February 01, 2012
Vendor Fails to Form Either an Online or Paper Contract With Customers--Kwan v. Clearwire
[Post by Venkat Balasubramani]
Kwan v. Clearwire Corp., C09-1392JLR (W.D.Wash.; Jan. 3, 2012)
Professor Goldman blogged recently about a case involving Facebook where the court enforced Facebook’s terms of use and based on a venue clause in Facebook’s terms transferred a dispute from New York to California. The court delved into (and seemed to get bogged down in) the distinctions between clickwrap and browsewrap agreements while eventually concluding that the plaintiff was apprised of the terms (or should have been) so there was no reason not to enforce the contract. Kwan v. Clearwire doesn’t involve strictly online terms, but Clearwire was not so lucky. It botched its terms of use (judging from the court’s order it also botched its customer service efforts). End result: it can’t summarily move the dispute to arbitration and has to undergo discovery around whether its customers agreed to the terms. The court was fairly skeptical of Clearwire’s position, so its chances of success on the arbitration front don’t seem great.
Background
Kwan brought a lawsuit aginst Clearwire and collection agents for Clearwire alleging that she was harassed by Clearwire and its debt collectors in an effort to reach a Clearwire customer (which wasn’t her). Among other claims, she asserted claims under the TCPA, the Fair Debt Collections Practices Act, and Washington’s Consumer Protection Statute. Her complaint was amended to add Brown and Reasonover, both of whom tried Clearwire services for a short time (or judging by the complaint, attempted to try Clearwire out for a trial period but with little success). The Clearwire terms contained a class action waiver and an arbitration clause, and Clearwire sought to have the dispute arbitrated pursuant to the Clearwire terms.
Brown signed up for a 14 day trial of Clearwire. She received a confirmation email from Clearwire one week prior to receiving her modem. She tried to connect her modem but was unsuccessful, and she alleged that she was not required to click any sort of acknowledgement before trying to connect her modem. She called Clearwire to cancel her service, but was persuaded by Clearwire to renew her trial period. Clearwire had a service technician check on Brown’s modem. The technician arrived while Brown was at work and Brown’s roommate left the technician alone to try to get the modem working. After the technician left, she tried to get the modem working, and it still would not work properly. According to Brown, she discovered that “use of her microwave interfered with her modem signal.” She tried to cancel her service, and after going back and forth with Clewrwire, Clearwire finally agreed that she could cancel her service. Clearwire sent her shipping labels to return the modem, but according to her, by the time she received the shipping labels from Clearwire, the labels had “expired.” This prompted another round of back-and-forth with Clearwire's customer service. Ultimately, she was able to return the modem to Clewarwire.
Reasonover’s experience with Clearwire wasn’t much better. She signed up for a seven day trial period and, because she was not at home when Clearwire shipped the package, Federal Express held it for her. She was unable to pick up the modem within her trial period, so she was worried about being able to cancel. When she plugged in the mdoem, she was only able to obtain “one green bar,” and this too from an “inconvenient location in her house.” Before connecting to the internet, she was presented with an “I accept” screen for Clearwire’s terms, but she bailed. Apparently, Clearwire told her that she could not cancel her serivce. She had some less-than-friendly exchanges with Clearwire, and she reported Clearwire’s actions to her credit card. Ultimately she alleges she paid for the modem (Clearwire disputes this).
Discussion
The court notes that the Federal Arbitration Act provides for arbitration of disputes that are subject to arbitration clauses. While the FAA sets forth a policy in favor of arbitration, it first requires a determination of whether the parties entered into an agreement to arbitrate their dispute. And that’s the hitch for Clearwire.
The court canvasses the law on browsewrap and clickwrap agreements (citing to Specht, Register v. Verio, Hines v. Overstock, and Southwest Airlines v. Boardfirst, among other cases). While Washington courts have not upheld the enforceability of clickwrap or browsewrap agreements, the court notes that shrinkwrap agreements are enforceable under Washington law. The prevailing case in Washington relied on Hill v. Gateway and ProCD v. Zeidenberg, and in both of these cases, “the terms and conditions at issue were included with the product purchased by the consumer.” This is consistent with the court’s inquiry in Specht as to whether the customer had notice of the contractual terms.
The court holds that, on the record before it, Clearwire is not entitled to enforce its arbitration clause. Clearwire pointed to the email confirmation which it sent to customers, but the court notes that the confirmation email did not contain a direct link to Clearwire’s terms—the link pointed to Clearwire’s home page, and Brown would have to “negotiate her way through two more hyperlinks” in order to arrive at Clearwire terms. Clearwire also argued that Brown was aware of the terms and used the product in question. With respect to this argument, the court says:
The breadcrumbs left by Clearwire to lead Ms. Brown to its TOS did not constitute sufficient or reasonably conspicuous notice of the TOS.
In any event, the court notes that Brown returned the modem.
Clearwire fared no better against Reasonover’s claims. It could not rely on the terms on its website because Reasonover testified that she “abandoned the page.” It also could not rely on the confirmation email which it sent because the email did not contain a readily accessible link to the terms—as with the facts with respect to Brown, Reasonover would have had to click through a couple of different links to arrive at Clearwire’s terms. Finally, Clearwire relied on the material that it had sent with the modem. These materials unfortunately suffered from the same flaws:
At the bottom of one of the pages included in the modem packaging was a reference to the TOS and to where the TOS could be located on [Clearwire’s] website. The statement actually contain[ed] two different hyperlinks. Neither link . . . immediately display[ed] the TOS.
D’oh.
As a final bonus, the court also denied the request to arbitrate filed by the collection agency, finding that there was a dispute as to whether it was an agent (with a close relationship to Clearwire) that could enforce the terms, or an arms-length independent contractor, who would not. (citing Swift v. Zynga)
__
Apart from the numerous alleged customer service debacles detailed in the complaint, Clearwire dropped the ball in several ways.
First, it did not have a ‘leakproof’ clickwrap agreement that users had to agree to before they activated the modem or signed on. Clearwire could have forced its users to scroll through and click on an “I agree” button as a prerequisite to activating the modem. (This may not have helped with respect to Brown’s claims since a technician activated the modem, but I assume this was an aberration. Most users probabaly plugged in the modem and signed on without the help of a technician—Clearwire could have forced them to click through and agree to terms.)
Second, to the extent it tried to rely on paper terms which it sent to customers along with the modems, it could have at least included the terms themselves as part of the package. I get the feeling the judge in this case would have worked hard to find a way around enforcing the terms in this scenario, but it would have been harder. (Again, the fact that the customers returned the modems would have affected the analysis. They could have argued that their acceptance of the terms was premised on them keeping the modems and since they didn’t they should not be bound by the terms.)
Finally, there’s the email debacle. I’m not sure the email would have helped since it came after the fact and would be categorized in the same manner as paper terms (i.e., if the customer returns the item, they can argue they should not be bound by the terms). But the email did not even include the terms!
This decision is largely consistent with previous online contracting cases. If you can't easily show the court that the terms were readily accessible, you're going to have a long road to travel down. It also demonstrates that if you can make a compelling case to the court that there's something inequitable afoot (whether in the form of seriously egregious, one-sided terms, or botched customer service, as was alleged in this case) courts will work to find a way around enforcing terms that they may otherwise enforce.
Posted by Venkat at 10:07 AM | Licensing/Contracts
January 30, 2012
Judge Can't Decide if Facebook's User Agreement is a Browsewrap, But He Enforces It Anyways--Fteja v. Facebook
By Eric Goldman
Fteja v. Facebook, Inc.,2012 WL 183896 (S.D.N.Y. Jan. 24, 2012). Fteja's initial "complaint" (filed as an order to show cause).
If I could waive a magic wand, I'd retire the phrases "clickwrap" and "browsewrap." Those terms trace their lineage to a radically different technology--plastic shrinkwrap on physical products--and, as a result, they never developed clean or precise definitions in the online world. This opinion is much more prolix than necessary because the court couldn't figure out what either term meant and therefore couldn't decide how to apply the precedent. Fortunately, the court gets to the right place eventually.
Fteja claims that Facebook terminated his Facebook account improperly because it discriminated against him as a Muslim. Facebook will win this lawsuit eventually; see, e.g., my paper about online user account terminations and 47 USC 230(c)(2) and Young v. Facebook.
For now, after removing the case from New York state court to federal court, Facebook sought to transfer the case to its home court in California. Facebook invoked the venue selection clause in its user agreement (its "Terms of Use"). Facebook uses a mandatory non-leaky clickthrough agreement where the terms are hyperlinked from the clickthrough page. (The language says: “By clicking Sign Up, you are indicating that you have read and agree to the Terms of Service," where the words Terms of Service are a hyperlink). This user interaction should have made it an easy case. This formation process (mandatory clickthrough with hyperlinked terms) has been upheld in dozens of cases. Indeed, buried in his overlong discussion, the judge says "Fteja was informed of the consequences of his assenting click and he was shown, immediately below, where to click to understand those consequences. That was enough."
Yet, the judge launches into an extended discourse about the philosophy of online contracts. Overly troubled by the hyperlinked presentation of the actual terms, the court reaches this awkward classification:
Facebook's Terms of Use are somewhat like a browsewrap agreement in that the terms are only visible via a hyperlink, but also somewhat like a clickwrap agreement in that the user must do something else—click “Sign Up”—to assent to the hyperlinked terms. Yet, unlike some clickwrap agreements, the user can click to assent whether or not the user has been presented with the terms.
The judge then snarks about social media exceptionalism:
it is tempting to infer from the power with which the social network has revolutionized how we interact that Facebook has done the same to the law of contract that has been so critical to managing that interaction in a free society. But not even Facebook is so powerful.
(Don't underestimate Facebook, your honor. It is changing our brains).
Despite all the navel-gazing, the judge realizes:
There is no reason why that outcome should be different because Facebook's Terms of Use appear on another screen rather than another sheet of paper....The mechanics of the internet surely remain unfamiliar, even obtuse to many people. But it is not too much to expect that an internet user whose social networking was so prolific that losing Facebook access allegedly caused him mental anguish would understand that the hyperlinked phrase “Terms of Use” is really a sign that says “Click Here for Terms of Use.” So understood, at least for those to whom the internet is in an indispensable part of daily life, clicking the hyperlinked phrase is the twenty-first century equivalent of turning over the cruise ticket. In both cases, the consumer is prompted to examine terms of sale that are located somewhere else. Whether or not the consumer bothers to look is irrelevant.
Having convinced himself that Facebook's venue selection clause is enforceable, the judge then concludes that transfer is proper. All of the relevant evidence is at Facebook's headquarters, Fteja's witnesses don't appear to be near NYC, the alleged contract breach means the "locus of operative facts" took place in California, and Fteja's medical condition ("Ménière's disease") won't keep him off airplanes.
Some related posts:
* Court Disregards Check-the-Box Agreement and Doesn't Enforce Venue Clause -- Dunstan v. comScore
* Forum Selection Clause in "Submerged" Terms of Service Presumptively Unenforceable -- Hoffman v. Supplements Togo
* Anti-Scraping Lawsuit Largely Gutted--Cvent v. Eventbrite
* Interesting Database Scraping Case Survives Summary Judgment--Snap-On Business Solutions v. O'Neil
* Clickthrough Agreement With Acknowledgement Checkbox Enforced--Scherillo v. Dun & Bradstreet
* Contract Formed Even If Customer Never Received It--Schwartz v. Comcast
* Ticketmaster Wins Big Injunction in Hannah Montana Case, But Did the Public Interest Get Screwed?--Ticketmaster v. RMG
Posted by Eric at 09:25 AM | Licensing/Contracts | TrackBack
January 20, 2012
Google Gets Significant Win in AdWords/Parked Domains Case
By Eric Goldman
In re Google AdWords Litigation, 2012 WL 28068 (N.D. Cal. Jan. 5, 2012)
Google defeated class certification in an AdWords-related case over Google's placement of ads on parked domains. This almost certainly ends this case in practice, as few if any advertisers will find it worth continuing the case on their own. This ruling also takes us closer to the end of litigation wars over parked domains.
The advertisers sued Google for placing AdWords ads on parked domains and error pages and not adequately disclosing these facts.
The court finds standing under both California UCL/FAL and Article III based the named plaintiffs' allegations that they bought advertising they wouldn't have bought if they knew where Google was going to put it. This was also good enough to confer standing for the unnamed plaintiffs; the court says that "where one class representative in a UCL or FAL class action has already established Article III standing, the court need not analyze the standing of unnamed class members."
The court also finds numerosity, typicality, adequacy, and commonality (on the question of “whether Google’s alleged omissions were misleading to a reasonable AdWords customer”). However, the court rejects class certification on predominance grounds. Even though there are common legal questions among the advertisers, their idiosyncratic factual questions are more important than the common legal questions. Specifically, because only some advertisers were financially harmed by Google's placement of ads on parked domains and error pages, the court would have to investigate each advertiser's results to determine if restitution were appropriate. Further, because each click was auctioned off and sold for a constantly changing price, it would be hard to calculate the "but for" pricing that advertisers would have paid. Plus, not every advertiser is seeking click conversion; presumably (although not articulated in the court's opinion) some advertisers compute their bids on the branding value of ads. The court thus concludes this discussion by saying "any effort to determine what advertisers “would have paid” under a different set of circumstances requires a complex and highly individualized analysis of advertiser behavior for each particular ad that was placed."
To fix this problem, advertisers' counsel suggested a variety of restitution formulae that relied on blanket assumptions applicable to all advertisers. The court rejects these categorical approaches, saying "[s]ince the purpose of restitution is to return class members to status quo, the amount of restitution due must account for the benefits received from ads placed on parked domains and error pages." This too requires a per-advertiser assessment.
Google continues to make substantial progress cleaning up its AdWords litigation docket. Recently, it got rid of Woods v. Google over click fraud and improper pricing discounts; it defeated class certification in FPX v. Google over trademark triggering; and the Ninth Circuit upheld its settlement of the CLRB Hanson case. Even so, it's also clear that litigation forays by advertisers will be a perennial aspect of Google's life going forward; partially due to Google's occasional corner-cutting, but mostly due to advertisers' wish that they could get unlimited traffic at no cost. Then again, the plaintiffs' bar will be sharing some of that joy with Facebook too.
This lawsuit was just one of several lawsuits over the legitimacy of parked domains. I've criticized Google before for its AdSense for Domains program, which fosters an ecosystem that motivates questionable domain name registrant behavior while providing little if any real value to consumers. From my perspective, it's pathetically anachronistic that Google still offers its parked domain program--what is this, 2004? Time for Google to grow up a little more.
While I think it's sad Google can't wean itself from the questionable revenues it derives from its parked domains program, I think it's even sadder to see plaintiffs trying to attack the parked domains ecosystems using proxy defendants like intermediate service providers rather than just going after the domain name owners directly. See, e.g., Vulcan Golf v. Google; In re Yahoo; uBid v. GoDaddy; etc. Let's hope this ruling discourages plaintiffs from bringing future proxy battles over parked domains.
Posted by Eric at 09:24 AM | Domain Names , Licensing/Contracts , Marketing , Search Engines | TrackBack
December 28, 2011
Another Set of Parties Duel Over Social Media Contacts -- Eagle v. Sawabeh
[Post by Venkat Balasubramani]
Eagle v. Morgan, 11-4303 (E.D. Pa.; Dec. 22, 2011)
Background: Dr. Linda Eagle, who holds a Ph.D. in communication and psychology, teamed up with Clifford Brody and founded Edcomm. They were later joined by Davi Shapp. Eagle maintains a reputation in the field of “banking training,” and has “cultivated relationships with thousands of individuals and organizations.” In October 2010, Sawabeh Information Services entered into an agreement with Eagle, Brody, and Shapp to purchase Edcomm. Sawabeh proposed to retain the three as executives, but abruptly terminated them in June 2011. This prompted a flurry of litigation.
The Lawsuits: Eagle sued the principal of Sawabeh and others working in concert with them (in Pennsylvania), alleging that defendants improperly accessed and continued to use Eagle’s LinkedIn account. Defendants turned around and asserted counterclaims, alleging that Eagle misappropriated a telephone number that had been assigned to Edcomm and improperly caused AT&T to transfer this number to Eagle personally. Defendants also asserted that Eagle misappropriated a laptop, as well as the LinkedIn “connections” associated with Eagle’s LinkedIn account (which defendants allege was maintained by Edcomm for the Edcomm's benefit).
In a separate lawsuit (in the Southern District of New York), Sawabeh asserted securities fraud and breach of contract claims against Eagle, Brody, and Shapp, alleging that the principals failed to disclose Edcomm’s obligation to make a substantial severance payment to Brody, and further failed to disclose that Edcomm transferred all of its IP to Brody in an earlier transaction. In this lawsuit, the court recently denied a motion to dismiss brought by defendants. (Sawabeh v. Brody, et al., 11-civ-4164 (S.D.N.Y.; Dec. 16, 2011).) [For some unknown reason, the courts don't seem to have a problem with the maintenance of two separate lawsuits arising out of the same transaction. I would have thought that consolidation was a no-brainer here.]
The parties have widely divergent views on the background facts, so it's hard to assess the viability of the claims. For example, Edcomm alleges that it created and maintained LinkedIn accounts for its employees, and as a matter of policy, employees were expected to turn over their LinkedIn accounts when they left Edcomm. Eagle disagrees, but also has to contend with a very unhelpful fact: Eagle committed the ultimate no-no and provided her LinkedIn password to someone at Edcomm.
(For what it’s worth, this looks like the account in question. The court entered a TRO prohibiting defendants from accessing the LinkedIn account. The order expired of its own accord, and none of the filings in the docket reflect any additional action by the parties with respect to this issue. Although it’s hard to tell, judging from the account, it looks like Eagle continues to use the account and defendants likely agreed to not interfere with this usage.)
Motion for Judgment on the Pleadings as to the Counterclaims:
Computer Fraud and Abuse Act: The CFAA claim was premised on Eagle’s alleged improper access of Edcomm’s AT&T account and misappropriation of Edcomm’s number. The claim is somewhat strange in that it doesn’t really identify what computer Eagle gained “unauthorized access” to. The court seizes on this and says that, in simpler terms, the counterclaims allege Eagle walked into an AT&T store and convinced AT&T to transfer Edcomm’s number to her--this does not involve the "access" of any computers. Along the way, the court also tackles the issue of whether Edcomm sufficiently alleges damages, and whether Eagle’s access was truly “without authorization” because she was once an employee of Edcomm and ostensibly had authorization to access the account. As to damages, the court says that Edcomm’s allegation that it suffered loss of business relationships as a result of Eagle’s transfer of the number does not count towards the jurisdictional threshold (“Nothing in these allegations avers any loss related to the impairment or damage to a computer or computer system, any remedial costs of investigating or repairing computer damage, or costs incurred while the computers were inoperable.").
Trade Secrets: The trade secret claim had a fatal weakness in that it was premised on information that obviously was not a trade secret: (1) the AT&T account information, and (2) the identities of clients and instructors. Eagle persuasively argued that Edcomm’s website disclosed the identity of more than 1,000 clients and the instructor identities were publicly available on their LinkedIn profiles. The court also says that the AT&T account information could not be a trade secret because it doesn’t have any “independent economic value” that would be of use to competitors. The arguably valuable asset in question is the telephone number, and there’s nothing secret about this.
Conversion: The conversion claim was premised on Eagle’s retention of a laptop allegedly belonging to Edcomm. The court allows this claim to proceed.
Misappropriation: The misappropriation claim can either be misappropriation of a trade secret or misappropriation of an “idea.” The court says that the misappropriation based on trade secrets must fail based on the court’s conclusion that Edcomm failed to specify any protectable trade secrets. The court however declines to dismiss the “misappropriation of an idea” claim. The parties had conflicting allegations as to whose investment generated the content on the LinkedIn account. Given these conflicting allegations, the court declines to grant judgment on the pleadings on the misappropriation claim.
Tortious Interference: The court dismisses the remaining claims. Edcomm asserted that Eagle interfered with the contract between AT&T and Edcomm, but the court says that Edcomm failed to adequately allege specific intent and damages. Eagle cared about the number, and the contractual relationship between AT&T and Edcomm was incidental to the number (it's unclear this was terminated anyway). Edcomm also argued that Eagle interfered with relationships with prospective clients, but the court dismisses this claim on the basis that Edcomm’s allegations were speculative. Edcomm failed to point to “one potential contract that would . . . have materialized” absent Eagle’s alleged interference. (The court declines to dismiss an unfair competition claim but this claim piggybacks on the misappropriation claim.)
__
The dispute raises interesting issues, and as with PhoneDog, OMGFacts, and Maremont cases, illustrate the difficulty of neatly categorizing social networking accounts and the goodwill in those accounts. The obvious question is whether the parties had an agreement addressing Eagle’s competitive efforts and use of her contacts. Judging by the fact that the parties did not mention any contractual terms, it’s fair to say that there was no written agreement dealing with Eagle’s competitive activities. This is somewhat surprising, given that Edcomm was acquired, and to the extent the the key assets in the acquisition were human resources, the parties should have had an agreement in place addressing Eagle's post-acquisition competitive activities.
It looks like the vagaries of Pennsylvania law may have made it harder to bring a conversion claim based on the phone number (the court footnotes that conversion claims are limited to tangible personal property), but at least one court has held that phone numbers can be subject to conversion claims. (Can a Telephone Number Be the Subject of a Conversion Claim?, discussing Staton Holdings, Inc. v. First Data Corp, 2010 U.S. Dist. LEXIS 48688 (N.D. Tex. May 11, 2010).) Given the current rules on phone number portability, to the extent they are freely transferable, it seems like phone numbers are increasingly similar to domain names, which can form the basis of conversion claims.
The fight over the LinkedIn account was probably the most interesting, but there is little discussion about the fact that LinkedIn terms restrict usage of log-in credentials to the person who created the account. (Eagle's sharing, and Edcomm's access likley violated LinkedIn's terms, as a technical matter.) Also, LinkedIn distinguishes between “company accounts” and “personal accounts.” Personal accounts seem by design to be akin to resumes, and while it makes sense for someone to be restricted from exploiting their contacts for competitive purposes, the personal accounts don’t lend themselves to use by the company. Neither the court nor the parties focuses on this. As an afterthought, my instinct is that parties are often misdirecting their energies with fights over “who owns contacts.” Contacts are personal, and particularly in the social networking context, I would think it would be difficult for one person to take advantage of another person’s contacts. I could see Edcomm sending out a spam message to Eagle’s LinkedIn contacts, announcing that Eagle is no longer with the company and prospective customers should contact Edcomm directly, but apart from this, is it really realistic for Edcomm to continue to exploit Eagle’s contacts?
Although it's tough to say since the case is at the initial stages, the lawsuit in Pennsylvania seems like a small part of the overall dispute, which includes the litigation in the Southern District of New York. In the Southern District case, Sawbeh alleges fraud on the part of Eagle and her cohorts; if the fraud and misrepresentation claims are successful, they will likely dwarf the effect of the battle over the LinkedIn contacts and phone number. Any victory that is achieved in the Pennsylvania litigation may turn out to be pyrrhic, depending on how the New York litigation pans out.
Posted by Venkat at 10:52 AM | Licensing/Contracts , Trade Secrets , Trespass to Chattels
December 19, 2011
Facebook "Sponsored Stories" Publicity Rights Lawsuit Survives Motion to Dismiss--Fraley v. Facebook
By Eric Goldman
Fraley v. Facebook, Inc., 2011 WL 6303898 (N.D. Cal. Dec. 16, 2012)
Because Facebook does so many things that aren't in users' interests, their "Sponsored Stories" program barely registers. Nevertheless, Sponsored Stories demonstrates why many people are burned out on Facebook. Facebook collects user preferences through its semantically ambiguous "like" button and then uses that data to show ads to the users' friends with a seeming endorsement. Using my preferences does little to advance my relationship with my friends, but the implicit endorsement is designed to get my friends to investigate the ads, increasing the advertiser's credibility and Facebook's profits. So Sponsored Stories creates a zero-sum game: I as a user probably don't get any value from the public presentation of my implicit endorsement (if anything, it might hurt my position with my friends), but Facebook and its advertisers benefit from it.
