Technology & Marketing Law Blog: Internet History Archives

Technology & Marketing Law Blog

April 17, 2013

Why You'll Soon Be Paying Sales Taxes on All of Your Internet Purchases--Amazon v. NY Taxation Department (Forbes Cross-Post)

By Eric Goldman

In the 1992 case Quill v. North Dakota, the U.S. Supreme Court said an out-of-state retailer can't be obligated to collect sales taxes from buyers in states where the retailer lacks a physical presence. In those situations, buyers are required to self-report and pay a use tax; however, few buyers make these payments, so state tax revenues depend on getting sellers to collect sales taxes. In their never-ending quest to boost tax revenues, states have been experimenting with ways to work around Quill so the states can capture revenue from out-of-state sellers. A court ruling from New York recently blessed a tricky Quill workaround implemented by New York. That ruling, plus increasing Congressional interest in the issue, virtually ensures that you'll be paying sales tax on all of your Internet purchases soon.

The "Amazon Tax"

State tax officials have been gunning for Amazon for years due to its huge e-commerce revenues and strategic efforts to limit the number of states where it had a physical presence. Starting in 2008, some states have adopted the so-called "Amazon tax," though the tax applies to other similarly-situated online retailers. The tax targets online retailers' affiliate programs, such as Amazon's "Associates" program, where individuals and businesses refer customers to an online retailer in exchange for a share of the revenue generated by those referred customers. [Note: I have been an Amazon affiliate since 2007]. The Amazon tax says affiliates are the legal equivalent of a company's traveling salespeople; and a retailer has a physical presence in states where its traveling salespeople are located. With this nifty trick of redefining what constitutes a physical presence, the tax superficially satisfies the Quill requirements and allows the state to impose sales tax collection obligations on retailers outside the state.

Amazon didn't stand by idly as states started adopting the Amazon tax. In states that proposed an Amazon tax, Amazon threatened to terminate its affiliate program for those state residents; and Amazon carried through with its threat if the tax was enacted, which both defeated the states' efforts to force Amazon to collect sales tax and simultaneously reduced the income of state residents who were Amazon affiliates.

As a result, the Amazon tax isn't guaranteed to pay off for states adopting it. As one opinion piece argues, Illinois' implementation of an Amazon tax was disastrous--the state lost affiliates, companies fled the state, and the new tax generated only about 5% of its promised sales tax revenue. A different report recounts how states adopting the Amazon tax generate far less sales tax revenue from online commerce than they hoped. For example, California will generate a little over $100M/year in online sales tax revenue, not the $1.9 billion/year projected by analysts.

California's Amazon tax adoption proved to be an inflection point in the Amazon tax battles. Consistent with its threats and practices, Amazon initially tossed its California affiliates overboard (including me). Then, in a startlingly change of tune, Amazon committed to building a distribution facility in California. The distribution facility locks Amazon into a bona fide physical presence, obligating it to collect California sales tax regardless of the Amazon tax. After striking this deal, Amazon restored its affiliate program for California residents.

Why did Amazon flip? In part, it's because Amazon wants to offer same-day delivery. To do so, Amazon will rapidly and dramatically expand its network of distribution facilities, which ensures physical presence in those states and makes the Amazon tax in those states irrelevant to it.

The New York Legal Challenge

While Amazon was fighting state legislatures over the passage of Amazon taxes, Amazon and Overstock.com also fought back in court. In 2008, both companies challenged New York's implementation of an Amazon tax. Recently, the New York Court of Appeals (New York's highest state court) upheld the Amazon tax in Amazon.com, LLC and Overstock.com, Inc. v. New York State Department of Taxation and Finance. [The opinion] It's a terrible opinion that will make most advertising professionals cringe at its cluelessness.

So where do Amazon and Overstock go from here? Amazon and Overstock might appeal the case to the Supreme Court, but I doubt the Supreme Court would hear it. Alternatively, Amazon and Overstock could challenge other states' Amazon tax adoptions in other courts. The New York ruling isn't very convincing and doesn't bind other states; but other courts aren't likely to disagree with New York's highest court. Thus, for all practical purposes, I think the New York ruling probably ends the court battles nationwide.

Alternatively, the New York statute says online retailers can prove that their affiliates aren't like traveling salespeople through extensive documentation. Amazon and other online retailers might choose to gather that documentation, but Amazon and Overstock haven't signaled any intention to do so.

Meanwhile, now that the Amazon tax has survived a major court challenge, any state that hasn't already adopted it will likely do so, making the Amazon tax applicable nationwide. When this happens, Amazon and Overstock will have to collect sales tax nationwide, along with other online retailers with big affiliate programs. Eventually, I expect states to further lower the quantitative thresholds of what affiliates are the equivalent of traveling salespeople, such that most online retailers with affiliate programs will have to collect sales tax nationwide.

Online retailers still retain the nuclear option of killing their affiliate programs, just like Amazon killed it in California for a while. There's a decent chance that the New York ruling and the inevitable nationwide proliferation of the Amazon tax will prompt many online retailers to do so, which jeopardizes the entire affiliate marketing industry.

The Next Battleground: Congress

Meanwhile, e-commerce has become such a large share of the retailing pie that Congress can't ignore it. There has been renewed efforts in Congress to impose nationwide sales tax collection obligations for Internet retailers--see the Marketplace Fairness Act (S.336/H.R.684). (The Quill decision doesn't restrict Congress from taking such actions). The Senate recently passed a non-binding resolution supporting the law, and I think its passage is inevitable and increasingly imminent.

Once Congress imposes nationwide sales tax collection obligations, the Amazon tax becomes irrelevant. Just like Amazon restored its California affiliate program, online retailers won't need to shut down their affiliate program if they are already obligated to collect sales tax nationwide. As a result, rather than fight the Amazon tax state-by-state, the affiliate marketing industry might get behind a nation-wide tax collection obligation. Amazon has already endorsed the Marketplace Fairness Act (after all, it wants its competitors to bear the same costs it's incurring).

So who's left to oppose federal legislation imposing sales tax collection obligations? Offline retailers want to close the loophole that allows online retailers to undercut their prices, and Amazon and the affiliate marketing industry both have been coopted. There may be no more strong voices in opposition.

To be clear, the sales tax collection doesn't constitute a new tax. Buyers are legally obligated to pay use tax for items where the seller doesn't collect sales tax. But because so few buyers currently pay the use tax, the imposition of sales tax collection obligations will be the de facto equivalent of a new tax that online buyers--you and me--will pay.

[Photo Credit: Tax increase button on calculator // ShutterStock]

Posted by Eric at 09:02 AM | E-Commerce , Internet History | TrackBack

April 15, 2013

Designing Optimal Immunities and Safe Harbors (Forbes Cross-Post)

By Eric Goldman

[Note: this is one of those posts that languished in the queue for a few years. Depending on your response, I may decide to turn it into a lengthier academic paper. Please send me your thoughts!]

You already know the legal system is screwed up, but I'd like to be more specific about why. When we say lawyers are "litigious," what we really mean is that too many lawyers spend too much time thinking about how to sue someone else. Similarly, legislators spend their time manufacturing new laws, which usually create more opportunities for people to sue each other (see the Economist’s discussion of this point). Law professors typically do the same; the typical law review article focuses on a social problem and proposes to solve it with a new legal rights. (Just take a look at the torrent of recent academic articles about privacy and you'll see what I mean).

I don't understand why we as a society spend so much time thinking about suing people. I'm much more interested in figuring out how we can stop suing each other. If we could create "lawsuit-free zones," we'd avoid the individual and social costs of adjudicating disputes, including the' settlements payments to get rid of nuisance and otherwise meritless lawsuits. Plus, lawsuit-free zones stimulate business investments by providing more legal certainty to entrepreneurs, which should translate into more jobs. So finding ways to dial down litigation might be the best “jobs stimulus” effort our legislators could undertake.

The way to create lawsuit-free zones is through "immunities" and "safe harbors." Immunities categorically eliminate legal liability in the specified contexts. Safe harbors allow defendants to avoid liability if they take the specified steps. Both help motivate socially beneficial and job-creating activity. Three examples:

* 47 USC 230, an immunity that says websites aren't liable for user-generated content (UGC) except with respect to intellectual property claims and a small number of other specified circumstances. This immunity has become the foundation of the UGC industry, which has created lots of jobs and improved the flow of socially beneficial information. For more on Section 230's merits as economic policy, see my Regulation of Reputational Information paper.

* 17 USC 512, a safe harbor for websites to avoid liability for user-committed copyright infringement. While this safe harbor has some serious flaws (especially when compared to 47 USC 230), it has still provided enough legal certainty to help the UGC industry grow.

* California Business & Professions Code (B&P) 16600, which voids non-compete clauses in California in most circumstances. In her book Regional Advantage: Culture and Competition in Silicon Valley and Route 128, Prof. Annalee Saxenian persuasively demonstrated that this immunity plays an essential role in Silicon Valley's success.

While technically not immunities and safe harbors, two other examples of legal doctrines that help create a lawsuit-free zone:

* the "standing" requirements in Article III of the Constitution, which requires (among other things) that plaintiffs show they have suffered a cognizable harm before they get access to the Federal court system. In particular, Article III standing efficiently kills meritless Internet privacy cases where plaintiffs have suffered no real harm. In turn, the lawsuit-free zone created by Article III standing facilitates experimentation and innovation on privacy-related matters.

* Anti-SLAPP laws applicable to lawsuits brought to suppress socially beneficial speech. Anti-SLAPP laws end those lawsuits quickly and put plaintiffs on the hook for the defendant's attorneys' fees. California has a strong anti-SLAPP law, and it's dramatically reshaped many litigation areas.

Based on these examples, it's possible to reverse-engineer some key attributes of immunities/safe harbors that help create strong lawsuit-free zones:

* Minimal Formalities/Prerequisites. Immunities and safe harbors work best when they don't require technical steps that might be inadvertently overlooked or mishandled. Thus, Section 230 automatically protects every UGC website; and B&P 16600 automatically protects every employee and future employer. In contrast, Section 512 has a long list of technical prerequisites (what we call "formalities") that can disqualify well-meaning but sloppy or uneducated entrepreneurs--or, at minimum, prompt expensive legal fights over whether the formalities have been satisfied.

* Drafting Brevity. The longer the statute, the more things that plaintiffs can fight over. Section 230(c)(1)'s main operative language is only 26 words, which doesn't give plaintiffs a lot of bases to fight. In contrast, Section 512 runs for thousands of words, creating dozens of different vectors to attack a safe harbor defense. As a result, with so many more words to fight over, Section 512 judicial opinions are typically much lengthier--and more expensive to the litigants--than Section 230 opinions.

* Global Preemption. Because too many legal doctrines overlap, an immunity/safe harbor that protects defendants against only one legal doctrine is typically useless; plaintiffs can just focus their energies on other overlapping causes of action that might apply to the same behavior. Thus, an effective immunity/safe harbor eliminates the defendant's liability completely, regardless of what cause of action the plaintiff asserts. For example, Section 230 and Article III standing work so well because they usually categorically preempt all causes of action asserted by the plaintiff, no matter how many or wide-ranging.

* No Weasel-Words. Subjective elements of an immunity or safe harbor, such as the requirement that the defendant act in "good faith" or "innocently," are tautological. They give judges an opportunity to inject their normative views, and they create more opportunities for plaintiffs to fight. As a result, weasel-words can destroy the effectiveness of an immunity or safe harbor. For example, one part of Section 230 (Sec. 230(c)(2)) depends on the defendant's "good faith" conduct; that part has been comparatively useless to defendants as a result.

* Specifically Described Scienter. "Scienter" means the amount of the defendant's bad knowledge or intent. I favor immunities and safe harbors that protect defendants regardless of their scienter. Section 230 does that; websites aren't liable for third party content no matter what the plaintiff alleges about the website's knowledge of the content. Realistically, though, legislators typically will not excuse defendants who have sufficiently bad scienter. If so, the statute should spell out precisely when the defendant has the requisite scienter. For example, Section 512 defines exactly when the defendants have disqualifying scienter about user-caused copyright infringement--defendants must have actual knowledge or awareness of apparent infringement--and it defines the elements of a copyright owner's takedown notice that is sufficient to provide actual knowledge. Unfortunately, Section 512 has been a failure at circumscribing disqualifying scienter. Courts have added other types of disqualifying scienter ("inducement" and "willful blindness" are two examples) that have encouraged plaintiffs to sue over behavior that should be plainly protected by the safe harbor. Thus, Section 512 has become a good cautionary tale of how an immunity or safe harbor's failure to adequately circumscribe disqualifying scienter properly can undermine the immunity/safe harbor's efficacy.

* Quick Resolution. An effective immunity/safe harbor ends unmeritorious lawsuits quickly and cheaply. At minimum, it should keep the case out of discovery, where the costs grow so quickly that the lawsuits punish even successful defendants. Veoh provides a good example of how a safe harbor can become useless if it takes too long. The Ninth Circuit ruled Veoh had properly qualified for a Section 512(c) safe harbor, but the ruling came too late. By the time the Ninth Circuit blessed Veoh's practices, Veoh was already dead due to its unsupportable litigation costs. In contrast, Section 230 cases are usually decided on motion to dismiss grounds and thus are comparatively quick and cheap for defendants, making the immunity a more useful tool for entrepreneurs.

* Sanctions for Bogus Claims. Plaintiffs should internalize the costs of their bad choices. For example, anti-SLAPP lawsuits make plaintiffs pay defendants for bring anti-social lawsuits. This risk that the plaintiff will write a check to the defense--for a lawsuit initiated by the plaintiff--raises the strategic stakes for plaintiffs. It also makes defendants financially whole.

I welcome your further thoughts about the optimal design of successful immunities and safe harbors.

[Photo Credit: 3d rendered illustration defending some pollen // ShutterStock]

Posted by Eric at 11:43 AM | Content Regulation , Copyright , Derivative Liability , General , Internet History | TrackBack

March 12, 2013

"Regulation of Social Media and Mobile Media" Talk Slides

By Eric Goldman

Last month, I spoke at the ABA Antitrust Section's always-well-done Consumer Protection Conference. This time I was recruited as the provocateur to discuss the challenges of regulating social media and mobile media. Regular readers know where I stand on that question. My talk slides.

I did forget to make one joke in my talk, so I'll share it here. Can you imagine how much crime-fighting time that Dick Tracy lost while trying to scroll through the privacy policy on his wrist TV? BTW, the other device on that slide is a Kaypro, the very first computer my family owned over 3 decades ago running the long-forgotten CP/M operating system. They marketed it as a portable device, calling it "luggable" because it weighed in about 30 pounds.

Posted by Eric at 07:12 AM | Internet History , Privacy/Security | TrackBack

February 27, 2013

Resetting One of the Longest Running Cyberbullying Cases--DC v. RR (Guest Blog Post)

By Guest Blogger Sruli Yellin

[Eric's introduction: In the course of blogging over the past 8+ years, I've read hundreds or even thousands of cases. This case ranks in my top 1% of most interesting and memorable cases.

Today, we'd call this a cyberbullying case, but when the online attack occurred in 2004, we didn't have that terminology. The principal plaintiff, DC, was a high school student and an aspiring actor. He had a promotional website for his acting career, including a guestbook. His classmates discovered the website and posted hateful and threatening messages in the guestbook. In 2005, DC and his parents sued the school, the students who posted messages and their parents. A lot has transpired in the past 9 years, and I've found it hard to track everything and keep things straight. In this post, my RA Sruli Yellin sorts through the numerous developments.]

D.C. v. R.R. spans more than eight years in court; two appeals (including one to the California Supreme Court); a side suit for malpractice; and an expensive trip to arbitration. Prof. Goldman blogged the case twice (here and here) and discussed it in a recent talk on high schoolers using the Internet. To get a sense of how long this case has been running, it has already lasted over 1/3 of the lives of some of the litigants who were minors when the case was filed.

The docket reads like a high school phone directory. [Eric's note: I have asked Sruli not to use the real names of the litigants who were minors when the lawsuit was filed, though none of the names are "secret" any more.] In the original complaint, filed on April 25, 2005, Lee Caplin, Gita Caplin and their then-minor son D.C. filed suit against: (1) Harvard-Westlake School (“H-W”); (2) the Board of Directors of H-W (individually and as members of the board); (3) Thomas C. Hudnut (individually and as Headmaster of the School); (4) Cynthia Baise (individually and as Secretary of the School); (5) Robert D. Levin (individually and as CFO of the School); (6) Harry L. Salamandra, Jr. (individually and as the Head of the Upper School); (7) Kathleen Neumeyer (individually and as faculty supervisor to the student paper); and (8) Does 1 through 100.

The asserted causes of actions were: (1) negligence; (2) assault with death threats and hate crimes; (3) conspiracy to assault with hate crimes and death threats; (4) invasion of privacy; (5) conspiracy to invade privacy; (6) defamation; (7) conspiracy to defame; (8) intentional infliction of emotional distress (“IIED”); (9) conspiracy to inflict emotional distress; (10) negligent infliction of emotional distress (“NIED”); and (11) fraud in the inducement of a contract. The Caplins sought $10 million in damages for the harm to D.C.’s reputation.

On June 8, 2005, the Caplins amended their complaint to add the following H-W students and their parents as defendants: (1) the Ryans and their son; (2) the Angelichs and their son; (3) the Ferreros and their son; (4) the Soleys and their son; (5) the Carleys and their son; (6) the Shapiros and their son; (7) H-W Does 1 through 50; (8) student Does 1 through 50; and (9) parent Does 1 through 100.

In the amended complaint, the asserted claims were: (1) violation of California civil rights; (2) public disclosure of private facts; (3) defamation; (4) false light; (5) IIED; (6) NIED; (7) vicarious liability; (8) negligent supervision; (9) and fraud in the inducement of a contract.

On July 20, 2005, R.R. filed a motion to strike pursuant to California anti-SLAPP law. But before the court ruled on R.R.’s motion, on July 12, 2005, the court ordered H-W and the Caplins to arbitration pursuant to the school’s enrollment contract and stayed the proceedings with respect to the non-H-W defendants. See 176 Cal. App. 4th 836, 845 (2009).

In the arbitration, H-W managed a series of piecemeal victories. First, in the fall of 2006, the arbitrator issued her first substantive ruling, dismissing several claims, including the state "hate crime" civil claim, on 47 USC 230 grounds. Ultimately, in late 2007, the arbitrator dismissed all remaining claims against the school and awarded it fees and costs of over a half-million dollars. See 176 Cal. App. 4th 836, 846-49 (2009).

On October 15, 2007, the Court adopted the arbitrator's ruling and entered judgment in favor of H-W. The Caplins appealed the fee award on May 12, 2008, and the Court of Appeals partially reversed, concluding that public policy trumps the parties' enrollment contract and prohibits the plaintiffs from having to pay arbitration costs or defense attorneys' fees related to the hate crimes claim despite the contract. Prof. Goldman's blog post on that ruling. The case returned to the trial court in October 2009, and the trial court reduced H-W’s award from about $520,000 to about $200,000. The Caplins satisfied the fee award in February 2012.

In the meantime, the docket shows that on January 11, 2008, the Caplins settled with the Angelichs and the Shapiros. The details of those settlements are not publicly available.

On May 6, 2008, the trial court finally ruled on R.R.’s demurrer and anti-SLAPP motion to strike – almost three years after he initially filed the motions. The court ruled that the case did not involve a matter of public concern and denied the anti-SLAPP motion. R.R. and his parents appealed. In March 2010, the Court of Appeals affirmed, and the California Supreme Court denied review on June 17, 2010. Prof. Goldman's blog post on that ruling.

The case returned to state court in July 2010. After a number of procedural matters were handled, the court issued its final ruling on R.R. and his parents’ motion to dismiss on May 2, 2011. The court granted the demurrer of R.R.'s parents, denied another motion to strike, and set the time for R.R. to file his answer.

Meanwhile, in January 2011, the Caplins’ attorney, Jennifer Lynch, withdrew from the case. The Caplins sued her for malpractice in September 2011, arguing that Lynch was negligent because the school enrollment agreement was unenforceable; and because Lynch failed to challenge it as such, Caplin was ultimately responsible for Defendants' arbitration costs and attorneys’ fees.

Lynch counter-sued for $120,000 in unpaid legal fees. The counter-claim contained a copy of the attorney-client agreement. According to its terms, the original attorney took the case for $150 per hour plus a 10% contingency. That the attorney took the case on contingency is revealing – what were the actual harms suffered? And wasn’t there a risk of dismissal and a fee-shift under anti-SLAPP law? The Caplins and Lynch settled and the notice of settlement, filed in December of 2012, is mum on the details.

Back in the trial court, discovery in the suit between R.R and D.C. began around May 2011--roughly 6 years after the suit was originally filed against R.R. and his parents. After several more of Caplin’s claims were dismissed, R.R. and D.C. finally settled on May 24, 2012--about 8 years after the online attack, meaning that the litigation ran the remainder of high school, through their entire college career, and into their post-undergraduate life.

Litigation is still proceeding against the last remaining defendants, the Soleys. On January 4, 2013, the Soleys filed their answer, asserting 29 affirmative defenses. The court has yet to rule on the Soleys’ answer.

This case is important for a number of reasons. First, it shows how expensive and lengthy civil litigation can be. This case cost the plaintiffs somewhere around $320,000 just to get through arbitration against H-W ($200k for the fee shift and $120k to the plaintiff's attorney, assuming all amounts were actually paid), and there is still no finality in the case. Imagine walking around with a pending lawsuit as part of your life for more than 9 years! As the old expression goes, justice delayed is justice denied, and that applies whether justice favors the plaintiff or the defense.

The case also shows how our legal system is ill-equipped to deal with cyber-bullying. Putting aside the sheer length of time required to litigate this case, the harms suffered by a non-public figure high school student are difficult – if not impossible – to quantify. What was the end game here? As Prof. Goldman suggested, perhaps restorative justice would have been a more suitable remedy.

For lawyers, this case reminds us that the best clients are sometimes the ones you do not take. Viewing this case objectively, is the malpractice claim against the plaintiffs' attorney really all that surprising?

*Note that many of the dates listed throughout the post were taken from the docket report. The summaries of the rulings and procedure are my opinion based on my readings of the court documents.

[Photo Credit: Computer keyboard key displaying word bully // ShutterStock]

Posted by Eric at 08:57 AM | Content Regulation , Internet History | TrackBack

February 24, 2013

Before Graduated Response, There Was BSA's "Define the Line" Program. What Happened to It? (Guest Blog Post)

By Guest Blogger Sruli Yellin

[Eric's introduction: with the imminent launch of the six strikes/graduated response program from the deceptively named Center for Copyright Information, I thought it might be worthwhile revisiting a prior effort by rightsowners to coopt Internet access providers to do their dirty work. My RA Sruli Yellin discusses:]

On October 28, 2004, the Business Software Alliance (“BSA”) launched its “Define the Line” (“DTL”) program. According to the press release (which you can find here), the program was designed to educate college students about the evils of pirating software. At the time DTL was launched, only 32% of students reported paying for their software according to a BSA/IPSOS study. BSA/IPSOS has not released an updated study.

Prof. Goldman previously covered the DTL campaign here and here.

So what happened to DTL?

The first of two universities to sign up for DTL was Marquette University. It took seven months for Marquette to sign up, and another month and half for the second school, Dickinson College, to join the ranks. As part of the initiative, the schools agreed to spread the word and distribute anti-piracy materials provided by BSA. The DTL program descriptions were incomplete and garbled, but unlike graduated response, there was never any explicit reference to downgrading or cutting off student Internet use for repeat violations.

Why would universities sign up for a BSA program? The bottom line, of course. According to Prof. Goldman, Marquette received $30M in software from a software company called USG for signing up. (The article he cites, like everything else BSA-related, is no longer online). In the BSA’s ideal world, it seems that every university in the nation would have signed up. But at $30M a pop, there was no chance of financially realizing that dream, nor would the benefits to BSA have outweighed the considerable cost.

As one might expect, a PR campaign with the goal of getting college students to spend money on anything aside from alcohol is doomed before it even starts. Schools involve government authorities in intra-campus issues only when absolutely necessary since all such incidents need to be reported in school statistics. If the IP policing is done in-house – through discipline boards and public safety officers – no stats need to be kept. So, when it came to illegal file-sharing, savvy students knew that private colleges would not want to throw their tuition-paying students to the wolves. At most, students might have to plead with campus IT to get their service back or, worse yet, have their parents make an irate phone call.

DTL was a complete failure as an initiative to educate college students. After the second college signed up, I couldn't find any more information about the program, and it appears the program gradually withered away. So what lessons does DTL provide with respect to the upcoming graduated response system?

First, it takes a long time to get institutions to implement a rightsowner-instituted anti-piracy campaign. While it took 7 months to get Marquette to sign up, it has been over 18 months since the major Internet access providers announced they would be implementing the graduated response system.

Second, what’s in it for the major telecom companies? Why would they risk alienating their paying customers, and why are they taking such overgenerous positions like exposing users with open wi-fi signals to sanctions? Like with DTL, I imagine the answer is in the bottom line.

There simply has to be a cash/cash equivalent component to the equation. Content owners are likely shouldering much of the cost of rolling out graduated response. In the UK, for instance, content owners have committed to shouldering 75% of the costs of implementing graduated response. Further, perhaps content owners are actually paying the telecom companies off. Though it’s unlikely that content owners could offer enough money to billion-dollar companies that they would risk alienating their users, with companies like Netflix and RedBox changing the landscape of content consumption, one cannot help but think that content owners have promised to sweeten the pot with deals designed to enable the telecom companies to compete. Whether they can buy their way to success this time remains to be seen.

[Photo Credit: Drawing a line in the sand // ShutterStock]

Posted by Eric at 12:05 PM | Copyright , Derivative Liability , Internet History | TrackBack

February 19, 2013

With Its Australian Court Victory, Google Moves Closer to Legitimizing Keyword Advertising Globally (Forbes Cross-Post)

By Eric Goldman

Google's ($GOOG) keyword advertising program, AdWords, has been subject to constant legal challenges for the past decade. After an initial period of legal uncertainty, AdWords' legal fortunes recently have brightened in the United States and Europe. Earlier this month, AdWords notched another strong win in court, this time in Australia. Considering these developments as a whole, Google has effectively gotten a clean legal bill of health for its AdWords service around the globe. Google's impressive accomplishment also provides a useful cautionary tale about overregulating technological innovations.

Google's Australia Win

Six years ago, the Australian Competition & Consumer Commission (ACCC) sued Google for false advertising. The ACCC complained that AdWords advertisers bought keyword advertising on competitors' trademarks and displayed those trademarks in their ad copy, which alleged confused consumers. The ACCC sought to hold Google responsible for publishing these allegedly deceptive ads.

The High Court of Australia rejected the ACCC's arguments and ruled in favor of Google. The court says:

The technology which lies behind the display of a sponsored link merely assembles information provided by others for the purpose of displaying advertisements directed to users of the Google search engine in their capacity as consumers of products and services. In this sense, Google is not relevantly different from other intermediaries, such as newspaper publishers (whether in print or online) or broadcasters (whether radio, television or online), who publish, display or broadcast the advertisements of others....To the extent that it displays sponsored links, the Google search engine is only a means of communication between advertisers and consumers.

There are two non-standard aspects of this ruling. First, the plaintiff was a government agency suing for false advertising, not the more typical situation of an unhappy trademark owner suing for trademark infringement. Second, the High Court interpreted a specific Australian statute regarding secondary liability. Still, despite these quirks, I think the ruling has broader implications. In the allocation of legal responsibility between Google and its advertisers, the High Court treats the advertisers as the legally significant decision-makers and treats Google as a tool for advertisers, i.e., a technology platform that advertisers use to publish their own ads. Once a court embraces that division of responsibility, the case resolution is obvious.

Global Acceptance of AdWords

Google's emphatic Australian complements recent developments in Europe and the United States. In the European Union, Google won a strategic victory at the European Court of Justice in 2010 based on the same paradigm adopted by the Australian High Court, i.e., AdWords is a tool, and the advertisers bear responsibility for how they use it. Although the ECJ opinion didn't completely resolve all of the open issues, the ruling has effectively ended European AdWords-related trademark litigation against Google.

In the United States, trademark owners have sued Google for AdWords many times (over 2 dozen times by my count). While Google has occasionally gotten dismissals in court, Google hasn't yet set broad precedent like the ECJ ruling. At the same time, despite Google's occasional preliminary losses against trademark owners, no trademark owner has won a final court judgment against Google. Google recently settled the Rosetta Stone lawsuit, which ended the last major legal challenge against AdWords in the United States. Only a couple of minor pending lawsuits are remaining to mop up. In other words, after the Rosetta Stone settlement, Google tacitly secured the legality of AdWords under U.S. trademark law.

The Development of Cyberlaw

"Cyberspace exceptionalism" is the approach of regulating the Internet differently than other media. In some cases, the Internet actually has bona fide technological differences that support different regulatory treatment; but more often, the differences between the Internet and other media are exaggerated or imagined.

With respect to keyword advertising, in 2009 I wrote:

Keyword triggering seems especially susceptible to cyberspace exceptionalism. After all, the triggering process is unfamiliar and poorly understood, which naturally leads to suspicion. Over time, consumers and judges will better understand keyword triggering technologies...

I think we've arrived at this destination. After a decade of legal battles, Google's campaign to legitimize AdWords--now nearly complete--has been a complete success.

How did Google triumph over the initial impulses to regulate keyword advertising? I'll point to three factors:

1) Efficacy. Keyword advertising has numerous advantages over other advertising options. It provides good ad targeting to advertisers, consumers often find keyword ads relevant to their interests, and (as I explain here) cost-per-click (CPC) keyword advertising nicely shares the risks of ad performance between advertisers and publishers. So one reason for the eventual acceptance of keyword advertising is that it is a better option than the advertising alternatives.

2) Venerability. Over the course of years, consumers--and judges--increasingly have had first-hand positive experiences with keyword advertising. Keyword advertising has evolved from an Internet novelty into an integral part of our daily lives.

3) Money. AdWords achieved venerability only because Google had the financial resources and fortitude to fight--and defeat--numerous and expensive legal battles across the globe.

To me, AdWords' evolution provides a good cautionary tale for regulators and judges dealing with emerging technologies. We should not overrespond to any initial negative emotional reactions to new technology. Instead, we should regulate emerging technologies (if at all) anticipating that consumer perceptions--and the technology itself--will evolve and improve over time.

In particular, regulators and judges should recognize that AdWords' venerability is an exceptional story, not the norm. Many other innovators and entrepreneurs won't have Google's financial staying power, meaning those innovations are vulnerable to being permanently damaged or killed by unchecked regulatory impulses before the innovation takes root.

Case Citation: Google Inc v. Australian Competition and Consumer Commission, [2013] HCA 1, S175/2012 (High Court of Australia Feb. 6, 2013). The case appeal page. Blog post on the intermediate court ruling.

[Photo credit: The Australian High Court building // ShutterStock]

Posted by Eric at 09:32 AM | Derivative Liability , Internet History , Marketing , Search Engines , Trademark | TrackBack

January 11, 2013

Top Ten Internet Law Developments of 2012 (Forbes Cross-Post)

By Eric Goldman

I'm pleased to share my list of top 10 developments of 2012:

#10: The Push Towards Anti-Class Action Arbitration Clauses. In 2011, the U.S. Supreme Court ruled in AT&T Mobility v. Concepcion that businesses may be able to adopt mandatory arbitration clauses that ban customer class-action lawsuits. The ruling was hardly crystal-clear, but in its wake, many websites adopted such clauses. Nevertheless, as the Zappos decision points out, these clauses must be adopted according to the laws governing contract formation and amendment, or they will fail in court.

#9: General Patraeus/Paula Broadwell Imbroglio. On the surface, it's just your typical Washington DC sex scandal. However, it had several interesting cyberlaw angles, including the attempts to hide digital conversations and Ms. Broadwell's alleged cyberharassment of Jill Kelley. My biggest takeaway: If the CIA Director can't keep the FBI from reading his email, what chance do you or I have?

#8: Do-Not-Track Meltdown. Everyone hoped that industry would come up with a do-not-track (DNT) standard rather than kicking the issue to Congress or the FTC. Then, it all went to heck. Microsoft announced it would turn on DNT by default in its browser, which prompted Internet publishers to threaten to ignore Microsoft's DNT signal. Meanwhile, Internet publishers and others adopted a narrow definition of "do-not-track," arguing it meant no-tracking for advertising purposes, but tracking for other purposes was still OK. The effort then devolved into acrimonious recriminations and left open the possibility that government regulators will fill the gap--to everyone's detriment. (For what it's worth, I take a very dim view of technological do-not-track efforts for reasons I explain here).

#7: Social Media Exceptionalism. In 2012, regulators eagerly sought to "fix" social media through regulation, but their efforts will fail because no one can precisely define social media as a subset of Internet activity. For example, California's recent attempt to curb employers' attempts to obtain employees' social media passwords led to the astounding definition that "social media" means all digital data, whether online or off.

#6: Megaupload. The US government proudly touted its takedown of Megaupload as a victory for Internet copyright enforcement. Unfortunately, it appears that takedown involved an enforcement action where it appears the US government repeatedly ignored or broke the law.

#5: Software Patents/Smartphone Wars. The smartphone industry has ushered in a glorious era of innovation, but it's also highlighted how patents can hinder, not spur, innovation. Smartphone players have spent (wasted?) billions of dollars on patents with the hope that they can operate without restriction from other players' patents, and many tens of millions of dollars have been spent (wasted?) on legal fees as the players sue each other for patent infringement and defend against interlopers with weak/bogus patents hoping for a little taste of the action. See my essay on software patents:

#4: Europe Hates Silicon Valley. I'm surprised whenever I read about a new European ruling that's adverse to a Silicon Valley company, because at this point I assume that everything Silicon Valley companies do in Europe is already illegal. Google, Facebook and other Silicon Valley players are under constant legal attack in Europe on countless fronts. Everyone might be happier if the Silicon Valley players just got out of Europe altogether.

#3: Google and Antitrust. The FTC largely dropped its antitrust investigation against Google, and dropped it completely with respect to Google's search engine practices. (Technically the denouement rolled out on January 3, 2013, but I'm still counting it as a 2012 development). This is an important development for several reasons. First, the FTC--which makes its living by bringing enforcement actions--admitted it had no reason to complain about Google's search engine practices. Second, the scuttlebutt all throughout the investigated suggested that the FTC was committed to busting Google, and Google turned that situation around 180 degrees. Third, not intervening into the operation of Google's search algorithm is a logical decision, but one still worth celebrating. This was a great resolution for Google, a complete rejection of the concerns raised by Microsoft and other Google-haters, and due to the FTC's non-involvement, ultimately a big win for Google's users.

#2: ITU/WCIT's Attempted Internet Takeover. I really didn't understand what happened in Dubai at the ITU/WCIT meeting. All I know is that nothing good could have happened there, so preserving the status quo is a win, as ironic as that sounds.

However, there has been some teeth-gnashing that the meeting exposed looming fault lines between pro-censorship and anti-censorship governments. I don't understand that angst for at least two reasons. First, all governments are pro-censorship, and that certainly includes the United States. Indeed, the US has exhibited some awkward duality as it rails against foreign attempts to censor the Internet even as both Congress and the Obama Administration exhibit a never-ending pursuit of controlling the Internet themselves.

Second, the Internet has already fractured into multiple "Internets." The Internet in the United States increasingly bears little resemblance to the Internet in foreign countries, both because local regulators simply block certain websites and because websites localize their services to accommodate local regulation. Plus, it's been proven that countries can simply "unplug" from the Internet. Thus, we don't have a single unified Internet; we have many partially-overlapping Internets. I will say more about this in a future post.

#1: SOPA's Failure. The failure of SOPA/PIPA is not the watershed event for our republican democracy that we wished it would be. Citizen-driven rejection of special-interest Internet legislation will not happen very often. But as a David-and-Goliath story--the uncoordinated and oft-ignored Internet user community rising up against a well-oiled and undefeated copyright lobby--it doesn't get any bigger than SOPA. Also, we learned something really important: American voters will acquiesce to a lot of bad and self-interested decisions by their elected officials, but voters will grab the torches and pitchforks if they think the Internet is threatened.

Honorable Mentions

Some other developments of note:

* despite the Fourth Circuit's rekindling of the Rosetta Stone case before it settled, the decade-long keyword advertising litigation battles against Google are basically over with a big win for Google and other keyword advertising vendors. I also think we'll see trademark owner-vs-advertiser lawsuits tapering off too.

* app cloning is a big business, and we're seeing increasing lawsuits in the area, including the EA v. Zynga and TripleTown cases.

* the application of the Computer Fraud & Abuse Act is being dialed back in the employment context (see the Nosal and WEC cases).

* Oracle v. Google gave us one of the cleanest rulings to date that software APIs are not copyrightable. The case was also interesting for the judge's investigation into the paid advocacy efforts of both Oracle and Google.

* the images of Marilyn Monroe and Albert Einstein are moving closer to the public domain.

* the IB v. Facebook ruling could be a watershed decision in spurring class action lawyers to make a buck in the name of "protecting the kids" in court.

* Web publishers can improve their defamation defenses by hyperlinking to original sources.

Most Interesting Cases

I read a lot of cases in 2012, and some of the most interesting cases I saw this year:

* Erickson v. Blake. Music composers can create copyrightable compositions by equating the digits of the number "pi" (π) to musical notes, but they can't stop others from creating their own musical compositions based on pi's digits.

* Bland v. Roberts. Two government employees "liked" their boss' opponent in an upcoming election; after the boss won reelection, the employees allegedly got fired for their divided loyalties. The court (mistakenly, in my opinion) said that "liking" an item on Facebook isn't constitutionally protected speech.

* Scott v. WorldStarHipHop. A classmate posted a video of Scott fighting with an ex-girlfriend. Scott obtained the copyright to the video from his classmate and, as the new copyright owner, sent copyright takedown notices in an effort to scrub the video from the Internet. This copyright acquisition scheme basically converts copyright law into a "right to forget." In 2013, expect to see even more plaintiffs acquire copyright ownership as a way to suppress/control unflattering content about them.

* In re Heartland Payment Systems. This is a settlement of a data security breach class action lawsuit with 130M class members. The parties spent $1.5M to encourage class members to tender damage claims and another $270k to process the tendered claims. A total of 290 claims were tendered, of which 11 were valid, with a maximum payout per valid claim of $175. So the parties incurred $1.75M in transaction costs to award about $2k in damages. Interesting.

* Augstein v. Leslie. If you post a YouTube video promising $1M for the return of your laptop, you could actually owe $1M if someone returns your laptop.

* Olson v. LaBrie. Facebook should bring families closer together, but in one family, photo tagging plus a snarky comment prompted a lawsuit for a restraining order.

Lists from Previous Years

Previous top 10 lists from 2011, 2010, 2009, 2008, 2007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 2005, 2004 and 2003.

[Photo Credit: Top Ten Key // ShutterStock]

Posted by Eric at 07:25 AM | Content Regulation , Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Patents , Privacy/Security , Publicity/Privacy Rights , Search Engines , Trademark , Trespass to Chattels | TrackBack

December 27, 2012

The FTC's New Kid Privacy Rules (COPPA) Are a Big Mess (Forbes Cross-Post)

By Eric Goldman

Earlier this month, the U.S. Federal Trade Commission (the FTC) promulgated new rules (effectively July 1, 2013) interpreting the Children's Online Privacy Protection Act (COPPA), and the new rules are a real mess. They are riddled with innumerable ambiguities and questionable policy choices, and I could spend a decade or two trying to figure out how the new rules apply to different factual situations.

Rather than do that, this post considers only one aspect of the new rules, but it's crucial: is your website or app governed by the new rules? If the rules don't apply to you, who cares how byzantine and stupid they are?

Fortunately, most websites and apps won't be newly affected directly by the rule change. If you don't have a kid-oriented website or app, you can probably avoid the new rule easily (if you're potentially covered at all). However, the news is less happy for vendors to kid-oriented websites or apps, including ad networks and app plug-ins, and for kid-oriented websites that haven't already complied with COPPA.

Background

Congress enacted COPPA in 1998 as part of its never-ending efforts to "protect kids online." The statute provides extra online privacy protections for kids 12 and under unless parents consent. The law, however, has some obvious structural deficiencies, such as:

* the law doesn't apply to teens, even though minors can't enter into binding contracts--including privacy policies. So the statute leaves an odd gap for 13-17 year old users who aren't covered by COPPA but presumably can't agree to privacy policies themselves.

* most websites don't authenticate users' ages and can't do so easily or cost-effectively, so many websites have no idea when they are dealing with kids.

* websites don't have a reliable way to obtain parents' consent online, forcing COPPA-compliant websites to adopt costly off-line verification methods.

Combine these problems with the fact that kids under 13 usually don't have a lot of direct purchasing power, and the choice was clear for most websites: maximize profits by avoiding being covered by COPPA.

How to Avoid COPPA: the Existing Rules

Under the FTC's existing COPPA rules, it was fairly easy to figure out how to navigate around COPPA. The rules applied to:

any operator of a website or online service directed to children, or any operator that has actual knowledge that it is collecting or maintaining personal information from a child

Thus, websites could avoid the rules in two ways. First, if they targeted kids, they could avoid collecting personal information. Second, if they didn't target kids, they could avoid collecting users' age information, or they could bounce any self-identified kids. While these policies aren't ideal, they provide substantial predictability for the Internet community.

How to Avoid COPPA: the New Rules

The FTC wanted to crack down on these COPPA workarounds, but in typical FTC fashion, it did so in a ham-fisted and marble-mouthed way. The basic rule of who is governed hasn't changed, but the details have:

Directed to Kids. If you ask for age information and users self-report being under 13, then you are governed by COPPA because you actually know you're dealing with kids. That's not new. You can bounce those users to avoid "knowing" you're dealing with kids 12 and under.

However, whether or not you collect age information from users, you still might be deemed to be a website/online service directed to kids. The new rules define this term in three parts:

* Subpart (a) applies when site/app content appeals to kids 12-and-under. This definition isn't new (although the factors are expanded), and we haven't seen any problematic FTC interpretations of this language to date.

* Subpart (b) applies when a service "has actual knowledge that it is collecting personal information directly from users of another website or online service directed to children" (emphasis added). This is intended to cover vendors/service providers to websites dealing with kids, such as ad networks or app plug-ins, but I find this language inscrutable.

* Subpart (c) applies to services that are "directed" to kids but don't target them as their primary audience. This is a nonsense definition, because the rules define "directed" to kids as "targeted to" kids. So how can a service simultaneously target kids but not target them as the primary audience? This defines a null set, so the FTC made a drafting error. (I asked the FTC about this in their Twitter chat and, characteristically, got a non-response). Subpart (c) provides a safe harbor for these sites/apps if they (1) don't collect personal information before age verification (an impossibility under the new rules) and (2) ask users' ages and bounce users who self-report as under 13.

In its guidance accompanying the rules, the FTC implies that subpart (c) means "those sites that, based on overall content, are likely to draw a disproportionate number of child users." Elsewhere, the FTC clarifies that subpart (c) is supposed to be good news, not bad; it says subpart (c) "create[s] a new compliance option for a subset of websites and online services already considered directed to children under the Rule’s totality of the circumstances standard." Given their sloppy drafting, that's not actually what they said, but I'll take their word on it.

Thus, one way of reading subpart (c) is that it applies when a site/apps has lots of kid users even though that wasn't the operator's goal. On balance, COPPA would be better without this extra provision, but if my reading is right, I don't anticipate any shocking enforcement actions using this provision.

Accordingly, most websites and services that aren't governed by COPPA today should remain outside COPPA. Still, the FTC's poor drafting on this crucial point is inexcusable, and I hope they fix it ASAP.

Collect and Personal Information. The rules have expanded definitions of what it means to "collect" information from users and what constitutes "personal information." Personal information expressly includes IP addresses, which every website acquires by definition, and "collect" includes "passive tracking." It's not clear if merely capturing IP addresses in a server log qualifies as "passive tracking." Any efforts to personalize the experience based on IP address probably qualifies as passive tracking. The FTC has made it clear that behavioral advertising on kid-oriented sites/apps definitely qualifies.

As a practical matter, once a website/service is deemed a website/service "directed" to kids, COPPA applies in all its glory (and ugliness) because the website/service collects IP addresses or related identifiers. This especially impacts sites that currently target under-13s but don't ask users for personal information. The new rules have such an expansive definition of personal information that all of these sites are now under COPPA's umbrella. In mitigation, the rules provide a partial exception if the data collection only is done for "internal operations." Presumably this would cover storing IP addresses in server logs; it also covers some other administrative and non-ad-targeting personalization activities. In those cases, no notice or parental consent is required in advance, but even so the other obligations still apply--even if the website considers itself purely content publisher and never tries to interact with its users.

Effects on Other Third Parties. The new rules also more deeply reach into the relationships between kid-oriented websites and vendors/service providers to those websites, such as ad networks. So if you are running a business supporting websites, you might be side-swiped by COPPA because your clients are now newly deemed to be kid-directed. This is a major problem both logistically and legally. Among other things, I think the FTC has potential problems under 47 U.S.C. 230 for trying to hold online service providers accountable for other businesses' activities, but the FTC lives in a parallel universe where they (incorrectly) believe 47 U.S.C. 230 doesn't exist.

Conclusion. If under-13 kids aren't your target audience and you don't collect users' age information, the revised COPPA rules probably won't affect you. If you do collect age information, rethink whether you want to do so; and if you do, definitely make sure to bounce under-13 users.

Reminder: This post isn't legal advice. Please consult your attorney before making any decisions.
_____

December 27, 2012 Update

1) My headline declares the new regulations a "big mess," but my blog post doesn't fully support that characterization. Instead, the post explains the mess in only one small--though crucial--corner. I fully stand by the characterization that the COPPA regulations are a big mess, but my decision not to defend the broader claim was pragmatic. It took me over 6 hours to write this post initially, and I didn't have the time (or, frankly, the enthusiasm) to do similarly time-consuming deconstructions of the many other ambiguities. I trust others will be rolling out those deconstructions over the coming months.

2) Based on responses to my initial Forbes post, I'm clearer that subpart (c) does not change the interpretation of subpart (a). Instead, subpart (c) provides an option to websites/apps that that supart (a) has determined are kid-directed. I don't think subpart (c) is a very useful option because the website/app probably has to show an age verification screen immediately upon the user's arrival. (Otherwise, it's collecting IP addresses--overinclusively deemed personal information under the new regulations--from kids without parental permission). Even so, I guess more options are better than fewer. Still, I hope the FTC clarifies its language.

If your website/app isn't collecting age information (and I recommend you don't collect it if you don't need it), subpart (a) remains the crucial provision to review to determine if COPPA applies to you. The new regulations add some language to subpart (a), but I don't anticipate the FTC will use the new language in subpart (a) to chase borderline cases.

3) I've been fascinated by the press coverage typically hailing the new regulation as a "win" for kids' privacy. Perhaps that's true if all you care about is kids' privacy, but viewed more holistically, I don't see the new regulation as a clear win for kids. The new regulations provide even more reasons for websites/apps not to cater to the under-13 crowd--meaning the Internet will be less rich and resourceful to that segment of society. We saw the same dynamic when COPPA was newly enacted; the Internet literally shrunk for kids under 13 immediately after those rules went into effect in 2000 (at Epinions, we found all the self-reported under-13s and terminated their accounts). Some might lament what under-13 kids lost from that constriction, but not the FTC. They didn't have any problem with the Internet shrinkage in 2000, and I'm sure they won't have any problem with it now either.

[Photo Credit: Internet Protection Concept // ShutterStock]

Posted by Eric at 08:41 AM | Internet History , Privacy/Security | TrackBack

December 26, 2012

Facebook Isn't--and Shouldn't Be--A Democracy (Forbes Cross-Post)

By Eric Goldman

In 2009, Facebook ($FB) nominally enabled user governance by obligating itself to honor user votes before making certain site policy changes. This experiment in user self-governance was radical and largely unprecedented--especially given the size of Facebook's userbase, which now would outrank all but China and India in population if it were a country. Recently, however, Facebook terminated its user-governance experiment. This post explores two hypotheses for the experiment's failure and explains why users never wanted Facebook to be a democracy.

The Mechanical Problem

Facebook promised to honor users' votes if users achieved a minimum voter turnout of 30%. This threshold was too high by a lot--at least 30x too high, by my estimate.

Facebook logically set a high enough threshold to screen out the crazies or pranksters (see, e.g., the 28,000+ people who petitioned the White House to build a Death Star) and avoid letting small minority interest group hijack the site from the minority. Indeed, in the context of typical U.S. voter turnouts for government elections, 30% would be quite low.

Nevertheless, my rough rule of thumb is that less than 1% of users read any website's privacy policy. Users don't read privacy policies for a variety of reasons: users can't understand them (they are long, dense and filled with legalese); the agreements aren't negotiable; users care more about enjoying the website's functionality than the details governing that enjoyment; and users routinely "free-ride" by relying on more motivated consumers or activists to identify and combat overreaching terms. In Facebook's case, I'd add that its website functionality and policies change so rapidly that it's more than a full-time job to keep up. As a result, we shouldn't castigate users for not caring more about Facebook's policies (see, e.g., this Wired story blaming you for killing Facebook democracy). The 99%+ of Facebook users who don't read Facebook's privacy policies are behaving quite rationally.

But if I'm right that less than 1% of Facebook users have read Facebook's privacy policy, then a minimum voter turnout of 30% was off-the-charts ridiculous. There was never any chance of that ever happening, and it was silly for Facebook to put the procedures in place. It makes me think Facebook always intended user empowerment to be illusory--a type of democracy theater. Robert Hof explores this aspect further.

The Conceptual Problem

An observation: no major user-generated content (UGC) websites operate as democracies. Some UGC websites turn over aspects of their operations to trusted community members, but not the general population; and rarely are key policy questions handled on a straight majority-vote election. Even Wikipedia, perhaps the flagship example of a major community-operated UGC website, isn't a democracy. Wikipedia's operators reserve certain policy decisions for themselves, and community decisions require consensus, not a majority-vote.

Perhaps users don't want their UGC websites to be democracies. Instead, I think users typically prefer "managed" website experiences. The vast majority of users don't want to make policy decisions about how the website should work; instead, they want websites to read their minds and give them exactly what they want automatically (i.e., the "surprise and delight" maxim of customer relations). Stated differently, users want UGC benevolent dictatorships, not UGC democracies.

Rather than imposing majority-rule on consumers, UGC websites actually empower users more by enabling users to individually configure their site experiences, such as letting users individually opt-into or opt-out of site policies or functionality. By letting users choose what policies or functionality they want, users get a more direct payoff from their action than voting on site-wide policies. Unfortunately, Facebook is notoriously poor about giving users complete power over their configuration choices. For example, Facebook forced everyone onto Timeline, even users who vocally hated it, and Facebook still doesn't let users categorically opt-out of being featured in Sponsored Stories.

Admittedly, it's costly for UGC websites to give more configuration options to users, especially if requires the website to maintain old or duplicative code. And from users' standpoint, too many configuration options can become overwhelming (as many users already feel about the multitudinous options Facebook does provide). Still, it's helpful to see how website individualization and personalization is more pro-user than UGC democracy.

When users can't configure their own choices, the next-best option for users isn't website democracy, it's competition. UGC websites will remain most responsive to users' concerns when competitors are nipping at their heels. For example, recall how quickly Facebook's tone changed after Google ($GOOG) rolled out Google+. Unfortunately, social networking site competition isn't robust enough to meaningfully punish Facebook for its steady stream of anti-user decisions. If we could solve that competition problem, Facebook users would get better outcomes than they would from any attempt at user democracy, faux or real.

More: A couple of my related academic papers: Wikipedia’s Labor Squeeze and its Consequences and Online User Account Termination and 47 U.S.C. §230(c)(2).
___

In response to this post, David Post commented:

"Eric, you’re being a little careless in your use of the term “democracy,” I think. A democracy is simply a polity that respects each member’s equal right to participate in formulating policies and rules. Democracy does not (as you imply) mean “majority rule” — majority rule is one of the ways that democracy can be implemented, but it is hardly the only one. To say that Wikipedia is not organized “democratically” because it operates by consensus is bizarre."

I replied:

David, that’s a good point, and you’re right that democracy takes various forms and that I principally used the term only for one implementation. Even so, I don’t see Wikipedia as a democracy–at least, not as it actually operates–for the reasons I explain in http://ssrn.com/abstract=1458162. Eric.

[Photo Credit: Yes Is the Best // ShutterStock]

Posted by Eric at 09:16 AM | Internet History , Licensing/Contracts , Privacy/Security | TrackBack

December 20, 2012

Facebook’s Proposed Amended Sponsored Settlement and Instagram’s TOS Revs

[Post by Venkat Balasubramani]

Fraley v. Facebook, 11-cv-196193 (N.D. Cal.) (Amended Proposed Settlement) (Motion to Approve) (Preliminary Approval) (case docs, compiled by Citizen Media)

I initially passed on blogging the amended proposed settlement agreement in Fraley v. Facebook, the Sponsored Stories class action lawsuit, but the recent changes to Instagram’s terms of service brought the issues to the fore.

The Fraley Claims: As detailed in several posts here, Fraley involved misappropriation claims based on Facebook’s Sponsored Stories initiative. Essentially, end users claimed that Facebook’s use of their posts for advertising purposes constituted an unauthorized exploitation of their publicity and personality rights. (Minors piled on separately.) Facebook couldn't easily extricate itself from the putative class action, and accordingly it settled. Its first attempt to settle the lawsuit did not meet with judicial approval—the court said that while the terms may be fair, it was not presented with sufficient information to evaluate its propriety. Facebook and the plaintiffs went back to the drawing board and made a few key changes to the proposed settlement. Not surprisingly, the second iteration met with approval.

Amended Settlement: One big change in the proposed settlement: Facebook offered up cash ($20 million settlement fund). It also supposedly offered users greater control over use of their likeness. The lawyers also made a helpful concession about the amount of requested fees that would go unchallenged.

it’s tough to assess the revised settlement in terms of the injunctive relief that it provides—it’s supposed to allow greater control over the use of end users’ likeness. However, the settlement is somewhat awkwardly worded in terms of control to end users. Facebook will create a mechanism that allows users to view their interactions that "have been" displayed in Sponsored Stories and will enable users to "control which of these interactions . . . are eligible to appear in additional Sponsored Stories." The peculiar combination of past and future tense in the phrasing should raise eyebrows. I guess a global opt-out was too much to ask for.

The Upshot: Given the majority opinion in Lane (the Beacon case), the original settlement seemed like it had a chance of being approved. As revised, I imagine it will easily receive final approval. Judge Seeborg already gave it his preliminary thumbs up.

Instagram TOS Changes: On a somewhat related note, Instagram recently unveiled changes to its terms of service. While it’s difficult to assess user reaction (Flickr was billed as the obvious beneficiary), celebrities, high profile users, and photographers all expressed their displeasure. It’s worth stopping to think about exactly what has changed. On this point, see this helpful redline from William Carleton. The big change (and one that may not be material) is the change from Instagram being able to “place . . . advertising and promotions on the Instagram Services or on, about, or in conjunction with your Content,” to the following:

You agree that a business or other entity may pay us to display your username, likeness, photos . . . and/or actions you take, in connection with paid or sponsored content or promotions, without any compensation to you.

I don’t see this as a significant change to what Instagram can do with your photographs. The fact that the language of the revised terms tracks relevant language from the Amended Settlement Agreement in Fraley makes me think this is just a clean up change to bring Instagram’s terms into conformity with what is required of Facebook under the revised settlement.

Unfortunately, both the previous and current version fail to answer the key question about the scope of the license users grant: will usage only occur within the Instagram ecosystem, or can Instagram license out photos to third parties to use in other media (e.g., magazine ads or television)? Could my photo of a Seattle sunset end up in a Coca Cola ad where Instagram is paid money for usage of the photo? "Very IP" makes a persuasive case that new language around transferability or sublicensability means that Instagram can under the revised terms exploit content outside the ecosystem: "The Truth About Instagram." I'm not totally persuaded. In this litigious environment, particularly in light of Facebook's experience with Beacon and Fraley, any off-line rights would be clearly called out in its license agreement. Any other approach would just be inviting a lawsuit. In light of the (still pending) AFP v. Morel dispute (where AFP allegedly took photos from Twitpic and argued that it was entitled to a broad license to distribute content elsewhere), this clarity is important to users. I have no idea why Instagram dropped the ball on addressing this.

A day after the big online meltdown, Instagram’s founder published a post acknowledging user outcry and saying that it is committed to not “selling your photos” . . . whatever this means.

This was a classic example in how not to revise a terms of service. Instagram highlighted the revised terms clearly for users, but failed to anticipate what users would care about. Eric makes a few good points below about the terms that have me scratching my head. Did Instagram really leave in the "we can amend these terms whenever we want" provision in its revised terms? Ouch.

It's easy from our perspective to nitpick about the direction Instagram chose, but overall it feels unimaginative to me. They could have taken a variety of routes, ranging from offering users an opt-out (even a paid alternative) to granular control, to a revenue share (ad/brand marketplace?), but Instagram looks like it is doing what Facebook would do. Not surprising, but sort of a bummer for users. I guess it's a good illustration that the Fraley (and the FTC) settlement notwithstanding, Facebook is ready able and willing to override user preferences. [Query as to whether these changes in any way implicate the FTC consent decree covering Facebook, or the companies' promise to stay separate?]

Other coverage on the Instagram Issue:

EFF (Kurt O.): Instagram's New Terms of Service to Sell Your Photos
Creative Commons: Should Instagram adopt creative commons licensing?
William Carleton: Why not share the revenue?
Verge (Nilay Patel): No, Instagram can't sell your photos
Wendy Davis: User Revolt Spurs Instagram to Backtrack on New Terms of Service
Very IP: The Truth About Instagram
__________

Comments from Eric on Instagram:

1) When Facebook bought Instagram, what did Instagram users think was going to happen? Of course Facebook was going to bring its special style of management to Instagram. The revised user agreement is part of the ongoing Facebook-ization of Instagram.
2) If you run a high-profile website, you need to run any proposed user agreement changes through a user focus group before unleashing the revisions on the public. This way, you can preview the potential pitfalls better than if only lawyers and insiders read the terms. If Instagram did run its proposals through a focus group, then it needs to do a better job of that.
3) Instagram's proposed contract revisions still contain the ability of Instagram to unilaterally amend the terms without notice. After Zappos' meltdown, that's a really bad idea from a legal standpoint.
4) Although I knew what Instagram was trying to say with its provision to let them turn Instagram content into Sponsored Stories ads, the provision was clumsily worded at best and easy to misunderstand. (As Venkat points out, Instagram should have known about the risk people will think they are turning into a stock photo agency after the Twitpic debacle). People overreacted by thinking advertisers could freely recycle their photos; even if Instagram took the copyright license, if anyone appeared in the photos, the advertisers still would need a separate publicity rights consent. Sill, it was absolutely shameful for Instagram to then blame the concerns on users misunderstanding the contract provisions. Users can misunderstand even clear contract language, but this was not clear language. The fault lies with Instagram's drafters, not the users.
5) I was particularly flummoxed by the proposed provision "You acknowledge that we may not always identify paid services, sponsored content, or commercial communications as such." Can you even do this by contract? My best guess is that this provision is legally ineffective.
6) My question to all of the unhappy Instagram users: where are you going to go? All of Instagram's competitors--indeed, all free photo hosting options--are equally likely to turn on their users. Recall my dilemmas with Scribd. Moving from one free photo hosting site to another delays the problems, at best. It doesn't solve the underlying problem.
7) Overall, the biggest "problem" here is that Instagram users unrealistically expected that a free cloud service wouldn't turn on them. Every cloud service provider goes rogue on its users inevitably; and where the business' interests diverge from users, users are going to be thrown under the bus. Instagram users must have thought Instagram was the exception; and perhaps before Facebook bought it, they could have enjoyed a cloud utopia for a while longer before the collapse. But all users should have learned by now: when it comes to cloud services, you get what you get and you don't throw a fit. In light of the burgeoning number of times cloud services have quite publicly gone rogue on users, it's becoming increasingly less reasonable for users to expect anything differently. There's only one way for users to truly control the fate of their online digital assets, and that's to host all of their content on their own website. If you don't want to do that and you're looking for a free and easy option, you get what you get.

Added (comments from Venkat): In response to the feedback, Instagram founder Kevin Systrom announced in a blog post that Instagram is "reverting" the advertising language to what had been in effect from the beginning. (Here's the blog post: "Updated Terms of Service Based on Your Feedback" and here is a link to the revised terms.) The post also explains:

Going forward, rather than obtain permission from you to introduce possible advertising products we have not yet developed, we are going to take the time to complete our plans, and then come back to our users and explain how we would like for our advertising business to work.

You also had deep concerns about whether under our new terms, Instagram had any plans to sell your content. I want to be really clear: Instagram has no intention of selling your photos, and we never did. We don’t own your photos – you do.

Finally, there was also confusion about how widely shared and distributed your photos are through our service. The distribution of your content and photos is governed by our privacy policy, and always has been. We have made a small change to our terms to make that as clear as possible.

Left in is the language saying that the license to "use" user content is "transferable, sub-licensable," subject to limitations in the privacy policy. This may be protective (or clunky) drafting, but I still can't tell if Instagram intends to exploit user content outside the ecosystem. It's awkward to use privacy preferences as the limitation on how Instagram can use the photos. (For example, language in the policy says: "[o]nce you have shared User Content or made it public, that User Content may be re-shared by others," but it's not entirely clear what this means.) For public photos, it looks like the language still gives Instagram room to freely use (outside the ecosystem) content that has been designated as "public". Again, this may not be the intent, but to me, the language is not 100% clear.

Posted by Venkat at 11:19 AM | Copyright , Internet History , Licensing/Contracts , Publicity/Privacy Rights

October 25, 2012

Google Defeats Trademark Challenge to Its AdWords Service--Jurin v. Google (Forbes Cross-Post)

By Eric Goldman

Jurin v. Google, Inc., 2012 WL 5011007 (E.D. Cal. October 17, 2012).

Google ($GOOG) makes billions of dollars a year selling AdWords ads triggered by third party trademarks. Over the past decade, trademark owners have brought about 20 lawsuits against Google challenging these ad sales. These lawsuits have ranged from high-stakes class action lawsuits (the FPX lawsuit) to well-funded challenges by big trademark owners (e.g., the Rosetta Stone ($RST) and American Airlines lawsuits) to poorly funded lawsuits by no-name trademark owners like the case I discuss in this post. In a remarkable litigation tour-de-force, Google has never definitively lost any of these cases in court (though it has occasionally lost intermediate rulings). At the same time, Google hasn't definitively won any of its cases in court either. This makes Google's recent wi in an AdWords trademark case noteworthy.

Daniel Jurin owns the trademark "Styrotrim" for building materials. The first time he sued Google, he lost his lawyer and voluntarily dismissed the lawsuit, which led to a $6,000 sanction against him. Jurin found a new attorney and tried again, and even got a surprising intermediate win on his "false association" claim. However, Jurin lost his second lawyer--and his litigation mojo. As a result, Jurin didn't contest Google's summary judgment motion, giving Google an easy courtroom win. With minimal analysis, the court says that Jurin didn't provide any evidence of actionable consumer confusion, false advertising or sufficient fame to support a trademark dilution claim.

It's hard to get too excited about a Google win where the opponent stopped showing up. Still, for Google, this is a rare final ruling in its favor. Google got a partial win in the GEICO case in 2005, leading to a settlement. Google also got a complete win in the Rosetta Stone case at the district court, but the appellate court reversed that win. Assuming Jurin won't appeal this ruling (after all, he effectively abandoned the case), this may be the first time Google won an final judicial decision upholding the legitimacy of its AdWords trademarked keyword ads sales.

Jurin's fizzling out also reminds us that suing Google for trademark infringement remains a bad business decision. Google will spend whatever it takes to defend its cash cow--far more than it's worth to any individual trademark owner, especially a small player like Styrotrim, to sue Google. Recently, we've seen a couple of ill-advised new trademark lawsuits by other small-time players (CYBERsitter and Home Decor Center). Google will win those cases, probably because those plaintiffs will give up--just like many other trademark owners (including American Blinds, Ascentive, Ezzo, Rescuecom, Parts Geek, Soaring Helmet and others) have voluntarily done after tangling with Google.

The most dangerous pending AdWords-related trademark lawsuit is the Rosetta Stone case. Despite the Fourth Circuit's revitalization of the case, I believe Google will win that lawsuit (or settle on favorable terms). As a result, I predict that Google will soon finish the job of establishing a clean bill-of-health on the legitimacy of selling third party trademarks to trigger keyword advertisements. Microsoft ($MSFT), Yahoo ($YHOO) and other sellers of trademark-keyed ads (such as Twitter) should all benefit from that outcome too.

For more on the policy considerations underlying trademark challenges to AdWords, see my papers Deregulating Relevancy in Internet Trademark Law and Brand Spillovers. Also see my recent Forbes post, Newly Released Consumer Survey Indicates that Legal Concerns About Competitive Keyword Advertising Are Overblown.

Posted by Eric at 03:48 PM | Derivative Liability , Internet History , Search Engines , Trademark | TrackBack

October 12, 2012

Wikipedia's "Pay-for-Play" Scandal Highlights Wikipedia's Vulnerabilities (Forbes Cross-Post)

By Eric Goldman

Recently, two high-level Wikipedia UK insiders, Roger Bamkin and Maximillian Klein, were caught with apparent conflicts-of-interest. Bamkin, a Wikipedia UK trustee and "Wikipedian in Residence," allegedly maintained a paid consultancy for the country of Gibraltar while editing and seeking additional exposure for Gibraltar's wiki entries--a benefit he appeared to claim was worth millions and sold for about $80,000. Klein, also a Wikipedian in Residence, allegedly advertised that he would make Wikipedia edits to people who paid him. In response to pushback from the Wikipedia community, Bamkin resigned his trusteeship and Klein scrubbed his website.

Photo credit: Sergiy Kuzmin/Shutterstock

On the plus side, the incident reinforces the power of Wikipedia's community to monitor itself and self-discipline violations of its norms. Yet, the incident also prompts us to consider why people invest the time and energy to become Wikipedia insiders in the first place. Should it be surprising that some Wikipedia insiders are trying to cash in on their insider status? For reasons, I'll explain this post, my answer is emphatically "no."

In my 2010 article, Wikipedia’s Labor Squeeze and its Consequences, I explained how Wikipedia's popularity and growth put increasing stress on Wikipedia's labor model. (The article itself builds on my blog posts over the years predicting Wikipedia's demise; see links below). Its combination of its high traffic and free editability creates an irresistible target to spammers and vandals. Wikipedia has coped with the resulting stress by: (1) increasing the amount of work done by its paid employees, which have grown substantially in number over the past few years, (2) reducing the ease of editability (i.e., raising the entry barriers to making contributions to the website), and (3) developing a xenophobic culture that has stifled the pipeline of new power users (see also this article making the same point about xenophobia). The result is that editing power is being consolidated in a shrinking number of key insiders.

Understanding why folks become Wikipedian insiders is critical to Wikipedia's long-term prognosis, but the explanations aren't fully clear. Some insiders do it purely for the altruism. Others do it because, somehow, they became integrated into the social network of other insiders. But most people will make the heavy commitments required to become a Wikipedian insider only if they can convert that effort into a tangible payoff--cash in their pocket or external recognition that burnishes their reputation ("credit"). Wikipedia contributors have very limited ways to generate cash or credit from their participation, leaving Wikipedia with the challenge of finding enough folks sufficiently motivated by other payoffs to replace the constantly shrinking supply of insiders.

From Bamkin's situation, we learn that being a Wikipedia insider could be financially lucrative if insiders decide to cash in. Bamkin allegedly offered to arrange for premium placement in Wikipedia's navigation--an outcome he says is worth about $3.25M--in exchange for an approximately $80,000 consultancy fee. It doesn't take many clients paying $80k a pop to create a pretty sweet consulting business. With millions of dollars of potential marketing value at issue, it's hardly shocking to see an informal marketplace develop to capture that value; if anything, I'm more surprised that other insiders haven't grabbed for the cash (or perhaps just haven't been caught yet).

In the end, I think the incident exposes Wikipedia's long-term fragility. It can't expect to recruit an adequate supply of talented insiders without providing them enough cash or credit to make the endeavor worth their while; but it can't maintain a publication with editorial integrity if insiders sell placement for big bucks. The Wikipedia community can drum out Bamkin and Klein from its ranks, but that's a short-term solution at best. Until it comes up with a viable model that provides insiders with appropriate alternative ways of receiving cash or credit for their efforts, it will keep experiencing "scandals" or keep seeing its insider base atrophy. My 2010 article offers some possible solutions to this dilemma, but it also cautions that the insider community's xenophobia and resistance to change may kibosh the most promising alternatives--meaning that a dystopian outcome for Wikipedia remains a lingering and worrisome possibility.

