I gave a talk entitled "Social Networking Sites and Blogs" for the on-campus Student Intellectual Property Law Association (SIPLA). My slides. In conjunction with this, I thought it might be useful to organize a bibliography of my previous postings and materials on these topics.
Blogs Generally
* Three part series on blogging: How I decide which blogs to read?, Should I blog? and If I decide I want to blog, how do I get started?
* LexBlog Q&A with Rob La Gatta, parts 1 and 2
* Blogging, Scholarship and the Bench and Bar Panel Recap
* North Carolina Blogging Conference Recap
* Recaps of the first and third gatherings of the Bay Area Blawgers
Blog Law