My response to Facebook's rollout of Sponsored Stories was swift and decisive: I don't "like" any businesses on Facebook or do any other activities on Facebook that I believe can trigger a Sponsored Story. (I would also categorically opt-out of being a part of Sponsored Stories if Facebook actually let me decide what I want to share with my friends, but Facebook doesn't). Instead, if I want to make a commercial recommendation to my friends--something I do occasionally--I just share it directly in my status report. That way, I control the message I deliver to my friends, instead of letting Facebook or advertisers control how they communicate my interest to my friends. And the zero-sum nature of Facebook's offering drives a deeper wedge into my relationship with Facebook, making me less willing to use Facebook generally and more receptive to alternatives.
To me, this marketplace response is adequate. To plaintiffs' lawyers, however, Sponsored Stories gives another reason for a litigation fiesta. Remarkably, unlike so many other "privacy" lawsuits against Internet companies, this lawsuit survives the motion to dismiss--dramatically increasing the odds that Facebook will be writing a check for this so-called "feature."
This is a rich and interesting opinion by Judge Koh that has something for everyone to "like" (or dislike). Some of the highlights:
Article III Standing
In a ruling that bucks a mini-trend, Judge Koh upholds the case from an Article III standing challenge. She says that violation of a statutory right (in this case, California's publicity rights statute) automatically satisfies the actual harm requirement of Article III standing. The plaintiffs also satisfied the "particularized" and "concrete" requirements of Article III by explaining how the Sponsored Stories feature used their information.
She explicitly distinguishes numerous defense-side Article III wins (including her own recent iPhone application litigation and Low v. LinkedIn decisions) by noting the particular nature of the plaintiffs' publicity rights claim. In this case, unlike the others, the plaintiffs are claiming that their endorsement had commercial value to help sell goods to others, compared to the situation in the prior cases where the commercial value of a user's data came from theoretically improved marketing to the user him/herself. She says:
Plaintiffs here do not allege that their personal browsing histories have economic value to advertisers wishing to target advertisements at Plaintiffs themselves, nor that their demographic information has economic value for general marketing and analytics purposes. Rather, they allege that their individual, personalized endorsement of products, services, and brands to their friends and acquaintances has concrete, provable value in the economy at large, which can be measured by the additional profit Facebook earns from selling Sponsored Stories compared to its sale of regular advertisements.
She says later:
Plaintiffs assert that they have a tangible property interest in their personal endorsement of Facebook advertisers’ products to their Facebook Friends, and that Facebook has been unlawfully profiting from the nonconsensual exploitation of Plaintiffs’ statutory right of publicity. Thus, in the same way that celebrities suffer economic harm when their likeness is misappropriated for another’s commercial gain without compensation, Plaintiffs allege that they have been injured by Facebook’s failure to compensate them for the use of their personal endorsements because “[i]n essence, Plaintiffs are celebrities—to their friends.”
Clearly, Judge Koh is making a tricky intellectual move, and I bet it's going to make some privacy advocates unhappy. There is unquestionably a street value to data about a person to improve the marketing to that person, just as there is unquestionably commercial value in gaining an endorsement from a consumer. It's awkward to recognize one value and not the other. (Of course, in many of the precedent cases, there was only the possibility of data leakage; there wasn't actually a showing that any marketer had bought the leaked data for commercial reuse).
However, Judge Koh's fancy footwork rips open only a very small hole in the Article III jurisprudence. Her exception only applies where there's a statutory publicity rights claim, and only when the defendant made a commercially-motivated endorsement. I'm sure we'll see plaintiffs advance claims to take advantage of this ruling, but few plaintiffs will be able to style their claims accordingly.
In another tricky intellectual move, Judge Koh distinguishes Cohen v. Facebook, which dismissed a publicity rights claim based on Facebook's "Friend Finder" service, because this case showed a more direct connection between the friend's endorsement and the commercial value derived by Facebook. She also implies the lawyers did a better job here than in Cohen. I didn't fully understand this distinction other than Judge Koh's desire to reach a different result without disturbing the Cohen precedent.
47 USC 230
Facebook's 230 defense is tricky. First, it seeks to invoke the defense against a publicity rights claim, which the 9th Circuit said was possible in Perfect 10 v. ccBill in a controversial statutory reading that has been rejected by every other court outside the Ninth Circuit. Judge Koh doesn't touch that issue.
Second, Facebook seeks 230 protection for the ad copy it created automatically. The ad is based on a user action, the "Like," plus various pieces of user content, but Facebook assembles it all into a package that the user never sees, blesses or necessarily even wants. We've had some other cases upholding 230 when a service provider is so intimately involved with creating the final content, such as the Carafano case, but Facebook is clearly playing at the edge of the statutory immunity.
Judge Koh rules that Facebook is over that line and doesn't get the immunity. Unfortunately, she does so by saying that Facebook is partially the information content provider of the ads in question. She references the dispositive allegations:
Plaintiffs allege that Facebook creates content by deceptively mistranslating members’ actions, such as clicking on a ‘Like’ button on a company’s page, into the words “Plaintiff likes [Brand],” and further combining that text with Plaintiff’s photograph, the company’s logo, and the label “Sponsored Story.” ... Plaintiffs allege that they themselves have no control over whether to post a particular company’s name or logo, and that Facebook maintains sole control over whether to display a Sponsored Story at all.
Personally, I'd be much more sympathetic to Facebook's position if users had the specific ability to "like" a business page without simultaneously authorizing the Sponsored Story. Because Facebook's controls are insufficiently granular, Facebook automatically interprets a "like" as both a statement of user attitudes and as a green light to create the Sponsored Story. In contrast, imagine that when a user "liked" a business page, Facebook prepared the ad copy for the Sponsored Story, presented it to the user, and asked the user if the user wanted to publish the ad copy to his/her friends. At this point, I would feel much more strongly that the ad copy really was the user's words. Naturally, Facebook doesn't give users this level of control over the words being put into their mouths.
On the other hand, consider an alternative example where a website both publishes UGC on its site and then syndicates the content to third party sites. It's my position that the website gets 230 for both acts of publication, even if the user never expressly green-lighted the syndication (so long as the user-to-website license permitted the syndication). See, e.g., Prickett v. infoUSA. Based on Judge Koh's explication, I'm not exactly sure why Facebook crossed the 230 line while some of these other situations probably don't.
Facebook responded that its activities didn't make it a content provider but just represented traditional editorial functions. The court rejects the argument, citing this allegation:
Plaintiffs allege not only that Facebook rearranged text and images provided by members, but moreover that by grouping such content in a particular way with third-party logos, Facebook transformed the character of Plaintiffs’ words, photographs, and actions into a commercial endorsement to which they did not consent.
In the context of this case, I see her point. Sadly, the opinion's wording will give false hope to a slew of plaintiffs who will argue that the website's presentation of third party content constituted some type of unauthorized endorsement. It will take a few cases to burst the plaintiffs' bubbles about a new exception to 230.
The Statutory Publicity Rights Claim (CA Civil Code 3344)
Facebook took a few cracks at the claim, all of which were unsuccessful:
Newsworthiness. The publicity rights statute does not restrict using someone's personality "in connection with any news." This is a backdoor First Amendment defense, as what constitutes news tracks First Amendment jurisprudence on "matters of public interest." This defense seemed like a hail-mary for Facebook--a user "liking" a page is clearly "new" information to the marketplace, but it's not "news" in either the traditional or First Amendment sense. The court seems unimpressed, saying that even if a user "liking" a commercial product is news to that user's social network, using that information commercially drops out of the exception. I wasn't persuaded by the judge's distinction here, but then again Facebook's argument about what constituted "news" was obviously tendentious.
I was a little disappointed that Judge Koh sidestepped some interesting lurking issues about what is "news" in the modern environment, where all of us are publishers to our local communities and we as publishers can have significant clout in a small community. Some academic literature in the 1990s discussed these issues in the Internet context, but it might be worth revisiting as a paper topic. Judge Koh also sidestepped the intellectually interesting issue of whether opinions about marketplace goods are "newsworthy," something that I strongly believe to be the case in the context of anti-SLAPP laws.
Consent. Facebook argued that users consented to Sponsored Stories as part of its terms of use. The plaintiffs retorted that Sponsored Stories didn't exist when they signed up, so they couldn't have consented to it. The court says there's a factual dispute which prevents a motion to dismiss.
Injury. Facebook argued that non-celebrities have to show economic injury as part of their 3344 prima facie case. The court rejects this distinction, saying "[i]n a society dominated by reality television shows, YouTube, Twitter, and online social networking sites, the distinction between a “celebrity” and a “non-celebrity” seems to be an increasingly arbitrary one." Furthermore, the plaintiffs did allege injury by showing that their endorsements were valuable to Facebook, which helps distinguish this case from the Cohen "Friend Finder" precedent. I liked this quote:
While traditionally, advertisers had little incentive to exploit a non-celebrity’s likeness because such endorsement would carry little weight in the economy at large, Plaintiffs’ allegations suggest that advertisers’ ability to conduct targeted marketing has now made friend endorsements “a valuable marketing tool,” just as celebrity endorsements have always been so considered.
For more on this point, see my Online Word of Mouth paper.
Unfair Competition Law (UCL)
Normally, we'd expect the UCL claim to be tossed because the plaintiffs can't make the required showing that they lost "money or property." Numerous Internet privacy cases have reached that conclusion. Judge Koh makes the same intellectual move she did with Article III standing, saying that publicity rights are different than other privacy torts. She says: "[t]o the extent Plaintiffs allege they can prove that their endorsement of commercial products to their Facebook Friends has concrete, quantifiable value for which they are entitled to compensation, the Court finds that Plaintiffs have properly alleged loss of money or property for purposes of establishing standing under the UCL." I wonder if plaintiffs can make that showing because there's no existing market for consumer-to-consumer endorsements, but it's enough to survive the motion to dismiss. In particular, she says California's statutory damages for publicity rights violations aren't enough to demonstrate the value of the endorsements.
Judge Koh also concludes that plaintiffs properly alleged that Facebook's activities were unlawful, unfair and fraudulent (in the latter case, because Facebook allegedly overclaimed users' abilities to opt-out of Sponsored Stories).
Unjust Enrichment
Recent caselaw makes it even clearer that there's no separate cause of action for unjust enrichment; instead, it's just a synonym for restitution. As a result, the court tosses this claim.
Conclusion
This is not a good ruling for Facebook, but I can't really feel too sorry for it. Facebook has been playing fast-and-loose with the law in many different contexts (see, e.g., its FTC bust), and Sponsored Stories is no different. Before rolling it out, Facebook surely knew that the Sponsored Stories offering was on murky legal ground. It can't be surprised that it didn't get an easy dismissal.
Even so, if it gets that far, Facebook may yet win this case. Judge Koh has made it clear that she's a tough customer, but Facebook has plenty of power to its remaining arguments. Nevertheless, I'm reasonably confident it won't get that far. Given the importance of maximizing ad revenues and its desire to clean up legal issues in advance of an IPO, it seems more likely that Facebook will cut a deal with plaintiffs' counsel. I imagine Facebook might try to do a settlement like the Facebook Beacon settlement that results in minimal restrictive covenants, a chunk of money into the lawyers' hands, and a chunk of money that doesn't get into users' hands but instead goes into something like Facebook's privacy foundation.
UPDATE: Facebook is blazing ahead with its Sponsored Stories offering, moving the Sponsored Stories module into the newsfeed instead of on the side. (And with almost-invisible disclosure that it's an ad). Surely this means Facebook plans to win this lawsuit or to settle up. I'm voting the latter.
Posted by Eric at 09:10 AM | Licensing/Contracts , Marketing , Publicity/Privacy Rights | TrackBack
November 21, 2011
Can A Copyright Be Assigned By Email?--Hermosilla v. Coca-Cola
By John Ottaviani with comments from Venkat and Eric
Vergara Hermosilla v. The Coca Cola Company, No. 11-11317 (11th Cir. Nov. 3, 2011).
Can a copyright be assigned by an exchange of emails? Section 204(a) of the Copyright Act provides that a transfer of copyright ownership is not valid unless an instrument of conveyance, or a note or memorandum of the transfer, is in writing and signed by the owner of the rights conveyed or by such owner’s duly authorized agent. The 11th Circuit has recently affirmed a lower court’s decision that an exchange of emails was sufficient to constitute a contract to assign a copyright. The court’s decision, however, does not seem to adequately address whether the email exchange satisfies the “writing” requirement in Section 204.
Background
The dispute arises out of Coca Cola’s worldwide marketing campaign for the 2010 FIFA World Cup soccer tournament. As part of its advertising campaign, Coca Cola enlisted recording artist K’Naan to create a new version of his song “Wavin’ Flag,” and called the new version the “Celebration Mix.” Coca Cola had certain lyrics in the “Celebration Mix” adapted and sung in different languages by local artists and K’Naan. In 2009, Coca Cola contacted Jose Puig, a representative of Universal Music Latin America, to produce a Spanish version of the Celebration Mix. The Spanish lyrics were to be sung by David Bisbal, a Spanish language singer. Puig was referred to the plaintiff, Rafael Vergara Hermosilla, in November 2009. Vergara adapted the Celebration Mix into Spanish, and subsequently delivered the Spanish lyrics to Puig in December 2009. A dispute later arose over Vergara’s compensation for the adaptation.
Puig and Vergara negotiated a settlement. After a phone conversation about the terms of the deal, Vergara wrote this email:
[B]ecause I am a man of my word and honor, that is not moved by economic motives, my only request is the my credits are respected as producer and adapter of the Spanish version (that every time the name of any composer of this version appears, my name appears as adapter), and obviously, the credits for the production that are detailed in the invoice sent for this production, which I have detailed below.
For the adaption, you may consider it a work for hire with no economic compensation to that respect. I believe what’s legal is a dollar.
I hope this leaves clear what my work was and what my good intentions were from the beginning.
The next day, Puig responded by email to Vergara to the effect that “You can count on the credits on the track. I am resending you the contract.”
Puig subsequently sent draft contracts confirming the assignment, but inadvertently omitted the provisions that would give Vergara the credits. So Vergara rejected what he characterized as his “proposal” and filed a lawsuit in the Southern District of Florida to enjoin Coca Cola from using the Spanish version of the Celebration Mix without giving him proper credit.
After initially enjoining Coca Cola in May 2010 from disseminating the Spanish version of the Celebration Mix without giving credit to Vergara as the adapter, in February 2011 the District Court granted a summary judgment in favor of Coca Cola. The district court found that the e-mail exchange constituted an assignment by Vergara of his copyright in the adapted lyrics. The court characterized the exchange of emails as an offer and acceptance, “and at that moment the deal was made irrevocable.” The court determined that Puig’s sending of formal contracts that did not reflect all of the terms of the earlier emails was not a “counteroffer which is labeled as an acceptance, but adds new terms” (which typically is not binding under Restatement (Second) of Contracts §59), but was an offer to modify an existing contract. Although Vergara rejected this offer, the court found that this did not impact the initial agreement to assign the copyright.
In a brief aside, the district court also recognized that Section 204 of the Copyright Act requires a signed writing for a conveyance. However, the district court simply noted without discussion that “Courts have found emails to constitute signed writings.” (citing Lemel v. Mattel, Inc., 394 F.3rd 1355 (Fed. Cir. 2005) and the federal E-Sign Act).
11th Circuit Decision
The 11th Circuit opinion is relatively short and to the point. After reciting the facts, the 11th Circuit found that, under Florida law, “the record established without dispute that Vergara assigned his copyright interests to Universal.” The court used a traditional contract analysis to characterize Vergara’s e-mail as an offer and Puig’s e-mail as an unconditional acceptance, which together were effective to create a contract.
Discussion
Unfortunately, while the 11th Circuit found that the e-mail exchange constituted a binding contract under Florida law, the court did not address whether the e-mail exchange constituted a “writing” for purposes of Section 204 of the Copyright Act. Prior to the adoption of the E-Sign law, courts differed as to whether an e-mail exchange would satisfy the writing requirements of Section 204. Section 7001(a)(2) of the federal E-Sign Act, which was enacted in 2000, provides in relevant part that “a contract relating to [a transaction in or affecting interstate or foreign commerce] may not be denied legal effect, validly or enforceable solely because an electronic signature or an electronic record was used in its formation.”
Few courts have addressed what consitutes a "writing" for purposes of E-Sign. Earlier this year, the Arkansas Supreme Court found that a waiver of coverage in an online insurance application constitutes a "writing" for purposes of the Arkansas insurance law requirng such waivers to be in writing. In 2010, the federal district court in Colorado found that an e-mail summary of a settlement meeting could consitute a "writing" for purposes of the Colorado Statute of Frauds, but that the summary could not be enforced as a contract because it was written by an administrative assistant and was not "subscribed by the party to be charged."
But does E-Sign apply to transactions involving transfers of copyrights? Professor Nimmer notes that “[n]othing about the ESIGN Act overtly mentions copyrights in particular or other federal enactments in general.” He further notes that E-Sign does purport to apply “to any transaction in or affecting interstate or foreign commerce,” with some exceptions. It remains to be seem, then whether courts will treat e-mail as having sufficient formalities to satisfy the writing requirement in Section 204 of the Copyright Act.
The 11th Circuit decision also ignored the fact that Vergara’s email characterized the adaptation as a “work made for hire.” Would the decision have come out any differently if analyzed under the “work made for hire” provisions? Probably not. Under Section 101 of the Copyright Act, certain works qualify as a work made for hire if “the parties expressly agree in a written instrument signed by them that the work shall be considered a work made for hire.” The court did not discuss the question whether the adaptation qualified as one of these specially ordered works (at best it might be viewed as a part of an audio visual work, or as a translation, but probably not). Even if the adaptation did qualify as a work that could potentially be a “work made for hire,” does the exchange of emails constitute “a written instrument signed by them?” I find it harder to classify the exchange of e-mails as an “instrument’ within the meaning of the work made for hire definition. This may be why the 11th Circuit decided the issue on contract grounds, but it would have been nice to have some analysis of this issue.
_________
Comment from Venkat:
This is a great post by John that delves into the interplay between the federal ESIGN Act and the Copyright Act. I wonder whether an email disclaimer would have affected the analysis. There’s been a lot written on the efficacy and the desirability of email disclaimers in other contexts, but I wonder if an email disclaimer that said
Nothing in this email is intended as an offer and the author disclaims any intention to make an offer or create an enforceable agreement through any email messages. Any agreement with the author of this email must be in a signed paper document!
would have protected Hermosilla? I’m guessing the court would have said that Hermosilla’s unequivocal intent to reach an agreement trumped anything in an email disclaimer. It may not have been useful here, but it would be useful in other contexts, such as where people exchange email messages in an attempt to settle a dispute and one party tries to use an email along the way to say that the parties reached a settlement and tries to enforce a settlement on this basis. I’m not a fan of email disclaimers, but this type of a disclaimer may be worth exploring.
_________
Eric's comments.
To me, the legal doctrine in this case seems pretty straightforward. If the parties formed a contract or did a proper contract amendment, the fact that the contract was made via email should satisfy the Section 204 "writing" requirement per E-SIGN/UETA. After all, Section 204 is a statute of fraud, and E-SIGN/UETA were designed to say that emails satisfy the statute of frauds. See, e.g., the many real estate cases reaching this result and John E. Theuman, Satisfaction of Statute of Frauds by E-Mail, 110 A.L.R.5th 27 (2003). I don't see any reason why copyright law would be handled differently under E-SIGN or UETA. My analysis is the same for the "work for hire" statute of fraud.
For me, the harder part is whether the email exchange properly formed a contract/contract amendment and, if it did, if Coca-Cola (or its assignor) violated one of the contractual conditions such that their failure to perform negated the contract. If this situation didn't have a whiff of the content creator changing his mind with venal intent, I think other courts might have been more sympathetic on that point.
Posted by John Ottaviani at 08:50 AM | Copyright , E-Commerce , Licensing/Contracts | TrackBack
November 10, 2011
Courts Says Employer's Lawsuit Against Ex-Employee Over Retention and Use of Twitter Account can Proceed--PhoneDog v. Kravitz
[Post by Venkat Balasubramani]
PhoneDog v. Kravitz, 2011 WL 5415612 (N.D. Ca.; Nov. 8, 2011)
Another day, another post-employment dispute over a social media account.
In this case, Noah Kravitz worked for PhoneDog, which is an "interactive mobile news and reviews web resource." Kravitz worked as a reviewer and video blogger. He used the "@PhoneDog_Noah" twitter account, and it amassed approximately seventeen thousand followers. When he left, PhoneDog asked for the account "back" but he demurred, instead changing the account handle from @PhoneDog_Noah to "@noahkravitz". PhoneDog sued, asserting claims for (1) misappropriation of trade secrets, (2) interference with economic advantage; and (3) conversion.
Trade secret claim: Kravitz argued that there was no "trade secret" information, because the followers of the account are not secret and are publicly discernable. The passwords he argued merely allow an individual logging on to the account to view the publicly known follower information. He also argued that PhoneDog did not adequately safeguard the password information and treat is a trade secret. The court punts on the issue and says:
PhoneDog has sufficiently described the subject matter of the trade secret with sufficient particularity and has alleged that, despite its demand that Mr. Kravitz relinquish use of the password and Account, he has refused to do so. At this stage, these allegations are sufficient to state a claim. Further, to the extent that Mr. Kravitz has challenged whether the password and Account followers are trade secrets and whether Mr. Kravitz's conduct constitutes misappropriation requires consideration of evidence beyond the scope of the pleading.
Economic advantage claim: The court rejects the interference with economic advantage claim, saying that PhoneDog's allegations were muddled on this issue. It was unclear as to whether PhoneDog was saying Kravitz interfered with PhoneDog's relationship with account followers or with its subscribers or consumers more generally. The court also says PhoneDog failed to connect the dots with respect to any harm based on advertiser relationships, or even any economic harm generally. [I hope PhoneDog was not making a claim based on its vicarious relationship with followers of the @PhoneDog_Noah Twitter account--we all know how tenuous social media relationships are!]
Conversion: The court declines to dismiss the conversion claim, saying that PhoneDog alleged it had the right to possession over the account, and "the nature of that claim is at the core of this lawsuit and cannot be determined on the present record."
__
This is the scenario that many people speculated about when Rick Sanchez left CNN--would Sanchez get to keep his Twitter account? ("Who 'Owns' A Twitter Account: Employer Or Employee?") Sanchez ultimately kept the account and changed the name. (See: "Ex-CNN anchor Sanchez keeps his Twitter account, changes the name.") I don't think this decision does much to move the needle either way, as it punts on the bulk of the issues.
I end up somewhat skeptical on both of PhoneDog's remaining claims.
Was the password really a trade secret? Is an account's follower list a trade secret? Social media account information does not fit nicely within the trade secret box. "Customer lists" historically were a classic trade secret, but when customer lists are now published publicly and capable of being mined, does that concept go away? Even if the list were public, could anyone "download" the list? Could Noah have contacted the list any other way than through the account that he's supposed to turn over? What if Noah had posted a "goodbye" tweet saying "follow me at [new account name]"? With respect to the conversion issue, the court's analysis was disappointingly brief. It's interesting that, in this case, PhoneDog has its own Twitter account and this particular account was one set up specifically for Kravitz--it's not as if he took the company's one and only Twitter account. One other claim you often see discussed in this context is a trademark-based claim. Kravitz likely averted these by changing the name of the account, and presumably removing any PhoneDog branding elements.
The takeaway is to have a written agreement that governs this issue! I blogged about a case last month where a court resolved a social media/account ownership issue in favor of the employer, relying on a written agreement. ("Ex-Employee Converted Social Media/Website Passwords by Keeping Them From Her Employer--Ardis Health v. Nankivell.")