I've blogged frequently about Wikipedia's labor challenges over the years:

* My 2005 Prediction of Wikipedia's Failure By 2010 Was Wrong (Jan. 2011)
* Catching Up With Wikipedia (Feb. 2010)
* Offering Students a Graded Wiki Option—My Experiences, and Some Lessons (Feb. 2010)
* Why More Wikipedia Editing Restrictions Are Inevitable, and Some Comments on Flagged Revisions for Living People's Biographies (Aug. 2009)
* Wikipedia and Rules Proliferation (Aug. 2009)
* Decay Rates of Committed Online Community Members--an Epinions Case Study (Jan. 2009)
* Wikipedia Revisited: the Wikipedia Community's Xenophobia (Jan. 2008)
* Wikipedia and Search Engine Marketing (SEM) / Search Engine Optimization (SEO) (May 2007)
* Wikipedia Will Fail in Four Years (Dec. 2006)
* Wikipedia Will Fail Within 5 Years (Dec. 2005)

Posted by Eric at 10:10 AM | Internet History , Marketing | TrackBack

October 11, 2012

The Proposed "Cloud Computing Act of 2012," and How Internet Regulation Can Go Awry (Forbes Cross-Post)

By Eric Goldman

Sen. Amy Klobuchar has introduced a new bill, the "Cloud Computing Act of 2012" (S.3569), that purports to "improve the enforcement of criminal and civil law with respect to cloud computing." Given its introduction so close to the election, it's doubtful this bill will go anywhere. Still, it provides an excellent case study of how even well-meaning legislators can botch Internet regulation.

What the Bill Does

From its 1980s origins as a law restricting hacking into government computers, the Computer Fraud and Abuse Act (CFAA) has morphed into a general-purpose federal law against trespassing on anyone else's computers. With that breadth, the CFAA extends to a wide variety of activities, ranging from data scraping (see, e.g., EF Cultural Travel v. Explorica) to fake profiles (see, e.g., the Lori Drew prosecution related to Megan Meier's death) to ex-employees walking out the door with competitively sensitive information (see, e.g., US v. Nosal and WEC v. Miller).

The proposed bill's main substantive provisions attempt to give "cloud computing services" extra protections under the CFAA. First, the bill says that each unauthorized access of a cloud computing account counts as a separate CFAA offense. Second, the bill specifies a formula for computing losses in CFAA violations involving cloud computing services, setting a minimum floor of $500 loss per affected cloud computing account.

Problems with the Bill

The CFAA is Already a Mess. Good luck trying to read the CFAA's text. Constant amendments over the years have created spaghetti code. This bill adds only slightly to the CFAA's overall lack-of-tidiness, but every incremental amendment makes the CFAA more unwieldy.

The Definition of "Cloud Computing Service" is Incoherent. The bill seeks to protect cloud computing services, but what are those? Check out the bill's definition:

the term "cloud computing service" means a service that enables convenient, on-demand network access to a shared pool of configurable computing resources (including networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or interaction by the provider of the service.

What??? This sounds more like a vendor's sales pitch than a basis for criminal prosecution. We can reinforce the definition's weakness by trying to determine what isn't a cloud computing service. Every user-generated content website seems to qualify; but so should every online bank. In fact, this definition of cloud computing service probably becomes co-extensive with the Internet generally.

To be fair, the failed definition isn't totally the drafter's fault. I don't think it's possible to define "cloud computing service" precisely. Tip to legislators: if you can't clearly define your subject matter of your legislation, you're probably doing something wrong.

What's the Problem That Needs to Be Solved? I can't figure out how the proposed amendments address any problem we're seeing in the field. It's possible I've missed some relevant case, but I can't think of a single case I've seen where the CFAA underprotected a cloud computing service or this legislation would have changed the outcome. Seeking some clarity, I submitted a press inquiry to Sen. Klobuchar's office last week and got no response. So I have no idea what problem this bill purports to solve.

Implications

This bill exemplifies several ongoing problems with efforts to legislate the Internet:

1) Legislative grandstanding. It's flashy for legislators to tell their constituents that they are fighting hard to protect emerging technologies like "cloud computing." But legislators rarely understand cutting-edge technologies, and usually rapidly evolving technologies are poor candidates for legislative intervention. So legislators' efforts to push buzzword-laden legislation are often more for show than substance.

2) Regulatory exceptionalism. As I explain here, legislators keep creating new "exceptionalist" rules for subsets of the Internet ecosystem--online dating sites, social networks, cloud computing services, etc. We saw how well that worked in California's effort to ban employers from asking employees for social media login credentials. California so utterly failed at defining "social media" that it simply covered the entire Internet...and all non-networked electronic data too! Yet, legislators seemingly haven't learned from their colleagues' repeated failed efforts to precisely define the contours of some Internet subcommunity. The proposed CFAA amendment, and its gibberish definition of "cloud computing service," exemplifies this.

3) Code proliferation. For every problem, real or perceived, legislators think they can fix the problem with more regulatory code. But the manufacturing of new legal code exacts a toll of its own. This bill increases the CFAA's complexity with minimal or zero commensurate benefit. If Sen. Klobuchar or anyone else really wants to "fix" the CFAA, a good start would be to reduce the law's length, organize it better, and reduce its implications for users' ordinary Internet activity.

Posted by Eric at 10:58 AM | Content Regulation , Internet History , Privacy/Security | TrackBack

July 12, 2012

Having a Facebook or Twitter Account Shouldn't Mean Mandatory California Vacations if You Get Sued (Forbes Cross-Post)

By Eric Goldman

[Given how I feel about blogging on civil procedure topics, it's ironic that my first substantive post to Tertium Quid is about Internet jurisdiction of all things. Still, this was an easy rehash of some recent blog posts that I could synthesize for a broader audience. I promise you that I will not be blogging on civil procedure topics at Tertium Quid very often, and that the rest of July's upcoming posts should be on more interesting topics!

BTW, If you didn't see, after I initially posted it, I did supplement my post on Judge Corley's DFSB ruling with cites to more cases supporting her view that Twitter/Facebook accounts alone don't produce California jurisdiction. See FN1 to that post.]
____________

Two California judges recently disagreed on whether a plaintiff can sue you in California simply because you have a Facebook or Twitter account. Fortunately, the more recent ruling reached the logical conclusion that you shouldn't have to take a mandatory California vacation just because you tweet.

Background

Questions about personal jurisdiction on the Internet—that is, when a court has the right to handle a lawsuit against the defendant—are among the most venerable (and most frequently litigated) issues in Internet law. The earliest such case I know of dates back to 1986, about a decade before the Internet became widely available. The seminal Internet jurisdiction case, Zippo v. Zippo dot com from 1997, has been cited in nearly a thousand other legal opinions.

Despite the volume of legal rulings on the topic, the rules of Internet jurisdiction remain quite unpredictable. It’s often unclear when our online activities expose us to being sued in courts clear across the country.

Social Media and Jurisdiction

That includes the simple act of using a social media account at sites like Facebook or Twitter. Not surprisingly, many social networking websites are headquartered in California (usually the Silicon Valley or San Francisco). You already know (if you read the terms of service…you did that, right?) that any lawsuit involving Facebook and Twitter will have to be in their home court in California, but if someone else sues you in California, will you have to cash in your frequent flier miles to defend yourself there?

That proposition may sound preposterous, but at least one district court has said yes. In December, a federal judge in the Northern District of California upheld personal jurisdiction over an Australian defendant in part because he “uses California companies Facebook, Twitter, and YouTube to promote the websites he operates.” My blog post on that ruling.

Fortunately, recently a different federal judge in the same district reached a different conclusion. My blog post on the case. The judge wisely said:

this Court disagrees that using the Internet accounts of companies based in California is sufficient to support a finding that a defendant expressly aimed his conduct at California. To adopt Plaintiffs' reasoning would render the “expressly aimed” prong of the Calder test essentially meaningless as it has become ubiquitous for businesses—large and small—to maintain Facebook or Twitter accounts for marketing purposes and would subject millions of persons around the globe to personal jurisdiction in California.

A few other cases addressing this issue have reached this latter conclusion as well. Ideally, this means you should be free to continue enjoying Facebook or Twitter without stressing about defending lawsuits in California courts.

Jurisdiction in a Cloud Computing Era

As a practical matter, most Internet users have no idea where the websites we use are physically “located”—and more importantly, we don’t care. So long as we can access the website over the web, the website’s physical location usually is completely immaterial to our enjoyment of the website; and web users rarely choose websites based on where those sites are physically located. In the era of “cloud computing,” any legal rule that depended on the physical location of the websites we use would be illogical. Let’s hope courts keep reaching the right conclusion on that point.

Posted by Eric at 08:37 AM | General , Internet History | TrackBack

June 16, 2012

Nathenson on Teaching Internet Law

By Eric Goldman

Ira Nathenson is a law professor at St. Thomas University in Florida. He has posted to SSRN an article called "Best Practices for the Law of the Horse: Teaching Cyberlaw and Illuminating Law Through Online Simulations," which is in our very own Santa Clara Computer & High Technology Law Journal. I've known about the article for some time, but somehow it never got onto my blogging queue--an oversight I'm now correcting.

The article is a noteworthy contribution to the tiny literature on Internet Law pedagogy. In addition to his article, there's my own article, Teaching Cyberlaw, from 2008 (see my blog post announcing the article) and an article by foreign professor Patrick Quirk.

Ira's article describes the incredibly rich simulation he creates for his Internet Law course. He plays multiple roles in the simulation, including teacher, managing partner and litigation opponent. The article describes how juggling these roles and responding to his students' actions taps into his improvisational skills, something I don't think I could pull off very well. Even so, I envy the simulation he's built and the rich "learn-by-doing" pedagogical experience it provides his students.

The abstract:

In an influential 1996 article entitled "Cyberspace and the Law of the Horse," Judge Frank Easterbrook mocked cyberlaw as a subject lacking in cohesion and therefore unworthy of inclusion in the law school curriculum. Responses to Easterbrook, most notably that of Lawrence Lessig in his 1999 article "The Law of the Horse: What Cyberlaw Might Teach," have taken a theoretical approach. However, this Article — also appropriating the “Law of the Horse” moniker — concludes that Easterbrook’s challenge is primarily pedagogical, requiring a response keyed to whether cyberlaw ought to be taught in law schools. The Article concludes that despite Easterbrook’s concerns, cyberlaw presents a unique opportunity for legal educators to provide capstone learning experiences through role-playing simulations that unfold on the live Internet. In fact, cyberlaw is a subject particularly well-suited to learning through techniques that immerse students in the very technologies and networks that they are studying. In light of recommendations for educational reform contained in the recent studies Best Practices for Legal Education and the Carnegie Report, the Article examines the extent to which “Cybersimulations” are an ideal way for students to learn — in a holistic and immersive manner — legal doctrine, underlying theory, lawyering skills, and professional values. The Article further explains how the simulations were developed and provides guidance on how they can be created by others. The Article concludes with a direct response to Easterbrook, arguing that cyberlaw can indeed “illuminate” the entire law.

Posted by Eric at 08:38 AM | Internet History | TrackBack

January 27, 2012

Top Internet Law Developments of 2011

By Eric Goldman

As usual, I'm running late with my year-end recap. This post begins with my countdown of the top 5 Internet Law developments of 2011, then it lists other interesting developments and cases. It concludes with some of the most linked posts and then my editor's choice of some posts in 2011 that might have been a little overlooked. As usual, thanks for reading the blog in 2011!

Countdown: My Top 5 List of Developments in 2011

#5: Righthaven Implodes. Since the beginning, I've been skeptical of Righthaven's business model. Seriously, who else thinks it's a good idea to sue small-time mom-and-pop bloggers and non-profits on a one-by-one basis? However, even I had no idea that Righthaven would accelerate their own demise by routinely making basic litigation errors. A sketchy business model + a litigation shop that isn't very good at litigation = one dead start-up. It's always fun (in a bloodsporty way) to watch hubristic bullies get their just desserts, but watching the Randazza firm school the Righthaven litigators in Litigation 101 has been amazing. THAT'S how you litigate.

Righthaven lost often in 2011 (see my August reset). They lost fair use rulings (e.g., CIO, Choudry). They lost on standing grounds (e.g., Democratic Underground, Wolf). They were hit with sanctions. They were hit with hundreds of thousands of dollars of attorney fee shifts (e.g., Leon, Wolf, DiBiase). They even lost their domain name in an auction--a delicious irony given that Righthaven's complaints improperly demanded its defendants' domain names on the theory that it might need the domain name to satisfy a judgment against the defendant, when in fact it was Righthaven's domain name that was used to help satisfy a judgment against it!

Righthaven ended 2011 on death's door, but the trend of newspapers trolling for copyright litigation isn't going away. I'll be watching NewsRight closely in 2012.

#4: Medical Justice Gives Up. Speaking of hubristic bullies... You recall Medical Justice, the organization that helped doctors and other medical service providers take copyright assignments from patients in their as-yet-unwritten reviews so that the doctors could expeditiously remove unwanted reviews by sending 512(c)(3) takedown notices to review sites. It's an interesting legal hack, but it has some bad side-effects, including the fact that patients hated it, the copyright assignments almost certainly were void (for public policy reasons and others), doctors were hurting themselves by discouraging patient reviews (patients prefer to choose doctors when there's a critical mass of patient reviews), and (as our research uncovered) most consumer review sites ignored the doctors' 512(c)(3) takedown notices. Obviously, with those defects, Medical Justice wasn't exactly adding a ton of value to its clients. Medical Justice finally gave up, but too late to prevent a lawsuit against one of its clients and a complaint to the FTC. Chances are Medical Justice will be living with a long-term hangover from this entrepreneurial foray.

Seeing Medical Justice stop peddling anti-patient review tools was slightly satisfying, but that result was always a fait accompli. The reason Medical Justice's change of heart matters is that shady or clueless vendors keep developing new ways to suppress unwanted consumer reviews, and I hope Medical Justice's experiences will discourage other vendors from trying the copyright hack. I talk about these dynamics more in my paper on regulating reputational information.

#3: gTLD Expansion. It remains unclear exactly what ICANN's rollout of unlimited top level domains will do. Due to the expansion of new namespaces, brand owners face a long list of complicated--and potentially expensive--choices to make. Unfortunately, these choices don't really benefit society; instead, the gTLDs tax businesses while the benefits accrue to a small number of service providers (and, of course, ICANN itself). I think many businesses will reserve their name in multiple new gTLDs to prevent squatting--with the net effect that businesses will spend more money just to preserve the status quo. Meanwhile, most consumers are likely to be bewildered by the unlimited number of TLDs, which is just going to increase their tendency to rely on search engines and link directories rather than domain names to navigate to their desired destinations.

#2: Internet Consumer Privacy Lawsuits Tank. 2011 initially looked like the year of the Privacy Plaintiff. A torrent of privacy lawsuits had been filed, plaintiffs had wrested a few important and lucrative settlements, and Internet companies continue to make questionable privacy decisions that create a steady supply of potential new lawsuits.

But the path to riches didn't materialize. Instead, 2011 emerged as the year when privacy class action lawsuits mostly failed miserably. Courts principally rejected the lawsuits on standing grounds for lack of cognizable harm, but plaintiffs failed on other related grounds, such as a lack of damages negating the prima facie case. There were some exceptions where plaintiffs made a little progress (see, e.g., Claridge v. RockYou, Anderson v. Hannaford, Fraley v. Facebook). I'm sure the privacy plaintiffs' bar will be studying those rare successes to formulate a better battle plan--and to better prepare their cases and find strong named plaintiffs, a recurring omission that hasn't gotten a lot better over the year. However, for now, it's clear that the privacy plaintiffs' bar can't just show up in court and hold out their hands for a payday.

#1: Regulators Broke the Internet. We've always known that regulators could combat bad online activity by working "up the chain," i.e., by making upstream service providers liable for the bad acts or obligated to cut off the activity. However, for the most part, we've shared a tacit understanding that systematically going up the chain was a "nuclear" option--it would fix the specific problem but only at significant collateral cost that, on balance, makes the option unattractive.

I think we'll look back at 2011 as the year that tacit understanding broke down. In 2011, regulators around the world showed a seemingly insatiable demand for working up the chain. Although we in the USA like to think we're different from other repressive regimes, the evidence suggests otherwise. Some examples of "up the chain" activity in 2011:

* Arab Spring. Repressive regimes got local Internet access providers to turn off Internet access in the country.
* Operation in Our Sites. The Immigrations and Customs Enforcement (ICE) agency keeps seizing domain names of suspected foreign rogue websites on an ex parte basis, making errors and breaking the law in the process. Mike Masnick blew open the story on Dajaz1.com, which ICE seized on an ex parte basis, conducted secret proceedings for a year, and then gave back the domain name with no explanation.
* Graduated Response. Copyright owners got Internet access providers to voluntarily (?) agree to restrict, and eventually terminate, their users' accounts.
* Secondary liability against intermediaries. Rightowners keep expanding their intermediary targets, including lawsuits against ad networks and SEOs/web designers. To be fair, some of these lawsuits aren't going very far, and expansive secondary liability theories aren't new in 2011.
* Ex Parte Seizures. Rightsowners are asking for the moon against third party service providers in ex parte proceedings, and courts are giving it to them because the third parties aren't there to represent their own interests. We recap this epidemic in this post.
* SOPA and PIPA. These proposed bills were the finest examples of rightsowners pursuing the nuclear option regardless of the collateral damage. The bills' basic architecture was to attack a wide range of intermediaries for third party actions--domain name registrars, search engines, payment service providers, ad networks. By seeking to deputize the intermediaries, the bills sought to instantiate "up the chain" duties across virtually the entire Internet. Putting aside their other policy deficiencies, I think we should resist all laws predicated on that fundamental assumption of intermediary deputization. See my post on the OPEN bill for why I reject the compromise "follow the money" solution. Sadly, I stand virtually alone in my stance.

Other Interesting Developments.

Some other interesting developments this year:

* Patent Reform. The America Invents Act is the most dramatic patent reform bill in years, and it has many provisions that may affect Internet companies, including the joinder standards, the prior user defense, and the novelty/priority standards. The law doesn't fix the overall problems with bad Internet patents or unmeritorious assertions of those patents, but it nevertheless could make some dramatic changes in what Internet companies do.

* Google and Antitrust. Google has become the incumbent in search, and all of its rivals--especially the companies Google is disintermediating--are desperately seeking to knock it off its perch. I believe Google and antitrust was the #1 topic prompting reporter phone calls to me in 2011. We are waiting to see what comes from the FTC investigation into Google's practices, and the list of Google-haters keeps growing daily. At the same time, the anti-Google forces made surprisingly little actual progress in 2011, including suffering a conspicuous (and not even close) loss in the myTriggers case. See my paper on why I am so over the Google antitrust battles.

* DC's Obsession with Busting Silicon Valley Companies. Sometimes, it feels like DC insiders wake up in the morning and wonder, "What Silicon Valley company do I feel like busting today?" Drive down the 101 from San Francisco to San Jose and play the "Spot the FTC/DOJ Bust" bingo game. Some of DC's targets in 2011: Google Buzz, Twitter (finalized in 2011), Facebook, Google pharma ads, Apple and others for no-poaching restrictions, and others. Good times!

* Judges Order Litigants to Hand Over Passwords to Social Networking Sites. This year, several judges ordered litigants to turn over their Facebook passwords to their litigation opponents for discovery purposes. See, e.g., Zimmerman v. Weis (which I added to my Internet Law reader this year). In 10 years, we'll look back at this mini-trend and shake our heads at the judicial cluelessness. Social networking sites contain a mix of public and private information, and letting a litigation opponent root around the account is just as objectionable as making a litigant hand over the keys to his/her house so the opponent can rummage around.

Other Key Court Rulings in 2011

Some other interesting court decisions this year:

* Author's Guild v. Google. The court rejected the Google Book Search settlement agreement for good reasons, but it sent the parties back to square 1. Why the parties haven't been able to broker a legislative compromise is beyond me.

* Barclays v. theflyonthewall. The Second Circuit took a big bite out of the hot news doctrine. Unfortunately, the Second Circuit didn't kill the hot news doctrine outright, but the opinion leaves open very little room for hot news plaintiffs.

* Network Automation v. Advanced System Concepts. The most important keyword advertising ruling to come out in several years. While the ruling itself was a mixed bag for the litigants, the opinion tore down a number of crusty plaintiff-favorable legal doctrines that had cluttered up trademark jurisprudence for years--including virtually mooting the initial interest confusion doctrine and killing the "Internet trinity" bypass to the standard multi-factor likelihood of consumer confusion test. I've noticed that the opinion has already noticeably tilted courts towards more defense-favorable rulings.

* Betty Boop case (Fleischer Studio v. AVELA). For a few months, it looked like the Ninth Circuit had eliminated trademark merchandising rights in characters that were out-of-copyright. Then it changed its mind; but still it liberated Betty Boop to the world.

* PhoneDog v Kravitz. An interesting battle over ownership of a Twitter account.

* Levitt v Yelp/Ascentive v. PissedConsumer. 47 USC 230 still works really, really well as an immunity. In Levitt, Yelp got a 230 dismissal that Yelp had tried to get advertisers to pay to manage consumer reviews. In Ascentive, the court rebuffed a plaintiff's effort to use a trademark infringement claim against a consumer review website to work around 230.

* Habush v Cannon. Buying a person's name as the trigger for keyword advertising doesn't violate their publicity rights.

* UMG v. Shelter Capital. While everyone waits for the Second Circuit's decision in Viacom v. YouTube, the Ninth Circuit stole some of that thunder with a powerful endorsement of the 17 USC 512 safe harbor. Too bad Veoh didn't live long enough to enjoy the win.

* In re Rolando S. Rolando was convicted of felony identity theft for taking a classmate's Facebook page for a joyride. My vote for the most interesting Internet Law case of 2011, and an instant cyberlaw classic. I've already added it to my Internet Law reader, and the students seemed to enjoy discussing the case.

Some of the Most Linked Blog Posts in 2011 (Per Topsy)

* New Advertising & Marketing Law Casebook Available for Review
* Court Orders Plaintiff to Turn Over Facebook and MySpace Passwords in Discovery Dispute -- Zimmerman v. Weis Markets, Inc.
* "App Store" Isn't Generic, But Apple Can't Enforce Its Purported Trademark in the Term--Apple v. Amazon (Apple legal issues are always good link bait)
* Twitpic Modifies Terms and Claims Exclusive Rights to Distribute Photos Uploaded to Twitpic
* Republishing Entire Newspaper Story is Fair Use--Righthaven v. CIO
* Court Rules That Instant Message Conversation Modified the Terms of a Written Contract -- CX Digital v. Smoking Everywhere (the most popular post of the year by far--a modern Contract Law classic)
* Second Life Ordered to Stop Honoring a Copyright Owner's Takedown Notices--Amaretto Ranch Breedables v. Ozimals

Favorite "Overlooked" Posts

A few posts that maybe got overlooked a little:

* Cyberbullying and Restorative Justice [a Long-Delayed Post on DC v. RR]
* Racy Teen Photos Posted to Facebook Are Constitutionally Protected Speech--TV v. Smith-Green
* Marijuana Activist Can't Change His Name to "NJWeedman.com" -- In re Forchion
* Free-to-Consumers Ad-Supported Website Isn't Illegally Priced--Cammarata v. Bright Imperial
* What Would a Government-Operated Search Engine Look Like in the US?

Lists of Yore

Previous top 10 lists from 2010, 2009, 2008, 2007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 2005, 2004 and 2003.

Posted by Eric at 09:45 AM | Copyright , Derivative Liability , Domain Names , Evidence/Discovery , Internet History , Patents , Privacy/Security , Search Engines , Trademark | TrackBack

October 03, 2011

New Essay on 47 USC 230(c)(2)

By Eric Goldman

I have posted a new essay, Online User Account Termination and 47 U.S.C. §230(c)(2), to SSRN. I wrote this essay as a contribution to a virtual world symposium at UC Irvine, and it will be published in the UC Irvine Law Review.

The essay generally argues that 47 USC 230(c)(2) permits online providers, including virtual world operators, to terminate user accounts without liability. Academic commentators frequently ignore or fail to consider Section 230(c)(2)'s immunity when discussing user account terminations, so the essay tries to elevate Section 230(c)(2)'s profile in the discussions, especially for the virtual world community. To me, Section 230(c)(2)'s applicability to account terminations is clear, but the story is complicated and perhaps not free from controversy. In addition to explaining the nuts-and-bolts, I offer a brief theoretical defense of the immunity.

I believe this essay is the first law review article exclusively on 47 USC 230(c)(2), the overlooked and undertheorized sibling of Section 230(c)(1). (FWIW, I have another, much larger article in process on Section 230(c)(1) that I hope to complete next semester.) If I've missed a 230(c)(2)-specific article, please please please let me know. For that reason alone, I'm quite excited about this essay.

I'm also excited about this essay because it culminates a topic I've been contemplating since I began blogging--the implications of virtual world proprietors' rights to terminate for convenience. See, e.g., this post--one of my first on the blog--from 6 1/2 years ago. After all these years, I'm glad to finally organize my thoughts more completely.

The essay is in draft form, so I would gratefully welcome your comments.
________

The abstract:

An online provider’s termination of a user’s online account can be a major-and potentially even life-changing-event for the user. Account termination exiles the user from a virtual place the user wanted to be; termination disrupts any social network relationship ties in that venue, and prevents the user from sending or receiving messages there; and the user loses any virtual assets in the account, which could be anything from archived emails to accumulated game assets. The effects of account termination are especially acute in virtual worlds, where dedicated users may be spending a majority of their waking hours or have aggregated substantial in-game wealth. However, the problem arises in all online environments (including email, social networking and web hosting) where account termination disrupts investments made by users.

Because of the potentially significant consequences from online user account termination, user-rights advocates, especially in the virtual world context, have sought legal restrictions on online providers’ discretion to terminate users. However, these efforts are largely misdirected because of 47 U.S.C. §230(c)(2) (“Section 230(c)(2)”), a federal statutory immunity. This essay, written in conjunction with an April 2011 symposium at UC Irvine entitled "Governing the Magic Circle: Regulation of Virtual Worlds," explains Section 230(c)(2)’s role in immunizing online providers’ decisions to terminate user accounts. It also explains why this immunity is sound policy.

Posted by Eric at 09:10 AM | Derivative Liability , Internet History , Licensing/Contracts , Virtual Worlds | TrackBack

August 30, 2011

Fall 2011 Internet Law Reader and Syllabus

I have posted my Internet Law syllabus for Fall 2011. In addition, as I did last year, I have posted my Internet Law course reader to Scribd as a DRM-free pay-to-download PDF. You can also buy a print-on-demand copy at CafePress. If you are an academic and would like a free PDF, email me. If you are interested in adopting the reader for your class, definitely let me know and I can also share my PPT slide deck with you. If you are outside the US and therefore unable to pay due to Scribd's policies, contact me as well.

This year, I made the following changes to my course and the reader:

* Regarding keyword advertising, I replaced the Hearts on Fire case with the Network Automation case. I'm still not 100% sure how the Network Automation case will be interpreted by the lower courts, but the early rulings suggest the Network Automation case has tilted things a little more towards the defense.

* I added the Illinois v. Hemi case. The last thing I want to do is spend more time on Internet jurisdiction issues, but I was able to edit the case down to less than 2 pages. Even with that brief treatment, the opinion is helpful to illustrate the problems of geographic scienter for e-commerce sites, as well as the opinion's explicit repudiation of the dying Zippo precedent.

* I added Zimmerman v. Weis, which allowed a litigant to get the passwords to its opponent's Facebook account for discovery purposes. At its core, it's an e-discovery case, and I don't plan to spend a lot of time on that topic. However, I think the case will spur a lot of student thinking about the differences between a Facebook account and offline analogues from a privacy standpoint.

* I added the In re Rolando S. case, which said that taking someone else's Facebook account for a joyride was felony identity theft. I think this is one of the most thought-provoking Internet law cases from the past year. I'm going to be especially interested to see how the students respond to the case.

* I deleted the Mummagraphics and BMG v. Gonzalez cases. It's always painful to drop cases, but I needed to free up some space for these additions. The Mummagraphics case remains an important precedent, but it did duplicate with a lot of the discussion from the trespass to chattels material earlier in the semester. The BMG v. Gonzalez case was useful to punctuate the point that a fair use defense isn't going to succeed in the case of personal music downloading, but I think I can make that point effectively enough without the case.

In the reader, I also added a number of drawings, screenshots and other graphical materials to help with the material, plus I added some notes and questions after some of the cases. Progressively, the reader is turning into a real casebook.

My analogous blog posts from years past: 2010; 2009; 2008; 2007; 2006; 2005.

Posted by Eric at 08:47 AM | Internet History | TrackBack

May 25, 2011

Ohio Appeals Court: GoDaddy can be Held Liable for Wrongly Transferring Control Over Domain Name and Email Accounts -- Eysoldt v. ProScan

[Post by Venkat Balasubramani]

Eysoldt v. GoDaddy, et al., C-100528 (Ohio Ct. App.; May 18, 2011)

Actions against registrars for allowing domain names to be wrongly transferred have been relatively rare. Members of the Eysoldt family brought claims against GoDaddy alleging these types of claims. A jury ruled in their favor and the Ohio Court of Appeals declined to set aside the verdict.

Jeff Eysoldt registered Eysoldt.com through GoDaddy. He used this account for personal purposes--he stored photos and used it for email, and he allowed other family members to do so. He also registered and managed a domain name for his sister's business through this account. Separately, he entered into a business arrangement with ProScan, and the parties sought to build out a website which would promote cosmetic surgery centers. As part of this project with ProScan, he registered Myrejuvenate.com and placed this domain name in the same GoDaddy account as his personal domain name and his sister's domain name.

The relationship between Eysoldt and ProScan soured, and ProScan sought control of the domain name and the website. One of the ProScan executives called GoDaddy directly. GoDaddy's customer service representative saw that the domain name was registered under Eysoldt's name but "verified" the account information with the ProScan executive by confirming the method of payment and account number used to pay.

GoDaddy gave ProScan control over the Myrejuvenate.com domain name. Unfortunately, it also gave ProScan control over the other domain names and associated email accounts in Eysoldt's GoDaddy account. Eysoldt contacted GoDaddy to fix the problem, but he was told he had to fill out a verification form and fax this along with his drivers license. He did this, but GoDaddy responded to him that his face was not legible in the copy of the drivers license. The ProScan executive also contacted GoDaddy and asked that the domain names other than Myrejuvenate.com be transferred back to Eysoldt, but this too was unsuccessful.

Ultimately, Eysoldt sued GoDaddy. He sued ProScan as well but settled with them. The jury ruled in favor of the Eysoldt and awarded him $50,000 ($20,000 for invasion of privacy and $30,000 for conversion). Two other Eysoldt family members were awarded $10,000 each ($7,000 for invasion of privacy and $3,000 for conversion). (Here is a link to the verdict form.)

GoDaddy made several technical arguments on appeal and the court rejects them all.

Economic Loss doctrine: GoDaddy argued that Eysoldt's claims were barred by the economic loss rule, but the court says that this rule only applies to negligence claims and not to intentional torts.

Conversion: GoDaddy argued that a domain name cannot form the basis for a conversion action because it is intangible property. The court says (citing to CRS Recovery, Inc. v. Claxton) that times have changed. A domain name is readily identifiable and can be converted. GoDaddy also argued that the family members could not assert conversion claims because they testified that they lacked any ownership interest in the accounts. On this point, the court ruled that there was sufficient evidence from which a jury could conclude that GoDaddy converted the "conditional email and private communications [of the family members] that were contained in the GoDaddy account."

Invasion of Privacy: Finally, GoDaddy argued that there was insufficient evidence to support an invasion of privacy claim because there was no evidence that GoDaddy accessed the email accounts. The court rejects this argument also, noting that Eysoldt testified that someone had accessed the emails. According to the court, the harm flowed from the disclosure and not the misuse of the emails. In any event, the court cites to the fact that GoDaddy took control of personal emails, websites, and communications and just handed them over to a third party.

---

GoDaddy had a pretty tough argument here given the facts. To treat a domain name as anything other than valuable third party property would be a mistake by registrars. There was some confusion early on as to whether domain names are contract rights (which do not support conversion claims) instead of property, but courts have long moved on from this question. (See Kremen v. Cohen, CRS v. Claxton, Office Depot v. Zuccarini, Bosh v. Zavala, etc.) I'm surprised GoDaddy didn't raise an argument based on waivers or limitations of liability contained in its end user agreement, but the opinion does not discuss them.

The court's conclusion regarding the invasion of privacy claim is worth noting because the court did not take the approach numerous courts have taken in data breach cases and require any showing of out-of-pocket loss. The likely explanation for this is that the plaintiff here asserted claims under the "intrusion" theory, where the harm flows from the mere disclosure, rather than the misuse, of data, but this should require a showing that the accounts contained information that was of an intimate nature. The court alludes to this in describing what type of information was contained in these email accounts, but does not come out and explicitly state this or cite to any specific information which would support a claim of intrusion.

The court's conclusion that the other family members could recover for conversion also glosses over a few nuances. The sister had a domain name registered through GoDaddy, but the court does not connect the dots on how giving Proscan control over the GoDaddy account translates into a conversion claim for the other family members. The court instead focuses on the email accounts and notes:

[w]hile Jill and Mark [the other family members] acknowledged that the account was registered to Jeff, the evidence showed that each of them had email accounts set up within Jeff's account. Additionally, Jeff and Jill had created content for Jill's website for her business, Good Karma Cookies. When Go Daddy gave control of the account to Wallace and ProScan, Jill could not access her website. Likewise, Jill and Mark could not access their email accounts. Thus, as the trial court stated, 'there was sufficient evidence produced at trial that would support the jury finding that GoDaddy converted the conditional and private email communications of Mark and Jill Eysoldt that were contained in the GoDaddy account.'

The court's focus on control over email accounts and content does not square well with the cases which say that domain names can be converted because they are freely transferable and can be bought and sold. Under the court's approach, a registrar could be found liable for terminating access to an email or hosting account, and this sounds problematic.

[Eric's comment: indeed, I read this opinion as hinting that any cloud service provider could "convert" a user account's to the extent that service provider "wrongfully" "cuts off" the user's access to his/her own intangible files. I don't think the court means to go there, but holding that GoDaddy converted the emails (as opposed to the domain names) naturally leads to a very dark place.]

It's clear that courts are not reluctant to impose some sort of obligation on the part of registrars to guard against identity theft. Registrars may need to adopt authentication procedures as rigorous as the procedures that banks use to authenticate bank accounts. Of course, even this approach is not infallible, and not easy to implement, given that much of the customer service interaction between a registrar takes place over the phone. Another suggestion is for registrars to respond promptly to any claims by customers of domain name theft. Sending a canned response from customer service when a customer frantically emails saying that his or her domain name has been stolen is not going to look good in the eyes of the fact-finder.

I'm struck at how often people register business and personal domain names in the same account, and how often the web-person ends up registering the domain name for a project in his or her account, rather than in the name of the entity, or a separate account which both joint ventures have control over. The domain name as a bank account analogy is useful here, and if you are part of a joint venture, think about whether you would want to give your co-venturers sole control over the bank account.

Posted by Venkat at 09:20 AM | Domain Names , Internet History , Licensing/Contracts , Publicity/Privacy Rights

April 18, 2011

Judge Recognizes Loss of Value to PII as Basis of Standing for Data Breach Plaintiff -- Claridge v. RockYou

[Post by Venkat Balasubramani with comments from Eric]

Claridge v. RockYou, 2011 WL 1361588 (N.D. Cal.; Apr. 11, 2011)

RockYou is a developer and publisher of applications for use with Facebook, MySpace, hi5, and Bebo. RockYou's applications allow users to share photos, write text on a friend's page, or play games with other users. In order to sign up, users are asked to provide an email address and create a password. Users may also be required to provide their social network user name and passwords. RockYou displays advertisements on the apps. RockYou claims to have "more than 130 million unique customers using its application on a monthly basis."

RockYou was alerted to an alleged security problem with its SQL database in late December 2009 by an online security firm. Plaintiff claims that RockYou failed to act quickly enough to address this problem, and as a result

at least one confirmed hacker known as 'igigi' accessed RockYou's database, and in the process accessed and copied the email and social networking login credentials of at least 32 million registered RockYou users.

Plaintiff sued RockYou in a putative class action, alleging a slew of claims: breach of contract, the Stored Communications Act, negligence, California's anti-hacking statute, and California's unfair competition and consumer protection statutes.

Standing: RockYou argued that plaintiff lacked standing - i.e., that the unauthorized access of plaintiff's login credentials did not cause plaintiff any "concrete, tangible, non-speculative harm." In response, plaintiff argued that:

[RockYou's] customers, including plaintiff, 'pay' for the products and services they 'buy' from [RockYou] by providing their PII, and that the PII constitutes valuable property that is exchanged not only for [RockYou's] products and services, but also in exchange for [RockYou's] promise to employ commercially reasonable methods to safeguard the PII.

The court agreed with plaintiff and found that plaintiff alleged an injury in fact sufficient to confer standing. The court noted that the case law is mixed on the question of whether data breach plaintiffs have standing to sue. The court recognized the novel context in which the claims arose:

the unauthorized disclosure of personal information via the Internet - is itself relatively new, and therefore more likely to raise issues of law not yet settled in the courts.

Although the court expressed "doubts about the plaintiff's ultimate ability to prove [plaintiff's] damages theory," the court declines to dismiss on the basis of standing.

Contract Claims: The court initially rejects RockYou's request to dismiss the contract claims (based on a breach of RockYou's privacy policy) on the basis that plaintiff did not lose anything of value. For pleading purposes,

plaintiff . . . sufficiently alleged a general basis for harm by alleging that the breach of his PII has caused him to lose some ascertainable but unidentified 'value' and/or property right inherent in the PII.

RockYou argued that the privacy policy terms expressly provided that it could not be held liable for any unauthorized third party access to users' personal information, but the court disagrees, citing to RockYou's privacy policy. The policy disclaims liability where a third party accesses user information contained in RockYou's "secure servers," but the court notes that RockYou's servers were not in fact secure. The court also cites to flowery language in RockYou's privacy policy to the effect that RockYou takes "commercially reasonable . . . safeguards" to protect user information.

Consumer Protection Claims: Plaintiff loses on his California consumer protection act claims. With respect to his claim under California's unfair competition law, one of the two requirements is that the plaintiff has to have lost "money or other property" in order to bring a claim. The court holds that the UCL's standing requirements are stricter than Article III standing requirements, and require the plaintiff to have paid money or "parted with some particular item of property he formerly possessed." The court does not buy plaintiff's novel theory that plaintiff's "PII constitutes 'currency'" under the statute. No luck for plaintiff under the UCL.

Similarly, the court rejects plaintiff's claim under the California Consumer Legal Remedies Act, because the statute only applies to plaintiffs who "purchase or lease" goods or services for "personal, family, or household purposes." Here, plaintiff has not purchased or leased any goods or services.
__

Plaintiff's other claims received mixed results. The court dismissed the Computer Fraud and Abuse Act claim with leave to amend (plaintiff admitted that it cited the wrong statutory provision), found that RockYou was not liable under California's anti-hacking statute (section 502), and found that plaintiff adequately stated a negligence claim.

Data breach cases have uniformly rejected the claims of plaintiffs who have not actually lost any money out of pocket. Some cases have done so on the merits, and other cases have done so on the basis of standing (some cases, such as Krottner v. Starbucks, have rejected the claims on the merits but have expressly found standing). The big question is whether this ruling moves the needle in any way. I'm inclined to say no, but the way in which the plaintiff cast his claim and the court characterized it is interesting.

The privacy policy / breach of contract analysis was also interesting. There is case law expressing skepticism as to whether a privacy policy is even a contract that can support a breach of contract action ("When Does a Privacy Policy Breach Support a Breach of Contract Claim?"), but courts lately don't think twice about analyzing privacy policy claims under the breach of contract framework. Companies (for whatever reason) continue to include flowery language in their privacy policies that courts latch on to when putting them on the hook for privacy foibles.

Eric's comments

There is a lot to dislike about this opinion.

First, RockYou's privacy policy promised "RockYou! uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information..." This is industry-standard fluff language in a privacy policy. I bet we could find tens of thousands of privacy policies with similar language. I believe the prevailing view among lawyers is that this language couldn't be actionable. It doesn't promise security or integrity; it just promises the company will deploy *some* safeguards. Further, the efforts are only supposed to be "commercially reasonable"--language which many lawyers believe is equivalent to "we'll try."

Here, the plaintiff attacks the language by arguing that RockYou didn't encrypt its data. Now, I recommend to clients that they encrypt their databases of user data in all circumstances, but is it commercially unreasonable to do so? The defendant doesn't get the decisive win it expected on that point. (The plaintiff also asserts that the defendant was derelict in patching a security flaw that allowed the bad guys to do an SQL injection attack, so the two arguments may have reinforced each other enough to convince the judge there may be something to this case). As Venkat suggests, it's time to cut the fluffy language from privacy policies. Courts and plaintiffs are overresponding to it.

Second, the court's decision not to use Article III standing to kick out the case was unfortunate. Although I am sympathetic that Article III standing dismissals are harsh on plaintiffs--they never get a chance to say anything--the doctrine has been very useful at squelching unmeritorious privacy cases early. This case is effectively indistinguishable from the other cases where Article III standing has been used; it's a garden-variety security breach with no known tangible consequences (other than lawyers looking for a little gravy). Based on the precedent, an Article III standing dismissal would have been a logical outcome.

The court's acquiescence to the plaintiff's argument ("defendant’s customers, including plaintiff, “pay” for the products and services they “buy”from defendant by providing their PII, and that the PII constitutes valuable property") smacks of the old academic debates in the late 1990s/early 2000s about whether personal data should be propertized. It was a weird debate because many of the academics who oppose copyright doctrinal expansion were simultaneously advocating for increased propertization of personal data as a privacy/anti-advertising technique. Personally, I had hoped all of those theories had been lost in the dustbins of history. Instead, this court moves in that direction. Privacy advocates might rejoice, but be careful what you wish for.

The court's embrace of a "novel" theory is especially frustrating because the court goes on to say that it has doubts about the plaintiffs' ability to prove damages in the end. So instead of doing the socially optimal thing--killing a meritless lawsuit early--the court embraces a theory likely to fuel privacy advocates to bring other meritless cases; while keeping this case open may very well cause both parties to spend a lot of money only to kill a meritless case later. This may be a situation where the judge is being just a bit too careful.

Third, assuming that personal data is "property," this isn't a situation where the vendor sold the data or misused it for advertising. Instead, there was no impairment to the users' "property right"; it was a security breach. So this is a particularly poor case for the personal-data-as-property meme.

One small piece of good news from this opinion: the court interprets California Penal Code Sec. 502 narrowly and effectively prevents the plaintiffs from converting it into a sword to be used against companies that get hacked. We don't have many Penal Code 502 rulings, but most of the extant rulings read the statute pretty broadly. I'm glad to see the court was more circumspect on that point.

Posted by Venkat at 09:19 AM | Internet History , Licensing/Contracts , Marketing , Privacy/Security , Trespass to Chattels | TrackBack

March 03, 2011

Jan.-Feb. 2011 Quick Links, Part 4

By Eric Goldman

Internet Freedom

* The EFF points out the inconsistency between Hillary Clinton's speech championing Internet freedom abroad when our own US government has gone rogue on its own citizens, including unlawful domain name seizures and an obsessive vendetta against Wikileaks.

* Fast Company: Why Twitter stood up for its users against the "secret" Wikileaks subpoena when other sites didn't.

47 USC 230

* Fleming v. Duncan: Yahoo wins 47 USC 230 motion to dismiss in Georgia state court.

* Neeley v. NameMedia, Inc., 2010 WL 5677069 (W.D. Ark. Dec. 16, 2010). 47 USC 230 preempts "outrage" claim over displaying nude photos in search results. A complementary follow-up ruling: Neeley v. NameMedia, Inc., 2011 WL 336174 (W.D. Ark. Jan 31, 2011).

* Several professors contributed essays to a book critical of 47 USC 230. Paul Levy takes them on.

* Jonathan I. Ezor, Busting Blocks: Revisiting 47 U.S.C. § 230 To Address The Lack Of Effective Legal Recourse For Wrongful Inclusion In Spam Filters, Richmond Journal of Law and Technology (Fall, 2010).

Spam

* Facebook, Inc. v. Fisher, 2011 WL 250395 (N.D. Cal. Jan. 26, 2011). Facebook gets $360M default judgment against spammers.

* Goodmail shutting down.

History

* Antone Johnson on the dot-com hangover of 2000-2002.

* 25 Best Startup Failure Post-Mortems of All Time.

Miscellaneous

* You can watch video from Next Digital Decade event. More on that event: 1, 2, 3. If you haven’t looked yet, you should check out the book.

* Unique Products Solutions v. Hy-Grade Valve (N.D. Ohio Feb. 24, 2011). Patent false marking qui tam process is unconstitutional.

* Shrader v. Biddinger, 2011 WL 678386 (10th Cir.(Okla.) Feb 28, 2011). In this Internet jurisdiction case, the Tenth Circuit adopts ALS Scan v. DSC as its test rather than Zippo.

* FairSearch.org has a new partial rival, Faretransparency.org, the web front for the Open Allies for Airfare Transparency, "a coalition representing all of the stakeholders in the travel booking industry, works to promote price transparency and full access to airline pricing and fee information." It's chaos in the online travel booking industry right now!

* Very useful table: State Cyberstalking, Cyberharassment and Cyberbullying Laws

* Evony sues its user for automated mapping of its site.

* ABA Journal: "For Federal Plaintiffs, Twombly and Iqbal Still Present a Catch-22"

* Direct Marketing Association v. Huber, No. 10-cv-01546-REB-CBS (D. Colo. Jan. 26, 2011). Judge strikes down Colorado's attempt to impose an "Amazon" tax as unconstitutional. My previous reference to the law.

* In the Silicon Valley, being the "Craigslist Congressman" might be considered a compliment. Unfortunately, that term will now be pejorative.

* Segal v. Amazon, 2:11-cv-00227 (S.D. Fla. Feb. 4, 2011). Amazon's participation agreement's venue selection clause upheld.

* Rep. Matheson wants to require age authentication to access online porn. Been there/done that 13 years ago with COPA. Lest you forget, it was unconstitutional.

Funny Stuff

* French second-graders are shown items like an old Fisher Price record player and 3.5 and 5 inch floppies and are totally baffled by them. Funny video.

* Great Dilbert strip riffing on the old joke of how you know if a lawyer is lying.

Posted by Eric at 11:53 AM | Content Regulation , Derivative Liability , Internet History , Patents , Spam | TrackBack

March 01, 2011

Jan.-Feb. 2011 Quick Links, Part 3 (Trademarks, Domain Names and Trade Secrets Edition)

By Eric Goldman

Trademarks and Domain Names

* From my perspective, the Department of Homeland Security (DHS) domain name seizures are one of the US government’s top 5 all-time worst assaults on the Internet’s integrity. DHS’s ICE division is grabbing domain names—the virtual equivalent of printing presses—citing half-baked legal theories and poorly researched factual claims without any advance notice or adversarial proceedings. This is exactly what we expect our government won’t do.

Yet, I haven’t seen a proportionate blowback. Why aren’t affected domain name owners suing the government for improperly seizing their printing presses? (This takes me back to the 2-decade-old Steve Jackson Games case and the EFF’s founding). Why aren’t there Congressional hearings asking DHS to defend its behavior? Where aren’t other parts of the administration forcing DHS to justify itself? Why aren’t judges pushing DHS to do a better job of demonstrating their cases on an ex parte basis? I’m a little baffled why there hasn’t been a revolt against the DHS’s baldfaced abuse of government power. I confess I’m part of the problem in that I haven’t grabbed the pitchforks either, but I’m not sure how I can best help. If you have any thoughts, I’d welcome them.

A linkwrap on this topic:

- Techdirt raises some general questions.
- One of the DHS affidavits. Techdirt deconstructs it.
- Sen. Wyden seems like our only legislator paying attention.
- Wendy Seltzer explores the due process problems.
- An ICE representative tried to defend its actions, with no success.
- Another 18 names seized.
- In a crackdown aimed at child porn, DHS took down 84,000 websites "by mistake." This is exactly the kind of “mistake” that would not happen if due process were followed and speech restrictions were subject to adversarial proceedings.
- EFF on what the repeated DHS screwups teach us about the "wisdom" of COICA:
- Techdirt: “ICE Boss: It's Okay To Ignore The Constitution If It's To Protect Companies”

* Private Career Training Institutions Agency v. Vancouver Career College (Burnaby) Inc., 2011 BCCA 69 (BC Ct. App. Feb 11, 2011): "The burden was on the appellant to satisfy the judge that there were reasonable grounds to believe that the respondents’ use of keyword advertising was actually or potentially misleading. He found as a fact that the appellant had not established that the respondents’ keyword advertising was actually or potentially misleading. He stated that the appellant had not persuaded him that the respondents’ use of its competitors’ names in keyword advertising “could...lead a student astray or into making a harmful error of judgment”. There was evidence to support those findings."

* NY S953: New York is trying yet again to ban domain name sales to terrorist groups. My prior blog post.

* Kim v. Coach: class action suit for Coach sending trademark takedown notices to eBay for the resales of legitimate goods. AP story.

* Joe Mullin recaps our efforts to crack open the Rosetta Stone v. Google joint appendix.

* LinkedIn allows ad targeting by company name. Competitive poaching, anyone? Will they be the newest defendants in keyword ad lawsuits?

* Rebecca covers an interesting and complicated dispute over a comparable drug being linked to a patented drug in a pharmaceutical reference database, with some parallels to keyword advertising.

* The Supreme Court denied certiorari in the latest appeal in Moseley v. V Secret Catalogue Inc. Prof. McCarthy on the ruling for which certiorari was sought.

* Law.com: Digital Chocolate and Zynga Settle over 'Mafia Wars'

* Ford sues Ferrari for naming one of its race cars "F150" in celebration of Italy's 150th anniversary of unification.

* Subway seeks to trademark "footlong."

* Las Vegas Sun: Double Down Saloon v. Double Down Lounge.

* Technolawyer tries to enforce a trademark in “SmallLaw.”

* Fleischer Studios v. AVELA (9th Cir. Feb. 23, 2011). The Ninth Circuit says that the Betty Boop character is in the public domain. This is quite a remarkable opinion, but I particularly call your attention to the discussion about trademarks and merchandising (cites omitted):

Even a cursory examination, let alone a close one, of “the articles themselves, the defendant’s merchandising practices, and any evidence that consumers have actually inferred a connection between the defendant’s product and the trademark owner,” reveal that A.V.E.L.A. is not using Betty Boop as a trademark, but instead as a functional product. Just as in Job’s Daughters [a 1980 9th Circuit case the majority cites even though it wasn't cited by either party or the district court], Betty Boop “w[as] a prominent feature of each item so as to be visible to others when worn . . . .” A.V.E.L.A. “never designated the merchandise as ‘official’ [Fleischer] merchandise or otherwise affirmatively indicated sponsorship.” Fleischer “did not show a single instance in which a customer was misled about the origin, sponsorship, or endorsement of [A.V.E.L.A.’s products], nor that it received any complaints about [A.V.E.L.A.’s] wares.”...“The name and [Betty Boop image] were functional aesthetic components of the product, not trademarks. There could be, therefore, no infringement.”

The court goes on to discuss Dastar:

If we ruled that A.V.E.L.A.’s depictions of Betty Boop infringed Fleischer’s trademarks, the Betty Boop character would essentially never enter the public domain. Such a result would run directly contrary to Dastar.

I applaud the majority opinion's spirit, and this could be quite a revolutionary opinion if it truly sets Ninth Circuit precedent. However, I’ve repeatedly criticized the Ninth Circuit for making up the rules panel-by-panel (I know I'm not the only one), and I suspect this is just another one-off. Kate Spelman thinks this is a good case for en banc review (I agree).

* WSJ: A quick survey of major legal issues in franchising law.

* Meth Lab Cleanup LLC v. Spaulding Decon, LLC, 2010 WL 5572397(D. Idaho Oct. 25, 2010): "the mere fact that resulting harm from the alleged confusion over the contents of the parties' websites may be incurred by an Idaho company is not sufficient to show that Spaulding “directed” its conduct toward Idaho."

* Walgreens is elevating the profile of its house-branded products.

* Index of WIPO UDRP Panel Decisions

* Oddee: 12 Hilarious Knock-off Fails

Trade Secrets

* Has the original Coca-Cola recipe leaked out?

* Reality Blurred: The producers of Survivor sue over leaked information about the upcoming season, but they drop the suit once they learn the leak source.

* David S. Almeling et al, A Statistical Analysis of Trade Secret Litigation in State Courts

Posted by Eric at 01:44 PM | Domain Names , E-Commerce , Internet History , Trade Secrets , Trademark | TrackBack

February 10, 2011

Comparative Domain Name and Keyword Regulation Talk Slides

By Eric Goldman

I have a busy semester of talks, so I will be rolling out some talk slides over the next few days. Today, I'm posting my talk slides from a talk I gave last month at the University of Houston as part of this event. I titled the talk "Domain Name and Keyword Regulation."

This is a newly updated version of a talk I gave in 2007 at McGeorge Law School. At the time, I was interested in how we codified various forms of domain name exceptionalism compared to other keyword navigation tools. (The impetus for that talk, in turn, comes from my Deregulating Relevancy article, where I make this point more fully). This time, I think I did a better job offering some reasons why domain names may truly differ from keywords, so perhaps the "exceptionalism" isn't as remarkable as I indicated in 2007 (or is justifiable in part).

Revisiting the talk after 4 years, what really caught my attention were the relative quantum of regulations targeted specifically at domain names and keywords, respectively. I did a search in Westlaw's federal and state statutory databases for "domain name," and I was overwhelmed with hundreds of search results. I'm amazed how many statutes call out domain names and, in some cases, subject domain names to exceptionalist regulation. I taxonomize these various types of domain name regulations in my slides.

In contrast, we still have virtually no keyword advertising-specific regulation. The only such law still on the books is the Alaska anti-adware law, a law that I believe everyone simply ignores (although perhaps it's been mooted by the demise of adware circa 2005). When I initially gave the talk in 2007, the Utah Spyware Control Act was still on the books, but Utah ultimately (and wisely IMO) repealed that law, and Utah's other flirtations with keyword regulations have fortunately petered out. Given how keyword advertising has eclipsed domain names in so many ways, I remain perplexed by this disparity in regulatory attention despite the distinguishing characteristics between the two.

Posted by Eric at 11:30 AM | Adware/Spyware , Domain Names , Internet History , Trademark | TrackBack

February 01, 2011

Free-to-Consumers Ad-Supported Website Isn't Illegally Priced--Cammarata v. Bright Imperial

By Eric Goldman

Cammarata v. Bright Imperial Ltd., 2011 WL 227943 (Cal. App. Ct. Jan. 26, 2011). The complaint. The trial court ruling.

If you can't compete with free, can you litigate it away?

Kevin Cammarata ran subscription-based porn sites until he sold his business at an allegedly depressed sales price. The defendant runs an ad-supported porn site, RedTube.com, one of many porn websites with the suffix -tube.com as an homage to YouTube. Nothing about any of the websites implicated by this lawsuit is office-safe. The court, apparently with a straight face, sets the context by saying "the formerly profitable subscription-based websites 'have been brought to their knees' by the tube-based sites." (Once again reinforcing that the Internet is really just a series of tubes...?)

Unhappy with competing with free, Cammarata sued RedTube and some of its advertisers for unfair business practices. Cammarata's attorney, Jay Spillane, was quoted as saying "Tube sites have done injury to the business. We feel RedTube and other sites like them are crowding out competition when it comes to the online adult business.”

Crowding out competition? Is that another way of saying that new entrepreneurs are winning market share from incumbents?

The court summarizes the allegations against RedTube:

Cammarata contends that Bright's unlawful activities consist of (1) allowing customers to view adult entertainment videos on its website below cost for the purpose of injuring Cammarata's business and destroying his competition in violation of Business and Professions Code section 17043; (2) unlawfully using its videos as "loss leaders" in violation of Business and Professions Code section 17044; and (3) engaging in "unlawful, unfair, or fraudulent business practices or acts" in violation of Business and Professions Code section 17200. The advertising defendants are allegedly aiding and abetting Bright in accomplishing the conduct described above.

The trial court granted the defendants' anti-SLAPP motion. The appellate court upholds that ruling. Unless something changes, Cammarata should be writing a check to the defendants for their troubles.

Frankly, I'm not sure about the application of anti-SLAPP laws here. The court's treatment of the "public interest" is pretty lax--basically, the statutory "public interest" here is that lots of people are generally interested in porn ("Cammarata and Bright agree that there is a substantial public interest in the kind of sexually explicit videos shown on tube-sites such as Redtube"--news flash of the day!). Nevertheless, I'm glad it results in a fee shift given the sheer craziness and anti-consumer sentiments of the lawsuit.

Cammarata argued that he was suing over RedTube's pricing decisions, not its publication of videos. The court rejects this argument:

We reject Cammarata's argument that his causes of action arise from Bright's predatory pricing, not its speech, because here the product being priced is speech, not dog food. All of Cammarata's causes of action arise from Bright's conduct of placing speech on the Internet where it can be viewed for free by the public. This is the "predatory pricing" that Cammarata complains of.

The court then turns to the merits of Cammarata's complaint about pricing. At its core, his argument is that giving away content for free, supported by advertisers, is illegal under California law. Obviously, no court was going to agree. Could you imagine? Sirius could sue all of the broadcast radio stations. HBO could sue broadcast TV stations. Subscription newspapers could sue free newspapers. That would be quite a result. The court politely mocks Cammarata's arguments:

If Bright's business model sounds familiar it's because it's the business model typical of broadcast radio and television stations in the United States not to mention thousands of local newspapers and, more recently, tens of thousands of Internet websites including Youtube, CNN and Video.Yahoo.

The court rejects the arguments, saying that it's not below-cost pricing to run an ad-supported business, and Cammarata can't show that RedTube was trying to destroy his business. The court concludes with a snarky "don't let the door hit you on the way out":

If Cammarata's subscription-based website lost revenue after Redtube and other tube-based websites came on the scene it was because the tube-based business model is more efficient, not because of alleged predatory pricing by Bright.

It's true that subscription services often can't compete with free services. But as this case shows, if your competition is giving content away for free when you hope to charge users to enjoy comparable content, you better come up with a new business model pronto because the courts won't bail you out.

A historical perspective: If you never saw it, I wrote on Internet content price setting back in 1997 under my old name: Eric Schlachter, The Intellectual Property Renaissance in Cyberspace: Why Copyright Law Could Be Unimportant on the Internet, Berkeley Technology Law Journal, 1997. In the paper, I talk about price setting when marginal costs of content reproduction and distribution are zero; I then explore some 1990s-era ways of cross-subsidizing content production and publication. As any economist will tell you, the market price will be MR = MC, which if MC = 0 means P = 0. It's interesting to see folks still trying to fight that basic law of economics.

Posted by Eric at 09:54 AM | Copyright , Internet History , Marketing | TrackBack

January 31, 2011

Speakers Announced for "47 U.S.C. § 230: a 15 Year Retrospective" Conference, March 4, SCU

By Eric Goldman

On February 8, 1996--just about 15 years ago--President Clinton signed into law the Telecommunications Act of 1996, a lengthy law with significant implications for the entire telecommunications industry. As Justice Stevens wrote in Reno v. ACLU (1997), "The Telecommunications Act of 1996, Pub. L. 104-104, 110 Stat. 56, was an unusually important legislative enactment."

Tucked into a corner of that beefy bill was the Communications Decency Act, a law that defined its generation of Internet Law regulations and spawned a series of laws and court battles that took over a decade to resolve. Tucked away in a corner of the Communications Decency Act was Section 509, "Online Family Empowerment," a version of the Cox-Wyden bill that ultimately created 47 USC 230.

Of the many legacies of the Telecommunications Act of 1996, 47 USC 230 certainly looms large. It has become the cornerstone of the Web 2.0 economy, spawning the creation of many Internet giants we now use every day and creating countless billions of dollars of wealth. The law has also sparked extensive, and sometimes heated, debates over online free speech, content-based harms, and the legal and ethical responsibilities of online intermediaries.

On March 4, 2011, we will take a thorough look at 47 USC 230, its history, its implications and its future, from a wide range of perspectives. This event has been in development for more than a year, and I'm excited to see it finally come to fruition. Unlike many other cyberlaw conferences, which tend to encounter 47 USC 230 as a sub-component of the event's main topic, this conference puts the statute front-and-center for maximum geekery.

We have finally posted a tentative version of the day's agenda (subject to change, as always). The whole day is filled with highlights and expert speakers, but some of the parts I'm anticipating the most:

* former Rep. Chris Cox, who co-sponsored the Cox-Wyden bill that became 47 USC 230, will talk about the statute's origins and its legacy.

* Ken Zeran, the plaintiff in the seminal/watershed 47 USC 230 case Zeran v. AOL and an early victim of a "cyber-harassment" attack (before we even had the vocabulary to describe such things), will tell the story-behind-the-story of his litigation. I've heard parts of his story first-hand, and it has completely changed the way I think about the case.

* Chief Judge Alex Kozinski, who authored the majority opinion in Fair Housing Council v. Roommates.com, which some would argue is the most significant appellate court incursion into 230's immunity. Judge Kozinski has also recently articulated his views on Internet exceptionalism (he's against it). I'm not exactly sure what Judge Kozinski will say, but no matter what direction he chooses to go, it undoubtedly will be humorous and provocative.

The conference will be March 4, 2011, at Santa Clara University. You can see the complete speaker lineup, and register for the event, at the conference website. Registration costs $150 or less; we have lots of categories of discounted or free registration. If the registration fees pose a financial hardship for you, please contact us. If you can't make it, we plan to record the day's proceedings (assuming the speakers don't opt-out) and post the recordings online.

While making your travel plans, please note that we're informally celebrating Cyberlaw Week in the Bay Area during that time. You may be interested in two other related events:

* on the day before the 230 conference, the Stanford Technology Law Review is holding a conference entitled "Secondary and Intermediary Liability on the Internet" at Stanford. This has a nice list of speakers and topics that complement the 230 event very well.

* on the day after the 230 conference, we are hosting the inaugural Internet Law Works-in-Progress event at SCU, an annual event co-sponsored by SCU and the NY Law School. We anticipate having approximately 30 speakers present their cyberlaw works-in-progress. This is a closed-door event to allow for a high-level academic conversation, and we are restricting participants to folks who can contribute to an academic dialogue. If that describes you, we would like to welcome you as a participant. Although the deadline has passed, we're still willing to consider talk proposals and discussant requests.

So please come to one, two or all three of these events! I hope to see you there.

Posted by Eric at 11:14 AM | Derivative Liability , Internet History | TrackBack

January 27, 2011

Top 5 Cyberlaw Developments of 2010, Plus a 2010 Year-in-Review

By Eric Goldman

Earlier this Fall, I posted my top 8 trends in Internet law, and that's a good place to start if you want to see how I think things are developing. Because of that post, this year I'm shaking up the format of my year-end recap post a little bit. We'll start with the top 5 Cyberlaw events of 2010, but then we'll move to other topics. (This is a variation of my post to InformIT on Tuesday).

Top 5 Legal Developments

#5: Google pulls out of China. China's native search engines rejoice, but is this really a win for China's long term prospects? Meanwhile, I keep hoping Google will do the same in the EU too given how much the EU regulators hate Google.

#4: COICA and the pre-enactment COICA workaround, ICE's lawless seizure of 82 supposedly pirate-oriented domain names. Showing once again that domain name censorship is irresistible to government regulators.

#3: Righthaven goes on a litigation frenzy on behalf of newspapers. Which do you think will happen first--bloggers stop discussing newspaper articles for fear of being sued, or newspapers go out of business? What's amazing is that newspapers don't realize that the first will accelerate the second.

#2: Oracle gets $1.4B+ from SAP for competitive scraping. Oracle hit a grand slam with the damages in this case, ranking highly on several all-time-largest-awards charts.

And the top cyberlaw story of the year goes to...

#1: Wikileaks. Wikileaks finally forces us to confront many of the cyberspace governance issues we were debating in 1996. I'm sad to say that our government, and many private businesses, failed the test.

Other Key Developments

* Tiffany v. eBay. The Second Circuit thumps Tiffany's pathetic arguments and gives eBay a clean bill of trademark health. However, this ruling just preserved the status quo, so for my money, the much more important secondary trademark rulings involved providing other services to alleged counterfeiters. See Gucci v. Frontline, potentially exposing credit cards and other payment service providers to secondary liability for providing payment services to alleged counterfeiters, and Roger Cleveland Golf v. Price, potentially exposing SEOs/web designers to secondary liability as well.

* Viacom v. YouTube and Arista v. Limewire. These companion cases told us what we already knew: YouTube + 512(c) defense = good, P2P file sharing software vendor - DMCA safe harbor = bad.

* Sony v. Tenenbaum. I'm still waiting to see if this case is a blip or a watershed. It has the potential to make every copyright statutory damages case into a constitutional due process inquiry.

* Legally, it was a good year for Google. Google got a favorable trademark ruling in the ECJ. Google got a decisive win in its Rosetta Stone AdWords trademark case (and, as mentioned before, the YouTube case as well). Most of the other trademark plaintiffs lost or simply gave up.

* Legally, it was a lousy year for Google. Everyone in the world seems to be considering if they can run Google's algorithms better than it can: EU antitrust regulators, French antitrust regulators, the Texas AG, private plaintiffs, the New York Times and so many more. Google got trapped in a dangerous antitrust litigation in the unfavorable venue of Ohio state court. Google Street View has been a legal train wreck world-wide. The DOJ busted up a possible hiring cartel among Silicon Valley companies, and Google almost immediately handed out 10% pay raises for everyone. Buzz was a lousy product with a horrible launch, and it led to a multi-million dollar litigation kicker.

* It was a quiet year for 47 USC 230 litigation. From my perspective, quiet is good! The biggest defense win of the year: Milgram v. Orbitz. The biggest plaintiff win of the year: Swift v. Zynga.

* Perfect 10 v. Google. Google gets yet another win in this case, this time on 512(d)--one of the few cases interpreting the 512(d) safe harbor for linking to infringing content.

Notice I didn't put *any* of the Ninth Circuit Internet law jurisprudence on the list. There were plenty of interesting rulings this year: Krottner v. Starbucks, MDY v. Blizzard, Vernor v. Autodesk, DSPT v. Nahum, the Freecycle naked licensing case, Advertise.com v. AOL, Toyota v. Tabari, Visa v. JSL, CRS Recovery v. Laxton, Office Depot v. Zuccarini. However, I have lost all faith that 3 judge panel decisions by the Ninth Circuit have any binding precedential on other panels, so every case is effectively a one-off.

Less-Heralded But Nevertheless Interesting Disputes of the Year

Some under-the-radar legal disputes that I thought were more interesting than the overhyped stories:

* Barclays v. theflyonthewall. A brokerage house gets an injunction against the republication of its stock recommendations based on a hot news doctrine. The case is now on appeal to the Second Circuit. The case exposes the precarious business model of brokerage houses: they are content publishers trying to monetize via a commodity service, and brokerage house stock recommendations were exactly the kind of information John Perry Barlow explored in his 1994 Economy of Ideas article. Will the hot news doctrine prop up a doomed business model?

* Anderson v. Bell. Electronic signatures count towards the requirements for an election petition. This could launch a new era of citizen petitioning of the government.

* Snap-on v. O'Neil. A company can't scrape its own data from its outsourced vendor, seemingly authorizing the vendor to play hold-up games for companies that don't handle the contract correctly. The Eventbrite v. Cvent case provided some interesting contrast.

* Goforit v. Digimedia. A court upholds domain name wildcarding and says the TM owner/plainitff pursuing those wildcarded domain names may have engaged in reverse domain name hijacking.

* Lara Jade Coton v. TVX. The blog post title said it all: "Tip for Clean Living: Don't Use a 14 Year Old's Self-Portrait in Advertising for Porn."

Most Overhyped Stories

This year, for the first time, I'm separately breaking out a category for most overhyped stories of the year.

* Craigslist shuts down its adult services category. A toxic mix: Craigslist took a legally defensible but nevertheless obstinate position, and state AGs love to show their constituents how much they hate the Internet. When Craigslist finally gave in and shut down its adult services category (with a whining F-U), people went crazy.

* Borings get $1 for their trespassing claim. Google's Street View contractors made a mistake, drove up a private driveway, and captured what they saw. Google posted the photos until it got a complaint, then the homeowners with the odd surname ("Boring") went on a litigation frenzy. Their payoff for several years of litigation? $1. Not even enough for extra foam on a Starbucks mochachino.