A somewhat interesting aspect of the dispute arose over the value of the Twitter account and followers, which was relevant to the issue of whether PhoneDog's claim for damages got over the $75,000 hurdle. (It had to satisfy the $75,000 jurisdictional threshold for diversity jurisdiction.) PhoneDog said it suffered $340,000 in damages. The account had 17,000 followers, "which according to industry standards, are each valued at $2.50." [I must admit that this caused an eyeroll.] PhoneDog said this translated into a monthly damage amount of $42,500 "for each month that [Kravitz] used the account." Kravitz on the other hand said that Twitter followers have discretion to subscribe or unsubscribe and therefore this valuation was suspect. He also argued that the value in any Twitter account "comes from . . . efforts in posting tweets and [an] individual's interest in following . . . not from the account itself." According to him, there's no evidence that an account even with a significant number of followers has any ongoing value. The court does not resolve this issue, instead finding that PhoneDog alleged enough to get over the $75,000 jurisdictional threshold. These arguments really made me wonder whether the parties were spending money on the dispute in excess of the assets they were fighting over. As in many business break ups, emotions tend to run high. This was surely a contributing factor. This case has mediation written all over it.
Related posts:
"Ex-Employee Converted Social Media/Website Passwords by Keeping Them From Her Employer--Ardis Health v. Nankivell."
Court Declines to Dismiss or Transfer Lawsuit Over @OMGFacts Twitter Account -- Deck v. Spartz, Inc.
Posted by Venkat at 07:13 AM | Licensing/Contracts , Trade Secrets , Trespass to Chattels
November 04, 2011
Stebbins' Lawsuit Against Google Dismissed as "Frivolous"--Stebbins v. Google
By Eric Goldman
Stebbins v. Google, Inc., 2011 WL 5150879 (N.D. Cal. Oct. 27, 2011). Stebbins' motion to confirm arbitration award (the equivalent of his complaint in this case).
Arkansas resident David Stebbins appears to be cranking up a one-man pro se/pro per litigation machine based on mockably tendentious legal arguments and outrageous damages claims ($500B in this and other cases). Last Spring, I blogged about his unsuccessful lawsuit against Walmart, which tried some too-clever legal arguments that ended up failing resoundingly.
In a separate set of actions, Stebbins sued Microsoft and Google based on an almost-too-bizarre-to-explain legal theory. It goes something like this: YouTube's contract allows unilateral modification (which, crucially, only lets YouTube unilaterally modify the contract, a point Stebbins didn't internalize), so Stebbins emailed a modification of the contract terms to YouTube that included an arbitration clause and an "I automatically win the arbitration if you don't respond" clause. He then disputed YouTube's handling of his account, sent them a proposal to arbitrate the dispute for $500B, and declared himself the arbitration winner (without an actual arbitration) when YouTube didn't respond in time. He then filed a federal claim to enforce the arbitration judgment even though there wasn't a judgment since there was no arbitration proceeding.
The magistrate judge recommended dismissing the claim as frivolous, but Stebbins didn't consent to proceeding before a magistrate. So the case goes to Judge Koh and, in a straight-laced opinion, she reaches the same result. She says:
there was no actual arbitration. That is to say, no arbitrator or arbitration panel actually awarded a judgment. Thus, there has been no arbitration proceeding and no award "made pursuant to [an] arbitration."
The court goes on to label Stebbins' filings "frivolous," "indisputably meritless" and "clearly baseless," concluding:
Plaintiff's claim is based on an indisputably meritless legal theory. Additionally...[i]t is fundamentally contradictory for Plaintiff to assert the existence of an arbitration award on the basis of a contract clause that states that no arbitration proceeding is to take place, and no award need be entered.
As I've suggested before, tendentious online contract formation claims do not fare well in courts. Even if the plaintiff can stitch together a theory of contract formation, judges quickly cut through any hyper-formalism to reach sensible results. If your contract formation theory depends on overly formalistic interpretations of contract law, don't be surprised if it will fail in court.
Posted by Eric at 12:45 PM | Licensing/Contracts , Search Engines | TrackBack
November 02, 2011
Yahoo Partially Defeats Lawsuit Over Wrongful Account Termination--Buza v. Yahoo
By Eric Goldman
Buza v. Yahoo, Inc., 2011 WL 5041174 (N.D. Cal. Oct. 24, 2011). The complaint.
Buza claims Yahoo terminated two GeoCities accounts related to his advocacy efforts. Buza is proceeding pro se, which is typical for user lawsuits over wrongful account termination. He sued Yahoo in state court. Yahoo tried to remove to federal court. In this ruling, Judge Seeborg dismisses the federal claims and sends the others back to state court. I'm sure Yahoo wished Judge Seeborg had cleaned out the case entirely, but I bet Yahoo will get there soon enough.
Buza claimed that Yahoo violated his First Amendment rights. As I explain in my article on wrongful account termination, plaintiffs often invoke the Constitution to get around any statutory immunities, but Constitutional claims routinely go nowhere. It's 100% clear that privately owned online service providers like Yahoo aren't state actors and therefore aren't restricted by the Constitution. The court says:
Buza's response that Yahoo!'s services should be seen as a "public forum" in which the guarantees of the First Amendment apply is not tenable under federal law. As a private actor, Yahoo! has every right to control the content of material on its servers, and appearing on websites that it hosts.
Similar recent cases in this vein include Young v. Facebook, Estavillo v. Sony and Jayne v. Google Founders.
Buza also brought an ECPA/SCA (18 USC 2701) claim for unlawful access to stored communications. The court dismisses because the restrictions don't apply to the service provider's access of those communications.
Having disposed of the federal claims, Judge Seeborg sends the case back to state court to deal with the remaining claims, which include a violation of California's state constitution, "intellectual property," trespass to chattels and breach of contract. The judge expresses some skepticism about some of these claims, but having decided he could quickly clean his docket of the case, he doesn't go any further than necessary to send the case back to state court.
My understanding is that Yahoo didn't raise a 47 USC 230(c)(2) defense, the federal immunity for service providers' filtering decisions. I explore this point in detail in ">my recent 230(c)(2) article. 230(c)(2) can't trump federal constitutional claims, but it should (?) trump state constitutional claims. 230(c)(2) doesn't apply to IP claims per a statutory exclusion, but the Ninth Circuit in Perfect 10 v. ccBill said that 230 trumps state IP claims (the judge says no federal IPs are at issue). The immunity likely trumps the trespass to chattels claim, although I don't recall seeing that issue tested before. And I explain in my article, 230(c)(2) could very well trump the contract breach claim. (This judge could have also disposed of the contract claim based on express terms giving Yahoo the power to pull the plug on websites, but the state court judge will have do that).
Because the immunity is a federal statute, it would have been appropriate for the federal court to interpret its application to the state claims before remanding. This discussion suggests that had the immunity been raised, Judge Seeborg might have completely ended the case on 230(c)(2) grounds without sending anything back to state court.
Posted by Eric at 09:33 AM | Derivative Liability , Licensing/Contracts , Privacy/Security , Trespass to Chattels | TrackBack
October 19, 2011
Court Rejects Copyright Misuse Defense Against Apple and Affirms License Restrictions in OS X License Agreement -- Apple v. Psystar
[Post by Venkat Balasubramani]
Apple Inc. v. Psystar Corp., 10-15113 (9th Cir. Sept. 28, 2011) [pdf]
This is a dispute over whether Apple can enforce a restriction in its software license agreements which requires end users to run the Mac OS only on Apple computers. Short answer: yes.
Psystar sold "Open Computers," which were originally called "OpenMacs," and intended as cheaper alternatives for Apple computers. In order to allow these machines to run the Mac OS, Psystar "purchased" (licensed) a copy of the Mac OS X, installed this copy on a Mac computer, downloaded various updates, then made a copy of the software and transferred it to a non-Apple computer. Psystar then "added its own bootloader and kernel extensions to the software" on the non-Apple computer and this copy became the "master image." Psystar shipped "Open Computers" with a copy of the "master image" installed, but it also shipped an unopened copy of the Mac OS X which Psystar had purchased from a third party vendor.
Apple sued, alleging breach of contract, direct and contributory copyright infringement, trademark and trade dress infringement, and unfair competition claims. It also added a DMCA claim to the mix. Psystar counterclaimed, alleging copyright misuse. The district court found Psystar infringed and entered an injunction against it. Psystar asserted an antitrust counterclaim, but that claim was dismissed and Psystar didn't appeal that dismissal. Psystar also did not appeal the copyright infringement ruling.
Psystar argued that the language in the SLA which barred the use of OS X on non-Apple computers "impermissibly extend[ed] the reach of Apple's copyright."
The court starts by noting that the sale versus license distinction (most recently affirmed by the court last year in Vernor v. Autodesk) is "well established." According to the court, this distinction "has caused the use of software licensing agreements to flourish and become the preferred form of software transactions." Psystar argued that Apple sold, rather than licensed, its software to Psystar, but the court spends less than a page explaining that Apple makes its copies of OS X available as a license and not a sale.
The court focuses on the misuse defense. Copyright misuse is an affirmative defense to a claim for copyright infringement, and it was borrowed by courts from patent law. While the Ninth Circuit has recognized the misuse doctrine, it notes that it has been applied "sparingly." The purpose of the defense is to "prevent . . . holders of copyright from leveraging their limited monopoly to allow them control of areas outside the monopoly." The court says it upheld the defense in only one case and there the licensor prevented the licensee from using any other competing product. In another case (Triad Systems v. Southeastern Exp.), misuse was asserted as a defense against a claim of infringement against a service provider who made copies in the course of performing maintenance on the software. The court rejected the misuse defense and held that the service provider infringed when it made copies in the course of performing maintenance. Although a key part of Triad had been legislatively overruled by an amendment to section 117(c), the Ninth Circuit in this case reaffirmed Triad's holding that a license restriction only constitutes misuse when it expressly limits use with a competing product.
Psystar looked to a Fifth Circuit misuse case (Alcatel USA v. DGI Technologies) where the license agreement allowed for use of the software "only in conjunction with [licensor]-manufactured hardware." The court distinguishes Alcatel on the basis that, unlike the licensing agreement there, the OS X license agreement only restricted the use of Apple's software to its computers--third parties were free to develop operating systems for use on Apple computers.
__
This is a big win for Apple and one that, as Evan notes, "solidifies Apple’s approach to enforcing a controlled, closed ecosystem for the distribution of software used for Macs and iDevices."
It's a win for software companies as well as it provides a resounding endorsement of Vernor. I keep wondering how Vernor v. Autodesk is going to play out. The court here does not spend much time debating the license versus sale issue, notwithstanding the fact that the software here was licensed to a less sophisticated consumer than in Vernor and there was no mention of possession, which was central in Vernor. In fact, there have been a few district court cases addressing the license versus sale issue post-Vernor, but in none of the cases did courts spend much time debating the issue of whether the transaction was a sale or license. Psystar appears to confirm that Vernor effectively shut the door on the use of the first sale doctrine in the software context (once the shrink-wrap comes off).
The case is also a significant limitation of the copyright misuse defense. This defense rarely gets play anyway, but the court's reading of it is narrow. The court notes that in order to constitute misuse, a limitation in a license agreement must "restrict [a] competitor's ability to develop [competing] software." In the Fifth Circuit case, Alcatel similarly argued that it only mattered whether there was an express limitation, but the Fifth Circuit rejected that argument, finding it key that the competitor "was effectively prevented from developing its product" because it did not have the freedom to test its systems with Alcatel's software. Alcatel did not look only to the express terms of the licensing agreement, but that's what the court does in this case. There's no discussion in this case of whether the limitations in the license agreement effectively limit the development of an alternative operating system.
There was also zero discussion of the effect of Apple's copy control mechanisms. Although the district court concluded that Psystar's use of "decryption software to obtain access to [the] operating system violated the DMCA," there's really no mention of this issue in the Ninth Circuit opinion.
I'm not sure what to make of the fact that Psystar did not appeal the copyright infringement ruling. I wonder if Psystar was thinking about making an argument that Psystar clients bought a copy of the OS X, so the shipment of the pre-installed version of the OS X was not an infringing distribution because it was merely an archival or back-up copy that the purchaser could have made him or herself. The fact that the transaction is deemed a license and not a sale put the kibosh on this argument. (See the MDY v. Blizzard case where the court held that section 117 was not available to licensees: "Ninth Circuit's Mixed Opinion in Glider/WoW Bot Case".) I don't think Psystar had a clean argument under section 117 anyway, given that the language of this section only applies to "exact copies," and the two versions of the OS X differed slightly.
I wonder if the result would have been different if Psystar merely distributed the pre-packaged version of the OS X and separately distributed the software components which the end user could use to install and run the OS X on whatever machine they desired? The limitation in the license agreement was fairly broad, and I wonder if the italicized portion could have more effectively supported a misuse argument:
This License allows you to install, use and run one (1) copy of the Apple Software on a single-Apple-labeled computer at a time. You agree not to install, use or run the Apple Software on any non-Apple labeled computer, or to enable others to do so.
Other coverage:
Evan Brown: Ninth Circuit: Apple did not engage in copyright misuse by restricting OS X to Apple hardware
Ars Technica: Appeals court: Apple can continue to restrict OS X to Mac hardware
Topically related posts:
Ninth Circuit's Mixed Opinion in Glider/WoW Bot Case -- MDY Industries v. Blizzard
Software Vendor Trumps First Sale Doctrine via License--Vernor v. Autodesk
Posted by Venkat at 09:08 AM | Copyright , Licensing/Contracts
October 18, 2011
Lawsuit Against Google Over Invalid Clicks and Special Partner Advertising Dismissed -- Woods v. Google
[Post by Venkat Balasubramani with comments from Eric]
Woods v. Google, 5:10-cv-1263-JF (N.D. Cal.; Aug 10, 2011)
This is an advertiser vs. Google lawsuit where the plaintiff argued on behalf of a putative class that (1) he was improperly charged by Google for "invalid clicks," (2) he did not receive a "smart pricing" discount that Google allegedly promised to all of its advertisers, and (3) Google entered into deals with "special partners" allowing the special partners "to place advertisements in ways that are prohibited to other . . . publishers." Here is Eric's recap of the complaint: "Another Advertiser Class Action Lawsuit Filed Against Google--Woods v. Google."
Invalid clicks: The crux of the "invalid clicks" claim was that generally applicable Google policies, FAQs, and explanations, state that invalid clicks are prohibited, and advertisers would not be charged for invalid clicks. Woods argued that these policy statements were incorporated into the contract. According to the court, there are several problems with this argument. First, the agreement in place states that the advertiser's sole remedy is to seek a refund, and in order to do so, the advertiser must raise the issue within 60 days. Woods did not allege that he did either of these.
Second, whether a click is "invalid" is (according to the documentation cited by plaintiff) something that Google will determine (those clicks "that [Google] suspects may constitute click fraud"). According to the court, this means that Google was vested with discretion in determining whether a click was invalid, and there was no allegation in the complaint that Google "acted beyond its discretion" in administering this policy.
The final overarching problem with Woods's claim with respect to invalid clicks is that Woods cited to documentation outside the agreement and argued that statements made in the documentation was incorporated (as contractual terms) into the agreement. The court walks through the placement of the various statements and concludes that Google's "policy statements" regarding invalid clicks is not incorporated into the AdWords agreement. The AdWords agreement contained a statement that the "program" was "subject to all applicable Google and Partner policies, including without limitation, the Editorial Guidelines, Google Privacy Policy, and Trademark Guidelines, and Google and Partner ad specification requirements." Notwithstanding this "clear and unequivocal" statement of intent to incorporate "all applicable Google policies," the court declines to find that the policies are incorporated into the agreement because the "invalid clicks policy" which plaintiff pointed to was not "known or easily available to the contracting parties."
Special Partner sweetheart deals: Woods alleged that Google allowed its special partners to generate clicks in a way that its regular customers were not allowed to, but the court does not give this argument much credence.
"Smart Pricing" discount: Woods made a similar argument with respect to the smart pricing discount, arguing that language in the "Adwords Help Center" indicated that Google "promised to apply its Smart Pricing discount to all advertisements generated from its Adsense publishers." He did not argue that the help center language was expressly incorporated. He pointed to sections in the agreement which stated that the program was subject to "all Google policies," and a statement in the agreement that payment was to be made by advertisers "in accordance with the payment terms in the . . . Program FAQ." The court accepts Google's argument that the reference to the "Program FAQ" in the agreement was intended to only incorporate terms relating to payment options and not any terms which relate to how Google calculates the charges. The court also holds that even if the Adwords Help Center language is deemed to be incorporated into the agreement, the complaint is value about what Google's obligations were exactly to apply the smart pricing discount to all advertisements.
Breach of the duty of good faith: The court acknowledges that Woods can bring an action for the breach of the duty of good faith "irrespective of whether [Google] breached its contractual obligations directly." Notwithstanding, the court notes that Woods failed to allege that "Google deprived Woods of a benefit to which he was entitled under the Agreement." The court says that Google is vested with "wide latitude" in administering its Adwords program, but at the same time, this discretion is not unlimited: Google must carry out its responsibilities in good faith. Woods's vague allegations of a conspiracy between Google and its Special Partners are insufficient in the court's view to suggest bad faith.
Unfair competition, false advertising, and fraudulent business practices claims: Finally, the court also pokes holes in the legal elements of Woods's unfair competition and false advertising claims. It states that unless Woods can show that he had a legal right to the smart pricing discounts and to not be charged for invalid clicks (so-called "Banned Ad Implementations") he can't show any cognizable injury. The fraud claims do not satisfy Rule 9(b)'s particularity requirement.
Finally, the court questions whether Woods has standing to bring misrepresentation claims. The Adwords Agreement expressly indicates that the contracting parties have not relied on any outside statements or promises in entering into the agreement. Woods argues that UCL liability may exist where a party to a contract makes "contradictory or misleading representations in order to obfuscate or obscure the actual terms of the contract." The court rejects this argument:
the issue is whether 'a reasonable jury could find' that Woods was reasonable in relying upon the extraneous statements notwithstanding an unambiguous disclaimer . . . [i]n light of Woods's sophistication as an attorney and the complaint's lack of particularity with respect to the statements that were alleged to have induced his reliance, the Court concludes that Woods has not alleged facts sufficient to support such a claim.
__
It's disheartening to see lawyer-plaintiffs get no love in the courts!
Seriously, Google nicely dodged a bullet here. As online agreements have become "longer and more byzantine," and often cross reference other terms and policies, the possibilities of online agreement circuits getting crossed increases. (We recently saw GoDaddy be deprived of an easy contractual defense due to a cross-reference gaffe: "GoDaddy Mis-Manages Its User Agreements.") While the court rejects Woods's claims on the merits, it also made clear that the various policies and FAQs referenced in Google's agreement were not incorporated and made a part of the contract terms.
There is some tension inherent in Google saying that it is the sole arbiter of what constitutes a valid click. I sense an illusory contract term lurking in the background here. What is an "invalid click"? The court ends up saying that it's whatever Google says it is. The court does pay lip service to the fact that Google's discretion is not unbounded in this regard, but you don't get the sense that Woods will be able to allege any sort of bad faith sufficient to get the court's attention here.
Woods made a valiant effort to argue that whatever the metric was for determining an invalid click, Google did not apply it equally across the board, but the court gives this argument little or no credence. This was one of the more intriguing aspects of Woods' claims, but the court expresses serious reluctance to allow Woods' claims to move forward and allow Woods discovery into Google's business practices in this area. (This would have been a big hassle for Google and I'm sure it's breathing a sigh of relief for not having to respond to Woods' discovery.)
The court gives Woods leave to amend. Let's see if his amended complaint adds any clarity to the allegations.
[This case languished in the blogging queue. In the time between when it was added to the "to blog" list and I actually wrote this blog post, Woods already filed an amended complaint and Google filed a motion to dismiss. You can access those documents here (amended complaint) and here (motion to dismiss).]
__________
Eric's Comments:
I can't believe people are still suing Google for click fraud, especially after Google buttoned up its legal agreements to prevent further click fraud suits. Then again, Judge Fogel recently let a click fraud lawsuit against Facebook keep going when he probably shouldn't have. This one won't get that far. [However, Judge Fogel is giving up his docket for an administrative appointment in DC, so perhaps the successor judge who inherits this case will be more receptive.]
I think the best part of this opinion is when Judge Fogel rejects the plaintiffs' efforts to cut-and-paste various statements from Google's support materials to manufacture a purported contract breach. The plaintiffs worked really hard to find contrary statements from Google's website as an end-run around the contract's plain language (plain, in the sense that it says plaintiffs should lose). Judge Fogel has none of it:
The complaint refers to more than a dozen pages in both the AdWords Help Center and AdSense Help Center that allegedly identify Google’s obligations under the invalid clicks policy, including a video clip and an expert report from another lawsuit, both of which are linked to the AdWords Help Center.(See Compl. ¶¶ 77-93.) The fact that statements about invalid clicks are spread across a variety of pages in a variety of formats make it difficult to identify the terms of any actual and unambiguous contractual obligations. This stands in sharp contrast to other Google policies,which include clear terms.
I think it's become de rigeur in the plaintiff community to slice-and-dice every public statement a company has ever made through its entire history, looking for anything that could be construed as false. But when the contract makes it really, really clear that Google isn't on the hook for click fraud, it would take a really strong and prominent contrary statement to trump it. The plaintiffs apparently fell far short of finding such a smoking gun, and the slicing-and-dicing just made them look silly. Note to plaintiffs: if you have to work that hard to find snippets that purportedly trump the plain language of a contract, you're probably overthinking things. My recommendation is to let such complaints go, although I know you won't heed that advice.
I do agree with Venkat that websites should try to consolidate their sprawling expanse of legal T&Cs documents. As the number of these documents grows, the odds grow exponentially that at least one of the linkages will fail. I bet Google would benefit from putting its legal T&Cs on a strict diet and chopping the number of words in half (or more). This would streamline the documents and perhaps make it easier to consolidate documents.
Venkat also notes that the named plaintiff, Woods, is an attorney. I used to keep a running count of all of the lawyer-as-plaintiff lawsuits against Google. For reasons I've never understood, Google's run-ins with lawyers-as-plaintiffs seem disproportionately frequent. (Please email me if you have any hypotheses). And, even more embarrassing for the legal profession, the lawyer-as-plaintiff cases seems to fare especially poorly against Google, usually getting soundly thumped.
Posted by Venkat at 09:09 AM | Licensing/Contracts , Marketing , Search Engines
October 15, 2011
Q3 2011 Quick Links, Part 5
By Eric Goldman
See the other quick links posts in this series:
* Q3 2011 Quick Links, Part 4
* Q3 2011 Quick Links, Part 3
* Q3 2011 Quick Links, Part 2 (Trademarks/Domain Names Edition)
* Q3 2011 Quick Links, Part 1 (Copyright Edition)
Trade Secrets
* Congressional proposal to add a private cause of action to the federal Economic Espionage Act. David Almeling supports the general idea. My take from an email list:
I don't understand the incremental value of a federal private cause of action beyond the current state laws for the described situations. I also wonder if this is the beginning of the end for federal deference to state regulation of trade secrets. If the amendment get adopted, it would be entirely logical to see the restrictions relaxed over time to make it into a general-purpose private right of action for any trade secret misappropriation. For an analogous regulation, see the significant expansion of the CFAA over the past quarter-century, and especially the growing number of cases involving CFAA violations because former employees continued to access their former employees' hardware (and, presumably, misappropriate trade secrets).
* Mattel's lawsuit against MGA over the Bratz dolls has gone sour for Mattel in a big way. It was hit with another $225M in damages, bringing the amount it owes MGA to $310M. Oops.
* Probation for two individuals in the first lost iPhone prosecution, but no charges against Gizmodo. Yet, somehow, Apple apparently lost yet another "priceless" iPhone prototype at a bar.
Patents
* Bessen et al, The Private and Social Costs of Patent Trolls:
In the past, non-practicing entities (NPEs) — firms that license patents without producing goods — have facilitated technology markets and increased rents for small inventors. Is this also true for today’s NPEs? Or are they “patent trolls” who opportunistically litigate over software patents with unpredictable boundaries? Using stock market event studies around patent lawsuit filings, we find that NPE lawsuits are associated with half a trillion dollars of lost wealth to defendants from 1990 through 2010, mostly from technology companies. Moreover, very little of this loss represents a transfer to small inventors. Instead, it implies reduced innovation incentives.
* Joe Mullin is blogging again on patent matters, especially NPE issues! From his blog, check out his co-blogger's post on Innovatio, which is sending licensing demands to hundreds of companies who are offering industry-standard wi-fi to consumers.
E-Commerce
* After tossing its CA affiliates aside like rag dolls, Amazon and CA struck a deal on sales taxes that reinstated its CA affiliates (1, 2).
* Businesses using Groupons may be getting lower Yelp reviews.
* Dan Ariely deconstructs online retailers and websites to show how they are using psychological forces to get us to do what they want.
* Earll v. eBay, 5:11-cv-00262-JF (N.D. Cal. Sept. 7, 2011). eBay could be exposed to claims under the Disabled Persons Act and the Unruh Act.
* Foley v. JetBlue Airways (N.D. Cal. Aug. 3, 2011). Federal aviation law preempts California law regarding disability accessibility to airline website.
* Weinstein v. eBay. StubHub wins an anti-scalping case under New York law.
* NYT: Good example of how a properly managed consumer review website can improve marketplaces.
Contracts
* David Stebbins is at it again. He sued Google to enforce his purported $500 billion arbitration win. The magistrate recommended dismissing the case as frivolous. Stebbins sued Microsoft too; see the long interview with him and a link to his video.
* Davis v. Avvo, 8:10-cv-02352-JDW-TBM (M.D. Fla. Sept. 13, 2011). Forum selection clause in Avvo’s user agreement upheld.
* Fusha v. Delta Airlines (D. Md. Aug. 30, 2011). Venue selection clause in check-the-box user agreement upheld.
* TradeComet.com LLC v. Google, Inc., 2011 WL 3100388 (2nd Cir. July 26, 2011): "a district court is not required to enforce a forum selection clause only by transferring a case pursuant to § 1404(a) when that clause specifies that suit may be brought in an alternative federal forum. Rather, in such circumstances, a defendant may seek to enforce a forum selection clause under Rule 12(b)."
A separate summary order upheld the applicability of Google's forum selection clause against TradeComet. The court says Google's clause doesn't overreach because "Google unquestionably holds a ‘special interest’ in making sure that it is not subject to suit in numerous different fora for claims arising from its agreements with over a million advertisers."
* Marso v. United Parcel Service, Inc., No. 09 CVS 2582 (N.C. App. Ct. Sept. 20, 2011). UPS required customers to go through a mandatory clickthrough agreement on computers in its store, but...
plaintiff asserts that defendant's employee entered the information into the computer, and that "[n]o one advised [plaintiff], orally or in writing, about any UPS Tariff, waybill, or service guide," or advised him that he could request a copy of the same….plaintiff suggests by his argument that he did not assent to the terms of service identified in the UPS Tariff, which would limit defendant's liability for the fraudulent cashier's check collected by defendant upon delivery of plaintiff's package to Mr. Thompson, and instead asserts that he formed an oral contract with defendant's employee which obligated defendant to be liable to plaintiff for $12,145.00 without limitation. Thus, there appears to be a genuine issue as to whether plaintiff assented to be bound by the limiting terms of the UPS Tariff, and whether defendant presented plaintiff with actual or constructive notice of the terms set forth by the UPS Tariff.
* Truong v. eBay, Inc., 2011 WL 3716999 (Cal. App. Ct. Aug. 24, 2011). This is a busted eBay Motors transaction where eBay warned the winning buyer not to complete the transaction and the seller sued for tortious interference with contract:
eBay raised the immunity provision of the federal Communications Decency Act (47 U.S.C. § 230). As appellant pointed out to the trial court, and as that court ruled, the pertinent provision of that statute makes the law applicable to an action taken by an internet service provider to restrict access to or availability of material that is obscene, harassing, “or otherwise objectionable.” The conduct alleged against eBay was not editing or policing content of items posted on its marketplace, but interfering with a contract. (See 47 U.S.C. § 230(c)(2)(A).) eBay does not urge this ground in its respondent’s brief.
* Added to my RSS feed: The Tech Contracts Blog by David Tollen.
Miscellaneous
* ABA Journal on electronic service of notice.
* James Grimmelmann's Internet Law casebook.
* On TWiL in late August, I discussed privacy and MP3Tunes with Denise Howell, Evan Brown and David Snead. The recording.
* Top 15 most popular "Damn You Auto Correct" postings of all time. Hilarious.
* Good news: I will receive the 2011 "IP Vanguard Award" (in the Academic/Public Policy category) from the California State Bar's IP Section.
Posted by Eric at 07:02 AM | E-Commerce , Licensing/Contracts , Patents , Trade Secrets | TrackBack
October 14, 2011
Court Disregards Check-the-Box Agreement and Doesn't Enforce Venue Clause -- Dunstan v. comScore
[Post by Venkat Balasubramani with additional comments from Eric]
Dunstan v. comScore, Inc., 11-cv-05807 (N.D. Ill. Oct. 7, 2011)
Plaintiffs sued comScore, alleging that comScore improperly obtained and misused plaintiff's personal information, after plaintiffs downloaded and used comScore's software. comScore sought to have the lawsuit transferred to Virginia, which was the forum specified in a forum-selection clause in the software terms of use/EULA. The court denies comScore's motion.
A comScore Vice President testified that "before a user can install comScore software," a customer must "click the box acknowledging" that the customer read and agreed to the terms. Plaintiffs, on the other hand, alleged that the forum-selection clause was not "apparent" when they downloaded the software. They also alleged that the terms of service were "obscured" during the installation process. From the court's order, it seems like plaintiffs did not deny that they checked the box. The court resolves the apparent factual dispute as follows:
the court declines to infer that clicking a box acknowledging that a user has read an agreement indicates that the agreement was reasonably available to the user, particularly when the plaintiffs have alleged that the hyperlink to the agreement was obscured.
Whoa. Let's take another look at this sentence. The court is saying that just because a user checked a box acknowledging the user had read the agreement, this does not mean that the court can infer that the user was able to read the agreement. (???)
comScore cited to several cases where courts enforced "click-through" agreements, including Specht v. Netscape. The court says that none of the cases involved an allegation of an obscured hyperlink. According to the court, Specht acknowledged the possibility that "a click-through agreement is not enforceable if its terms are not reasonably apparent to the user." The court goes on to note:
it is not reasonable to expect a user casually downloading free software to search for such an agreement if it is not immediately available and obvious where to obtain it. As the Second Circuit noted, 'when products are 'free' and users are invited to download them in the absence of reasonably conspicuous notice that they are about to bind themselves to contract terms, the transactional circumstances cannot be fully analogized to those in the paper world of arm's-length bargaining.' [U]nder the circumstances alleged here, including that the location of the license agreement was not readily apparent, the court concludes that the forum-selection clause was not reasonably communicated to the plaintiffs . . . .
This is definitely a double-take-worthy decision. The court relies on Specht v. Netscape, but Specht is a browsewrap case, where the user did not have to indicate assent to the terms before downloading the software. Given the circumstances (free download) and the fact that the terms were not in an obvious location, the court in Specht declined to enforce the terms.
There's an easy way to solve the problem presented by Specht: have a mechanism to require the user to unequivocally indicate assent to the terms before downloading the software. Courts have upheld this type of contract formation because there is no ambiguity as to the user's assent to the terms, and this was the type of agreement comScore had in place here. The consumer cannot say that he or she did not read the terms because prior to downloading, the user has to indicate that they read the terms. (See for example Feldman v. Google, which Eric discusses in this blog post: "Google Adwords Contract Upheld (Again)".)
It's tough to understate the importance of certainty in online contracting and the predictability of online agreement enforceability. They're among the cornerstones of online commerce. Courts struggled with the enforceability of browsewrap terms, but check the box terms are widely acknowledged to be enforceable; at least there should be no bar as to mutual assent and basic contract formation. I'm not sure whether the formation process or the court went astray here (see Eric's comments below regarding the former--he makes good points regarding implementation). If there were no issues with the UI implementation or the browser, then the court's decision is off base.
[Interestingly, comScore did not argue that the dispute is subject to arbitration, which tends to indicate that the agreement did not have an arbitration clause.]
______
Eric's comments
I have a couple theories about what went wrong here. Theory #1 is that the judge was overly willing to accept a plaintiff's bald factual assertion that comScore didn't adequately present the contract. (The judge says, "At this stage, however, the court must take the plaintiffs’ word for it."). As Venkat indicates, judges have to do a little more gatekeeping than this, because plaintiffs will assert this defect in every lawsuit. If all it takes to survive a motion to dismiss is the plaintiff's bald assertion, the contracts are nearly worthless.
Theory #2 is that comScore didn't do its formation process properly. I think there is truth to this theory even if comScore went "by the book" and used what seemed like a mandatory non-leaky clickthrough agreement. It's the responsibility of software vendors/website vendors to present the contract in such an unambiguous/can't-miss-it process that NO ONE--plaintiffs' lawyers, judges, Grandma--could possibly fail to see it. The fact that the judge gave the plaintiffs the benefit of the doubt is prima facie evidence that comScore failed to do this well enough.
The case might remind us of two key lessons for lawyers advising companies implementing user agreements:
1) I don't care how brilliantly you draft your user agreement. It's also your job as a lawyer to advise your clients HOW to form the contract and to ensure they follow your advice. If your brilliant contract isn't properly formed, who cares what it says?
2) You need to look at the UI implementation across multiple browsers with a variety of settings. Even if your browser renders the agreement formation process just fine, another browser may chunk the display. This is even more crucial in the mobile environment, where UIs are even more constrained.
Posted by Venkat at 12:55 PM | Adware/Spyware , Licensing/Contracts , Privacy/Security
October 07, 2011
Massachusetts Court Dismisses Lawsuit Alleging Failure to Adequately Safeguard Personal Information -- Katz v. Pershing
[Post by Venkat Balasubramani]
Katz v. Pershing, LLC, 10-12227-RGS (D. Mass. Aug 23, 2011)
Background: Katz maintained an account at National Planning Corporation, an "introducing firm" for which Pershing provides brokerage clearing services. Pershing's services are provided on a proprietary exchange known as "NetExchange Pro," and this platform allows firms and their customers to access account information, stock quotes, etc. Katz alleged that up to 100,000 users have electronic access to customers' non-public personal information, including social security numbers, taxpayer identification numbers, and bank account numbers. Katz alleged that the security deficiencies rendered this information susceptible to being compromised. She claimed that NPC paid Pershing fees to protect the data and these fees were passed on by NPC to Katz and other putative class members.
She filed a lawsuit bringing claims under the Massachusetts deceptive trade practices statute, breach of contract, negligence, and unjust enrichment. Pershing initially moved to dismiss and the court granted the motion before Katz had an opportunity to respond. Katz filed a motion to reconsider. On reconsideration, the court dismisses the case.
Discussion: The court dismisses the based on standing (lack or jurisdiction) and on the merits.
Standing: Pershing argued that Katz did not allege that any of her protected data was actually compromised. The court agrees, noting that several cases have dismissed data loss claims on Article III standing grounds, finding that the increased risk of identity theft is insufficient to create standing. Katz argued that her claims were distinguishable from the other increased risk cases because she brought claims under Massachusetts statutes and for breach of contract.
Massachusetts Data breach statute: The court pointed out that Katz's claims under the Massachusetts unfair trade practices statute needed a statutory predicate--some statute or policy which was enacted for the benefit of the public which the defendant failed to comply with. Katz argued that here, Pershing failed to comply with Massachusetts' data breach statute, which was enacted in the wake of the well-publicized TJX data breach. The court rejects this argument, finding that the data breach statute defines a "breach of security" to include an "unauthorized acquisition or unauthorized use" of encrypted data. While breaches that create a substantial risk of identity theft trigger the statute, there must be a breach in the first place, and there was none alleged by Katz here. There was a second problem with Katz's argument. The Massachusetts data breach statute does not provide for a private cause of action. The statute is intended to be enforced by the attorney general. Therefore, Katz's claim of unfair trade practice based on a violation of the Massachusetts data breach statute fails.
Breach of contract claim: The court rejects Katz's breach of contract claim because it is based on the agreement between NPC and Pershing, and Katz argued that she was an intended third party beneficiary to this agreement. The court pointed to language in the NPC-Pershing agreement which states that the agreement was "not intended to confer any benefits on third-parties including, but not limited to, customers of [NPC]." Katz argued that the contract was superseded by marketing representations made by Pershing, but the NPC-Pershing agreement contained an integration clause, and Katz could not introduce additional terms to vary the agreement. The court also rejects Katz's implied contract claim because it was not supported by valid consideration. If, as Katz alleged, Pershing promised to NPC to safeguard Katz's personal information, "any alleged promise to Katz to do the same would not amount to valid consideration."
Unjust enrichment: The court also rejects Katz's claim for unjust enrichment on the basis that Katz did not allege that she conferred a specific benefit on Pershing or that Pershing was ever aware of this benefit.
__
Courts have rejected claims from data breach plaintiffs where the plaintiffs have not suffered any out of pocket loss. Here, the plaintiff sued before the breach even occurred, and the court rejects the claims. Out of necessity, plaintiffs have gotten creative and tried every angle imaginable, but so far they have had no luck.
As in the Ikon Solutions case, the plaintiff in this case tried to rely on the data breach statute but the court found that it was inapplicable. To my knowledge, no state has enacted a data breach statute which provides for a private cause of action or damages. The Massachusetts statute primarily requires notification of an alleged breach. The court's two conclusions with respect to the data breach statute are not surprising, but they are significant.
Related posts:
Starbucks Data Breach Plaintiffs Rebuffed by Ninth Circuit
9th Circuit Affirms Rejection of Data Breach Claims Against Gap
The [Non]enforceability of Privacy Promises
Acxiom Not Liable for Security Breach
When Does a Privacy Policy Breach Support a Breach of Contract Claim?
Ikon Office Solutions Had no Duty to Disclose That Office Equipment Retained Data
Posted by Venkat at 01:36 PM | Licensing/Contracts , Privacy/Security
October 06, 2011
GoDaddy Mismanages Its User Agreements--Crabb v. GoDaddy
By Eric Goldman
Crabb v. GoDaddy.com, Inc., 2:10-cv-00940-NVW (D. Ariz. Sept. 27, 2011)
As online user agreements become longer and more byzantine, it's become common for a "master" user agreement to incorporate numerous other documents by reference. For example, stylistically, many websites put the user agreement and the privacy policy into two separate documents and then incorporate the privacy policy into the user agreement by reference. In most cases, the privacy policy doesn't have to exist separate from the user agreement; but it's so common nowadays that I bet many websites don't consider any other approaches.
Having legal terms sprinkled throughout different documents on the site is legally acceptable if--and only if--the documents link together properly. The flagship online contracts case, Specht v. Netscape, is a good example of how this linking process can fail (it would have been trivially easy for the drafters to cross-link the EULAs in that case). Here, GoDaddy gets a hard lesson in its failure to properly cross-reference documents, and its mistake could lead to a cash payment.
This case is another lawsuit against a registrar for parking ads on undeveloped domain names. Personally, I think it's scummy of registrars to do this because it sets up significant conflicts of interest between registrars and registrants. But if the registrant is told that their undeveloped domain name will be used for ad parking and the registrant can avoid this outcome, then caveat emptor, and may the best registrar win in the marketplace.
In this case, GoDaddy claims it told registrants about the ad parking in its "Universal Terms of Service," which purported to incorporate by reference a "Parked Page Service Agreement." However, the cross-reference in the TOS said the parking agreement applied "only to customers who have purchased those referenced Services." But the registrants didn't "purchase" the ad parking service; rather, GoDaddy imposed it on them for free (or, more precisely, against their will). With the botched cross-reference, the contracts the registrants actually agreed to didn't adequately disclose the ad parking. As a result, GoDaddy can't claim the registrants contractually authorized the parking. GoDaddy still has plenty of other defenses, but it must sting to lose its preferred defense--especially when it had complete control over the situation. WHOOPS.
Posted by Eric at 01:46 PM | Domain Names , Licensing/Contracts | TrackBack
October 03, 2011
New Essay on 47 USC 230(c)(2)
By Eric Goldman
I have posted a new essay, Online User Account Termination and 47 U.S.C. §230(c)(2), to SSRN. I wrote this essay as a contribution to a virtual world symposium at UC Irvine, and it will be published in the UC Irvine Law Review.
The essay generally argues that 47 USC 230(c)(2) permits online providers, including virtual world operators, to terminate user accounts without liability. Academic commentators frequently ignore or fail to consider Section 230(c)(2)'s immunity when discussing user account terminations, so the essay tries to elevate Section 230(c)(2)'s profile in the discussions, especially for the virtual world community. To me, Section 230(c)(2)'s applicability to account terminations is clear, but the story is complicated and perhaps not free from controversy. In addition to explaining the nuts-and-bolts, I offer a brief theoretical defense of the immunity.
I believe this essay is the first law review article exclusively on 47 USC 230(c)(2), the overlooked and undertheorized sibling of Section 230(c)(1). (FWIW, I have another, much larger article in process on Section 230(c)(1) that I hope to complete next semester.) If I've missed a 230(c)(2)-specific article, please please please let me know. For that reason alone, I'm quite excited about this essay.
I'm also excited about this essay because it culminates a topic I've been contemplating since I began blogging--the implications of virtual world proprietors' rights to terminate for convenience. See, e.g., this post--one of my first on the blog--from 6 1/2 years ago. After all these years, I'm glad to finally organize my thoughts more completely.
The essay is in draft form, so I would gratefully welcome your comments.
________
The abstract:
An online provider’s termination of a user’s online account can be a major-and potentially even life-changing-event for the user. Account termination exiles the user from a virtual place the user wanted to be; termination disrupts any social network relationship ties in that venue, and prevents the user from sending or receiving messages there; and the user loses any virtual assets in the account, which could be anything from archived emails to accumulated game assets. The effects of account termination are especially acute in virtual worlds, where dedicated users may be spending a majority of their waking hours or have aggregated substantial in-game wealth. However, the problem arises in all online environments (including email, social networking and web hosting) where account termination disrupts investments made by users.
Because of the potentially significant consequences from online user account termination, user-rights advocates, especially in the virtual world context, have sought legal restrictions on online providers’ discretion to terminate users. However, these efforts are largely misdirected because of 47 U.S.C. §230(c)(2) (“Section 230(c)(2)”), a federal statutory immunity. This essay, written in conjunction with an April 2011 symposium at UC Irvine entitled "Governing the Magic Circle: Regulation of Virtual Worlds," explains Section 230(c)(2)’s role in immunizing online providers’ decisions to terminate user accounts. It also explains why this immunity is sound policy.
Posted by Eric at 09:10 AM | Derivative Liability , Internet History , Licensing/Contracts , Virtual Worlds | TrackBack
September 21, 2011
Bad SEO Advice May Support Negligence Claim--D'Agostino v. Appliances Buy Phone
By Eric Goldman
D'Agostino v. Appliances Buy Phone, Inc., 2011 WL 4345674 (D.N.J. Sept. 15, 2011). One iteration of the complaint.
This is a confusing dispute, so I'm just going to focus on a few aspects. Based on the court's description, it appears that D'Agostino helped Appliances Buy Phones (a baffling TM, but we'll call them ABP) build an e-commerce site in 2003. In 2009, the parties allegedly agreed to have D'Agostino build a second website ("Appliance4Sale") that was more SEO-optimized, and D'Agostino would get a cut of the revenue from the second site. Allegedly, D'Agostino indexed the second site in Google Products and started generating some sales; but subsequently ABP put the kibosh on sales through the second site, and then Google hit the sites with a duplicate content penalty that dried up traffic to the second site, so ABP shut it down to revitalize the indexing of the first site. ABP allegedly didn't pay D'Agostino for his development work on the second site, even though he claimed to spend 1,000-2,000 hours working on the site. On a pro se basis, D'Agostino sued ABP and its principals as well as Google.
The most interesting ruling relates to the counterclaim by ABP's principal, Sigman. Sigman brought counterclaims against D'Agostino for a violation of New Jersey Consumer Fraud Act, negligence and contract breach. The court refuses motions to dismiss the three counterclaims.
On the NJCFA claim, Sigman claimed "Plaintiff knowingly created the Second Website that threatened the existence of the First Website and profitability of ABP." On the negligence claim, Sigman argued that D'Agostino claimed to be an SEO expert but negligently triggered a duplicate content penalty. Finally, Sigman claimed that D'Agostino breached their contract by "jeopardizing defendant’s website, violating Google policies, and causing the interruption of defendant’s enterprise."
Now, if someone selling SEO services wasn't aware of Google's duplicate content rules, that would be a big problem. At the same time, those rules can be pretty arcane, so I could see how even well-meaning SEOs could run into unexpected duplicate content problems, especially if a site were engaged in aggressive grey-hat activities (which may or may not describe the sites involved in this litigation).
This particular judge appears to be a very cautious judge; so cautious that he might refuse a motion to dismiss even when it's warranted just to give a pro se plaintiff more time and space to develop the case. Thus, it's possible/probable that Sigman's counterclaim won't do as well at later stages in the case. Even so, this ruling has to be disconcerting to the SEO community. Combined with the Roger Cleveland case, where the vendor providing (among other things) SEO services got tagged with a big contributory trademark infringement damages award, it seems like the risks of being in the SEO consulting business keep going up.
I'm not 100% clear on D'Agostino's claims still standing against Google, but Google invoked its forum selection clause in one of its agreements to try to get out of New Jersey. (It's not clear which agreement applied, although the court references Google's Merchant Center Terms). We've had a long string of cases upholding Google's forum selection clauses, but here the court waffles on its application to D'Agostino. The court says that even if D'Agostino registered the second website with Google, he may have done so as ABP's agent, in which case he's not a party to the contract. This sounds wrong on two fronts. First, the second website appears to have been a joint endeavor of D'Agostino and ABP, so he may very well have been a party; and even if he was acting as an agent, then he should be bound equally with the principal. The court rejects Google's motion without prejudice, which means Google may still be able to transfer the case if it can show facts binding D'Agostino to the contract, but for now Google's still stuck in New Jersey.
Just yesterday, regarding the Ground Zero Museum Workshop v. Wilson case, I wrote:
Hey people, when you have vendors help run your website, PLEASE dot your i's and cross your t's. When the shit hits the fan and the contract isn't in place or clear enough, the resulting litigation fusillade can destroy your life.
This is another example where the contracts weren't air-tight enough to cut short a murky litigation. In fact, the basic architecture of this business deal--giving the SEO financial interest in the second website but still running the first website--seemed fraught with conflicts from inception. The structure apparently put the two different websites in competition with each other (because there were different economic payoffs associated with each site), so perhaps a falling-out was inevitable.
Posted by Eric at 06:55 AM | Licensing/Contracts , Search Engines | TrackBack
September 20, 2011
Web Vendor Dispute Gets Ugly--Ground Zero Museum v. Wilson
By Eric Goldman
Ground Zero Museum Workshop v. Wilson, 2011 WL 3758582 (D. Md. Aug. 24, 2011)
Disputes like these make me wonder if we can't find some way to get along. Suson runs a non-profit museum focused on the September 11 tragedy. Wilson runs an Internet shopping cart service. Wilson offered to help Suson with the museum website by adding shopping functionality. Wilson also helped Suson get free web hosting from a third party vendor, A-1 Hosting. Then, over what seemed to be a minor thing, the relationship soured in 2009. Wilson turned off the shopping cart functionality and reverted the website back to a prior version; Suson claims Wilson also took down the museum website. Wilson subsequently complained that the museum website continued to use his IP, and he sent an ineffectual takedown notice to A-1 Hosting. Wilson also allegedly badmouthed the museum to A-1 Hosting, allegedly causing them to stop providing free hosting. Wilson also set up a quasi-gripe site, cam-scam.com (now down), and allegedly a fake MySpace page, that said or implied unflattering things about Suson.