* The Supreme Court's tech docket. Several fizzled out non-decisions from SCOTUS this year: Bilski, Quon, Costco. The Supreme Court is taking a steady diet of tech-related cases, but they are gun-shy about actually resolving them.

* Mark Hurd. Mark Hurd, Hewlett Packard's CEO, had an inappropriate relationship with an HP contractor/former B-list softcore porn actress and maybe fudged his expense reports. When he tried to take a job at HP's frenemy Oracle, HP got litigious, but it turns out their fur can be smoothed for a few million.

* Lost iPhone Prototype. Stop me if you've heard this joke before: an engineer walks in a bar and...loses a super-stealthy prototype of one of the most important new consumer technology launches ever...? I realize it's an uber-cool phone, but still, IT'S A PHONE, PEOPLE!

Our Snarkiest Company-Specific Posts

Occasionally, we get snarky about specific companies' practices. It's not our norm, but these posts sure do boost traffic. Companies in our crosshairs this year:

* The Problems With Google House Ads. Google's response to this post was pathetic and embarrassing.

* Scribd Puts My Old Uploads Behind a Paywall and Goes Onto My Shitlist. I still use Scribd, but I have zero loyalty.

* Hypocrisy Alert?! Expedia, a "FairSearch" Member, Marginalizes American Airlines in Its Search Results. If you're going to wave the "Search Neutrality" flag, please keep it hypocrisy-free.

* Facebook pulls a rare hat trick of snark this year: Q2 2010 Quick Links Part 3 (Special Facebook Edition), Facebook's Anti-Spam Filter Blocks Legitimate Conversations about Power.com, Distrust in the Cloud Part #2: Facebook Blocks J.mp Links and Takes Down Lots of Status Updates in the Process. I'm officially no longer in love with Facebook. I post the exact same content to Twitter and Facebook, so please follow me at Twitter instead.

* My RapLeaf Profile is Amusingly Mistaken. This is What the Fuss is All About?. In response to an article in the Wall Street Journal's "What They Know"/privacy plaintiffs lawyers full-employment series of articles.

Most Popular Blog Posts of the Year

1) Scribd Puts My Old Uploads Behind a Paywall and Goes Onto My Shitlist. Nearly 2X the traffic of #2. Putting profanity in the post title still works as a traffic booster.

2) Deleted Facebook and MySpace Posts Are Discoverable--Romano v. Steelcase (Topsy 100). I still can't figure out why this post was so popular; it just reminded us of something we already knew. See also the related but overreaching Millen v. Hummingbird Speedway.

3 & 5) #3: Twitter Clarifies Usage Rules, but AFP Still Claims Unbridled Right to Use Content Posted to "Twitter/TwitPic". Venkat also had an end-of-the-year hit with the #5 post, "Court Rejects Agence France-Presse's Attempt to Claim License to Haiti Earthquake Photos Through Twitter/Twitpic Terms of Service -- AFP v. Morel." Both posts were Topsy 100.

4) Viacom v. YouTube Summary Judgment Motions Highlights. Not surprisingly, the gossip about the lawsuit is way more popular than the blog post on the actual ruling.

One other post reached Topsy 100: "Ripoff Report Defeats Extortion Claim, But Plaintiffs Keep Trying--AEI v. Xcentric."

Lists of Yore

Previous top 10 lists from 2009, 2008, 2007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 2005, 2004 and 2003.

Posted by Eric at 06:56 AM | Content Regulation , Copyright , Derivative Liability , Domain Names , Evidence/Discovery , Internet History , Licensing/Contracts , Search Engines , Trademark , Trespass to Chattels | TrackBack

January 21, 2011

The Next Digital Decade Book Launch and Event Recap

By Eric Goldman

I’m pleased to call your attention to a new book called “The Next Digital Decade: Essays on the Future of the Internet,” edited by Berin Szoka and Adam Marcus of TechFreedom. This is a truly remarkable book. It contains 31 essays on various Internet law topics from some of the brightest and most provocative thinkers on Internet law topics. Please note that I have some self-interest in praising the book because I contributed 3 of the 31 essays, but I would be fawning over this book even if none of my essays were included. It’s that good.

What makes this book so special is that *every* essay I’ve read is top-notch. In contrast, in many essay collection books, the essays are spotty—some great, some clearly inferior. Berin and Adam did a fantastic job curating the collection. They also did a nice job tying the essays together into coherent chunks.

You can get the entire PDF as a FREE DOWNLOAD (love it!) and they have hard copies available for purchase if you (like me) are a luddite who prefers to read things in print.

In future blog posts, I will have more to say about some of the essays, including my chapter on Regulating Reputation as well as James Grimmelmann’s outstanding chapter on search “neutrality.” I have more to say on the search engine bias topic as well in a short essay that I intended to include in the book but didn’t get done in time.

As part of a book launch, earlier this week TechFreedom put together a symposium where book authors and other special friends discussed some of the themes in the book. Although the audience was well-stocked with techno-libertarians, the panels themselves were mostly nicely balanced, which led to a really great conversation. The remainder of this post reflects my notes from the day, which as usual are a blend of verbatim statements and my impressions of the speakers’ remarks.

Panel 1: Internet Optimism, Pessimism and Future of Online Culture

Participants:
Berin Szoka, TechFreedom (Moderator)
Andrew Keen, author of Cult of the Amateur
Adam Thierer, Mercatus Center
Prof. Ann Bartow, South Carolina School of Law

[Note: Jonathan Zittrain was supposed to participate but he was a last-minute scratch. That left a hole on the panel, as the panelists had prepared to discuss Jonathan’s work. So the panel ended up talking a lot about—and mostly criticizing—Zittrain’s work without Zittrain around to defend himself!]

Thierer: Two schools of Internet pessimism:
(1) people without much hope that Internet will improve society. They feel the good old days were better.
(2) people who are technology enthusiasts but are pessimistic about the future of technology. For example, Zittrain’s view of threats to generativity and Lessig’s view that code as law leads to perfect regulation. They feel we’re at the cusp of a dark age of openness.

Pasquale: Takes a “progressive” approach to Internet studies. Issues on his mind:
(1) Leading Internet powers are like utilities. We should be fearful of monopolies.
(2) Fusion between government and corporate sectors.
(3) Internet is accelerating inequality. Ex: Zittrain’s ubiquitous human computing.

Bartow: More women used to write about cyberlaw in the 1990s than now. Regarding Zittrain’s Future of the Internet, the Internet doesn’t need to be either open or closed; it could be somewhere in-between. She also noted that there’s not much “law” in Zittrain’s “cyberlaw.” He assumes technologists will lead the way. In typical Ann fashion, she provided a bonus tip: avoid doing a search on “lickety split” if you don’t want porn.

Keen: [Eric’s note: I had never seen Keen’s shtick first hand, and it was exactly what I anticipated: provocative statements mixed with out-and-out gratuitous trolling. I personally do not respond well to trolls, so I found his remarks mostly a massive turnoff, despite a few interesting nuggets interspersed here and then.

As part of his trolling, he started off with a series of gratuitous insults targeted at many of the other participants and audience members. In my world, it’s really not nice to deliberately insult a big chunk of your audience before you even get to your substantive points.]

He doesn’t understand what the law has to do with the Internet. Law professors have seized control over the debate. Law professors are paid by law schools to churn out articles that have no market value. In contrast, Keen is a paid author and therefore guided by market forces.

Keen wants to defend a professional creative class. He is interested in failure of new media to provide an economic environment to pay the creative class. (1) Curse of piracy. Some people take pleasure in demise of old media. (2) Internet as content monetization system. Keen is skeptical of Web 2.0.

[Two more observations about Keen’s trolling. First, I don’t necessarily care about preserving a “professional creative class.” I care about creative outputs and less about protecting one traditional way we get them. I wonder if we can get most or all of our socially desired outputs if we abolished the professional creative class completely. Second, I understand some people are elitist, but most of the time, they try to hide their elitism. In contrast, Keen was unapologetically elitist. This deliberately set up an unnecessarily divisive “us-vs.-them” dynamic that people usually try to avoid in polite society. Personally, I think we’ll get a lot farther looking for ways to work together rather than creating a class warfare dynamic. Then again, I’m a mere law professor paid by my law school to churn out worthless junk, so what do I know?]

Thierer: Keen is skeptical about the technological transition. Thierer’s response: “humans adapt.” In a multi-iteration game, players will change from iteration to iteration. Ex: AOL dominated the 1990s and look at them now.

If Keen is right, what do we want to do about it? We need to cope with the changes, not fight it. Pessimists: too quick to jump on current event catastrophes, without giving a chance for coping mechanisms to evolve. When things are darkest, biggest incentives to entrepreneurs. [The conversation took an odd turn when Frank said Thierer had ironically invoked Karl Marx, who had argue that we shouldn’t try to make things better for workers so they will have an increased willingness to revolt. I’m not sure who was more insulting: Keen trashing law professors or Pasquale calling Thierer a Marxist! But unlike Keen’s insults, I know Frank was just having fun with Thierer.]

Pasquale: we need more transparency about business practices to help government enforcers do their jobs better.

Bartow: Industry evolution cuts both ways. She gave two examples: (1) her local paper dropped coverage of the university when the paper went online and got the statistics showing the level of interest in those stories. (2) anti-virus software vendors need the continued release of new viruses to support their business model.

Thierer: compare where we are today to the past. In the past, we had information scarcity. Information overload is a much better problem to have.

Bartow: puzzled by Zittrain’s criticism of Onstar because it tracks folks when that’s the entire point of the service. Tradeoffs between tracking devices and the benefits of geolocation. A concern: technologists may not reflect women’s concerns given their backgrounds.

Szoka: Zittrain thinks everyone should want to tinker with technology, but some folks don’t want to tinker.

Audience Q&A
DelBianco: consumers are frustrated with the real problems with the Internet (crime, fraud, etc.). Governments are desperate for relevancy, so they may seize that opportunity to insert themselves into the process.

Keen: “I just have to respond to this libertarian stuff”: Zittrain’s book hasn’t been read outside of law schools. In the past, major historical events have required government management of the transition.

Pasquale: Europe is becoming the de facto regulator. If we don’t take the lead, they will fill the vacuum.

Q: Silicon Valley venture capitalists try to hit home runs by funding the new displacement technologies.

Szoka: business cycles are becoming shorter. Winners last for shorter times. Digital markets aren’t like Adam Smith’s perfect competition; but dominant players may be easier to oust today, so we might be willing to accept monopolies in the short term while new disruptive technologies are emerging that will organically trump the monopolist.

Panel 2: Internet Exceptionalism & Intermediary Deputization

Participants:
Adam Thierer, Mercatus Center (Moderator)
Prof. Eric Goldman, Santa Clara School of Law
Josh Goldfoot
Prof. H. Brian Holland, Texas Wesleyan School of Law
Prof. Mark MacCarthy, Georgetown University
Prof. Frank Pasquale, Seton Hall Law School

Me: two noteworthy dynamics (1) different types of Internet exceptionalism are proliferating, and (2) 230 liability umbrella allows for UGC experimentation like we’ve never seen before.

Holland: 230’s exceptionalism isn’t about absence of social norms. 230 enables the creation of social norms independent of legal norms. 230 sets initial condition (by mitigating legal norms, such as tort norms) and allows experimentation with new norms. Ex: Web 2.0 communities have, through contract and code, the ability to enforce their norms (we don’t just need government as only norms enforcer). Because Wikipedia isn’t forced by law to enforce, its users develop their own norms.

MacCarthy: Payment intermediaries have taken steps to police their networks. Ex: gambling, pharmaceuticals, child porn, tobacco, copyright infringement. These efforts were largely independent on legal regime in the 1990s—he thinks the payment systems didn’t qualify for First Amendment, 230, 512. Law enforcement thus reached out to payment intermediaries. He thinks this was a success. But on cost-benefit basis, it may not be worth regulating intermediaries. Plus, intermediaries have gotten the message and are voluntarily assuming responsibility. However, in the Wikileaks case, the intermediaries may have overreached.

Goldfoot: The Internet is a physical medium, and the online activities have offline payoffs. He favor a secondary liability regime similar to the secondary doctrines in copyright and patents.

Pasquale: We may need different rules for different niches in the Internet industry. Maybe it’s better to have only a couple of intermediaries, but we can trust them. If we get de facto monopolists, let’s call them a utility and embrace them accordingly.

Government agencies have difficulty getting the required expertise to understand and regulate industry. He favors bringing in expertise to the agencies. He praised the FTC for doing that with Christopher Soghoian and Ed Felten.

MacCarthy: the Internet is concentrating at every level due to network effects. So Frank’s consolidation is happening naturally. Combine with intermediaries’ willingness to police users, and we get back to media consolidation we saw with broadcasters and newspapers. So what do we do about private censorship? We’re not going to go back to FCC controls of media consolidation.

Goldman: I dispute the empirical assumption in MacCarthy’s claim of consolidation. Regarding Pasquale, I don’t trust either the government or its oversight.

Holland: More worried about Facebook than Google. Need data portability.

Pasquale: JuicyCampus/cyber-cesspools. He prefers users migrate to Facebook, which has rules, than at cesspools. [Eric’s comment: Really? I have a hard time encouraging anyone to use Facebook. See Q2 2010 Quick Links Part 3 (Special Facebook Edition), Facebook's Anti-Spam Filter Blocks Legitimate Conversations about Power.com, Distrust in the Cloud Part #2: Facebook Blocks J.mp Links and Takes Down Lots of Status Updates in the Process]

Goldman: government embrace of leading industry players may sterilize competition/innovation. With Facebook, if we lock it in as a government-monitored “utility,” will we prevent its displacer from emerging? Also, WRT JuicyCampus and People’s Dirt, the marketplace worked just fine—they both got drummed out.

MacCarthy: there are small numbers of gatekeepers at each level. Media world is always a concentrated market. How do we deal with their consolidated power?

Alex Howard from audience challenging MacCarthy: Top 10 blogs aren’t old line media (ex: Huffington Post, Mashable, Engadget, TechCrunch). Indeed, old line media are syndicating these new media players.

Goldman: even if mass-market topics consolidate on the Internet, the conversations in sub-communities are way more interesting and not consolidated at all.

Holland: small audiences are OK.

Goldfoot: should consider secondary liability on tort-by-tort basis, not blanket basis.

Audience Q&A
Milton Mueller: 230 establishes rules that enhance freedom. Contrast: utility.

Pasquale: competition/innovation isn’t our own goal. Let’s not forget that the public sector done some good things.

Braden Cox: why not extend 230 to offline world?

Goldman: I will argue for that at our 47 USC 230 conference on March 4.

Goldfoot: secondary liability has its role, such as in products liability, but maybe we could reduce liability for defamation because no one sues on those torts.

DelBianco: COICA goes after ad networks.

Goldman: If you’re going to regulate the payment systems, you have to regulate the ad networks too. Unfortunately, there is ongoing pressure to put a range of service providers to websites on the hook. We’re seeing lots of activity in this area in IP arena, but not in areas covered by 230.

Goldfoot: to be responsible, intermediaries must know what’s going and must be able to stop it.

David Johnson: Internet as global network. What entity is doing the deputization?

Goldfoot: international users delegate the power to the companies they use. Russian citizen accepts US law by using Facebook.

Jonathan Allen: does FCC net neutrality rules affect other Internet players?

Goldman: I’m seeing a quest to impose neutrality at every layer of telecom stack.

Panel 3: Who Will Govern the Net in 2020?

Participants:
Berin Szoka, TechFreedom (Moderator)
Prof. David Johnson, New York Law School
Prof. Milton Mueller, Syracuse University
Shane Tews, VeriSign
Chris Wolf, Hogan Lovells

This panel did not quite come together as the event organizers probably expected. David Johnson started out by describing himself as an “optimistic exceptionalist communitarian,” and it progressively got more esoteric from there. Part of the problem is that David J. and Milton enthusiastically agreed with each other, and the other two panelists didn’t really challenge them very much. Lovefests are fine but tend to make for less interesting panels.

The topics mostly addressed Internet transnational regulation and Internet community self-regulation. From my perspective, this conversation didn’t really seem that much different from a conversation we might have had a dozen years ago.

Chat with FCC Commissioner Robert McDowell

Moderated by Declan McCullagh.

Declan: why aren’t FCC Net Neutrality rules yet published in Federal Register?
McD: might be buried in bowels of the government

Declan: did FCC step in due to Congressional vacuum?
McD: we didn’t have the authority to step in

Declan: where can government facilitate technological innovation?
McD: tax policy—Ex: extend R&D credit. Get government out of the way.

Declan: Comcast/Level 3 dispute. Should FCC in peering disputes?
McD: FCC may not have jurisdiction, it shouldn’t be involved. Peering relationships have been working out fine. If there’s an antitrust problem, it should be reviewed by antitrust authorities.

Declan: Comcast/NBC
McD: Comcast consented to the net neutrality order because they were before regulatory agency.

Declan: will FCC authority wither away as more data moves to packet-switching?
McD: the Internet has shrunk the universal service pool, but we shouldn’t worry about fund shrinkage. As technology and consumer practices evolve, what is FCC’s role? Spectrum scarcity may be technologically mooted someday and undercut the rationale for FCC regulation, but this is long term.

Declan: should we be optimistic about next decade?
McD: Yes. We’re just entering golden age of wireless. But I worry about what government might do. Government is a blunt regulatory instrument.

Declan: predictions on Congress and Net Neutrality?
McD: No. I do what Congress wants. Congress could introduce legislation.

Declan: who will file first lawsuit over Net Neutrality?
McD: someone unhappy with the order! [the next day, Verizon sued in the DC Circuit]. He thinks FCC order will fail in courts.

Politico: which condition in Comcast/NBC merger are you most unhappy about?
McD: net neutrality condition. It makes one marketplace player live by the rule even if the rule is overturned; that’s misguided public policy.

Andrew Keen: there seems to be consensus that some compromise on net neutrality was needed.
McD: what was broken that the government needed to fix? Answer: nothing. The few examples of net neutrality problems all were fixed by existing law. Plus, there could be a chain reaction internationally. Are we inviting the other countries to impose their view of what’s reasonable regulation for the Internet? Plus, marketplace will be unsettled during litigation.

Thierer: FCC isn’t very transparent about releasing information.
McD: direct that comment to the chairman, who controls the process.

Mueller: Canada has done some net neutrality work. Good example?
McD: we know about it. Like us, the EU didn’t regulate net neutrality either. Most common request we get at the FCC: please regulate my rivals.

Q: hasn’t congress told the FCC to think in a stovepipe way?
McD: Yes, but statute should be modernized over time.

Posted by Eric at 11:20 AM | Derivative Liability , Internet History | TrackBack

January 14, 2011

My 2005 Prediction of Wikipedia's Failure By 2010 Was Wrong

By Eric Goldman

“Prediction is very difficult, especially about the future.”
-- attributed to Niels Bohr

I’ve written a few notorious posts in my 6 years of blogging, but none more so than my December 2005 prediction that Wikipedia would fail in 5 years. Those 5 years are up, and this post admits that my prediction is wrong. In this post, I’ll also look at how Wikipedia has changed since 2005. Although these changes don’t validate my prediction, Wikipedia circa 2011 differs in important ways from Wikipedia circa 2005.

Why Did Wikipedia Beat the Odds?

My initial prediction focused on the threats posed by spammers and vandals. With Wikipedia’s free editability, spammers and vandals can easily manipulate content to advance their own interests. Standing between them and success are Wikipedia volunteers. With millions of financially motivated spammers and thousands of dedicated volunteers, the volunteers seemed outgunned. How have they been able to vanquish the spammers and vandals to date?

In my opinion, the biggest change was Wikipedia’s (re)adoption of Google’s nofollow tag in 2007. Prior to that, spammers had significant incentives to insert links into Wikipedia pages for the link juice, no matter how many Wikipedia readers clicked on the links. After implementing the nofollow tag, spammers’ payoffs for getting links into Wikipedia decreased substantially. There are still other ways that marketers can manipulate Wikipedia (such as editing their own entries), but these efforts are small potatoes compared to SEO bots.

In addition, the Wikipedia community has done an admirable job developing anti-spam technological tools available to its volunteers. Anti-spam efforts remain principally a manual effort, but improved anti-spam tools has increased the leverage of the remaining volunteers.

Other Ways Wikipedia Has Changed Over 5 Years

While these factors have been pretty effective at keeping the spammers and vandals at bay (so far), other changes to Wikipedia have been less salutary.

* Xenophobia. Over the past 5 years, the Wikipedia community has closed ranks and become somewhat insular. Wikipedia offers technological tools to the public at large to edit the database, but as I explain in my Wikipedia’s Labor Squeeze article, the practical capacity to make edits that stick is limited to a much smaller universe of contributors. Joining that club is relatively easy, in the sense that it merely requires a person to “show up,” contribute and get along with other community members. At the same time, club membership is hard because it must be a concerted effort over time. Drive-by edits by uninvested contributors are unlikely to stick.

Xenophobia poses a serious challenge to the community because it makes it much harder to recruit and absorb new power contributors. Thus, community xenophobia may be one of Wikipedia’s biggest strategic challenges.

As I’ve watched Wikipedia close ranks, I’ve started to wonder if xenophobia is endemic to UGC websites. I’ve seen the phenomenon occur with other UGC sites, so perhaps it’s unavoidable. An interesting question worth a more intensive study.

* Increased Wikipedia staff. This isn’t a negative per se, but it is noteworthy. Wikipedia’s staff has grown substantially over the past few years (I believe it’s approximately doubled in the last two years or so). I don’t believe the new staff members have displaced any key editorial services traditionally performed by the community. However, the headcount growth reflects an implicit decision that Wikipedia cannot expand solely on self-coordinated volunteer efforts. With its growth, Wikipedia’s staff is increasingly looking like the staff of an editorially controlled publication.

As an example, consider the Wikipedia Public Policy Initiative, which I’m participating in. In my Wikipedia’s Labor Squeeze article, I discussed how Wikipedia could source new content, and possibly new contributors, by working with educators who incorporate Wikipedia participation into their courses. (To be clear, many other people made that suggestion too). Without Wikipedia staff coordinating the effort, some educators might independently do this themselves. However, with the Public Policy Initiative, Wikipedia is allocating FTEs to fix the coordination problem. I expect Wikipedia staff intervention will produce more and better contributions, but notice that it becomes much more expensive content to produce given the FTEs’ amortized costs.

* Increased technological barriers to participation. On its home page, Wikipedia still uses the introductory tagline “the free encyclopedia that anyone can edit.” However, the site has struggled with free editability over the years. A variety of (mostly minor) technological restrictions have been implemented over the years to limit contributions from untrusted sources.

From my perspective, the most important technological control is “Flagged Revisions” (rebranded “Pending Changes”), which allows only trusted editors to immediately make public edits. All other contributions sit in a tank until a trusted editor approves them. Flagged Revisions is a substitute to Wikipedia’s traditional full protect/semi protect approach to restricting edits on problematic pages. As a substitute, Flagged Revisions is more flexible than protection because people can still contribute to an affected page (although the contributions aren’t immediately public and may never be approved).

Instead of being used only on problematic pages, Flagged Revisions could restrict editing site-wide. It’s used for that purpose in some Wikipedia versions, but not in the English language version. When Flagged Revisions is used to widely control editing, it undercuts the tagline that Wikipedia is a place anyone can edit. That still may be technically true, but making distinctions between editor trustworthiness means that untrusted contributors may not actually be able to edit.

Thus, if the English language version of Wikipedia had broadly adopted Flagged Revisions before the end of 2010, I was going to declare my prediction as mostly correct. Unfortunately for my prediction, widespread implementation of Flagged Revisions hasn’t happened yet. However, as I initially predicted in my 2005 post:

Wikipedia will have to change its open access nature. Instead, Wikipedia will have to lock down lots of pages from being edited at all. Or Wikipedia will have to install some reputational management system to limit who has the right to post or edit content.

I may not have gotten the timing right, but I wonder if this fate remains inevitable.

* Several measures of editor engagement have peaked. There are several possible explanations for why contributions and contributors are down from historical highs, including:

- the community’s xenophobia, freezing out newcomers
- the “old guard”—the initial cohort of power Wikipedians—may be progressively turning over or burning out
- Wikipedia may have reached a plateau in terms of coverage and quality, so less work still needs to be done

Whatever the reason for these numerical declines, they pose a serious challenge to Wikipedia’s freshness. Wikipedia currently does a very good job keeping highly trafficked articles up-to-date. For example, when a celebrity has a major new development, that celebrity’s page is often updated that same day. However, I routinely find long tail pages that are poorly maintained and conspicuously out-of-date. Stagnancy could seriously undercut Wikipedia’s credibility over time; if the site looks like a ghost town, readers will become less trusting of the site, and that will enhance the attractiveness of competitors.

Looking Ahead

Over the years, it’s become clear to me that searchers want and need an encyclopedic entry in their top search results. In many circumstances, a relatively objective factual source improves the iterative search process. Wikipedia has unquestionably met that need, which is one reason why it remains so popular.

However, it’s less clear that Wikipedia’s current labor model and site architecture is the only—or even the best—way to deliver encyclopedic search results. Other labor models or site architectures could usurp Wikipedia’s current approach while delivering the same basic value proposition to searchers. It seems likely that any successful encyclopedic site will rely on crowdsourcing to ensure enough support for long-tail topics. However, free editability may be less important to the end result.

Wikipedia remains a community that can be baffling and exasperating at times, but I also routinely find the site’s content useful and interesting. I visit it daily as part of satisfying my intellectual curiosity. Happy 10th anniversary, Wikipedia!

My Prior Posts on Wikipedia

* Catching Up With Wikipedia (Feb. 2010)
* Offering Students a Graded Wiki Option—My Experiences, and Some Lessons (Feb. 2010)
* Why More Wikipedia Editing Restrictions Are Inevitable, and Some Comments on Flagged Revisions for Living People's Biographies (Aug. 2009)
* Wikipedia and Rules Proliferation (Aug. 2009)
* Decay Rates of Committed Online Community Members--an Epinions Case Study (Jan. 2009)
* Wikipedia Revisited: the Wikipedia Community's Xenophobia (Jan. 2008)
* Wikipedia and Search Engine Marketing (SEM) / Search Engine Optimization (SEO) (May 2007)
* Wikipedia Will Fail in Four Years (Dec. 2006)
* Wikipedia Will Fail Within 5 Years (Dec. 2005)

Also see my 2009 law review article, Wikipedia’s Labor Squeeze and its Consequences

Posted by Eric at 03:00 PM | Content Regulation , Internet History | TrackBack

July 29, 2010

Internet Law Syllabus and Reader for Fall 2010

By Eric Goldman

I have posted my syllabus for this semester's Internet Law course, my 16th year teaching the course. This blog post describes some of the latest developments with the class, including the changes from my 2009 course reader. For a more general discussion of the course's pedagogy, see my Teaching Cyberlaw article.

Course Titling

The most obvious change is that I renamed the course to "Internet Law" from "Cyberspace Law"/"Cyberlaw." I discuss the titling choices/dilemmas in my Teaching Cyberlaw article. Though it took a few years to pull the trigger, James Grimmelmann's 2007 post helped convince me that I should rename the course.

Grading

Last year, I tried an experiment of allowing students to write a wiki entry for part of their course grade. I recapped my experiences with that experiment in this blog post. Although I might be willing to try the experiment again, this semester my teaching load will be too demanding as it is, so I didn't think I could find enough time to support the students' wiki writing.

As a result, the class is back to a 100% final exam. As you can see, for the first time I'm letting students choose when to take their exam within a set window. If you've offered exams on that basis and have any suggestions for me, I would be grateful to hear them.

Added/Subtracted Reader Material

It's been an interesting year for Internet law, but I ended up adding only two new cases: Viacom v YouTube and Tiffany v eBay.

To decide what I add, I made a rough list of the most significant developments of 2010 so far. A preview of what might make the top 10 list at the end of the year:

* Supreme Court cases that weren't: Bilski, Quon
* Trademark intermediary liability: Tiffany v eBay; Gucci v. Frontline
* Copyright intermediary liability: Viacom v YouTube; Arista v Lime Group
* Sony v Tenenbaum
* Google and China
* Google/Facebook product gaffes (Buzz, Street View, Instant Personalization) and the plaintiff bar's excited responses to those gaffes
* Trademark owners giving up their lawsuits against Google (Rescuecom, Parts Geek and http://blog.ericgoldman.org/archives/2010/07/yet_another_tm.htm">Ezzo). Also, Rosetta Stone v. Google (whenever the opinion issues)
* Barclays v theflyonthewall. One of the most interesting cases of the year.

Honorable mentions:
* Conflicting 3rd Circuit cases re student MySpace profiles
* Utah repealed its Spyware Control Act
* Anderson v. Bell (electronic signatures count for election petitions)
* Snap-on v. O'Neil. Perhaps the most interesting case of the year so far.
* FTC v. Twitter
* the new 1201 exceptions and the Fifth Circuit's puzzling 1201 ruling in MGE v. GE

Materials I dropped from the reader this year:

* Perfect 10 v. Amazon. I never knew how to teach the Perfect 10 troika of 2007 cases, and in practice I ended up skipping this case last year to conserve time. I think the Viacom v. YouTube decision is a worthwhile substitute, even if it deals with different issues.
* Parker v. Yahoo. This was intended as a recap, but it covers some of the same ground as Ticketmaster v. RMG (which is popular with the students, BTW), and I also cut it for lack of time.
* the UDRP rules. I had included them for completeness, but I never really taught them in detail.
* My slides on keyword advertising and blog/social networking law.

Also, I learned that the federal cyberpiracy protections for individuals, formerly codified at 15 USC 1129, moved to 15 USC 8131. Just so you know!

BTW, I had been looking for years for a good keyword advertising case to teach. Last year, I thought the Hearts on Fire v. Blue Nile case worked well. It does a pretty good job framing the issues. I was also happy concluding the semester with the Moreno v. Hanford Sentinel case--it was a great pedagogical wrap-up.

Electronic Casebook

My other big news about the course is that I have converted my reader into an electronic casebook. This may not sound like much, but it took me a fair amount of time to re-edit the cases and collate the materials.

Eventually, I will probably turn the electronic casebook into an official "published" casebook that can be adopted by other professors. That will require more work to supplement the case materials with pictures, notes, comments, explanatory material, etc. I didn't have time to do that this semester. Maybe next year.

However, I am making the electronic file available at Scribd as a $5 download. You can also buy a print-on-demand version from CafePress for $30 + shipping. This is a bit of an experiment to gauge general interest in the materials. Please let me know what you think of the experiment.

If you are a professor interested in adopting the materials for your course, I'm happy to provide you with a free editable copy of the materials (free to you and free for your students). Just email me.

Past Posts

My analogous blog posts from years past: 2009; 2008; 2007; 2006; 2005.

Upcoming Events

Two upcoming HTLI academic events this year are potentially interesting to cyberlaw specialists, so I'll mention them here. On November 5, we'll have a symposium on the First Sale/exhaustion doctrines, which will address a number of Internet legal issues. Then, on March 4, 2011, we'll have our 47 USC 230 15-year retrospective/geekfest royale, an event you will NOT want to miss! Registration has just opened, and this event could sell out, so get your seat early.

Posted by Eric at 09:23 AM | General , Internet History | TrackBack

July 20, 2010

Book Review: Building Web Reputation Systems by Farmer & Glass

By Eric Goldman

Building Web Reputation Systems by F. Randall Farmer & Bryce Glass (O’Reilly 2010) [affiliate link]

As you may know, for the past couple of years, I have been researching how we regulate reputation systems. My most recent recap of my progress-to-date. As part of researching other disciplines’ approaches to reputation systems, I was pleasantly surprised to find this book, which discusses web reputation systems from a technical/product development standpoint. I'm not aware of other books directly on point, so that alone makes the book noteworthy. [If you know of analogous books that I should look at, I'd be grateful for the references.]

The word “reputation” is a complex and nuanced word. This book defines reputation as “information used to make a value judgment about an object or a person.” Notice how this definition treats reputation as actionable information (i.e., making a “judgment”). I favor that approach; my work also uses an actionable definition of reputation.

Their definition equally treats both objects and people as having “reputation,” and this does not work. In general, people are dynamic, i.e., they can change behavior; while content is static, i.e., an item of content does not change its character unless subsequently edited. This single definition of "reputation" created significant tension throughout the book. Recognizing this, the authors often bifurcated the discussion to separately address the process of establishing a person’s “reputation” (which they confusingly called “karma”). However, the book primarily focuses on grading and sorting content items, especially user-generated content, and I personally would not describe content items as having a “reputation.” As a result, I think the book is mistitled. It principally addresses content filtering, not “reputation” as I use the term.

Although this analytical tension pervades the book, the book nevertheless contained a lot of useful insights about both content filtering and establishing user trustworthiness. The authors have a lot of experience building filtering systems for different websites, so the book is packed with the kind of first-hand observations that only an insider can offer. There’s no substitute for the voice of experience when designing Web 2.0 UGC systems, and this book provides an easy and accessible way to learn some tips and tricks.

The book emphasizes the authors’ contributions to the reputation system at Yahoo Answers, and rightly so. Yahoo Answers has emerged into a bona fide success story and recently trumpeted its billionth answer. In my opinion, the book’s high point is Chapter 10, a case study of how Yahoo Answers developed a new filtering and reputation system that helped turbocharge the Yahoo Answers community.

Although the book doesn’t say this directly, two key lessons from Yahoo Answers’ evolution are:

1) UGC websites should let users vote on content, but not all user votes should be weighted equally.

2) UGC websites do not need to publish all user-supplied content items in an equally prominent manner. Perhaps some content should be obscure/hard-to-find until other users validate it.

The book pitches these conclusions as novel, but they seemed fairly intuitive to me. We implemented a very similar system embodying these two points back in 2000-01 at Epinions. Epinions allowed users to grade each others’ content; we weighted votes differentially based on users’ credibility; and we displayed ungraded and poorly graded content only to registered users (a small fraction of our readers). The fact that the authors “discovered” these conclusions at Yahoo Answers shows the dire need for books like this to help websites implement best UGC management practices without reinventing the wheel.

The fact that the authors didn’t acknowledge the Epinions precedent (and other systems like it) highlights another weakness of the book. There is a deep academic literature addressing the book’s topics (especially on content filtering and user incentive systems), but the book barely acknowledges this literature. For example, several times the authors cite Dan Ariely's Predictably Irrational for descriptions of human psychology and foibles. That's a perfectly credible citation, but it should be one of many literature citations, not the only citation. Instead of dipping into the rich academic literature, the book almost exclusively relies on the authors’ experience-based impressions. These impressions are a valuable information source that makes the book worth reading. However, because those impressions aren’t tempered with more rigorous academic findings, it’s not clear to me at all that the authors’ conclusions represent true best practices...or even state-of-the-art.

Because of its many structural flaws, this edition will not become a classic. Nevertheless, I have enthusiastically recommended the book to several UGC start-ups because the book provides a good repository of high-value experience-based perspectives that are not readily available elsewhere. Even if the book’s recommendations are debatable, it’s a debate worth having.

Posted by Eric at 06:39 AM | E-Commerce , Internet History | TrackBack

July 15, 2010

eBay Venue Selection Clause Upheld in Texas

By Eric Goldman

In re eBay, Inc., 2010 WL 2695803 (Tex. App. Ct. July 8, 2010)

In Comb v. PayPal, 218 F. Supp. 2d 1165 (N.D. Cal. 2002), PayPal defended a putative class action by invoking the arbitration clause in its user agreement. Judge Fogel tossed the arbitration clause on unconscionability grounds, noting (among other defects) the cost/benefit problem facing plaintiffs: their case values individually were much smaller than the arbitration costs, and arbitration blocked class adjudication. This ruling was quite influential. Since then, online user agreements--and especially mandatory venue selection clauses--have become vulnerable to unconscionability challenges and other collateral challenges on their enforceability. At this point, a vendor's attempt to destroy class consolidation through a mandatory arbitration clause is virtually per se unconscionable.

The Comb case involved PayPal's venue selection clause, but eBay's user agreement had a basically identical clause. With this clear warning sign, eBay revised its venue selection clause. eBay now uses a bifurcated approach. The baseline is mandatory venue in a Santa Clara County, California court. However, if the dispute amount is less than $10,000, the plaintiff can select arbitration that does not involve in-person hearings. I personally think eBay's approach is pretty savvy, and I have modeled some clients' venue selection clauses on it. It responds to the Comb v. PayPal concerns about the arbitration costs for small disputes by creating a "fast lane" for small disputes, while still keeping the important disputes in eBay's home court.

This recent ruling shows the strength of eBay's current approach. Richards is the victim of a busted eBay Motors transaction, apparently incurring an $18,000 loss. eBay apparently takes the position that the transaction took place off-website and therefore outside the scope of eBay's Vehicle Protection Program. Richards sued eBay and the car seller in his home court. eBay responded with its mandatory venue selection clause. Apparently, the trial court rejected eBay's motion, but the appellate court easily reverses the trial court and orders the trial judge to enforce eBay's clause.

Richards attacked the venue selection clause per Comb. The court distinguishes Comb on several bases:

* PayPal had frozen small amounts of money; there is nothing like that at issue here.
* there was no issue about case consolidation. Instead, Richards chose to pursue his case individually.
* Richards didn't show that his unrecoverable costs to litigate in California were greater than litigating in Texas.

From my perspective, the key is that Richards' dispute value of $18,000 exceeds the threshold for efficient ADR option in the user agreement; but it's also a big enough case value for the court to accept that Richards could afford to litigate the case individually (as, in fact, he was doing in Texas).

March 31, 2010

March 2010 Quick Links

By Eric Goldman

Internet Exceptionalism

* Stern v. Sony Corp., CV 09-7710 PA (C.D. Cal. Feb. 8 2010) "to the extent Plaintiff is suing Sony as a manufacturer of video games, and the provider of online services, Sony is not a ‘place of public accommodation’ and is therefore not liable for violating Title III of the ADA" Nice complement to the Estavillo case. My prior post on Internet exceptionalism.

Online Competition

* Microsoft’s head algorithms guru says that Google's search engine beat Microsoft because Microsoft ignored the long tail of search queries. If Google and Microsoft made different product design choices and the marketplace liked Google's choices better, doesn’t this make it hard for Microsoft to complain about Google’s "anti-competitive" practices? I wonder if this talk was pre-cleared by Microsoft’s antitrust counsel.

* SJ Mercury News: Google's most recent 10-K lists some new self-identified competitors, including Yelp, Kayak & WebMD. By identifying some vertical players as competitors, such as Kayak and WebMD, does Google lend credence to the arguments by TradeComet and myTriggers that Google does compete with vertical search engines?

* In re eBay Seller Antitrust Litigation, 2010 WL 760433 (N.D. Cal. March 4, 2010). eBay wins summary judgment in an antitrust challenge: "Despite the voluminous briefing permitted in connection with both of the instant motions-which includes hundreds of pages of supporting documents-Plaintiffs have not drawn the Court's attention to any actual proof of antitrust injury caused by eBay's alleged anticompetive acts-on an individual or a classwide level."

Online Pornography

* U.S. v. Beckett, 2010 WL 776049 (11th Cir. March 9, 2010). A man posed as a 17 year old girl on MySpace and AOL, engaged boys in discussions, induced them to send nude photos, and then coerced them to have sex with him to prevent his dissemination of the photos.

* Miller v. Mitchell, No. 09-2144 (3rd Cir. March 17, 2010). This is the case where the government prosecutor threatened to bring felony charges against girls for "sexting." The court upholds a preliminary injunction against requiring the girls to go through an education program in lieu of felony prosecution.

* U.S. v. Durdley, 2010 WL 916107 (N.D. Fla. March 11, 2010). No privacy expectations in a flash drive left in a public computer.

Online Security

* Cormac Herley of Microsoft Research, "So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users." In my observations, users are actually intensely rational when it comes to privacy and security issues, and privacy and security advocates who don't fully account for this user behavior do so at their peril.

* Reuters takes a deep look at Innovation Marketing, a Russian scareware operation.

User-Generated Content

* Who does what on Wikipedia.

* Josh King explains why Avvo supports the proposed federal anti-SLAPP law.

* T.V. ex rel. B.V. v. Smith-Green Community School Corp., 2010 WL 935574 (N.D. Ind. March 11, 2010). Denying class formation for a lawsuit in response to a ridiculously harsh school suspension for a MySpace photo of ribald off-campus activity.

* Melton v. Boustred, 2010 WL 881919 (Cal. App. Ct. Mar 12, 2010). Boustred throws a ragin' party and advertises it via a MySpace open invitation. The plaintiffs show up and were beaten and stabbed at the party by unknown assailants. The court concludes that Boustred isn't liable for the physical injuries. Note to self: stay away from parties advertised via MySpace.

* Yelp Litigation Mania!
- Cats & Dogs Animal Hospital v. Yelp first amended complaint
- LaPausky v. Yelp complaint. A write-up.
- Levitt v. Yelp complaint.
- ClickZ: Ex-Yelper Helps Law Firms Go After Yelp

Anonymity

* Park West Galleries, Inc. v. Global Fine Art Registry, LLC, 2010 WL 742580 (E.D. Mich. Feb. 26, 2010). Using an online pseudonym can lengthen the defamation statute of limitations.

* White v. Baker, 2010 WL 1009758 (N.D. Ga. March 3, 2010). Mandatory reporting of Internet usernames by registered sex offenders violates the First Amendment.

Advertising and Marketing

* ClickZ: New Facebook Policies Clamp Down on 'Loose' Ad Copy.

* Coyote Pub., Inc. v. Miller, 2010 WL 816936 (9th Cir. March 11, 2010). Upholding the constitutionality of Nevada's restrictions on advertising prostitution.

Trademark

* WSJ: It's a crowded namespace for bands.

* 1-800Contacts, Inc. v. Memorial Eye, P.A., 2010 WL 988524 (D. Utah March 15, 2010). It was not objectively baseless for 1-800 Contacts to bring a trademark enforcement action over competitive keyword advertising.

* Rhea Drysdale tells how she busted the trademark application for "SEO."

* The Utah governor has signed SB 26, which (among other things) creates a bastardized version of ACPA. My initial comments on the proposed bill.

Copyright

* James Grimmelmann on Reed Elsevier v. Muchnick.

* Ben Sheffner has some updates in the Scribd lawsuits. My initial post on Scott v. Scribd.

* Ars Technica on an experiment to block users who are using ad blocking software from accessing its site.

General

* Hudson v. University of Puerto Rico, 2010 WL 1131462 (D. Minn. March 23, 2010). Passive blog does not confer general jurisdiction.

* Doe 1 v. AOL LLC (N.D. Cal. Feb. 1, 2010). "Plaintiffs' claims for violation of the ECPA (Count I), unjust enrichment (Count VI) and for public disclosure of private facts (Count VII) are subject to the forum selection clause because none are California consumer law claims." Prior blog post.

* Commonwealth v. Interactive Media Ent’mt and Gaming Ass’n, Inc., No. 2009-SC-000043-MR (Ky. Mar. 18, 2010). Challenge to Kentucky's seizure of 141 gambling-related domain names tossed on standing grounds. Prior blog post.

Posted by Eric at 08:42 AM | Content Regulation , Copyright , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Trademark , Virtual Worlds | TrackBack

March 22, 2010

Search Engine Legal Developments to Watch in 2010

By Eric Goldman

I recently spoke on a panel about search engines and the law at SMX West. I previewed four major trends in search engine law to watch in 2010:

1) Competition issues. Antitrust/competition law has become a big part of the search engine industry. There are two main flash points: Google’s high percentage of the search advertising business and Google’s black box algorithm for organic search results. Both facets are troubling to competitors and regulators, but they are creating extra friction with “vertical search engines” that portray themselves as competition for Google.

Recent antitrust/competition battles:

* Google-DoubleClick acquisition scrutiny
* Google-Yahoo search syndication deal killed by DOJ
* >a href="http://blog.ericgoldman.org/archives/2009/07/microsoftyahoo.htm">Microsoft-Yahoo deal
* DOJ and Microsoft opposition to Google Book Search settlement
* Person, KinderStart and Langdon civil lawsuits against Google

Present battles:

a) EU complaints from a UK price comparison site, Foundem, a French legal search engine called ejustice.fr, and Microsoft's Ciao! from Bing. Wired: “Google says the companies accuse it of wielding its dominance as a search engine to squelch competition by preventing people from finding their vertical search engines.”

b) US actions: TradeComet and myTriggers. Do these lawsuits have Microsoft ties? In a blog post “Competition Authorities and Search,” Microsoft came out of the closet and admitted it was harassing Google on antitrust issues.

The underlying battle: who should decide what content and ads that searchers see? Two main options: search engines or regulators. Seems like an easy call to me. See my Search Engine Bias article. An under-addressed issue: the role of 47 USC 230(c)(2) in search engines' filtering decisions.

2) keyword advertising lawsuits against Google. 8 lawsuits are pending. The Rosetta Stone case scheduled for trial in May. There are no known US legislative initiatives, especially now that the Utah legislature has adjourned for the year. We are all anxiously awaiting the issuance of the ECJ opinion tomorrow at 1:30 am CA time (I'll blog it as fast as I can).

3) Search engines and copyright. Pending US cases include Viacom v. YouTube, Perfect 10 v. Google and the Google Book Search settlement. Plus, Google's tussles with AP, News Corp. and other news organizations.

4) Search engine compliance with foreign laws, including the Google-China flap and the Google Videos conviction in Italy. This has stirred the pot in Congress again. The latest: Sen. Durbin’s is threatening to force Web companies to join the Global Network Initiative and stop dealing with repressive regimes…which is a resurrection of Chris Smith’s Global Online Freedom Act. Hypocrisy alert! In light of point #1, will the US itself be put on the list of repressive regimes? Plus, as we’ve seen, Google’s single-handed efforts to take down the Chinese government haven’t worked so well.

Posted by Eric at 10:15 AM | Content Regulation , Copyright , Derivative Liability , Internet History , Search Engines , Trademark | TrackBack

March 18, 2010

Viacom v. YouTube Summary Judgment Motions Highlights

By Eric Goldman

Who doesn’t enjoy a good old-fashioned mud-slingin' showdown? That’s exactly what we’ve got on our hands in the dueling summary judgment motions from Viacom and YouTube in the long-running copyright infringement case (see my initial post from March 2007). While we might have some voyeuristic fun watching the sparks, the latest salvos prove that the parties are both losers for not finding a way to settle this case. Only the lawyers win when two heavyweight contenders get locked into a cosmic death struggle. Everyone else would be better off if Viacom and YouTube instead had poured their millions of dollars of legal fees towards developing innovative and profitable ways to serve consumers’ interests. It’s ridiculous that they can’t find a way to do this.

Combined together, the filings tell a “Tale of Two YouTubes.” Viacom focuses on YouTube of Yore, circa 2005-06, while YouTube’s brief largely focuses on YouTube of Now. In that sense, the briefs largely talked past each other.

By focusing on the past, however, it shows that time is slowly working against Viacom in two ways. First, the legal precedent since Viacom’s filing has been largely YouTube-favorable. The three Veoh opinions (Io v. Veoh, UMG v. Veoh 1, and UMG v. Veoh 2) have filled in some key legal gaps that existed at the time of Viacom’s filing. While the Veoh cases aren’t binding on the judge, this judge now can follow in someone else’s footsteps rather than trail-blaze. Viacom does cite the Columbia v. Fung case, which helps its cause some, but I think YouTube gets the better of that exchange.

Perhaps more importantly, the intervening time has been good to YouTube as a business and as a brand. In this sense, compare Grokster to YouTube. At the time of the Grokster cases, it was still very much an open question whether Grokster would ever evolve into a tool where legitimate activity dominated. While we might still have had that same question about YouTube in 2006, by 2010 YouTube has answered that question resoundingly. YouTube’s business practices have matured, everyone has had positive legitimate experiences with YouTube (even behind-the-curve judges), and it’s clear that major legitimate players have adopted YouTube as a platform for their legitimate activities. For example, YouTube’s brief makes the point that all of the 2008 presidential candidates published YouTube videos as part of their campaign. I’m guessing no 2004 presidential candidates used Grokster for campaign purposes.

So as time goes on, YouTube solidifies a brand as a legitimate part of our information infrastructure. As we learn that the YouTube story has a happy ending, I suspect judges become less interested in punishing YouTube for past practices. For this reason (and others), I thought a lot of Viacom’s inducement arguments ran hollow because they ran counter to my brand impressions of YouTube. I would also note that Viacom appears to be giving up its litigation over activity after May 2008, so even Viacom seems to be happy with YouTube in its current form.

This raises an interesting legal point that I can’t resolve. Let’s assume for sake of argument that Viacom is right that YouTube induced infringement in 2005-06. Let’s also assume that no one is arguing that YouTube currently induces infringement (after all, Viacom isn’t contesting post-May 2008 activity). How do we determine when YouTube flipped the switch from inducing to not? And does flipping the switch cure any of the past infringement, or does it only cut off future claims? Because we have so few cases of inducement, we really don’t know how the doctrine works with a site that morphs over time.

I thought both YouTube and Viacom scored points against each other in the briefs. I’ll summarize some of those points below, but first I want to highlight a few standout points for both parties:

In YouTube’s case, I could not get over that Viacom has TWICE withdrawn clips from its complaint. I thought the first time Viacom did that was embarrassing and damaging to Viacom’s case, but then Viacom admitted that it didn’t catch all of its errors on the first withdrawal and therefore had to make a second withdrawal of clips. WTF? How hard it is for Viacom to accurately determine which clips it has not permitted to show on YouTube? Whether it intended to or not, Viacom has answered that question to its detriment: hard enough that an entire brigade of extremely expensive lawyers obligated to do factual investigations by Rule 11 can’t get the facts right the first OR SECOND time. For me, this undercuts Viacom’s credibility to its core. Rather than YouTube simply making intuition-based arguments to the judge that it’s really hard to figure out legitimate vs. illegitimate clips, Viacom’s failings have proven to the judge that it’s too hard—too hard for lawyers charging upwards of $1k an hour despite having unrestricted access to accurate information in their clients’ possession, and clearly too hard for YouTube’s slightly-above-minimum-wage customer support representatives with no such information advantages.

YouTube also scored points for its descriptions of Viacom’s stealth marketing practices. Although these facts only help YouTube’s legal posture a little, the lawsuit’s discovery process has unveiled some non-public information about Viacom’s practices that should be interesting to the FTC and state attorney generals. Viacom’s alleged stealth marketing practices are aggressive—close to the permissible line, if not over it. As a result, they might be exactly the kind of consumer misdirection and inauthentic online content that the FTC has been railing against, and we know the FTC is looking for test cases in this area. So, a lawsuit that began as Viacom v. YouTube might morph into FTC v. Viacom. This is one of the known risks of picking a fight—once started, you can’t control where it goes.

From Viacom’s brief, two references really stood out. First, Viacom found an email where Google employees characterized YouTube (pre-acquisition) as a “video Grokster.” Viacom argues that YouTube was like Grokster factually and therefore should be treated like Grokster legally. The Google email admits (in the lay sense, not the legal sense) this factual equivalence. Google can legally discredit the email's importance, but it can’t easily avoid talking out of both sides of its mouth.

Second, I was struck by the fact that Chad Hurley lost his entire email repository. I’ve had that happen to me too, so that fact standing alone isn’t damning. However, the brief goes on to say that when he was grilled about his co-founder’s email stash, Hurley developed “serial amnesia.” The combination did make me wonder about this situation.

As I read the brief, I made some brief notes about points of particular interest. Those notes:

YouTube’s Summary Judgment Motion

I thought both briefs were well-written and generally effective. However, the YouTube brief successfully struck a conversational tone—a nice balance between formality and accessibility.

[note: my references are to the PDF’s page numbering, not the brief’s page number at the page bottom]

PDF Page 21: Viacom sent a bulk takedown request covering about 100,000 clips on February 2, 2007, but this purge didn’t reduce YouTube traffic or increase Viacom’s traffic.

PDF Page 24: plaintiffs are suing over at least one clip of 1 second. 1 second???

PDF page 34: YouTube has terminated 400,000+ user accounts for infringement out of its 250M accounts. Although that’s a low percentage, that’s a surprisingly high absolute number.

PDF page 40 (FN 9): some litigated clips never got a takedown notice at all.

PDF page 45: YouTube says it did lacked “red flags” knowledge of infringing activity because, in some cases, the copyrights were obscure.

PDF page 47: No red flags because copyright owners routinely voluntarily upload lots of copyrighted material to YouTube, and copyright owners try to cover their tracks. Copyright owners do this because YouTube marketing works. Copyright owners’ embrace of “viral marketing”/“stealth marketing” eliminates any potential red flags.

PDF page 49-50: Details of Viacom’s stealth marketing efforts:
* It uses an “army” of third party marketing agents (at least 18 firms)
* Account names don’t indicate a Viacom relationship
* Email addresses aren’t linked to Viacom
* Clips are deliberately uploaded from networks not tied to Viacom, such as Kinko’s
* Clips are deliberately altered videos to make them look stolen. I thought this was the most damning fact. It’s disingenuous to rail against piracy and yet try to take advantage of the marketing benefits of seemingly unauthorized copying.

PDF page 50: Viacom has released clips with the intent that users spread them virally.

PDF page 53: Viacom has a deliberate and complex strategy for leaving up clips. This part of the brief was confusing so I didn’t fully follow the timeline. Here’s what I understood about Viacom’s “leave-up” policy. Through Oct. 2006: leave up clips less than 5 minutes. Oct 2006: Viacom tells BayTSP to leave up all clips shorter than 2.5 minutes [or is it 3 minutes?]. Then, Viacom expanded the leave-up policy to include every clip shorter than a full episode; and in some cases, even full episodes were expressly left up.

PDF page 54-55: Viacom found 316 clips of South Park and took down only 1.

PDF page 56: “If Viacom deliberately refrained from sending takedown notices for certain videos, how could it be that YouTube was obligated to remove those same videos on sight—without any request from Viacom?”

PDF page 59-60: No red flags because some copyright owners granted licenses that permitted YouTube uploading. Also, some clips may be subject to joint ownership, and YouTube can’t tell if one of the joint owners had consented.

PDF page 61: no red flags because of fair use/de minimis use. I was surprised that the Lenz case wasn’t explored.

PDF page 73: Viacom had complex whitelists of YouTube accounts that wouldn’t be challenged.

PDF page 75: Viacom sued over clips it had authorized for posting.

PDF page 99: less than 1% of YouTube clips have been subject to a takedown notice. Again, I am surprised that this was appropriately rounded to 1%; I would have expected an even smaller fraction.

PDF page 105: Viacom spent over $1M advertising on YouTube from 2006-08. All of which (and more) YouTube has reinvested in its litigation against Viacom.

Viacom Summary Judgment Motion

PDF page 9 (FN 1): This was a confusing footnote, but a crucial one. It appears that Viacom is only interested in infringement pre-May 2008 (before YouTube deployed digital fingerprinting for Viacom). The way I read it, Viacom isn’t going to pursue any claims for activity post-May 2008. Thus, Viacom apparently is acquiescing to—or even happy with—YouTube’s current practices. Consistent with the Tale of Two YouTubes, Viacom reinforces that it’s really only interested in the past, not the present.

Viacom complains that it took too long for YouTube to deploy the digital fingerprinting for it. It says that YouTube withheld the tool as part of a quid-pro-quo to require content owners to sign a license and revenue share deal.

PDF page 14: YouTube founder Karim uploaded infringing content himself.

PDF page 14-15: YouTube was a junkie for traffic to infringing content—it wanted and needed the traffic. They felt they would lose 80% of their traffic if they did a crackdown of obviously infringing clips.

PDF page 17: YouTube tried and then removed the ability for every user to flag clips for copyright infringement. I personally think Viacom overemphasized this point. Service providers are trapped in a dilemma. If they do more screening than 512 requires, copyright owners say that evidences their right and ability to control (indeed, Viacom itself makes that argument in its brief). But if they don’t do more, copyright owners complain that they could have done more. Good grief. With respect to user flagging of copyright infringement, users are a terrible source of credible information about what constitutes copyright infringement (at least, when it’s not their works involved), so the user flagging tool inevitably would generate too many false positives. Requiring 512(c)(3) notices is a logical way to avoid the deluge of false positives.

PDF page 17: Dunton surveyed top clips on YouTube and thought 70%+ were copyrighted. Later, Dunton said 75-80% of clip views were from copyrighted content.

PDF page 19: Karim says in a board meeting that the site would benefit from preemptive takedowns of blatantly illegal content, but no changes were made.

PDF Page 22: pre-acquisition, a Google employee referred to YouTube as a “video Grokster” and a “rogue enabler of content theft.”

PDF Page 22: Google’s investment banker Credit Suisse reported to Google that 60%+ of YouTube’s views were of “premium” content, of which only 10% was authorized.

PDF Page 29-30: Hurley lost all of his emails, and Schmidt deletes all emails after he reads them (guess he doesn’t use Gmail’s “archive” feature). Hurley developed “serial amnesia” when confronted with Karim’s emails.

Posted by Eric at 04:08 PM | Copyright , Derivative Liability , Internet History | TrackBack

March 02, 2010

February 2010 Quick Links

By Eric Goldman

Copyright

* Mavericks Recording Co. v. Harper (5th Cir. Feb. 25, 2010). 17 USC 402(d) precludes an innocent infringement defense in P2P downloading case when the record companies place proper copyright notices on their works. This is consistent with language from BMG v. Gonzalez in the Seventh Circuit.

* Perfect 10 and Amazon settle on confidential terms; Perfect 10 v. Google will keep going. Previous blog coverage of this case (1, 2, 3, 4, 5).

* Veoh won in court (1, 2, 3) but still got knocked out of the marketplace.

* Project DoD, Inc. v. Federici, 2010 WL 559115 (D. Me. Feb. 11, 2010). In a 512(f) lawsuit I blogged about in December, the judge upheld the magistrate report dismissing for lack of personal jurisdiction because the plaintiff had moved and no longer had ties to Maine.

* MCS Music America, Inc. v. YAHOO Inc., 2010 WL 500430 (M.D. Tenn. Feb. 5, 2010). MCS sued Yahoo over infringement of its songs, and the court says that it can only get statutory damages for each song infringed. This means that if Yahoo performed 8 different covers of the song, MCS is only entitled to statutory damages for one infringed work.

Trademark

* Monex Deposit Co. v. Gilliam, 2010 WL 325570 (C.D. Cal. Jan, 25, 2010). The courts says a gripe site called "MonexFraud.com" may cause initial interest confusion of the Monex trademark. Are you kidding me?

* Typographically erroneous phone numbers always struck me as a much greater problem than "typosquatters."

Contracts

* Jacobsen v. Katzer settles.

* Asch Webhosting, Inc. v. Adelphia Business Solutions Investment, LLC (3rd Cir. Jan. 25, 2010). 3rd Circuit upholds consequential damages waiver in B2B Internet connectivity contract. Prior blog discussion.

Blogging/Social Networking Sites

* Cats & Dogs Animal Hospital v. Yelp (C.D. Cal. complaint filed Feb. 24, 2010). The plaintiffs allege that Yelp violates California B&P 17200 by using a pay-for-play scheme.

* Rick Frenkel speaks about his Troll Tracker blogging days.

* In re Perry, 2010 WL 374770 (Bankr. S.D. Tex. Feb. 3, 2010). Emailing links to a third party's defamatory blog constituted "publication" of the blog for defamation purposes. The court doesn't discuss 47 USC 230 at all!

* Cunningham v. West Virginia, 2010 WL 415257 (S.D. W.Va. Jan. 26, 2010). MySpace does not impermissibly discriminate against sex offenders.

* Evans v. Bayer, 2010 WL 521119(S.D. Fla. Feb 12, 2010). A student's off-campus creation of a Facebook Group called "Ms. Sarah Phelps is the worst teacher I've ever met" may not be an appropriate grounds for school discipline.

* Snowball fight leads to a rampage at Macy's? Blame Facebook!

* Marshall v. City of Savannah, 2010 WL 537852 (11th Cir. Feb. 17, 2010). A probationary firefighter posted an official fire department photo on her MySpace page. After a reprimand, the employment relationship deteriorated and she was fired. The 11th Circuit affirms the dismissal of her discrimination and retaliation claims.

* BoingBoing gets an anti-SLAPP win--including its attorneys' fees--in a defamation lawsuit over one of its blog posts. The anti-SLAPP ruling.

* Berkery v. Estate of Stuart, 2010 WL 610631 (N.J. Super. A.D. Feb. 23, 2010). "The investigative function an author performs is not substantively different from an investigative journalist. The dispositive element is not the form of the investigative process. In an era marked by a diminution of the classic newsmedia and the print investigative journalist and the proliferation of investigative reporting in media such as cable television, documentary journalism-both televisions and movies-internet reporting and blogging, the need for protection remains the same. Whether Hornblum was writing a book, news article, a screenplay or a blog, the substance of his body of work remains the same."

Search Engines

* After some innuendo about Microsoft’s role in harassing Google on antitrust/competition issues, Microsoft effectively admits as much. Also see this Wall Street Journal article on the Microsoft-Google tussles.

* Search Engine Land: Google AdSense Using Search History In Contextual Matching

* Munger v. State, 2010 WL 537641(N.C. App. Feb. 16, 2010). Rejecting a taxpayer challenge against a NC law designed to provide financial incentives for Google to build a facility there.

* Lengthy Wired article on Google's algorithm.

* Nature: Chinese researchers don’t want to lose access to Google. My blog post on this topic.

* Business Insider: In Case You Had Any Doubts About Where Google's Revenue Comes From

Advertising

* Thomas O'Toole: Does "No Contract" Really Mean No Contract?

* MediaPost: Start-Up Links 65 Million IP Addresses To Users, Readies Targeting Platform. This is not going to end well.

* More troubling words for online advertisers from FTC BCP Director David Vladeck.

* Zelotes v. Rousseau (Conn. Grievance Committee). Attorneys participating in an Internet lead generation system that allocated leads geographically didn't violate the attorney Rules of Professional Conduct.

Online Crimes

* F.T.C. v. Pricewert LLC, 2010 WL 329913 (N.D. Cal. Jan. 20, 2010). FTC gets a default injunction against an Internet access provider that allegedly provided connectivity for activities such as child pornography, botnets, spyware, and viruses.

* US v. Little. The Eleventh Circuit disagrees with the Ninth Circuit regarding the appropriate geographic scope to measure the obscenity of Internet material.

* 3 Google executives were convicted in Italy of criminal privacy violations for a user-uploaded video to Google Video. NYT article. Google's response. A refresher on the Felix Somm conviction from 1998.

* Online ticket sellers are getting the smackdown. Criminal prosecutions of online ticket brokers who allegedly played dirty in jumping the queue. The FTC cracks down on Ticketmaster and warns other online ticket sellers.

Posted by Eric at 05:04 PM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Search Engines , Trademark | TrackBack

March 01, 2010

Ninth Circuit: Creditor Can Execute Against Domain Name Where Registry is Located -- Office Depot v. Zuccarini

[Post by Venkat]

The Ninth Circuit affirmed the district court's ruling in Office Depot v. Zuccarini [Scribd link], agreeing that a creditor may levy against a domain name in the jurisdiction where the domain name registry is located. The decision is significant for two reasons. First, it affirms (or reaffirms) that domain names are property subject to the claims of creditors. Second, it allows creditors to proceed against domain names where the registry is located, thus allowing creditors to proceed against domain names in one proceeding and more importantly levy against domain names located abroad (where the registry is located in the United States). Overall, this makes getting at a domain name much easier for creditors.

Background: Office Depot originally obtained a judgment against frequent cybersquatting defendant John Zuccarini. Office Depot then assigned the judgment to DS Holdings. Office Depot obtained the judgment in 2000 and it's surprising that 10 years later the judgment is finally being enforced against something. Although Zuccarini is proceeding pro se, it seems like he was or became well versed in putting up roadblocks and delaying resolution of the litigation.

DS went after 190 .com domain names that were registered in Zuccarini's name. DS originally tried unsuccessfully to have the domain names transferred directly to it. (This was the technique successfully used by the plaintiff in Bosh v. Zavala.) Later, DS sought to have a receiver appointed over the domain names. The district court granted DS's request to have the receiver appointed, and Zuccarini appealed. Zuccarini's appeal focused on whether it was proper to appoint the receiver in the Northern District of California, since the domain names were not necessarily "located" there.

The court's ruling: The court runs through basic principles of in rem jurisdiction and what rules apply. The court then looks to federal rules to determine where the receiver should be appointed in this case. Finding no applicable federal rule, the court looks to California law. California law provides that a writ of execution may be issued "in the county where the levy is to be made." With this in the background, the two questions presented by the court are: (1) "are domain names property that is subject to execution?" and (2) "if so, where are the domain names located for purposes of execution?"

With respect to the first question, the court cites to Kremen v. Cohen, and easily concludes that (under California law) "domain names are intangible property subject to a writ of execution." Kremen undermined Network Solutions, Inc. v. Umbro Int’l, Inc., 259 Va. 759, 770 (Va. 2000), a Virginia case widely cited for the proposition that creditors cannot get at domain names because domain names are contract rights rather then property. To the extent Kremen did not refute Umbro, this decision definitely provides the necessary ammunition to creditors. (Again, collection is state-specific, and apart from the analysis of the nature of domain names, the outcome in these cases turns on the statute in question, which vary from state to state. That said, I think given the robust marketplace in domain names, Umbro's conception of the domain name as a personal services agreement seems outdated, and most courts will easily recognize this.)

With respect to the second question, the court acknowledges that "attaching a situs to intangible property is ... a legal fiction," and the determination must be made in a "context-specific" manner. Fairness was relevant to the court's determination of the appropriate situs, and the court was understandably not receptive to Zuccarini's policy arguments that allowing a court to issue an order directed to the registry would mean that every .com and .net domain name could be levied through courts in the Northern District of California. The court also looked to the ACPA, which provides for in rem jurisdiction over certain cases where the "registrar, registry, or other domain name authority" is located. Although this was not an ACPA case, the court found the structure set up by the statute persuasive and that the writ was appropriately issued from Northern District of California since VeriSign (the registry for .com domains) is located there.

My reaction: The decision clears up two things. Although post Kremen v. Cohen there shouldn't have been much dispute that domain names are property which are subject to the claims of creditors, the case clears up any lingering doubt that may have existed. (Kremen and this case applied California law, but the result shouldn't vary much across other states.) Second, the decision makes clear that a court which has jurisdiction over the registry can issue an order allowing the creditor to get at the domain names. The case also implicitly affirms that getting a receiver appointed to sell the domain names is the appropriate route for the creditor. Getting the name transferred to the creditor is not a remedy allowed under California law (Palacio Del Mar Homeowners Ass'n, Inc. v. McMahon). Additionally, a transfer of domain names from a cybersquatter to a judgment creditor raises some issues around potential infringement of third party rights through sales or other exploitation of the domain names. (See this post on Bosh v. Zavala for some discussion of those issues.) The method ultimately used by DS in this case (a receiver) avoids all of these issues, or at least shifts them over to the receiver rather than the creditor.

One of the more significant aspects of the case is that the ruling makes clear that regardless of whether a domain name is registered through a foreign registrar, a court having jurisdiction over the registry can issue an order directing transfer of the domain names to a receiver. With respect to .com and .net domain names, this means that creditors can try to get at these domain names through proceeding in the Northern District of California (as the court notes, VeriSign is the registry for .com and .net domain names and is headquartered in Mountain View). While the ACPA allows plaintiffs to file in rem suits where the registry is located, it's nice (for creditors) to have a similar ruling in the post-judgment context, and one from the Ninth Circuit as well.

Will this cause a rush of similar claims to be filed in the Northern District of California? It's tough to say, but even post Kremen, it does not seem like there's been a ton of post-judgment collections activity with respect to domain names. From a practitioner's standpoint, it's certainly nice to have this rule on the books.

An odd footnote: Zuccarini is a colorful character whose internet exploits have gotten him in trouble with the law. He was arrested in 2003. (Here's a post at CircleID rounding up reactions to his arrest.) According to his Wikipedia entry which contains a link to a Bureau of Prisons search, he was released in 2005.

Previous post: "Domain names as property subject to creditor claims -- Bosh v. Zavala"

Additional coverage: Mike Atkins covers the ruling in a post here.

Posted by Venkat at 06:58 AM | Domain Names , Internet History , Trademark

February 16, 2010

Kozinski and Goldfoot on Cyberspace Exceptionalism and Internet Regulation

By Eric Goldman

Alex Kozinski & Josh Goldfoot, A Declaration of the Dependence of Cyberspace, 32 Colum. J.L. & Arts 365 (2009).

Introduction

In early 1996, in response to Congress' enactment of the Communications Decency Act (the first comprehensive attempt to regulate the Internet), John Perry Barlow published his cyberspace exceptionalist screed, “A Declaration of the Independence of Cyberspace.” The manifesto (naively, IMO) tells government regulators that they are outdated and should not—and cannot—regulate the Internet.