From a relatively simple commercial dispute involving a non-profit enterprise comes a cascade of litigation, including complaints and countersuits. I could seriously write my entire Internet Law exam from this situation. It touches on almost every topic I cover in class. This isn't the worst breakup I've seen, but it appears that the parties are using litigation as a sledgehammer, especially given the low dollars and stakes at issue.
1201 Circumvention. Suson claims Wilson committed a 1201 circumvention by administratively logging into the museum website and making changes in excess of his authorization. The court rejects this claim, saying "using a password or security code to access a copyrighted work, even without authorization, does not constitute 'circumvention' under the DMCA" and citing to several other cases (including the IMS and Egilman cases). The court also says that even though Wilson resigned his technical role, his continued login to the website was authorized until Suson changed the password. Finally, disabling the shopping cart wasn't a circumvention because the functionality lived on Wilson's site, not Suson's.
Computer Fraud & Abuse Act. The CFAA claim fails on summary judgment because "Plaintiffs have produced no evidence to back up their assertion that Wilson damaged the website or that his actions caused at least $5,000 in economic damages in one year." The only allegation of harm is that Wilson "stripped the metatags" (whatever that means) when he reverted the website back to the prior version, and the court can't make heads or tails of that. Suson also hired an SEO to redo the metatags for $8k, but the court can't consider this evidence either because it wasn't properly authenticated and the payments took place over more than one year (and thus perhaps didn't trigger the $5k/year CFAA threshold).
Trespass to Chattels. This was a very confused discussion. The court says the "chattel identified in Plaintiffs' trespass claim is the GZM website, or alternatively specific webpages within the site. Plaintiffs contend that Wilson deprived GZM of possession of its website and damaged the chattel by inserting a redirect command." This seems to conflate access to a virtual asset (the web page) and use of a tangible asset, the computer server. The court focuses on the virtual asset, but that should be impossible to "trespass," or any trespass claim should be preempted by copyright law. Reinforcing the court doesn't understand what it's talking about by lumping together three very disparate items, the court continues:
Although websites are not tangible property in the traditional sense, courts in Maryland, New York, and elsewhere have been willing to recognize claims for conversion or trespass to chattels involving certain digital things, such as websites and domain names and computer networks.
The court then cites cases finding conversion of domain names and a "website," plus the Cyber Promotions case where the court was clearly talking about trespass of the physical server. On this basis, the court says that copyright law doesn't preempt the trespass to chattels claim. Too bad the court couldn't make a more fine-grained distinction between tangible and intangible assets, because the trespass of an intangible asset claim should be preempted by copyright law.
The court then further finds a prima facie trespass to chattel because Wilson dispossessed Suson of the "current" website when he reverted to the older website version. However, whether Wilson acted with the requisite scienter has to go to the jury. Wilson's response that he co-owed the copyright in pieces of the website isn't availing; even if true, he can't dispossess his co-owners of their rights.
Note the unexpected result here: the CFAA claim failed and the common law trespass to chattels claim survived. How often do you see that? But this result occurs only because the court mixes its metaphors and treats the website owner's lack of virtual access to administrate the website as a physical dispossession.
Defamation. Because of the nature of the virtual interactions, the court struggles with deciding which law applies to the defamation claim. The court says:
Applying lex locus delicti is inconclusive because the websites Wilson created were accessible on the Internet from any location and the record on summary judgment does not identify the location of A1-Hosting or the unidentified third parties when they received the emails with alleged defamatory statements, so the exact place of publication for these statements is unknown.
The court finally decides that New York law applies because "Suson lives in New York, the museum is located there, and the bulk of Plaintiffs' business activities take place there. In addition, the alleged defamatory statements relate to Plaintiffs' business operations in New York. Accordingly, the brunt of the damage to Plaintiffs' reputation or business interests will be experienced in New York, and New York has the most significant relationship to the alleged defamation."
The court rejects defamation against all of the allegedly defamatory statements. If you're an Internet defamation junkie, it's worth reading the opinion.
Tortious Interference. This claim, based on Wilson's communications to A-1 Hosting, fails because Wilson didn't do anything improper.
512(f) Bogus Takedown Claim. Wilson didn't violate 512(f) because his takedown notice to A-1 Hosting was ineffectual. The court doesn't cite the Amaretto v. Ozimals opinion which reached an identical conclusion.
Copyright Co-Owner Counterclaim. The court lets Wilson plead that he made such contributions to the museum website that he became a co-owner, and therefore he is entitled to an accounting of profits. This is why you never let anyone modify your website code without a written agreement spelling out their rights.
Related Disputes. This is just the latest blog post on website co-ventures gone horribly awry. Other posts in the series:
* Holding on to a Domain Name to Gain Leverage in a Business Dispute Can Constitute Cybersquatting -- DSPT Int'l v. Nahum
* Web Developer Didn't "Convert" Website--Conwell v. Gray Loon
* Taking Intangible Electronic Files is Criminal Fraud--NM v. Kirby
* Cautionary Tale of Website Co-Ownership--Mikhlyn v. Bove
* Another Cautionary Tale of Joint Website Ownership--TEG v. Phelps
Hey people, when you have vendors help run your website, PLEASE dot your i's and cross your t's. When the shit hits the fan and the contract isn't in place or clear enough, the resulting litigation fusillade can destroy your life.
Posted by Eric at 06:19 AM | Content Regulation , Copyright , Licensing/Contracts , Trespass to Chattels | TrackBack
September 06, 2011
Court Invalidates Agreement Governing Toyota's Online Prank Contest -- Duick v. Toyota
[Post by Venkat Balasubramani]
Duick v. Toyota, B224839 (Ca Ct. App.; Aug. 31, 2011)
Toyota and Saatchi & Saatchi ran a marketing campaign where a visitor to the Toyota Matrix website could designate a separate person who would receive prank emails and messages. Here is how the court describes the campaign and Duick's (the plaintiff) experience:
During the campaign, any visitor to the Toyota Matrix website ("player 1") could designate another person ("player 2") for participation in the Your Other You "interactive experience." Player 2 would then receive an email purportedly from player 1, inviting player 2 to click a hyperlink that was in some manner "identified with Toyota." The link would direct player 2 to a web page entitled "Personality Evaluation."
....
[Duick played the role of player 2, and] later began to receive emails from an individual identifying himself as "Sebastian Bowler." The text of the first email reads, "Amber mate! Coming 2 Los Angeles Gonna lay low at your place for a bit. Till it all blows over. Bringing Trigger." Duick received another email from Bowler the following day, accurately stating her previous home address, describing it as a "Nice place to hide out," and advising her that "Trigger don't throw up much anymore, but put some newspaper down in case." . . . . Additional emails from Bowler to Duick over the next few days purported to describe his cross-country journey by car to visit her, including photos and videos of his travels and references to his efforts to evade law enforcement . . . . The final email included a link to a video revealing that Bowler was a fictional character and that the entire sequence of emails was an elaborate prank, all part of an advertising campaign for the Toyota Matrix.
The whole thing sounds clever in a Blair Witch Project sort of way, but I'm guessing neither Toyota or Saatchi & Saatchi spent much energy having their legal departments review the contest. Even a fairly risk-tolerant legal department would have flagged this as a marketing campaign that has the potential to go south, regardless of the technical legality of it.
Anyway, Duick asserted claims for emotional distress, negligence, and false advertising. She sought the respectable sum of $10,000,000 in damages. [I can just picture Duick's lawyer mimicking Dr. Evil from Austin Powers when he or she is talking with Duick about what damages figure to include in the complaint.] Defendants moved to compel arbitration. The court rejects their request. Not only does the court reject defendants' request to compel arbitration, the court nukes the entire set of contest terms.
The court says that Duick was duped as to the nature of the agreement:
A person in the role of player 2, such as Duick, could not access the terms and conditions without first clicking "Begin" on a webpage entitled "Personality Evaluation," created by defendants. The terms and conditions themselves were entitled 'Personality Evaluation Terms and Conditions.' Defendants thereby led Duick to believe that she was going to participate in a personality evaluation and nothing more. In particular, a reasonable reader in Duick's position would not have known that she was signing up to be the target of a prank.
Here is what the online terms said:
You have been invited by someone who has indicated that he/she knows you to participate in Your Other You. Your Other You is a website provided by [Toyota] that offers you . . . an interactive experience. . . . If you review and agree to the Terms and Conditions detailed below . . . you may participate in a 5 day digital experience through Your Other You. . . . You may receive email messages, phone calls and/or text messages during the 5-day experience. . . .You understand that by agreeing to these Terms, you are agreeing to receive emails, phone calls and text messages from Toyota during the 5-day experience of Your Other You.
The online terms contained language that alerted Duick to future email messages "from Toyota," but she would reasonably expect these to be mundane messages about a purported 'Personality Evaluation'--i.e., the fact that she agreed to receive emails, phone calls and texts does not amount to consent for receiving "frightening or disturbing messages" from some unidentified third party. The court notes that there was probably a way for the terms to be drafted to avoid the issue, but then again that would probably defeat the contest's purpose.
Michael Anderson's post provides some detail about the campaign and asks some good questions ("Prank Marketing and the Toyota Matrix: How Far Is Too Far?"):
When you employ a viral mechanism to promote the game, how overtly should it indicate the game’s fictionality? How much information do you disclose about the nature of the campaign? Finally, how do you allow for players to opt-out if they no longer wish to continue the experience?
Where one person can sign another person up to participate in the game, you would be well-advised to indicate the game's fictionality as overtly as possible. The terms provided to the so-called 'player 2' should be clear and accurate. Don't count on the court to add additional terms to the terms of use based on context. Providing a robust and simple-to-use opt-out also sounds like an excellent idea, although I'm not sure it would save this type of a contest. Duick did not assert claims under the TCPA for unsolicited text messages, but she and other participants of the contest who received text messages could assert those claims.
Duick still faces the Herculean challenge of proving up her damages, but she has to feel good about avoiding arbitration.
Other coverage:
Deceptive terms and conditions void contract in entirety
Posted by Venkat at 04:29 PM | Licensing/Contracts , Marketing
August 24, 2011
Mixed DMCA Online Safe Harbor Ruling in Cloud-Based Music Locker Case--Capitol v. MP3Tunes
By Eric Goldman
Capitol Records, Inc. v. MP3Tunes, LLC, 2011 WL 3667335 (SDNY Aug. 22, 2011).
Background. This case involves MP3Tunes.com and Sideload.com. MP3Tunes is a music storage locker. Small lockers are free, but more storage is available at a price. The system doesn't store redundant copies; if the system recognizes an identical bit stream coming from a second user, it just records the hashtag. Sideload is a music search engine that lets users find free music on the Internet. (It was also a browser plug-in). If users find a music file they like, they can "sideload" the music file into their MP3Tunes' locker as a personal archive copy. MP3Tunes' database tracks the sources of these personally archived files.
Due to other issues being addressed in prior proceedings, this ruling primarily focuses on the applicability of the 17 USC 512 safe harbor. This court expressly interprets 512(d), the safe harbor for linking to infringing content--one of the rare opinions to do so. Like most 512 rulings, this ruling is lengthy and detailed, reflecting the fact that the plaintiff contested a long list of safe harbor elements. As I recently mentioned, god bless the pithy 47 USC 230 immunity and the short opinions it produces.
Result. The net effect is that most of MP3Tunes' operations got a 512 safe harbor defense, but it is contributorily liable for any infringing sideloaded files it didn't remove following a takedown notice, and MP3Tunes' CEO (the persistent Michael Robertson) may be personally liable for any infringing files he personally loaded into his locker. These rulings leave the defendants on the hook for potentially millions in damages. Other questions, such as liability for employees' uploads, were rolled over to trial. Because of this mixed ruling, both sides issued public statements touting their wins. As I'll explain momentarily, both sides also earn some brickbats from me.
Some of the post-ruling punditry has suggested this ruling provides a roadmap for other cloud-based music lockers, including the offerings from Apple, Amazon and Google. While that's partially true, the guidance is limited at best due to the fact-specific nature of the ruling. Perhaps the best news for the other services is that lockers may not have to store redundant copies of user-uploaded files to qualify for a Cablevision defense (see the EFF post for more on this). However, as the Zediva ruling recently showed, it remains uncertain how broadly other courts will read the Cablevision case. Otherwise, I think this case mostly tells us things we already knew but that copyright owners refuse to believe.
Out of this dense and slightly inscrutable ruling, some of the points that I found most interesting:
Bogus Takedown Notices (Yet Again...) EMI sent MP3Tunes overbroad takedown notices. The court says EMI affiliates "provided a list of EMI artists and demanded that MP3Tunes 'remove all of EMI's copyrighted works, even those not specifically identified.'" This was in 2007, NINE YEARS after the DMCA came into effect. Seriously, guys? 512(c)(3) isn't that complicated, and major copyright owners that send notices vastly in excess of 512(c)(3) look like greedy or clueless SOBs.
With the hope that we can avoid future SOBness, here's an offer I extend to any and all major copyright owners. I will happily give you a FREE tutorial on how to draft proper 512(c)(3) takedown notices so that you don't look as asinine as EMI looked here. I'm not worried about these trainings being too much of a drain on my time--they should only take about FIVE MINUTES and involve a variation of RTFM.
Needless to say, the court wasn't impressed by EMI's overreaching takedown notuices. It reminds EMI that a proper 512(c)(3) takedown notice requires the copyright owner to provide sufficient information to locate the infringing files (cite to Wolk v. Photobucket).
MP3Tunes' Takedown Policy. MP3Tunes took the puzzling position that, in response to the overreaching 512(c)(3) notices, it only had to remove specified links from Sideload and not any files downloaded from those URLs into personal lockers--even though MP3Tunes kept the source URLs in its database and could therefore trace those files. Now, if the users had downloaded the files to their hard drives, that wouldn't be MP3Tunes' issue--though, to be clear, the users probably don't have a fair use defense if the files are actually infringing (see, e.g,. the BMG v. Gonzalez case). However, as a cloud service provider, MP3Tunes needs to respond to 512(c)(3) notices when they meet the statutory requirements, even if the locker is supposed to be the user's "private" space. MP3Tunes loses the 512 safe harbor for these files because EMI's 512(c)(3) notices provided adequate information for MP3Tunes to locate the files, and the court says MP3Tunes is contributorily liable for these infringements. MP3Tunes argued a Sony defense that its lockers had substantial non-infringing uses, but the court says Sony applies only to products, not services.
It's unclear how this discussion applies to other cloud-based music lockers. The court distinguishes Viacom v. YouTube because Viacom could easily search YouTube for infringements--which isn't possible with private cloud-based lockers (just as it isn't possible with user hard drives). The court also asserts that any other lockers letting users "sideload" from the Internet must trace URL source and disable all files from that URL in response to a 512(c)(3) notice. But what if the music locker allows users to upload files from their hard drives and don't allow those to be searched? The opinion seems to deliberately avoid addressing that situation. [A related unresolved Q: how copyright owners can find private YouTube videos. I've posted a few myself for use in my Advertising Law course.]
The court dismisses MP3Tunes' seemingly overstated concerns about its liability to users for disabling files in their "private" lockers. MP3Tunes' user agreement expressly allowed this, as I would expect every other cloud service providers' user agreements to do.
Even so, it's 100% clear that cloud storage is different from hard drive storage, and some users are going to get quite a surprise when they learn that third parties can zap files from their cloud storage. (Recall the hubbub over Amazon's zapping of books from Kindle). If Congress weren't so dysfunctional, this would be a good place for a statutory fix. It would make a nice complement to the Digital Due Process initiative to fix the ECPA's application to the cloud.
It's worth noting that users weren't represented in this litigation and had no ability to show that their uses were fair, notwithstanding BMG v. Gonzalez and similar cases. If cloud-based music lockers simply pull the trigger on 512(c)(3) notices on an "ex parte" basis (i.e., without any input from the affected users), their fair use rights become effectively irrelevant unless the sites honor users' putback notices. I think it's critical for cloud-based music lockers enabling "private" lockers to address how they will deal with 512(c)(3) notices and if they will honor 512(g) putback notices. I'd welcome your thoughts on ways that we collectively can monitor cloud service providers' policies and practices on this topic.
Repeat Infringer Policy. MP3Tunes had an adequate repeat infringer policy because, among other things, its users weren't "blatant infringers" (they were just downloading files for personal use and may not have known better) and "MP3Tunes does not purposely blind itself to its users' identities and activities."
Red Flags of Infringement. I continue to assert that "red flags of infringement" is no longer possible given copyright owners' widespread practices of freely seeding their content on the Internet as marketing. EMI did that too. Indeed, the court says "EMI executives concede that internet users, including MP3tunes' users and executives, have no way of knowing for sure whether free songs on the internet are unauthorized." The court further dismisses EMI's mockable argument that the terms "free," "mp3" and "file-sharing" automatically confer red flags knowledge. EMI's takedown notices that didn't comply with 512(c)(3) didn't contribute to any red flags knowledge either.
Vicarious Infringement Standards. The court rejects that the sideloading feature contributed to "financial benefit" because, even if it was a "draw," it had non-infringing uses, and MP3Tunes didn't charge for its usage. MP3Tunes lacked the requisite "control" because it was a cloud storage solution.
Public Performance. EMI argued that MP3Tunes publicly performed the files in users' lockers. MP3Tunes responded with a Cablevision defense. The court explains that MP3Tunes doesn't deliver files from a "master copy" (even though redundant copies aren't made) but instead "uses a standard data compression algorithm that eliminates redundant digital data" and therefore preserves exact digital copies. Thus, MP3Tunes wasn't publicly performing. I didn't understand the technological distinction the court was making, but I didn't find it persuasive at all. The court also distinguished Cablevision because it couldn't qualify for 512, while MP3Tunes does.
DMCA's Applicability to pre-72 Sound Recordings. FN1 says that 512 applies to pre-1972 sound recordings:
The Court agrees with Defendants that the plain meaning of the statutory language makes the DMCA safe harbors applicable to both state and federal copyright claims. Thus, the DMCA applies to sound recordings fixed prior to February 15, 1972.
I believe this is the first ruling reaching this conclusion (am I forgetting one?). The court didn't offer any citations or analysis in support of this conclusion, and I anticipate this issue will continue to be litigated fiercely.
Reminder: in case you missed it, I recently caught up on 4 months worth of online copyright rulings, including several addressing the same or similar issues as this case.
Other comments on this ruling: Techdirt, EFF, CNET News.com
Posted by Eric at 02:26 PM | Copyright , Derivative Liability , Licensing/Contracts , Privacy/Security | TrackBack
August 22, 2011
Deep Packet Inspection Lawsuits: NebuAd Partner ISP Wins Summary Judgment -- Kirch v. Embarq
[Post by Venkat Balasubramani with comments from Eric]
Kirch v. Embarq, 10-2047-JAR (D. Kan. Aug. 19, 2011)
The fallout from Nebuad's ill-fated deep packet inspection continues to percolate through the courts. Plaintiffs sued NebuAd and ISPs in the same forum in Northern California, but the ISPs were dismissed on jurisdictional grounds, requiring plaintiffs to pursue them through local lawsuits. NebuAd reportedly shut down, but lawyers recently announced a settlement over claims against NebuAd. (See: "NebuAd Settles Lawsuit Over Behavioral Targeting Tests.") Interestingly, the $2.4M from the proposed settlement will go to public interest organizations and the lawyers--there's no class payout, and just small payments to the named plaintiffs. This is fairly typical in privacy lawsuits, but settlements like these have elicited a few challenges, most prominently in Facebook's Beacon settlement (which is currently on appeal to the Ninth Circuit).
This particular case is one of the end users' cases against ISPs. They brought claims for violation of the Computer Fraud and Abuse Act, Electronic Communications Privacy Act, invasion of privacy and trespass to chattels. They voluntarily dismissed the invasion of privacy, trespass and CFAA claims. This left the ECPA claim. (The court says the claims were dismissed pursuant to "stipulation," but does not get into detail as to whether there was any settlement associated with this dismissal.)
No derivative liability: The court found for summary judgment purposes that Embarq did not have access to the contents of user communications. Embarq admittedly facilitated NebuAd's tracking and targeting, but this is not enough for plaintiffs to hold Embarq liable:
As plaintiffs' expert testified, Embarq's role was to install the NebuAd device so as to furnish the UTA connection to NebuAd. In other words, the NebuAd device . . . goes into place, then all of the raw data that flows through Embarq is directed to that device, where NebuAd does the analysis and, apparently, separates out the Port 80 traffic. Moreover, plaintiffs cite no authority that Embarq's access to the raw data that flowed through its network constitutes a violation of the ECPA, which requires an entity to actually acquire the contents of those communications. There is nothing in the record that Embarq itself acquired the contents of any communications as they flowed through its network; instead, plaintiffs' theory rests on the notion that the NebuAd System extracted the contents of the communications. Plaintiffs' assertion that Embarq 'endeavored to intercept' communications falls short of creating civil liability under the ECPA, which creates liability for actual interception.
Plaintiffs pointed to the contractual relationship between Embarq and NebuAd as a basis for holding Embarq indirectly liable. The court says clearly that the "civil liability provision of the ECPA . . . does not provide for secondary liability."
User consent: The court also grants Embarq summary judgment on the basis that to the extent there was improper interception, the users consented to it. Embarq's "activation agreement" pointed to its privacy policy and said Embarq could revise it. Prior to deployment of NebuAd, Embarq posted a new paragraph in its privacy policy entitled "preference advertising." This paragraph informed subscribers that:
Embarq may use information such as the websites you visit or online searches that you conduct to deliver or facilitate the delivery of targeted advertisements. The delivery of these advertisements will be based on anonymous surfing behavior and will not include users' names, email addresses, telephone numbers, or any other Personally Identifiable Information.
You may choose to opt out of this preference advertising service. By opting out, you will continue to receive advertisements as normal; but these advertisements will be less relevant and less useful to you. If you would like to opt out, click here. (embarq.com/options)
Subscribers were given an opportunity to opt-out by clicking on a link. Plaintiffs made three arguments as to why this consent should not be viewed as being effective, but the court summarily rejects them all, relying in part on Mortensen v. Bresnan: (1) the scope of the disclosure was inadequate and did not identify NebuAd; (2) the notice was not conspicuous enough; and (3) the opt-out mechanism was insufficient.
__
The NebuAd deep packet inspection idea was ill-fated, but it's interesting to see the litigation play out as it has. NebuAd's insurers settled for a relatively small amount. The claims against the individual ISPs are struggling, and when you throw requests to compel arbitration based on the Supreme Court's decision in Concepcion into the mix, it's going to end up being a long road for plaintiffs.
I'm not sure I can think of a principled reason for this, but I've always viewed deep packet inspection as something that crossed the line. But under existing privacy laws, it's not easy to hold ISPs who partnered with NebuAd liable. Privacy plaintiffs continue to push the envelope but they are repeatedly rebuffed by the courts. As Eric notes, the statutes under which plaintiffs assert causes of action in privacy class actions are convoluted, confusing, and in need of a much-anticipated revamp.
As with the flash cookie cases, I'm curious about the FTC's role in the regulatory quagmire. I would think they could have a significant effect in the area if they came in and took type of action they took against the likes of Google and Twitter against the players in this space. Maybe I'm missing something or there are institutional factors at play (or activities going on behind the scenes), but it certainly seems like the FTC has extracted a large quantity of blood in some situations but is ineffectual or slow to act in others.
Previous posts on NebuAd:
Deep Packet Inspection (NebuAd) Litigation: Court Dismisses ECPA Claim but CFAA Claim Continues
NebuAd Deep Packet Inspection Lawsuits Sputter -- Deering v. CenturyTel & Green v. Cable One
Additional coverage:
Wendy Davis: "Embarq Wins Privacy Suit Stemming From NebuAd Tests"
__
Eric's comments
1) For sake of completeness, I note that a 47 USC 230 defense wouldn't have helped Embarq against the derivative ECPA claim because 230's immunity expressly excludes ECPA claims. See 47 USC 230(e)(4). Thus, this case failed on the prima facie elements. The court says confidently (cites omitted):
The civil liability provision of the ECPA, however, does not provide for secondary liability, as liability attaches only to the party that actually intercepted a communication. As numerous courts have consistently held, a defendant does not “intercept” a communication merely by allowing or enabling, or even directing, another party to intercept communications.