Judge Kozinski, chief judge of the Ninth Circuit, and Josh Goldfoot, a trial attorney in the DOJ's CCIPs division, use Barlow's article as an entry point to discuss Internet exceptionalism/regulation generally. Although the article expresses the authors’ personal views, the article amplifies some themes Judge Kozinski has been developing in his recent Internet jurisprudence, most notably the Roommates.com case and Perfect 10 v. Visa. Because Judge Kozinski plays a crucial role on the federal appellate court governing both Hollywood and the Silicon Valley, this article is worth a close look.

Internet Exceptionalism

Judge Kozinski made his distaste for Internet exceptionalism clear in the Roommates.com opinion. In this article, the authors explain this view more thoroughly:

It is a mistake to fall into Barlow's trap of believing that the set of human interactions that is conducted online can be neatly grouped together into a discrete “cyberspace” that operates under its own rules. Technological innovations give us new capabilities, but they don't change the fundamental ways that humans deal with each other....[W]hen the internet is involved in a controversy only because the parties happened to use it to communicate, new legal rules will rarely be necessary. When the substance of the offense is that something was communicated, then the harm occurs regardless of the tools used to communicate....[T]he vast majority of internet cases that have reached the courts have not required new legal rules to solve them.

While I generally agree with this, I also think it’s an antiquated sentiment. Whether or not cyberspace exceptionalist law are logical or even appropriate, legislators have found them irresistible, resulting in dozens or hundreds of Internet-specific statutes. I explore this dynamic in my article “The Third Wave of Internet Exceptionalism.” So to the extent the authors are arguing that we don’t need new cyberspace-specific laws, that ship sailed a long time ago.

The authors conclude that "the internet is doing wonderfully. It has survived speculative booms and busts, made millionaires out of many and, unfortunately, rude bloggers out of more than a few. The lack of a special internet civil code has not hurt its development."

I agree that the Internet is doing wonderfully, but I would assign causality differently. Legislatures in the 1990s passed a number of Internet-favorable laws, such as the Internet Tax Freedom Act, which kept taxing authorities from loving the Internet to death, and 47 USC 230, which provided a crucial immunity to online intermediaries. Reverse-engineering the Internet’s success is a tricky science, but my hypothesis is that the success is partially due to these “special Internet civil codes,” not due to their absence. For more on this with respect to 47 USC 230, see my talk notes from the Denver University Cyber Civil Rights event.

”Death of the Internet” and “Death of Innovation” Arguments

The authors address two common arguments that Internet defendants make to support favorable exceptionalist rulings, including that an adverse ruling (1) will end the Internet or (2) harm innovation.

They suggest that "end of the Internet" arguments can be powerful (specifically addressing Judge McKoewn’s doomsday concerns in her Roommates.com dissent):

The argument that a legal holding will bring the internet to a standstill makes most judges listen closely. Just think of the panic that was created when the Blackberry server went down for a few hours. No one in a black robe wants to be responsible for anything like that, and when intelligent, hard-working, thoughtful colleagues argue that this will be the effect of one of your rulings, you have to think long and hard about whether you want to go that way. It tests the courage of your convictions.

While end-of-the-Internet arguments can grab judges' attention, I have to assume that the litigant loses credibility if the claim is overstated. So use the argument sparingly, like when your client's loss will pry beloved Crackberries out of the judges' hands.

The authors are less impressed with the "death of innovation" argument.

[P]romoting innovation alone cannot be a sufficient justification for exempting innovators from the law. An unfortunate result of our complex legal system is that almost everyone is confused about what the law means, and everyone engaged in a business of any complexity at some point has to consult a lawyer. If the need to obey the law stifles innovation, that stifling is just another cost of having a society ruled by law. In this sense, the internet is no different than the pharmaceutical industry or the auto industry: they face formidable legal regulation, yet they continue to innovate.

There is an even more fundamental reason why it would be unwise to exempt the innovators who create the technology that will shape the course of our lives: granting them that exemption will yield a generation of technology that facilitates the behavior that our society has decided to prohibit. If the internet is still being developed, then we should do what we can to guide its development in a direction that promotes compliance with the law.

I’m sympathetic to this point. Personally, I feel like arguments that a ruling or law will harm “innovation” are often make-weight. “Innovation” is ill-defined and difficult to measure (i.e., some folks believe patent applications/issuances quantify innovation, but we know better), and it is politically incorrect to oppose “innovation” (you might as well oppose other incontrovertible ideals like freedom, Mother Teresa and puppies). Thus, the “harms innovation” argument automatically, and often unfairly, puts the opponent on the defensive—they can either try to debate what’s better for innovation or stand silently and look like they oppose innovation. But debates about what’s best for “innovation” are almost always irresolute because innovation can take many forms, and we do not know what precise mixture of government intervention and deregulation will foster socially optimal levels of innovation. For more on this, see, e.g., Niva Elkin-Koren and Eli Salzberger’s analysis of Coasean allocations on innovation.

At the same time, the authors’ arguments are a little disquieting because they imply that innovation can result in only one of two outcomes—legal or illegal, with nothing gray in between. From my perspective, much (most?) Internet entrepreneurship/“innovation” exists between the two endpoints of the legality continuum. For example, in 1996, I believe many legal experts would have said that unconsented spidering and indexing of a website was probably illegal (a question that has not been definitively resolved even today)—so if we wanted to avoid possibly illegal innovation, Google would not exist today. As a result, it might sound great to channel innovation towards only clearly legal activities, but I don’t really think that’s what we want.

Secondary Liability and Anonymity

The article also has some troubling remarks on secondary liability and anonymity:

If the legal rules change, and companies are held liable more often for what their users do, then the cost of anonymity would shift away from victims and toward the providers. In this world, providers will be more careful about identifying users. Perhaps online assertions of identity will be backed up with offline proof; providers will be more careful about providing potential scam artists in distant jurisdictions with the tools to practice their craft. All this would be expensive for service providers, but not as expensive as it is for injured parties today.

I would like to see some empirical support for the last sentence’s comparison of expenses. It’s not self-evident to me. Further, if we are going to do a cost accounting, we also need to consider what socially beneficial activity is dissuaded by service provider authentication of identity.

The authors continue:

Secondary liability should not reach every company that plays any hand in assisting the online wrong-doer, of course. Before secondary liability attaches, the plaintiff must show that the defendant provided a crucial service, knew of the illegal activity, and had a right and a cost-justified ability to control the infringer's actions. This rule will in almost every case exclude electrical utilities, landlords, and others whose contributions to illegal activity are minuscule.

This argument is consistent with traditional tort principles (as well as Judge Kozinski’s dissent in Perfect 10 v. Visa regarding copyright liability). 47 USC 230’s immunity breaks these venerable principles. As I’ve noted before, bright judges imbued in the common law can have a tough time with Congress’ rejection of traditional tort principles (as well as the concomitant reduction in judicial discretion).

Meanwhile, I’m wondering about the qualifier in the last sentence (“in almost every case”). Unless specified in a statute, I can’t imagine *any* circumstances where it would be appropriate to hold people who make “minuscule contributions” responsible for third party torts—especially electrical utilities, who as regulated monopolies usually have no discretion about whether or not to provide power to their customers.

Conclusion

Although in general most Ninth Circuit Internet rulings have reached the right result, recent Ninth Circuit rulings have shown some hostility towards 47 USC 230 specifically and Internet defendants generally. I am concerned that the Ninth Circuit has become a dangerous circuit for Internet defendants, and this article does not dispel my fears. I think Internet defendants should carefully weigh the pros and cons before appealing a case to the Ninth Circuit. The wild card factor is high, and the likelihood of getting an incomprehensible legal standard is higher still.

Posted by Eric at 01:40 PM | Derivative Liability , Internet History | TrackBack

February 09, 2010

Catching Up With Wikipedia

By Eric Goldman

I recently posted the final published version of my article Wikipedia’s Labor Squeeze and its Consequences. In the course of updating the draft, I reviewed the news coverage of Wikipedia from the second half of 2009, and I thought I would share some of the more interesting tidbits that caught my eye.

Flagged Protection v. Flagged Revisions

The biggest news from the second half of 2009 was the August announcement from the Buenos Aires Wikimania that the English-language Wikipedia was rolling out Flagged Revisions for living people's biographies. It was first reported by Noam Cohen at the New York Times and then repeated in countless articles. I think the announcement took everyone by surprise because it seemed to come from out of the blue. Several other Wikipedia versions deploy Flagged Revisions, but before Wikimania, the consensus had been to try Flagged Protection and Patrolled Revisions--not Flagged Revisions--on the English-language Wikipedia.

[Some of you may be wondering: what's the difference? A lot! With Flagged Revisions, most user edits are invisible to logged-out readers until a more trusted editor approves them. Flagged Protection is a variation of Full Protection and Semi-Protection. Edits from less trusted users to protected articles are invisible to logged-out readers until a more trusted editor approves them. Flagged Protection substitutes for Full Protection, where less trusted users cannot make any edits to the protected articles whatsoever; and semi-protection, where only some users can make edits to those articles. The percentage of articles currently fully- or semi-protected is very low--I believe less than 1%--and presumably Flagged Protection would be used equally sparingly. In contrast, the media announcements indicated that Flagged Revisions would apply to all living people's biographies, a significant minority of Wikipedia entries. Patrolled Revisions is more procedural than substantive; it's merely a way for editors to communicate with each other that they have verified previous edits.]

The fact that Wikipedia apparently leapfrogged Flagged Protection to adopt the much more restrictive Flagged Revisions seemed like an ominous development and perhaps an indication that the vandals and spammers were winning more than we thought. The public angst over Wikipedia's announced move was deafening. People seemed to be genuinely shocked that Wikipedia might make a wholesale move from an open edit site to something substantially more restrictive.

However, this angst was misdirected. Despite multiple efforts to get clear information from Wikipedia (including this unbelievably confusing blog post), it turns out that the English-language Wikipedia isn't adopting Flagged Revisions at all but instead is proceeding with its trial of Flagged Protection. I think Farhad Manjoo properly captured our collective frustration in his TIME article entitled Jimmy Wales Quietly Edits Wikipedia’s New Edit Policy: “In several interviews, including many with TIME, officials at the Wikimedia Foundation, the nonprofit that manages Wikipedia, explained that the user-edited online encyclopedia would soon impose restrictions on articles about living people.” I really don't understand how or why Wikipedia successfully misdirected us for weeks, but they could have easily avoided a lot of confusion with a clearer announcement and more prompt corrections.

So the bottom line is that, despite the August drama, Wikipedia is not flipping its default to closed editing yet.

Nevertheless, as I explain in my Wikipedia Labor Squeezes article, Wikipedia inevitably will adopt more restrictive editing policies. It's just a matter of time. Accordingly, I will not be surprised when Wikipedia announces more restrictions. In contrast, judging from the reaction to the August announcement, I expect most people will be shocked when they next hear of Wikipedia's next effort to deploy a more restrictive editing policy.

Wikitrust

In late August, Wired reported that Wikipedia was adopting Wikitrust, a tool that automatically color-codes edits to an entry to show the projected credibility of those edits. Thus, at a glance, a reader can tell which parts of an entry are more likely to be accurate and which parts should be scrutinized more closely. Amazingly, though, this was also a botched announcement (read the update to the Wired article). Wikipedia is only conducting a trial of Wikitrust.

A Couple Other Interesting Factoids

From New Scientist: ""Occasional" editors, those who make just a single edit a month, have 25 per cent of their changes erased, or reverted, by other editors, a proportion that in 2003 was 10 per cent. The revert rate for editors who make between two and nine changes a month grew from 5 to 15 per cent over the same period."

From NY Times: Wikipedia contributors are 80% male, 65%+ single, 85%+ childless and 70% under 30 years old. As I explain in my article, this is a group that will experience significant life changes, which in turn will reduce or eliminate the time they have to contribute to Wikipedia. Will sufficient numbers of replacements emerge?

From an article entitled The Singularity is Not Near: Slowing Growth of Wikipedia
- "the number of active editors and the number of edits, both measured monthly, has stopped growing since the beginning of 2007"
- "The rate of reverts-per-edits (or new contributions rejected) and the number of pages protected has kept increasing. Occasional editors experience a greater percentage of reverts per edits in comparison to the more prolific editors."

The Wall Street Journal Article

On November 23, the Wall Street Journal published an A1 article entitled I spoke with the reporter in June but my remarks only made the sidebar. The lead paragraph thesis is that "unprecedented numbers of the millions of online volunteers who write, edit and police [Wikipedia] are quitting." Citing research by Felipe Ortega, the article says that the English-language Wikipedia suffered a net editor loss of 49,000 in Q1 2009 (compared with a net loss of 4,900 in Q1 2008). It's worth reading the entire article. It stirred the pot quite a bit.

Erik Moeller, Wikipedia's Deputy Director, responded to the article with (among other things) a different cut at the numbers:

Studying the number of actual participants in a given month shows that Wikipedia participation as a whole has declined slightly from its peak 2.5 years ago, and has remained stable since then. (See WikiStats data for all Wikipedia languages combined.) On the English Wikipedia, the peak number of active editors (5 edits per month) was 54,510 in March 2007. After a more significant decline by about 25%, it has been stable over the last year at a level of approximately 40,000.

My Prediction

Consider this blog post my 4+ year check-in on my prediction in December 2005 that Wikipedia would fail in 5 years. In that post, I didn't tightly define what I meant by "failure," and frankly my "failure" rhetoric has been unintentionally and unnecessarily inflammatory. In all cases, I'm not rooting for Wikipedia's failure (however defined).

However, I remain baffled by the folks who are so enraptured by Wikipedia's mystique that they believe the site will defy gravity. Whatever you take away from the data points I cite in this post, I think it's undeniable that Wikipedia is changing in material ways. Bright minds might disagree about whether those changes are good or bad. From my perspective, Wikipedia's evolution has followed a fairly predictable path. Like many UGC websites, contributor activity peaks and then declines, and the transition from first generation contributors to second generation contributors naturally has some bumps. More structurally, Wikipedia has followed an entirely predictable evolution of progressively tighter editorial policies, and I anticipate even tighter editorial controls are come (to be accompanied by shocked public outcries each time).

As for my prediction, I'm waiting to see what develops this year, especially at Wikimania in August. Whether I'm right or wrong, I'll post my 5 year assessment of my prediction in December.

Posted by Eric at 11:48 AM | Content Regulation , Internet History | TrackBack

February 02, 2010

FTC Privacy Roundtable Recap

By Eric Goldman

[Introductory note: I have repeatedly criticized the FTC on this blog, and this post may implicitly criticize them as well. At the same time, I want to share a couple of compliments for the FTC. First, the FTC did a terrific job preparing for this event. For the panel I participated on, we had two official group organizing calls, plus I had at least 3 individual calls as well. I can’t recall another event which had more pre-event preparation efforts. Second, I remain consistently impressed with the dedication of the FTC staff attorneys. The FTC attorneys I've met uniformly seem to be trying to do the right thing, even if bright minds might disagree about what that is.]

Last week, the FTC held the second of three privacy roundtables at UC Berkeley. A large crowd (I estimate 200+ people) showed up, and I know that many other people watched online. Combined with my conversations with the FTC folks prior to the event, I took away a few meta-observations:

1) The FTC is Facebook-obsessed. FTC staff kept citing Facebook examples. It's clear that the FTC is paying extraordinarily close attention to Facebook.

2) The FTC has embraced the idea of "data as currency." The concept is that online services that don't make consumers pay with cash instead make consumers "pay" by providing their personal data. This didn't come up much at the second roundtable, although I understand it was a big issue at the first.

It's a little dispiriting to see this argument gain traction. I have repeatedly criticized this concept before (see my Coasean Analysis of Marketing and Data Mining and Attention Consumption articles), so I will only briefly recap its deficiencies here. Basically, the concept treats the provision of personal data as an automatic detriment to the consumer, which creates a zero-sum game—just like the transfer of cash, the service provider wins at the consumer's expense. Although consumers may suffer negative consequences from providing their personal data to service providers, the overall concept is wrong because many service provider-consumer relationships are "win-win" where both the consumer and the service provider are better off due to the data transfer. I build some economic formulas in my articles to explain these scenarios with more rigor. Win-win can occur, for example, if the service provider can provide better services to the consumer based on access to personal data. Personalized search is one example. Ultimately, any policy proposals predicated on treating data as currency are likely to overregulate by reducing or eliminating potential win-win scenarios.

3) The term "privacy enhancing technologies" or PETs lacks a consensus definition. Because we didn't agree on what qualifies as a PET, we couldn't determine if they had been successful or not.

Construed narrowly as add-on technologies that guard against specific vectors of privacy intrusions, it's clear that PETs have failed as a mass-market offering. Hardcore privacy folks may seek out tools that advance their interests, and they may even be willing to pay for those tools, but most folks don't care enough to pursue such solutions--even those available for free. (I highlight this tension in my 2002 Forbes editorial.)

However, if we construe PETs more broadly, they have been massively successful. For example, I would consider anti-spam/anti-spyware/anti-virus software as PETs. Obviously those software programs have other benefits, such as security protection, but they solve a variety of privacy-related problems too. For example, my Gmail spam filter learns my preferences and, over time, blocks some types of unwanted emails (such as repeat emails meant for other “egoldman”s like Emma Goldman) from showing up in my in-box. Similarly, PETs have been incorporated into the browsers and provide default protection to their users. If we can get past the one-off single-vector conception of PETs, we may find lots of successful examples.

4) The online "privacy" dialogue hasn't advanced very far in the past 15 years. I felt like much of the 2010 roundtable's discussion would have been apropos 15 years ago. For example, instead of discussing cookies in 1995, in 2010 we are discussing flash cookies and supercookies. There's no real difference in the underlying principles; we're simply at a new point in the technological arms race. Just like technology evolved to provide user control over cookies, it will eventually catch up to flash cookies and supercookies and super-duper-cookies or whatever the next iteration of persistent client-side identifiers is called. Unless we look past the specific technological implementations and focus on broader concepts, we are doomed to repeat the same conversations.

5) Due to the semantic ambiguity of the word "privacy," "privacy" inquiries are guaranteed to fail. Ultimately, I found much of the roundtable discussion unenlightening because the "privacy" umbrella is too broad and ambiguous. From my perspective, the term "privacy" is always fatally ambiguous to any productive conversation; I just don't understand what it means. As a result, at the roundtable, panelists were simultaneously discussing privacy, security, anonymity and a variety of other concepts. The result was a jumbled doctrinal mess and a lot of talking past each other.

At the same time, the "privacy" umbrella hindered the inclusion of non-privacy concepts that might have helped overcome the deja vu tendency. The panel titles were:

Panel 1: "technology and privacy"
Panel 2: "privacy implications of social networking and other platform providers"
Panel 3: "privacy implications of cloud computing"
Panel 4: "privacy implications of mobile computing"
Panel 5: "technology and policy"

My latest project on reputation is relevant to the issues discussed at the roundtable, but where does "reputation" fit into these panels? Everywhere--and nowhere. Similarly, I was hoping to discuss the implications of 47 USC 230(c)(2), the immunization for filtering technologies, but where does that fit in? I hoped to discuss it in the first panel but we ran out of time. Using a classic "privacy" structure for the discussion implicitly stifles these important non-privacy considerations from emerging. As a result, this structure almost guarantees a "same old, same old" discussion by precluding new concepts from joining the discourse.

Before the panel, lame-duck Commissioner Pamela Jones Harbour gave some opening remarks. She expressed displeasure with Facebook's resetting of privacy defaults and disagreed with Mark Zuckerberg's quoted remarks that the technology change reflects emerging social attitudes. She also gave a lengthy shout-out to Paul Ohm's paper on de-anonymization/re-identification of non-PII. Note that we will have an evening panel event featuring Paul Ohm at SCU on April 7. Please put that on your calendar now. Paul's paper is already affecting the considerations of FTC Commissioners; come hear what the fuss is about.

After Commissioner Harbour, David Vladeck (head of the FTC's Bureau of Consumer Protection) gave some opening remarks as well. He summarized three conclusions from the first roundtable:

* Consumers don’t understand commercial information-collection practices (ex: data brokers, behavioral targeting).
* Lengthy privacy policies aren’t effective, but privacy disclosures are important.
* Consumers care about privacy.

He concluded his remarks with an ominous threat. He noted that the FTC continues to bring privacy-related enforcement actions, and in particular (a quote from his prepared remarks) "we are currently examining practices that undermine the effectiveness of tools consumers can use to opt out of behavioral advertising, and we hope to announce law enforcement actions in this area this year." I'm not sure what this means. Perhaps the FTC is fed up with NAI's behavioral ad network opt-out tool? I have not been able to make the tool work properly for years.

Finally, I'll mention a few thoughts from the social networking panel, which featured Erika Rottenberg of LinkedIn, Nicole Wong of Google and Tim Sparapani of Facebook. Given all the Facebook-bashing throughout the day, Tim was in the hot seat!

One of Tim’s talking points was that 35% of users customized their privacy settings in response to Facebook's privacy default resetting and its subsequent requirement that they review the settings. 35% user participation would be a remarkably high percentage for any website, and it’s incredible for Facebook with 350M claimed users.

Tim's other talking points didn't go over as well. He claimed that there are no barriers to entry for other social networking sites. This is technically true but woefully incomplete. It could very well be that the optimal number of social networking sites that consumers can actively embrace is precisely one, and there is good reasons to believe that social networking sites experience powerful network effects. See, e.g., Reuter's article about the tipping point between MySpace and Facebook.

Further, although the friendship relations are sticky, Facebook’s real stickiness comes from the self-published content on Facebook that cannot be exported to another site. Tim completely chunked the question about data portability from Facebook, slavishly espousing his talking point that Facebook will delete user accounts on their request--a non-sequitur that made most people in the audience quietly groan. We all understand that Facebook will kill content upon request, but the question on the table was how Facebook will allow users to move their extensive content to a competitor. Tim ducked that question because Facebook doesn't enable it. Facebook does not offer a front door for data portability, and Facebook has been shutting down the backdoor by suing folks like Power.com who try to create an unsanctioned portability method. To be clear, I'm not 100% convinced that Power.com is the good guy in that dispute, but I'm pretty confident that Facebook doesn't tolerate backdoor data portability.

Even so, I think Facebook's biggest threat is itself. Few users will get so mad that they will delete their accounts (I still have my Orkut and Friendster accounts, for example). Instead, Facebook should be concerned that users will simply reduce their usage because they get burned out or lose trust in Facebook. Ultimately this will cause users to migrate elsewhere, so the end game for Facebook could be a whimper, not a bang.

As an example of this latter phenomenon, Tim’s talking points claimed that Facebook gives users control over who they want to share every piece of data at the time they publish the data. He rightly praised this granularity but I am still grumbly that Facebook killed the setting that kept my comments and likes off my profile page. Now, if I don't want those items to show, I have to manually delete each one. So I do have control over my publications as Tim touted, but the additional transaction costs cause me to comment on and like other posts less frequently than I used to. This seems like more of a bug than a feature in my book.

In contrast to Facebook, Nicole Wong hammered the point that Google embraces data portability and builds it into the design of many of its services. As she said (I'm paraphrasing her), because users can leave with a click, we have to better with every product every day, and it makes us build better products. That's the spirit! Facebook, are you listening?

Posted by Eric at 04:04 PM | Internet History , Privacy/Security | TrackBack

January 27, 2010

Utah May Repeal Its Spyware Control Act--SB 26

By Eric Goldman

It's that time of year again. The Utah legislature is back in session and cooking up new schemes to regulate the Internet. So far I only see one Internet-specific bill in queue, SB 26. Surprisingly, it does not directly attempt to regulate keyword advertising.

SB 26 is sponsored by Sen. Stephen H. Urquhart, who rocketed to national cyberlaw fame (infamy?) in 2004 when he sponsored Utah's Spyware Control Act. It was such a misguided law that it motivated me (in part) to write a 71 page magnum opus explaining its policy deficiencies. It was also hampered by its fairly obvious unconstitutionality, which was confirmed by a Utah court a few months after passage. (Note: I helped write an amicus brief in that court challenge, so you might interpret my assessment as an advocacy statement). Following the judicial thumping, then-Rep. Urquhart shepherded an amendment to the Spyware Control Act in 2005 that effectively neutered the law. Since then, I believe the law has sat largely dormant. The only court citation I know of was in the 2008 Overstock v. SmartBargains case, easily rejecting Overstock's mystifying attempt to make a claim under the superseded 2004 version of the law.

Among other items I'll discuss in a moment, SB 26 proposes to repeal the Spyware Control Act entirely. If passed, that would be a remarkable development because most legislators let their failed laws sit on the books unused. It takes some work to repeal a law, plus it can be a little embarrassing to repeal a law--especially after hyping up the law to get it passed initially (Urquhart had a lot of tough talk about spyware/adware in 2004-05, see, e.g., here). Kudos to Sen. Urquhart for having the fortitude to admit and fix his errors publicly.

While repealing the law would be a remarkable step on its own, it's even more remarkable in the context of the Utah legislature's track record of Internet regulation. By my count, repealing the Spyware Control Act would be at least the THIRD Utah Internet law that its legislature repealed in the past few years--the other two being Utah's 1995 digital signature act and its infamous Trademark Protection Act. For a legislature that meets only a couple of months a year, a trifecta of repealed Internet laws in the past couple of years is a stunning waste of scarce legislative resources. Wow.

As bad as that is, the three repealed laws don't even tell the full story of the Utah legislature's incompetence when it comes to Internet regulation. Recall Utah's failed attempt to line its coffers by taxing email (which turned into a big money-loser), and don't forget its repeated attempts to regulate Internet content that have spawned years of costly litigation (see, e.g., Free Speech Coalition v. Shurtleff). From my perspective, anyone looking objectively at the Utah legislature's track record of regulating the Internet would logically conclude that they should cut their losses and focus on other legislative priorities.

Unfortunately, SB 26 indicates that either hope springs eternal in the Utah legislature or they are doomed to forget the lessons of history. Despite doing some good by putting down the Spyware Control Act, the bill amazingly proposes more regulations of the Internet! To Sen. Urquhart's credit, the bill is largely clone-and-revise proposals from other places and not drafted from scratch, which may contribute less from a regulatory standpoint but at least they aren't quite as error prone. The proposed law has three main components:

1) anti-phishing/anti-pharming restrictions. I'm not sure where the original text came from. California has an anti-phishing law but I don't think this is a clone-and-revise of that law. Maybe it's cloned from another state's anti-phishing law. In any case, the anti-"phishing" proposal is noteworthy because the regulation doesn't restrict itself to email (presumably to avoid any risk of CAN-SPAM preemption). As a result, as currently drafted, it's an unlimited anti-pretexting law applicable to both online and offline conduct.

2) anti-spyware restrictions. After wiping out the Spyware Control Act, the new anti-spyware proposals are based on the California model of state anti-spyware laws, which have been followed by a couple dozen other states. The California model regulates various types of "intentionally deceptive" conduct regarding software activity. This is what Utah should have done in 2004-05 rather than trying to develop its own sui generis law. I generally don't have a problem with regulating intentionally deceptive software behavior, but it seems a little late to be enacting the laws now. Most of the regulations contemplate practices more common in 2003-06 and largely defunct now, so Utah is showing up late to a party that ended years ago.

3) a state version of the federal Anti-Cybersquatting Consumer Protection Act. I know some other states have enacted domain name protection laws (California comes to mind), but it's not clear what benefits these state laws have. As far as I know, California's law is almost never used. Tom O'Toole speculates that this bill will make it easier for Utah trademark owners to bring in rem lawsuits, but it's not clear to me how much this law will help given the rarity of ACPA in rem lawsuits (UDRPs are usually cheaper and faster for the same results) and already expansive jurisdictional principles under ACPA. Further, I wonder if this law is preempted either by the dormant commerce clause or via field preemption of the federal ACPA.

I should add that I’ve observed that Utah bills can change radically from draft to draft with little warning, even if the law is on the legislative floor for a final vote, so we'll have to see if this law transmogrifies through the process. And I am keeping a vigilant watch for any resurrected attempts to regulate keyword advertising.

Posted by Eric at 09:58 AM | Adware/Spyware , Domain Names , Internet History , Spam , Trademark | TrackBack

January 18, 2010

File Names Can Help Predict File Content in Child Porn Prosecution--US v. Beatty

By Eric Goldman

United States v. Beatty, 2009 WL 5220643 (W.D. Pa. Dec. 31, 2009)

This is a child porn prosecution. Using Phex P2P software, an undercover investigator accessed the Gnutella network and conducted searches using search terms known to be used by child pornographers. The investigator identified IP address 76.188.64.82 with 11 files with troubling titles such as:

* r@ygold-pedo-13yo brother fucks 11yo sister and sperm inside 61943812.mpg
* (Pthc) 14yo Isabel-(Rape and Fuck) (R@ygold).mpg
* Little young girl hardfucked by me-7 yrs R@ygold illegal pedo sex.mpg
* (Hussyfan) (pthc) (r@ygold ) (babyshivid) Jessica 11y o get fucktgood.mpg

The investigator then matched hash tag fingerprints of the 11 files with child porn files in a database maintained by the Wyoming Internet Crimes Against Children (ICAC) Task Force. Subsequently, the investigator connected Beatty to the IP address. Based on this information, the government got a search warrant for Beatty's home, found hundreds of incriminating files on his home computer, and got incriminating statements in an interview.

Beatty challenged the government's right to search his home computer. The judge and the litigants agree that the government can legally conduct remote warrantless searches of P2P share directories, but the government apparently argued that they were free by extension to look through Beatty's entire computer. The judge rejected such a broad position, saying:

even if the Defendant suffered no Fourth Amendment intrusion by virtue of Trooper Pearson's conduct in remotely accessing certain shared computer files, the Defendant nevertheless retained a reasonable expectation of privacy in his computer and his home such that he possesses "standing" to challenge the merits of the subject search

This shifts the inquiry to the officers' probable cause for the warrant. Apparently, the investigator did not download the files to review them or attach the files as evidence when requesting the search warrant. I'm not sure why the investigator didn't do either step other than to avoid the toxicity of child porn generally. As a result, Beatty challenged the warrant because the warrant-approving magistrate did not see the files directly or get an affidavit from the investigator stating what he saw in the files. However, the magistrate did have the file names and the matching hash tags. Beatty challenged both.

The judge and the litigants agree that file names do not dispositively predict the actual file's content. As we know, file names can be inaccurate for a variety of reasons: plain error, semantic ambiguity, an effort to surreptitiously install malware, and as a way of increasing the content's perceived illicit value (see, e.g., the discussion in the uncited Perfect 10 v. ccBill case about websites with names like "illegal.net" and "stolencelebritypics.com"). The court correctly concludes that "common knowledge dictates that actual file content cannot be definitively determined from the file name alone."

Nevertheless, the court says that file names have some predictive value:

one can also envision circumstances where the file name is so explicit and detailed in its description as to permit at least a reasonable inference as to what the actual file is likely to show. Many, if not most, of the files at issue here had titles that contained highly graphic references to specific sexual acts-including ejaculation, sexual intercourse, oral sex, and anal sex-involving children ranging in age from 7 to 13 years. Several of the files also reference terms such as "child_sex," "pedofilia," "illegal pedo sex," "incest," or "Lolita." The unmistakable inference which arises from such highly descriptive file names, is that the content includes material pertaining to the sexual exploitation of children-i.e., evidence of criminal activity, if not outright contraband. Given the number of files in question and the pointed references in their titles to specific sexual acts involving young children-described in the most coarse and vulgar terms, this inference is a strong one.

I'm reminded of the admonishments that airport security is not a joking matter, so don't make jokes about having a bomb while going through the airport security line. (I've seen a few airports, including the New Orleans airport, post reminders about this). Similarly, child porn is so toxic that no one in their right mind would falsely use a file title suggesting the file is child porn.

The judge also credits the file titles because accurate file titles enable searches by others. So, if you want to distribute child porn in a searchable way (a seemingly illogical proposition because, as this case illustrates, doing so puts you on a fast track to Club Fed), then you need to use keywords that match search terms. The court says:

As a matter of common sense, the very fact that individuals utilize search terms with P2P software to produce results (i.e., file names ) consistent with their chosen search terms suggests a substantial degree of correlation between file names and file content; if file names were, as a general rule, completely random and bearing no relation whatsoever to their content, then there would be no point in conducting a search in the first place and the whole purpose of peer-to-peer file sharing would be frustrated because there would be no meaningful method for locating the sought-after file content.

I agree with this only superficially. It's true that searchable metadata must have some relationship to the underlying content to make a successful match, but community outsiders might think the metadata looks inaccurate or even completely random. Consider how Napster users used alternative spellings to route around the court-ordered blocks on various names. Now, go one step further: if a group of Napster users agree (in an offsite discussion forum) to tag Britney Spears' songs using "Lolita" (a not wholly inappropriate appellation given some of the videos she made before the age of majority), then a block on searches for "Britney Spears" will eliminate an obvious matchmaking route but will fail to stop matchmaking completely. Indeed, subcommunities can develop multiple synonyms that are opaque to outsiders. For more on this, look at the Urban Dictionary to see how slang can have multiple meanings, and note my article on how a single search term can have dozens of possible meanings. As a result, the search matchmaking process may be more complicated--and the value of "accurate" file descriptors is lower--than the court contemplates.

In any case, it wasn't clear how much traction Beatty expected from reducing the predictive value of file names. Ultimately, the search warrant was issued based on the combination of the file names with the fingerprint matches. It's not like the investigator or the judge had no idea what the files might contain--they had a hash value fingerprint matching a known child porn file. (Beatty unsuccessfully argued that the underlying fingerprinted files should not be credited as known child porn ) Then again, there is no reason why law enforcement isn't routinely preserving copies of suspect files they think are child porn and describing the file contents (or submitting the files) when seeking search warrants, easy steps that would have largely mooted Beatty's challenges.

Posted by Eric at 10:23 AM | Content Regulation , Internet History , Privacy/Security , Search Engines | TrackBack

January 11, 2010

Top Cyberlaw Developments of 2009 (Eric's List)

By Eric Goldman

Guest blogger John Ottaviani recently dropped by to offer his perspectives on 2009’s top Cyberlaw developments. While I like his list a lot, I independently developed my own top 10 list that has a different emphasis. You might enjoy the contrasts. My list:

#10: Louis Vuitton v. Akanoc. After the judge ordered a web host to stand trial, a jury awarded the trademark owner $32 million due to the web host’s contributions to trademark infringement by its customers. This case stands out for the big damages award and as a rare example where an online provider was held liable under a contributory trademark liability theory. Many trademark practitioners are scratching their heads trying to figure out the import of this case, however. Does this case represent a dangerous new frontier of online liability? Was this a bad jury verdict fueled by poor defense lawyering? Or was this an appropriate outcome because the web host actually engaged in bad behavior that distinguishes it from most “legitimate” web hosts? 2010 may help us understand if this case is part of a new trend or an aberration.

#9: Gordon v. Virtumundo. We’ve seen a lot of silly anti-spam litigation, including the emergence of an entirely new group of entrepreneurs called “spam litigation entrepreneurs” who try to make a living on anti-spam lawsuits. These folks have a true love-hate relationship with spam; they hate it so much that they devote their lives to fighting it, but they love getting spam because each one is a potential revenue source. In general, judges hate spam a lot too, so over the years we have seen a number of doctrinally unsupportable results where judges bent the law to make sure spammers lost.

However, the judicial pendulum has swung in the opposite direction, and in Gordon v. Virtumundo, the Ninth Circuit destroyed a serial anti-spam plaintiff’s entrepreneurial business in a doctrinally questionable but strongly worded opinion. In short order, a number of other spam litigation entrepreneurs have seen their lawsuits shut down with emphasis. Due to this ruling, the era of anti-spammers partying in courts may be on the wane.

#8: Zango v. Kaspersky. The question raised in this issue is simple to state but hard to answer: who should decide what constitutes spam, spyware or a virus? Vendors of software designed to curb these threats would like unfettered discretion to make their classifications; businesses who are classified as a threat would like judges to overturn adverse decisions. As it turns out, in a relatively obscure provision (47 USC 230(c)(2)), in 1996 Congress said that software vendors get to make classifications decisions and unhappy businesses can’t complain about them. In June, the Ninth Circuit upheld Kaspersky’s decision to classify Zango’s software as a threat and rejected Zango’s efforts to take the classification decision out of Kaspersky’s hands. This ruling gives enormous freedom to vendors of anti-spam/anti-spyware/anti-virus software to do their best to keep us safe.

#7: Columbia Pictures v. Fung. This case came out just before the Christmas holiday, so it got lost in the holiday hoopla a bit, but it’s a case of potentially significant import. First, it held that the specific torrent sites at issue induced copyright infringement. Second, the court denied the torrent sites’ eligibility for the DMCA online safe harbors. In part, the court said that an inducing website was categorically disqualified from the DMCA online safe harbors. Like the Akanoc case, it’s not entirely clear if this result was a legal aberration or an appropriate reaction to the defendants’ poor choices. Either way, it is possible that more “legitimate” websites may change their behavior to minimize their exposure based on the legal precedents in this case. If they do, this case could have a major impact on UGC websites.

#6: Lori Drew’s acquittal. Megan Maier’s suicide remains a heartbreaking tragedy, but unfortunately, overzealous prosecutors compounded the tragedy by prosecuting Lori Drew using bogus legal doctrines. The tragic facts got a jury to convict Drew of some misdemeanor crimes. Fortunately, the judge recognized the legal errors of the prosecution’s theory and the jury’s conclusions and granted Drew an acquittal despite the jury findings. The judge finally got to the right result as a matter of Cyberlaw, but the case remains a chilling testament to prosecutorial power.

#5: Harris v. Blockbuster. The rule is really clear. Service providers can't amend online user agreements in the provider’s sole discretion without notice. As the Ninth Circuit informed us in 2007, those contracts don’t fare well in court. So although these provisions are in just about every online user agreement, they don’t work--as Blockbuster found out the hard way.

As part of the litigation detritus from the Facebook Beacon experiment, users sued Blockbuster for sharing their rental transactions with Facebook and all of their friends, allegedly in violation of the Video Privacy Protection Act. Blockbuster tried to bust the class action by invoking the contract’s arbitration clause. Instead, because Blockbuster had the impermissible amendment provision in its user agreement, the court said the contract was illusory and refused to send the case to arbitration.

This case should signal the end of the ridiculous amendment clauses. We’ll see how long it takes the lawyers to give the provisions up.

#4: Battles Over the First Sale Doctrine. We have seen numerous legal battles this year over the First Sale defenses in both copyright and trademark law.

Copyright owners try to engage in price discrimination by carving up the world into geographic territories with different prices for the same product. If they can use copyright law to keep the cheap products from entering the other geographic market, this keeps the product from effectively price-competing with itself.

This year, two cases involved European textbooks which were functionally equivalent to the textbooks being sold in the United States at higher prices. Entrepreneurs were buying the cheap European texts, shipping them to the US and then selling them online. The entrepreneurs invoked the First Sale doctrine, which says that copyright law can’t prohibit the legitimate purchaser of a tangible copyrighted item from reselling the item to whomever they want at whatever price they want.

However, copyright law has another provision that allows copyright owners to block the importation of copyrighted works into the United States. In the 1998 Quality King case, the US Supreme Court said that the First Sale doctrine trumped the importation right when the goods were manufactured in the US, sold overseas, and then imported back to the US. However, in Pearson v. Liu and John Wiley & Sons v. Kirtsaeng, the judges said that the importation right trumps the First Sale doctrine when the goods were initially manufactured overseas. This issue is ripe for further adjudication, though. A similar importation case, Costco v. Omega, is pending before the US Supreme Court, which is deciding whether or not it wants to hear the case. If it does, we may get clearer instructions about the interplay between the First Sale doctrine and the copyright importation right.

Copyright’s First Sale doctrine was also at issue in Vernor v. Autodesk, where the purchaser of a software disk wanted to resell the disk on eBay despite restrictions in the software licensing agreement barring such resales. The court held that the First Sale doctrine applied and allowed the resale. There are other cases percolating through the court system involving the resale of tangible media contained copyrighted material despite contractual restrictions on resale, so this issue remains a hot one.

Trademark owners also try to prevent competition with their products that leak out of their official channels of distribution. eBay has been the site of a couple battles over the First Sale doctrine in trademark law. In Mary Kay v. Weber, the court held that the trademark First Sale doctrine may not permit the eBay resale of expired cosmetics by a Mary Kay independent beauty consultant. In Beltronics v. Midwest, a trademark owner shut down the eBay resale of radar detectors that had leaked out of the manufacturer’s channel and were being sold (at a cheaper price) without the manufacturer’s warranty.

Clearly, the First Sale doctrine matters a lot to eBay and other consumer-to-consumer e-commerce websites. With a possible pending Supreme Court case and lots of IP owners looking to stifle competition from goods they have already profited from, expect the First Sale doctrines to get lots of attention in 2010.

#3: 47 USC 230. In my opinion, 47 USC 230 is the most important Cyberlaw statute, so new 230 developments will make my top 10 list for the foreseeable future. This year, there were three federal appellate court rulings interpreting 47 USC 230(c)(1):

* in Barnes v. Yahoo, the Ninth Circuit held that 230 protected a website’s negligent delay in removing user content. However, if the website had promised removal to the user, the user could have a viable claim for promissory estoppel that would not be preempted by 230.
* in FTC v. Accusearch, the Tenth Circuit held that a website’s resale of pretexted phone records—even if those records were supplied by third party suppliers—did not qualify for 47 USC 230 protection because of their illegality.
* in Nemet Chevrolet v. ConsumerAffairs.com, the Fourth Circuit held that a consumer review website was not liable for user-supplied reviews, even when the website worked with the user to submit the review, and despite the plaintiff’s unsubstantiated claims that the website had fabricated the reviews itself.

Really, the big 47 USC 230 news in 2009 is the absence of big news. Specifically, 2009 reinforced that the Ninth Circuit’s 2008 Roommates.com decision—one of the most significant defense losses under 47 USC 230—did not rip open a major hole in the statutory protection of websites. Of the 13 cases that I have seen that have cited the Roommates.com en banc opinion, eleven have cited the case in favor of the defense. (See the list here). The two exceptions are the Accusearch case, mentioned above, and the New England Patriots’ lawsuit against StubHub over season ticket resales, an odd opinion that may not have much influence. Therefore, despite our fears about Roommates.com, the 47 USC 230 immunity remained healthy and vibrant in 2009. For more on this topic, see my special recap of 47 USC 230's year-in-review for 2009.

#2: Keyword Advertising Battles. Keyword advertising battles are another perennial topic on these year-in-review lists. A multi-billion dollar a year industry has sprung up around the sale of keyword-triggered advertising, including some keywords that may be third party trademarks, and trademark owners don’t like it at all. This has led to a multi-front battle between trademark owners, keyword advertising sellers (such as Google), and keyword advertising buyers.

One of the biggest Cyberlaw cases of the year was the Second Circuit’s ruling in Rescuecom v. Google. In the district court in 2006, Google won an easy victory against a trademark owner because the court said that Google did not make the requisite “use in commerce” of the trademark. The Second Circuit reversed the district court, sending the case back for further proceedings. The reversal does not ensure Google’s defeat; Google will now litigate other legal doctrines and might very well win on one of those. However, the Second Circuit’s opinion largely spells the end of any “use in commerce” defense by either keyword advertising sellers or buyers.

Because of the “use in commerce” defense’s demise, keyword advertising cases will now likely turn on whether the advertisements create a likelihood of consumer confusion. One case, Hearts on Fire v. Blue Nile, offered up a new and complicated test for gauging consumer confusion. If other courts adopt this test, keyword advertising cases will get even more expensive and complicated—highlighting how important it was that the Rescuecom case eliminated an easy way to end these lawsuits early.

Meanwhile, despite the fact that keyword advertising battles have been taking place for at least a decade, we have not heard what a jury thinks about the practice—until the November jury ruling in Fair Isaac v. Experian. In that case, the jury found for the defense that the keyword-triggered ads did not create the requisite likelihood of consumer confusion. It remains to be seen if other juries reach the same conclusion. If they do, keyword advertising lawsuits should slowly fade away over time because the trademark owners can’t win in the end.

As for now, keyword litigation is going strong and hardly fading away. In Spring, Google made two changes to its trademark policies where it voluntarily agrees to take down certain types of ads at the trademark owner’s request. In May, Google extended its more liberal US-based policy to nearly 200 other countries, replacing the more restrictive policies it had in place there. Shortly thereafter, Google modified its US policy to do less for trademark owners in situations involving product resales, review websites and sales of complementary/replacement parts. Trademark owners were none too pleased with these changes. In response to these changes and the door opened by the Second Circuit Rescuecom decision, Google got hit with about a dozen new lawsuits, including some class action lawsuits, of which I believe 10 are currently still active.

Finally, all of the wrangling in court and over voluntary trademark policies could be mooted by legislative action, and for the third time, the Utah state legislature considered resolving the keyword advertising issue itself. A law regulating keyword advertising passed the Utah house but died in the Utah senate. Expect the pro-regulatory forces to round up the troops for a fourth try in 2010.

#1: FTC Endorsement Guidelines for Bloggers. The Obama administration has breathed new life into a pro-regulatory FTC, and the FTC sure is interested in all things Internet. The FTC has been nosing around Internet privacy and Internet marketing practices pretty carefully, and I expect 2010 to bring more FTC pronouncements designed to tackle the Internet.

But nothing stirred up a hornet’s nest of confusion and anger in 2009 like the FTC’s Endorsement and Testimonials Guidelines. I think it’s fair to say that the FTC’s guidelines rollout was a complete failure. As usual, the FTC’s guidelines were mealy-mouthed and filled with conditional statements (the FTC hates to lay out bright line rules that might constrain their future discretion). However, the FTC’s general gist was clear: bloggers should disclose when they receive financial or other consideration for their blog posts.

Unfortunately, this general principle leaves open some fairly fundamental questions, like when is disclosure required in situations less clear than straight cash-for-posting, and where should disclosure be made, especially in space-constrained media like Twitter. Needless to say, unhappy bloggers can be very noisy, so blogger response to the FTC’s announcement was loud and vituperative. The FTC tried to backpedal a little by saying that it did not intend to pursue individual bloggers, but this announcement only reinforced that bloggers do not understand what the FTC wants from them.

Meanwhile, the FTC’s proposed guidelines also took an interesting position about an advertiser’s liability for rogue blogger’s posts. This position is generally consistent with government enforcement agencies’ views that commercial players can be legally responsible for content they endorse or link to (see, e.g., my comments on the SEC’s liability-for-linking policy), but this position runs directly contrary to 47 USC 230’s provisions that say A isn’t liable for B’s online content. As a result, I believe that part of the FTC’s proposed guidelines violate 47 USC 230 and would not survive a court challenge.

Overall, the firestorm over the FTC’s Endorsement and Testimonials guidelines is a small part of a larger effort to regulatorily separate advertising from content. The Internet has collapsed those distinctions, perhaps irreparably, so regulators may be trying to accomplish the impossible. Nevertheless, the FTC seems determined to prop up the distinction, and I expect 2010 will bring more FTC efforts on this front.

* * * * *

While that concludes my top 10 list, there were a number of other interesting developments in 2009 that are worth a brief note:

* Moreno v. Hanford Sentinel. A woman trashed her hometown in an obscure but public MySpace posting and learned there is no “do-over” for Internet content publication. My vote for the most factually interesting Cyberlaw case of 2009.

* Google’s keyword metatag announcement. Courts generally treat the inclusion of third party trademarks in keyword metatags as per se trademark infringement. But Google has confirmed that it ignores keyword metatags. Will courts get the message?

* Google Book Search settlement. If the Google Book Search settlement ever gets approved, it may reshape the book industry, redefine libraries, and make all kinds of other socially significant changes. But the list of opponents to the settlement is long and growing. Professor James Grimmelmann of New York Law School is our community’s maven for all things “GBS.”

* Kindle book deletion. The Kindle store sold e-books it didn’t have the right to sell, so it took them back. Users learned of a key factual difference between physical books and e-books—the vendor can remotely make e-books go poof.

* States’ efforts to impose sales tax efforts based on marketing affiliates. For years, states have been looking for ways to make online retailers collect sales tax for them. They are generally stopped by Supreme Court precedent, but in 2008 New York finally figured out a workaround. The New York statute said that marketing affiliates were like traveling salespeople and thus created the physical nexus required for a state to impose sales tax collection obligations. The New York statute survived its first legal challenge, which opened the floodgates of other states passing similar laws hoping to get their piece of the action. Meanwhile, online retailers aren’t just rolling over; instead, they are threatening to cut off (or actually cutting off) marketing affiliates in states that enact these laws—thus potentially costing the states income tax from the marketing affiliates’ revenue, and creating the potential for the entire affiliate industry to be torn apart.

* Maine kids privacy law. Maine thought it could pass a law banning marketing to kids. It was wrong. The state had to withdraw the law and go back to the drawing board.

* UMG v. Veoh. Veoh won another nice DMCA online safe harbor victory.

* US v. Kilbride. The Ninth Circuit says that online obscenity prosecutions need to evaluate national attitudes towards obscene content, not local community standards.

* Kentucky domain name seizure. Kentucky tried to grab 141 domain names that enabled Kentucky residents to engage in illegal gambling. But those domain names also serviced customers for whom the gambling was completely legal, so the Kentucky courts are rethinking the grab.

* FTC v. Sears. As another example of the new pro-regulatory winds blowing through the FTC, the FTC cracked down on Sears for installing spyware on users’ computers that looked at the users’ hard drives, even though Sears paid the users for the installation and disclosed the spyware’s snooping in the user agreement (though in an inconspicuous manner). This case has made a lot of lawyers concerned that adverse disclosures in user agreements won’t satisfy the FTC.

* Facebook the Drama Queen. Ah, Facebook. Love it. Hate it. Facebook is a pretty nifty site and part of my daily routine, but boy, they sure do have a knack for stirring up trouble.

- In February, they made a relatively modest change to their user agreement that caused people to freak out.
- In response to this, Facebook took the provocative step towards user self-governance. Facebook let users vote on some choices and promised to be bound by the results, but with an asterisk: Facebook decided what options users could vote on, and Facebook would honor those choices only if a prohibitively large number of users exercised their franchise. Still, it was a nice gesture towards cyberspace community self-governance.
- In summer, they tried to settle their Beacon litigation, but that also reminded folks of how much Beacon irritated them in the first place.
- Summer also brought allegations of click fraud on Facebook, and lawsuits followed.
- Finally, in Thanksgiving, Facebook rolled out some changes to its privacy options that it pitched as giving users more choices, but it also took away some choices and defaulted users into some options that surprised them.

Given this track record, is it unrealistic to expect more Facebook drama in 2010?

* Estavillo v. Sony. Speaking of self-governance, virtual world enthusiasts would love to establish the legal proposition that virtual worlds are legally equivalent to governments and therefore obligated to restrain their actions just like governments are. One virtual world enthusiast sued Sony for kicking him off the network, claiming that Sony was legally governed as a “company town” and therefore lacked the discretion to kick him off. WRONG (and it wasn’t even close).

* Wikipedia's policy change. In August, the English-language Wikipedia announced that it was going to tighten up its editorial policies, and people Freaked Out. (In fact, I have predicted that Wikipedia cannot avoid increased editorial restrictions over time, so this change should not have been surprising). However, it turns out that everyone got it wrong, and Wikipedia’s editorial changes are far less dramatic (and consequential) than initially reported. I will post a separate recap on Wikipedia shortly.

If you would like a stroll down memory lane, you can see my previous top 10 lists from 2008, 2007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 2005, 2004 and 2003.

Posted by Eric at 10:46 AM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark , Virtual Worlds | TrackBack

December 21, 2009

Website Initially Denied 230 Dismissal But Gets It on Appeal--Shiamili v. Real Estate Group

By Eric Goldman

Shiamili v. Real Estate Group of New York, Inc., 2009 WL 4842470 (N.Y. App. Div. Dec. 17, 2009)

Unfortunately, I am only working from a short and opaque appellate memo. It appears that the defendant operated a website that "administered and chose" to publish user comments. A third party posted an allegedly defamatory comment about the plaintiff, an NYC real estate broker, to the website. On this basis, we know that the website isn't liable for the post per 47 USC 230. I don't think I could do a comprehensive census of message board/user comment cases, but similar defense wins in the past 5 years include Finkel v. Facebook, Cornelius v. DeLuca, Joyner v. Lazzareschi, Raggi v. Las Vegas Police, Higher Balance v. Quantum, Best Western v. Furber, Gregerson v. Vilana, Universal Communications System v. Lycos, Eckert v. Microsoft, DiMeo v. Max, Hammer v. Amazon and Faegre & Benson v. Purdy (wow, this list is a blast from the past!). I'm not including the pure web hosting cases or any of the Ripoff Report cases, yet I'm sure there are other cases I'm forgetting. Indeed, given the airtight nature of the precedent, I personally think plaintiffs should be sanctioned for bringing such meritless cases.

Instead, the lower court initially denied the defendant's motion to dismiss in January 2009. Because this case is in state court, I don't have easy access to the state court opinion to see how the judge got it wrong. Fortunately, in a brief and unanimous opinion, the appellate court corrected this rogue trial court judge and dismissed the case per 230. Because the appellate opinion is so brief, I'm going to quote the court's substantive application of 230 to this case in its entirety:

Plaintiff's claim is barred by the CDA. The complaint makes no allegation that defendants authored any defamatory statements. It merely alleges that defendants “choose and administer content” that appears on the Web site. This is precisely the kind of function that the CDA immunizes ( see e.g. Fair Hous. Council, 521 F3d at 1173-1174; Batzel, 333 F3d at 1031). Even accepting as true all of plaintiff's allegations and giving it the benefit of all favorable inferences ( see Leon v. Martinez, 84 N.Y.2d 83, 87-88 [1994] ), the complaint does not raise an inference that defendants were “information content providers” within the meaning of the CDA. Plaintiff argues that defendants engaged in a calculated effort to encourage, keep and promote “bad” content on the Web site. However, message board postings do not cease to be data “provided by another information content provider” merely because “the construct and operation” of the Web site might have some influence on the content of the postings ( see Universal, 478 F3d at 422; see also Chicago Lawyers' Comm., 519 F3d at 671-672; Carafano v. Metrosplash.com, 339 F3d 1119, 1124-1125 [9th Cir2003] ).

Where, as here, there is no allegation that defendants authored the defamatory statements, it is not appropriate to permit discovery to determine if a cause of action exists ( see Walsh v. Liberty Mut. Ins. Co., 289 A.D.2d 842, 844 [2001]; see also Universal, 478 F3d at 425-42; cf. Fair Hous. Council, 521 F3d at 1174).

Two observations:

1) I believe there are some folks who believe that a website becomes liable for any user content it "encourages." This is one possible reading of Roommates.com, and it underlies the government enforcement agencies' (e.g., SEC and FTC) content endorsement theories. However, I don't see precedent supporting that proposition at all. This case, like so many others, doesn't care if the website encourages the allegedly tortious content. Instead, the only relevant inquiry is whether the content originated from a third party. If so, 230 applies without any need for further inquiry.

2) This is yet another case where the court cited Roommates.com in favor of the defense. The updated census of Roommates.com citations:

Roommates.com Cited for Defense (10 cases): GW Equity v. Xcentric, Best Western v. Furber, Goddard v. Google (and second ruling) Joyner v. Lazzareschi, Atlantic Records v. Project Playlist, Barnes v. Yahoo (note: although the case was a partial loss for the defendant, the Roommates.com discussion came in the defense-favorable part), Doe IX v. MySpace, Doe II v. MySpace, Dart v. Craigslist and now Shiamili v. Real Estate Group

Roommates.com Cited for Plaintiff (2 cases): NPS v. StubHub, FTC v. Accusearch

The 10th Circuit beachhead for Roommates.com is troubling, but overall I think it's entirely clear that Roommates.com has not changed 230 jurisprudence in any meaningful way--except that it may be giving plaintiffs false hope of success and causing them to overinvest in their cases.

UPDATE: The trial court opinion, which quotes some of the allegedly defamatory posts.

UPDATE 2: The complaint. This has a full list of the alleged defamatory postings. It also indicates that the venue in question was a website/blog called "shittyhabitats.com," apparently now defunct. The archive.org page from Feb. 2, 2007 and Feb. 5, 2008.

Posted by Eric at 09:18 AM | Derivative Liability , Internet History | TrackBack

December 14, 2009

Another Cautionary Tale of Joint Website Ownership--TEG v. Phelps [UPDATED]

By Eric Goldman

Third Education Group, Inc. v. Phelps, 675 F. Supp. 2d 916 (E.D. Wis. Nov. 25, 2009). Motion to amend denied January 19, 2010.

[UPDATE: In the initial version of this post, Richard Phelps’ story was part of a broader narrative about the potential problems of website co-ownership. However, his behavior in response to my post warrants its own discussion. Seeking to redress his perceived problems with my initial post, he has done all of the following:

* he emailed me multiple times
* he emailed my boss (the Dean) multiple times
* he emailed my colleagues multiple times
* he emailed an unrelated blogger at least two times
* he had his attorney call me to request changes to my post
* most recently, he has promised/threatened that he “will be filing a complaint about your behavior with California authorities and, for that matter, any others that might be available.”

All of this in response to a relatively obscure blog post that currently sees de minimis traffic. The stress of being uncertain about Phelps’ next moves to pressure me has literally kept me up at nights. As a result, I have decided to make changes to this post to respond to a detailed email that Phelps sent me on May 16. Normally I would post or extensively quote his May 16 email so you could read his words verbatim and form your own conclusions, but he asked me not to post it; nor can I characterize his views of the post’s deficiencies in my own words for fear of introducing new ambiguity that might generate further grist. Nevertheless, my hope is that the modifications below resolve Phelps’ concerns so that he will leave me alone. To facilitate that result, I sent him the following email:

“I am sorry for any aggravation my blog post has caused you. I have modified my blog post to acknowledge every point you raised in your May 16, 2010 email. Having done so, please do not contact me directly in the future by email, phone, letter, in person or otherwise. If, for some reason, you believe there is still something we need to discuss, please have your attorney or other representative contact me; I am willing to speak with him or her. Although my colleagues have not mentioned your emails to me (other than the Dean, who believes this is an academic freedom issue), I am sure they would be grateful if you did not contact them either.”

Most of Phelps’ concerns were based on my recap of the court’s opinion. I encourage you to read the opinion yourself so that you can decide if I mischaracterized the opinion or if Phelps seeks to relitigate factual points that the judge decided against him.]

Corporate divorces are ugly. They may lack the high-stakes drama associated with child custody disputes, but in all other respects they can be just as emotional and messy as spousal divorces. Fortunately, parties to a corporate marriage can avoid some heartache by forming proper "prenuptial agreements." Unfortunately, the courts are filled with examples of cases where this wasn't done (or wasn't done properly).

A year ago, I blogged on one such case, Mikhlyn v. Bove, a fine example of a web empire literally and perhaps irreparably split in two by a falling out of the principals. Today's case, Third Education Group v. Phelps, offers up another cautionary tale of corporate divorce along those lines. If you are jointly running a website or blog and you haven't properly documented your relationship with your compatriots, this post is for you.

In 2002, Phelps and Thompson decided to start an online publication focused on education policy called "Third Education Group." They effectively formed a "voluntary association" (I believe the Wisconsin equivalent of an implied partnership) to implement the journal. [UPDATE: Phelps disputes the italicized language. I was partially referring to the court’s factual finding: “In early 2002, after recognizing that they shared mutual interests and were concerned that current educational policy publications were generally devoted to the ideology of one of the two major political parties, Phelps and Thompson began discussing creating an online educational policy journal that would offer a different, middle perspective. Efforts were made, largely by Phelps, to first see if their idea for a journal could be affiliated with an existing entity, or to obtain sponsors or funding for their project.”]

In 2004, on behalf of the voluntary association, Phelps registered two domain names and applied for a trademark registration, both listing only himself as the owner. [UPDATE: Phelps disputes the italicized language. Regarding the domain names, I was partially referring to the court’s opinion: “The undisputed evidence demonstrates that the domain names thirdeducationgroup.org and thirdeducationgroup.net were registered for TEG and were not simply Phelps' personal website….Although registered in Phelps' name, at the time he registered these domain names, the evidence clearly established that he was doing so on behalf of TEG.” The court’s discussion about the trademark registration is a little more complicated but was implicit in the court’s finding that the corporation automatically obtained all of the assets (including the trademark registration) generated by the voluntary association. The court says: “The evidence demonstrates that Phelps and Thompson intended TEG, Inc. to succeed the unincorporated association; there is absolutely no evidence to permit the court to conclude that Phelps and Thompson intended the unincorporated association to coexist alongside the corporation and to retain control of the trademark or any other property. The evidence demonstrates that in every way, the parties intended TEG, Inc. to be the successor to the unincorporated association.”]

In 2005, Phelps and Thompson formed a 501(c)(3) non-profit corporation to succeed the voluntary association. Phelps was president and a director of the corporation. Phelps and Thompson did not sign any type of assignment agreement to move the voluntary association's assets into the corporation. [UPDATE: Phelps disputes the italicized language, pointing to an IRS Form 1023 that the relevant players signed. I was partially referring to the opinion’s language that: “the property of the association passed to the corporation, and the absence of an assignment does not affect TEG, Inc.'s right to the trademark.”]

In 2006, after an editorial dispute, the parties' relationship turned sour. In response, Phelps locked off the corporation's websites from further changes, and the corporation stripped him of his officer and director status. [UPDATE: Phelps disputes the italicized language. I was partially referring to the court’s language that: “The evidence demonstrates that by at least March 12, 2006, two days before the resolution and thus a time when it is undisputed that Phelps was both a director and president of TEG, Inc., he blocked Thompson (and anyone else associated with the corporation) from making changes to the corporation's website.”]

Phelps pointed the domain names to his new venture, also called "Third Educational Group, Inc." Meanwhile, locked out of its websites, the corporation registered new domain names, copied its old articles from the old website and then reposted them on its new website. [UPDATE: Phelps disputes the italicized language. I was partially referring to the court’s findings of fact: “After being locked out of its own websites, the Wisconsin corporation copied much of its website content from the sites now controlled by Phelps, and reposted it under the domain name tegr.org.”] Phelps then sent 512(c)(3) takedown notices to the new website host, which successfully put the new website offline. Cross-lawsuits ensued.

[UPDATE: In my prior post, I included a reference and link to a litigation recap from Thompson’s perspective. When Phelps’ attorney contacted me, his only request was that I remove the link. The attorney did not mention any concerns about other factual characterizations. If you would like to see Thompson’s perspectives about the litigation, you can find them through a search. Meanwhile, with the hopes that the link was, in fact, Phelps’ main irritant, and given its relatively inconsequential contribution to the post’s narrative, I have removed it.]

For aficionados of disputes over jointly developed online properties, you may recognize some common elements:

* the person who controls the domain name registrations has de facto control over the empire. [UPDATE: Phelps disputes the italicized inference for reasons I did not understand.] Yet another reminder to keep domain name registration contacts up to date.

* when a business relationship turns sour, it's not unusual for one aggrieved participant to fight the other participant in every Internet venue where the other tries to resurrect the joint effort.

* it is almost impossible to imagine that the venture produces enough cash to economically justify the type of death spiral litigation it spawned. Instead, the litigation is usually about settling personal scores--typically the most expensive litigation around.

* courts often issue a "split the baby" ruling in these cases, rarely giving one side a clean victory over the other.

This case has a classic split-the-baby result. The court concludes:

* the corporation succeeded to the legal rights in the trademark "Third Education Group." Phelps had argued that the trademark rights remained with the voluntary association, which would have given Phelps joint rights to the trademark.

* Phelps violated his fiduciary duties as an officer and director when he locked everyone else out of the company's website. [UPDATE: Phelps disputes the italicized language. I was partially referring to the opinion’s language that: “it is the conclusion of this court that Phelps breached a fiduciary duty owed to TEG, Inc. by asserting and retaining personal control over the corporation's domain names.”]

* Phelps' 512(c)(3) takedown notices did not give rise to a 512(f) claim for misrepresented takedown notices because, for several reasons, Phelps had a subjective good faith belief in their legitimacy.

* although Phelps infringed the corporation's trademark rights in "Third Education Group" and violated his fiduciary duties, the corporation could not show any damages from Phelps' behavior and therefore did not get any damage awards. The court specifically rejected any claim under the Lanham Act's fee-shifting clause for exceptional cases.

* the court also rejected the corporation's emotionally punitive injunction requests and will take a closer look at the appropriate scope of injunctive relief.

So who won this ruling? Nominally, Third Education Group did because it won on the trademark and fiduciary duty claims, but it's not that satisfying of a victory without any damages or a punitive injunction. As usual, then, the only possible winner in messy litigation is the lawyers, and even then only if they get paid.

For another recent example of a well-meaning but under-documented collaboration that devolved into bitter litigation, see LunaTrex v. Cafasso, 2009 WL 4506321 (S.D. Ind. Dec. 1, 2009), involving a team that came together chasing the $20M Google Lunar X prize but didn't dot the is and cross the ts well enough to avoid a messy battle. As the court says:

After a lengthy discussion of numerous ideas that evolved, the group eventually chose the name LunaTrex. (As will be seen, with the benefit of hindsight it is clear that the group also should have spent some more time talking about organization, structure, ownership, and other legal formalities.)

I've written more about messy online divorces in my 2006 Co-Blogging Law article. I think the Third Education Group court did a good job being sensitive to the unintended consequences of a voluntary relationship going south. For example, the court says

Phelps had much more than a mere good faith belief that he was entitled to use the mark. This was not a case of an individual, for example, mistakenly believing he had a license. Rather, in the present case, the objective evidence was on Phelps' side. He was the one who undisputedly came up with the mark. He was the one who paid to register the mark. He was the one in whose name the mark was registered. And he was the one primarily responsible for establishing the use of the mark. He did this, not as one person in a large organization, but rather as an individual who had joined with another collaborator and in doing so, likely without an understanding of the legal ramifications, formed an unincorporated association. (emphasis added)

This is consistent with the hope I expressed in my Co-Blogging article:

the common law typically can handle the idiosyncrasies of blogging in a sensible and contextually sensitive manner. In that respect, judges evaluating blogs should recognize that unexpected or counterintuitive rulings could significantly destabilize the blogging community. Fortunately, many of the legal doctrines discussed in this essay, including partnership and employment law, are naturally flexible. Judges should use that flexibility to balance the many considerations around blogging

[UPDATE: In Third Education Group, Inc. v. Phelps, 2009 WL 5216988 (E.D. Wis.
December 30, 2009), the court had more to say about this litigation. I quote a portion of the court’s opinion (rather than provide a summary that might prompt a further response from Phelps):

“Phelps should not derive any benefit from the use of the thirdeducationgroup domain names. To do so would run afoul of this court's order. Phelps acknowledges as much and agrees to be enjoined from use, but contends that he should be permitted to retain possession of the domain names, leaving them inactive. Phelps contends that he should be permitted to retain possession because he was the one who undertook and financed the initial registration; he paid for the registration and it is his name alone on the registration. Cynically, but based on the history between the parties, one might suspect that Phelps is motivated less by notions of principle and maybe seeks to retain the domain efforts as one last ditch effort to frustrate TEG, Inc.

On the other hand, perhaps there is a good reason why the relevant domain names should be left blank. When Phelps split with TEG, Inc., TEG, Inc. went on to establish itself at tegr.org while Phelps continued to operate the thirdeducationgroup websites (at least until the court determined that the trademark did not belong to him, at which point the websites appear to have gone blank). If TEG, Inc. were to suddenly reappear on the thirdeducationgroup websites, individuals who may have previously understood that these websites were under the control of Phelps might be confused and believe that it is Phelps behind the sites rather than TEG, Inc. A primary purpose of federal trademark law is to prevent consumer confusion and ordering Phelps to surrender the domain names to TEG, Inc. might only exacerbate these problems. But this is only speculation by the court.

Principles of equity warrant that TEG, Inc. control the domain names. Thereafter, it will be the decision of TEG, Inc. as to what action to take, if any, in regard to these names. It is the conclusion of the court that the thirdeducationgroup domain names are the lawful property of TEG, Inc. As the court previously noted,

The undisputed evidence demonstrates that the domain names thirdeducationgroup.org and thirdeducationgroup.net were registered for TEG and were not simply Phelps' personal website. Although registered in Phelps' name, at the time he registered these domain names, the evidence clearly established that he was doing so on behalf of TEG. As such, the domain names belonged to TEG.

(Docket No. 138 at 13 (citations omitted).)

In failing to provide access to these websites to TEG, Inc., Phelps breached the fiduciary duty he owed to TEG, Inc. Returning these domain names to the control of TEG, Inc. is required to remedy Phelps' breach of fiduciary duty. Accordingly, the court shall order Phelps to take all necessary actions to transfer or assign any interest in and control over the thirdeducationgroup domain names to TEG, Inc.

IT IS HEREBY ORDERED that for the reasons stated herein and stated in the court's prior decision, (Docket No. 138), the court enters a permanent injunction, which is affixed hereto, containing the following provisions:

1. Richard Phelps is permanently enjoined and restrained from using “Third Education Group” or any confusingly similar term as a name or mark for any goods, services, internet domain names, websites, or organization or other entity regarding education research, policy, or theory.

2. Richard Phelps is permanently enjoined and restrained from diluting the distinctive quality of the name and mark “Third Education Group.”

3. Richard Phelps is permanently enjoined and restrained from representing that he retains or has had any affiliation with Third Education Group, Inc. during the period of this injunction.

4. Richard Phelps shall take all necessary steps to transfer all rights and interest he has in any domain name containing the terms Third Education Group acquired prior to March 14, 2006 to Third Education Group, Inc.

5. In accordance with 15 U.S.C. § 1119, the Director of the Patent and Trademark Office shall rectify the register with respect to the registration of any party to this action so as to identify Third Education Group, Inc. as the Owner / Registrant of the mark “Third Education Group.””]

Posted by Eric at 07:33 AM | Copyright , Domain Names , Internet History , Trademark | TrackBack

December 11, 2009

Denver University “Cyber Civil Rights” Symposium Recap

By Eric Goldman

The week before Thanksgiving, I attended an unusual symposium sponsored by the University of Denver Law Review entitled “Cyber Civil Rights: New Challenges for Civil Rights and Civil Liberties in our Networked Age.” The symposium covered standard Cyberlaw topics, but the raison d'être was University of Maryland law professor Danielle Citron’s two recent articles on online harassment of women: "Law's Expressive Value in Combating Cyber Gender Harassment" (Michigan Law Review) and "Cyber Civil Rights" (Boston University Law Review). It is unusual for a law school to celebrate another school’s professor and her research, especially when the professor is fairly junior. Nevertheless, Danielle’s participation brought together academics from both the Cyberlaw and civil rights communities, which provided a rare and interesting mix of folks..

First Panel

Danielle Citron started off by recapping her two papers. Online participation, such as blogging, is essential to professional standing, and employers are reviewing online profiles of prospective employees as part of their hiring considerations. However, women are being targeted for abuse online. These attacks are harming women by changing their online and offline activities, reducing their job opportunities, and causing women to change their gender representations online. Further, folks are trivializing these problems. Women are underreporting the attacks, and law enforcement only intervenes when there are offline harms. New laws can serve an expressive function to communicate that online attacks against women are socially unacceptable. The new laws can validate women’s feelings that they have been harmed and encourage law enforcement to pursue more cases.

Commenting on the papers, Robert Kaczorowski of Fordham Law (and Danielle’s stepdad) made an extended analogy between the Ku Klux Klan and cybermobs.

Wendy Seltzer asked if we could deemphasize the effect of words rather than prohibit them. Danielle responded that we don’t know how seriously to take any particular threat.

An audience member asked if is there a difference between mobs and individual actors who are just taking advantage of being anonymous. Danielle answered that groups can become more extreme online. I think this point deserves more exploration: a series of uncoordinated individual decisions to “pile on” to an attack can look like a coordinated attack to the victim. This is part of why I thought the KKK references were puzzling—KKK activities are clearly coordinated, while online attacks against women can succeed without any coordination or ongoing connection between the attackers.

Paul Ohm argued that that legal solutions are better for cyber civil rights problems than technological solutions. Paul discussed what he labeled “Felten’s Third Law.” (He doesn’t know of two earlier laws named for Ed Felten; he just assumes they exist given Ed’s impressive and influential oeuvre). As articulated by Paul, Felten’s Third Law is that in Cyberlaw conflicts, lawyers love technical solutions and technologists love legal solutions. In other words, we love the solution we don’t know because we assume it has to be better than the one we do. As both a law professor and technologist, Paul picks law over technology for these problems.

Paul categorically rejects any technical solution that would create a “fully identified Internet.” For example, we should not mandate server log retention because we know the logs will be co-opted to regulate other forms of unwanted content, not just online harassment.

Wendy Seltzer discussed the unintended consequences of legal intervention. For example, mandatory Internet filtering in school libraries hasn’t stopped kids from bypassing the filters, but it has facilitated a marketplace for improving filtering technologies that has benefited repressive regimes. Another example: anti-circumvention technology fails to restrict copying but has reduced innovation around DRMed content. Wendy also noted how norms can help curb abuses. For example, while there are online cesspools, she praised Wikipedia’s evolving guidelines for living people’s biographies.

In response, Danielle admitted that her solutions need to be more surgical. She said she might consider moving from a notice-and-takedown model to a notice-and-preserve model for intermediaries.

Second Panel

This panel was composed of three women academics from the civil rights community, so it was a noticeable shift from the typical Cyberlaw academic discussion.

Mary Anne Franks is a University of Chicago Bigelow Fellow and soon-to-be full-time law professor. She expresses our collective disappointment that cyberspace isn’t a utopia that allows people to escape offline discrimination and harassment. She laments that women can lose control of their identities online, such as when someone creates a fake online profile in their names.

She then addressed how cyberspace is unique/special/different with respect to gender harassment. Many commentators try to duck cyberspace exceptionalism, so it was refreshing to see her tackle the issue squarely. Existing offline discrimination/harassment laws assume interactions between repeat players at work and school; online harassment can be divorced totally from any existing social networks. However, because the online activities still harm targeted individuals at work and school, we should treat the harms the same. Offline, there are switching costs to changing jobs or school; online, search engines’ consolidation of results for search on a person’s name creates a different type of switching cost. In terms of supervisory power, she thinks web operators have analogous control to employers or school administrators. Thus, when web operators receive notice of online harassment, they should have a duty to do something about it. Offline, employers can develop a variety of responses and policies to combat workplace harassment. Web operators should have similar latitude; for example, they can delete offending posts or suspend/ban accounts.

Helen Norton, a University of Colorado law professor, did not share Danielle’s optimism (expressed in her first article) that existing discrimination laws can curb online harassment. Instead, Helen thinks a new civil rights statute is needed, but she might limit its remedies to exclude money damages. Helen is pessimistic that there will be regulation any time soon, noting that it can take years to enact civil rights legislation. Helen would also like to see more precise definitions of the exact harms that women are experiencing only online.

Nancy Ehrenreich, a Denver University law professor, began her talk by saying that we should not overstate the Internet’s benefits. She then clarified that we should not assume that disadvantaged folks can overcome barriers online. For example, we impose cultural categories on people in every interaction, so even if people try to mask their identity online, they can’t really escape. She wondered why we aren’t talking about an anti-discrimination law for the web. Her concern is that discrimination denies individuals access to the Internet.

In Q&A, Paul Ohm observed that civil rights scholars often invoke free speech as the countervailing concern to their desired regulations, but Cyberlaw scholars are often more interested in other “generative” effects of the Internet, such as new business models, new labor models and new modes of production.

Panel 3

James Grimmelmann (see his slides) started with the Skanks in NYC case. In that case, the defendant criticized someone else in her social network on a blog, calling the plaintiff (among other unflattering things) a “skank.” The plaintiff sued to obtain the blogger’s identity. After a successful unmasking, the plaintiff dropped the lawsuit, having successfully publicly shamed the blogger.

James hypothesized that this unmasking and shaming was an appropriate remedy—the blogger got shamed (like “an eye for an eye”), and unmasking is a better outcome than other legal remedies like damage suits. James then posited a thought exercise that provided plaintiffs with an expedited unmasking procedure if they drop any damages claim. This would have a number of benefits. Unmasking curbs online harassment is especially effective at busting online mobs. Also, an unmasking remedy avoids messy debates over the First Amendment’s scope, and it may be more desirable than trying to hold online providers liable.

Having advanced his own strawman, James then cut it down. In some cases, defamation remedies may be more desirable, and plaintiffs may not know that until they learn the putative wrongdoer’s identity. In other cases, plaintiffs who just want unmasking would appreciate a lower legal hurdle. Also, we provide legal protection for anonymity for good reasons.

James’ lessons from the thought exercise: we should consider ways to decouple an unmasking remedy from litigation. At the same time, we need to protect defendants from pretextual unmasking; in some cases, retaliation is a big concern, and we should incorporate this concern into the unmasking decision.

From Chris Wolf’s talk (see his full remarks), the most interesting thing I learned is that 18 states have laws banning wearing masks in public, enacted to suppress KKK activities. This was the second speaker’s KKK reference of the day, and it made me wonder if we were experiencing some variation of Godwin’s Law.

Panel 4

Viva Moffat observed that secondary liability issues generate the most heat in online harassment discussions. She expressed concern that imposing legal duties on third parties may not help law’s norm-shaping effect, and it’s not appropriate to impose liability just because the provider has deeper pockets or the direct actor can’t be found. She also suggested that imposing liability on third parties creates a greater risk of collateral damage than direct liability. [Note: I would like to know more about this last assertion. I suspect we cannot make a utilitarian calculation a priori]. As a result, she favors focusing more efforts on sharpening direct liability.

Ed Felten talked about identifying and anonymizing online activity. He explained the usual sequence of events in chasing bad online content:

log file => IP address => identity => justice

But the IP address => identity step breaks down when users use an anonymizing proxy or the user’s network uses network address translation (used by home wireless routers or in coffee shops) and all connected devices’ requests share a single IP address. He said that a majority of Internet connections use NAT.

Because IP address tracebacks can dead-end at the intermediary, an IP address can reveal too little information. However, even when users aren’t investigatory targets, IP addresses can reveal too much information, such as geolocation. This paradox—IP addresses simultaneously reveal both too much and too little information—reflects that the IP address system was built for routing, not identification. So could we design a better authenticating technology?

He then conducted a “semi-realistic” thought experiment of a new technological “tag” that could be used instead of IP addresses. This tag could have the following attributes:

* can be placed by any intermediary
* conveys no information about the sender unless unwrapped by the intermediary (presumably for good legal cause)
* unwrapping the tag yields the best identity information the intermediary has
* the tag’s use is voluntary as a technical matter
* the tag is removable as a technical matter

I then batted clean-up. A summary of my remarks:

Today’s conversation has revisited long-standing Cyberlaw issues, such as:

* anonymity v. accountability, and who should be responsible for online content and actions
* cyberspace as a physical place. See, e.g., Noah v. AOL (an online discrimination case), National Federation of the Blind v. Target (also an online discrimination case) and Estavillo v. Sony
* cyberspace exceptionalism and cyberspace utopianism (on the latter point, see my article on search engine utopianism)
* when is the optimal time to regulate rapidly evolving technology? Early, when the technology is still in its infancy, or later, when market forces and new technological evolutions may have cured the early problems?

Danielle’s articles convinced me that women are experiencing serious harms online that men—including me—could easily trivialize. Danielle’s articles also convinced me that online harassment has strong parallels to the 1970s legal evolution of workplace harassment doctrines, where a big part of the battle was to get people to take the harms seriously.

While I find a lot of descriptive value in Danielle’s work, the normative implications are not as clear. As usual with attempts to regulate rapidly evolving technology, there are many important but overwhelmingly hard definitional challenges, such as who is an “intermediary,” what are “online mobs” and what constitutes online “harassment.” For example, I do not think the Skanks in NYC incident is an online harassment case or an “attack,” but James Grimmelmann’s talk assumed those characterizations.

While we can debate what should be the right level of regulatory intervention, we should not overlook that Congress already enacted a law squarely governing intermediary liability for online harassment: 47 USC 230. The angst that prompted this conference—bad behavior online—is the logical consequences of 230’s broad immunity. The statute enables websites to adopt policies that they will not police user content or retain server logs of user activity. These choices aren’t a surprise or a per se abuse of the immunity; instead, they are the unavoidable implications of Congress’ action.

We might question Congress’ wisdom in adopting 230, but we should not diminish its potential importance to the Internet as we know it. [In Q&A, Chris Wolf asked about the comparative experience in countries that don’t have such broad immunity. In those countries, we know that websites take down user content much more freely, and I believe that the most interesting UGC innovations are all taking place here in the US, not countries with more restrictive UGC liability.] I can, at most, only prove correlation and not causation, but I believe 230 is one of the main causal reasons why the Internet has succeeded so well.

When I speak around the country about 230, I often encounter folks who generally accept 230’s immunity scope but want just one new exception, i.e., their pet topic. If everyone got their “just one” exception, the law would be eviscerated. (I said it would be Swiss-cheesed to death; maybe I should have said it would be overcome by a thousand duck bites). I’m not rejecting new exceptions categorically (they should be each considered on their own merits), but in aggregate 230’s immunization benefits are actually quite precarious. I believe 230 works precisely because of its strength and simplicity, so adding more exceptions could significantly reduce its efficacy.

I concluded my remarks by observing that online harassment is a subspecies of bullying and incivil behavior in our society. While we can and should work to curb online harassment, I am more interested in addressing bullying and incivility in all its forms, wherever it takes place.

In this regard, I have been impressed by how my son’s school is proactively addressing bullying. See more about this effort, called Project Cornerstone. The school is teaching kids not to bully or to tolerate being bullied, and the project gives bullied kids tools to go on the offensive against bullies. There’s no guarantee that anti-bullying programs will work in the short or long run, but I remain hopeful that online harassment today partially reflects that many current Internet users never got any anti-bullying education. Perhaps, then, online harassment issues will naturally abate (without any regulatory intervention) as new generation of Internet users, better educated about bullying, come onto the Internet.

Following my remarks, we had more Q&A.

Paul Ohm Q: Some cyber folks argue against secondary liability because they believe that a victim can pursue a direct action, but Ed’s talk suggests that user anonymity will continue to be possible.

Mary Anne Franks: civil rights isn’t about individual claims because victims have to bear too high a burden to pursue claims. Instead, civil rights are about changing large-scale social norms. The goal is to achieve anti-discrimination by any means necessary. Thus, civil rights scholars have already discussed and concluded that it’s appropriate to impose liability on intermediaries like employers and schools.

Danielle: intermediaries are the lowest cost avoiders.

James Grimmelmann: no, the harassers are the lowest cost avoiders. Civil rights folks would get more support from the Cyberlaw crowd if they focused their regulatory desires towards intermediaries who are in active concert with the bad actors.

Danielle's Wrap-Up

We all agree that:

* education can make a big difference
* online communities need to self-police
* there are numerous limits to using the law as a solution, including that lawsuits don’t make sense and 230’s immunity.

We don’t agree on what to do next. There are First Amendment limits, and technology doesn’t offer any panaceas.

Posted by Eric at 07:12 AM | Content Regulation , Derivative Liability , Internet History , Publicity/Privacy Rights | TrackBack

December 02, 2009

Case Western “Signifiers in Cyberspace” Conference Recap

By Eric Goldman

In mid-November, I attended a conference at Case Western Reserve University School of Law in Cleveland, Ohio entitled “Signifiers in Cyberspace: Domain Names & Online Trademarks.” My notes:

David Fewer spoke about Canada’s WHOIS policy. The old Canadian registry policy published registrant information without restriction. Then, the registry proposed a new policy not to publish personal information in the WHOIS database for individual registrants and for organizations that can show harm from publication. To reveal registrant information in those situations, a warrant would be required. That policy got amended to allow warrantless access for cybercrime enforcement, registered IP infringement and ID theft. Fewer argued that the amended policy violates Canadian privacy laws (PIPEDA) because consumers are not given adequate disclosures, the exclusions from the privacy policy are arbitrary, and consumers aren’t given the required option not to participate.

Corynne McSherry of EFF discussed how TM owners are bypassing direct challenges against gripers and instead putting pressure on domain name registrars. She focused on the Yes Man spoof website of the New York Times, which included a parody ad of the De Beers diamond manufacturer. Humorless De Beers sought relief from Joker.com, the parodist’s registrar. EFF has responded to De Beers that the parody is legitimate because it has no commercial aspect, it’s nominative use, and the First Amendment applies. The EFF is also encouraging Joker.com to ignore De Beers because it (as the registrar) can’t be liable for the registered domain name. So why is Joker.com even entertaining De Beers’ complaint? Corynne notes the registrar’s revenue from any single domain name registration is less than legal cost of investigating and responding. Corynne discussed how parodists and gripers can minimize their legal risk (I blogged on these recommendations in May).

I remain very interested in situations where domain name registrars apply their own takedown policies to their customers. For example, I’ve previously mentioned GoDaddy’s “itchy trigger finger” when it comes to intervening with its registrants. I suspect there is significant heterogeneity among registrars’ interventionist tendencies. I think this is an area worth exploring. If you have other examples of domain name registrar intervention in its customers' content, please share them.

Stacey Dogan spoke about the aftermath of the Rescuecom ruling. Stacey is disappointed that courts aren't adopting her arguments to use the “trademark use in commerce” doctrine to insulate intermediaries (she calls it her “biggest failure in life”). She described three post-Rescuecom uncertainties: (1) what acts by intermediaries constitute TM infringement? (2) on what doctrinal basis? (direct v. contributory), and (3) what remedies do the intermediaries face?

Stacey thinks courts need to be more precise about the nexus between defendant behavior and TM owner harm. This should lead to better distinctions between direct and contributory infringement.

She offered a taxonomy of claims against intermediaries:

* General confusion = when the intermediary creates confusion through the blurring of ads and editorial content. Stacey thinks these aren’t TM issues. But if commingling is the problem, then the remedy should be an injunction requiring the intermediary to label the ads.

* Strict liability = when the search engine is automatically on the hook for its involvement with the ads. Stacey says courts should reject this approach due to the search engines' lack of proximate causation for consumer confusion. If a search engine faces any liability, it should be solely on the basis of contributory infringement (with its higher scienter bar).

* Failure to act = when the search engine fails to respond to TM owner’s takedown notice. She said we don’t see this in search engine cases [a point I disagree with given that the TM owner vs. search engine lawsuits all represent a failing of the search engines’ voluntary TM policies]; instead, she was thinking of the Tiffany case. Stacey thinks the failure of act prong is where the legal action should be. She wants courts to map out appropriate scienter levels. General knowledge of infringement isn’t enough, and courts should let defendants make reasonable judgments about whether the advertiser will qualify for any trademark defenses. If the advertiser is obviously infringing, and intermediary gets notice and fails to act, she thinks contributory liability could be appropriate.

Graeme Dinwoodie believes the ECJ will not follow the Advocate General’s opinion in the Google case. He explored two parallels between the AG’s opinion and Rescuecom: Both get away from trademark use of commerce, and both consider underlying policy values. Graeme thinks search engine defendants should move away from disputing the lack of harm to the trademark owner; instead, he thinks they will get more traction by showing the countervailing benefits of their advertising. For example, he thinks they should be showing how keyword advertising can facilitate investment and innovation.

Jeffrey Samuels shared his perspectives as a panelist in 200 UDRP proceedings. Since the UDRP’s implementation, there have been about 25,000 UDRP decisions. 40% are US registrations. 75% involve .com. 75% are defaults.

The UDRP isn’t designed to solve all domain name disputes. He gave an example of a domain name registration containing a celebrity child’s name. The UDRP isn't helpful because a 2 week old kid doesn’t have protectable trademark rights.

“The UDRP is hardly a model of clarity.” All cases are fact-dependent. If a UDRP proceeding has unusual facts, he recommends requesting a 3 member panel--these proceedings get more carefully evaluated opinions and minimize the effects of any one panelist’s idiosyncratic views.

Some issues that regularly arise in UDRP proceedings:

* What the TM owner has to do to establish its rights. The majority view is that a registration anywhere in the world suffices. Common law rights generally require presenting sufficient evidence validating the rights.
* There remains a split of authority on “sucks” sites.
* In the early days, panelists used to run through the multi-factor likelihood of confusion factors. That’s rarely done today. Now, most panelists just make sight and sound comparison.

Karl Auerbach discussed two interrelated issues: (1) ICANN lacks any political authority for its “Internet governance” role, and (2) technology does not require that ICANN monopolize DNS root services. He argues that we would benefit from competition among DNS root services. His argument reminds me a bit of the net neutrality debate. We can hypothesize many possible net neutrality problems, but most of them go away with vigorous competition. Similarly, ICANN’s often-ridiculous shenanigans would be less vexing in the face of bona fide competition for DNS root services.

Dan Hunter spoke about a new paper he’s writing with Mark McKenna. Their target is the fundamental trademark principle that trademark law protects against consumer confusion. They think consumer confusion is an imperfect proxy for our normative goal of protecting consumers. Some confusion is endemic in a complex society; and some methods of communication, like humor, require confusion to work. Therefore, they want to move away from trying to block consumer confusion and instead refocus trademark law on reducing errors in consumer decision-making. This seems like a fruitful endeavor, but they are also taking a swipe against the consumer search cost justification for trademark law, a move I didn't follow.

Bill McGeveran recapped his recent work on social networking sites and gave a preview of his next article. His target is fake online profiles such as the Tony La Russa fake Twitter account. He expects to see more pressure to create IP rights in personal identities.

I spoke about trademarks and behavioral targeting, and in particular the competition among marketers for consumer preference information. For example, I believe the anti-deep packet inspection pushback wasn’t based solely on privacy concerns. Instead, destination websites fear that an IAP will disintermediate them and use its prime access to consumer preference information to steer customers to competitors. (See this blog post for more on that point). My (very brief) slides.

Posted by Eric at 07:16 AM | Derivative Liability , Domain Names , Internet History , Publicity/Privacy Rights , Search Engines , Trademark | TrackBack

October 27, 2009

Zittrain on the Dark Sides of Crowdsourcing

By Eric Goldman

Last week, Cyberlaw expert/rock star Jonathan Zittrain of Harvard Law School (visiting at Stanford Law School this term) spoke as part of SCU's lecture series on IT, Ethics and Law. An overflow crowd of over 100 people came to the talk, and as usual Jonathan did a wonderful job. You should attend his talks if you have a chance. They are always highly entertaining and thought-provoking.

Overview

Jonathan's talk was opaquely titled "Minds for Sale: Ubiquitous Human Computing and the Future of the Internet." I think his talk really covered the Dark Sides of Crowdsourcing. Normally, such a talk would immediately raise red flags about the speaker’s intentions and net-savviness. However, Jonathan has sterling credentials as a crowdsourcing enthusiast, so he can raise concerns without sounding shrill or regressive.

He pointed to numerous examples throughout his talk, but one of his principal targets is Amazon.com's Mechanical Turk. Mechanical Turk describes itself as "a marketplace of work. We give businesses and developers access to an on-demand, scalable workforce. Workers select from thousands of tasks and work whenever it's convenient." LiveOps is also on his mind; the site hires individuals to provide live customer support for third party businesses from their homes on a flexible and dynamic basis.

The Problems

From the worker's perspective, Jonathan raised several potential concerns about Internet marketplaces for labor, including:

* surveillance. LiveOps can track and monitor every aspect of workers’ performance, including when they were online and where they connected from. This does depend on the employer’s specific technological architecture; I’m not sure if Mechanical Turk gets such deep looks into its workers' behavior.

* alienation. Online workers are often retained to do pieces of a larger project without understanding the whole project. Thus, they may apply existing rote skills but not broaden their expertise.

* moral valence. Because workers may not understand the greater project, they could help projects that are morally objectionable without realizing it. Jonathan gave some terrific examples, such as spammers distributing the work of breaking CAPTCHAs and the government asking citizens to identify folks in group/crowd photos for law enforcement or possibly dissident-busting purposes.

Jonathan also raised some systematic concerns that could arise from these online labor marketplaces, including:

* without uniform labor laws, employers could trigger a race to the bottom where the work flows to jurisdictions with the laxest worker protections. We’ve already seen an analogous situation as states try to enact “Amazon affiliate sales tax” laws designed to trigger sales tax collection obligations based on the presence of marketing affiliates in the state, which has prompted some Internet companies to dump affiliates overboard in some of those states based solely on their regulatory policy.

* crowding out. As it becomes easier for workers to monetize their time in smaller units, they may become less willing to contribute their labor to non-paying enterprises like Wikipedia. I address some of these dynamics in my Wikipedia paper.

Possible Solutions

Jonathan identified some possible solutions, including:

* revitalized labor standards, such as minimum wage laws or anti-child labor laws. As one example, he proposed that worker reputation should be “portable” so that good workers for an online enterprise can have their accomplishments follow them to future employers. Ironically, this may be unintended Internet exceptionalism because IMO worker reputation isn’t portable in physical space due to the collapse of the job reference market.

* unionize online workers. Unionization was a natural proposal given the talk’s tenor, but I found it anachronistic. How can unions be relevant to online labor markets where people can "change jobs" with a few clicks of a mouse? The Internet has much more competition among employers than any geographically restricted labor market, and the employees’ friction to change jobs online is so much lower than it is in physical space. For example, unhappy Mechanical Turkers can easily click to a large number of competitive websites that will gladly pay them for their contributions. At the same time, the Internet globalizes labor forces in ways that are unprecedented in physical space, so the value for “commodity” labor plummets. Both dynamics seem to doom any efforts to unionize online labor.

* disclosure. Employers should have to disclose who they are and why they are asking for the work to be done.

* opt-out. When people are doing work without knowing it, they should have the opportunity to opt-out. For example, the RECAPTCHA project uses human CAPTCHA-solving to correct OCR scanning errors. Zittrain thinks people should be given a choice not to provide those services.

Jonathan's final takeaway message was to express a general reservation that money is pervading our relationships and activities. He gave the example of how a Mechanical Turk employer offered to pay other Turkers to do kind acts--something, Jonathan pointed out, is oxymoronic because paying people to be kind means they aren’t actually being “kind.”

My Comments

Whether intended or not, Jonathan’s talk had a strong Marxist undercurrent that is tough for many of us to embrace. The Internet makes labor markets more efficient. It also increases the heterogeneity of ways that people can find gainful employment they can perform at the time and place of their choosing. Both generally sound like strongly positive developments to me.

I thought Jonathan’s strongest point was his dystopian view of bad actors (e.g., repressive governments and spammers) crowdsourcing socially detrimental work without workers knowing it. Disclosing the employer’s identity and motivations would be a partial but necessarily incomplete solution. More transparency would prevent people from inadvertently contributing to bad projects, but some people need cash so desperately that they will take it regardless of the moral valence. (I'm ignoring the malcontents who would gladly pay for the chance to facilitate social disruption).

Jonathan’s talk became harder to follow as he addressed examples well beyond online labor marketplaces. Specifically, a number of his examples seemed to conflate work activities, play activities and other ways that people voluntarily allocate their time. (FWIW, I’ve been accused by Timothy B. Lee of doing the same thing in my Wikipedia paper). For example, he treated Google’s use of website links for its PageRank algorithm as a form of “work” where Google gets the benefit of individual linking decisions. (In turn, he lauded Google’s nofollow link as a good example of how laborers can have an opt-out mechanism). While we collectively create value for Google by establishing links to third party sites, I don’t see how linkers are “working” for Google. Instead, I think the links are a positive externality captured by Google. We create positive externalities through our online (and offline) activities all of the time, and I think trying to characterize those as “work” is not the right direction. See, e.g., Frischmann and Lemley’s critique of regulatory overresponses to spillovers.

Similarly, Jonathan gave examples of “games” where the players provide valuable outputs to the game organizers through their ordinary gameplay. An example is where people are asked to tag photos as part of a game, where the tagging can become commercially valuable metadata. In this situation, the game organizers get an undisclosed private benefit (the beneficial work) from what is otherwise a fair market transaction (people voluntarily enjoying the game). Normally, we don’t worry about undisclosed private benefits; in fact, they occur in most economic transactions, even in efficient marketplaces. While increased disclosure about the game organizer’s motivations might help game players make more informed decisions about whether to play the game or how to price their participation, it’s not clear to me that such disclosures would actually help the game player’s make better decisions or enjoy the game more.

Terri Griffith, a colleague of mine in the SCU business school, wrote up her perspectives on the talk.

UPDATE: Mike Sardina, an SCU Law student, also wrote up a recap with commentary.

UPDATE 2: The Markkula Center provided a summary of the talk, and SCU student Courtney Meehan posted on it as well.

Posted by Eric at 12:06 PM | General , Internet History , Virtual Worlds | TrackBack

October 17, 2009

Q3 2009 Quick Links, Part 3

By Eric Goldman

Copyright

* AP v. All Headline News settles. My initial blog post. The settlement order.

* The Turnitin case has settled. My blog post on the district court ruling.

* Corbis Corp. v. Starr, No. 3:07CV3741 (N.D. Ohio Sept. 2, 2009).. Company that retained web developer could be liable for copyright infringing photos included in the developed website. David Johnson's coverage.

* Creative Commons commissioned a study of what people think qualifies as “commercial” or “non-commercial” activity. While this is relevant to how CC drafts its various license flavors, these words also have significant import to many facets of the law, including copyright (such as the fair use test) and trademark (such as the definition of “use in commerce”). The executive summary:

Both creators and users generally consider uses that earn users money or involve online advertising to be commercial, while uses by organizations, by individuals, or for charitable purposes are less commercial but not decidedly noncommercial. Similarly, uses by for-profit companies are typically considered more commercial. Perceptions of the many use cases studied suggest that with the exception of uses that earn users money or involve advertising – at least until specific case scenarios are presented that disrupt those generalized views of commerciality – there is more uncertainty than clarity around whether specific uses of online content are commercial or noncommercial.

eBooks

* Advocates for the blind sue Arizona State University for distributing electronic textbooks via the Kindle.

* Rebecca on the relationship between the Kindle 1984 debacle and the Google Book Search settlement. See also this Slate article.

Search Engines

* Train2Game v. Google, [2009] EWHC 1765 (QB): UK opinion that Google isn't liable for its search results snippets.

* CEO Bartz said Yahoo was never a search company. What??? Danny Sullivan calls her out for her "revisionist history."

* Greg Linden: Google AdWords Now Personalized.

* ThirdVoice redux: Google launches SideWiki. Let the legal games begin! (See, e.g., this BusinessWeek article). I’d be more worked up if Google had a more successful track record with non-search offerings, especially user-generated content projects. Lively, anyone?

Marketing

* Some craziness in Maine, when the legislature tried to restrict marketing to kids. PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature. The Maine AG said she won't enforce it, and subsequently the law was given a timeout so the Maine legislature can rethink the error of its ways.

* eBay is changing to a per-click model for paying affiliates, where the per-click amount is reset daily based on actual value delivered by the affiliate.

* Ethical Quandary: Faxed attorney newsletter doesn’t violate TCPA.

Posted by Eric at 04:47 PM | Copyright , Derivative Liability , Internet History , Marketing , Search Engines | TrackBack

September 22, 2009

Google Confirms That Keyword Metatags Don't Matter

By Eric Goldman

Few Internet technologies have horked cyberlaw as much as keyword metatags. Back in the 1990s, some search engines indexed keyword metatags, which encouraged some websites to stuff their keyword metatags as a way of gaming the rankings. Judges took a dim view of this practice, largely because the surreptitious nature of keyword metatags seemed inherently sinister, regardless of their efficacy. In the interim, search engines wizened up. Some search engines stopped indexing keyword metatags, and others greatly diminished the credit they assigned to keyword metatags. As a result, for the better part of this century, keyword metatags have had either zero or de minimis effect on search engine placement.

However, the anti-keyword metatag legal doctrines developed in the 1990s have persisted, even as the technology changed. Although occasionally judges have gotten it right (see, e.g., Standard Process v. Banks). most courts still treat the presence of a third party trademark in keyword metatags as essentially a per se trademark infringement--even if the keyword metatags didn't (and couldn't) change the search results ordering or any consumer's behavior. For a quick sense of the ridiculous state of keyword metatag jurisprudence, take a look at my recent blog posts on the topic.

The current state of nature has put keyword metatag defendants in a bind. On the one hand, the law treats the inclusion of third party trademarks as per se trademark infringement. On the other hand, everyone in the industry knows they are irrelevant but search engines have been less than forthcoming about the components of their search engine algorithms, leaving scanty citable material to support that proposition. And judges, deciding between the weight of a dozen years of anti-keyword metatag legal precedence and not-from-the-horse's-mouth assessments of keyword metatag efficacy, not surprisingly continue to stick with the outdated legal precedent.

This makes Google's announcement yesterday so exciting. Google's star techie Matt Cutts says in plain language that Google's core search algorithm ignores keyword metatags. This isn't news in the sense that we've known this about Google for years, but I believe this is Google's first public confirmation of keyword metatag's irrelevancy. Matt's short video clip goes so far to tell trademark owners to quit suing over keyword metatags. Amen!

I've long believed that trademark law shouldn't intervene even if search engines index keyword metatags because merely appearing in the search engine results for a third party trademark (without more) should be legally immaterial. Even if you don't agree with me on that proposition, I trust most everyone can agree that trademark law should ignore keyword metatags if search engines do. Now that we have confirmation that the dominant search engine disregards keyword metatags, let's hope judges do the same.

Posted by Eric at 10:02 AM | Internet History , Search Engines , Trademark | TrackBack

August 25, 2009

Why More Wikipedia Editing Restrictions Are Inevitable, and Some Comments on Flagged Revisions for Living People's Biographies

By Eric Goldman

I have posted my latest article, "Wikipedia’s Labor Squeeze and its Consequences," to SSRN. The article will be published in the Journal of Telecommunications and High Technology Law in the relatively near future. The article is still in draft form, and I gratefully welcome your comments. Please take a look.

The article traces its roots to my Dec. 2005 prediction that Wikipedia will fail in 5 years. I have continued to blog informally about Wikipedia since then, but I only decided to write a more formal academic defense of my prediction late last year. This article is that defense, but you'll notice that I don't refer to "failure" in the article. In my presentations and earlier drafts of this article, I found that predicting Wikipedia's "failure" produced very emotional responses that overwhelmed consideration of my argument's merits. I still think my 2005 predictions look pretty good (using my self-selected definition of "failure"), but I deliberately directed the article towards the "why" rather than the "when."

As a result, the article explains why evolutionary changes in Wikipedia's labor supply is forcing Wikipedia to change its basic architectural design of permissive user editability. Flagged revisions is a prime example of the ongoing architectural shift. With flagged revisions, every user has the technical capacity to edit a Wikipedia entry, but submitted revisions remain hidden from public view until a trusted editor approves them for publication. Accordingly, flagged revisions significantly changes the Wikipedia experience. It delays publication of most contributions, it buries some contributions without ever being published at all, and it creates a significant workload for editors. For example, the German Wikipedia deploys flagged revisions site-wide and publication delays are up to three weeks.

Yesterday, Wikipedia announced that it is deploying Flagged Revisions for biographies of living people. Wikipedia has been on red alert with biographies since the John Seigenthaler incident in September 2005, so it's not surprising that Wikipedia will tighten the reins there first.

However, I think this change is just one more intermediate step in Wikipedia's ongoing process of restricting user editability, and it is not the final restrictive step Wikipedia will take. For reasons I outline in the article, I expect Wikipedia eventually will deploy Flagged Revisions, or some other stringent form of editorial lock-down, across the entire site, not just for living people's biographies. I explore some other possible alternatives in the paper, but I conclude that substantial restrictions to user editability are Wikipedia's only viable long-term solution to preserve site credibility.

People who have reviewed the article have asked about the article's relationship to Benkler's Wealth of Networks and its related commentary. Those works have explored the phenomenon and implications of large-scale online volunteerism, including a convincing proof that people will contribute their labor to online collaborative enterprises without any direct financial compensation. However, I've seen less attention paid to the exact reasons why people volunteer for these projects. My article focuses on the "why" in some detail, but even then, I make some assumptions and guesses. Despite extensive academic research into the Wikipedia community, we still lack a complete and clear empirical picture of why people join the community and, perhaps just as important, why people leave. I offer up my theoretical considerations, but more empirical work remains to be done.

If you want more discussion on this topic, during the paper's development, I gave a talk at University of Colorado Boulder that sparked some online responses:

* the talk itself (in the middle of the video)
* Ars Technica coverage
* ZDNet's paraphrase of the Ars Technica post
* p2pnet
* Blorge
* Thinking Spaces
* Futureismic

The presentation led to an NPR Interview with more comments and a response from What Jeff Learned Today.

Posted by Eric at 09:09 AM | Internet History , Marketing , Spam | TrackBack

August 12, 2009

2009 Cyberspace Law Syllabus and Some Comments

By Eric Goldman

I have posted my syllabus for this semester's Cyberspace Law course. This blog post describes the changes from my 2008 course reader. For more on my pedagogical approaches to the course, see my Teaching Cyberlaw article.

Trademark

* Deleted the Tiffany v. eBay case. This is a really rich and fascinating case, but it is really long and I ran out of time to cover it last year. Also, it will be mooted in the not-too-distant future by a Second Circuit opinion.

* Replaced the Playboy v. Netscape and FragranceNet keyword advertising cases with Hearts on Fire v. Blue Nile. The Hearts on Fire case isn't a perfect teaching case, but it discusses use in commerce, likelihood of consumer confusion/initial interest confusion, and a bit of the policy issues. I suspect a number of my Cyberlaw colleagues are teaching the Rescuecom case, but I chose not to. First, it is doctrinally narrow. Second, it is a confusing opinion. Third, I tried to teach it as a last-minute substitution in my IP survey course last semester and was not satisfied with the results. Finally, it involves the less common fact pattern of keyword sales rather than keyword purchases. So I decided that this year the Hearts on Fire case could cover all the necessary issues adequately.

An interesting note: this is the first time in 15 years that I am not teaching a Playboy case in Cyberlaw. Frankly, I had expected to teach at least one Playboy case in Cyberlaw forevermore!

* Added Google's trademark policy. I'm a little surprised it never occurred to me before to include this in my reader.

* Updated my all-new keyword advertising slides from my May presentation.

Copyright

* Deleted the Perfect 10 v. ccBill and Perfect 10 v. Visa cases. I have been struggling with how to teach the Ninth Circuit's Perfect 10 troika of cases for the last couple of years. The troika was over 100 pages of reading that nevertheless left students befuddled after all that work. But I felt constrained because the troika is the most definitive statement of Ninth Circuit law, and it is insightful to see the cases evolve. Nevertheless, I decided that the Amazon case was the most doctrinally significant, so I kept that and ditched the other 2.

* Added Io v. Veoh. To make up for taking out the Perfect 10 cases, I've added this case, which I think is a very clear exposition of a DMCA online safe harbor case.

* Added Parker v. Yahoo. I think this will be a good case to tie together some copyright doctrinal threads as well as provide a nice compare/contrast with the Ticketmaster v. RMG case.

Trespass to Chattels

* Replaced the Computer Fraud & Abuse Act statute with the most recently amended version.

* Included a slide that synthesizes the various trespass to chattel doctrines into a summary format.

Contracts

* Added the Harris v. Blockbuster case. It's a short case that efficiently makes several powerful pedagogical points--including perhaps most importantly, the perils of robo-drafting by copying language from other people's agreements.

Blogs and Social Networking Sites

* Replaced my old materials on blog law and social networking sites law with my most recent talk on both from February.

* Added my Third Wave of Internet Exceptionalism article

* Added the Moreno v. Hanford Sentinel case as an end-of-the-semester review case. As I said when I first blogged on the case, I think "this is one of the most interesting cases I've seen in a while," and I'm really excited about teaching it. I think it will be an excellent issue-spotting opportunity for students as well as a powerful reminder of the power of published words (and how those words can unintentionally affect the people we love).

Change to the Grading Options

My other big change this year is that I am giving students the option to write a wiki entry on a cyberlaw topic as part of their grade. This was inspired by my forthcoming paper on Wikipedia (which you'll hear more about soon). In connection with that paper, I was researching alternative labor sources that could power Wikipedia, and students working as part of a class assignment was one option I explore in the paper (with some reservations). As part of "eating my own dog food" (a terrible idiom that seems to be prevalent in the Silicon Valley), I figured I should give it a try myself. As you can see, the wiki-drafting is optional, not mandatory, so I'll be interested to see how many students choose the option. I'll also be interested to see what happens when the students actually try to submit their work to Wikipedia. I have a mental image of a massive buzzsaw, but perhaps I'm being too cynical.

Posted by Eric at 09:36 AM | Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Search Engines , Trademark , Trespass to Chattels | TrackBack

August 07, 2009

An End to Spam Litigation Factories?--Gordon v. Virtumundo

By Eric Goldman

Gordon v. Virtumundo, Inc., No. 07-35487 (9th Cir. Aug. 6, 2009)

When CAN-SPAM was passed in 2003, it was fairly clear that Congress wasn’t trying to enable broad private enforcement. Everyone knew that rabid anti-spammers would seize any new statutory right for a litigation frenzy. As this court says, "lawmakers were wary of the possibility, if not the likelihood, that the siren song of substantial statutory damages would entice opportunistic plaintiffs to join the fray, which would lead to undesirable results." Although I personally think Congress would better served all of us by omitting all private enforcement rights in CAN-SPAM, unquestionably the private rights in CAN-SPAM are drafted narrowly to prevent their abuses.

That hasn't stopped some zealous anti-spammers from testing the limits of CAN-SPAM's private enforcement remedies anyway. James Gordon has been one of the most active. He is a "professional plaintiff" who has operated a spam "litigation factory" by configuring his technology to try to trap spammers. In effect, he goes out of his way to look for spam. As the court says, “the burdens Gordon complains of are almost exclusively self-imposed and purposefully undertaken."

As it turns out, this business model does not fare well in court. He lost this case in the district court and subsequently was ordered to pay over $100k in legal fees to the defendant under CAN-SPAM's fee-switching provision. On appeal, the Ninth Circuit has even less kind words for him, saying that CAN-SPAM “was enacted to protect individuals and legitimate businesses—not to support a litigation mill for entrepreneurs like Gordon." As a result, the court issues a broad but muddy opinion that shuts down Gordon’s litigation factory and presumably others like his, but has a less clear effect on other CAN-SPAM defendants.

"Internet Access Service"

CAN-SPAM's private enforcement rights only accrue to "Internet access services." This phrase is troublesome in part because it differs from other possible statutory synonyms for online actors like "interactive computer service" (47 USC 230), "online service provider" (DMCA), "electronic communication service" and "remote computer service" (ECPA), etc. This verbiage proliferation raises questions about the scope of governed entities (who’s covered and who isn’t) and why different online actors are being treated differently (if they are). I hope future legislative drafters will recognize the costs of using different terms for online actors.

In CAN-SPAM, Congress defined an “Internet access service” as "a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services." Check out Ethan’s lengthy but irresolute deconstruction of this definition from last year.

Read literally, this definition seemingly covers all Internet services because they allow users to access their "other" services. However, the Ninth Circuit doesn’t think that's what Congress meant, although it’s not sure about the boundaries either. Instead, the Ninth Circuit "decline[s] this opportunity to set forth a general test or define the outer bounds of what it means to be a provider of ‘Internet access service.’" Gee, thanks.

Nevertheless, the Ninth Circuit had no problem saying that Gordon wasn't an Internet access service. I can’t pin down a specific reason why Gordon wasn’t covered while, according to the court, his service providers (Verizon and GoDaddy) might be. Ultimately, I think the court rejects Gordon's transparent efforts to manufacture a claim.

"Adversely Affected"

A CAN-SPAM private litigant also needs to show that it was “adversely affected” by the spam. The court doesn’t offer a single definition of adverse effect, but it does try to draw some boundaries that leave Gordon out.

In general, the court tries to narrow the scope of cognizable harms in two ways. First, the court segregates consumer-related harms from service provider-related harms. I was heartened to see this because better harm delineation was a central point of my (uncited) 2004 article "Where's the Beef? Dissecting Spam's Purported Harms." Back in the earlier part of this decade, anti-spam advocates would routinely lump together a laundry list of gripes about spam in ways that would degrade policy-makers’ ability to target policy responses to the harm. For example, CAN-SPAM suffers heavily from this schizophrenia about the targeted harm. This court makes it clear that consumer-related harms aren’t part of the CAN-SPAM private litigation calculus.

Second, the court tries to distinguish between the fixed and variable costs of spam fighting and implies that the fixed costs should be ignored when calculating adverse effect. The court’s handling of this distinction is hardly deft. It says repeatedly that we have to assume that IAS providers are absorbing some spam costs as part of their normal costs of operation. For example, the court says:

the harm must be of significance to a bona fide IAS provider—something beyond the mere annoyance of spam and greater than the negligible burdens typically borne by an IAS provider in the ordinary course of business. In most cases, evidence of some combination of operational or technical impairments and related financial costs attributable to unwanted commercial e-mail would suffice

And the court says:

We expect a legitimate service provider to secure adequate bandwidth and storage capacity and take reasonable precautions, such as implementing spam filters, as part of its normal operations….network slowdowns, server crashes, increased bandwidth usage, and hardware and software upgrades bear no inherent relationship to spam or spamming practices. On the contrary, we expect these issues to arise as a matter of course and for legitimate reasons as technology, online media, and Internet services continue to advance and develop. Therefore, evidence of what could be routine business concerns and operating costs is not alone sufficient to unlock the treasure trove of the CAN-SPAM Act’s statutory damages.

Reading these quotes, it seems like the court is trying to zero out the fixed costs borne by anyone connected to the Internet, which would then focus the analysis on only those marginal/variable consequences attributable to a specific spam campaign. However, the court does not want to raise the bar that high, at least not for “legitimate” service providers (which the court thinks clearly excludes Gordon). As the court says:

the threshold of standing should not pose a high bar for the legitimate service operations contemplated by Congress. In some civil actions—where, for example, well-recognized ISPs or plainly legitimate Internet access service providers file suit—adequate harm might be presumed because any reasonable person would agree that such entities dedicate considerable resources to and incur significant financial costs in dealing with spam.

So I’m not quite sure what to make of this language. On the one hand, the court’s acknowledgement that complex societies impose some unwanted but unavoidable costs seems to raise the harm bar pretty high for CAN-SPAM plaintiffs. On the other hand, the court is willing to presume harm for “good” plaintiffs. So why won’t the court make such presumptions for Gordon? Mostly because he “came to the nuisance” (my words, not the court). As the court says:

Gordon purposefully refuses to implement spam filters in a typical manner or otherwise make any attempt to block allegedly unwanted spam or exclude such messages from users’ email inboxes...Gordon made no real effort to avoid, block, or delete commercial e-mail, but instead has voluntarily assumed the role of a spam sleuth. He expends time and resources seeking out and capturing massive volumes of spam, which he collects and then organizes for use in his prolific lawsuits. He admits setting up domains as “spam traps” with the sole purpose of snagging as many e-mail marketing messages as possible.

So my reading of this discussion is that the court sets up a bifurcated “adverse effect” analysis. If you’re a commercial email service provider, you presumptively get access to CAN-SPAM’s “treasure trove.” If you’re a spam troll, nuts to you.

Preemption of State Laws

One of CAN-SPAM's main raisons d'etre was to preempt the rapid proliferation of state anti-spam laws in the early part of this decade (especially California's opt-in anti-spam law). I naively assumed that CAN-SPAM's preemption clause would drive states out of the anti-spam regulation business altogether (a separate rant, but I'm not a fan of any state attempts to regulate Internet activity). No such luck. Following CAN-SPAM’s enactment, nearly every state enacted NEW anti-spam laws designed to fit within the preemption exceptions. This renewed activity at the state level has contributed to the anti-spam litigation frenzy, because the plaintiffs can use both state and federal claims to extract settlements and concessions from defendants.

In 2006, in Omega Travel v. Mummagraphics, the Fourth Circuit took a lot of the wind out of plaintiffs' sails by holding that state anti-spam laws survived CAN-SPAM preemption only as applied to fraud or material misrepresentations, not garden-variety errors or immaterial deception. Here, the Ninth Circuit adopts the Mummagraphics standard, which presumably eviscerates several state laws in Ninth Circuit-governed jurisdictions.

Applying the Mummagraphics’ standard to Gordon’s case wipes out his Washington state anti-spam claim. Gordon argued that, although he was not misled or deceived, Virtumundo’s “from line” violated Washington law because it does not clearly identify Virtumundo as the sender. He also argued that to avoid being deceptive, Virtumundo’s email subject lines must have either Virtumundo’s or its client’s name. The court rejects these arguments because "Gordon offers no proof that any headers have been altered to impair a recipient’s ability to identify, locate, or respond to the person who initiated the email. Nor does he present evidence that Virtumundo’s practice is aimed at misleading recipients as to the identity of the sender."

Expect to see more state laws bite the dust in the face of this preemption analysis.

Implications

This case is exceedingly interesting and important because it destroys the arguments of anti-spam plaintiffs trying to manufacture technical violations of CAN-SPAM for their profit. Not only does the opinion send an unmistakable message to the lower courts to toss these plaintiffs out on their keister, but it sends the harsh message that these plaintiffs ought to rethink their legal hubris. As the court says, “As should be apparent here, ‘the law’ that Gordon purportedly enforces relates more to his subjective view of what the law ought to be, and differs substantially from the law itself.” Ouch. The court has apparently just invalidated the fantastic laws that some anti-spam plaintiffs dream up in their heads.

This case is also important because it puts state anti-spam laws even more clearly on the ropes. It has been an impressive but pathetic display of futility watching the states trip over themselves trying to show that they are tough on spam when their efforts are all irrelevant in light of the Fourth Circuit's and now Ninth Circuit's interpretations of CAN-SPAM. Fortunately (?), most of the states have moved on to being tough on cyberbullying instead of beating up on spammers.

It is less clear to me if the court’s discussion about “Internet access services” and “adverse effect” will have broader import on private CAN-SPAM litigation. The court deliberately sidestepped definitive interpretations of both terms, so I expect the interpretive slate is mostly clean outside of the spam litigation factories.

One final point. Spam remains actively litigated in the courts and the subject of some policy discussion, but do you still fret about the spam you receive personally? I get the sense that this panel was not that impressed with Gordon’s efforts in part because spam isn’t as big a deal for the judges as it used to be. Certainly that’s true in my case. I get about 100 spams a day, 90+% of which Gmail appropriately filters into my spam folder (with very few misclassifications of legit email as spam). As a result, it takes me just a minute or two a day to burn through the spam accruals. Not surprisingly, at least for me, good spam filters have solved the problem much better than any legislative intervention.

I understand that spam is a bigger issue for email service providers, especially now that more than 100% of all emails are spam (according to the ridiculously overhyped stats put out by vendors of anti-spam solutions). CAN-SPAM partially offers a solution to these individuals, along with other doctrines like the Computer Fraud & Abuse Act and possibly the common law trespass to chattels doctrine. However, at this point, so much of the anti-spam battle has to be fought technologically, not in the courts, due to the sheer volume and dispersed nature of the putative defendants. As a result, it doesn’t really seem to matter to the overall quantum of spam in our society if courts read CAN-SPAM broadly or narrowly.

Other comments on this case:
* Venkat
* Jeff Neuburger

UPDATE: Ken Magill reports on how Gordon has lost his house belongings due to his persistence.

Posted by Eric at 12:40 PM | Internet History , Marketing , Spam | TrackBack

August 06, 2009

State of the Net West Recap

By Eric Goldman

Yesterday, the High Tech Law Institute and the Advisory Committee to the Congressional Internet Caucus co-sponsored the Third Annual State of the Net West event at Santa Clara University. The featured participants were 3 members of Congress (Boucher, Goodlatte and Lofgren) and the White House CTO Aneesh Chopra, supplemented by 8 distinguished discussants. In a jam-packed morning, we covered a lot of interesting and important ground on broadband, privacy, antitrust, immigration and open government. This blog post recaps some highlights from the discussion.

Boucher on Broadband

Rep. Boucher emphasized the importance of broadband availability to economic activity and expressed concern that the US wasn't keeping up with broadband deployment (he said, "we can do better"). He offered three policy proposals for ways the federal government could help:

* revise the Universal Service Fund to allow dollars to be spent on broadband deployment; and require USF fund recipients 5 years from now to be offering broadband or be cut off from USF
* federally preempt state laws prohibiting municipal broadband offerings (which about 25 states have)
* get the FCC to develop a broadband deployment plan

He expressed disappointment with the guidelines that NTIA and the Department of Agriculture have adopted to give away the $7.2B broadband fund that was part of the stimulus package. It appears he will be encouraging both entities to rethink their guidelines.

My colleague Al Hammond was the broadband discussant. Al made a number of good points, including noting that broadband deployment is both a rural and low-income issue (Boucher appeared to be focusing more on the former) and raising concerns about municipalities not playing fair and the FCC overcounting actual broadband availability.

Boucher on Privacy

Rep. Boucher also gave a preview of the privacy bill he is planning to introduce next month. He started off by saying he likes ad targeting, especially first party targeting (he said he buys items based on customized recommendations). So he wants to encourage "appropriate" ad targeting, not eliminate it. His bill is expected to contain the following elements:

* websites collecting data will be required to post a prominent privacy policy
* users can opt-out of first party targeted ads. This also includes data sharing necessary to enable first party ads
* websites that want to share data with unaffiliated third parties will need opt-in. However, behavioral ad networks can proceed on an opt-out basis if they allow users to see and edit their behavioral profile, except for sensitive information categories that would always be opt-in
* both the FTC and state AGs would have enforcement authority

To the extent that the mandatory privacy policy and opt-out options codifies existing industry practices, this proposal generally seems benign but not worth the effort--the costs of the inevitably poor statutory drafting outweighs any benefit we might get from regulatory codification. Requiring opt-in would likely eliminate third party behavioral ad networks, which (as I've discussed before) is more likely to be a detriment than a win.

I was especially intrigued by the proposal that behavioral networks can flip from opt-in to opt-out by letting users access a user profile. I need to see more details about Boucher's thinking, but doesn't this superficially sound crazy? The most obvious problem is authentication of the user before seeing his or her profile. How would this be done? The networks usually don't know the identity of the specific individuals they are profiling, so they can't authenticate identity. And just tying profile access privileges to a cookie or machine sounds like a recipe for disaster for all shared computers. Plus, a web interface seems to increase the security risks that the bad guys can see profiles they shouldn't be able to see. On first blush, it sounds like this part of Boucher's proposal may need a complete rewrite, with unknown consequences for the entire structure of his proposal.

Mike Hintze of Microsoft was the privacy discussant. He espoused Microsoft's standard line that there should be a comprehensive privacy law.

In the Q&A, Boucher appeared willing to consider concurrent privacy enforcement authority by self-regulatory organizations, so long as they enforced the law's minimum requirements. But any self-regulatory effort wasn't a substitute for other aspects of his bill.

Lofgren on Antitrust

Rep. Lofgren said that if the Bush administration did too little on antitrust enforcement, the Judiciary committee is now concerned that Obama and Varney will do too much. Lofgren is particularly focused on the chilling effects of the mere threat of antitrust scrutiny, not just the actual successful prosecution in court of cases. Thus, an "informal" DOJ expression of interest can deter innovative activity by high tech companies.

She also expressed skepticism that antitrust laws remain effective at protecting technology markets, which are marked by fast innovation and low barriers to entry. (I believe her exact words were "traditional antitrust measures of marketplace behavior might no longer work.") At minimum, any technology-related antitrust enforcement actions should be focused on improving innovation rather than trying to manage current marketplace prices.

Finally, she said that copyright restrictions should be considered in antitrust inquiries. Mike Masnick has more to say on this.

Michael Katz of UC Berkeley was the most colorful respondent. He shared Lofgren's concern that antitrust law may be counterproductively squelching innovation, especially when companies try to capture antitrust enforcers to hassle competitors. He had especially harsh words for the FCC, calling it much less disciplined than the DOJ and observing how the FCC can blackmail companies using its leverage. He also complained that the FCC's review of mergers takes too long, and as an example of their lack of discipline, the FCC will impose merger conditions that have nothing to do with the merger.

Tim Bresnahan of Stanford and my colleague Cathy Sandoval were the other respondents.

At the end of her talk, Lofgren praised the Google Book Search settlement, saying that in some ways it lowers barriers to entry. She also said she was grateful that Google appears to have found a back-door way to liberate orphan works given that she wasn't able to pass an orphan works bill. I'm all in favor of orphan works reform, but a class action settlement seems like a weird way to get there.

Chopra on Open Government

Aneesh Chopra is the new White House CTO, a role that never existed before, which puts Chopra at Obama's elbow on all technology issues. This was Chopra's first Silicon Valley trip since he undertook his new role. His first talk was on Tuesday night at a Churchill Club event; we were his second. Lots of people were very interested in learning more about him. He was the big draw for the press, and we got an unprecedented number of walks-in based in part (we think) on his talk. He was also mobbed before and after his talk--everyone seemed to want a piece of his attention (then again, I'd love to have a chance to kick some stuff around with him one-on-one myself!).

It's easy to see why Chopra sparks such curiosity. My impressions were that he was genuinely affable, smooth without being slick, substantive without being bookish, a big fan of crowdsourcing and an even bigger fan of assessment and measurement of outcomes.

He started off by discussing the importance of technology and how the US's rate of technological performance is lagging against other countries. He then identified three ways to "turn the ship around":

1. invest in innovation building blocks, such as a smart/secure infrastructure, more R&D and improved workforce expertise
2. healthcare reform, especially improvements to the information technology side of healthcare delivery
3. an improved education system, including distance learning and more emphasis on lifelong learning

He then discussed open government issues and gave examples of ways technology can facilitate participatory governance.

Goodlatte and Discussants on Immigration

Rep. Goodlatte laid out the Republican's high tech agenda, which includes:
* skilled workforce, including immigration reform
* patent reform
* trade issues
* taxation, including efforts to define when activity in a state triggers tax obligations
* net neutrality (don't regulate but improve antitrust enforcement)
* privacy (opt-out except for sensitive information)

The panel then drilled down on immigration reform. I was really excited to have this panel because workforce issues are so central to the Silicon Valley's "secret sauce" and yet I couldn't recall a time that the HTLI had sponsored a discussion about them. Obviously immigration issues are age-old and are well-trodden, but I nevertheless found the discussion helpful--with the one caveat that everyone on the panel agreed with everyone else, so there was a lot of preaching to the choir. I learned an interesting factoid that both Reps. Goodlatte and Lofgren were formerly immigration attorneys, so they have some front-line domain expertise in this area.

First discussant was AnnaLee Saxenian of UC Berkeley. She talked about how skilled immigrants have fueled innovation in this country. She gave a number of stats in support of this, including that a majority of Silicon Valley engineers are foreign-born, and a high percentage of technology entrepreneurs and patent applicants are foreign-born individuals. She also noted that foreign-born skilled works create net new jobs and also help build better ties to their home country.

We benefit from the best and the brightest from around the world, who come to the US because of our higher education system and historically have chosen to stay. However, she is concerned about this retention because of bureaucratic barriers. She is also concerned that companies, frustrated by their lack of access to development talent, will offshore their R&D.

Finally, she pointed out that immigration discussions kludge together the issues of skilled and low-skilled workers, even though their issues are very different.

Keith Wolfe of Google reinforced many of AnnaLee's points from Google's specific experiences.

My colleague Deep Gulasekaram was the last discussant. He pointed out that free marketplaces may require free movement of labor, which isn't consistent with our current immigration policy. He raised concerns about state and local anti-immigration policies and the negative consequences of tying foreign workers to specific jobs (by linking their visa to the job).

Rep. Lofgren added a few remarks:
* Obama told her that it's time for comprehensive immigration reform. [This led to a polite back-and-forth between Lofgren, who favors comprehensive reform, and Goodlatte, who would settle for piecemeal immigration reform]
* Immigration reform is not a substitute for educating the US workforce
* We should give permanence to people we want to keep (i.e., not keep them on some treadmill with the possibility of a forced exit, which prevents their long-term life planning)
* We need to address the family of skilled immigrants, not just the immigrants themselves

More Coverage of the Event

* ABC 7 News
* KCBS radio
* Zusha Ellison of the Recorder
* Joyce Cutler of BNA (BNA subscription required)
* Mike Masnick
* Joel West
* Colette Vogele
* Warren's Washington Internet Daily also ran a story (not web-linkable) "Boucher Promises Online Privacy Bill Draft Soon"
* The extensive Twitter discussion at hashtag #sotnw. Twitterers included @ipolicy, @caminick, @persistance, @miss_eli, @techpolicygirl, @cathygellis, @mmasnick, @nextgenweb, @marianmerritt, @larrymagid, @christinela, @mblatkin, @seangarrettnow, @vogelelaw (who didn't always use the hashtag--we will try to publish a standardized hashtag at future events). Whew! Apologies if I missed anyone. I can't recall seeing more Twitterers in an audience--everyone seemed to have their Twitter page up constantly. As usual, I didn't turn on my computer at the conference (I take notes by hand and blog them later), so my comments seem woefully out-of-date already!

We plan to post the event audio soon so you can listen for yourself. I'll announce the audio posting at my Twitter account when it's live.

UPDATE: Audio now available: Download (item 27) or Stream

Posted by Eric at 10:54 AM | Adware/Spyware , Copyright , E-Commerce , General , Internet History , Marketing , Patents , Privacy/Security | TrackBack

August 04, 2009

Wikipedia and Rules Proliferation

By Eric Goldman

I have previously mentioned how rule sets tend to expand over time. We've seen this with legislation; for example, consider how the Copyright Act has grown over time. Personally, I've seen code expansion over and over again in the context of negative behavioral restrictions in user-to-user communities. A 2008 article by Brian Butler, Elisabeth Joyce and Jacqueline Pike entitled "Don’t Look Now, But We’ve Created a Bureaucracy: The Nature and Roles of Policies and Rules in Wikipedia" provided yet another dramatic example of this phenomenon in the Wikipedia context. They write:
___________

One useful measure of increased complexity is the change in lengths in terms of word count alone of the policies from the first version to most current. All policies studied grew enormously.

• Copyrights: 341 words => 3200 words: 938%
• What Wikipedia is not: 541 words => 5031 words: 929%
• Civility: 1741 words => 2131 words: 124%
• Consensus: 132 words => 2054 words: 1557%
• Deletion: 405 words => 2349 words: 580%
• Ignore all rules: exceptional case

The first version of the Ignore all rules policy is only 23 words long, stating, “If rules make you nervous and depressed, and not desirous of participating in the Wiki, then ignore them and go about your business” [45]. The current version is actually shorter, only 16 words, and says, “If a rule prevents you from working with others to improve or maintain Wikipedia, ignore it” [45]. However, as suggested earlier in this paper, while the actual wording of this policy declined 69% and it appears on the surface to be the least bureaucratic of the policies, the supplemental page directly linked to this policy contains 579 words, indicating that the policy swelled over 3600% [45].
___________

There are some obvious detrimental consequences of this expansion. First, it facilitates wikilawyering. As the rules get more complicated, there are more ambiguities to debate and potentially more contradictory rules. Second, it becomes a bigger barrier to entry for newcomers or casual users; either they must try to master a greater and more complex rule set, or they are more likely to transgress and have their contributions reversed.

Posted by Eric at 10:35 AM | Internet History , Licensing/Contracts | TrackBack

May 03, 2009

April 2009 Quick Links

By Eric Goldman

[Just a reminder that I am posting some “quick links” exclusively to my Twitter account, so if you want to keep up with everything, follow me at Twitter or subscribe to the RSS feed.]

Marketing/Spam

* Zango is dead (and so is adware), Ken Smith, Zango's CTO, conducts a post mortem: What Zango Got Wrong and What Zango Got Right. Mike Masnick's post-mortem.

* The FDA's instructions about pharmaceutical search marketing have led to lots of confusion. See Search Engine Land and the NYT.

* NYT: "Never Mind What It Costs. Can I Get 70% Off?"

* Tsan Abrahamson on social media and marketing law.

* Asis Internet Servs. v. Consumerbargaingiveaways. A district court diverges from Mummagraphics and says CAN-SPAM does not preempt CA's anti-spam law even if there is no common law fraud.

* Jackson v. American Plaza Corp., No. 08-8980 (S.D.N.Y. April 28, 2009), A Craiglist advertiser isn't a third party beneficiary of Craigslist's contract for purposes of stopping another advertiser from breaching the contract (in this case, spamming the forum).

Defamation

* Gardner v. Martino (9th Cir. April 24, 2009). I'm not a fan of talk radio, and the 9th Circuit apparently isn't either. The court upheld an anti-SLAPP dismissal of a defamation claim against the radio talk show host because "The Tom Martino Show is a radio talk show program that contains many of the elements that would reduce the audience’s expectation of learning an objective fact: drama, hyperbolic language, an opinionated and arrogant host, and heated controversy." Accord DiMeo v. Max. As Marc Randazza notes, rulings like this pose a challenge for those who think contextually ridiculous statements should be treated as "cyberbullying" or "cyber-harassment." Cf. the Finkel v. Facebook case involving asinine but clearly meaningless chatter on a private Facebook page.

* Some big defamation losses reported by CMLP:
- Blogger hit with $1.8M damage award.
- $12.5M defamation judgment against a gripe site.

* CMLP has a page organizing all of its 47 USC 230 material.

Intellectual Property

* Publicly republishing a private email leads to a default judgment of copyright infringement.

* Bryant v. Europadisk, Ltd., 2009 WL 1059777 (S.D.N.Y. April 15, 2009). In 2000, musicians authorized distributors to distribute their [hard copy] recordings, which the defendants ultimately ripped and allowed Amazon and Rhapsody to deliver via downloading. The resulting lawsuit turned on the interpretation of the license agreement term “internet sites.” The court says the term "is not ambiguous and does not extend to websites selling digital copies of songs. At the time the parties entered into the agreements, The Orchard sold physical copies only. As its Vice President explained by affidavit testimony, digital downloads of music did not become a “viable business” until iTunes was launched in approximately April 2004, long after Media Right and Gloryvision entered into contract."

* Octomom is seeking trademark registrations.

Miscellaneous

* GeoCities is shutting down.

* eBay will referee customer disputes.

* Wilson Sonsini's VC financing term sheet generator.

* Oddee: 10 Most Bizarre [Online] Gaming Incidents

Posted by Eric at 06:31 AM | Adware/Spyware , Content Regulation , Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Spam , Trademark , Virtual Worlds | TrackBack

April 11, 2009

Q1 2009 Quick Links, Part 3

By Eric Goldman

Blogging and Social Networking Sites

* A new version of the EFF Legal Guide to Blogging. While you're there, consider joining EFF as a member. The EFF does first-rate work, and they can use all the support they can get in this economic downturn.

* Red Tape Chronicles: "Blogger: Cash4Gold tried to 'bribe' me."

* Klein v. City of Laguna Beach, 594 F. Supp. 2d 1142 (C.D. Cal. Jan. 23, 2009): "many of the cases striking down ordinances that restrict sound-amplification equipment are artifacts of a bygone age that offered activists few media of mass communication. Twenty, thirty, or fifty years ago, a sound truck was an important means of spreading a message to a large group of people. Now, one must only have a computer and a printer to publish a newsletter or handbill. The Internet, e-mail, text messaging, and widespread mobile communications devices have made it easier than ever to reach a large audience on a small budget. Indeed, it might be easier for Mr. Klein to reach the youth he wishes to target by using Facebook or MySpace."

* Maybe everyone already knew this, but I learned something interesting about Blogger. Apparently in some cases they will place an interstitial warning in front of certain user-posted content.

* Doninger v. Niehoff, 2009 WL 103322 (D. Conn. Jan. 15, 2009). On remand from the Second Circuit, the district court denies damages for a student whose off-campus blog entry led to school discipline. At the same time, Wendy Davis reports on how a Conn. Bill Would Protect Students' Free Speech Online:

* Funny article on Facebook's efforts to police against people who create funny account names, which sometimes ensnares people who actually have funny names like Batman, Six, Super, Pancake and Kisser.

* Facebook Sex-Extortion Plot: a boy pretends to be a girl, gets boys to send naked photos to him, and then threatens to go public with the photos unless they consent to sex with him.

* Dynamic Sports Nutrition, Inc. v. Roberts, 2009 WL 136023 (S.D. Tex. Jan. 16, 2009). A former employee republishing confidential information via his blog is enjoined.

* We now know that Facebook settled with ConnectU for $65M. However, ConnectU might get a little more cash after this information was inadvertently disclosed by its former counsel, Quinn Emanuel, in a marketing brochure.

* Facebook gets TRO against Wallace.

* Some people gave up Facebook for Lent.

* Reuters writes up a shocking study: many teens on MySpace post things they might regret.

* State v. Hause, 2009 WL 295404 (Ohio App. Ct. Feb. 9, 2009). Facebook photos help convict a woman for allowing minors to drink alcohol in her house.

* U.S. v. Villanueva, 2009 WL 455127 (11th Cir. Feb. 25, 2009). MySpace photo and YouTube video showing defendant holding firearms contribute to sentence enhancements for firearms charges.

* John Palfrey & Adam Thierer discuss Palfrey's arguments to "improve" 47 USC 230 by reversing Doe v. MySpace.

Defamation/Cyberbullying

* JuicyCampus has shut down. LA Times, Chronicle of Higher Education, CMLP.

* Lengthy article on the AutoAdmit lawsuits. And a mixed ruling in Ciolli v. Iravani.

* Noonan v. Staples (1st Cir. Feb. 13, 2009). Truth is NOT an absolute defense to defamation in Massachusetts, which apparently also has seceded from the Union because the First Amendment no longer seems to apply.