2) The court's conclusion about consent is interesting:
plaintiffs were required to agree to the terms of the Activation Agreement in order to use Embarq’s Internet service; that Agreement incorporated the terms of the Privacy Policy, which informed subscribers that their de-identified data could be shared with third parties; that Agreement informed subscribers that the terms could be changed at any time through posting a new policy at Embarq’s website; and Embarq modified those terms in advance of the NebuAd test to add a paragraph regarding preference advertising, with an opt-out mechanism.
This summary, very much in line with the Mortensen case, shows an extreme judicial deference to Embarq's contract--both in terms of letting broad opaque language serve as user "consent" and letting Embarq unilaterally amend the contract to add new and different terms. We've seen other courts push back on both practices, so I wouldn't recommend Embarq's approach as an industry best practice. It seems especially odd that courts have been so deferential on consent issues given the inherent disagreeability of NebuAd's DPI practices.
3) Along with last week's Bose v. Interclick ruling, chalk this up as another plaintiff loss in a privacy case that most people probably thought was a slam dunk. So many of the pending privacy lawsuits are filed solely because defendants will pay to avoid the adjudication costs of defending their practices under poorly drafted statutes, not because there's any fundamental merit to the cases. We desperately need a complete rewrite of the CFAA and ECPA simply to put them in English so that everyone has a better sense of which cases are meritorious from the outset.
4) An interesting factoid: NebuAd paid less than $30k to Embarq for the trial period. Note to future IAPs who want to experiment with potentially privacy-invasive technologies: it isn't a good financial deal for you! Or, at minimum, get the vendor's insurer to stand behind the vendor's indemnity clause so that you won't spend many multiples of the associated revenue defending yourself when the vendor goes belly-up.
Posted by Venkat at 04:27 PM | Derivative Liability , Licensing/Contracts , Privacy/Security
August 09, 2011
Zynga Wins Arbitration Ruling on "Special Offer" Class Claims Based on Concepcion -- Swift v. Zynga
[Post by Venkat Balasubramani with comments from Eric]
Swift v. Zynga, 2011 WL 3419499 (N.D. Cal.; August 4, 2011)
The US Supreme Court decided AT&T Mobility v. Concepcion earlier this year, and a question left open in that decision is how the Federal Arbitration Act's preemption of state laws which disfavor arbitration clauses would play out in the online context. Most people thought that this decision would allow internet companies to push consumer claims into arbitration through provisions in relevant terms of use agreements, and a recent ruling involving Zynga seems to confirm this.
Background: Swift alleged that she accepted "special offers" while playing Zynga's Facebook apps. She argued that the special offers were misleading, and sued Zynga as well as two of its advertising partners. The lawsuit was originally filed in late 2009 and amended in February 2010. Following the Supreme Court's decision in Concepcion, Zynga moved to compel arbitration and to stay the litigation in light of the Supreme Court's ruling.
Plaintiff received the allegedly misleading offers through Zynga's "YoVille" app, which during the relevant time period contained the following arbitration provision:
You agree that any suit . . . arising out of or relating to these Terms of Use or any of the transactions contemplated herein or related to the Service or any contests or services thereon . . . shall be resolved solely by binding arbitration before a sole arbitrator under the rules and regulations of the American Arbitration Association ("AAA"); provided, however that notwithstanding the parties' decision to resolve any and all disputes arising under these Terms of use through arbitration, Zynga may bring an action in any court of applicable jurisdiction to protect its intellectual property rights or to seek to obtain injunctive relief or other equitable [sic] from a court to enforce the provisions of these Terms of Use or to enforce the decision of the arbitrator. The arbitration will be held in San Francisco.
This agreement was silent as to whether the claims could be aggregated. The terms were presented to Swift when she first decided to start playing the game via a link under a button titled "allow access," which provided notice that the application would access Swift's Facebook profile information. Under the "allow access" button, the app presented the following text:
By proceeding, you are allowing YoVille to access your information and you are agreeing to the Facebook' terms of service in your use of YoVille. By using YoVille, you also agree to the YoVille Terms of Service.
In August 2009 Zynga implemented a "Universal TOS," which contained terms that were different from the YoVille Terms of Service. As relevant to the present dispute, these terms required arbitration on an individual basis, and excluded disputes relating to "theft, piracy, invasion of privacy" from their scope. [I'm not sure what Zynga's rationale is for excluding privacy-related claims from the arbitration clause, but this could end up being relevant to the growing number of privacy lawsuits against Zynga.]
Discussion:
Was there a binding agreement requiring arbitration? Swift argued that she did not assent to the YoVille terms because the terms were not presented in a leakproof manner--i.e., she could access the application without affirmatively representing that she agreed to the terms. Swift relied on Specht v. Netscape and Hines v. Overstock for the proposition that "submerged" terms cannot be enforced by an online merchant. The court disagreed and held that Specht and Hines were distinguishable. In both cases, the consumer would have to hunt around to find the terms, whereas in this case, the terms were presented right underneath the button which allowed Swift to access the application. The court pointed to the fact that Swift did not affirmatively put forth any evidence that she did not read or agree to the terms. The court also pointed to Register v. Verio, where the Second Circuit enforced the online terms and rejected Specht's implication that an "I agree" button was a prerequisite to enforcing online terms.
Did plaintiff's claims fall within the arbitration clause? Swift argued that since claims involving "theft" were excluded from the arbitration clause, her claims were not subject to arbitration. The court doesn't treat this argument very seriously, noting that the "complaint against Zynga cannot reasonably be construed as including a claim for "theft," and therefore the complaint is not expressly exempted from the arbitration clause."
Did Zynga waive the right to arbitrate its claims? Swift also argued that Zynga waived the right to arbitrate its claims, by never raising the issue of arbitration and litigating the case for over a year and a half before raising the issue of arbitration. She also pointed to a clause in the universal terms which said that if the bar on class arbitrations is found to be unenforceable, then the dispute will be litigated. She brought up a variety of arguments in support of this claim (e.g., Zynga acted inconsistently with its right to compel arbitration; she will be prejudiced) but the court rejects all of these arguments. Because Zynga could not have compelled arbitration pre-Concepcion, and since no court found the arbitration clause unenforceable--thus requiring the parties to proceed in court--nothing stops Zynga from seeking to compel arbitration based on Concepcion. In the court's view, because:
Zynga acted promptly following the change in the law by ceasing litigation activity and moving to compel . . . it acted consistently with its rights.
Are the Universal Terms unenforceable because they are unconscionable? Plaintiff raised an unconscionability argument but seems to have pursued it in a lackluster manner. The court notes that "Plaintiff presented no evidence that might support [its procedural unconscionability argument]."
How about the third parties? The non-Zynga defendants tried to latch on to Zynga's request to compel arbitration but they were not so lucky. They argued that the definition of "Zynga Parties" in the limitation of liability section of the terms was broad, and thus they should be able to invoke the arbitration clause. However, the arbitration clause did not mention "Zynga parties," and the court concludes that the two sections have to be read separately. They also argued that as "agents" they should be entitled to enforce the arbitration clause, but the court sides with the plaintiff on this issue, noting that although initially plaintiff labeled these defendants as "agents" after conducting some discovery, she called them independent contractors. Finally, these defendants argued that they were third party beneficiaries. Citing to Balsam v. Tucows, the court rejects this argument as well.
The End Result: After concluding that Zynga is entitled to invoke the arbitration clause and the other defendants are not, the court nevertheless stays the lawsuit as to the non-Zynga defendants and orders the claims with respect to Zynga to be arbitrated. In response to the ruling, Swift decided to dismiss her claims with Zynga with prejudice so she could proceed against the non-Zynga defendants in court. This means Zynga is off the hook.
___
To come back to the initial question, as a result of Concepcion, a lot of online disputes--particularly class actions--are going to end up in arbitration instead of the courts. Even if a dispute has been pending for awhile, a defendant who has the option available is going to push for arbitration. This makes me wonder whether online terms typically contain arbitration clauses which bar class claims or whether companies and their lawyers shied away from those terms in response to decisions which struck down arbitration clauses which barred class claims? Including a class action bar runs the risk of the entire agreement being invalidated, so you certainly can't fault a company for not including this provision in online terms. Going forward, I wonder if online terms will become even more one-sided--since companies have greater assurances that arbitration clauses will be enforced, will this cause them to load up agreements with more onerous terms?
The argument over whether there was a meeting of the minds as to the online terms was interesting, but Zynga's placement of the terms (in a location where plaintiff could not credibly claim she did not read them before she clicked "allow access") made the "I didn't read the terms of use" argument difficult to make. Nevertheless, I still like the idea of having a box that users check that says "by checking this box, I am saying that I have read and agree to the terms." There's a minor distinction between a user clicking "allow access" or installing the application and actually having to check a box saying he or she read and agreed to the terms. I like the insurance that the latter approach provides, but as this decision indicates, it's not essential. Also, from the decision, it seemed that Swift did not access the app from her mobile device, but if she did, I wondered how this would affect the court's analysis of whether she had imputed knowledge of and agreement to the terms.
Second, there is virtually no discussion in the order of how Zynga amended its terms to substitute the "Universal Terms" for the "YoVille Terms" which Swift initially agreed to. The court summarily notes that the initial terms contained provisions to the effect that Zynga "had the right to change the terms at any time" and "use after notice of [a] change in terms constitutes acceptance of the changes." The court surprisingly does not delve into the issue of what notice Zynga attempted to provide Swift (if any) or any of the other circumstances behind the revisions of the terms (or the substitution of the Universal Terms for the YoVille Terms). As mentioned in this post about Roling v. E-Trade Securities, it's pretty risky to include a provision in the agreement that says "we can amend this agreement any time and the revised version is effective after posting." In this day and age, particularly where there may be some ability to message the end user or post messages that the end user will have a tough time arguing they did not read or see, there is no reason to play with fire with respect to this issue. I don't know why companies continue to do it. (The agreement did say that it's effective after "posting" which is better than nothing.)
Given the Court's decision in Concepcion that laws which disfavor arbitration conflict with the Federal Arbitration Act, I wonder if the focus of disputes around the arbitrability of online terms will shift from substantive to procedural? Swift did not appear to make much of an argument as to procedural unconscionability, so it's unclear how much traction this type of argument will get in other cases. Cases poking holes in forum selection and arbitration clauses have focused on both. (See, e.g., Bragg v. Linden Research, Inc., 487 F. Supp. 2d 593 (E.D. Pa. 2007).) Concepcion just speaks to arbitration clauses so there's still some room for consumer plaintiffs to argue unconscionability if they are presented with an extreme set of terms (e.g., terms that are on-sided as to forum, costs, disclaimers). It will be interesting to see how courts resolve these arguments and whether consumer plaintiffs are able to use these as an end run around Concepcion. I think this is an important unresolved question at this point, and would caution against loading up online terms with overly one-sided provisions in response to Concepcion.
Zynga has to be happy about this ruling. As a result of invoking the arbitration clause, it got the plaintiff to dismiss her claims with prejudice against Zynga.
Previous related posts:
* Second Life Forum Selection Clause Upheld--Evans v. Linden
* Another Ruling Challenging "Check the Website for Amendments" Contract Provisions--Roling v. E*Trade
* Stop Saying "We Can Amend This Agreement Whenever We Want"!--Harris v. Blockbuster
* Clickthrough Agreement With Acknowledgement Checkbox Enforced--Scherillo v. Dun & Bradstreet
* Ninth Circuit Strikes Down Contract Amendment Without Notice--Douglas v. Talk America
_____________
Eric's Comments
As this case illustrates, the Supreme Court's Concepcion decision could be a potential game-changer for online user agreements. Even so, I believe that today's best practices are:
1) A mandatory non-leaky clickthrough formation procedure.
2) Mandatory venue in vendor's home court with an arbitration option. See the discussion in Evans v. Linden.
3) No use of arbitration as a waiver of class action rights. Concepcion suggests that more aggressive arbitration clauses, including those that preclude consolidated arbitration, might work. This would be terrific news for vendors if true, but I'll believe it when I see more rulings than this one, especially given that this court basically punted on unconscionability. There are strong public policy norms working against an arbitration clause or other contract provision that prevents class formation.
4) Contract amendments take effect only when users are actually given notice of the amendment. See the Ninth Circuit's Douglas case for the minimum steps required. An opt-in is legally stronger but has a number of procedural problems.
5) Irrespective of the contract language, users are in fact given actual notice of any amendments.
Zynga may have cut corners on some of these fronts but got a favorable bounce in court. Kudos to them and their lawyers. Still, based on the precedents, I wouldn't anticipate the next defendant with identical facts will be so fortunate. Because of the low odds of a repeat victory, I don't recommend any changes to the best practices based on this opinion.
This opinion deals with contract formation for Facebook apps, and its reasoning could extend to Facebook Connect as well (which has a different UI, I believe). (I vaguely recall a prior case on contract formation via Facebook Connect before but now I can't remember it--any help?) The opinion provides some reason for optimism about contract formation procedures by the many apps/websites who rely on Facebook's existing user registrations instead of creating direct user account registrations. In this case, notice that the dialog box apparently treated an "allow" as "yes" to four different issues--if the user wanted to proceed, if the user wanted Facebook to transfer its info to YoVille, if the user agreed to the applicability of Facebook's TOS, and if the user agreed to the YoVille user agreement. That's a lot of work from one dialog box acting as an interstitial to the user's destination. This court gives the participating app effectively a free pass, saying:
Zynga persuasively counters that the dialogue box in question is Facebook’s standard dialogue box presented to users wishing to access any number of Facebook applications, and Zynga followed the norm for Facebook applications and was not attempting to hide its terms of service.
(An aside: I've always been troubled by Facebook Connect because participating websites put Facebook in total control of their user relationships. Should Facebook's winds shift capriciously, Facebook could easily lock out the participating website's entire registered userbase. After-the-fact antitrust claims won't resuscitate the dead businesses. Websites, listen carefully: if you put all of your registered user eggs in the Facebook Connect basket, you may get a jumpstart on your registered users but don't expect my sympathy if all the eggs break.)
An unfortunate collateral consequence of this ruling and the resulting Zynga dismissal: with Zynga out of the case, we may not get any further clarification to fix the troubling Swift v. Zynga ruling on 47 USC 230. AdKnowledge (which the opinion repeatedly spell-check corrected into "Acknowledge"--whoops) is still a defendant in this case, so perhaps they will push 47 USC 230 further. Otherwise, we'll just cross our fingers that the prior 230 ruling is an aberration that most other judges will smartly ignore or distinguish.
Posted by Venkat at 09:07 AM | E-Commerce , Licensing/Contracts
August 08, 2011
Google Gets Default Injunction Against AdWord Gamers--Google v. Jackman
By Eric Goldman
Google v. Jackman, 2011 WL 3267907 (N.D. Cal. July 28, 2011)
This is a default ruling, so the facts are based on Google's allegations. The defendants ran AdWords campaigns for online pharmacies that sold anabolic steroids. This broke Google's rules in two ways: first, Google didn't permit the advertising of anabolic steroids; and second, the advertised pharmacies weren't certified by Google's mandatory certification program (VIPPS, "the National Association of Boards of Pharmacy’s Verified Internet Pharmacy Practice Sites"). The defendants further evaded Google's crackdown efforts by misspelling terms and opening up new bogus accounts. Google eventually cleaned out the defendants' ads through its manual "sweeps."
Without the defendants around to defend themselves, Google easily won its case. The court upheld the venue selection clause in Google's TOS and that the defendants' ads breached the TOS. As for remedies, Google dropped its claim for money damages, and the court grants the following injunction:
Defendants Gina Wyant, Gregory Gavin and Amanda Odell, and their agents, representatives, successors, assigns, and any persons in active concert or participation with them are immediately and permanently enjoined from advertising or attempting to advertise through Google’s AdWords advertising network, without regard to contact name, address, or email address and without regard to what URL or website is advertised.
From time to time, Google goes on the offensive against folks it thinks are trying to game it. You may recall Google v. Auction Experts International, 1-04-CV-030560 (Cal. Superior Ct. 2005) in which Google sued an alleged click fraudster and won a $75k default judgment; and United States v. Michael Anthony Bradley, CR 04 20108 (N.D. Cal. indicted June 23, 2004), a prosecution over alleged threats to help spammers defraud Google if the defendant didn't get $100k (that case ultimately fizzled out). Google's efforts to get tough against its spammers have typically struck me as publicity stunts. Default injunctions and dropped prosecutions don't do anything to scare the bad guys, but they intended to persuade third parties that Google will fight for its site's integrity.
In this case, no doubt Google wanted to show the DOJ that it really hates illegal pharma ads enough to "bust" the bad guys. This enforcement effort may have some value in working out a deal to reduce its half-billion dollar exposure. As a result, we won't really know if Google won this case until we see the terms of its DOJ deal.
Posted by Eric at 03:50 PM | Licensing/Contracts , Marketing , Search Engines | TrackBack
August 04, 2011
Idea Submission Case Revived Against MySpace--Riggs v. MySpace
By Eric Goldman
Riggs v. MySpace, Inc., 2011 WL 3020543 (9th Cir. July 25, 2011)
Riggs created a popular MySpace page, only to have MySpace delete it twice. Not pleased by that turn of events, for years Riggs has been doggedly pursuing a lawsuit against MySpace pro se. Two years ago, the district court unceremoniously bounced her lawsuit relying, in part, on a novel reading of 47 USC 230(c)(1). The Ninth Circuit upheld the 230 ruling on appeal:
The district court properly dismissed Riggs’s negligence and gross negligence claims, arising from MySpace’s decisions to delete Riggs’s user profiles on its social networking website yet not delete other profiles Riggs alleged were created by celebrity imposters, because these claims were precluded by section 230(c)(1) of the Communications Decency Act. See Fair Hous. Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157, 1170-71 (9th Cir. 2008) (en banc) (“[A]ny activity that can be boiled down to deciding whether to exclude material that third parties seek to post online is perforce immune under section 230.”).
Another Roommates.com citation for the defense. But, as I explain in my prior blog post, I think this should have been a 230(c)(2) dismissal, not a 230(c)(1) dismissal.
The court also rejected her claim for “promissory fraud breach of contract claim” (whatever that means) for lack of cognizable damages.
However, in an unexpected turn, the court revived her idea submission claim (an implied-in-fact contract breach) "because Riggs alleged in her First Amended Complaint at paragraph 120 that she told the News Corporation’s executive’s assistant that she wanted to “sell” her ideas before she disclosed them." That's a pretty weak allegation made to a person who may lack proper authority to promise anything, so the court seemed mighty generous to Riggs in reviving the case. Nevertheless, this is consistent with California's amorphous idea submission doctrines. They can be a nice end-run to survive motions to dismiss because, by definition, the parties are likely to dispute the facts in an implied-in-fact contract. Sadly, the Ninth Circuit recently expanded the idea submission doctrines in the Larry Montz case (mentioned here), so expect more weak idea submission claims to get further in litigation than they should.
Although the idea submission claim wasn't really a workaround to 47 USC 230, I think this case bears some parallels to Barnes v. Yahoo. In both cases, 47 USC 230 emphatically closed some doors to plaintiffs, but squishy state law doctrines opened other doors for the plaintiffs. It's a good reminder why 47 USC 230 works so well. Because it has so few exceptions, it ends cases cold. Fluffy doctrines like promissory estoppel and implied-in-fact contracts make it hard for judges to cleanly end cases early.
Eriq Gardner's story on the case.
Posted by Eric at 05:18 PM | Derivative Liability , Licensing/Contracts , Trade Secrets | TrackBack
July 03, 2011
Job Posting to LinkedIn Group Doesn't Violate Non-Solicitation Clause -- Enhanced Network Solutions v. Hypersonic Technologies
[Post by Venkat Balasubramani]
Enhanced Network Solutions Group v. Hypersonic Technologies Corp., 2011 WL 2582870 (Ind. Ct. App. June 30, 2011)
Enhanced developed software, and had a relationship with Hypersonic, which modified existing software. The two companies often jointly bid on projects together. They were parties to an agreement which contained the following non-solicitation clause:
Employee Protection. During the term of this Agreement and for a period of twelve (12) months from the date of effective date of its termination, unless mutually agreed to in writing otherwise the Parties . . . shall refrain from soliciting or inducing, or attempting to solicit or induce, any employee of the other Party in any manner that may reasonably be expected to bring about the termination of said employee toward that end . . . .
Some time after Enhanced and Hypersonic unsuccessfully bid on a project, Hypersonic posted an open position for an outside sales representative to "its LinkedIn webportal" (which the court describes as "a social internet site that connects businesses and people"). As the court describes it:
The LinkedIn job posting was available for viewing by the people who belonged to a certain public group within LinkedIn.
An Enhanced employee saw the posting and informed the President of Hypersonic that he was interested. After this, the employee met with Hypersonic's owner and hammered out a deal. Hypersonic then filed a complaint for declaratory relief regarding the enforceability of the agreement between Hypersonic and Enhanced. (There must have been some sabre-rattling obviously that prompted the filing of the complaint by Hypersonic.) The trial court concludes that Hypersonic did not violate the non-solicitation clause by posting the opening on LinkedIn. The appeals court affirms.
The court looks to the dictionary definitions of the relevant terms ("solicit" and "induce") and concludes that Hypersonic did not solicit or induce the Enhanced employee to terminate his relationship with Enhanced:
[t]he record clearly supports that [the employee] made the initial contact with Hypersonic after reading the job posting on a publicly available portal of LinkedIn. In other words, [the employee] solicited Hypersonic.
The court notes that the agreement precludes Hypersonic from soliciting applications, but nothing prevents Hypersonic from talking to Enhanced employees if they reach out to Hypersonic. The court concluded that this is what occurred here. In a footnote, the court also notes that the agreement could have been drafted more broadly to prevent Hypersonic from considering applications regardless of who initially solicited the contact.
__
This case raises the interesting question of when an online communication is one-to-one communication as opposed to a posting that is directed to the world at-large. It reminds me of the lawyer ethics question of whether a keyword targeted advertisement (in response to a catastrophic occurrence) can be a "solicitation" to a prospective client. (See Erik Turkewitz's post which discusses this issue in the context of New York's anti-solicitation rule: "New York’s Anti-Solicitation Rule Allows For Ethics Laundering and Must Be Modified.") Posts to social networking sites can fall into either category, but with increasing personalization, it's become more difficult to slot them in the appropriate box.
The court doesn't dig deep into the issue of whether the post was made in a way that it would be restricted to a small group or whether the sender would know in advance who the post was initially sent to. The court sates that the post was made to a "publicly available portal of LinkedIn," but also mentions that the post was for viewing by people "who belonged to a certain public group." My understanding is that LinkedIn group owners have to approve membership in the group. If the court determined that Hypersonic approved membership in the group, and knew in advance that Enhanced employees were a part of this group, I wonder if this would have changed the court's thinking. The court also doesn't discuss whether the post was made in a manner that Hypersonic would have "reasonably . . . expected" to bring about the termination of the employee's relationship with Enhanced.
I'm sure we will see many more courts address this type of a non-solicitation question over time. As far as I know, this is the first ruling that deals with this question. A previous case addressing the question of whether recruiters violated their non-compete clause by "connecting" (on LinkedIn) with candidates who were in discussions with their previous employer settled quietly. Here's Evan Brown's initial post on the case: "Nefarious LinkedIn use finally makes it to the courts." Here is a copy of the stipulated permanent injunction, which imposes broad restrictions on the defendants' solicitation of certain customers, but interestingly does not mention LinkedIn.
UPDATE: Ken Adams' thoughts on the case.