* Neuwirth v. Silverstein, 2009 WL 294737 (Cal. App. Ct. Feb. 9, 2009). Reiterating that a website can be a public forum for purposes of anti-SLAPP laws. The CMLP writeup.

* Douchebags Lawsuit dismissed. Marc Randazza mocks the lawsuit.

* Rios v. Fergusan, 2008 WL 5511215 (Conn. Super. Ct. Dec. 3, 2008). Connecticut court has jurisdiction to issue restraining order against North Carolina man who posted YouTube video threatening Connecticut woman.

* Fahmy v. Hogge, 2009 WL 33418 (C.D.Cal. Jan. 2, 2009). Court denies Fahme's motion to set aside the dismissal based on lack of jurisdiction because Fahme made the error that caused the dismissal.

* 24Grille v. TripAdvisor (complaint filed April 2, 2009). Restaurant sues TripAdvisor for anonymous TripAdvisor review. Hello 230!

* Censorious laws brewing in WV and NJ.

Yelp

I have been meaning to post about my experiences with Yelp as a reader and a writer, but that has been repeatedly deferred. So, instead, how about a quick recap of Yelp’s woes? Yelp has been under the microscope quite a bit in the last few months.

* Wendy Davis recaps all the Yelp-related litigation she and I could find--at least 5 known cases. CMLP recaps a couple of the lawsuits.

* This East Bay Express article about Yelp caused quite a stir. It was followed up with more attributed sources. A number of other media outlets covered Yelp, including News.com and the NYT. For a full rundown of Yelp haters, check out the Eater coverage.

Wikipedia

* 25 Biggest Blunders in Wikipedia History.

* Two books about Wikipedia I’ve been checking out.
- Wikipedia, the Missing Manual.
- How Wikipedia Works.

Pornography

* Mukasey v. A.C.L.U., No. 08-565. The Supreme Court declined the cert petition regarding the challenge to the 1998 Child Online Protection Act, officially killing the law after a decade of litigation. Putting aside the merits of the law, it would have been a huge shock to the Internet community to have a circa-1998 criminal act resurrected! I'd like to think Congress will be wiser than to try to criminalize Internet porn a third time, but the regulation of Internet porn is like a siren song to Congressmembers.

* State v. Hurst, 2009 WL 580453 (Ohio App. Ct. March 6, 2009). From the unfortunately-named Licking County courts, the defendant downloaded 14,000 pornographic photos into his work computer's local cache in a five day period (he acknowledged he spent 70% of his workday downloading porn). An expert said that about 50 of the photos were child pornographic. The defendant was convicted of possessing child pornography even though he argued that he didn't intentionally download the photos, getting a 39 month sentence and classified as a sex offender.

* Excellent article by Colette Vogele on suing over a sex tape.

Gambling

* The credit card payment systems blocked the New Hampshire Lottery due to the Unlawful Internet Gambling Enforcement Act of 2006.

* Peer-to-peer gambling OKed in Washington.

Posted by Eric at 12:53 PM | Content Regulation , Derivative Liability , Internet History , Privacy/Security | TrackBack

April 10, 2009

Q1 2009 Quick Links, Part 2

By Eric Goldman

Trademarks/Domain Names

* The ridiculous Jones Day v. BlockShopper case settled. The settlement agreement. The ABA Journal and Legal Blog Watch stories. Commentary from CMLP, Paul Levy, Tom O'Toole.

* The trial court denouement of the S&L Vitamins v. Australian Gold did not turn well for the defense--$6M jury award. The S&L Vitamins v. Australian Gold and Designer Skins v. S&L Vitamins cases subsequently settled. According to Ronald Coleman: "This settles, for our clients S&L Vitamins, Inc., the Australian Gold case and the related appeal in the Designer Skin case. All money judgments are vacated and parties bear their own fees. Our client agrees to move on to another line of work, however."

* Twelve Inches Around Corp. v. Cisco Systems, Inc., 2009 WL 928077 (S.D.N.Y. March 12, 2009). 17 USC 512(f) does not cover trademark takedown notices.

* Suarez Corp. v. Earthwise, 2008 U.S. Dist. LEXIS 92931 (W.D. Wash. Nov. 14, 2008). Including a competitor's name in a web page disclaimer creates initial interest confusion when the competitor's name is indexed by the search engines. Compare Promatek v. Equitrac, the 2002 7th Circuit case ordering the defendant to include the plaintiff's name on its web page as a cure for initial interest confusion.

* CRS Recovery v. Laxton, 2008 WL 4408001 (N.D. Cal. Sept. 26, 2008). Another California-based court says that domain names are property that can be converted. I'm amazed that these cases are still being brought.

* North American Bushman, Inc. v. Saari, 2009 WL 211932 (M.D. Pa. Jan. 27, 2009) The parties entered into a settlement agreement that "Plaintiffs further agree not to use, and in addition, to offer up or destroy, any material that includes, but is not limited to, the names, photos, images, embroideries, of likeness of [Defendant] James Saari and any of the a above named trade names and trademarks of Defendants." The court holds that this provision wasn't breached when third party users posted comments referencing the defendants in UGC areas of websites operated by the other party.

* Advice Co. v. Novak, 2009 WL 210503 (N.D. Cal. Jan. 23, 2009). Justia page. Stupid lawsuit alert! Attorneypages.com believes Attorneyyellowpages.com infringes its trademark. Case dismissed for lack of personal jurisdiction. Participating in Google AdSense doesn't automatically create jurisdiction in CA.

* DSW v. Zappos, which involved allegations of trademark infringement based on Zappo's affiliates, settled.

* An update on Google's AdWords woes in France.

* Kiva Kitchen & Bath Inc. v. Capital Distributing Inc., 2009 WL 890591 (5th Cir. April 2, 2009). The Fifth Circuit upholds enhanced damages under ACPA. Good discussion of the purpose of damages in the ACPA.

* Toys R Us buys the domain toys.com for over $5M. Is any domain name worth $5M any more?

* A 2007 interview with "Pokey" of Pokey.org fame. This is one of my favorite domain name disputes from the 1990s. A very smart cyberlawyer (Ian Ballon), on behalf of the trademark owners of Pokey & Gumby, unexpectedly got into a public tangle with a 12 year old kid nicknamed "Pokey" over the domain name pokey.org. Debating 12 year old kids in the press never turns out well.

Advertising/Marketing

* Some new material on behavioral advertising: an FTC report and a CRS report.

* Latest NYT article on human billboards. See my prior blog post.

* Privacy advocates are freaking out about Google Android and its ability to deliver location-based information and ads. But location-based information and ad targeting is inevitable...and a good thing.

* Action over mobile marketing: Mobile Messenger settled a false advertising suit with Florida for $1M, and another settlement. Google's response.

* The class in the "Vista Capable" lawsuit was decertified.

* Tsan's post on the latest FTC efforts to rein in testimonials on social networking sites and blogs. Unfortunately for the FTC, some of its efforts may be preempted by 47 USC 230.

* eBay v. Digital Point Solutions, 2009 WL 481269 (N.D. Cal. Feb. 24, 2009). eBay loses an intermediate round in its cookie stuffing lawsuit against Digital Point Solutions.

* e360, a serial defendant in spam cases, sued Choicepoint for selling it email addresses that led to the suits. Apparently neither e360 nor Choicepoint got the memo that the days of email list brokering are dead.

* 10 Creative Bathroom Ads.

Search Engines

* Study: Google's search lead not matched by loyalty. A critical response.

* Is Google giving big brands extra credit in its organic search results rankings? Compare: media giants complaining they don't get enough weighting in organic results.

* Sign of improving consumer search skills: search queries are getting longer.

* Yahoo reserves the right to "auto-optimize" advertiser accounts by changing ads and advertiser bids automatically. This is not a popular move.

* Wired: The Plot to Kill Google.

Posted by Eric at 10:20 AM | Domain Names , Internet History , Marketing , Search Engines , Spam , Trademark | TrackBack

March 19, 2009

IEEE ComSoc SCV Talk: "Engineers' Role in Internet Law Development"

By Eric Goldman

Last week, I gave a talk at a meeting of the IEEE Communications Society, Santa Clara Valley chapter. I don't often get the chance to speak to a group of engineers, so I decided to go in a little different direction than my normal talks. I gave a procedure-oriented talk about how lawyers and engineers can work together to improve legal compliance. Along the way, I pointed to the Roommates.com and Cablevision cases as two case studies of how product design choices can influence the legal analysis (one good, one bad). My talk slides.

Posted by Eric at 10:25 AM | Copyright , Derivative Liability , Internet History | TrackBack

March 11, 2009

The Third Wave of Internet Exceptionalism

By Eric Goldman

[I initially wrote this as an editorial for our University magazine and republished that version through InformIT as well. Here's the original unedited version I submitted.]

From the beginning, the Internet has been viewed as something special and “unique.” For example, in 1996, a judge called the Internet “a unique and wholly new medium of worldwide human communication.”

The Internet’s perceived novelty has prompted regulators to engage in “Internet exceptionalism,” crafting Internet-specific laws that diverge from regulatory precedents in other media. Internet exceptionalism has come in three distinct waves:

The First Wave: Internet Utopianism

In the mid-1990s, some people fantasized about an Internet “utopia” that would overcome the problems inherent in other media. Some regulators, fearing disruption of this possible utopia, sought to treat the Internet more favorably than other media.

47 USC 230 (a law still on the books) is a flagship example of mid-1990s efforts to preserve Internet utopianism. The statute categorically immunizes online providers from liability for publishing most types of third party content. It was enacted (in part) “to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services, unfettered by Federal or State regulation.” The statute is clearly exceptionalist because it treats online providers more favorably than offline publishers—even when they publish identical content.

The Second Wave: Internet Paranoia

Later in the 1990s, the regulatory pendulum swung in the other direction. Regulators still embraced Internet exceptionalism, but instead of favoring the Internet, regulators treated the Internet more harshly than analogous offline activity.

For example, in 2005, a Texas website called Live-shot.com announced that it would offer “Internet hunting.” The website allowed paying customers to control, via the Internet, a gun on its game farm. An employee manually monitored the gun and could override the customer’s instructions. The website wanted to give people who could not otherwise hunt, such as paraplegics, the opportunity to enjoy the hunting experience.

The regulatory reaction to Internet hunting was swift and severe. Over 3 dozen states banned Internet hunting. California also banned Internet fishing for good measure. However, regulators never explained how Internet hunting is more objectionable than physical space hunting.

For example, California Sen. Debra Bowen criticized Internet hunting because it “isn't hunting; it's an inhumane, over the top, pay-per-view video game using live animals for target practice….Shooting live animals over the Internet takes absolutely zero hunting skills, and it ought to be offensive to every legitimate hunter.”

Sen. Bowen’s remarks reflect numerous unexpressed assumptions about the nature of “hunting” and what constitutes fair play. In the end, however, hunting may just be “hunting,” in which case the response to Internet hunting may just be a typical example of adverse Internet exceptionalism. [For more, check out my 2005 editorial on Internet hunting.]

The Third Wave: Exceptionalism Proliferation

The past few years have brought a new regulatory trend. Regulators are still engaged in Internet exceptionalism, but each new advance in Internet technology has prompted exceptionalist regulations towards that technology.

For example, the emergence of blogs and virtual worlds has helped initiate a push towards blog-specific and virtual world-specific regulation. In effect, Internet exceptionalism has splintered into pockets of smaller exceptionalist efforts.

Regulatory responses to social networking sites like Facebook and MySpace are a prime example of Internet exceptionalism splintering. Rather than regulating these sites like other websites, regulators have sought social networking site-specific laws, such as requirements to verify users’ age, combat sexual predators and suppress content that promotes violence. The result is that the regulation of social networking sites differs not only from offline enterprises but from other websites as well.

Implications

Internet exceptionalism is not inherently bad. In some cases, the Internet truly is unique, special or different and should be regulated accordingly. Unfortunately, more typically, exceptionalism cannot be analytically justified and instead reflects regulatory panic.

In these cases, regulatory exceptionalism can be harmful, especially to Internet entrepreneurs and their investors. It can distort the marketplace between web enterprises and their offline competition—occasionally advantaging the website (such as 47 USC 230), but typically hindering the web business’ ability to compete. In extreme cases, such as Internet hunting, unjustified regulatory intervention may put companies out of business.

Accordingly, before enacting exceptionalist Internet regulation, regulators should articulate how the Internet is unique, special or different and explain why these differences support exceptionalism. Unfortunately, emotional overreactions to perceived Internet threats or harms typically trump such a rational regulatory process. Knowing this tendency, perhaps we can better resist that temptation.

Posted by Eric at 12:20 PM | Content Regulation , Derivative Liability , Internet History | TrackBack

February 20, 2009

Facebook User Agreement Imbroglio Recap (and Some Comments of My Own)

By Eric Goldman

I didn't have a chance to blog on the Facebook user agreement amendment flap in real-time, but now that Facebook has rolled back its amendments and everyone is catching their breath, the Monday morning quarterbacking is proceeding in full earnest. Some of the articles that caught my attention:

* CNET News.com: "Facebook's about-face: Change we can believe in?"

* InternetNews: "Experts: Facebook Must Rethink TOS Stance"

* EFF: "Facebook's reaction is a tremendous victory for its users." I guess that's true, in the way that getting back to zero at a casino sometimes can be considered a win.

* Bill McGeveran powerfully (and with irony) demonstrates that Facebook's terms weren't all that unusual. Et tu, Consumerist?

Some of my own observations:

* When you're a high-profile company living in the media fishbowl like Facebook, there is no such thing as a minor amendment to your user agreement.

* Facebook's amendments--and the news reports about them--were confusing for two independent but often correlated problems. First, lay readers often misread user agreements, especially broad license grants that users mistakenly read as statements of ownership. This is a well-known and long-standing phenomenon; see, e.g., the flap over GeoCities' user agreement from a decade ago. So initial news reports on Facebook's amendments were garbled and perhaps overly dramatic.

Second, Internet lawyers often draft user agreements using legalese in ways that make the agreements indecipherable to lay readers...and, not infrequently, to other lawyers. Having drafted a lot of them in my life, I'm a pretty sophisticated reader of user agreements, yet it took me a fair amount of time to parse Facebook's license terms to figure out what they were saying--and, even then, I wasn't quite sure. In particular, the "perpetual" and "irrevocable" terms in the license agreement were in seeming conflict with Facebook's promise in the same license grant to honor a user's privacy settings. In other words, if a user can set the configurations to remove content from Facebook's purview and Facebook will honor those instructions, then how is Facebook's license grant irrevocable? Unless I'm missing something big, this looked to me like a drafting error by Facebook. (And check out Nancy Kim's op-ed identifying this exact issue--in March 2008).

This suggests a drafting lesson we might internalize from Facebook's hassles (Jonathan Zittrain makes a complementary point). We as Cyberlawyers are used to parroting the exact words from the applicable statutes and caselaw because it seemingly increases the precision of the agreement, but frankly I think Facebook and other Internet companies would do a whole lot better--both legally and in the court of public opinion--if it junked the legalese and actually tried to write license grants in real English.

* Partially obscured in the haze is the lurking question of whether Facebook can unilaterally amend its user agreement without providing any notice to users. I don't even see this as a close question. From my reading of the precedents, I think the answer is pretty emphatically NO, both as a matter of contract law (and see more; but compare MySpace v. theglobe.com) and FTC law (see, e.g., the Gateway Learning case). Without a doubt, I wouldn't want to be Facebook trying to defend the new incremental changes in court.

* I got a few inquiries about whether a lawsuit against Facebook would have been successful. As Ethan explained recently, there may be unexpected hurdles to any such lawsuits.

* Now that Facebook has stirred the hornet's nest, it's not clear that they can simply roll back to the prior version of the user agreement and put everyone back in the happy apple. Instead, having called attention to its licensing policies, Facebook will be lucky if the pre-amendment terms survive as those undergo critical and jaundiced scrutiny from users. David Kirkpatrick touches on this.

* No matter how Facebook resolves its agreement, this episode has been damaging to its trust relationship with its users. It gives users yet another reason to question whether Facebook is a site we can trust. For users who lived through the Newsfeed and Beacon episodes, this may be a three-strike situation. For others, the fracas is yet another wedge in the users' relationship with Facebook. Trust is hard to earn and easy to lose.

Having said that, in the past couple of quarters, Facebook has been riding a strong network effects bull and seeing remarkable growth DESPITE Beacon. So Beacon clearly did not destroy users' trust in Facebook. At the same time, if users fall out of love of Facebook due to loss of trust, they will scale back their involvement with Facebook, which ultimately could negate the network effects benefits they are currently experiencing. IMO, this is the real risk created by Facebook's highly publicized problems.

Posted by Eric at 08:57 AM | Internet History , Licensing/Contracts , Privacy/Security | TrackBack

February 06, 2009

2008 Cyberlaw Year-in-Review

By Eric Goldman

It's a sign of my schedule that I'm just now getting to this, and this post will be more pithy than I initially conceived. This post recaps some of the Cyberlaw highlights from last year. Frankly, the two biggest stories of 2008 were the financial markets meltdown and the ascension of President Obama, neither of which have a lot of Cyberlaw angles. In light of those big developments, Cyberlaw in 2008 was comparatively quiet. However, there is still plenty of interesting developments to revisit.

Broad Themes

A few broad themes emerged last year:

* Ludicrous trademark claims. 2008 hardly had a monopoly on dumb trademark claims; those are perennial. But 2008 certainly saw some asinine entries, including putative Cyberlawyer Eric Menhart's claim to own a trademark in the term "Cyberlaw," Jones Day's efforts to claim that a web page referencing its name as the employer of some homebuyers violated its trademark rights, and putative Cyberlawyer John Dozier's claim that if his name is used as anchor text, the link must go to his website or it violates his trademark right.

* This was a good year for expansive readings and applications of user agreements. Some examples:
- the Lori Drew prosecution, where Lori was convicted of violating an agreement that someone else clicked through.
- Jacobsen v. Katzer, where a user of copyrighted material is bound by a contract that he/she never clicked through at all.
- AV v. iParadigms, where kids were not allowed to void a user agreement despite their status as minors (and despite the fact that some of them had no meaningful choice about whether or not to consent).
- JuicyCampus enforcement action, where the New Jersey Attorney General's office tried to treat a negative user behavioral restriction in a user agreement as an affirmative marketing representation that such user behavior would not occur on the site.

* One of the long-standing Cyberlaw memes is that websites must either be passive conduits to avoid liability or active editors to manage their liability, but if a website chooses the latter, the website is liable for any editorial mistakes. That is, if the website edits its site but misses something, it's fully liable for what it missed. This simply isn't true under 47 USC 230, which allows websites to choose to be passive, active or anything in between without varying liability. In the IP context, this passive v. active meme has had more traction, but 2008 saw two solid cases suggesting that if a website tries to police its premises and fails, courts will be sympathetic and excuse any omissions. Example #1: Tiffany v. eBay, where the court gave eBay extra credit for its VeRO program as a basis to excuse any counterfeit goods that slip through. Example #2: Io v. Veoh, where the court was more willing to excuse Veoh because it had undertaken extra policing efforts than was required for the 17 USC 512 safe harbor. Finally, although not an IP case, the court in Cisneros v. Yahoo also lauded search engines for their affirmative efforts to block gambling ads, which the court acknowledged was a hard challenge.

* Despite some adverse rulings early in the year, punctuated by the Ninth Circuit's en banc ruling in Roommates.com, the 47 USC 230 immunization is still extremely robust. We saw a number of expansive and pro-defense rulings per 230 throughout the year, including Craigslist, Doe v. MySpace, Cisneros v. Yahoo and Goddard v. Google. Perhaps more importantly, in the three 230 cases I've seen since Roommates.com that cited to the opinion, all three cited the opinion in ruling for the defense.

* Battles over keyword advertising are hardly over, even though Utah officially backed off its attempt to ban them. The ABA IP Section tried to get into the act, and American Airlines sued Google, settled, and then sued Yahoo.

Top 11 Cyberlaw Developments of 2008

#11: Utah Trademark Protection Act repealed. The Utah Trademark Protection Act had the potential to throw the entire keyword advertising business into turmoil. Instead, now that it's repealed, it just remains as a dramatic reminder of the Utah legislature's incompetence regarding Internet legislation.

# 9 and 10: Fair Housing Council v. Roommates.com and Goddard v. Google. The Roommates.com en banc opinion makes the list based mostly on its potential consequences, not its actual effect. It remains one of the most significant pro-plaintiff incursions into the solidly defense-favorable interpretations of 47 USC 230, but it's so riddled with contradictory and ambiguous language that no one really knows what to do with it. I think Judge Fogel's reading of the case in Goddard v. Google has the potential to become the defining interpretation of the case, and his solidly defense-favorable reading of the precedent in excusing Google for ads placed by its advertisers may only reinforce how little Roommates.com changed the law.

#8: AV v. iParadigms. This case was a terrific win for online fair use enthusiasts because the for-profit commercialization of a database of third party copyrighted works was still deemed fair use. The upholding of the contract against the minors forced to enter into it was also significant. Before this ruling, my assumption is that any plaintiff trying to form a class action lawsuit in the face of an adverse user agreement could always form the class on behalf of any minors who had the right to void the contract. This case seems to shut down that loophole in user agreement protection.

#7: Io v. Veoh. The 17 USC 512(c) safe harbor has been law for over a decade and has produced a couple dozen rulings, but few are cleaner and more decisive for the defense than this one. It was a textbook example of a court rejecting the many different arguments plaintiffs make to kick a defendant out of the safe harbor, and as mentioned before, it was a great validation for Veoh's decision to do more than 512 required.

#6: Jacobsen v. Katzer. From a doctrinal standpoint, this case raises really difficult questions about how a copyright consumer can be bound to terms that he/she never "assented" to. Even so, this case had huge implications because it effectively validated that open source licenses can be binding on licensees, giving much more legal credibility to the entire multi-billion open source software industry. However, an odd footnote: on remand, the district court denied an injunction for the plaintiff, raising more issues about what exactly the plaintiff won at the Federal Circuit.

#5: Tiffany v. eBay. A fantastic validation of eBay's practices against a very serious and sympathetic challenger who had plenty of evidence that counterfeit goods were being sold on eBay's site. The case also shows that courts can grow tired of IP owners simply making up their own rules about how online sites should protect them and then suing the sites for breaching these artificial rules.

#4: Mazur v. eBay. A more scary case to 47 USC 230 defense enthusiasts than the Roommates.com opinion. The court says that eBay isn't protected by 230 for some of the marketing representations it makes, even if those representations are rendered untrue by third parties. While this makes a lot of doctrinal sense, it is also a green light for plaintiffs to mine a website's marketing representations as a way to bypass the otherwise-fatal consequences of 230 on a lawsuit triggered by user behavior or content.

#3: Google Book Search settlement. This makes the list for two independent reasons. First, many folks were hoping the case would establish solid precedent on online fair use, and the settlement ended that hope. Second, the proposed Book Rights Registry has the potential to reshape a number of major industries, including the book publishing business, the book retailing industry and the library industry.

#2: the Lori Drew prosecution. I think this may have been the most polarizing Cyberlaw development of 2008, exposing deep divides in people's appetite for punishing bad conduct online. It's hard to assess the overall implications of her conviction because no one rallied to praise Lori Drew's choices, and her case is still a ways from a final legal outcome. However, the possible implications of the case were so complex that it took a special three part series for me to explore its nuances (1, 2, 3).

#1: Cartoon Network v. CSC (the "Cablevision" case). Boy, the more I think about this case, the more important it becomes. The case upends our assumption that if we see it online, it's fixed, creating a new class of unfixed electronic works. Also, the court treats the users, not the service, as making the requisite copies, which reinforces the possibility that online providers can be just "dumb technology providers" for copyright law purposes and reinvigorates the possible defense that a service provider's copying is just done as a proxy for its users. However, the Supreme Court's ambiguous response to the cert petition--not yes, not no, but a request to the Solicitor General for comments--leaves this decision in a precarious position.

Other Developments of Special Note

47 USC 230

* Doe v. MySpace. The Fifth Circuit soundly rejects the argument that MySpace had an obligation to police its “premises.”

* Craigslist. Judge Easterbrook's language in Doe v. GTE had given plaintiffs some hope that the Seventh Circuit would provide a friendly venue to plaintiffs trying to overcome 47 USC 230. Judge Easterbrook may still love his language (which he quoted extensively in the Craigslist ruling), but his practical and no-nonsense ruling for the defense squelches the hope that the Seventh Circuit will become a plaintiff's haven.

* New Jersey's enforcement action against JuicyCampus. State AG offices HATE 47 USC 230.

Affiliate Liability

* Impulse Media. A jury thumped the FTC's overly expansive views of affiliate liability for spam.

* NY v. Direct Revenue. A state judge emphatically rejected the NY AG's office's expansive views of affiliate liability for adware.

Trademarks/Domain Names

* American Airlines' lawsuits against Google and Yahoo. No one I know fully understands why American Airlines sued Google for selling its trademarks for keyword ads. No one I know understands what concessions Google gave to American Airlines to settle the case. And no one I know understands why American Airlines decided to sue Yahoo after procuring the Google settlement. It's all a big mystery.

* NSI's grabbing of domain names in response to WHOIS queries. Is there any better example of ICANN's failings to police domain name retailers than to have one retailer selling a scarce good grabbing the good exclusively (blocking attempted sales by all other retailers) when a customer merely inquires about it?

* Kentucky's attempted seizure of 141 gambling-related domain names. As I wrote before, "Is a domain name property? Yes. See the Sex.com case. Can a plaintiff seize a domain name pursuant to a favorable judgment? Yes. Is it appropriate for Kentucky to seize domain names for gambling websites available in Kentucky? Of course not, because this would effectuate an extraterritorial reach by curtailing non-Kentucky residents from making possibly legal uses of the domain name."

* Eric Menhart, a lawyer who claims to practice Cyberlaw, doesn't know that Cyberlaw is a generic term.

* New gTLDs. Maybe I should reserve this development for 2009...if it happens.

Others

* McCain complains about 512(c)(3) notices taking down his YouTube videos. Surprise! 512(c)(3) notices are unforgiving. Sen. McCain, now that you've had a first-hand taste of their power, maybe you'd like to revisit the statute to see if it's producing the right incentives?

* FCC's bust of Comcast. The pro-regulatory forces were queued up to pounce on any examples where an IAP violated Net Neutrality principles, and Comcast's chicanery in forging reset packets was impossible for anyone to defend.

* NebuAd's flameout. Behavioral ad targeting is in our future unless regulators stop it. NebuAd won't be the winning provider of targeting services, but legislators will keep trying to regulate it further out of existence nonetheless.

Posted by Eric at 05:50 PM | Adware/Spyware , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Spam , Trademark | TrackBack

February 03, 2009

Social Networking Sites and Blogs Talk for Students

By Eric Goldman

Today I gave a talk entitled "Social Networking Sites and Blogs" for the on-campus Student Intellectual Property Law Association (SIPLA). My slides. In conjunction with this, I thought it might be useful to organize a bibliography of my previous postings and materials on these topics.

Blogs Generally

* Three part series on blogging: How I decide which blogs to read?, Should I blog? and If I decide I want to blog, how do I get started?

* LexBlog Q&A with Rob La Gatta, parts 1 and 2

* Bay Area Blawgers census

* Blogging, Scholarship and the Bench and Bar Panel Recap

* North Carolina Blogging Conference Recap

* Recaps of the first and third gatherings of the Bay Area Blawgers

Blog Law

* Co-Blogging Law

* Blog Law Recap

* A Guest Blogger's "Meta" Post About Guest Blogging

* Blog Content Aggregation, RSS Feeds and Copyright Law

* Steinbuch v. Cutler: New Lawsuit Over Blogging--Steinbuch v. Cutler, Steinbuch v. Cutler Update--Cutler's Motion to Dismiss, Steinbuch v. Cutler Update, Steinbuch v. Culter Update: Cox Out, Cutler Bankrupt, Steinbuch's Second Battlefront Against Cutler Shut Down

* BidZirk v. Smith: Griping Blog Post Leads to Lawsuit--BidZirk v. Smith and Blogger Wins Lawsuit Over Gripe Post--BidZirk v. Smith

* Defamation Lawsuit Against Blogger Dismissed on Jurisdictional Grounds--Fahmy v. Hogge

* Bloggers' Defamation Liability Not Dismissed--Saadi v. Maroun

* Blogger Protected by Anti-SLAPP Statute--GTX v. Left

* Connecticut Blogger Not Subject to Texas Jurisdiction--Healix Infusion v. Helix Health

* Co-Blogger Identity Isn't Disclosed via 512(h), but Takedown Letters Are Copyrightable

* Blog Defamation Lawsuit Lacks Jurisdiction--TrafficPower.com v. Seobook.com

Social Networking Sites Generally

* Social Networking Sites and the Law

Facebook

* Facebook v. ConnectU. See also Facebook's Lawsuit Against Competitive Email Harvesting Continues--Facebook v. ConnectU

* Telephone Numbers as Identity Authenticators--Abrams v. Facebook

MySpace

* MySpace Defeats Sherman Antitrust Claim for Blocking Links to Competitor--LiveUniverse v. MySpace

* Lori Drew Conviction Reflections Parts 1, 2 and 3. See also Lori Drew Prosecuted for CFAA Violations--Some Comments, and a Practice Pointer

* MySpace Gets 230 Win in Fifth Circuit--Doe v. MySpace. See also MySpace Suit for Liability for Sexual Assault Dismissed and Doe v. MySpace.com --- Continued

* Principal Loses Lawsuit Against Students and Parents Over Fake MySpace Page--Draker v. Schreiber

* MySpace v. theglobe.com

Other Social Networking Sites

* Website Isn't Liable When Users Lie About Their Ages--Doe v. SexSearch and Doe v. SexSearch Affirmed by 6th Circuit, But Not on 230 Grounds

* Xanga.com Busted for COPPA Violation

* Erika Rottenberg talk recap

Posted by Eric at 01:25 PM | Content Regulation , Derivative Liability , Internet History | TrackBack

January 26, 2009

Decay Rates of Committed Online Community Members--an Epinions Case Study

By Eric Goldman

Building on several previous blog posts, I am writing up a extended discourse explaining why Wikipedia will fail. A key part of my argument is that committed Wikipedians will turn over faster than they can be replaced. Unfortunately, I'm not aware of a study of Wikipedian turnover rates. However, I had a rough sense of turnover rates in the Epinions community, and I was able to consult some publicly available data to do a quick 'n' dirty empirical study. Here's what I came up with (I did the data review at the end of December 2008):

I looked at Epinions’ top 20 most popular authors in 1999 to see if they were still active on the site, which I defined as writing at least one opinion in the past 12 months (i.e., in 2008). I manually reviewed each of the top 20 reviewers' profile pages. According to my definition, only seven of the top 20 (35%) still actively contribute to Epinions, meaning that 65% of those early power users have turned over in 9 years.

Indeed, six of the 20 (30%) have stopped coming to Epinions at all, and thus their accounts are no longer active. An explanation of inactive Epinions accounts: Epinions generally expires accounts if the person has not visited the site within a certain number of months (I'm not sure what the period is nowadays). Among other consequences of inactivity, Epinions wipes out any earnings that haven't been cashed out before expiration. Most Epinions reviewers don't earn a ton of money, but power reviewers with very popular opinions generally should be earning enough that they would be willing to expend a minimal effort to keep the cash coming. As a result, inactive members have an incentive to keep visiting the site occasionally and cashing out earnings even if they are no longer interested in continuing to write. The fact that 30% of them gave up the cash entirely is interesting to me.

The 1999 class of power Epinions reviewers is special in part because of the unique circumstances of the dot com bubble and the very high payouts that Epinions offered to "prime the pump" of reviews. Thus, many reviewers were drawn to the site by the opportunity to earn lucrative amounts, and it may not be surprising that these users turned over (in some cases, in disgust) when payout rates were significantly reduced during the dot com bust.

For comparison, I also looked at the top 20 most popular authors in 2003, many of whom either joined after the dot com bust or had acquiesced to Epinions' reduced payouts by this time. This has been a much more stable group: 15 (75%) are still active contributors, and none of the 20 have inactive accounts.

Putting the two stats together (and acknowledging the many weaknesses of this limited empirical review), I see a community decay rate among Epinions' most committed members of:

* 25% after 5 years
* 65% after 9 years

I'm not sure if this decay rate will look anything like WIkipedia's. Among other major differences, the glue that binds these reviewers to Epinions is different than the binding force for Wikipedia, because Epinions reviewers get both paid for their contributions (even if it's not a huge amount) and get much more reputational recognition than Wikipedians. (I'll explain more about cash and credit in the paper). Also, by definition all Wikipedians joined during or after the dot com bust, so they may have different and more manageable expectations than the early Epinionators.

If you are aware of any other studies of community membership decay rates, specific to Wikipedia or more general, I would be very grateful for the referral. Please email me. Also, if you would be interested in exploring this topic with me in a more scientifically rigorous way, let me know--I might be interested in doing a real study of this phenomenon at some point.

UPDATE: In a short amount of time, I've already gotten some email from people who want me to build out the entire argument about Wikipedia--basically, to see the full paper. I'm gratified by this because most of the time people recoil in horror at the thought of reading my academic papers. (Yes, this includes my mom, who is otherwise the most sympathetic audience a son could ask for). In any case, I'll be presenting the paper at Uniiv. of Colorado Boulder in early February and then I hope to post it online in a month or two after that. Thanks for your patience.

UPDATE 2: Jason Lee Miller's comments.

Posted by Eric at 04:09 PM | Internet History | TrackBack

November 14, 2008

Just who is an Internet access service provider under CAN-SPAM?

Worded to prevent lawsuits by individual email recipients, the federal CAN-SPAM Act limits who can bring suit for a CAN-SPAM violation. In addition to state and federal enforcers, the Act allows suits by "Internet access service providers." Just who are they, and can individuals find a way back in to court under this provision?

By Ethan Ackerman

One of the most distinct differences between the federal CAN-SPAM Act and state anti-spam laws is the federal law's restrictions on who may bring suit for a violation. Like many federal laws, it's vital to consider the environment in which it passed in attempting to understand the scope and intent of its provisions.

After several years of experience with state laws allowing individual email recipients to bring suit under state laws, and both actual and exaggerated instances of 'professional plaintiffs' bringing questionable suits against email marketers, many business and marketing lobbyists were eager to limit who could bring suits under a federal spam law. While efforts to expand or limit liability under federal laws are as old as the 1st Congress, 2003 was a notable high-water mark. At the same time as, and in the same Congress as, the CAN-SPAM Act, similar Acts altering liability standards and raising barriers to lawsuits and class actions were being passed under the mantra of "tort reform." Limitations on environmental and manufacturer liability, extending sovereign immunity to vaccine developers, restrictions on class actions, preemption of state enforcement and consumer protection laws, statutorily-mandated settlements of active court litigation - these were some of the hallmarks of the 108th Congress' involvement with the judicial branch.

In this environment, it's not surprising that various provisions in the CAN SPAM Act were negotiated back and forth to expand or contract liability, standing and preemption. This blog has previously covered the preemption back-and-forth, but similar negotiation went into just who could sue, and how, and where, and for how much under the CAN SPAM Act.

The final version of s.877 signed into law in 2003 that became the CAN SPAM Act reflects the compromises on several issues necessary to get sufficiently broad political support. This post will attempt to identify each of those issues in turn.

The final bill allows suits by a broad swath of federal regulatory agencies to enforce the law, including most notably the FTC. The scope of state officials' enforcement of the federal law, and just who else could sue, was somewhat more disputed. Prior year versions of the bill allowed suits in state as well as federal court. The initial Senate version of s.877 also allowed suit in federal or state court, but the final version negotiated with the more lawsuit-averse House of the 108th Congress restricted suits to only US federal District Courts, and now redundantly also granted the relevant federal agencies additional authority to removes suits filed by States to federal courts.

The issue of caps on damages and attorney's fees was also near and dear (or anathema) to many in the 108th Congress, and extensive changes exist between various versions of the bill as conditions were horse-traded and various constituencies weighed in. State enforcement statutory damages swung from $20 to $250 over the course of the different Congresses, with treble damages being available, then dropped and replaced with discretionary 'aggravated' damages possibilities. State enforcers' attorneys fees similarly went from mandatory to discretionary between the introduced Senate version and House-approved version. Statutory damages for internet access providers saw similar swings and horse trading, ultimately with certain egregious violations triggering $100 damages and other damages valued at $25, a far mark from a proposed 'up to $10.' Damages caps were also a feature, but swung from as little as $500,000 to in some cases $3 million.

Similarly, the political demands of the House resulted in additional, heightened pleading standards for civil suits by anyone other than federal enforcement agencies. These heightened standards, absent in the initial Senate version but added in sections 7(f)9 and 7(g)2 of the final version, raised a scienter pleading requirement for state enforcers and constricted the definition of 'procure' for suits brought by Internet access providers.

But back to the big difference

As initially indicated, the biggest difference between most state and the federal anti-spam law is the absence of a private right of action for spam recipients in the federal law. In the 108th Congress, a general private right of action was a non-starter. Even the initial Senate version of the bill restricted suits to enforcement officials and Internet access providers. Contrary to the desires of state enforcers from state with such provisions, and apparently an uncomfortable concession from the minority Democrat sponsors, the absence of a private right of action was a stated minimum.

The final wording of Section 7 of the CAN SPAM Act specifies who can bring suit, listing first federal enforcement, then state enforcement, and finally granting Internet access providers the right to bring some civil suits. So who is an 'Internet access provider'?

The short answer - the definition written in the 'definitions' section of CAN SPAM - is that the "term `Internet access service' has the meaning given that term in section 231(e)(4) of the Communications Act of 1934 (47 U.S.C. 231(e)(4))." This somewhat unenlightening reference leads to the actual statutory definition of:

The term “Internet access service” means a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.

This broad definition originally was passed into law as part of the earlier Child Online Protection Act (not to be confused with the Childrens' Online Privacy Protection Act). Importantly, CAN SPAM also used other definitions from other prior laws defining similar terms. One example, one short line above the CAN SPAM 'internet access provider' definition, is the definition of 'Internet.' CAN SPAM defines 'Internet' by reference to the earlier passed Internet Tax Freedom Act, 47 USC 151 note. Importantly, CAN SPAM did not adopt the much narrower, more ISP-centric definition of 'internet access provider' in that Act. The Internet Tax Freedom Act defines an internet access provider as "a person engaged in the business of providing a computer and communications facility through which a customer may obtain access to the Internet..."

This definitional difference is important because CAN SPAM was written with service providers above and beyond just then-traditional modem-pooling, DNS-providing traditional ISPs in mind. Spam impacts next-generation services like online website hosts, online email providers, online proxies and filtering services, and CAN SPAM was drafted to take into account not just the dial-up AOLs of the world, but also the Rackspaces, the Hotmails, and the TUCOWs.

So courts have uniformly picked up this clear distinction, right?

If they had, what would there be to write about? While CAN SPAM was commonly understood to prevent end-user lawsuits, that portion of the law is implicit, not explicit. CAN SPAM was, however, explicitly written broadly to cover all, even the as-of-yet-uninvented, online service providers that spam negatively impacted. Unfortunately, subsequent court cases addressing the issue of whether it is an 'internet access provider' bringing suit have sometimes attempted to reinsert traditional ISP-style definitions into the Act.

A recent case getting the issue correct is Haselton v. Quicken Loans Inc.. Though anti-filtering activist Bennett Haselton, administrator of peacefire.org, sued Quicken in his individual capacity, separately incorporated Peacefire also was a named plaintiff. Defendant Quicken made much of the fact that Haselton was the sole employee of the organization and alleged Haselton was simply an individual end-user filing suit. Haselton countered, and the court agreed, that Peacefire's filter-circumventing service, even if operated only by Haselton, was clearly an 'internet access service provider' within the meaning of the Act.

Unfortunately, other courts, and commenters, have often channeled their skepticism over the litigation intentions of a plaintiff into interpreting this broad definition narrowly. For example, the Gordon v. Virtumundo court's palpable disagreement with serial plaintiff Gordon's litigation intentions and strategy led it to reach to hold, contrary to the plain wording of the definition, that Gordon's multi-user internet email service was not a " a service that enables users to access ...electronic mail... offered over the Internet." UPDATE

While they may be legitimate concerns over the capacity and legitimacy of serial plaintiffs' anti-spam suits, courts can address them without resorting to unnecessarily adjusting definitions in the statute. In Hypertouch v. Kennedy-Western University, for example, the court correctly recognized that an email service provider, even though small and providing accounts without charge, was nonetheless a 'internet access service provider.' As Eric blogged earlier, this court addressed its, and defendant's, concern that the plaintiffs allegations were inadequate and more properly addressed towards the actual marketing company in its ruling that plaintiff was an internet access service provider, but its claims were inadequate to survive a motion for summary judgment.

12/08 Update An observant Tri-cities reader gently corrects me, noting that Judge Coughenour ultimately did, contrary to what I suggested, conclude the plaintiff qualified as an Internet access service provider in Gordon v. Virtumundo. After reviewing all the criticisms and interpretation of legisaltive history and analogous cases that suggested Gorden was not intended to qualify, Judge Coughenour did ultimately conclude Gorden qualified "under the statute's capacious definition." So, my speedy reading aside, Gordon v. Virtumundo stands as an appropriate example of a court properly addressing questions about the propriety of a suit without narrowing the definition of an Internet access service provider after all.

Posted by Ethan Ackerman at 01:29 PM | Internet History , Spam | TrackBack

October 14, 2008

September 2008 Quick Links, Part 3

By Eric Goldman

eBay

* Universal Grading Service v. eBay, Inc. More fallout from the National Numismatic v. eBay case--another lawsuit alleging antitrust and defamation because eBay designated some coin rating services as preferred and impliedly devalued others.

* Windsor Auctions v. eBay has been refiled in a new jurisdiction.

* Mehmet v. Paypal, Inc., 2008 WL 3495541 (N.D. Cal. Aug. 12, 2008). Upholding the consequential damages waiver in PayPal’s user agreement.

* A company's failure in the marketplace can drive up the value of its collectibles on eBay.

Google

* Stelor Productions, Inc. v. Google, Inc., 2008 WL 4218107 (S.D. Fla. Sept. 15, 2008). In the lawsuit alleging that Google causes reverse confusion of Googles.com [warning: annoying music ahead], the plaintiff doesn't get to depose Sergey or Larry yet. Rose Hagan, Google’s long-time chief trademark counsel, is the lucky substitute.

* Lots of rhetoric in the Google/Yahoo ad syndication deal. Google’s advocacy website. Google Chief Economist Hal Varian explains why the deal won’t raise ad prices in the auction. Randall Stross weighs in.

* Google has changed course and now allows religious groups to advertise on the keyword “abortion.”

* Kubit v. Google Groups, 2:2008cv00738 (M.D. Fla. complaint filed Sept. 29, 2008):

I then would like to sue Google Groups for not removing the posts when I repeatedly asked them to for 2 years. I believe I am entitled to at least a small amount of compensation for the emotional distress and lost business income that has resulted from them allowing these posts to remain on their Google Groups, even though I offered them VERY solid proof that I do not have HIV. If they had stopped the posts when they first occurred, they would not have proliferated to hundreds of websites. I became suicidal for a period of time after the posts started. I incurred a lot of emotional pain and fear because of the posts and had to seek psychiatric and psychological help to get my life back together. I still suffer from fears of dating, living a public business life and trusting others.

Yes, this is a pro se complaint. Yes, it is preempted by 47 USC 230.

Marketing/Advertising

* NebuAd is dead (1, 2). Even so, the lure of intermediaries aggregating deep data about consumers for commercial purposes will never die.

* Is Gator/Claria dead?

* The EU passed a non-binding resolution against sexual stereotypes in advertising.

* Celebrity branded merchandise run amok.

Miscellaneous

* Valleywag: "The 5 most laughable terms of service on the Net." For more laughs, see Mark Lemley’s Terms of Use paper.

* Murakowski v. University of Delaware, 2008 WL 4104087 (D. Del. Sept. 4, 2008). This reminded me a lot of the Jake Baker case from the mid-1990s.

* The Virginia Supreme Court reversed itself on the Jaynes anti-spam prosecution, and Jaynes walks. Does Virginia routinely pass unconstitutional laws?

* Becker v. Toca, 2008 WL 4443050 (E.D. La. Sept. 26, 2008). Ex-wife's alleged delivery of "Infostealer" program to grab passwords from ex-husband could violate the ECPA, SCA and CFAA.

* Interesting article on ESPN’s exclusive distribution and bundling agreements with Internet access providers.

* Funniest law firm names.

* Silly? Horrifying? A sign of the apocalypse?

Posted by Eric at 06:17 PM | Adware/Spyware , Content Regulation , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Marketing , Privacy/Security , Search Engines , Spam | TrackBack

October 11, 2008

September 2008 Quick Links, Part 2

By Eric Goldman

Copyrights

* In the Harry Potter fair use case, the court declared that the Lexicon encyclopedia isn't fair use.

* The judge declared a mistrial in the Jammie Thomas case.

* Designer Skin v. S&L Vitamins has reached its denouement. Previous blog coverage of the case (1, 2). In the prior ruling, the judge denied the plaintiff damages for the copyright infringement. In the final ruling, the court enjoins cutting and pasting product shots but allows the defendant to recreate the product shots. Ronald Coleman has more here and here (noting that the court says that, per MercExchange, an injunction does not automatically follow from a finding of copyright infringement).

* Wired's 5 year retrospective on the RIAA's litigation campaign against file sharing.

Social Networking Sites, Blogs and Online Publishing

* J.S. ex rel. Snyder v. Blue Mountain School Dist., 2008 WL 4279517 (M.D. Pa. Sept. 11, 2008). Upholding student discipline for creating a fake MySpace page of principal. The school initially based the discipline on the student infringing copyright (by cutting and pasting the principal's photo) but this aspect of the case wasn't mentioned at all in the court’s reasoning.

* O.Z. v. Board of Trustees of Long Beach Unified School Dist., 2008 WL 4396895 (C.D. Cal. Sept. 9, 2008). Two seventh graders make a video about killing their teacher, described as:

The slide show is essentially a dramatization of the murder of Mrs. [redacted]. The first slide photo states, "Mrs. [redacted] dies." Throughout the slide show there are photos of Plaintiff dressed up in a costume, depicting a woman meant to resemble Mrs. [redacted]. There is red text on each slide photo that describes the scene. One slide says, "Jelly Donut's knife: haha fat bastard. here i come!" In this same photo, the viewer can see a butcher knife lunging at Mrs. [redacted] character from the camera's point of view. The butcher knife is then laid on the fallen victim while the text reads, "hehehe. i'm a shank yoooooooooo!" At the end of the slide show, it reads, "your [sic] dead, BITCH! :D".

I think they thought it was funny, but no one else did. One of them posted the video to YouTube. It's unclear what happens to the poster, but the co-content creator was suspended and forced to transfer to another school for her eighth grade. In this case, her TRO request is denied, even if she didn't intend the video to be publicly distributed and even if the video was not a "true threat."

* Spanierman v. Hughes, 2008 WL 4224483 (D. Conn. Sept 16, 2008). Teacher who was fired for inappropriate MySpace communications with students can't sue the school.

* An encouraging update on the Lori Drew prosecution.

* Bill McGeveran on Facebook Beacon and legal liability.

* Good NYT article on the sociology of Facebook and Twitter.

* Sam Bayard on an interesting but confusing ruling from Montana on its shield law applied to anonymous online posters.

* Verdana Partners v. Giles. Online newspaper wins anti-SLAPP claim.

* Jardin v. Datallegro, Inc., 2008 WL 4104473 (S.D. Cal. Sept. 3, 2008). A litigant's taking down a blog post and its comments is not destruction of evidence.

* Nemet Chevrolet has appealed its 230 loss. Previous blog coverage.

* Do Facebook's anti-spam policies overregulate Facebook's power users?

Posted by Eric at 07:49 AM | Content Regulation , Copyright , Derivative Liability , Internet History , Spam | TrackBack

September 23, 2008

Carterfone and Open Access in the Digital Era Symposium, October 17

By Eric Goldman

On October 17, we are having a neat event at Santa Clara University. A brief word about the genesis. I don't normally travel in telecom circles but I went to a few events in the past year or so, and at these events the FCC's 1968 Carterfone opinion and the "Carterfone principles" were heavily invoked. It was clear that Carterfone was an important opinion and of continuing relevance today, but I was having a problem--it wasn't clear that the speakers were referring to Carterfone consistently. Instead, everyone seemed to have their own idiosyncratic interpretation of the case. So the idea was to get together a group of experts to see if we could try to work through the case's meaning and implications. This also gives us a platform to talk about Net Neutrality, optimal regulatory structures for network design, open access principles and a whole bunch of other interesting academic issues.

We have a terrific and eclectic group of speakers, but I am especially excited that the opinion's author, Nick Johnson, will be joining us for a keynote talk. It will be interesting to see how he and the group survey the opinion 40 years later. A brief marketing description is below the line. As usual, admission is free unless you want CLE (and even then, it's free in some cases). Please feel free to spread the word, and I hope to see you there.
___________________

Carterfone and Open Access in the Digital Era
Santa Clara University School of Law
Sponsored by the High Tech Law Institute and the BroadBand Institute of California
October 17, 2008
9 a.m. – 5 p.m.

The FCC’s 1968 Carterfone decision—celebrating its 40th anniversary this year—is frequently cited in policy discussions about Net Neutrality and open access, but there is little consensus about how its provisions should apply to Internet access providers and emerging communications technologies. This Symposium will gather leading telecommunications policy experts to explore the opinion’s implications—past, present and future—on communications policy. Nick Johnson, the former FCC Commissioner who authored the opinion, will provide the keynote address.

Attendance is free and open to the public. Five plus hours of CLE are also available to attorneys at HTLI benefactor firms and in-house counsel for free, to Santa Clara Law alumni for $50, and to everyone else for $100. Santa Clara Law is a State Bar of California approved MCLE provider.

For speaker information and to register online, visit
http://law.scu.edu/hightech/carterfone-symposium.cfm.

Posted by Eric at 03:51 PM | Internet History | TrackBack

August 14, 2008

Fall 2008 Cyberspace Law Syllabus

By Eric Goldman

I've posted my latest Cyberspace Law course syllabus. Some changes from last year:

* added an August 2007 Search Engine Land article by Chris Silver Smith on geolocation technologies and their efficacy.

* added California Penal Code Sec. 502.

* added my slides on trespass to chattels and related doctrines (to save some classtime laying out these complex doctrines).

* added my Fair Use Cheat Sheet (I had routinely distributed it to students during the semester, but this year I finally remembered to include it in the reader).

* substituted the Second Circuit ruling Cartoon Networks v. CSC for the district court ruling in Cablevision. I deleted the Field v. Google case because it became largely redundant with the Cartoon Networks ruling for the pedagogical point about volitional activity.

* substituted the amended Ninth Circuit opinion in Perfect 10 v. Amazon.

* added the Ticketmaster v. RMG case. I'm not sure what to do with this case, but I'm thinking of using it as a mid-semester mini-review.

* deleted the Lockheed v. NSI case and added the Tiffany v. eBay case. The Lockheed case is probably more general in nature and is a 9th Circuit case (and it's a lot shorter!), so this was a tough call. On the other hand, I think the facts in the Tiffany case better reflect the modern web economy than the 1990s-era Lockheed case.

* substituted the Roommates.com en banc ruling for the 3 judge panel ruling. Fortunately, last year, by the time I got to Roommates.com, the 3 judge panel ruling had already been wiped away by the en banc grant, so I never had to teach that hairball.

* substituted the FTC's updated CAN-SPAM regulations.

* substituted the Fifth Circuit Doe v. MySpace ruling for the district court opinion.

* deleted the module on spyware/adware. I've not been able to get there in the past 2 years, and I don't see how that will change this year.

Cases from this year that barely missed the cut:

* A.V. v. iParadigms
* Mazur v. eBay
* Zango v. Kaspersky

I need to look at yesterday's Federal Circuit Jacobsen case. This may be a post-printing addition.

There are still some areas I'm not happy with:

* the Perfect 10 troika of cases regarding secondary copyright liability. They are a big chunk of reading with a low pedagogical payoff because the legal rules are incoherent.

* the keyword advertising cases. I'm still waiting for a great teaching case on keyword advertising. The FragranceNet case is an OK summary of the discussion, and the Playboy v. Netscape case has a number of useful pedagogical angles, but neither is ideal.

More on this topic:

* my Fall 2007 syllabus recap
* my Fall 2006 syllabus recap
* my Fall 2005 syllabus recap
* my Cyberspace Law course page listing all of my syllabi, exams and sample answers from the past 14 years
* my essay on Teaching Cyberlaw

Posted by Eric at 08:15 AM | General , Internet History | TrackBack

August 07, 2008

July 2008 Quick Links, Part II (Non-IP Edition)

By Eric Goldman

Search Engines

* Google explains all of the ways that it reinterprets the actual search query provided by a consumer to deliver results for words the searcher didn't use. As I've said before, Google's intermediation makes it impossible for a judge to assume that a defendant's website was ranked based on the search terms selected by the searcher.

* In the vein of In re Yahoo, Google was hit with two class action lawsuits alleging that Google failed to disclose that AdWords ads were going to be placed on undesirable pages liked parked pages. See Levitte v. Google (complaint and Justia page) and RK West v. Google (complaint and Justia page).

* Google was denied attorneys fees in the long-running Parker v. Google case. Parker v. Google, Inc., 2008 WL 2600299 (E.D. Pa. June 30, 2008).

Wikipedia

* Defamation lawsuit against Wikimedia tossed per 230. I've been waiting for the actual ruling to do a complete writeup. If you see it, please pass it along.

* NYT: "Wikipedia Tries Approval System to Reduce Vandalism on Pages." Surprised?

Trespass to Chattels

* In the latest development in Oracle v. SAP/TomorrowNow, SAP has shut down TomorrowNow, the subsidiary that prompted the lawsuit from Oracle. The Second Amended Complaint expands the finger-pointing at SAP for supervising its subsidiary. Still unresolved: the size of SAP's check to Oracle, and possible jailtime for TomorrowNow folk.

* Thomas O'Toole: Illinois adds anti-scraping provision to its attorney discipline website to block Avvo's crawlers.

Marketing

* 50 Cent is back in court on another questionable legal theory (see our first deconstruction of his litigation tactics). This time, Taco Bell tried a quasi-ambush marketing stunt to get something for free that he thinks they should have paid for.

* Rebecca on the latest ruling in NetQuote v. Byrd, the "lead fraud" case. Also, the ruling has some interesting discussion about whether a competitor who clicks on a competitor's ads in AdSense is guilty of a tort of "click fraud." The court says not in this case.

* TRUSTe is converting from a non-profit to a for-profit company.

Porn

* ACLU v. Mukasey (I've lost track of the number of AGs who have been the named defendant in this lawsuit). The Third Circuit struck down COPA for the third time.

* PC Magazine: RIP Usenet, killed by the New York AG office's campaign against child porn traded on USENET.

Miscellaneous

* A bizarre article on "Internet trolling" in NYT Magazine. With its rambling and scattered discussion, I have no idea what the author defines as trolling. However, the article did bring to mind a much better 1994 article from Wired, The War Between alt.tasteless and rec.pets.cats.

* Steinbuch v. Cutler, 2008 WL 2622853 (E.D. Ark. July 1, 2008). The court denied a motion to transfer the long-running case to DC.

* If a caffeine-addicted blogger goes off about your business, it's risky to fight back.

* Mike Masnick: Keeping The Benevolent Dictators of Silicon Valley Honest

* Wed, Aug. 13, 1-2 Eastern time, David Donoghue, Evan Brown and I will be doing an ALI-ABA teleseminar about the latest developments in 47 USC 230. Details. Mention coupon code TSPV02EG and save $30.

Posted by Eric at 06:57 AM | Content Regulation , Internet History , Marketing , Search Engines | TrackBack

July 21, 2008

Teaching Cyberlaw Article

By Eric Goldman

As part of the recent St. Louis University Law Journal's issue on Teaching Intellectual Property Law, I published a short article entitled "Teaching Cyberlaw." The abstract:

"Over the past dozen years, Cyberlaw courses have become a staple of the law school curriculum. This Essay, part of a Spring 2008 St. Louis University Law Journal issue on Teaching Intellectual Property Law, explores methodological and pedagogical issues raised by these courses."

This article, based on my experiences teaching Cyberlaw for the past 13 years, organizes my thoughts about the pedagogy of teaching Cyberlaw, including course titling, doctrinal coverage, teaching materials and more. I think the article will be particularly interesting to folks teaching the course for the first time, but I expect veteran Cyberlaw professors will find a few interesting tidbits as well. I was given a limited word count cap, so I didn't intend to make this article exhaustive. Instead, I view it as a tentative and limited effort to help kick off a community discussion about how we teach the course.

On that front, I am scheduled to be the Chair of the AALS Law & Computers Section in 2009, which principally means that I will help organize the Law & Computers session at the AALS Annual Meeting in New Orleans in January 2010. (Hard to believe, but it's less than 18 months away!). One idea I've been considering is to have a panel discussion about Teaching Cyberlaw issues at that session. Comments/thoughts?

When i did my research for my Teaching Cyberlaw article, I didn't find any other law review-style articles that addressed Cyberlaw pedagogy at any length. Then, just as my article was going to press (and therefore after I could make any changes), a topical article emerged: Patrick Quirk, Curriculum Themes: Teaching Global Cyberlaw, International Journal of Law and Information Technology, March 2008. Quirk uses the article to enumerate 10 topical "themes" that are likely to be omnipresent in Cyberlaw courses both today and in the future:

"Where are we? (Jurisdiction),
Who are we? (Transacting via networks),
Who pays us? (E-money and funds transfer),
Who protects us? (Spreading and transferring transactional risk),
Who funds us? (The other type of computer ‘security’),
Who taxes us? (Who doesn’t?),
Who bugs me? (Network crimes and misdemeanors),
Who came before me? (Historical analogies for technology regulation),
Who watches (over) us? (Ubiquitous privacy issues),
The pervasive problems of intellectual property."

I definitely organize my course differently, but vetting different organizational approaches is part of the pedagogical fun.

Posted by Eric at 08:37 AM | General , Internet History | TrackBack

July 01, 2008

June 2008 Quick Links

By Eric Goldman

Trademarks/Domain Names

* Utah Lighthouse Ministry v. Foundation for Apologetic Information and Research, 2008 WL 22043807 (10th Cir. May 29, 2008). CMLP writeup. Nice 10th Circuit win for a gripe site against trademark infringement and cybersquatting. This case, plus the SKI VAIL case, indicate that the 10th circuit is making progress undoing the harm it created in the Australian Gold v. Hatfield case.

* Georgia has a new anti-phishing law (16-9-109.1) that acts as a para-trademark law. See my comments on the analogous California anti-phishing law.

* After initiating a trademark lawsuit against a consumer review site and soundly losing in court, Lifestyle Lift paid $17,500 to settle its own lawsuit and avoid claims for legal fees under Rule 11 and the Lanham Act.

* Marty reports on a German case saying that white-text-on-a-white-background is a trademark use.

* Update on the battle over the trademark registration for "SEO."

* Will TLD proliferation lead to a new open era in domain name administration, or will the resulting anarchy just reinforce that top search engine placement is the really important online real estate? It seems like the currently limited number of TLDs has some benefits from a bounded rationality standpoint, and those benefits will be lost in a cacophony of unknown TLDs.

Patents

* My colleague Colleen Chien has posted "Patently Protectionist? An Empirical Analysis of Patent Cases at the International Trade Commission" (forthcoming William & Mary Law Review). She empirically demonstrates that the ITC mostly involves disputes between two domestic litigants, making it a redundant battleground with federal district court but nevertheless an attractive venue for plaintiffs due to a number of procedural advantages. She makes a number of recommendations to eliminate the litigation gamesmanship offered by having parallel venues. Check it out.

Search Engines

* Udi Manber, chief algorithm keeper for Google, reiterates why it's silly for lawyers and judges to put too much legal emphasis on the relative placement of search engine results, saying "it's definitely the case that if you do the same search on a different cluster, you may get slightly different results at a given time. It's also the case that if you do the same search on different days you may get different results, because some of the results are things we indexed five minutes ago."

(Over)Regulation

* In response to an enforcement effort by the NY AG's office, several Internet access providers have blocked access to newsgroups that are putatively sources of child pornography. See the NYT story and the NY AG press release. In practice, this means wholesale takedowns of newsgroups that may have nothing to do with child porn. For example, Verizon is killing all USENET hierarchies except comp.*, misc.*, news.*, rec.*, sci.*, soc.*, and talk.*. Wired suggests this is the death of online intermediary freedom as conceptualized in 47 USC 230. Of course, 230 never protected intermediaries from criminal exposure for child porn, and this isn't the first time that an access provider has knuckled under to the NY AG's office. See the BuffNet enforcement action from 2001.

* Ohm, Paul. The myth of the superuser: fear, risk, and harm online. 41 UC Davis L. Rev. 1327-1402 (2008). A neat article on how regulators manufacture a fake bogeyman, the unbeatable "superuser," as a justification for expansive regulatory power.

* No evidence that data breach disclosure laws actually help reduce identity theft. Surprised?

* The FTC wants civil enforcement authority for spyware actions. Haven't they heard that the adware battle is already over...and they won?

Contracts

* Mark Radcliffe expresses concern about the ALI's proposed software licensing project on open source licenses.

* Sarah Bird on a messy contract lawsuit involving an SEO contractor.

Anonymity

* Tendler v. www.jewishsurvivors.blogspot.com, 2008 WL 2352497 (Cal. App. Ct. June 10, 2008). A subpoena request to identify a blogger doesn't support an anti-SLAPP cause of action.

* In the AutoAdmit lawsuit, Doe 21's motions to squash the subpoena and proceed anonymously were both denied. David Hoffman provides an update on the case.

Event Tickets

* Chicago has moved against eBay for reselling tickets in violation of its amusement tax law.

* The Ticketmaster v. RMG case ended with a default judgment granting a permanent injunction and $18.2M in damages.

General

* Vanity Fair: How the Web Was Won.

* Paul Levy blogs about a plaintiff's effort to bypass 230 by suing the authors of complaints about the vendor and then joining the consumer complaint site as a necessary party as a cost-increasing tactic.

* BusinessWeek on emerging technological tools to protect workers' attention against unwanted/untimely interruptions.

* Text message-savvy kids educate the North Carolina DMV about the meaning of the term "WTF," which was used on a license plate example on the DMV's website.

* I have one free pass to OMMA Behavioral in San Francisco July 21. First person to send me an email asking for the pass gets it.

Posted by Eric at 12:32 PM | Adware/Spyware , Content Regulation , Derivative Liability , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Patents , Privacy/Security , Search Engines , Trademark | TrackBack

June 03, 2008

May 2008 Quick Links, Part 2

By Eric Goldman

Copyright

* Google says it isn't settling the Viacom lawsuit (I don't believe it).

* Interesting juxtaposition: (1) Chronicle of Higher Education: How It Does It: The RIAA Explains How It Catches Alleged Music Pirates and (2) BusinessWeek ran a lengthy retrospective on Tanya Andersen's battle against the RIAA, including her beefs against the RIAA’s investigation and enforcement tactics.

* A music warez trader was convicted by a jury of criminal copyright infringement.

Online Contracts

* Juanda Lowder Daniel. Virtually mature: examining the policy of minors' incapacity to contract through the cyberscope. 43 Gonz. L. Rev. 239-269 (2007/08). This article addresses the very important issue of contracting capacity of minors. See my most recent post on that topic.

* Adelman v. Sparks Network (Cal. App. Ct. May 20, 2008). The Jdate online dating service allegedly failed to include required language (such as notice of a mandatory cooling-off period) in its user agreement. The court dismisses the plaintiff's lawsuit nonetheless because he was a happy customer who didn't suffer any damage.

* Tom O'Toole surveys some recent online contract cases. He offers the following conclusions: (1) Contract Terms Should Be Available for Review, (2) Clickable Buttons/Links Should Clearly Signal Assent, and (3) Humans Are Not Helpful.

* I realize this point would be better explored in a full blog post, and I suspect this point has been made in the academic literature (if so, I'd appreciate some cites so I can pass them along). The issue: how might the endowment effect explain consumer antipathy towards EULAs? Wikipedia says the endowment effect means that "people value a good or service more once their property right to it has been established." This observation occurred to me when I attended a ridiculously stacked panel at the ION Game Conference on "user rights" in virtual worlds. Many of the gripes/grumbles related to very common EULA provisions that simply overrode default law. It occurred to me that maybe part of the problem was that consumers assume the defaults are appropriate rights allocations granting them the "property" right, in which case they suffer a greater psychological loss when those defaults are varied than if different defaults were set. One obvious policy consequence: as part of the considerations when setting defaults, policy makers should include the psychological costs of varying the defaults. If the interaction between EULAs and the endowment effect hasn't been written about, it would make an excellent paper topic.

Other Topics

* A military court has said that distributing a hyperlink to child porn does not constitute criminal distribution of child porn. Tom O'Toole explains the situation.

* A.B. v. State, 2008 WL 2031388 (Ind. May 13, 2008). It seems like the digital age recipe for guaranteed trouble: 8th grader + hatred towards a school principal + MySpace. How many judicial cases are we going to see with this combination? This one involves some mean-spirited and profanity-laced comments about her principal made by a 14 year old girl on a private MySpace page accessible only by 26 students. The principal saw it only because one of the students gave a printout to the principal. The court concludes that posting to a private MySpace page doesn't satisfy the criminal standards of "intent to harass, annoy, or alarm" via the Internet.

* Doe v. Friendfinder Network, Inc., 2008 WL 2001745 (D.N.H. May 8, 2008). The court denied the plaintiff's motion for reconsideration on Friendfinder's 230 eligibility for the statement "Sorry, this member has removed his/her profile."

* Another "where are they now?" retrospective on dot com boom companies, ironically running in the Industry Standard (which wiped out in the dot com bust itself).

Posted by Eric at 11:56 AM | Content Regulation , Copyright , Derivative Liability , Internet History , Licensing/Contracts , Privacy/Security , Virtual Worlds | TrackBack

May 07, 2008

April 2008 Quick Links

By Eric Goldman

Anti-Gaming

* Even though Ticketmaster won its lawsuit, Minnesota overreacted to the Hannah Montana ticket crush by banning software to circumvent an online ticket allocation process. See Sec. 609.806. Check out the hyperbole in this press release! What's next? Are legislators going to make SEO a crime?

* Google modified its relevancy algorithm 450 times in 2007. And yet courts still cite to Brookfield for how search engines operate!

* The UK cracks down on shill marketing online. ClickZ: "Under the new [UK] Consumer Protection from Unfair Trading regulations, it will be illegal to "Falsely claim or create the impression that the trader is not acting for purposes relating to his/her trade, business, craft or profession," or to "falsely represent oneself as a consumer."" See also AdAge.

IP

* Speaking of SEO....the latest pathetic attempt to grab a generic term and trademark it? "SEO." Sarah Bird is on the job.

* Do student notes of a professor's lecture constitute copyright infringement? We may find out.

* Atlantic v. Howell. More on the "making available" theory of copyright infringement.

* Sarah Bird on registering copyrights in websites and blogs.

* A for-profit T-shirt listing the names of deceased Iraq soldiers sparks a publicity rights lawsuit.

General

* Bowen v. YouTube, Inc., 2008 WL 1757578 (W.D. Wash. April 15, 2008). The court upheld the forum selection clause in YouTube's user agreement.

* eBay is ending its promotion of third party live auctions. Maybe because of this loss?

* Rebecca blogs on SuccessFactors, Inc. v. Softscape, Inc., 2008 WL 906420 (N.D. Cal.), an odd case involving the Computer Fraud & Abuse Act and an "attack PowerPoint" allegedly sent by a competitor to its prospective customers.

* Kate Kaye writes about the new Internet industry lobby group, the "State Privacy and Security Coalition," designed to fight laws like the Utah Trademark Protection Act.

* Kevin Werbach, The Centripetal Network: How the Internet Holds Itself Together, and the Forces Tearing it Apart, UC Davis Law Review, Forthcoming. An interesting paper applying "network formation" theory to show how the Internet came together as a unified network and how those unifying forces are under constant stress.

Posted by Eric at 08:52 PM | Content Regulation , Copyright , Internet History , Licensing/Contracts , Marketing , Publicity/Privacy Rights , Search Engines , Trademark | TrackBack

March 02, 2008

Feb. 2008 Quick Links

By Eric Goldman

Advertising

* BusinessWeek: Monetizing social networking sites isn't as easy as everyone had hoped, clickthrough rates are through the floor (0.04%!), and ad proliferation on the sites is driving users away.