Posted by Venkat at 02:44 PM | Licensing/Contracts , Marketing
June 29, 2011
Court Dismisses Misappropriation Claims Against Facebook Over Its Friend Finder Service -- Cohen v. Facebook
[Post by Venkat Balasubramani]
Cohen v. Facebook, C 10-5282 RS (N.D. Cal. June 28, 2011)
There are a slew of publicity rights lawsuits pending against Facebook. This one alleged that Facebook misappropriated the names and likenesses of Facebook users by suggesting to Facebook users that their friends had utilized the "Friend Finder" service. (Ironically, Facebook's friend finder service looks similar to the service Power.com offered and which Facebook is trying to shut down.) Plaintiff brought a putative class action, alleging state law misappropriation, Lanham Act, and unfair competition claims.
Facebook's user agreement: Facebook argued that the consent contained in Facebook's terms of use barred plaintiff's claims. Facebook argued that its terms contained a broad license that was limited only by privacy settings for particular types of content:
For content that is covered by intellectual property rights, like photos and videos ('IP content'), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free license to use any IP content that you post on or in connection with Facebook ("IP License").
According to Facebook, an end user's name and profile picture have no privacy settings and therefore there were no limitations on the clause quoted above (i.e., no limitations on Facebook's right to use end user photos and user names). Judge Seeborg, disagreed, noting that:
a more natural reading of the provision is that it gives Facebook a worldwide license to reproduce any pictures or text posted by a user, subject to any privacy settings, that would insulate it from any copyright claims by the user, whether or not the reproduction was made on 'Facebook'.
Facebook also argued that its users had no expectation of privacy in their name or profile picture, but the court notes that this does not bar a user claim for publicity rights. It's one thing to disclose a person's name and it's another to use it for endorsement purposes. Although the discussion is slightly confusing, the court's conclusion was that it's not totally clear that Facebook's terms freely allow Facebook to exploit a user's publicity or personality rights in this manner. The court also noted that there was nothing in the terms which ostensibly allowed Facebook to disclose to other users what services a particular user utilized. [Ouch! I think the conclusion is debatable, and despite Facebook's clunky user agreements, the quoted language is broad. To be on the safe side, if I were Facebook, I would expressly reference publicity and personality rights.]
Plaintiff did not sufficiently allege injury: In order to make out a claim for misappropriation of publicity rights, the plaintiff has to allege injury. Although plaintiff included a conclusory allegation in the complaint that she "suffered injury-in-fact," plaintiff did not allege any harm whatsoever. Injury to feelings is sufficient to assert a publicity rights claim, but plaintiff failed to allege this. Plaintiff argued that she was entitled to statutory damages even absent a showing of harm, but the court disagreed. Under the case law, a plaintiff who suffers no economic loss but suffers emotional harm may be entitled to the minimum damages amount, but plaintiff failed to allege that she suffered any "mental anguish" as a result of Facebook's alleged misappropriation.
Plaintiff's lack of commercial interest in her name undermines Lanham Claim: With respect to the Lanham Act claim, the court held that plaintiff had to allege some "commercial interest" in his or her name in order to assert a Lanham Act Claim. While the plaintiff need not be in "actual competition" with Facebook, the plaintiff had to have some "economic interest" in her name "akin to that of a trademark holder." Plaintiff argued that she had a commercial interest (at least within the group of her Facebook friends) but the court rejects this argument.
Unfair competition: Plaintiff's unfair competition claims was derivative of her publicity rights claims and therefore were dismissed. The court also adds that apart from the injury issue, plaintiff is not likely to be able to show that she has lost "money or other property." The remedies available via a section 17200 action have been sharply limited in recent years, and if a plaintiff cannot show that Facebook wrongly took money or property belonging to plaintiff, he or she will be out of luck. The fact that Facebook offers a free service to end users makes section 17200 claims useless for anything other than prospective injunctive relief. (One or two cases have recognized that personal information can constitute "property," but the court does not discuss that possibility here. See "Judge Recognizes Loss of Value to PII as Basis of Standing for Data Breach Plaintiff".)
__
I'd characterize this as a partial win for both sides. Judge Seeborg's view that the Facebook end user agreement did not bar the misappropriation claims has to make Facebook nervous. On the other hand, if plaintiffs are going to have to show that they suffered "mental anguish" as a result of Facebook's use of their names and profile photos and they have an economic interest in their names, these present obvious barriers. [I can just imagine Facebook's investigators trolling the internet for examples of use by plaintiffs of their own photos and names on other sites or on Facebook, to show that plaintiffs did not really exert any control over use of their names and photos by third party websites.]
Facebook may also have an opportunity to argue that the claims are not amenable to resolution on a class-wide basis, given that individual facts may affect the determination of whether a particular user suffered "mental anguish" as a result of Facebook's use of plaintiffs' photos and user names.
Of course, the reality is that this is a cobbled together class action based on allegations of harm that are tenuous at best. The result may be different if plaintiff alleged that Facebook used plaintiff's name and likeness to advertise third party products or services or even promote something outside the Facebook ecosystem, but telling someone's Facebook's friends that they used the "friend finder" services sounds like a weak publicity rights claim at best.
Plaintiff may be able to amend and get past another motion to dismiss, but this lawsuit will probably be shuttled to the dustbin of internet privacy lawsuits in short order.
Posted by Venkat at 03:14 PM | Licensing/Contracts , Marketing , Publicity/Privacy Rights
June 15, 2011
Righthaven Benchslapped in Ruling Saying It Lacks Standing--Righthaven v. Democratic Underground
By Eric Goldman
Righthaven LLC v. Democratic Underground, LLC, 2:10-cv-01356-RLH-GWF (D. Nev. June 14, 2011)
This is another stinging defeat for Righthaven. The judge emphatically rejects Righthaven's substantive arguments about its copyright assignment from Stephens Media and harshly criticizes Righthaven's procedural conduct.
Regarding the assignment, the court focuses on the contract's effect: it was designed to give Righthaven only the right to sue and get the resulting cash, but Stephens Media retained all other control over the copyrighted asset. Thus, Stephens Media never assigned any portion of a Section 106 copyright right.
The opinion indicates that Stephens Media and Righthaven could fix this by giving Righthaven more control over the asset. I believe the contract amendment tried to do that, but it may not have gone far enough. Judge Hunt intimates as much, saying he "expresses doubt that these seemingly cosmetic adjustments change the nature and practical effect of the SAA." I remain skeptical that Stephens Media wants to give up enough control to Righthaven to satisfy the standing requirements.
The judge then indicates that Righthaven can't fix the existing contract defect for the existing litigation because standing is measured when the complaint is filed. This could lead to dismissal of all pending Review-Journal litigation and, depending on the exact wording of the MediaNews contract, possibly the Denver Post litigation as well.
If Righthaven can't get this opinion reversed on appeal and other judges defer to this opinion on the standing question (which I think it likely), Righthaven may be back at square one with its entire business. Thus, I assume Righthaven will appeal this decision. However, this is a pretty well-constructed opinion, so Righthaven will have an uphill battle overturning it on appeal. I wonder if the other pending cases will go on hold until an appeal is resolved.
Democratic Underground's declaratory judgment suit of non-infringement also survives dismissal. In doing so, the judge cites an unnecessarily inflammatory editorial posted by former Las Vegas Review-Journal publisher Sherman Frederick, who threatened to introduce his “little friend called Righthaven” to people who republished Las Vegas Review-Journal content. This quote invokes a famous line from the climatic scene in the film Scarface, where Al Pacino's "little friend" was an M-16A1 machine gun with a grenade launcher. I have always been baffled by the implicit symbolism of Frederick's analogy. Did he really mean to analogize Righthaven to a murderous weapon used by a drug lord to mow down his rivals in an ultimately futile last-stand?
In addition to the adverse substantive ruling, the judge criticized Righthaven unusually harshly in this opinion. The "high"lights:
* the judge rejects Righthaven's basic substantive argument as "flagrantly false—to the point that the claim is disingenuous, if not outright deceitful."
* the judge emphatically rejects Righthaven's attempt to argue that other judges had already upheld the copyright assignment, saying that "at best, this argument is disingenuous." Righthaven took the very aggressive position of citing one of the judge's earlier rulings back to him--and he seemed pretty angry that Righthaven sandbagged him in the prior ruling and then tried to estop him.
* the judge summarizes the overall ruling by saying "the Court believes that Righthaven has made multiple inaccurate and likely dishonest statements to the Court."
* the judge then goes on to lambaste Righthaven for not identifying Stephens Media as an interested party in the lawsuit, calling that omission "brazen" and "egregious."
The judge requires Righthaven to explain why the judge should not order sanctions. Given the tenor of this opinion, it seems like a sanctions order is inevitable. The opinion also hints that Democratic Underground may get its attorneys' fees. All told, this case is probably going to cost Righthaven dearly. And after a ruling like this, Righthaven's entire enterprise is on the ropes.
Other coverage from EFF (rightly touting its success) and Steve Green/Las Vegas Sun. In a rare move, the Las Vegas Review-Journal covered its own story, and it quotes some reactions from Righthaven. You can read it at http://www.lvrj.com/news/federal-judge-rules-las-vegas-firm-can-t-sue-over-copyright-infringement-123882024.html -- but do you even want to give them an extra page impression?
My prior blog posts on Righthaven:
* Another Defense-Favorable Righthaven Ruling--Righthaven v. Choudhry
* Republishing Entire Newspaper Story is Fair Use--Righthaven v. CIO
* Blogger Wins Fair Use Defense...On a Motion to Dismiss!--Righthaven v. Realty One
Posted by Eric at 06:28 AM | Copyright , Licensing/Contracts | TrackBack
June 05, 2011
Forum Selection Clause in "Submerged" Terms of Service Presumptively Unenforceable -- Hoffman v. Supplements Togo
[Post by Venkat Balasubramani]
Hoffman v. Supplements Togo Mgmt. LLC, A-5022-09T3 (N.J. Ct. App.; May 13, 2011)
Plaintiff who happened to be a lawyer brought putative class claims against Supplements Togo, alleging that the "Erection MD" "dietary supplement" sold via defendants' website was not as performance enhancing as promised. The trial court dismissed the lawsuit, among other things, on the basis of a forum selection clause contained in the website's online terms. The appeals court reverses, finding that the forum selection clause was buried on the website and thus not presumptively enforceable.
Background: The background facts are somewhat interesting, but do not turn out to be particularly relevant to the court's analysis. As the court notes, the plaintiff has brought other lawsuits against online retailers asserting consumer protection violations. Defendants are a group of related companies which were started in the early 1980s by a weightlifting enthusiast. (The precise nature of the entities is unclear, but the court presumes a relationship between the various entities.) Defendants sold "Erection MD" in a bottle form for $59.99 per bottle. Their website said that Erection MD consisted of a proprietary blend, and promised numerous benefits from taking this product. The website also contained a disclaimer which stated that the information on the website "reflects the opinion of . . . staff and should not be interpreted as medical advice."
Plaintiff ordered one of these bottles, did not allege that he tried them out, but brought suit, arguing that defendants' representations regarding the product violated New Jersey's consumer protection laws. He argued that defendants were required under this law to substantiate claims regarding the "safety, performance, availability, efficiency, quality or price" of any advertised merchandise, and that defendants' failure to have any such substantiation renders their marketing practices a per se violation of the statute.
The trial court found that plaintiff:
made a conscious decision to order the product thereby manifesting both an agreement to purchase the product at the price offered and an acceptance of all relevant terms including that all litigation would be in Nevada.
The trial court also found that plaintiff failed to adequately allege damages--i.e., plaintiff did not allege that he used the product or that he asked for his money back. The trial court relied in part on the fact that plaintiff was "an experienced attorney" and "a repeat litigator in the field of Consumer Act Fraud Claims."
Discussion: The court ultimately reverses on the forum selection issue and its opinion contains a fairly useful summary of the basic principles at play:
as . . . internet transactions have become more prevalent, so too have legal disputes proliferated over the contractual rights created in cyberspace between buyers and sellers. The present case exemplifies such a modern-day dispute, raising the question of whether the presentation of the forum selection clause on defendants' website suffices, as a matter of law, to bind internet purchasers of defendants' merchandise. To resolve that issue in this contemporary setting, we consult basic and long-standing principles of law and jurisdiction.
The court notes that in order to be bound by a forum selection clause (or any other online contractual term) "there must have been a meeting of minds of the parties." Forum selection clauses are enforceable when they are presented "in a fair and forthright fashion." Where the online consumer must view the contractual term in order to complete the transaction, the term will be valid and enforceable. There is no particular placement necessary for a forum selection clause--the only requirement is that the party against whom the clause is sought to be enforced must have "reasonable notice." The court contrasted the clause in Caspi v. Microsoft, where the consumer had to click "I Agree" in order to complete the transaction, with Specht v. Netscape. in Specht, the online agreement contained an arbitration clause, but the clause "was located well below an icon inviting subscribers to download" the program. The Second Circuit found that the arbitration clause at issue in Specht was unenforceable because the plaintiffs were not provided "reasonable notice." The court in this case also distinguishes between "clickwrap" agreements (where users manifest assent by clicking "I Agree") with "browsewrap agreements, where the users ostensibly agree with online terms merely by browsing. The agreement in this case can be characterized as a browsewrap.
Here, the available evidence showed that consumers could complete the transaction without viewing the forum selection clause. In fact, the court found that:
the forum selection clause was unreasonably masked from the view of prospective purchasers because of its circuitous mode of presentation.
The court does not credit defendants' argument that plaintiff should have reasonably looked in to the applicable terms, and also does not take into account plaintiff's sophistication or experience in determining that the forum selection clause was unreasonably buried. On the other hand, the court also rejects plaintiff's argument that in order to be enforceable, the website had to have some affirmative manifestation of assent (other than completing the transaction). In the end the court states that the forum selection clause is "presumptively unenforceable," but also that defendants can overcome this presumption if they can show that plaintiff actually read and agreed to the terms.
___
The dust has long settled--online agreements are ordinarily enforceable. This case is a useful reminder that traditional contract principles still apply, and as a website, you should do everything you can to preempt the "I did not read the terms and could not agree to them" argument. In particular, as a merchant, there is no real excuse for not doing this. Consumers have to take certain steps to complete the transaction, and a simple check the box at the penultimate stage that says "I have read and agreed to the terms" should do the trick. This was the result in Feldman v. Google, where Google had a "leak proof" end user agreement ("Google AdWords Contract Upheld (Again)"): At the bottom of the webpage, viewable without scrolling down, was a box and the words, “Yes, I agree to the above terms and conditions.” The advertiser had to have clicked on this box in order to proceed to the next step. If the advertiser did not click on “Yes, I agree ...” and instead tried to click the “Continue” button at the bottom of the webpage, the advertiser would have been returned to the same page and could not advance to the next step. If the advertiser did not agree to the AdWords contract, he could not activate his account, place any ads, or incur any charges. Plaintiff had an account activated. He placed ads and charges were incurred.
This was also the result in Scherillo v. Dun & Bradstreet, where the court rejected the plaintiff's far-fetched argument as to why the agreement in that case was not "leak proof," even though there was a box which plaintiff had to check in order to complete the registration. ("Clickthrough Agreement With Acknowledgement Checkbox Enforced.")
There's some question as to whether particular clauses need to be highlighted, and the court's opinion here is not crystal clear as to whether forum selection clauses are more closely scrutinized in their presentation. (I think the answer is no, but there was some ambivalence in the court's opinion.) At the end of the day, the key is to make sure that no clause is buried. If the agreement was presented in a leak proof fashion in this case, I'm not sure it would have mattered either way. The plaintiff's argument would have received the same chilly reception as it did in Feldman. The argument that "although I'm a lawyer I didn't actually read the agreement" does not tend to resonate.
Posted by Venkat at 11:15 AM | Licensing/Contracts
June 04, 2011
NebuAd Deep Packet Inspection Lawsuits Sputter -- Deering v. CenturyTel & Green v. Cable One
[Post by Venkat Balasubramani]
The alleged monitoring and use of ISP subscribers' internet activity for advertisement targeting purposes by NebuAd spawned a slew of class actions. NebuAd shut down, leaving plaintiffs to go after the individual ISPs who partnered with NebuAd. ("Turning Out The Lights: NebuAd.") Plaintiffs have not had much luck with their claims against the ISPs.
In Mortensen v. Bresnan, the court dismissed the ECPA and state law privacy claims but left the Computer Fraud and Abuse Act claims intact. ("Deep Packet Inspection (NebuAd) Litigation: Court Dismisses ECPA Claim but CFAA Claim Continues.") As an update to that case, the court ruled that the claims were not subject to arbitration, but the defendant-ISP moved for reconsideration of this ruling in light of AT&T Mobility LLC v. Concepcion, the recent Supreme Court case where the Court held that the Federal Arbitration Act preempts state law unconscionability arguments which are applied disproportionately to invalidate arbitration agreements. You can access the motion for reconsideration here.
Deering v. Centurytel, Inc.: In Deering, the court came to the same conclusion as it did in Bresnan, dismissing the privacy and ECPA claims on the basis of the end user agreement. The court notes that as in Bresnan, the ISP here:
also provided notice of the NebuAd agreement. Specifically, an email to its subscribers was sent informing them that the Privacy Policy had been updated and providing a link to the updated Privacy Policy. Under the heading, "Online Advertising and Third Party Ad Servers," CenturyTel customers were notified that "CenturyTel partners with a third party to deliver or facilitate delivery of advertisements to our users while they are surfing the web. This delivery of advertisements may be facilitated by the serving of ad tags outside the publisher's existing HTML code. These advertisements will be based on those users [sic] anonymous surfing behavior while they are online." . . . CenturyTel customers were further notified of their right to opt out of receiving targeted advertisements by clicking on an imbedded link. The "Online Advertising and Third Party Ad Servers" section also contained a link to NebuAd's website.
I'm a little stumped by the court's reliance on the language in the privacy policy. The court cites to CenturyTel's privacy policy which at the time said that:
personal information collected [by CenturyTel] may include, without limitation, name, address, telephone number, personal computer specifications, e-mail address, user IDs and passwords, billing and transaction information, credit card information, and contact preferences.
It looks like this describes information collected by CenturyTel, as well as information provided to CenturyTel by its users. But it still doesn't come out and say that CenturyTel or a third party track the contents of users' communications. As described by the court, the policy also had standard "cookies and web beacons" language which made clear that CenturyTel used cookies and web beacons to target. This would put users on notice that their clickstream would be used for targeting purposes, but would not alert them to the fact that their traffic is being routed through a third party server or that the contents of their web surfing activity would be exposed to a third party (which is what NebuAd is accused of doing).
CenturyTel sent an email to its users alerting them of an update to CenturyTel's privacy policy, but the email only said that "advertisements will be based on . . . [the] anonymous surfing behavior" of end users." The court does not cite to the NebuAd agreement, but nothing in the CenturyTel disclosures look like they clearly state that the contents of users' communications would be viewable and accessible by a third party. The use of "anonymous surfing" language if anything would tend to minimize the effect of any disclosures in the NebuAd agreement or would create a conflict between the two. How exactly NebuAd was monitoring and targeting is not clear, but the disclosure could have certainly been much clearer, and the court doesn't delve into the details here.
More than anything, this ruling seems to reflect the court's antipathy towards privacy class actions or the motivations behind them. The subtext of the ruling is that there is no "there" there. The notice provided by the ISPs and NebuAd may not have been perfect, but the court had to be influenced by the fact that the plaintiffs were told about some monitoring and given the ability to opt-out. No one took advantage of this or alleged that they followed up.
The court also has harsh words for plaintiff's counsel, finding that it is "telling, and somewhat troubling" that the plaintiff did not mention the Bresnan case, "even though the same lawyers appear to have filed very similar complaints in these cases."
Green v. Cable One: In addition to Bresnan and CenturyTel there's another NebuAd case where plaintiff's claim went sideways (this happened in late February and I missed it at the time). In Green v. Cable One, plaintiff brought claims against Cable One based on alleged monitoring by NebuAd. According to a post at Wildman Harrold, here's what happened next:
Plaintiff filed a motion for class certification in August 2010. Cable One served a demand to copy and inspect plaintiff’s computer. The plaintiff then voluntarily dismissed with prejudice three of the four claims that depended upon allegations of harm/damage, leaving only the claim for violations of the ECPA remaining. (Dkt 43, October 2010). On November 9, 2010, the named plaintiff Green was deposed. During that deposition, he testified that he only accessed his Cable One account from one computer/IP address located in Alabama. Cable One’s records revealed that the Internet subscription had been canceled for that home address on November 19, 2007, one day before the NebuAd ad serving technology went into use by Cable One.
Cable One filed a motion to dismiss for lack of standing. In response, plaintiff filed a "non-opposition" with a curious explanation:
Plaintiff conferred with Defendants in effort to reach a stipulation on the Motion to Dismiss in an effort to minimize the use of judicial resources. Defendants requested the Plaintiffs file a Notice of Non-Opposition instead. Therefore, Plaintiff submits this Notice of Non-Opposition to Defendant's Motion to Dismiss.
Say what? The fact that the named plaintiff dismissed a chunk of the claims in response to a request to inspect plaintiff's computer is telling. The fact that plaintiff agreed to dismiss the claims in their entirety when Cable One argued that plaintiff cancelled his Cable One subscription the day before NebuAd filtering was implemented just demonstrates that (assuming what Cable One says its true), there was no way that plaintiff could have suffered any harm as a result of the alleged filtering. This points in the direction that courts' skepticism towards these lawsuits may be entirely warranted.
Posted by Venkat at 01:10 PM | Licensing/Contracts , Privacy/Security
June 01, 2011
Updates on DoctoredReviews.com and Medical Justice
By Eric Goldman
You may recall our April launch of DoctoredReviews.com, a website explaining why Medical Justice's form agreement, the "Mutual Agreement to Maintain Privacy," was a bad deal for doctors, patients and review websites. See a list of the media coverage on the site's launch.
Since then, there have been three developments of interest.
First, Timothy B. Lee at Ars Technica covered his experiences with a dentist who asked him to sign the Mutual Agreement to Maintain Privacy and what happened when he balked at signing (predictably, there was no negotiation, and he was booted from the office). The entire article is a great read, but this line especially caught my eye: "we began to wonder if Medical Justice was taking advantage of medical professionals' lack of sophistication about the law." Watching the doctor community's response to our site launch, I had been wondering the same thing. Doctors and other healthcare professionals are very scared of the combination of privacy laws and unfettered consumer reviews; and Medical Justice has a several year headstart in (mis?)educating them about the law. It's clear that our advocacy site alone isn't enough to do the necessary counter-education.
Timothy also hammers on how Medical Justice has been backpedaling about the efficacy of the Mutual Agreement to Maintain Privacy. Medical Justice publicly claims that the agreement is principally useful for dealing with reviews from the doctors' competitors or ex-employees or other fraudsters. This is a baffling argument because (as Timothy points out) those folks undoubtedly haven't signed the Mutual Agreement to Maintain Privacy, so doctors can neither assert a breach of the agreement nor the assigned copyrights in those reviews. (And asserting copyright to the review websites could lead to 512(f) claims). There is a massive logic disconnect between the purported goals of the Mutual Agreement to Maintain Privacy and the legal effect of the contracts. For an outfit that was clever enough to develop a way to hack 47 USC 230 through a copyright workaround, the response that the agreement should be used only against people who haven't signed it is so oddly sophomoric that it makes me wonder about the sincerity of the proffered explanation.
Timothy followed up his initial story with a postscript. In it, the dentist who claimed he'd never enforced the Mutual Agreement to Maintain Privacy backpedaled and admitted that he had, in fact, help drive a negative review off the Internet. On the plus side, the dentist publicly acknowledged that the Mutual Agreement to Maintain Privacy wasn't a good deal for him, and he said he wouldn't renew with Medical Justice. Hey doctors and other healthcare professionals, I hope you took note.
Second, John Swapceinski of RateMDs made a post entitled "Medical Justice planting glowing reviews on RateMDs.com." Apparently, John saw some early activity from a new Medical Justice offering called the "Review Builder Program" that Medical Justice claims will help patients leave reviews from doctors' offices. Timothy at Ars Technica has plenty of sharp words about the program and the possibility of Medical Justice duplicity.