* Wilbur, Kenneth C. and Zhu, Yi, "Click Fraud" (January 2, 2008). This paper appears to argue that search engines can increase their profits by failing to disclose the true rate of click fraud on their network.

* In re Miva, Inc. Securities Litigation, 2008 WL 450037 (M.D. Fla. Feb. 15, 2008). This lawsuit alleges that Miva and some associated individuals understated or misreported Miva’s reliance on click fraud, spyware and third party distributors in its public statements and thus inflated the company's stock price. Last year, the court dismissed many of the allegations but let a couple survive. In this ruling, the court dismisses a few more defendants from some statements and lets the rest of the case proceed.

* Going-out-of-business sales are often just another scam. (HT ContractsProf). Note this is completely consistent with economists’ theoretical predictions of final-period behavior of trademark owners.

Google

* Google's stock has lost $70B in market cap in 7 weeks. Oh darn. Clickz offers some theories about why Google's clicks are declining. Could lower rates of click fraud be part of it?

* Hal Varian, Google's Chief Economist, argues that Google's marketplace success is solely due to its "secret sauce" (i.e., the advantage of learning by doing) rather than any defects in the marketplace.

Spam

* Jaynes v. Virginia (Va. Sup. Ct. Feb. 29, 2008). By a 4-3 vote, the Virginia Supreme Court upheld Jeremy Jaynes' 9 year sentence for violating Virginia’s spam law.

* Silverstein v. Experienced Internet.com, 2008 U.S. App. LEXIS 3364 (9th Cir. 2008). Ninth Circuit dismissed a CAN-SPAM lawsuit for lack of jurisdiction when the defendants attest that they didn't send the message and aren't local.

Domain Names

* NSI has been sued for its practice of grabbing pre-registration domain names based on WHOIS searches. The complaint. Good luck defending those practices, NSI!

* Two more breathy articles about the economics of domaining from the New York Times and Network World.

47 USC 230

* Johnson v. Barras, 2007 CA 001600 B (DC Superior Ct Feb. 1, 2008). Court dismisses a lawsuit against a website for republishing a defamatory story per 47 USC 230.

* Yet another doomed lawsuit against MySpace for facilitating communications between an adult male and an underage female that led to sex. Sam Bayard's comments.

Pornography

* NY Lawyer (login required): "Defense Bar Sees Growing Practice in Internet Sex Crimes"

* A federal obscenity prosecution for publishing graphic short stories (without pictures) on the Internet? As Tim Wu says, "astonishing."

* The Utah legislature is considering entering the marketplace again, this time through a certification mark program for Internet access providers who are willing to combat porn. See HB407. Of course, the Utah legislature has had terrific success in the past creating successful new business opportunities that the marketplace has overlooked.

User-Generated Content

* Nick Carr: "What we've seen happen with self-regulating communities, both real and virtual, is that they go through a brief initial period during which their performance improves - a kind of honeymoon period, when people are on their best behavior and rascals are quickly exposed and put to rout - but then, at some point, their performance turns downward. They begin, naturally, to decay." Like, I think, Wikipedia.

* Slate on the top-heavy nature of contributions to Wikipedia and Digg.

* Christian Science Monitor: Teachers Strike Back at Students' Online Pranks.

* Sam Bayard on a motion to quash in the AutoAdmit case.

Reputation

* eBay no longer lets sellers leave negative/neutral feedback for buyers. This putatively stops sellers from retaliating against buyers who leave legitimate complaints, but it also skews the database towards only positive reviews, which ultimately undercuts its credibility.

* In India, where courtships remain very brief by US standards and grooms can be paid dowries by the bride's families, there is an emerging trend for brides to hire "wedding detectives" to ferret out the scoop on grooms and whether their representations are correct.

* Funny article on being a secret shopper for Consumer Reports.

* Dan Solove's book, The Future of Reputation, is now available online for free. Ethan's review of the book.

Patents

* Six years later, eBay finally buys it now: eBay v. MercExchange settles with eBay buying out some of MercExchange's patents and licensing others.

* Mike Masnick: "Psst! Patent Examiners Do Not Scale"

Copyright

* Mike Masnick: “Why We Should All Want Politicians Who Plagiarize.”

* Do Not Resuscitate...My Copyrights (funny).

Miscellaneous

* Citizen Media Law Project has a useful discussion on getting insurance for cyberlaw risks.

* People v. Fernino, 2008 WL 382348 (N.Y. City Crim. Ct. Feb. 13, 2008) (woman violated a no-contact order when sending a MySpace message to the person).

* Mike Masnick: "We Need A Broadband Competition Act, Not A Net Neutrality Act"

* A retrospective on some of the leading dot-coms from the 1990s.

Posted by Eric at 05:32 PM | Content Regulation , Copyright , Derivative Liability , Domain Names , E-Commerce , Internet History , Marketing , Patents , Privacy/Security , Search Engines , Spam , Trademark | TrackBack

February 21, 2008

Eric Menhart Backs Off CyberLaw Trademark Claim

By Eric Goldman

You may recall that last month we all had a good laugh over self-proclaimed Cyberlawyer Eric Menhart's trademark application for the term "CyberLaw" to describe his Cyberlaw practice. (In case it wasn't clear, we weren't laughing WITH him...). Despite his initial blustery defense of the application (which, as a reader noted to me, violated the First Rule of Holes), Menhart has now backed off his claim to own the term "CyberLaw." Instead, he has amended his application to seek a trademark registration only in his stylized CyberLaw logo. (Thanks to Tricia Bishop at the Baltimore Sun for calling my attention to the amendment and sending the copy). Unfortunately, I won't dare display the logo here because it would likely make me his next enforcement target; but you can see the design in the amended application.

With this amendment, I'm inferring that all of us--even Michael Grossman, the victim of Menhart's efforts to enforce his purported trademark rights in the term "CyberLaw"--are now free to use the term "Cyberlaw" for its dictionary meaning without fear of getting sued by Menhart. However, Menhart doesn't appear to have changed his tune about the merits of his initial application. Instead, the Baltimore Sun quotes him as saying that he amended his application because:

It was very clear that this was not going to be an academic argument, it was going to be more of a shouting match, and I didn't think it was worth my time to get involved in a shouting match with people that were going to shout louder and had more ammunition in their holsters than I had

Funny--I would have thought it wasn't worth his time because the application was completely unmeritorious.

What Eric Menhart might characterize as a "shouting match" is actually online word of mouth in action. (Note: the Baltimore Sun article incorrectly quoted me as saying that the blogosphere "gang-heckled" him. Actually, I said that we "gang-tackled" him, but the imagery of gang-heckling is perhaps nevertheless appropriate). Historically, it has been fairly rare to see bona fide public evaluations of a lawyer by his or her peers; that kind of reputational information was often well known among lawyers practicing in the geographic/doctrinal area and effectively unavailable to everyone else. Now, through the Internet, everyone--including Menhart's prospective clients--can easily find out what his peers think of Eric Menhart's choices, enabling this reputational information to have a much greater effect at rewarding or punishing marketplace participants as appropriate.

UPDATE: More coverage of this topic:
* Brett Trout
* Ron Coleman
* Sam Bayard
* Techdirt

Posted by Eric at 11:32 AM | Internet History , Trademark | TrackBack

February 14, 2008

Classic Article on "Cybermediaries"

By Eric Goldman

Mitra B. Sarkar et al., Intermediaries and Cybermediaries: A Continuing Role for Mediating Players in the Electronic Marketplace, J. COMPUTER MEDIATED COMMUNICATIONS, 1995

I've been working on my Brand Spillovers paper, which in part addresses the trademark legal principles that govern intermediaries including retailers and search engines. The Sarkar article is one of the most prescient and clear-sighted articles assessing the role of online intermediaries. In particular, it provides a terrific checklist of ways that intermediaries can provide valuable services to consumers and producers, thus continuing to add value to the distribution chain even as transaction costs generally decrease due to electronic mediation. This article is even more remarkable because it was written in the mid-1990s, at the height of cyberspace exceptionalism and at the time when conventional wisdom was that the Internet was going to create widespread disintermediation. A refreshing read, even today.

Posted by Eric at 11:09 AM | Derivative Liability , E-Commerce , Internet History | TrackBack

January 18, 2008

Who Owns "CyberLaw"(TM)? Eric Menhart, a DC IP Attorney, Thinks He Does

By Eric Goldman

Every now and then, we see comical efforts to claim trademark rights in common Internet-related terms. You might recall that the word "Internet" itself was once a trademark (see a list of registrants dated 1994); the term "listserv" is also a trademark that the owner is trying to preserve (bonne chance!), and Hormel has protested the use of its "Spam" trademark in connection with email. Typically, the trademark owner is trying to prevent the genericism of its trademark. Those battles are almost always futile, but I can see why they are fought.

The latest would-be-funny-if-it-wasn't-so-sad attempt to assert trademark rights in a common Internet term involves the term "Cyberlaw." But unlike the anti-genericism efforts, Eric Menhart--a self-described "recognized leader" in intellectual property--is seeking to fence in the generic term "Cyberlaw" to convert it into his own property. He has filed a federal trademark application (application 77341910) in the term "CyberLaw" for the following services:

Legal document preparation and research services for attorneys; Legal research; Legal services; Legal services, namely, preparation of applications for trademark registration; Consulting and legal services in the field of privacy and security laws, regulations, and requirements; Expert witness services in legal matters in the field of intellectual property and information technology; Providing a website that features information on the development of international law, regulations, legal policies, and legal practices in a manner that promotes global governance by all types of organizations; Reviewing standards and practices to assure compliance with intellectual property and information technology laws and regulations; Attorney services; Litigation services; Legal services, namely, trademark maintenance services; Copyright management; Copyright management consultation; Registration of domain names for identification of users on a global computer network; Arbitration; Arbitration services; Consultation in the field of data theft and identity theft; Intellectual property consultation; Intellectual property watch services; Licensing of advertising slogans and cartoon characters; Licensing of computer software; Licensing of intellectual property; Litigation consultancy; Mediation; Patent licensing; Preparing and filing incorporation papers; Providing information relating to legal affairs

He claims a priority date of Feb. 22, 2007. Mysteriously, his website displays the circle-R next to the term "CyberLaw" even though it's only a pending application (the application was just filed Dec. 1, 2007).

Fortunately, I'm 100% confident that the TM Office will reject this application because the term "Cyberlaw" has become a generic description for the law of the Internet and related fields--see the Wikipedia entry on the topic. In fact, the term "Cyberlaw" has been around over 15 years. I did a search in Westlaw's News Database and the earliest reference I found was a Macweek article discussing Jonathan Rosenoer's AOL "Cyberlaw" column--from 1992. I'm reasonably confident we could find earlier references. For example, I found a 1993 National Law Journal article ("A Shingle in Cyberspace: Lawyers Online Find Clients--and Some Risks" by Rosalind Resnick) that discusses the "burgeoning field of cyberlaw, those legal issues confronting the online world."

Unfortunately, the improbability of this trademark hasn't stopped Menhart from asserting his perceived rights against third parties. The EFF writes about one such demand against Michael Grossman, a Chicago attorney who runs a blog entitled "CyberBlawg." I'm wondering how many other people have been the unlucky recipient of a demand letter from Menhart asserting similar claims over "CyberLaw." Perhaps those demands will stop once the TM application gets bounced by the TM Office, but the harm done in the interim could be substantial.

One final observation (and I apologize in advance for any snarkiness here, but I know I'm saying what most of us are thinking). It's impossible to ignore that the trademark applicant is a lawyer claiming expertise in Cyberlaw. What kind of Cyberlawyer doesn't know that the term "Cyberlaw" isn't trademarkable for Cyberlaw services, *especially* not by one who claims a priority date of 2007?

Coverage from around the web:
* Boing Boing
* Slashdot
* Techdirt
* Dvorak
* Las Vegas Trademark Attorney (with a careful analysis of precedent trademark applications)
* Groklaw
* Freedom to Differ
* Lex Ferenda (finding a Cyberlaw reference as early as 1987)
* Likelihood of Confusion
* Your Name is My Business
* NameWire
* Life on the Wicked Stage
* Joho

UPDATE: The Baltimore Sun ran an interesting feature on Eric Menhart in 2004. The article notes some critics said that Menhart's "enterprising nature has led him into another pursuit that some people describe in harsh terms -- like 'extortion' or 'blackmail.'"

UPDATE 2: Mr. Menhart has blogged a response to EFF that reinforces that he really doesn't get it. Two unavoidable facts of life for him:

1) The PTO will bounce his TM application
2) If he ever attempts to enforce his purported trademark rights in "CyberLaw" again, he will be met by a buzzsaw of opposition from some very determined folks.

In light of these facts, most savvy lawyers would realize that the absolutely wrong approach is to dig in his/her heels.

Posted by Eric at 03:59 PM | Internet History , Trademark | TrackBack

November 16, 2007

The Victorian Internet

By Eric Goldman

Tom Standage, The Victorian Internet (1998). Find it at Half.com and Amazon [the Amazon link is an affiliate link]

As you might infer, I'm not at the cutting-edge of reading books. I don't read that many books in general; and I tend to read books well after everyone is done talking about them. But I enjoyed this book so much, and it has aged so well over the past decade, that I thought it was worth a shoutout. One side bonus: given that the book is no longer a hot release, you should be able to get this book used for well less than $10.

The book discusses the history of the telegraph. The book explains the technologies preceding the telegraph, the battles between the inventors of the telegraph, the telegraph's role in spawning new technological innovations (and creating enormous wealth for some of those folks) and the ways that the telegraph did--and did not--change society.

Its thesis is that many phenomena we associate with a global electronic network first occurred in the 19th century, not the 20th, which has made our celebration of the Internet's novelty (a topic at its zenith in 1998 when the book was published) ahistorical. The book thoroughly delivers on this thesis. One particular anecdote really hammered this point home. The book talks about a telegraph-mediated "online wedding" that first occurred...before 1848. (Indeed, the book "Wired Love" was published in 1879 and an article "The Dangers of Wired Love" ran in 1886). Yet, numerous newspaper articles from the mid-1990s marveled at Internet-mediated weddings as if they were completely unprecedented.

More generally, the book broadly makes the case that some things never change. For example, the book describes the arms race between telegraph companies establishing pricing schemes to curb attempts to send more information at a lower cost, just to have telegraph senders coming up with new gaming strategies. The book discussed the paranoia of major institutions in response to telegraphy, including governments that sought to control the use of cryptography in telegraphy and newspapers that assumed that the telegraph would destroy their business. (In the latter case, the newspapers adapted and thrived in response to telegraphy). The book also described how the telegraph contributed to feelings of information overload.

The book ends on a bittersweet note. It observes that people thought that the borderless telegraph communication network would contribute to world peace by breaking down barriers to communication. It didn't. If anything, the telegraph played an important role in 19th century imperialism and contributed to some of the bloodiest wars in history. Similarly, 150 years later, many similarly romanticize how the Internet can make the world a better place. Perhaps the Internet is truly different from the telegraph in this respect, or perhaps, we are just ahistorically proclaiming the latest technology innovation as our savior. As the book says, "That the telegraph was so widely seen as a panacea is perhaps understandable. The fact that we are still making the same mistake today is less so."

From my perspective, the only thing "missing" from this pithy and efficient book was a more thorough discussion of how lawmakers reacted to the rise of the telegraph. I would like to know more about how 19th century regulators coped with--or, more likely, freaked out about--the technological assumptions changed by the telegraph.

It seems safe to assume that some legislators misunderstood the technological underpinnings of telegraphy. The book gives numerous examples of how people didn't understand that the telegraph sent only electronic signals and wasn't a teleportation technology, such as the story of a woman in 1870 who sought to "telegraph" sauerkraut to her son. Again, some things never change; in 2003, a member of the House of Lords had a similar misunderstanding about spam. [the exact quote: "Will the Minister explain how it is that an inedible tinned food can become an unsolicited email, bearing in mind that some of us wish to be protected from having an email?"]

In this vein, the book offered one possible explanation for Sen. Stevens' explanation that the Internet is a "series of tubes." [the exact quote from Wired: "the internet is not something you just dump something on. It's not a truck. It's a series of tubes. And if you don't understand those tubes can be filled and if they are filled, when you put your message in, it gets in line and its going to be delayed by anyone that puts into that tube enormous amounts of material, enormous amounts of material."] Many telegraph operators built out a network of pneumatic tubes to move messages over short distances because this was quicker and more accurate for those messages. So perhaps Sen. Stevens was thinking of the telegraph when he referred to the "series of tubes."

The book was published before Western Union sent its last telegram. At the time I knew this represented the end of an important era, but after reading this book I better understand the significance of that event. Some day, someone will send the very last TCP/IP enabled http message...an event that will also probably pass with a whimper, not a bang.

Posted by Eric at 05:54 PM | Internet History | TrackBack

November 13, 2007

Geolocation and A Bordered Cyberspace

By Eric Goldman

I recently gave a talk on the general theme of the future of e-commerce, and I was allowed to take the topic in any direction. I decided to talk a little about the propagation of geolocation technology and its consequences for a borderless Internet. My notes from the talk:
______

A constant problem in Cyberlaw: the difficulties of authenticating users for age and geography. With respect to geography, in the mid-1990s, there was a strong belief that cyberspace was borderless. Examples:

* John Perry Barlow's 1996 Declaration of the Independence of Cyberspace

* 1997: ALA v. Pataki, where a state anti-Internet porn law (a baby CDA) was struck down as violating the dormant commerce clause. In that case, Judge Preska said: "Geography is a virtually meaningless construct on the Internet."

But there are ways to restore geographic borders to the purportedly borderless Internet:

1) Ask users to self-report. Users may want to self-report geography, especially in the e-commerce context where they want physical goods delivered or need to report their address to authorize a credit card purchase. But the law could force online actors to compel users to self-report geography and then act on the reported information. Examples:

* LICRA v. Yahoo. The French court envisioned that Yahoo could do 90% effective geographic authentication through a combination of IP address analysis and user self-reporting if Yahoo popped up windows asking users to self-report before being allowed to access the website.

* Alaska SB 140, an anti-adware law. To combat pop-up ads, the statute requires software vendors to display pop-up windows asking users to self-report geography.

A world with compelled requests for user self-reporting of geography would be a pop-up filled world constantly asking "where are you now? where are you now?" [see the analogous Verizon ad campaign] This makes user self-reporting undesirable, in addition to being unreliable.

2) IP address analysis. IP addresses are allocated on an International scheme. Yahoo used this scheme to display local ads, a fact noted in the LICRA court. IP address analysis can be more regional; for example, Google does geo-targeting on a more granular basis. Ex: if I search for "mercedes" in Google, I get local Mercedes dealers in the Bay Area. But IP address analysis is incomplete/imperfect.

So if the only geographic authentication tools were IP address analysis or user self-reporting, the Internet would remain more borderless than bordered. However...

3) Geolocation technology. In the future, Internet access devices will be coupled with GPS technology that will automatically report user geography. For example, many mobile phones already have GPS technology in them, and consumers use other mobile devices (e.g., Blackberries) that have geolocation technology. Inevitably, the boundaries between computers and these geolocated mobile access devices will dissolve, meaning that Internet access devices will be geolocated and will automatically self-report user geography as part of interacting with other online actors.

A geolocated Internet will have some benefits. Most obviously, ads can be geographically targeted in ways that can help consumers (i.e., a driver searching for gas can get ads from nearby gas stations). It will also enable other localized content where that matters (weather, directions, location of friends).

But a geolocated Internet will also enable governments to force online actors to "honor" the geographic information. Thus, states could legitimately enact state-specific laws and require online actors to customize their offerings for state residents. Governments could also use the geolocation information to created walled environments, including more highly filtered/screened content. We've already seen this in China and some other countries. In these situations, Internet users will have very different Internet experiences based on their geography. Thus, a geolocated Internet should contribute to the demise the Internet utopianism. Instead of bringing people together over a borderless network, a geolocated world reenables borders that will keep us further apart.

Posted by Eric at 05:44 PM | Content Regulation , E-Commerce , Internet History | TrackBack

October 21, 2007

Ticketmaster Wins Big Injunction in Hannah Montana Case, But Did the Public Interest Get Screwed?--Ticketmaster v. RMG

By Eric Goldman

Ticketmaster L.L.C. v. RMG Technologies, Inc., 2007 WL 2988403 (C.D. Cal. Oct. 16, 2007)

You may remember Ticketmaster's multi-year battle against Tickets.com over data aggregation and deep linking. Ticketmaster never got a solid win in that case, but here Ticketmaster successfully advances the same legal theories against someone gaming its allocation of tickets. Hannah Montana fans might cheer this ruling, but some of the court’s analysis makes this a troubling Cyberlaw development.

Introduction

This case involves what I'll call "ticket sniping"--the practice of quickly snapping up highly-sought-after tickets when they first go on sale and then reselling them at higher prices. When it comes to hot concerts--such as the upcoming Hannah Montana tour--Ticketmaster's price may be well below the prices people are willing to pay in the secondary market. Why don't event promoters use auctions or other dynamic pricing scheme to capture this upside on the first sale? I'm reminded of the odd pricing systems for IPOs--just like that market, perhaps Ticketmaster (as an intermediary) deliberately underprices below the market-clearing price to increase its profits.

In any case, initial ticket buyers from Ticketmaster can get an economic windfall, which naturally motivates people to game the initial first-come, first-served ticket allocation system. RMG was one such gamer. They developed software that helped its customers beat other buyers in the rush to get hot tickets. Ticketmaster sued RMG to stop their gaming activities; the court issues a preliminary injunction:

Copyright

The court says that RMG directly infringed Ticketmaster's copyright in its web pages by browsing them to test the operation of its software tool. Effectively, then, the court says that web browsing is copyright infringement. This isn't the first time a court intimated as much, but it's troubling every time we see it.

The court overlooks any implied license to browse because Ticketmaster's "browsewrap" on its home page (which says "Use of this website is subject to express Terms of Use which prohibit commercial use of this site. By continuing past this page, you agree to abide by these terms") acts as an express restriction on browsing, so any access in contravention of those terms constitutes copyright infringement.

One of the key Qs is how RMG's software differs from other search engine robots. The court skirts this Q, simply pointing to Perfect 10 v. Amazon as excusing the cache copies made by web users who follow search engine links. Of course, search engine robots make lots of other copies, and we think these copies are excused because the final presentation (the display of search results snippets) doesn’t infringe. The court doesn't address this at all.

The court also says that RMG is indirectly infringing based on a Grokster inducement theory because RMG's marketing said it's offering "stealth technology [that] lets you hide your IP address, so you never get blocked by Ticketmaster." This is a pretty expansive interpretation of copyright inducement because the marketing references IP address blocks, not copyright infringement, but it's very consistent with the court's moral condemnation of RMG's behavior.

Anti-Circumvention

The court says that website pages are protected by copyright, and the website used a CAPTCHA to restrict access to these copyrighted works. Thus, distributing the software tool designed to circumvent the CAPTCHA to access the copyrighted website violates 1201(a)(2) and 1201(b)(1). Not only does this give unexpected copyright protection for CAPTCHAs, this ruling seems inconsistent with several precedents holding that bypassing a password protection system doesn't violate 1201.

Breach of Contract

As indicated above, the court upholds Ticketmaster's browsewrap. Admittedly, Ticketmaster has improved its contract formation processes since it litigated against Tickets.com, but I'm not sure this was as easy as the court treated it.

Computer Fraud & Abuse Act

Surprisingly, the court denies relief for this claim because Ticketmaster couldn't allege $5,000 of loss. I tell my students that if they can't construct $5,000 of loss under the CFAA, then they aren't thinking creatively enough.

Conclusion

It's easy to point at RMG and its customers as the bad guys. After all, they are trying to get an unfair advantage in the first-come, first-served allocation of scarce tickets for their economic benefit, with the result that later comers have to pay more to get the same tickets.

But what about Ticketmaster's role in this situation? They haven't designed a technologically gaming-resistant allocation of tickets, so they need legal help to solve that deficiency. I also remain suspicious about Ticketmaster's incentives here, both in setting prices and in policing against ticket allocation gaming. Their motives may not be nearly so consumer-friendly as they try to portray.

And this opinion is hardly pro-consumer either. This ruling won't be a problem if future courts limit this ruling solely to a company's efforts to legally protect a competently designed anti-gaming strategy. But some of the more dramatic rulings are anything but consumer-friendly, such as the implicit holding that browsing is copyright infringement and the upholding of Ticketmaster's browsewrap. If other courts apply these principles more broadly, Hannah Montana concertgoers may have gotten a benefit at the expense of us all.

Posted by Eric at 03:45 PM | Copyright , Derivative Liability , E-Commerce , Internet History , Licensing/Contracts , Privacy/Security | TrackBack

October 10, 2007

Pandora Founder Westergren Speaks at SCU

By Eric Goldman

I *love* Internet radio. I typically listen to it all day long while I'm pounding out emails, articles and blog posts (like this one). I've tried a number of services, including Accuradio, Sky.fm and Last.fm. However, now I listen exclusively to Pandora, which in my opinion is the best of the bunch. Pandora really does get better based on the feedback I give it, which gives me enough incentive to customize it to my tastes. (I won't embarrass myself by exposing my idiosyncratic music preferences here, other than to say that I don't think I've seeded Pandora with any band that started after 1990. Hey, I'm a product of my time.)

In any case, when the High Tech Law Institute was contacted by the Santa Clara University's Center for Innovation and Entrepreneurship to co-sponsor a talk by Tim Westergren, one of Pandora's founders, we jumped on the opportunity. Tim gave an outstanding talk last night to an enthusiastic audience of at least 200 people.

Pandora was founded in 1999 and raised $1.5M in early 2000. That money ran out in 2001 when no more VC money was available. For the next 2 1/2 years, the company went on 300+ VC pitches with no luck, but was able to run on fumes in large part by mostly deferring employee salaries (a total of $1.4M deferred). This is an amazing feat for a number of reasons, including the fact that most employees need to put food on their table, plus I don't think the labor laws really tolerate employee salary deferrals. In any case, in 2004, the company raised new money and revamped the business model. In October 2005, the company launched a consumer-oriented Internet radio, and the rocket ship took off.

This roller-coaster ride was partially tied to the company's search for a viable business model. Pandora first thought it would be an online music retailer (typical thinking circa 1999). Then, it focused on B2B licensing of its services to other online retailers (typical thinking circa 2001). By 2004, there had been enough external changes to contemplate a consumer radio service--broadband had become more widespread, and the webcasting license fees were set at a more palatable level. In their October 2005 relaunch, they first started with a consumer subscription model but quickly realized the futility of getting people to pay for Internet radio. Now, they are effectively ad-supported, and Tim thinks that they can reach profitability at the end of next year assuming the webcasting royalty rate will be reset. (After the tribunal issued the new webcasting rate, the company held a board meeting to decide if they should just fold up their tents and give the remaining money back to investors--instead, they pushed for a listener grass-roots campaign, which was wildly successful).

Pandora's main competitive differentiator is its "Music Genome Project." 50 trained musicians with at least a college degree in music (called "music analysts") listen to songs all day long and rate each song on 400 different musical attributes. See the 2005 WSJ article discussing them. By profiling songs this way, the system can predict that a person who likes an artist's song might like other songs with similar musical attributes. From listening to Pandora for many, many hours, IMO the system isn't perfect, but it does a pretty good job, and it has definitely hooked me on music that I wouldn't have listened to otherwise.

However, the human capital required to build this database is significant and expensive. Sure, the supply of people with a music degree willing to be paid to listen to music all day long should be favorable, but still, a low salary multiplied by 50 people is still a big number. As Tim acknowledged, this is the opposite of scalability--a song can take up to 1/2 hour to catalog--which reduces Pandora's ability to comprehensively catalog the "long tail." On the other hand, they already have a database of 500,000 profiled songs, and they are adding 15,000 songs a month. Plus, having found a way to survive while building such a large database, the database is now a big barrier to entry, because any competitor seeking to take a similar approach (patents permitting) would have to incur serious upfront costs to replicate a competitive system.

Pandora does a little search engine marketing, but principally they rely on viral marketing--build a better product and let the customers evangelize it to their friends. They claim 8.5M registered listeners, growing at the rate of 500k new registrants per month. Listeners interact with Pandora on average 7-8 times per hour to give feedback or configure things (that sounds about right from my personal experience), which is remarkable as a stickiness measure. The result of this interaction is a database of 1B thumbs up/down opinions, a gargantuan database of user preferences. Tim said that Pandora uses this database for some collaborative filtering, but it sounds like this database is could be a globally important resource if made available more widely. (I'm sure the privacy folks are running through all the ways this data could be misused.)

A couple of other interesting factoids:

* at peak hours, Pandora's traffic represents 1.5% of global Internet data
* they block International users because of the lack of Internet webcasting statutory licenses parallel to the rights enacted in the DMCA
* 94% of their database of 500,000 cataloged songs are played every day--powerful evidence of the long tail effect that consumers will enjoy otherwise obscure content if the transaction costs are low enough
* Tim said Pandora's biggest competitor is ClearChannel. Clearly, they want to own the entire radio industry, not just the Internet radio market.

Check out Pandora and see what you think. If you want a jump start and you promise not to laugh at my tastes, I can email you my heavily customized stations.

Posted by Eric at 06:00 PM | Copyright , Internet History | TrackBack

October 07, 2007

September 2007 Quick Links Part II

By Eric Goldman

Contracts

* Manasher v. NECC Telecom, No. 06-cv-10749 (E.D. Mich. Sept. 18, 2007). NECC included the following language on its invoices: "NECC's Agreement 'Disclosure and Liabilities' can be found online at www.necc.us or you could request a copy by calling us at (800) 766 2642." Not surprisingly, an arbitration clause in the referenced document wasn't incorporated into the contract because (among other deficiencies) there was no "call to action" that communicated that the referenced document was part of the agreement. HT: Tom O'Toole.

* Hofer v. The Gap Inc., No. 05-40170 (D. Mass. Sept. 28, 2007). 2 friends decide to vacation together in Jamaica. Friend 1 books the travel arrangements for both of them through Expedia. Friend 2 suffers a personal injury at the resort and wants to hold Expedia liable. Expedia invokes the liability protections in its user agreement, but Friend 2 never consented to or even saw that user agreement. No problem, says the court--Friend 1 was Friend 2's agent and therefore automatically bound Friend 2 to Expedia's agreement. For an analogous case involving software installed on a home computer, see here. HT: Tom O'Toole.

Web 2.0

* Video Professor, Inc. v. Doe (D. Colo.). Video Professor believes a bunch of individuals are committing false advertising, disparagement and other torts by bashing Video Professor's products. Video Professor knows it can't sue the intermediaries per 47 USC 230, so instead it's seeking subpoenas to unmask the gripers. This lawsuit seems misarchitected from a legal standpoint (at least, the Lanham Act portions), but it's also a really bad idea from a business standpoint--the chance of this lawsuit rehabilitating their online reputation is near-zero, and the chance of raising the profile of the gripers' comments in the search engines is near-one. Fortunately, Paul Levy is fighting back. HT: Consumer Law & Policy Blog.

* Michael Erdman reports that the Chicago Lawyers Committee v. Craigslist appeal is moving again. For a while, the case was deliberately sitting idle at the Seventh Circuit, presumably to facilitate settlement, but the Seventh Circuit has now issued a briefing schedule.

* Gary Price reports on the move in Wikipedia Germany to have all page edits reviewed by "trusted editors." More on this from the New Scientist. Yet more evidence that Wikipedia is looking increasingly like other editorially controlled content databases.

* Want to see a user community in the midst of turmoil? Check out the troubles at RateItAll. The consequence: 4 power users are gone, taking 20,000 items of content with them.

* News.com: 9 Fun Ways Web 2.0 Startups Can Commit Legal Suicide

Search Engines

* Jayne v. Google Internet Search Engine Founders, 2007 WL 2852383 (M.D. Pa. Sept. 27, 2007). This was a ridiculous pro se lawsuit that the court easily dismisses on its face. The interesting aspect is that the court says that Google isn't a state actor. This isn't the first court to say so, but it reinforces that Google and other search engines aren't subject to Constitutional restrictions.

* Google filed a motion to dismiss the American Airlines lawsuit. HT Gary Price.

* MediaPost: Personalized search results expand the number of search results that users look at and strongly improve clickthrough rate.

Content Regulation

* I missed this when it was first filed: Interactive Media Entertainment & Gaming Association v. Gonzales (D.N.J. complaint filed June 5, 2007), a First Amendment challenge to the Unlawful Internet Gambling Enforcement Act of 2006.

* American Booksellers Foundation for Free Expression v. Strickland, 2007 WL 2783678 (S.D. Ohio Sept. 24, 2007). Another state level anti-Internet porn law was struck down (this time in Ohio), but only on First Amendment grounds. Influenced by the upholding of state anti-spam laws, the court rejects a challenge to the law on dormant commerce clause grounds. This is a rare opinion saying that a baby CDA state law didn’t violate the DCC.

For Fun

* Happy birthday, smiley!

Posted by Eric at 08:33 AM | Content Regulation , Derivative Liability , Internet History , Licensing/Contracts , Search Engines , Trademark | TrackBack

September 07, 2007

August 2007 Quick Links, Part II

By Eric Goldman

* e360 Insight v. Spamhaus Project, 2007 U.S. App. LEXIS 20725 (7th Cir. Aug. 30, 2007). An email marketing company was listed on Spamhaus' ROSKO and sued for defamation and other torts in Illinois. Spamhaus took the position that US courts have no authority to render a judgment on a UK-based operation. The district court ultimately awarded $11.7M in damages and various equitable relief. The Seventh Circuit affirmed the default judgment but vacated the damages and equitable relief, sending those back to the district court to reevaluate the appropriate remedies. I understand that Spamhaus wanted to make a philosophical point by not fighting the lawsuit in the US, but had they overlooked their philosophical objections, they should have won a quick victory per 47 USC 230(c)(2).

* Perfect 10 has appealed its Ninth Circuit 230 loss in ccBill to the US Supreme Court.

* Search Engine Land had a good overview/recap article on geolocation technology. It provides a clear and easy-to-read explanation why the folks who think online businesses can just stay out of a state that enacts dumb regulations are full of crud.

* Pisciotta v. Old National Bancorp, No. 06-3817 (7th Cir. Aug. 23, 2007). Another court (this time, the Seventh Circuit) says that consumer fretting about possible future identity theft isn't enough harm to support a lawsuit. See the analogous JetBlue, Acxiom and Key cases.

* Wikipedia Scanner--an automated tool to determine who is editing Wikipedia pages. Katie Hafner's NYT article on the matter. David Hoffman does a little sleuthing on law firm edits.

* NYT: In the 1990s, a lot of people sought to build an infrastructure for micropayments. Consumers resisted them, but today those efforts seem a little silly--AdSense advertising can generate the same financial benefits for a web publisher without the overhead. Meanwhile, the credit card systems are being stretched to cover micro-transactions because merchants are aggregating a consumer's orders and processing them in bulk (rather than processing each one individually) as a way to reduce the transaction costs.

* NYT: "As video games have surged in popularity in recent years, politicians around the country have tried to outlaw the sale of some violent games to children. So far all such efforts have failed."

* AP: Chinese animated cops will be patrolling the Information Superhighway beat.

* Tired of negative reviews on Yelp, a San Francisco restaurant put up a sign saying "no Yelpers." I wonder if a sign like that lessens or exacerbates negative publicity.

* NYT: Book authors obsessively check Amazon sales rankings and try to game them.

* Facebook accidentally posted some of its source code to a public website. Surely an interesting development for ConnectU's discovery team!

* Another Internet company hires its own in-house economist--this time, virtual world Eve Online.

* A nice retrospective on the Cleveland Free-net, which at one point was a prominent component of the Cyberspace community.

* I have one free guest pass to the CLE International New Media Law conference in SF on Oct. 1-2. Free to the first person who sends me an email request. [SORRY--TAKEN!]

Posted by Eric at 09:48 AM | Content Regulation , Derivative Liability , E-Commerce , General , Internet History , Privacy/Security , Virtual Worlds | TrackBack

August 13, 2007

2007 Cyberspace Law Syllabus

By Eric Goldman

I've posted my 2007 Cyberlaw syllabus. Unlike the past few years, which were a little slow cyberlaw-wise, the past 12 months saw a lot of important developments. Let me recap some of changes I made to my reader reflecting these developments:

Additions

Copyright: I added the Cablevision case (after editing out some of the mind-numbing description of cable technology), which provides an interesting exposition on how the source of bits matters in copyright law (we'll reinforce that message with the Amazon.com "server test"). I companioned the Cablevision with the Field case to show a very different philosophy about "volitional" server activity, so I'll ask the students to see if they can reconcile the two cases.

I struggled with how to handle the Ninth Circuit's troika of Perfect 10 opinions. The opinions are long, complicated and irresolute, but it's hard to discuss one without discussing the other two. I decided to include all three but I don't feel great about that decision, given that it takes 115 pages (about 1/6 of my total reader) to work through the three cases, and I'm not sure students will come away any smarter about Ninth Circuit online copyright law after reading all three.

Trademark. I substituted the FragranceNet case for the 1-800 Contacts v. WhenU case. The 1-800 Contacts case remains a very important keyword law precedent, but as a teaching case it was just so-so. The adware subject matter increased the complexity, and it punted on the most interesting question of search engine liability. However, most of the other recent keyword law cases have been even less teachable. Fortunately, the FragranceNet case does a pretty job of recapping the 1-800 Contacts case as well as other recent decisions, and it frames the policy issues nicely. I've paired it with the Playboy v. Netscape case, which will make a good compare/contrast. However, if the Second Circuit gets off its duff, I'd be thrilled to substitute in the court's opinion in the Rescuecom appeal. (I'd be even more thrilled if the court reaches the "right" result!).

I also updated my materials to reflect the Trademark Dilution Revision Act.

230. I continue to stick by the seminal Zeran case, which remains both powerful precedent and a colorful teaching case. However, this year I added the Ninth Circuit hairball Roommates.com opinion. I really didn't want to--it's such a messy opinion--but I think for now the case represents a vitally important incursion into 230 law that any good Cyberlawyer needs to know about it (even if they don't know what to do about it). If we're lucky, perhaps the Ninth Circuit will rehear the case en banc and issue a new and more lucid opinion before I have to teach the existing opinion.

In addition, I created a new module on "blogs and social networking sites" and added the Doe v. MySpace case, a great opinion for exploring the differences between online and offline "premises."

Spam. I teach spam at the semester's end, when time is running out, so we'll see what I'm actually able to cover this year. I've added two recent cases: the Mummagraphics case, which wiped out a lot of state anti-spam laws and has a nice interplay with trespass to chattels, and the MySpace v. theglobe.com case, which has an odd contrast with Mummagraphics on the state anti-spam statutory analysis; plus it shows how online contracts can substitute for legislative rights.

Other. I added some explanatory material, including my standard dog-and-pony CLE presentations on keyword law and blog law and my brief distillation of social networking site law. I also updated the CRS on Spyware.

Other Changes

* I eliminated my standalone section on "search engines" and folded the material into the rest of the reader. I think there's pedagogical value to isolating and deeply exploring search engine issues, which is why I initially segregated the material. However, search engine issues crop up throughout the foundational material, so I'm not sure that segregation worked.

* I deleted the following material:
- Corbis v. Amazon. This was an excellent case to teach 512, but I think the ccBill case superseded it in a number of respects.
- the district court opinion in Perfect 10 v. Google, which was superseded by the Perfect 10 v. Amazon Ninth Circuit opinion.
- 1-800 Contacts v. WhenU (as discussed above)
- Alaska SB 140, which I ran out of time to discuss last year.

Deliberately Excluded

* The Utah anti-keyword advertising law represents one of the most important statutory changes of the year, but I omitted it because I anticipate Utah will modify it, and there's no point teaching a moot law.

* I skipped the Unlawful Internet Gambling Enforcement Act. I've generally shied away from teaching online gambling in Cyberlaw; the topic requires a lot of time to teach, making it hard to squeeze into a semester-long survey course. Plus, the new law is an analytical mess, so I'm not sure what the students would get out of the discussion.

* We were so excited to get the California Supreme Court's Barrett v. Rosenthal ruling, but the actual opinion doesn't add much to Zeran, so I thought it wasn't worth the time.

Posted by Eric at 07:57 AM | Adware/Spyware , Copyright , Derivative Liability , Internet History , Search Engines , Spam , Trademark | TrackBack

August 04, 2007

Taking Intangible Electronic Files is Criminal Fraud--NM v. Kirby

By Eric Goldman

New Mexico v. Kirby, 2007-NMSC-034 (N.M. June 13, 2007)

This is a very confusing case, so maybe you can help me figure out what it means. At minimum, this case highlights the problems that can be arise when a web design/development relationship goes sour. More broadly, it also contributes to the already confused case law about when intangible electronic records can be "stolen," but this lesson comes at a high cost--in this case, 18 months of jailtime for the defendant.

Facts

According to the Supreme Court's statement of facts, Kirby retained Collett, a website designer, to "develop[] and/or improv[e] a World Wide Website to be installed on the client's web space on a web hosting service's computer." I believe the site at issue is environmentalbenefits.com. The agreement specified that Collett retained the copyright "to the finished assembled work of web pages" and Kirby would be "assigned rights to use as a website the design, graphics, and text contained in the finished assembled website" after Kirby paid the contract price of $1,890 plus tax.

But Kirby never paid Collett--although, according to this site, Kirby paid with an allegedly bum check. Kirby also changed the password for the designed website, which effectively cut off Collett's ability to access those files--the files that, per the contract, Collett still owned.

If Kirby stiffed Collett, it seems like Collett had several legal options, including breach of contract and copyright infringement. Instead, this case went to state prosecutors, who prosecuted Kirby for criminal fraud based on Kirby having taken "a Website Design belonging to Loren Collett, by means of fraudulent conduct, practices, or representations." The jury convicted Kirby, and the Supreme Court affirmed. According to this site, Kirby was sentenced to 18 months in jail.

Questions

This case raises some tough issues, including:

* Why did NM prosecutors pursue this case? On its face, this looks like a garden-variety $2000 commercial dispute. Heck, it could have been handled in small claims court. Instead, Kirby get a felony conviction and jailtime. Huh?

* Did Collett retain a duplicate copy of his files in his possession? If so, how did Kirby "take" non-rivalrous electronic files?

* In that vein, why isn't this crime preempted by copyright law? Copyright preemption is inherently confusing, so I don't feel too bad about being confused here. Indeed, on its face, a commercial fraud crime should be sufficiently removed from copyright law to avoid preemption easily. But in this case, Kirby was prosecuted for converting Collett's intangible files. This sounds a lot like copyright infringement to me. Of course, this ruling isn't completely unprecedented: cases like Kremen v. Cohen and Thyroff have held that intangible electronic records can be converted, though I think the copyright preemption analysis in these cases is hardly satisfying (plus, the recent Utube case held that an intangible asset could not result in trespass to chattels). Though the case talks about copyright a lot, there's no reference at all to preemption--perhaps it wasn't raised by the public defender?

Lessons

1) This case reminds us of the importance of drafting a website development agreement properly. For example, the contract's provision that Kirby would be "assigned rights to use" the website is fatally ambiguous. I wrote a lot on the issues associated with web development agreements in the 1990s; see, e.g.,
* A Fresh Look at Web Development and Hosting Agreements (1998) with sample web development agreement
* Top 10 legal issues for clients of Web developers (1996)
* Pitfalls in Outsourcing Your Website (1996)

In particular, the excerpted contract language indicates that the parties were struggling with defining their respective ownership interests. This is a typical area of confusion; I racked up a fair amount of billable hours in the late 1990s on this very point with people (including opposing lawyers) who didn't get it. Even when the deal value is low, a savvy lawyer can add significant value, at relatively low cost, helping the parties understand this topic.

2) This case reminds us that, unless the contract specifies otherwise, the web designer owns his/her web development work product even if the retaining party pays for the work. This isn't new either (web development lawsuits from the 1990s addressed this point), and here the parties actually expressed addressed ownership in their contract. Nevertheless, caveat emptor!

3) This case extends the meme that intangible electronic records are just as tangible as chattel for conversion purposes. I remain concerned in general about this trend. We may benefit from a careful rethinking about the implications of rivalrousness on conversion doctrines.

4) I'm trying to figure out how broadly this case could apply. For example, would it apply in other circumstances where a party cuts off another party's access to electronic files by changing a password? With little effort, I can think of two: (1) divorcing spouse cuts off spouse's access to shared account containing copyrighted works, and (2) website terminates customer by changing the password, cutting off access to copyrighted material stored in the account (I'm assuming the contract doesn't expressly grant this right). Each fact pattern appears indistinguishable from the elements at issue in this case, although there may not be the requisite scienter to find fraud. if there were (for whatever reason), this case could expand the realm of criminality much further than we might have anticipated.

5) No matter what, the Supreme Court opinion and some of the source materials at this site strongly indicate that the New Mexico judicial system still doesn't understand Internet technology very well. If this were a typical civil case, that would be a shame; if this technological confusion directly led to jailtime for the defendant, it may have produced a travesty.

Posted by Eric at 04:05 PM | Copyright , Internet History , Licensing/Contracts , Trespass to Chattels | TrackBack

August 01, 2007

July 2007 Quick Links, Part II

By Eric Goldman

Virtual Worlds

* After a remarkable run as media darlings, Second Life is now experiencing some of the inevitable backlash. Case in point: Wired's "How Madison Avenue Is Wasting Millions on a Deserted Second Life." In this respect, Second Life reminds me a little of Keen.com--both provide fantastic platforms for monetizing user-generated content, but that powerful economic platform is likely to take root primarily in the sin businesses (porn, gambling, etc.). (FWIW, Keen.com appears to have cleaned up the dial-a-porn and is now focused exclusively on dial-a-horoscopes). As a result, it will be interesting to see what happens to Second Life's numbers in response to their anti-gambling crackdown. Meanwhile, lawyers--the classic late adopters--are gushing about Second Life's potential as a business generator--an interesting counter-perspective to the Wired article.

* World Copyright Law Report: "Some residents have been using a rogue version of a program called CopyBot to make a copy of anything in the Second Life world, thus threatening to undermine the whole basis of the Second Life economy."

Wikipedia

* More marketers wake up to the value of inserting links into Wikipedia despite Wikipedia's nofollow tag. See my earlier explanation of this. Meanwhile, a Wikipedia administrator talks about what Wikipedians consider white hat practices for marketers.

* Willing to cite to Wikipedia in your legal briefs? Need some custom-tailored authority to support your argument? Edit Wikipedia to say what you want!

* Mike Godwin has become Wikimedia’s GC. You may recall that Mike and I bet about Wikipedia’s future; it appears he has raised the stakes on that bet substantially!

User Generated Content

* "GC's Client from Hell": Whole Food's CEO John Mackey pseudonymously posted about his company's stock and his competitor's stock on Yahoo Finance. The WSJ article has some of the juiciest postings. The NYT on CEO "sock puppetry."

* A restaurant owner used consumer reviews from Yelp as part of deciding to fire employees.

* Interesting interview with the pseudonymous founder of a pay-for-Diggs business.

Blogs

* The ABA Journal has entered the crowded field of blawg directories with one of their own.

* Blawgworld 2007: 77 blawgers chose their favorite posts, which were compiled into an e-book. The compilation turns out to be a great way to get noisy blawgers to promote their brilliant contributions to the e-book, which generates traffic and link love for the publisher, which in turn creates a nice delivery vehicle for sponsored content/advertising.

Miscellaneous

* Asch Webhosting, Inc. v. Adelphia Business Solutions Investment, LLC, 2007 U.S. Dist. LEXIS 52932 (D. N.J. July 23, 2007). IAP terminates customer based on complaints that customer was a spammer. Court holds that the consequential damages waiver applies, effectively negating customer's alleged damages. Rejecting the customer's argument that the termination was in bad faith, the court says: "Plaintiff’s arguments about the accuracy of the spamming complaints do not change the Court’s determination because regardless of the ultimate accuracy or veracity of the spamming complaints, defendant was entitled to rely on those complaints so long as it did so in good faith, and plaintiff has not demonstrated any bad faith by defendant." HT: Technology Law Update.

* Consumer Law & Policy Blog: "companies in two recently filed federal cases explicitly invoke [the recent Supreme Court decision in] Leegin as a justification for terminating the eBay auctions of competitors that charge lower prices online."

* Declan on whether anti-spyware vendors are screening for "fedware" (government keystroke loggers designed to capture data before it's encrypted).

Fun

* More proof that technology can save lives: During a power outage at a hospital, doctors were able to complete a surgery using the light of open cellphones.

* I’m a new fan of Oddee. Some recent posts (it helps to think about sexual connotations when interpreting the photos):
- "15 Unfortunately Placed Ads."
- "Most Unfortunate Logos Ever"
- "Unfortunate Business Names.”

Posted by Eric at 11:06 AM | Adware/Spyware , E-Commerce , General , Internet History , Marketing , Spam , Virtual Worlds | TrackBack

July 31, 2007

July 2007 Quick Links, Part I

By Eric Goldman

Search Engines

* According to this study, up to 40% of search queries are "re-finding queries" (i.e., the searcher is trying to re-find previously viewed information). The implication: "Because people repeat queries so frequently, search engines should assist their users by providing a means of keeping a record of individual users' search histories, perhaps via software installed on the user's own machine." As I've said before, search engines necessarily will need client-side software to see more consumer behavior if they want to improve relevancy for consumers. HT Greg Linden.

* People are spoofing the Googlebot.

* Hal Varian, a first-rate scholar at Berkeley's SIMS, is now Google's chief economist. I don't know how many other Internet companies have economists-on-staff, but I could see this as a growth area.

Intellectual Property

* Prediction: at least one person will go to jail for prereleasing the new Harry Potter book. It's just too conspicuous for the feds to ignore. Indeed, at this point, it seems unavoidable that every launch of an eagerly anticipated copyrighted work will also involve criminal prosecutions for unauthorized prereleasing (see, e.g., this post). Meanwhile, BusinessWeek is marveling at how many websites are now cooperating with copyright owners rather than fighting them.

* Capitol Federal Sav. Bank v. Eastern Bank Corp., 2007 WL 1885134 (D. Kan. June 29, 2007). Kansas TM owner lacks jurisdiction in Kansas over New England bank allegedly committing TM infringement, even though the New England bank bought keyword ads on the trademark (but, those ads were geo-targeted to Massachussetts). Along the way, the court (as usual) cites to Zippo but rejects the "website doing business" prong, instead requiring the plaintiff to show that the website was doing business in the forum jurisdiction.

* Masterson Marketing, Inc. v. KSL Recreation Corp., 2007 WL 1975425 (S.D.Cal. April 13, 2007). Oh man, what a crazy lawsuit. Freelancer takes product shot of hotel and licenses photo to hotel. Hotel then provides photo to third party websites (such as Expedia) as a way of promoting the hotel. The freelancer claims the hotel breached the license and proceeds to sue what seems like every website in the travel industry. This case is now going on 5 YEARS...over a product shot. (Disclosure note: I worked a little on the case when I was affiliated with Epinions, which is one of the defendants. Yes, it's that old). This ruling deals with the hotel's attempt to recreate the product shot with a different photographer. The court grants SJ to the defendants on the copyright infringement of a recreated shot (per ETS-Hokin). The court also makes it clear that the plaintiff isn't going to get any of the plaintiff's profits, which I assume means the plaintiff is going to get bubkus damages (plaintiff isn't eligible for statutory damages).

* From the NY Times: Mr. Skin is a website that provides subscribers with access to pictures and videos of naked actresses taken from movies. Mr. Skin doesn't normally get permission from copyright owners, seemingly making it a prime target of a business-ending copyright lawsuit. It tries to justify the wholesale republication of clips and stills under the guise of fair use because it claims to be a movie review site, but I doubt that many judges would find that argument very persuasive. However, movie studios have realized that promotion via Mr. Skin increases demand for the movies ("sex sells"), even if Mr. Skin is already showing the "money shot" on its site. As a result, instead of getting lots of C&D letters, Mr. Skin gets lots of promotional copies from movie studios.

* Microsoft is trying to patent what Ars Technica describes as the "mother of all adware." Microsoft is also trying to patent a system for tracking people to deliver relevant advertising. People may find these patents a little creepy, but I see them as both inevitable and ultimately a good thing.

* Washington Post: a new website is trying to position the purchase and resale of exclusively branded fashion items (e.g., Birkin purses) as an investment. And to stabilize the investment decisions, the website screens out the knock-offs and certifies authenticity.

* Domaining to become a $4B/year industry?

Posted by Eric at 12:40 PM | Copyright , Domain Names , Internet History , Patents , Search Engines , Trademark | TrackBack

July 02, 2007

June 2007 Quick Links

By Eric Goldman

Email

* Spam cases are coming at a regular clip, and it's tricky divining the latest state of the law. Two recent cases that caught my attention:
- US v. Impulse Media Group, 2007 WL 1725560 (W.D. Wash. June 8, 2007). This case involved a porn site that used affiliate marketers who didn't comply with the porn spam labeling requirements. The government argued that the advertiser should be strictly liable for this breach, but the court fairly emphatically rejected that (same as Cyberheat). But the news isn't all good for the defense, as the court also rejected its SJ motion, showing that the question of scienter about affiliate behavior remains a tough one for courts. Venkat's writeup.
- Kleffman v. Vonage Holdings Corp., No. 07-2406 (C.D. Cal. May 22, 2007). A nice complement to the Facebook v. ConnectU case, each holding that aspects of California's anti-spam laws are preempted by CAN-SPAM. In this case, the targeted behavior was the fact that the emailer may have used multiple email addresses to bypass electronic spam filters, but there wasn't anything false/deceptive about each email itself. See the BNA write-up and Venkat's writeup. I've lost track of the preemption cases, but it seems like state anti-spam laws are really getting munched after the Mummagraphics case.

* NYT on the pros/cons of captchas.

* Goodmail has expanded its pay-to-email system to Comcast, Cox, Roadrunner and Verizon.

Intellectual Property

* In Explorologist v. Sapient, involving the posting of a video deconstructing Uri Geller's act, the defendant is arguing (per CCBill) that 47 USC 230 preempts British copyright law.

* A rushed high school yearbook editor downloads lots of Facebook photos and adds them to the yearbook to fill space. Not a good idea!

* Techdirt: Who owns the right to license the design of military weapons to toy manufacturers?

* Marty on intellectual property protection for sexual activity.

Contracts

* A California man claims he bought a Gateway computer that never displayed text properly. Is he bound to the clickthrough agreement displayed on bootup? If this is the only way Gateway presented its contract, the answer should be no.

* At a conference at Southwestern Law School, I heard Prof. Lon Sobel talk about "idea submission" law. He illustrated the phenomenon that "where there's a hit, there's a writ": he suggested that hit TV shows produce an average of 6 "you stole my idea” demand letters. The great 1980s movie Coming to America produced 12 such letters, which resulted in 7 actual lawsuits. Interestingly, Prof. Sobel made the case (implicitly, not explicitly) that there is no separate law of "idea submissions," but rather any such doctrines are subsumed within standard contract law.

eBay

* eBay has changed its stance towards fighting counterfeiters, and it now does more policing itself.

* eBay shill bidder pays $400k to settle with NY AG.

Social Networking/Blogs

* The NCAA kicked a reporter out of the stadium for live-blogging the event. Tip to NCAA: It’s neither possible nor wise to control the flow of real-time information. Get over it. HT: Techdirt.

* Just came across this article: Stacey Schesser, MySpace on the record: The admissibility of social website content under the Federal Rules of Evidence, First Monday, volume 11, number 12 (December 2006).

* Wired: 7 MySpace sex offenders busted.

Marketing/Advertising

* AMCO Ins. Co. v. Lauren-Spencer, Inc., 2007 WL 1795970 (S.D. Ohio June 20, 2007). Insured offers jewelry from a website. Third party claims that the insured's jewelry constituted copyright infringement. Insured tenders the lawsuit to her insurance company under the advertising injury policy. Insurance company seeks a DJ of no coverage. The court says that the website constitutes advertising for the products, and so the policy applies to photos of the allegedly infringing jewelry items, even if the photos themselves were created by the insured. Observation #1: The advertising injury policy is very helpful to web businesses. Observation #2: Due to cases like this, I suspect insurance companies are reducing their willingness to offer advertising injury coverage to web businesses.

* Taylor v. XRG, Inc., 2007 WL 1816142 (Ohio App. Ct. June 21, 2007). The defendant was a vendor retained by bulk fax senders that handled consumer responses, including opt-outs from future faxes. Court held that the vendor wasn't liable for any TCPA/state anti-junk fax laws allegedly broken by the fax sender.

* Newish ad format: ads running 2 seconds in duration.

Search

* It's taken me a while to digest some of Google's new efforts. First, Google released two tools (a new toolbar button and a new personalized tab) to anticipate searchers' needs based on their past searches. Second, Google expanded its search history to incorporate all aspects of a user's searching through its services (what it calls "web history"). Meanwhile, Google has reduced its storage of personalized search data from 18-24 months to 18 months before that data gets anonymized. FWIW, I've been using Google personalized search since November 2005 (presumably, some of my data will be flushed any time now). Google has now captured almost 12,000 searches (with a high so far of 255 searches in a single day). Despite this, Google still doesn’t do a good job making predictions for me.

* Another great study from Jim Jansen (see the last one I blogged about). This one presented identical search results branded from different search engines and found that consumer ratings of relevancy varied based on the brand (Yahoo and Google came out on top). The logical inference--branding does matter to perceptions of relevancy. HT: SEL.

* Matt Cutts on the various ways humans affect Google search.

Domain Names

* Denmark's .dk TLD registry has enacted rules targeted at wiping out domainers. See here (Sec. 8.3.6).

* What's hotter than iPhones? iPhone-related domain names.

Adware/Spyware

* Declan on the latest legislative rally against spyware, the Senate's Counter SPY Act.

* The FTC issued final approval for the DirectRevenue settlement of $1.5M. Commissioner Leibowitz dissented, saying the cash payment was too light.

Online Reputations

* Avvo has filed a motion to dismiss the lawsuit over its ratings of attorneys. The motion is very heavy on the 1st amendment and very light on 230. HT: WSJ Law Blog.

* The Washington Post gushes about Reputation Defender and its competitors, without really acknowledging the value of reputational accountability or the potential for takedown/pushdown abuse.

* Entrepreneurs figured out a way to game FICO scores. Fair Isaac will try to close the loophole.

* Ed Magedson of Rip-Off Report was the victim of a vicious harassment campaign demanding that he remove complaints from the site.

* Lengthy NYT article on Wikpedia. Not much new there, but it does hint at the young age of Wikipedians, and it talks about how "pride of ownership" motivates Wikipedians.

Other

* June 26 was the 10 year anniversary of the classic Reno v. ACLU Supreme Court opinion.

* The NYT has launched a new technology blog called BITS.

Posted by Eric at 02:37 PM | Adware/Spyware , Content Regulation , Copyright , Derivative Liability , Domain Names , Internet History , Licensing/Contracts , Marketing , Search Engines , Spam , Trademark | TrackBack

June 03, 2007

May 2007 Quick Links

By Eric Goldman

Spam

* MySpace Inc. v. The Globe.com Inc., No. CV 06-3391 RGK (C.D. Cal. Feb. 27, 2007). This case has some personal interest because theglobe.com was one of my flagship clients before I left the law firm in 2000. This ruling held theglobe.com liable under CAN-SPAM, California's anti-spam law and the user agreement for spamming within the MySpace network. See the BNA writeup. Among other remarkable angles of this ruling, the court upholds the liquidated damages clause based on the anti-spam restrictions in the contract. Based on this adverse judgment, in April the parties settled for over $2.5M —basically, all of theglobe.com’s remaining cash, leaving its survival in serious jeopardy.

Domain Names

* Domainers are hot. Business 2.0 article on Kevin Ham, a major domainer who has wildcarded Cameroon's .cm TLD. NYT article on NameMedia, which owns 725,000 domains.

* From the AP: Entrepreneurs loaded up on Virginia Tech- and victim-related domain names following the massacre.

Marketing

* Broadway producer Scott Rudin was annoyed that the New York Times' website published user-submitted reviews of his play. To tweak them for doing so, the play cherry-picked some comments from the users' submissions and ran them in ads for the play with the attribution "The New York Times Online." An NYT editor objected to that attribution because it connoted an editorial judgment of the paper, rather than the paper's readers. Read the fun back-and-forth between Rudin and the editor.

* From the Washington Post: Billboards are the second-fastest growing ad category (after the Internet) due to increased traffic congestion and new digital billboard technology. And a technologist has developed eye-tracking technology that may let billboard advertisers accurately count eyeballs.

* Optima Funding, Inc. v. Strang, 2007 WL 1430699 (Cal. Ct. App. May 16, 2007). A mortgage company said it never sent unsolicited faxes or authorized anyone to do so on its behalf, but it did use lead generation companies. Strang sued Optima repeatedly in small claims court for TCPA violations. Optima struck back with a 17200 claim, basically saying that Strang was falsifying evidence to connect Optima to the faxes. In this ruling, the California Appellate Court upholds Strang's anti-SLAPP motion to strike.

* NYT: Custom postage stamps haven't really caught on. (Note: I just tested on them in my IP course exam).

* NYT: "The High Price of Creating Free Ads." Advertisers may not save any money by relying on user-generated ads. See my previous blog post about the legal costs of UGC ads.

* Rebecca discusses false advertising developments in one of our least favorite 1201 cases, Static Control v. Lexmark.

* AP: Wisconsin bar owner gets a ticket for serving Coors Light beer using a Miller Lite-branded tap. He should have known better than to cross the only major brewery still in Brewtown by serving Colorado beer.

Search Engines

* Brodsky v. Yahoo (C.D. Cal. complaint filed May 11, 2007). A stockholder derivative lawsuit against Yahoo alleging that Yahoo inflated its stock price by hyping its ad businesses. I read through the lengthy complaint and found it mostly nonsensical. For example, consider this allegation of wrongdoing: "whereas Yahoo!’s rivals were paying high-traffic vendors to route traffic through their Web sites, Yahoo! was charging large vendors for access and was dependent on that revenue to make its revenue targets, making Yahoo!’s Web site a less desirable location for vendors to drive traffic to." Huh? Search Engine Land has more.

* Google has blacklisted all term paper websites from its AdWords program. Reminds me a little of Macellari v. Carroll

Intellectual Property

* Grisman v. YouTube, Inc., C-07-2518 (N.D. Cal. May 10, 2007). Second class action lawsuit against YouTube (and third major broadside, including the Viacom lawsuit). Appears to be highly derivative of the Football Association Premier League lawsuit (see the WSJ Law Blog for more on this).

* Clark v. Amazon.com, CIV S-05-2187 (E.D. Cal. May 10, 2007). Clark published a book, sold 187 copies and gave away 234. He sued Amazon (and other online booksellers) claiming that he alone had the exclusive right to distribute the book, so their resales were infringing. Amazon responded that the resales were covered by the First Sale doctrine. Clark responded by saying that Amazon sold more copies than he sold/gave away, but that's because Clark mistakenly believed that a seller's lifetime transactions rating were all based on sales of his book. Summary judgment for Amazon.

* Like other content producers, pornographers are feeling the sting of online competition--especially due to the low barriers to entry of amateur-produced content.

* From Washingon Post: Appraisers are going to war over recycling of data they generate during appraisals, which they claim violates promises made to them. When I was guest-blogging at Concurring Opinions, I blogged on the possible IP angles of this dispute.

* BusinessWeek: "Faking out the Fakers: Faced with a tidal wave of counterfeit goods, companies are turning to secretive sci-fi technology. But crooks catch on fast." It's like the analog version of DRM.

* The USPTO's collection of aural TMs.

Miscellaneous

* Bray v. QFA Royalties LLC, 2007 WL 1306517 (D. Colo. May 3, 2007). Posting a suicide note on a private franchisee-group's website isn't grounds for termination of franchises. See Wiggin and Dana's writeup.

* Nazaruk v. eBay, Inc., 2007 WL 1417287 (10th Cir. May 15, 2007). In a non-substantive opinion, the 10th Circuit upheld the venue clause in eBay's user agreement. My post on the district court opinion.

* Washington Post article on individuals declaring "email bankruptcy," i.e., deleting everything in their in-box and starting afresh.

* To mitigate risk, the Concurring Opinions multi-contributor blog has been converted into an LLC.

* University of San Francisco has created a single page aggregating blogs from the entire USF community.

Posted by Eric at 12:59 PM | Content Regulation , Copyright , Derivative Liability , Domain Names , Internet History , Licensing/Contracts , Marketing , Search Engines , Spam , Trademark | TrackBack

June 01, 2007

UCC 2B/UCITA Resurrected--ALI's Principles of the Law of Software Contracts

By Eric Goldman

Let me start with two relatively uncontroversial propositions:

1) UCC Article 2, drafted principally in the 1950s, was designed to govern the sale of tangible items, not software
2) Accordingly, Article 2 fits awkwardly when applied to "intangible goods" like software

Given this, it seems eminently logical that the UCC should have an Article 2 complement written specifically for intangible goods. This premise animated the efforts to draft the proposed UCC Article 2B back in the 1990s. It sure seemed like a good idea at the time. The project may have made some poor drafting decisions (particularly the decision to extend 2B to apply equally to both functional software and "inert' data, which makes logical sense but also quickly expanded the effort's enemies), but the project was ultimately doomed by politics.

When the 2B project died, in its wake it left the same perceived doctrinal hole and a very large draft document. That draft morphed into UCITA, a draft with most of the same objections as UCC 2B and fewer supporters. I was always amazed that anyone adopted UCITA at all, but the early adopters--Maryland and Virginia--now look a little foolish. They are stuck with a highly complex law that is non-standard compared to the rest of the nation; and numerous states adopted anti-UCITA laws making the Maryland/Virginia law inapplicable to their residents. The contracts I've done with Maryland/Virginia companies invariably exclude the application of UCITA; and I'm reasonably confident that UCITA causes Maryland and Virginia companies to routinely lose negotiations over venue selection clauses in their contracts. With no one invested in UCITA and lots of remaining resistance to it, it just seems like a matter of time before Maryland and Virginia repeal UCITA.

Meanwhile, perhaps the third time is a charm. The American Law Institute is trying again to develop a law to govern software contracts in a project entitled "Principles of the Law of Software Contracts." The reporters are Robert Hillman from Cornell and Maureen O'Rourke from BU.

The project has two interesting architectural aspects. First, it purports to apply only to software, not content, so it seeks to avoid the topical sprawl that doomed the 2B/UCITA effort. Second, as a "Principles" project, it is not intended to be a model law, and there's no expectation that a final draft will be proposed to any legislature for adoption. Of course, this raises the question about the value of the effort--if it's not a model law, and it's not a treatise, what is it, and how will it help?

I skimmed through the first draft and, despite the amorphous purpose, it struck me as a thoughtful starting point for discussion on an important topic. More work needs to be done, and I will need to organize my thoughts about some of the points that didn't make sense to me. Fortunately, there's no immediate rush. ALI's projects tend to take several years, so we'll hear more on this project in the next few years.

Posted by Eric at 10:45 AM | Internet History , Licensing/Contracts | TrackBack

May 28, 2007

Facebook's Lawsuit Against Competitive Email Harvesting Continues--Facebook v. ConnectU

By Eric Goldman

Facebook, Inc. v. ConnectU LLC, 2007 WL 1514783 (N.D. Cal. May 21, 2007)

A universal truth of the digital era: a website displaying user email addresses will be targeted by email harvesters sweeping up those email addresses to spam the users--either to poach a competitor or to send bona fide spam. This is hardly a new phenomenon; I can't believe it's been almost a decade since eBay's competitor Onsale harvested eBay users' addresses and sent competitive spam (an action which prompted eBay to encourage users to adopt handles that weren't the users' email addresses).

Social networking sites have lots of user contact info that makes them juicy targets for the harvesters, so they have had to be particularly vigilant against spammers. In this case, Facebook sued a competitive social networking site, ConnectU, for a harvesting/spam attack. (This isn't the only battlefront between the parties; in separate litigation, ConnectU claims that Facebook stole ConnectU IP). In this ruling, ConnectU moves to dismiss Facebook's claims, with limited success.

The most interesting ruling relates to California Penal Code 502. If you haven't looked at this statute recently, you'll be amazed at its breadth and the fact that it provides for civil remedies in the penal code. The operative provision here restricts "Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network." Apparently, ConnectU provided a tool that enabled Facebook users to provide ConnectU with their login credentials, which ConnectU then used to grab data from Facebook's servers. (I tested on very similar facts in my 2006 Cyberlaw exam--see Q2). The court has no problem saying that, as alleged, ConnectU knew it was accessing Facebook's servers and took data without Facebook's permission. There have been other 502 rulings in California, but this ruling reminds us of the statute's scope and its utility as an anti-trespass doctrine.

The court also dismisses (with a grudging leave to amend) Facebook's various anti-spam statutory claims. First, the court holds that Cal. B&P 17529.4 and 17538.45 are both preempted by CAN-SPAM. I've lost track of all of the state anti-spam preemption cases, but I think it's significant that the court casually wiped these two California statutes off the books. Second, the court dismisses Facebook's federal CAN-SPAM claim because Facebook didn't allege that ConnectU's emails contained false/misleading header info. (Even if there was falsity, the Mummagraphics court suggests it would have to be material to be actionable).

Posted by Eric at 09:35 AM | Internet History , Spam , Trespass to Chattels | TrackBack

May 02, 2007

Utah's "Don't Email the Kids" Registry a "Financial Failure"

By Eric Goldman

A couple of years ago, Utah and Michigan adopted laws creating "don't email the kids" registries (called the "Child Protection Registry"--see Utah's and Michigan's). These laws allow parents to register email addresses held by kids and requires marketers sending email/spam that's inappropriate for kids to check the registry and screen out the kids' addresses.

Policy-wise, these laws are broadly appealing. First, everyone hates spam, so anything that might reduce spam is ipso facto a good thing. Second, this law is designed to protect kids from Internet evils—a politician’s nirvana!

However, I don’t think either of these rationales (reduce spam or protect kids) capture the real reason why these laws were enacted. Instead, I suspect pure-and-simple economic opportunism. In practice, the law is just an email tax. Legitimate companies concerned about legal compliance will pay to check the registry, creating a stream of new tax revenues mostly generated from out-of-staters. (Naturally, illegitimate spammers won’t comply with the law under any circumstance). You can imagine how politicians would eagerly leap at the opportunity to get a couple farthings' tax on email traffic. CA-CHING!

Meanwhile, only one company--Unspam, a for-profit company--operates a "don't email the kids" registry. I can imagine how this could be a great sales pitch to generate demand for Unspam’s services: Hey legislators, enact the law, generate new tax revenues on email traffic, you get an economic windfall, we get a cut, and EVERYONE WINS!

Despite this seductive pitch, we’ve learned that the "don't email the kids" laws are riddled with problems. For example, mechanically Unspam's registry doesn’t try to authenticate that registered emails are associated with kids, turning the registry into an across-the-board do-not-spam registry (something I think isn’t good policy). The law also suffers from the sheer illogic of trying to erect geographic borders on email traffic; a federal district court didn't agree with this concern, but we may not have heard the final word on this point.

Plus, there's the challenge of protecting the privacy of kids' email addresses in the database. As Wendy Davis of MediaPost reported last Fall:

It's now come to light that several weeks ago, a state employee in Utah released the e-mail addresses of four minors to the Email Sender and Provider Coalition. That gaffe occurred even though Unspam--the private agency managing the list--said it was inconceivable that the list would ever be divulged. "Even if ordered by a court or held at gunpoint, there is no feasible way that I, any Unspam employee, or any state official could provide you even a single address that has been submitted for compliance by any sender," Prince reportedly said in an affidavit.

WHOOPS!

Even more problematically, according to the Salt Lake Tribune, the law has been a "financial failure": the law was projected to bring $3-6M in revenues to the state, but gross revenues have been $187,224, split 80% to Unspam and 20% to Utah—netting Utah a grand total of $37,445. Worse, the law has cost Utah a lot of money, including the following directly attributable expenses:

* $58,000-a-year in prosecutorial fees (estimated cost in original law--not sure if this money has been spent)
* $75,000-a-year for a full-time Department of Commerce investigator (estimated cost in original law--not sure if this money has been spent)
* $100,000 for a private lawyer to defend the law in court (under a contract that could cost up to $200,000). Utah undertook this expense only after Unspam incurred $70,000 of defense costs itself and then cried “no mas,” although the Salt Lake Tribune article indicates that during pre-passage discussions, Unspam may have suggested that it would solely bear the defense costs.

I'm sure this law imposes other "soft" costs throughout the Utah governmental system, plus there are the transaction costs and deadweight losses inherent in any tax. But ignoring these indirect costs and evaluating the law strictly on a cash basis, this law still looks like a bad economic decision for Utah.

There is a meta-lesson here: legislatures rarely can add to state coffers via Internet regulation. Unfortunately, Utah hasn’t yet internalized this lesson despite two highly visible failures. First, in 1995, Utah enacted a digital signature law designed to capture a little piece of the e-commerce pie by becoming the safe haven for digital signature vendors--but there were no takers, so the law sat on the books unused for a decade before Utah repealed the law last year. Second, Utah tried again with this "don't email the kids" law and appears to have struck out financially as well.

Amazingly, despite these precedents, Utah keeps trying! Its latest attempt to get a little Internet gravy is the Utah Trademark Protection Act, where Utah plans to tax (mostly out-of-state) keyword advertisers. As Sen. Eastman told BNA, “Utah can be the trademark registration capital of the country, just as Delaware is the incorporation capital.” Not only would the registration fees flow back to Utah and perhaps to a Utah-based registry vendor such as Unspam (which expressed some interest in bidding on the registry contract), but Sen. Eastman thinks the law may stimulate demand for Utah’s trademark lawyers. However, there are good historical reasons to believe that the Utah Trademark Protection Act isn’t likely to fulfill these dreams of prosperity. This is yet another good reason for the Utah legislature to reconsider the law.

Posted by Eric at 03:23 PM | Content Regulation , Internet History , Spam , Trademark | TrackBack

April 21, 2007

Best and Worst Internet Statutes

By Eric Goldman

At InformIT, I published an article ranking the best and worst Internet laws. The abstract: "Over the past dozen years, the lure of regulating the Internet has proven irresistible to legislators. In the spirit of good fun, Eric Goldman offers an opinionated list of personal votes for the best and worst Internet statutes in the United States."

This list was fun to write, and I hope it stirs up some discussion about how we assess and rank legislative efforts to regulate the Internet. Before you check out the article, see if you can guess what I think are the best and worst laws, and let me know if my list surprised you (or go ahead and leave a comment there). If it makes a difference to your guesses, the Utah anti-keyword ad law came out while the article was in InformIT's editing cycle, so I was only able to include a brief reference to it--I would probably rank it the second-worst law, substituting it for the current #2, although the law is so bad that it does put pressure on the #1 worst law's ranking.

Posted by Eric at 09:24 PM | Internet History | TrackBack

April 09, 2007

March 2007 Quick Links Part 2

By Eric Goldman

Yesterday I posted the Google edition of my list of interesting items from March. Today I post the remainder of items that caught my eye last month.

Trademarks/Brands

* Bosley Medical Institute v. Kremer, 2007 WL 935708 (S.D. Cal. Mar. 22, 2007). On remand from the Ninth Circuit, the district court denies Kremer's motions to dismiss/for SJ. Michael Atkins recaps the ruling and case's history.

* Milbank Tweed Hadley & McCloy LLP v. Milbank Holding Corp. d/b/a Milbank Real Estate Services, No. CV 06-187-RGK (JTLx), (C.D. Cal. Feb. 23, 2007). After passage of the Trademark Dilution Revision Act, the court rejects the existence of "niche fame" as support for a dilution action. I’m a little surprised that this plaintiff would bring this losing argument.

* ICANN votes down a .XXX TLD. Again.

* NYT on the increasing challenges of creating a unique global brand in very crowded namespaces.

* Trademarked Sentences: A tool that helps you generate poetry by mixing trademarked slogans.

Blogs/UGC

* BidZirk v. Smith, No. 06-1487 (4th Cir. March 6, 2007). The Fourth Circuit, in a non-substantive opinion, denied a company's request for an injunction against a griping blogger's use of its trademarks. My initial write-up of the case. With this loss, the plaintiff's ill-advised decision to appeal the case is now even more clearly a complete waste of the plaintiff's money and our judicial resources.

* Chapman v. Merchandise Mart Properties, 2007 WL 922258 (D. Vt. Mar. 23, 2007). Woman tries to get TRO against physical-space trade show based on trademark interests in the term "GreenStyle," which is her blog’s title. The court rejects the request, but interestingly doesn't seem fazed by the argument that she may have a trademark interest generated from her blog name. Blog names can be trademarkable with sufficient use in commerce, a factor the court ignored completely.

* Sifry: "70 million weblogs. About 120,000 new weblogs each day, or...1.4 new blogs every second."

* A nice retrospective on the history of blogging.

* Wikipedia is requiring some credentialing after getting burned by a pseudonymous contributor who falsely claimed he was a professor.

* Ed Felten has some terrific observations about building distributed reputation systems like Digg (and, for that matter, Epinions). Ed is 100% correct that reputation systems need substantial stabilization; they don't just work deus ex machina.

Contracts

* Dorr v. Yahoo, No 3:07-cv-01428-MJJ (N.D. Cal. complaint filed March 7, 2007). Yahoo offered a premium subscription service allowing users to send email without Yahoo's ads attached. Then, allegedly, they changed the service's terms, and some of the paying customers were unilaterally bumped to a tier where Yahoo's ads were again attached to their email. Steve Bryant has more. In general, if people pay to eliminate ads, during that period of time, Yahoo should not be able to unilaterally amend the terms so that the user is paying but still getting ads.

* Ken Adams blogs on Affinity Internet, Inc. v. Consolidated Credit Counseling Services, Inc., 920 So. 2d 1286 (Fla. Dist. Ct. App. 2006), where the court held that a contract clause saying "This contract is subject to all of SkyNetWEB's terms, conditions, user and acceptable use policies located at http://www.skynetweb.com/company/legal/legal.php" was insufficient to incorporate an arbitration clause contained in the referenced document. Ken's suggested fix: "The SkyNetWEB user agreement located at http://www.skynetweb.com/company/legal/legal.php constitutes part of this agreement."

Government Agencies

* The National Do Not Call Registry: Annual Report to Congress for FY 2006 Pursuant to the Do Not Call Implementation Act On Implementation of the National Do Not Call Registry (April 2007): "The Commission believes that the fundamental goal of the National Do Not Call Registry — to provide consumers with a simple, free, and effective means to limit unwanted telemarketing calls — has been realized." My curmudgeonly take on why the do-not-call registry isn’t great policy.

* Implementing the Children's Online Privacy Protection Act: A Federal Trade Commission Report to Congress (February 2007). The FTC remains pretty pleased with itself about COPPA, but it's worried about social networking sites and the continuing lack of age verification technology. I'm not as impressed with COPPA as the FTC is; see here and here. In any case, if you're doing COPPA research, this report helpfully recounts the 12 COPPA enforcement actions to date.

* Hard to believe, but payola busts are still being made. The latest: a $12.5M settlement. See the NYT and WaPo .

* Terrific post by the EFF’s Seth Schoen about a misguided report on P2P file sharing by the USPTO and the issues with empowering users to control their computers. A must-read.

Miscellaneous

* ACLU v. Gonzales, No. 98-559 (E.D. Pa. March 22, 2007). On remand from the Supreme Court, the court once again holds that the 1998 Child Online Protection Act is unconstitutional.

* CRS Report for Congress: An Overview of Recent U.S. Supreme Court Jurisprudence in Patent Law, March 16, 2007, discussing the last 8 Supreme Court patent cases.

* We've all heard about the magic of network effects. But as this Mercury News article explains, when an Internet start-up company's network takes root principally overseas, it can leave the company with a large audience of unmonetizable users.

* Jacob Loshin, Property in the Horizon: The Theory and Practice of Sign and Billboard Regulation, 30 Environs 101 (2006). A thoughtful discussion of the history of billboard regulation and some regulatory considerations.

* Coca-Cola's launch campaign for "Coke Zero" is premised on the idea that the executives of Coca-Cola want to sue the executives of Coke Zero (i.e., other executives within the same company) for "taste infringement" because the taste is so similar. Personally, I find commercials about faux lawsuits HILARIOUS. Ha ha ha. Except...if there isn't currently a cause of action for "taste infringement," with the expansion of IP rights, it may only be a matter of time... This turns the joke about how hard it would be to establish taste infringement on its head. Ironically, the commercial features Coke's actual lawyers. Yet more on this sorry story.

Posted by Eric at 09:14 AM | Content Regulation , Copyright , Domain Names , E-Commerce , Internet History , Licensing/Contracts , Marketing , Patents , Privacy/Security , Trademark | TrackBack

April 08, 2007

Oracle v. SAP Lawsuit Comments

By Eric Goldman

Oracle Corporation v. SAP AG, 3:07-cv-01658-EMC (N.D. Cal. complaint filed March 22, 2007)

I realize I'm a couple weeks late to this story, but it's too important/interesting a case not to address.

TomorrowNow (TN) is a company started by former Oracle employees. They offer maintenance services for Oracle software competitive with Oracle's standard maintenance program, but at much-reduced prices: Oracle charges 22%/yr while TN charges half that (11%/yr).

But how is TN able to undercut Oracle's pricing so drastically? One possibility is that Oracle charges supra-market rates due to the lock-in effects of tying maintenance services to software licenses. On that front, I'll note that back in the 1990s, my software vendor clients typically charged 15%/yr for maintenance--a substantially lower number than Oracle's breath-taking 22% figure. So perhaps TN is able to charge 11% as a modest start-up discount off the industry-standard 15%, and Oracle's been getting away with a great deal for a long time.

An alternative story, told by Oracle in its complaint, is that TN could undercut Oracle only by stealing. TN has a very thin development team compared to the Oracle behemoth, so Oracle might incur all of the development expenses necessary to provide maintenance services, and TN might just take those assets for free to engage in competitive free-riding. Specifically, Oracle alleges that TN gets switching Oracle customers to give TN their passwords to Oracle's website/database for its maintenance customers and then send robots to download everything (manuals, patches, etc.) it can find, which then allows it to provide services comparable to Oracle’s.

Perhaps TN, even if had engaged in such a scheme, would have been a nettlesome gnat as a standalone company, but it got scooped up by German software giant SAP, one of Oracle's main rivals. At this point, TN becomes problematic to Oracle in a variety of ways. TN is poaching some maintenance revenue outright, while it is putting price pressure on the maintenance business that Oracle retains. Further, Oracle customers who switch to TN have an easier path to migrate their overall software needs to archrival SAP.

Oracle has struck back in court with a tightly drafted complaint. Oracle claims that the scheme of getting former Oracle customer passwords and downloading lots of content from Oracle's maintenance database violates (among other things) the CFAA and Cal. Penal Code Sec. 502 and constitutes trespass to chattels and interference with prospective economic advantage. This is a well-pleaded complaint, in the sense that there are no obvious deficiencies with Oracle's pleadings. I don't love everything about Oracle's practices. For example, it makes no sense that Oracle made it possible for customers to root around the entire database for stuff, even if it didn't relate to the customer's software. Also, I would definitely have drafted and implemented the contracts differently than Oracle did. But these are quibbles; Oracle's contracts and practices are serviceable for this lawsuit's purposes.

Having said that, there are two obvious omissions from the alleged claims. First, Oracle didn't allege copyright infringement yet because it needed to get its copyright registration applications on file, so it expects to file an amended complaint. Second, Oracle didn't allege that the claimed misuse of switching customers constituted a 1201 circumvention. I'm not 100% sure why. It could be that this claim will be added along with the other copyright infringement claims, or it could be that Oracle is sufficiently deterred by the handful of cases holding that mere misuse of a legitimately issued password isn't a circumvention.

Also, it's noteworthy that Oracle didn't sue its switching customers for allegedly providing their passwords to TN, although it seems like at minimum Oracle would have breach of contract claims against them. I assume Oracle isn't suing customers because that's never good for business. Indeed, part of the lawsuit is about wooing customers; there is some hilarious and gratuitous marketing language in the complaint designed to impress Oracle customers and to rattle the confidence of customers thinking of switching to SAP.

Putting aside what's not in the complaint, if Oracle's complaint accurately states the facts, SAP could be in deep legal trouble. Of course, it's fairly typical for the plaintiff to draft a great complaint and the defendant then tells a very different story. As just one example, Oracle ties the downloads to TN via IP addresses; but IP addresses are spoofable, so it's theoretically possible that someone spoofed TN. So we have to wait until we hear both sides before we can make any rigorous assessments of merit.

Even so, I'm a little unnerved by the software industry analysts who have claimed this lawsuit is no big deal. Perhaps in the grand scheme of things, this lawsuit won't have a great deal of effect on the competitive position of SAP and Oracle. Sure, the lawsuit casts some doubts in the minds of customers who are thinking of leaving Oracle for lower-cost options that SAP/TN will be a long-term trustworthy vendor, but such doubt-sowing initiatives are fairly common the bare-knuckle competition for enterprise database software. Plus, if SAP just cuts off TN altogether, presumably the overall effect on SAP and Oracle revenues will be comparatively modest.

But this lawsuit could be a Big Deal because the facts alleged by Oracle might support criminal prosecutions for CFAA, CA Penal Code 502, criminal copyright infringement and other crimes. It's not clear if the criminal prosecutors are going to get involved in this case or if Oracle even wants them to do so, but I suspect a number of SAP employees have procured their own personal attorneys. To the extent TN was a rogue operation operating without oversight or permission from SAP corporate, then again the financial impact may be small, even if the affected individuals might suffer severe consequences. But if TN wasn't a rogue operation, any criminal prosecutions could have major ripple effects throughout the entire SAP organization.

I think the Cadence v. Avant lawsuits are illustrative, especially given the many parallels. In that case, a bunch of former Cadence employees started up a competitive company, Avant. However, to get a jumpstart on the competition, the employees walked out the door with Cadence source code. Perhaps aided by this unfair head start, Avant had a very successful marketplace run, growing into a major public company with hundreds of millions of dollars of revenue. But after the civil and criminal prosecutions, Cadence got damage awards of hundreds of millions of dollars, multiple Avant employees went to jail, and Avant was effectively knocked out of the marketplace.

I need to reiterate that we don't know yet if Oracle's alleged facts are true, or if anyone committed a crime, or if any criminal prosecutions will ever be launched. However, I think it's too breezy for software industry analysts to brush this case off as a low-risk threat. If Oracle’s alleged facts are true, this isn't business-as-usual; instead, this would constitute illegal marketplace behavior, with potentially severe consequences for the business generally and the decision-makers individually.

I have additional edgy things to say about this case in this interview. Other resources:
* WSJ Law Blog
* BusinessWeek article pitching this lawsuit as just bare-knuckle competition between giants
* A collection of industry analysts' comments

Posted by Eric at 11:08 AM | Copyright , Internet History , Licensing/Contracts , Privacy/Security , Trespass to Chattels | TrackBack

March 28, 2007

The End is Near – Bertelsmann Settles EMI Claims Over Napster

By John Ottaviani

Various sources are reporting that EMI has agreed to settle its copyright infringement lawsuit against Bertelsmann AG related to Bertelsmann’s investment in Napster.

The settlement removes the last large record label with claims against Bertelsmann in the Napster case. Terms of the settlement were not disclosed, but sources quoted by the LA Times put the estimate between $50M to $150M.

After Napster filed for bankruptcy protection in 2001, the record labels and music publishers dragged Bertelsmann and other investors, including Silicon Valley venture capital firm Hummer Winblad Venture Partners into the lawsuit. Infringement claims were filed against the investors, arguing that the investors were liable for contributory and vicarious copyright infringement because they had effective control of Napster. The court refused to dismiss the claims because the recording companies accused the investors of assuming control over Napster’s operations and directing the infringing activities that gave rise to Napster’s liability. UMG Recordings, Inc. v. Bertelsmann AG, 222 F.R.D. 408 (N.D. Cal. 2004).

The decision caused a great deal of discomfort among those firms, in the private equity community dealing with content distribution companies. Investors were forced to review and rethink commonly used structures to control a portfolio company, and evaluate whether and how those control structures exposed the investors to liability for copyright infringements of the portfolio company.

Last September, Bertelsmann agreed to pay Universal Music Group approximately $60M to settle Universal’s copyright claims. Hummer Winblad settled with Universal and EMI in December.

The case is still pending, with the songwriters and music publishers remaining as plaintiffs. Without the support of the record labels, it is unlikely that case will be actively pursued for much longer.

And we can finally turn off the lights on one of the longest-running Internet intellectual property disputes.

Posted by John Ottaviani at 01:21 PM | Copyright , Derivative Liability , Internet History | TrackBack

October 30, 2006

Sex.com -- An Update

By Eric Goldman

Judge Alex Kozinski recently guest lectured in my Cyberspace Law course, which prompted me to reread Kozinski's opinion in the Kremen v. Cohen Sex.com case. Because that opinion came out in 2003, it made me curious--what's happened to the lawsuit and the domain name since then?

Before getting into specifics, a quick recap. The Sex.com story has been oft-told, yet it's such a classic tale that it bears repeating. In early 1994, an enterprising Gary Kremen registered Sex.com with Network Solutions back when registrants could register domain names for free with just an email. In Oct. 1995, an interloper, Stephen Cohen, "stole" the domain name by submitting forged transfer papers to NSI. When Kremen discovered the transfer and demanded that NSI fix its mistake, NSI shrugged its shoulders and said to Kremen that he would have to go to court to resecure the domain name. Kremen did exactly that, sparking a decade-long legal battle over perhaps the most valuable domain name of all time. In the interim, Cohen allegedly reaped enormous profits (at least $40M, maybe hundreds of millions) from Sex.com during the time he possessed it.

The legal battle can be organized into 3 different fronts.

Kremen against Stephen Cohen

Kremen's first attack was against the interloper, Cohen. Kremen won a $65M judgment (which included a $25M punitive damages award) against Cohen in 2001. However, as I stress in my Cyberspace Law course, winning a judgment is a win only if it's enforceable. In this case, Cohen did everything possible to frustrate collection by fleeing the country (to Mexico, then Monte Carlo, and back to Mexico) and using clever machinations to move his money offshore and out of reach. Kremen was able to execute against 2 homes of Cohen's, including a house in upscale Rancho Santa Fe outside of San Diego that Kremen still uses as a personal residence. Meanwhile, based on Cohen's repeated acts in contravention of the judge's orders, the judge issued a contempt order and arrest warrant for Cohen.

After Kremen unsuccessfully offered $50,000 to bounty hunters to find Cohen, there was a break in the case in October 2005. Cohen was located in Tijuana, arrested by the Mexican police and extradited to the US. The judge has demanded that Cohen spill the beans about the location of the money, and Cohen refuses to do so. As a result, Cohen still sits in jail on the contempt order.

Kremen against Network Solutions

When it looked like Cohen wasn't going to pay up, Kremen went after Network Solutions as the domain name registrar, alleging breach of contract and conversion. The district court rejected the claims, but on appeal, Judge Kozinski reversed the conversion claim dismissal, concluding that California law permits intangible assets to be converted. The case was remanded to district court, but NSI settled the case in 2004. The settlement amount was confidential, but reports have put the amount at $20M.

Reading through the opinion again, I was struck by how Kozinksi's arguments could be used to support a conversion claim for other types of intangible assets, such as virtual world assets. I probed Kozinski on this very point in my class, and in his mind there's a distinction between assets taken within the game rules and outside the game rules.

I think this is right, but it may depend on the defendant. In the Kremen v. NSI case, the defendant was the service provider; but this was a truly unique situation where the customer (Kremen) and the service provider (NSI) didn't have a valid contract for the domain name registration because domain names were free. Thus, there was no consideration from Kremen for the domain name registration contract. In contrast, there is typically an airtight contract between the VW user and the service provider, and that contract will likely contain provisions that protect the service provider from any liability for asset conversion. I don't think Kozinski's reasoning could be read to extend conversion liability to the service provider in the face of such a contract. However, some other interloper who takes a virtual world asset outside of game rules could face conversion liability under the Ninth Circuit rule.

One more point about this case. When Kozinski's Ninth Circuit decision was issued, a number of commentators hailed it as a landmark case on protection of cyberproperty. It might ultimately be that, but I did a citation count and there are actually a surprisingly small number of cases citing to it so far (and none of particular note). So I personally think the Ninth Circuit decision is so fact-specific (service provider conversion of an intangible asset without any governing contract) that it's unlikely to be a true watershed decision.

Kremen against ARIN

The Sex.com battle has quietly spilled onto a third front. As part of Kremen's 2001 judgment against Cohen, the court imposed a constructive trust on all of Cohen's assets, including a large block of IP addresses assigned by ARIN. ARIN has refused to transfer the block as Kremen has asked, instead directing Kremen to follow ARIN's internal transfer policies, which Kremen apparently refuses to do. So in April 2006, Kremen sued ARIN for antitrust violations, conversion, unfair business practices and breach of fiduciary duties. See the complaint in Kremen v. American Registry for Internet Numbers (N.D. Cal.).

This is a case worth watching. ARIN is a relatively obscure and insular group, and over the years I have heard lots of frustration about their IP address block allocations and restrictions on transfer. This lawsuit has the potential to challenge these practices and change the process for IP address block allocations.

The Status Today

In Jan. 2006, Kremen sold the domain name to a low-profile pornography company, Escom, for $12M-14M. As a result, Kremen has received, so far, over $30M and 2 properties for the domain name, plus a pending $65M judgment (now over $80M including interest) against Cohen, plus any ongoing revenues he generated during the time he possessed the domain name. Talk about a lucrative domain name!

Earlier this month, Escom announced a strategic partnership with Playboy Enterprises, with the practical consequence that Sex.com has turned into a marketing portal for Playboy's content. Given the apparent value of this domain name, I'm sure we haven't heard the last word on its exploitation.

If you are interested in more of this story, Kieren McCarthy is publishing a book, Sex.com, in Britain in 2007.

UPDATE: Violet Blue writes an entertaining recap.

Posted by Eric at 05:44 PM | Domain Names , Internet History , Licensing/Contracts , Virtual Worlds | TrackBack

August 31, 2006

Alaska's Anti-Adware Law--A One-Year Status Report

By Eric Goldman

A year ago today, Alaska enacted the most expansive anti-adware law to date. This post gives a quick status report on the law.

So, what's happened in the past year? As far as I can tell, nothing. I've not heard of any preemptive challenges or any enforcement actions. Radio silence.

Contrast this with Utah's enactment of its problematic anti-adware law in 2004--the law was promptly challenged on Constitutional grounds, the court quickly issued an injunction, and the legislature amended the law within a year to render it largely irrelevant. As far as I know, Utah's law also sits unused. Overstock.com did sue SmartBargains under the initial version of the act; I'm not sure what happened to that claim after the law was enjoined.

I'm always fascinated when laws are passed with lots of fanfare and then sit dormant. Why hasn't the Alaska law generated any action (pro or con) yet? I think the secret may lie in some odd language that I overlooked when I initially dissected the statute. The law defines a pop-up ad as:

material offering for sale or advertising the availability or quality of a property, good, or service that is displayed on a user's computer screen, without any request or consent of the user, separate from an Internet website that a user intentionally accesses (emphasis added)

What does it mean that a user "requests" or "consents" to a pop-up ad? It could mean that the user must consent to each pop-up ad individually immediately prior to its delivery--a bizarre HCI process, but one that would be consistent with the apparent legislative intent. Alternatively, it could mean that a user's consent to receive pop-ups at the time of software installation suffices as consent for all subsequent pop-up ads delivered by that software. This interpretation is consistent with the express statutory language, but then it raises the question (like the question raised when Utah amended its Spyware Control Act)--what's the point of such a toothless law?

This statutory interpretation issue may explain why there hasn't been any action under the law. From the adware vendor's side, the express statutory language may provide them enough cover that there's no need to rally up the troops for a heavy-duty Constitutional challenge. Meanwhile, plaintiffs may be scratching their head trying to figure out if they have a valid cause of action.

There are, of course, other possible explanations for the seeming lack of action, including:

* there may be some lawsuit I'm not aware of (please let me know if I've missed something)
* 1 year may be too short a time period to evaluate the law.
* some adware vendors may be shunning Alaska. See, e.g., HotBar's license, which says "Special Notice to Alaska Residents: Unfortunately, according to Alaska's SB 140 Act, users who reside in Alaska may not install the Hotbar software. Therefore, by downloading or installing the Hotbar software you declare and represent that your computer is not located in the state of Alaska. To the extent that our system is able to recognize that your computer is located in the state of Alaska, we will not enable you to download the software." Superficially, perhaps the law has changed the behavior of some adware vendors. However, I don't know what Hotbar does to detect Alaskan IP addresses or otherwise detect Alaskan computers, but these procedures generally are imperfect. As a result, depending on the rest of Hotbar's interaction with users, it could be that some Alaskans may still be downloading the software in a manner inconsistent with the statute.

I can't resolve these alternative explanations yet, but for now, my vote is that this law is sufficiently poorly drafted that it will never be used by anyone. If so, consistent with other state-level attempts to regulate the Internet, Alaska may have muffed its effort. Fortunately, if this law is truly irrelevant, Alaska's muffing will be relatively harmless.

Nevertheless, Alaska's muffing may have some bearing on Congress' motivation to pass an anti-adware/anti-spyware law. For the most part, the other anti-spyware laws passed by the states add little to the legal regulatory environment (the "intentionally deceptive" standard is both duplicative of other laws and a very high threshold), so coping with them does not require vendors to do something special. However, putatively Alaska and Utah's laws were much broader, as they were intended to outlaw an entire industry--which motivates industry players to seek preemption of state laws. Yet, if both laws are effectively irrelevant, adware vendors have less incentive to push Congress for a preempting law.

Posted by Eric at 03:30 PM | Adware/Spyware , Internet History , Licensing/Contracts | TrackBack

August 21, 2006

August 2006 Quick Links (Volume 1)

By Eric Goldman

So many good links this month, I'm breaking up this quick links post into two installments. The first installment:

* When Internet start-ups want to hire their first lawyer, they typically have three immediate legal needs—they want help with securing financing, procuring a domain name, and running a sweepstakes. Yes, sweepstakes typically make the “top 3” issues on an entrepreneur’s mind. Unfortunately, the world of sweepstakes and contests is pretty murky to those of us who don’t practice it regularly, which is why I always referred these matters to specialists. Fortunately, one of those experts, Tsan Abrahamson, recently published a nice primer on the subject in the Business Law Today.

* Web users are using the back button less frequently. I’m not sure what to make of this. Are search engines doing a better job delivering relevant results or giving previewing content, so that fewer searchers are "pogo-sticking"? Does this reflect the proliferation of toolbars so that unsatisfied searchers just conduct a new search in the toolbar window rather than hitting the back button? Some other explanation?

* The Federal Trade Commission released its Annual Report to Congress for FY 2005 Pursuant to the Do Not Call Implementation Act on Implementation of the National Do Not Call Registry. An amazing 107 million phone numbers are now registered on the registry.

* Information Week provides one person's perspectives on the 12 best software programs ever. I thought this was a pretty good list. I do think we should give even more credit to the early coders who worked for the space program—they wrote amazing and (usually) reliable software using limited lines of code operating in extreme environments (very low power, very limited processing power, cold as Hades).

* Brief recap from our roundtable discussion at the ABA Annual Meeting on blog law and virtual worlds.

* A blast from the past: the famous 1993 New Yorker cartoon.

Posted by Eric at 11:00 AM | Internet History , Marketing | Comments (2) | TrackBack

August 13, 2006

Fall 2006 Cyberlaw Syllabus

By Eric Goldman

I've posted the syllabus for my Fall 2006 Cyberspace Law course. As I have done for the past 11 years, I prepared my own materials. To do so, I cull through all of the action from the past year to see what changes I should make from the prior year's syllabus. In the late 1990s, a lot--1/3 to 1/2--of the pages would change from year-to-year. In the past couple of years, this pace has slowed considerably. This year, I added only 3 new cases and 1 new statute to the reader:

* the Lamparello case (which I actually substituted in last year after I prepared my 2005 syllabus)
* Perfect 10 v. Google and Field v. Google. They make an excellent compare-contrast unit. They also provide enough material to moot the 2003 Ticketmaster ruling, which I dropped this year.
* I substituted in the Alaska anti-adware law to replace Utah's anti-adware law.

Beyond those additions, I substituted in the 7th circuit ruling in the BMG v. Gonzalez case for the district court ruling, and I dropped the FTC v. Phoenix Avatar spam case and my short editorial on advertiser liability for adware (neither of which I had time to cover).

I could make an argument that the past 12 months have been comparatively slow in cyberlaw (by cyberlaw's historical standards), at least in terms of significant precedent. There have been some fairly important rulings (the KinderStart, JR Cigar, Merck v. Mediplan and Edina Realty cases come to mind) and interesting developments (the Sony DRM episode, click fraud lawsuits and the battles over search engine queries come to mind), but very few of these cases or episodes resulted in important/pedagogically useful precedent or statutes. Not that I'm complaining--it may just be a sign of cyberlaw's maturation.

Interestingly, although blog law is hot, I couldn't really find anything useful to teach on the topic. I think this reflects that blog law is just a seamless part of cyberlaw. As a result, I'm sure I'll integrate blog issues into the course throughout the semester.

Posted by Eric at 08:34 AM | General , Internet History | Comments (2) | TrackBack

June 27, 2006

June 2006 Quick Links

By Eric Goldman

I have had virtually no Internet access over the past 10 days due to my move and travels, so my Bloglines account was bulging with more than 1700 articles. Here's a quick look at some of the items that have caught my attention this month:

* The FTC announced its own data breach due to a stolen laptop. Hmm...is it just me, or is this incident dripping with irony?

* Microsoft appears to be in its "benevolent" dictator mode again. Last year I blogged about how Microsoft made the unilateral decision to wipe some "malicious" software off users' computers without user notice or consent. (If it makes you feel any better, AOL has done the same thing). Now, Microsoft is installing mandatory software that phones home and doesn't tell users it's phoning home. Most people would categorize the phone home capability as spyware, and I'll be interested to see how the undisclosed feature doesn't violate 18 USC 1030(a)(2)(C). Yet, as Andy Patrizio wonders, where's the outrage? The consumer protection lawsuits? Andy writes:

All manner of hell broke loose over the major phone companies reportedly cooperating with the National Security Agency over international phone calls, but the news that Microsoft is watching every single Windows XP PC has been met with deafening silence.

Suzi rounds up the situation.

[UPDATE: First lawsiut over WGA filed. I'm sure more are coming.]

* JP Enterprises v. Yahoo, No. 06-cv-01046-REB-PAC (D. Colo. amended complaint filed June 6, 2006). Complaint against Yahoo Dating and other dating sites for purchasing keywords of a competitor, LoveCity. I'm not optimistic about the plaintiff's chances here, given that it doesn't seem to understand the differences between metatags and keyword triggers. Also, note the irony that Yahoo is buying ads from competitor Google.

* The WSJ writes about the accuracy of recommendation engines. The article explains how consumers make some decisions based on brand perceptions rather than actual utility they derive from the product. As a result, recommendation engines do a better job serving consumer desires by watching consumer behavior rather than relying on self-reported consumer preferences.

This also raises interesting implications for the role of brands in the search process. Brands may help consumers find what they think they are looking for, but at the same time may interfere with utility maximization. To avoid this, one recommendation engine contemplated hiding brands from the consumers.

* Heidi Cohen states the obvious. (Well, she and I think it's obvious, but apparently most marketers still don't get it.) Marketers are in the content publishing business, so they need to think like publishers, not marketers. And, from a policy standpoint, this continues to reinforce the illusory line between marketing content and editorial content.

* Another shocker: Marketers pay-for-placement in editorial content in print publications.

* Michael Scott (from his new blog, Singularity) writes a fun article about the implications of three generations of cyberlawyers: the veteran "computer lawyers" from the 1980s (that includes him), the dot com boomers from the 1990s (which I belong to), and the post-dot com busters from the 2000s.

* More evidence of "banner blindness." As usual, consumers can organically adjust to annoying marketer tactics if legislators avoid jumping into the fray.

* Finally, an article on fake consumer reviews. This is hardly the first article on the topic, but interestingly it hints that some merchants may be outsourcing/offshoring the creation of fake reviews. Forget click fraud shops in India and gold farming in China; those are passe. Instead, here's a new possible tort for you plaintiffs' lawyers--review "fraud"?

Posted by Eric at 05:50 PM | Adware/Spyware , General , Internet History , Licensing/Contracts , Marketing , Privacy/Security , Trademark

March 10, 2006

AP on Internet Porn Regulation

By Eric Goldman

Associated Press runs a retrospective/status report on Congress' battle against Internet porn. Believe it or not, this battle recently entered its second decade--Congress' first effort, the Communications Decency Act, was passed in February 1996. After that law was struck down, Congress passed the Child Online Protection Act in 1998, a law that has already resulted in two US Supreme Court opinions, led to a major flap between Google and the DOJ, and is now scheduled for trial in October. As the detritus of Congress' efforts spills out to new fronts, I can't fathom just how much legal work has been spurred by Congress' fixation on Internet porn.

Meanwhile, as the article points out, everyone has moved past children's access to online porn to even more problematic issues like online sexual predators, adware/spyware concerns and copyright liability for P2P file sharing. As a result, if the trial court upholds the law, there will be massive shock and panic as the Internet industry contemplates how to comply with a law that virtually everyone has been ignoring for 8 years.

Posted by Eric at 12:07 PM | Content Regulation , Internet History

March 06, 2006

Congress Is Lovin' the Internet...to Death?

By Eric Goldman

Congress has an unresolved love-hate attitude towards the Internet. Through the 1990s, Congress frequently said that the Internet should be left alone from a regulatory standpoint. Indeed, in some cases, Congress affirmatively deregulated the Internet; 47 USC 230 and the Internet Tax Freedom Act come to mind.

However, Congress is irresistibly drawn to Internet regulation. Every Congressional session, members of Congress propose literally hundreds of laws to regulate some aspect of the Internet. Obviously, not all of these laws pass, but the sheer volume is evidence of the seductive lure of Internet regulation. Congress just can’t control itself!

I was working through the piles on my desk yesterday and I came across three recently proposed laws that demonstrate this irresistibility. All three laws reflect legislative opportunism to capitalize on hot media issues; all three laws reflect a certain idealism for how markets should function; and all three laws would have radical (and possibly crippling) effects on the Internet.

1) Eliminate Warehousing of Consumer Internet Data Act of 2006, HR 4731 (Introduced Feb. 8 by Rep. Markey).

Rep. Markey promised this law in response to the DOJ-Google flap. The premise is simple enough: online companies should flush their databases of personal data so the DOJ can't abuse its power to get that data. This animating principle translates into the following operative provision:

"An owner of an Internet website shall destroy, within a reasonable period of time, any data containing personal information if the information is no longer necessary for the purpose for which it was collected or any other legitimate business purpose, or there are no pending requests or orders for access to such information pursuant to a court order." The definition of personal information is suitably broad--first/last name qualify, as does an email address.

I don’t like this law’s expansive sweep. It would govern many seemingly-unimportant websites, such as my blogs (which allow users to submit both their first/last name and their email addresses). In some cases (like mine), I can’t flush personal data because it’s in the hands of my service providers.

Further, ironically this law doesn't even correct the DOJ-Google situation. First, the data requested by the DOJ wasn't personal data as defined by the law. Second, and more importantly, Google arguably has a legitimate business purpose to keep every scrap of data it ever lays its hands on (after all, how can you organize the world's information if you have to flush some of it down the drain?). Given that many businesses can claim a continuing benefit from keeping personal data, this law won't get that data flushed. Instead, I think it merely creates weird/unexpected technical headaches.

2) Internet Non-Discrimination Act of 2006, S. 2360 (Introduced March 2, 2006 by Sen. Wyden)

This law follows on the hot topic of net neutrality, or a “two-tier” Internet, which is also linked to AOL’s implementation of Goodmail’s certified email program. The law’s basic premise is simple: data transit vendors should not discriminate between bits—each bit should get processed equally. This gets codified in a list of restrictions about the products/services that a covered entity can (or can’t) offer.

I'm dubious about the theoretical underpinnings of this law, but for now my objection to the law is far more tactical. The law restricts the behavior of "network operators," which is anyone who "provides communications directly to a subscriber." I think the law was intended to govern the provision of Internet access/connectivity. But, as drafted, I think the law covers everyone who moves data from one point to another--this should include every website that provides user-to-user communication, including email service providers, instant message providers, blog providers, "email this page to a friend" providers, etc., etc. In other words, virtually the entire Internet.

This drafting error is, in theory, fixable. The law could just define the covered entities as Internet access providers more carefully. However, I don't think this is an easy fix. I think there is no clear distinctions between the various "layers" (content v. application v. transport); at least, the distinctions aren't definable statutorily.

Worse, it significantly restricts beneficial intermediary behavior, such as blocking incoming spam. The law acknowledges this consequence and says that the governed entities can block spam if the consumers are notified and have a chance to disable the application. So whereas AOL might kill almost all incoming spam at the server level, the law would take this choice out of AOL’s hands. I’m not sure what consequences result from that, but my heart tells me it’s expensive for AOL/the consumer and it could lead to weird and unexpected results.

In effect, this law would place most of the Internet under the oversight of an administrative agency (the FCC). The Internet had thrived without FCC oversight for a while now. I’m having a hard time believing that turning the Internet into a comprehensively-regulated industry would be a good thing.

3) Global Online Freedom Act of 2006, HR 4780 (Introduced Feb. 16, 2006 by Rep. Smith).

This law builds off the Google/Yahoo-China flap. It has various proposals designed to get China and other repressive countries to stop censoring Internet content.

Specifically, the law would create a new administrative agency called the "Office of Global Internet Freedom." This title alone is disconcerting; it sounds like something out of Orwell or Kafka. Indeed, like any good dystopian view of bureaucracy, the OGIF would free the Internet by telling its citizens what they can't do.

In this case, the OGIF would help generate a list of bad censorship-loving countries. On the initial list are China, Iran and Vietnam. All US search engines or content hosts cannot locate those functions in the bad countries. (Note that the definition of search engines or content hosts covers anyone who has a search tool on their website or permits users to generate content). Search engines also cannot change their filtering based on requests from bad countries. Content hosts also can't help "Internet jamming" and can't disclose personal data at the request of bad countries.

This law seems terribly misguided. It’s as if Rep. Smith thinks that Google is so amazing that countries will change their censorship laws just to get Google’s services. But we know better. Chinese entrepreneurs will have no problem providing competent yet censorable search services. I’m sorry to be the bearer of bad news, Rep. Smith, but embargoing Google isn’t going to bring down the current Chinese government.

Meanwhile, this law represents a dangerous step towards government regulation of search engine operations. I know that pro-regulation forces would love to have the chance to regulatorily inculcate their normative values into search engine algorithms; this law represents a first step along that path. However, I think there’s little chance that government fiat will improve search engine coverage or relevancy. Instead, I think there’s a much better chance that government intervention in search engine operations will degrade search engines’ usefulness to consumers.

Conclusion

Reading these 3 laws in succession, two 1980s songs came to mind. First, Congress “just can’t get enough” regulation of the Internet. However, "If you love somebody, set them free." We’ll see just how much Congress loves the Internet as it wrestles with these bills.

Posted by Eric at 06:39 PM | Content Regulation , Internet History , Privacy/Security , Search Engines | Comments (3)

January 14, 2006

Marquette's Link to the Father of Spam

By Eric Goldman

You may recall the story of the first spam. A guy named Gary Thuerk worked for Digital Equipment Company. In 1978, he sent unsolicited emails to over 400 Internet users inviting them to attend a demonstration of some new computer equipment. For this act, he is now sometimes called the "Father of Spam."

I recently learned something new--Gary is a Marquette alum of the business school. Learn more about Gary and his reflections on his role in birthing spam: Enterpreneur, LA Times, Brad Templeton, Guinness Book of World Records.

Posted by Eric at 12:34 PM | Internet History , Spam

October 13, 2005

Peering Agreement Dispute Between Level 3 and Cogent

By Eric Goldman

Peering agreements rarely get much attention, even though they are the Internet's infrastructure. Through peering agreements, Internet access providers (IAPs) agree to exchange packets directly with another IAP. These exchanges are usually for no money with the assumption that the data flowing between the two IAPs will be roughly equivalent. If, in fact, traffic is roughly equivalent, it's cheaper to barter than to charge for packets.

This assumption animates a bedrock and venerable principle of Internet data flows--that there should not be marginal costs to trading packets. This principle is false on its face, as in fact each party to a peering agreement incurs both non-trivial marginal and fixed costs to maintain the connectivity. It's not that hard to imagine a different Internet evolutionary path where each IAP charged those marginal costs to other IAPs, in which case undoubtedly this variable charge would be passed through to consumers.

It's relatively rare for a peering arrangement to blow up. The last well-publicized event was a dispute between Cable & Wireless and PSINet in 2001.

Then, last week, Level 3 and Cogent mixed it up. Level 3 complained that it was larger than Cogent, so Cogent should have to pay Level 3. Level 3 stopped accepting Cogent's packets, so some Level 3 customers could not reach some Cogent customers. Not everyone was affected because many major IAP customers maintain multiple/redundant IAP relationships so that, even if one goes away, often the packets can route around the outage. Nevertheless, Level 3's actions led to a fairly significant outage across the Internet.

The companies have kissed and made up for one month. However, Level 3 continues to insist that Cogent will ultimately need to pay up. This dispute may not be over.

This dispute showed the relative fragility of the current Internet infrastructure. If one major player decides to change the economic rules, (a) some customers will be cut off, and (b) there could be ripple waves that could easily change the default packet processing business model from barter to for-pay. This has created some fertile ground for Congressional grandstanding, and Rep. Boucher is hinting/threatening to use his Congressional powers to unilaterally fix the Internet.

I'm not inherently opposed to a model where we pay by packet. Economists would generally favor this because per-packet pricing would more accurately signal the true marginal costs of communication, encouraging communication at an economically efficient level. For example, if spammers had to pay per packet, the working theory is that spam would radically decrease.

However, the current infrastructure--and resulting lack of per-packet charges--has been IMO a material/essential factor contributing to the proliferation of Internet communications. We take it for granted that we can communicate on the Internet without incurring some annoying and minor marginal cost, and this psychology has enabled the Internet to weave itself deeply into our society. Perhaps we've had it good for a while, and all good things must come to an end. On the other hand, it would be a shame if we lost those benefits simply because one IAP freaked out.

UPDATE: The Washington Post quotes a bunch of putatively anti-regulation people thinking this is a situation that warrants regulatory intervention.

UPDATE 2: Notice the ads on the left. Because of this post, I've been getting ads from Cogent promoting its offer to Level 3 customers giving them 1 year free if they switch to Cogent.

UPDATE 3: Cooler heads have prevailed, the parties have settled their dispute, and it appears that the parties are generally exchanging packets without payment.

Posted by Eric at 08:00 PM | Internet History , Licensing/Contracts | Comments (1)

August 14, 2005

Fall 2005 Cyberlaw Syllabus

It's hard to believe that this is going to be my 11th year teaching Cyberlaw. I've posted my newest syllabus for Fall 2005. The material I've assigned for the first time this year:

Copyright

* BMG v. Gonzalez (confirming direct liability for file sharers)
* Grokster Supreme Court ruling
* 17 USC 506(a) (showing the additions from the ART Act)
* Corbis v. Amazon (an extremely lucid opinion applying the 512 safe harbors--this is an overlooked gem of a case from a pedagogical standpoint)

Trademark

* Bosley v. Kremer (the case nicely encapsulates several facets of a gripe site lawsuit, including infringement, ACPA and SLAPP)

Spam

* My article on the harms caused by spam
* 16 CFR 316 (the various regulations promulgated under CAN-SPAM)
* FTC v. Phoenix Avatar (the case describes in accessible terms the complex evidentiary and financial trail that anti-spam enforcers must unravel)

Adware/Spyware

* The Congressional Research Service report
* 1-800 Contacts v. WhenU 2nd Circuit ruling
* Utah Spyware Control Act (amended)
* My CNET editorial on adware advertiser liability

ALthough this may seem like a lot of changes, it's noticeably less than I've historically made. I think this lower rate-of-change reflects that we are slowly but undeniably developing a body of "classic" cyberlaw cases that are both important precedent and good teaching cases, such as Specht, Hamidi, Reno v. ACLU and Zeran. I also have my "hidden favorites" that aren't especially important cases but still fun to teach, like the Noah, Promatek and Pharmatrak cases.

I did struggle a little with organizing the trademark cases. I don't think there's a single definitive teaching case for trademarks yet that nicely illustrates infringement (and applicable defenses), dilution and ACPA. Instead, I have five trademark cases that each make important but limited points:

* Bosley--good illustration of a gripe site lawsuit, but holding is fairly limited (narrow illustration of what constitutes use in commerce)
* Promatek--great illustration of initial interest confusion (especially with the bell-ringing line), metatags, how the parties can lose sight of the big picture and how judges cut corners, but hardly a traditional trademark infringement analysis
* Lockheed v. NSI--best teaching case for contributory infringement, but effectively mooted by ACPA's safe harbor for registrars
* Playboy v. Netscape--important case on keyword usage and search engines, but the case is extremely disorganized and error-filled
* 1-800 Contacts--important discussion on use in commerce and user control over their software, but very fact-specific

Worse, these five cases are spread out over the sections on trademarks, search engines and adware/spyware. I'd welcome any suggestions on other ways to think about and organize the trademark materials.

Meanwhile, if you want a blast from the past, consider my syllabus from Spring 1996. I taught this course shortly following Netscape going public, before the Communications Decency Act (it passed during the semester) and the resulting litigation, before the Zs (Zippo, Zeran and Zuccarini), and before the DMCA. Back then, "spam" meant Canter & Siegel's inappropriate postings in USENET, "crypto" was one of the top items on EFF's agenda, and the words "adware" and "spyware" had not yet been coined.

As a sign of the changes since then, I continue to teach precisely ZERO of the materials I assigned. However, a small number of the materials would still be useful today; for example, I do still teach John Perry Barlow's essay in my copyright seminar. Of course, some things never change. I taught a Playboy case in 1996, and I teach a Playboy case today (surprisingly, only 1). I suspect some Playboy case will be part of every Cyberlaw packet forevermore.

Posted by Eric at 01:20 PM | General , Internet History

July 28, 2005

Kevin Kelly on the Web's Past, Present and Future

Kevin Kelly writes a fantastic essay at Wired on the Internet circa 1995, 2005, and 2015. It's an excellent read, so I won't spoil all of the fun. However, two passages of particular note.

First, he hits the nail on the head with the following:

"What we all failed to see [in 1995] was how much of this new world would be manufactured by users, not corporate interests."

This is so true. In the mid-1990s, we wondered how we could provide adequate incentives to users to get them to create useful content. We learned the answer--disaggregation would let good content surface, and we just need good filters to ensure the proper sorting of this grassroots-generated content.

His vision for 2015 is a little too cyborg-y for my tastes, but he predicts that the Internet will act as a giant coordinated Machine much like the human brain:

"Today the nascent Machine routes packets around disturbances in its lines; by 2015 it will anticipate disturbances and avoid them. It will have a robust immune system, weeding spam from its trunk lines, eliminating viruses and denial-of-service attacks the moment they are launched, and dissuading malefactors from injuring it again. The patterns of the Machine's internal workings will be so complex they won't be repeatable; you won't always get the same answer to a given question. It will take intuition to maximize what the global network has to offer. The most obvious development birthed by this platform will be the absorption of routine. The Machine will take on anything we do more than twice. It will be the Anticipation Machine."

I particularly like Kevin's description of an "Anticipation Machine"--the system will get smarter, and we've barely seen the possibilities with today's state-of-the-art technology.

I think Kevin's predictions are consistent with two of the bigger policy issues I continue to harp on:

1) We need to ensure that regulatory policy fosters, instead of inhibits, consumer participation in content creation and other online tasks to "run the Machine." This means strong laws, like 47 USC 230, protecting those who try to develop communities.

2) We cannot fully evaluate the consequences of any pathogen jeopardizing the Internet (viruses, spam, spyware, whatever) until the Machine has had a chance to respond fully. In the end, the Internet is far more resilient than we acknowledge, and it will organically self-correct many problems if we keep the regulators from screwing it up.

Posted by Eric at 12:35 PM | Derivative Liability , Internet History

June 18, 2005

More on .kids.us

In critiquing the .xxx TLD, I took a brief swipe at the .kids.us debacle. Meanwhile, during my trip, Reuters ran a good retrospective article on the complete failure of the domain. As the article says:

"while Congress and administrator NeuStar set plenty of restrictions to keep online predators and inappropriate content out of the .kids.us domain, they didn't provide many incentives to bring Web sites in."

That hits the nail on the head. Sites in .kids.us must comply with COPPA (which is expensive) and have difficulty making money from kids who don't have access to credit cards. Hmm...let's do the math...extra expense and low ability to make money. I'm shocked that it hasn't been a hit in the marketplace.

.kids.us is a great example of Congress run amok. In its zeal to address Internet porn, but stymied by repeatedly being slapped on the hands for passing unconstitutional laws, Congress thought it could solve the problem by creating a new market niche. Only problem: the niche doesn't exist (at least, in the form that Congress mandated). If it did, I am 100% confident that the market will find a way to solve the problem without Congress' help.

An older but good article discussing .kids.us.

Posted by Eric at 02:32 PM | Domain Names , Internet History

BBSs and History

A new documentary called BBS: The Documentary is out, and it inspired a retrospective on BBSs at Wired. I haven't seen the documentary yet, but the Wired article definitely took me back to my first flirtations with cyberspace.

I got online in 1991 and instantly fell in love. It led to my first law review article which, appropriately enough, discussed the legal treatment of BBSs--a topic that seemed so important then but of course now looks silly in the era of websites and blogs/RSS readers and wireless ubiquitious networks. I'm not sure the legal issues have changed radically; some issues (like the interplay between private property rights and free speech rights) will continue on into infinity regardless of the newest technological tools that create the conflict-du-jour.

I really don't miss the BBS era. It was chaotic and slow. Nevertheless, thinking about the era does make me a little nostaglic, just like other kinetic times in my life like adolescence/high school. We tend to suppress the bad and remember the good; and the good was pretty good, but there definitely was some bad mixed in. We do have it much better now.

Posted by Eric at 01:55 PM | Internet History

May 12, 2005

Internet Explorer Market Share Dips Below 90%

Microsoft’s share of the browser market has dipped below 90%. On my blogs, the numbers are even less favorable for Microsoft. Consider my blog stats in the month of May (so far):

“Unknown” 50.9 % (I believe this includes RSS readers and robots)
Internet Explorer 26.3 %
Firefox 10.9 %
Mozilla 6 %
Konqueror 2.2 %
Opera 0.8 %
Safari 0.8 %
Netscape 0.8 %
NetNewsWire 0.7 %
Lynx 0.1 %

In other words, excluding the unknown traffic, IE accounts for only 53.6% of my hits. Admittedly I skew towards a tech audience, but these stats certainly suggest that IE’s lock on the browser marketplace is experiencing significant pressure.

Posted by Eric at 03:06 PM | General , Internet History

May 01, 2005

ICANN's Domain Name Tax on .Jobs and .Travel

I missed this before—perhaps I wasn’t the only one. ICANN has repeatedly attempted to impose a “tax” on domain names. This was first proposed back in 1999 and again at the end of 2004. Now, at the end of March, we learned that ICANN is charging a tax of $2 per year on each SLD in the .travel and .jobs TLDs. The expectation is that some fee will be levied against other TLDs under ICANN's administration as the applicable agreements come up for renewal/renegotiation.

This tax, of course, raises some serious questions:
· Where’s the money going to go? More money in ICANN’s pocket means two things: (1) more flexibility for ICANN to do more ill-advised things (a propensity they've amply illustrated while operating on a shoestring budget), and (2) a greater pot of money for those interested in ICANN governance to fight over.
· What procedural limits are there on ICANN’s ability to impose new taxes or raise existing ones? Who's watching the watchman? "The power to tax involves the power to destroy." John Marshall, McCulloch v. Maryland (1819).
· As ICANN sets a minimum floor on domain name pricing (at minimum, to cover the flat ICANN tax), what will this do to the market for domain names? In general, domain name pricing has been dropping dramatically; now there may be a countervailing need to raise prices. Price increases in domain names put significant scrutiny on the value of domain names, a value that has arguably been slipping throughout this decade as more action moves to the search engines.

Posted by Eric at 04:29 PM | Domain Names , Internet History

March 31, 2005

Infomediaries--Where Are They?

I have been thinking a lot about “infomediaries.” If you’re not familiar with the term, John Hagel first described it in a 1997 Harvard Business Review article The Coming Battle for Customer Information (with Rayport) and then fleshed out his vision in the 1999 book Net Worth (with Singer).

Infomediaries interpose themselves between marketers and consumers to facilitate better marketing matches. Consumers disclose their personal preferences to an infomediary, who can then offer marketers the ability to engage in highly targeted marketing without knowing consumers' personal identities. Further, infomediaries will use their aggregated consumer demand to cut consumer-favorable deals with marketers. To make this work, consumers must completely trust that infomediaries will respect their privacy and will not become a biased shill for marketers based on which marketer pays the infomediary the most.

From an academic’s perspective, I think infomediaries would substantially improve social welfare. Consumers get what they want—relevant and trustworthy marketing without sacrificing privacy; marketers get what they want—a cost-effective source of interested consumers; and infomediaries profit by taking cuts of the deal. Society wins due to lowered transaction/search costs and fewer marketing mismatches between consumers who don’t want the marketing and marketers who cannot target granularly enough.

Compare this with our current marketing environment, where consumers lack an easy one-stop way to disclose their preferences (and many consumers refuse to do so due to privacy fears). More regulated solutions of marketing communications have high transaction costs (for marketers, and sometimes for consumers too) and a high risk of Type I and Type II errors (i.e., relevant marketing is squashed; unwanted marketing is unregulated).

Despite all of these benefits, as far as I can tell, the infomediary industry has failed to materialize. In Feb. 1999, James Glave wrote a Wired News story called The Dawn of the Infomediary listing five companies trying to enter the infomediary business: Lumeria, PrivaSeek, InterOmni, @YourCommand, and PrivacyBank. On January 24, 2005, I visited the purported websites of all five infomediaries discussed in Glave’s article. Lumeria’s site still exists but appears not to have been updated since 2000. InterOmni was acquired by Lumeria in 1999. The PrivaSeek and @yourcommand domains appear to have lapsed and been reregistered by others. InfoSpace.com bought PrivacyBank in 2000; it is unclear what happened thereafter.

In other words, it appears that all of these infomediaries are out of the business. Also gone are the group buying sites (like Mercata and Accompany) that aggregated consumer interests to negotiate better deals with merchants.

We have some more success if we broaden our definition of infomediaries further. In some industry verticals, infomediary-like businesses have emerged, like LendingTree for loans and Autobytel for cars. However, to some extent, Autobytel act like messaging services—I submit my information, a message goes to interested dealers, then the dealers spam me directly (sometimes relentlessly). Rather than protecting my privacy (whatever that means), Autobytel just ratchet up the email volume. There is still value to consumers to messaging systems, but I don’t think they rise to the infomediary level. LendingTree actually makes offers, not just referrals. However, I'm not entirely clear how these offers are ordered.

We could also try to analogize the shopbots to infomediaries. Shopbots like Shopping.com, Shopzilla and PriceGrabber have survived the dot com crash and offer some infomediary-like services, such as organizing marketing information by product and pitting merchants against each other. However, shopbots do not personalize the offers based on a consumer’s preferences or try to act as a consumer agent; instead, like some industry vertical sites, shopbots view their role as referral services (i.e., send the consumers to the merchant and get out of the way). Further, merchant listings are generally presented based on merchant willingness-to-pay, so consumers may feel like shopbots put merchant interests ahead of their own.

Why haven’t infomediaries emerged? I am struggling to answer this question. Some of the possible theories I’ve come up with:

· Infomediaries do exist but I’m not defining the term expansively enough.
· Infomediaries cannot convince consumers that they are trustworthy. In my experience, my clients would routinely start out saying that they wanted to protect their customers’ privacy, but inevitably they would, over time, look for ways to monetize their customers’ information. Further, companies usually cater to those who pay the bills; so any infomediary will inevitably be tempted to put merchants’ interests over consumers.
· Consumers’ privacy concerns are not strong enough that they need infomediaries. The empirical evidence here is sharply split. Consumers routinely say that privacy concerns inhibit their online actions, but consumer behavior routinely belies this. There are plenty of good reasons to use an infomediary beyond privacy protection, but perhaps this motivation is not as strong as Hagel predicted.
· There is no viable profitable business here (i.e., the economics simply don’t work).
· There is a market failure that prevents companies from entering the market. If we could find a market failure, would this support government intervention to sponsor the creation/operation of one or more infomediaries?

As you can see, I’m stuck. I ask for your help, and I’m opening comments on this post. (Unfortunately, to prevent comment spam, registration is required—sorry). Why do you think infomediaries have not arisen?

Posted by Eric at 10:04 AM | Adware/Spyware , E-Commerce , Internet History , Marketing , Privacy/Security | Comments (1)

March 29, 2005

Getting Paid to Drive an Ad-wrapped Car

Do you remember the dot com boom phenomenon of turning cars into mobile billboards? Some great photos here. The model was that advertisers would give drivers a new car (or pay some amount per month) to drive around in a car loudly displaying the advertiser’s branding. A few companies entered the business in 2000, including autowraps.com, buzzcar.com, freecar.com and myfreecar.com (the latter two merged).

As far as I can tell, these businesses all ended soon after they were launched. They seem one of the greatest bellweathers of the dot com madness. Competition for eyeballs was so steep that it drove prices up for all media buys. Higher prices created new marketing supply. When the boom ended and prices dropped, marketing supply shrunk accordingly, churning out marginal sources like auto wrapping.

UPDATE: See the Google Answers discussion on this topic from 2004.

Posted by Eric at 05:07 PM | Internet History , Marketing

March 24, 2005

Dot EU Approved

ICANN finally approved the .eu domain. When I joined Epinions in February 2000, a board member suggested that one of my top priorities as general counsel should be to secure the epinions.eu domain. Over five years later, does anyone even care about this TLD any more?

Posted by Eric at 12:19 PM | Domain Names , Internet History

March 12, 2005

What Ever Happened to DotComGuy?

I had reason to investigate what happened to DotComGuy. You may remember him as the guy who lived in his apartment during all of 2000, ordering all of his needs from the Internet and webcasting his life. In 2004, he failed to auction his trademark and domain name because the bid didn’t clear his reservation price, but claimed that he would work out some deal. I couldn’t easily find any further press reports, and I recently checked the website www.dotcomguy.com and got a 403 error. A rather fitting end to a mildly interesting publicity stunt from the dot com glory days.

Posted by Eric at 05:32 PM | Internet History

Seattle Times series on InfoSpace

The Seattle Times did a remarkable multi-part expose of InfoSpace. The series is particularly unflattering to Naveen Jain, InfoSpace’s founder and chief huckster. There’s a thin line among entrepreneurs between visionary and crook, and the Seattle Times marshals plenty of evidence to deem Jain the latter if you want.

The series also describes several common but deceptive practices of the dot com boom, especially the “lazy Susan” deals (also known as “roundtripping” deals). In a roundtrip deal, party A invests in party B but, at the same time, party B buys products/services from party A. The net effect is that money starts with party A, goes to party B, and goes right back to party A (hence, “roundtripping”). A variation of these deals would involve the parties each buying the other’s products (instead of an equity investment starting the cash moving).

Roundtripping deals are not inherently wrong, but treating them as revenue-producing absolutely can be. The first article in the series describes the great lengths that InfoSpace went through to manufacture revenues from roundtrip deals.

Reading the series, it’s impossible not to feel that the star companies of the dot com boom exhibited a certain duality. Some of the most celebrated entrepreneurs showboated for the press claiming to be a new, smarter breed of entrepreneurs ushering in a new era of business; while at the same time, they worked behind the scenes to prop up their exorbitant claims using all-too-traditional artifices.

Posted by Eric at 04:18 PM | Internet History

March 01, 2005

Bill Gates, KBE

News item: Queen Elizabeth will tap Bill Gates on the shoulder with a sword. My reaction: he’ll probably enjoy that more than being hit in the face with a pie.

Posted by Eric at 01:04 PM | Internet History

February 13, 2005

Randall Stross Whines About Spam

Randall Stross writes an article whining about spam as pollution and complaining that the recipient pays for spam. Haven’t we heard this argument before? As a matter of fact, we have. Often. A long time ago (his own article cites one of the early academic efforts attacking spam economics--from 13 years ago!). So why is this news?

I deconstruct some of Randall’s anti-spam rants in my article on spam harms. I will be more directly attacking the argument about “recipient pays” because of attention consumption in my next major article. For a high-level overview, see my short book chapter on data mining and attention consumption.

Posted by Eric at 10:05 AM | Internet History , Spam

February 10, 2005

Is TRUSTe Irrelevant?

TRUSTe pulled its logo from some websites for breaking its rules for the first time in 2 years. The article focuses on TRUSTe’s refusal to specify the rules violation, but this seems to miss the point, and widely. In 1999 and 2000, virtually every important website had a TRUSTe logo, and the logo had the potential to really shape consumer expectations and behavior. Now, I rarely see the logo, nor do I care if I see it or don’t. If my experience is typical (and I think it is), then TRUSTe has become irrelevant. I think a better angle for the story would have been—why does anyone care that TRUSTe yanked the logo?

Posted by Eric at 09:43 AM | Internet History , Privacy/Security

Search

Archives

Recent Entries

April 17, 2013

Why You'll Soon Be Paying Sales Taxes on All of Your Internet Purchases--Amazon v. NY Taxation Department (Forbes Cross-Post)

April 15, 2013

Designing Optimal Immunities and Safe Harbors (Forbes Cross-Post)

March 12, 2013

"Regulation of Social Media and Mobile Media" Talk Slides

February 27, 2013

Resetting One of the Longest Running Cyberbullying Cases--DC v. RR (Guest Blog Post)

February 24, 2013

Before Graduated Response, There Was BSA's "Define the Line" Program. What Happened to It? (Guest Blog Post)

February 19, 2013

With Its Australian Court Victory, Google Moves Closer to Legitimizing Keyword Advertising Globally (Forbes Cross-Post)

January 11, 2013

Top Ten Internet Law Developments of 2012 (Forbes Cross-Post)

December 27, 2012

The FTC's New Kid Privacy Rules (COPPA) Are a Big Mess (Forbes Cross-Post)

December 26, 2012

Facebook Isn't--and Shouldn't Be--A Democracy (Forbes Cross-Post)

December 20, 2012

Facebook’s Proposed Amended Sponsored Settlement and Instagram’s TOS Revs

October 25, 2012

Google Defeats Trademark Challenge to Its AdWords Service--Jurin v. Google (Forbes Cross-Post)

October 12, 2012

Wikipedia's "Pay-for-Play" Scandal Highlights Wikipedia's Vulnerabilities (Forbes Cross-Post)

October 11, 2012

The Proposed "Cloud Computing Act of 2012," and How Internet Regulation Can Go Awry (Forbes Cross-Post)

July 12, 2012

Having a Facebook or Twitter Account Shouldn't Mean Mandatory California Vacations if You Get Sued (Forbes Cross-Post)

June 16, 2012

Nathenson on Teaching Internet Law

January 27, 2012

Top Internet Law Developments of 2011

October 03, 2011

New Essay on 47 USC 230(c)(2)

August 30, 2011

Fall 2011 Internet Law Reader and Syllabus

May 25, 2011

Ohio Appeals Court: GoDaddy can be Held Liable for Wrongly Transferring Control Over Domain Name and Email Accounts -- Eysoldt v. ProScan

April 18, 2011

Judge Recognizes Loss of Value to PII as Basis of Standing for Data Breach Plaintiff -- Claridge v. RockYou

March 03, 2011

Jan.-Feb. 2011 Quick Links, Part 4

March 01, 2011

Jan.-Feb. 2011 Quick Links, Part 3 (Trademarks, Domain Names and Trade Secrets Edition)

February 10, 2011

Comparative Domain Name and Keyword Regulation Talk Slides

February 01, 2011

Free-to-Consumers Ad-Supported Website Isn't Illegally Priced--Cammarata v. Bright Imperial

January 31, 2011

Speakers Announced for "47 U.S.C. § 230: a 15 Year Retrospective" Conference, March 4, SCU

January 27, 2011

Top 5 Cyberlaw Developments of 2010, Plus a 2010 Year-in-Review

January 21, 2011

The Next Digital Decade Book Launch and Event Recap

January 14, 2011

My 2005 Prediction of Wikipedia's Failure By 2010 Was Wrong

July 29, 2010

Internet Law Syllabus and Reader for Fall 2010

July 20, 2010

Book Review: Building Web Reputation Systems by Farmer & Glass

July 15, 2010

eBay Venue Selection Clause Upheld in Texas

March 31, 2010

March 2010 Quick Links

March 22, 2010

Search Engine Legal Developments to Watch in 2010

March 18, 2010

Viacom v. YouTube Summary Judgment Motions Highlights

March 02, 2010

February 2010 Quick Links

March 01, 2010

Ninth Circuit: Creditor Can Execute Against Domain Name Where Registry is Located -- Office Depot v. Zuccarini

February 16, 2010

Kozinski and Goldfoot on Cyberspace Exceptionalism and Internet Regulation

February 09, 2010

Catching Up With Wikipedia

February 02, 2010