Third, we are working on Phase 2 of the DoctoredReviews project, during which we identified another doctrinal oddity: doctors, based on their purported copyright ownership, can obtain and send 512(h) expedited subpoena requests in an effort to unmask the review author--in a process that is outside of public view and without any substantive judicial oversight. Obviously, review websites can (and should) push back on these subpoenas, but I have some reason to believe that the Mutual Agreement to Maintain Privacy's purported copyright assignment is producing unmaskings that would not occur if supervised in a court of law. I'm adding this attack on privacy to the taxonomy of abusive takedown practices I'm developing.
Posted by Eric at 02:18 PM | Content Regulation , Copyright , Derivative Liability , Licensing/Contracts , Privacy/Security | TrackBack
May 26, 2011
Online Insurance Application Constitutes “Writing” for Purposes of Waiving Insurance Coverage for Medical Benefits--Barwick v. GEICO
Barwick v. Government Employee Insurance Co., Inc., 2011 Ark. 128 (March 31, 2011) [link]
Although 47 states, the District of Columbia, Puerto Rico and the Virgin Islands have adopted the Uniform Electronic Transaction Act (UETA), we have had very few cases discussing or interpreting UETA. Here, we have a case where the court is asked whether a waiver in an online insurance application is a “writing” for purposes of a state insurance law that requires coverage waivers to be in writing.
The facts are fairly simple. In 2009, a woman (who subsequently married the plaintiff) purchased automobile insurance coverage online at GEICO’s website. In the online application, the woman rejected coverage for medical benefits as permitted under Arkansas law. The online form bore the woman’s electronic signature. In a discovery deposition, the woman also acknowledged that she completed the form on the website, that she did not select the coverage for medical benefits, and that she signed the application electronically.
The lower state court granted summary judgment to GEICO and dismissed the husband’s claim for medical benefits. On appeal, the husband argued that the electronic application containing his wife’s electronic signature did not meet the requirement that a rejection of coverage be “in writing” under the terms of Arkansas Code Annotated Section 23-89-203 (Repl. 2004). The husband argued that because a general statute does not apply when a specific one governs the subject matter, the insurance statute requirement that the waiver of coverage be “in writing”, takes precedence over the more general provisions in the UETA. He also argued that pressing a computer button did not constitute a “writing” for purposes of waiving coverage.
The Arkansas Supreme Court reviewed the history of UETA and noted that Arkansas had adopted UETA in 2001 to facilitate electronic transactions. The court found that the online application was an “electronic record” under UETA. The Court also found that there was no conflict between the insurance statute and UETA, and that the two provisions can be read “harmoniously” to mean that an electronic record can fulfill the requirement of written rejection for coverage. As a result, the Arkansas Supreme Court affirmed the lower court’s grant of summary judgment to GEICO.
A few thoughts:
• The court’s analysis is straightforward and correct. One would think that the legal issue is obvious, but there have been very few cases interpreting UETA to date (perhaps because the statute is so simple?). UETA was drafted so that the state legislators did not have to amend the numerous statutory requirements for “writings” in each statute. Instead, UETA provides a global approach that a record or signature may not be denied legal effect or enforceability solely because it is in electronic form, and a contract may not be denied legal effect or enforceability solely because an electronic record was used in its formation. But it’s nice to now have a case to point to when a client questions the validity of online agreements.
• GEICO also argued that the plaintiff should be estopped from questioning the validity of the electronic waiver of coverage, because he is also seeking to benefit from the insurance policy obtained throughout the online application. Because the court dismissed the appeal on the UETA grounds, it did not need to address the estoppel argument.
• There do not seem to be any evidence issues in this case. The woman in question did not deny that she completed the online application and affixed an electronic signature. She also gave a deposition testimony that she completed the form on the website, that she and did not select coverage for medical benefits, and that she signed the application electronically. Query whether or not the court would have denied summary judgment if any of these facts had been in dispute.
• Unlike the court in Colorado last year, the Arkansas Supreme court correctly determined that EUTA, and not the federal Electronics Signatures In Global and National Commerce Act (commonly known as “E-Sign”), applies to this case. E-Sign has a peculiar “reverse preemption”. E-Sign governs in the absence of a state law or in states that made modifications to UETA that are inconsistent with E-Sign. In effect, Congress forces a state to adopt UETA in a uniform manner, by providing that the state version of UETA controls over E-Sign if UETA is adopted without modification. Here, Arkansas appears to have adopted UETA without any significant modifications, so UETA’s provisions should govern questions of contract formation and enforceability in Arkansas.
See also this brief post on a Federal Circuit UETA case.
Posted by John Ottaviani at 07:00 PM | E-Commerce , Licensing/Contracts | TrackBack
May 25, 2011
Ohio Appeals Court: GoDaddy can be Held Liable for Wrongly Transferring Control Over Domain Name and Email Accounts -- Eysoldt v. ProScan
[Post by Venkat Balasubramani]
Eysoldt v. GoDaddy, et al., C-100528 (Ohio Ct. App.; May 18, 2011)
Actions against registrars for allowing domain names to be wrongly transferred have been relatively rare. Members of the Eysoldt family brought claims against GoDaddy alleging these types of claims. A jury ruled in their favor and the Ohio Court of Appeals declined to set aside the verdict.
Jeff Eysoldt registered Eysoldt.com through GoDaddy. He used this account for personal purposes--he stored photos and used it for email, and he allowed other family members to do so. He also registered and managed a domain name for his sister's business through this account. Separately, he entered into a business arrangement with ProScan, and the parties sought to build out a website which would promote cosmetic surgery centers. As part of this project with ProScan, he registered Myrejuvenate.com and placed this domain name in the same GoDaddy account as his personal domain name and his sister's domain name.
The relationship between Eysoldt and ProScan soured, and ProScan sought control of the domain name and the website. One of the ProScan executives called GoDaddy directly. GoDaddy's customer service representative saw that the domain name was registered under Eysoldt's name but "verified" the account information with the ProScan executive by confirming the method of payment and account number used to pay.
GoDaddy gave ProScan control over the Myrejuvenate.com domain name. Unfortunately, it also gave ProScan control over the other domain names and associated email accounts in Eysoldt's GoDaddy account. Eysoldt contacted GoDaddy to fix the problem, but he was told he had to fill out a verification form and fax this along with his drivers license. He did this, but GoDaddy responded to him that his face was not legible in the copy of the drivers license. The ProScan executive also contacted GoDaddy and asked that the domain names other than Myrejuvenate.com be transferred back to Eysoldt, but this too was unsuccessful.
Ultimately, Eysoldt sued GoDaddy. He sued ProScan as well but settled with them. The jury ruled in favor of the Eysoldt and awarded him $50,000 ($20,000 for invasion of privacy and $30,000 for conversion). Two other Eysoldt family members were awarded $10,000 each ($7,000 for invasion of privacy and $3,000 for conversion). (Here is a link to the verdict form.)
GoDaddy made several technical arguments on appeal and the court rejects them all.
Economic Loss doctrine: GoDaddy argued that Eysoldt's claims were barred by the economic loss rule, but the court says that this rule only applies to negligence claims and not to intentional torts.
Conversion: GoDaddy argued that a domain name cannot form the basis for a conversion action because it is intangible property. The court says (citing to CRS Recovery, Inc. v. Claxton) that times have changed. A domain name is readily identifiable and can be converted. GoDaddy also argued that the family members could not assert conversion claims because they testified that they lacked any ownership interest in the accounts. On this point, the court ruled that there was sufficient evidence from which a jury could conclude that GoDaddy converted the "conditional email and private communications [of the family members] that were contained in the GoDaddy account."
Invasion of Privacy: Finally, GoDaddy argued that there was insufficient evidence to support an invasion of privacy claim because there was no evidence that GoDaddy accessed the email accounts. The court rejects this argument also, noting that Eysoldt testified that someone had accessed the emails. According to the court, the harm flowed from the disclosure and not the misuse of the emails. In any event, the court cites to the fact that GoDaddy took control of personal emails, websites, and communications and just handed them over to a third party.
---
GoDaddy had a pretty tough argument here given the facts. To treat a domain name as anything other than valuable third party property would be a mistake by registrars. There was some confusion early on as to whether domain names are contract rights (which do not support conversion claims) instead of property, but courts have long moved on from this question. (See Kremen v. Cohen, CRS v. Claxton, Office Depot v. Zuccarini, Bosh v. Zavala, etc.) I'm surprised GoDaddy didn't raise an argument based on waivers or limitations of liability contained in its end user agreement, but the opinion does not discuss them.
The court's conclusion regarding the invasion of privacy claim is worth noting because the court did not take the approach numerous courts have taken in data breach cases and require any showing of out-of-pocket loss. The likely explanation for this is that the plaintiff here asserted claims under the "intrusion" theory, where the harm flows from the mere disclosure, rather than the misuse, of data, but this should require a showing that the accounts contained information that was of an intimate nature. The court alludes to this in describing what type of information was contained in these email accounts, but does not come out and explicitly state this or cite to any specific information which would support a claim of intrusion.
The court's conclusion that the other family members could recover for conversion also glosses over a few nuances. The sister had a domain name registered through GoDaddy, but the court does not connect the dots on how giving Proscan control over the GoDaddy account translates into a conversion claim for the other family members. The court instead focuses on the email accounts and notes:
[w]hile Jill and Mark [the other family members] acknowledged that the account was registered to Jeff, the evidence showed that each of them had email accounts set up within Jeff's account. Additionally, Jeff and Jill had created content for Jill's website for her business, Good Karma Cookies. When Go Daddy gave control of the account to Wallace and ProScan, Jill could not access her website. Likewise, Jill and Mark could not access their email accounts. Thus, as the trial court stated, 'there was sufficient evidence produced at trial that would support the jury finding that GoDaddy converted the conditional and private email communications of Mark and Jill Eysoldt that were contained in the GoDaddy account.'
The court's focus on control over email accounts and content does not square well with the cases which say that domain names can be converted because they are freely transferable and can be bought and sold. Under the court's approach, a registrar could be found liable for terminating access to an email or hosting account, and this sounds problematic.
[Eric's comment: indeed, I read this opinion as hinting that any cloud service provider could "convert" a user account's to the extent that service provider "wrongfully" "cuts off" the user's access to his/her own intangible files. I don't think the court means to go there, but holding that GoDaddy converted the emails (as opposed to the domain names) naturally leads to a very dark place.]
It's clear that courts are not reluctant to impose some sort of obligation on the part of registrars to guard against identity theft. Registrars may need to adopt authentication procedures as rigorous as the procedures that banks use to authenticate bank accounts. Of course, even this approach is not infallible, and not easy to implement, given that much of the customer service interaction between a registrar takes place over the phone. Another suggestion is for registrars to respond promptly to any claims by customers of domain name theft. Sending a canned response from customer service when a customer frantically emails saying that his or her domain name has been stolen is not going to look good in the eyes of the fact-finder.
I'm struck at how often people register business and personal domain names in the same account, and how often the web-person ends up registering the domain name for a project in his or her account, rather than in the name of the entity, or a separate account which both joint ventures have control over. The domain name as a bank account analogy is useful here, and if you are part of a joint venture, think about whether you would want to give your co-venturers sole control over the bank account.
Posted by Venkat at 09:20 AM | Domain Names , Internet History , Licensing/Contracts , Publicity/Privacy Rights
May 23, 2011
College Course Description Aggregator Loses First Round in Fight Against Competitor in Scraping Case -- CollegeSource v. AcademyOne
[Post by Venkat Balasubramani with comments by Eric]
CollegeSource, Inc. v. AcademyOne, Inc., 10-3542 (E.D. Pa.; Apr. 22, 2011)
This is a scraping case between CollegeSource and its competitor AcademyOne. It looks like it's part of a long running dispute between the parties. AcademyOne previously brought cybersquatting and false advertising claims against CollegeSource and lost. CollegeSource separately sued AcademyOne for a violation of its terms of use in California. The court dismissed on the basis of lack of personal jurisdiction and CollegeSource appealed the dismissal to the Ninth Circuit. CollegeSource then re-filed the same lawsuit in Pennsylvania, and a ruling from that court is the subject of this blog post. That's a lot of litigation over pdf copies of college course catalogs!
Background: CollegeSource digitizes course catalogs and descriptions and makes them available online in pdf form. It also slaps a splash page, logo, and its terms of service on the pdfs which it creates. AcademyOne is also in the business of providing information regarding college course descriptions. The parties also both offer services which "evaluate the transferability" of college courses, but those particular services were not directly at issue in this dispute.
AcademyOne tried to license the pdf versions of CollegeSource's catalogs, and CollegeSource refused. AcademyOne then crawled the web to obtain this information from other sources, including the colleges directly, but in the process, ended up copying and posting on its own site course catalogs which bore CollegeSource's logos and terms of use. CollegeSource in turn sent AcademyOne a cease and desist letter, which AcademyOne largely complied with. AcademyOne received the letter in 2007 and removed the CollegeSource catalogs by mid-2007. AcademyOne also put in place safeguards to make sure CollegeSource's pdfs did not end up on AcademyOne's site again.
Despite these safeguards, two of the CollegeSource course catalog pdfs ended up on AcademyOne's site. In response, in July 2010, CollegeSource sued. It moved for a TRO which was denied. Around the time the lawsuit was filed, AcademyOne's CEO sent Freedom of Information Act (FOIA) requests to various colleges, seeking the details of agreements between the colleges and CollegeSource, to the extent those agreements existed. The letter said that the information was sought in the context of a pending copyright dispute.
In December 2010, CollegeSource moved for a preliminary injunction. It asserted that it was entitled to an injunction based on its breach of contract and unjust enrichment claims, and based on false advertising premised on statements in the letters sent to colleges by AcademyOne.
Breach of contract and unjust enrichment: Although CollegeSource asserted copyright claims in its cease and desist letter, in the lawsuit, it relies on AcademyOne's alleged breaches of its terms of use. It would not have been able to claim copyrights in the course descriptions since these are likely factual in nature, and it did not create the course descriptions in the first place. With respect to CollegeSource's breach of contract claims, the court finds that CollegeSource is not likely to be able to show irreparable harm for breaches of its terms of use and thus isn't entitled to an injunction. The court notes that AcademyOne took steps to comply with any takedown requests and instituted safeguards to make sure no CollegeSource course catalogs ended up on AcademyOne's website again.
False advertising: The crux of CollegeSource's false advertising claim at this stage was centered around a letter sent by Academysource to various colleges. The letter sought copies of any agreements in place between the college and CollegeSource:
[that would] grant [] CollegeSource . . . the authorization to create and claim a derivative copyright of [the academic institution's] printed or digital catalog for [2006-2010]; limit the rights of distribution of the electronic version located on their website; archive the file; add their logo and Terms of Use to the front of each catalog and charge for access to the catalog.
CollegeSource claimed that the letter is false because it stated that it was sent in connection with copyright claims asserted in the lawsuit. The court says that there is nothing literally false about referencing copyright claims since that's the subtext of CollegeSource's claims. Ultimately CollegeSource sought control of the catalogs. The court also addressed CollegeSource's argument that the letter had the tendency to deceive and resulted in at least one institution requesting that CollegeSource remove its catalogs from CollegeSource's website. The court notes that there's no evidence as to the precise reason for the college's request.
__
This is a dangerous dispute for CollegeSource. The idea that it should be able to somehow claim exclusive rights in college course descriptions is crazy. Once the institutions realize that this is what CollegeSource is doing with the course catalogs and descriptions they provide to CollegeSource, there is a high likelihood that many of them will tell CollegeSource to stop this practice. There's not much room to claim copyright in course descriptions, and in any event, CollegeSource's attempt to slap its logo and terms of use on the pdf copies of the descriptions looks like a naked rights grab which the colleges are not going to be happy with. This is almost similar to a city claiming copyright in its ordinance. It's worse. It's as if a public citizen or a corporation does this after slapping a logo and terms of use on a pdf version of it. Using a breach of contract claim to get around an ineffectual copyright claim can work in some circumstances, but courts will rightly be skeptical. (The court does not address the copyright preemption argument but I think there's one lurking in the background, since the conduct CollegeSource is complaining of is the copying its materials by AcademyOne.)
The false advertising claim was extremely tenuous. It was sent in the context of a public records request in the middle of a dispute. I'm surprised there's not a claim of privilege (or a SLAPP exception) that would have protected AcademyOne's statements. Maybe it's a jurisdictional quirk but I imagine in some jurisdictions, CollegeSource's false advertising claims would have been slapped out of court.
More on this case from Rebecca.
__________
Eric's comments
I've hinted at the issue before, but let me put my philosophy on the table explicitly: it is extremely dangerous for aggregators to bring IP enforcement actions. The enforcement lawsuits can directly backfire (see, e.g., the Barclay's v. theflyonthewall lawsuit) because the plaintiff ends up talking out of both sides of its mouth: it says X isn't permissible when we're the rightsholders, but X is permissible when we're the aggregator. At best, that kind of duplicity never impresses judges. Further, even if the enforcement lawsuit doesn't lead to a direct form of collateral estoppel, it has the potential to create adverse legal precedent. For these reasons, plus the risk Venkat identified about educational institutions cutting off CollegeSource, it seems like an unnecessarily high-risk move for CollegeSource to bring this iteration of the lawsuits.
Having said that, AcademyOne's experience reiterates the potential problems with scraping. Inevitably, scraping will gather up legally risky content; and as this case shows, that's true even if the scraper institutes procedures designed to screen out that content. This particular ruling is good news for AcademyOne, but scraping remains a legally ambiguous proposition.
Posted by Venkat at 09:10 AM | Copyright , Licensing/Contracts , Marketing
May 21, 2011
Another Unhappy Facebook User's Lawsuit Tossed--Kamango v. Facebook
By Eric Goldman
Kamango v. Facebook, 2011 WL 1899561 (N.D.N.Y. April 19, 2011). The judge approved the magistrate order on May 19, 2011. See Kamango v. Facebook, 2011 WL 1899277 (N.D.N.Y. May 19, 2011). The initial complaint.
Kamango claims that Facebook blocked (terminated?) his account for spamming friend requests. He claims the account block violated his right to express himself and be free from bias. The magistrate tossed the case as frivolous (using the standard applicable to pro per cases), and the judge upheld the dismissal even after Kamango objected. Because both opinions are appropriately efficient, there isn't much detail to explore, but the judge does note "Plaintiff’s claim under the First Amendment is futile because the First Amendment applies only to governmental action (and he has alleged no facts plausibly suggesting such governmental action)."
No matter how much we might question Facebook's policies, the lesson from Young v. Facebook plus this one is clear: stop suing Facebook for account terminations!
Posted by Eric at 11:12 AM | Content Regulation , Licensing/Contracts | TrackBack
May 20, 2011
Another Ruling that the Americans with Disabilities Act Doesn't Apply to Websites--Ouellette v. Viacom
By Eric Goldman
Ouellette v. Viacom: The magistrate report: 2011 WL 1882780 (D. Mont. March 31, 2011). The judge's approval of the magistrate's report: 2011 WL 1883190 (D. Mont. May 17, 2011). The original complaint (he filed an amended complaint that served as the basis of these rulings).
[Note: this lawsuit is gossip-worthy because the plaintiff named YouTube and Viacom as co-defendants, leading to the possibility that they might work together on a joint defense despite their bitter feud in Viacom v. YouTube.]
Just yesterday, I blogged about Young v. Facebook, in which Judge Fogel held that Facebook wasn't covered by the Americans with Disabilities Act because it wasn't a physical place. In this unrelated ruling (there were no cross-citations between the opinion), YouTube and MySpace get a virtually identical ruling. Perhaps we will see enough precedent develop that websites aren't covered by the ADA to suppress further plaintiffs forays. Today's rulings also have some interesting discussion about the application of 17 USC 512's safe harbors to a user whose content is removed.
Plaintiff filed this lawsuit pro se and in pro per. Trying to summarize, it appears his main allegations are that YouTube and MySpace wrongfully removed his videos in response to allegedly bogus takedown notices from Viacom and other content owners. Because of his pro per status, the court does an initial screen to determine if the claims are frivolous. In February, the court determined that Claim I, the "DMCA" claim, wasn't frivolous--presumably, a 512(f) claim against the content owners for a bogus copyright takedown notice.
The two rulings prompting this post--the magistrate report and judge's approval--dismiss the other claims as frivolous, including the rejection of:
* a claim that the defendants violated his fair use rights. The court says that fair use is a defense, not a cause of action.
* a 512(f) claim against the defendants other than the content owners. Even though 512(f) could apply generally, the plaintiff never alleged any actual misrepresentations made by the specified defendants.
* claims that YouTube's contract had an improper venue clause (even if true, Google let the case proceed in Missoula, so the clause wasn't used) and that the contract let third parties harass him, to which the magistrate says "Under the facts alleged by Ouellette, however, Google and YouTube cannot be liable for the conduct of any third party."
After breezing through those claims, the magistrate takes a little more time with the ADA claim. The plaintiff is dyslexic. The magistrate summarizes his contention: "he alleges those Defendants discriminated against him based on his reading disability, and deprived him of access to their internet services and their “online theater”—a “place of public accommodation” governed by the ADA." Citing the AccessNow v. Southwest Airlines case, the magistrate says "an internet website, by itself, is not an actual place, or a physical, concrete structure that would qualify as a place of public accommodation under the ADA." Similar to the discussion in yesterday's Young v. Facebook ruling, the magistrate responded:
His allegations fail to identify any actual, physical place where Defendants' services are made available, and fail to assert any connection between the internet websites he sought to access, and any actual, physical structure or facility through which Defendants' services could be accessed or provided. To the contrary, Ouellette alleges only that Defendants' conduct has impeded his access to certain internet websites
In approving the magistrate report, the judge rejects the plaintiff's objection that a website's servers are the requisite physical place:
Neither a website nor its servers are “actual, physical places where goods or services are open to the public,” putting them within the ambit of the ADA. Weyer v. Twentieth Cent. Fox Film Corp., 198 F.3d 1104, 1114 (9th Cir.2000). The public access production facility might amount to such a place, but there is no nexus between the websites and Ouellette's inability to access that physical place.
The magistrate also rejects the plaintiff's attempts to turn 17 USC 512 into an affirmative cause of action. As I read it, the plaintiff argued that the defendants' failure to follow the notice-and-takedown and counter-notice/putback provisions of 512 creates an affirmative cause of action for a user who posted the affected content. This claim is putatively separate from the 512(f) claim, which I believe is the only affirmative cause of action in 512; in my opinion, the remainder of 512 is all a safe harbor. The magistrate (approved by the judge without substantive comment) rejects the plaintiff's argument:
Ouellette's reliance on the takedown and counter notice safe-harbor procedures in the DMCA is misplaced. The Defendants' alleged compliance, or non-compliance with the procedures does not provide a basis for liability. Defendants' liability to Ouellette, if any, could only be imposed under existing principles of law independent of the DMCA's procedural requirements. Ouellette's allegations, however, do not invoke any independent theory of liability. Therefore, his claims founded upon the DMCA should be dismissed.
I'd be more excited about these rulings if it didn't involve a pro per plaintiff, because then they might be more persuasive to other judges. Nevertheless, these rulings are a useful warning to future plaintiffs that it's frivolous to argue that websites are governed by the ADA and that failure to follow the notice-takedown-counternotice-putback procedures in 512 creates a cause of action.
Posted by Eric at 07:35 AM | Content Regulation , Copyright , Derivative Liability , Licensing/Contracts | TrackBack
May 19, 2011
Facebook User Loses Lawsuit Over Account Termination--Young v. Facebook
By Eric Goldman
Young v. Facebook, Inc., 2011 U.S. Dist. LEXIS 52711 (N.D. Cal. May 17, 2011). My post on Judge Fogel's Nov. 2010 dismissal of this case with leave to amend. Karen's lawsuit-related website.
I respect people of conviction, especially when they persevere in the face of long odds. Karen Young is such a person. After Facebook terminated her account, she drove across the country to try to get answers from Facebook in person--and after a very brief return home, stayed in the Bay Area to get results from Facebook (via litigation or otherwise) over her terminated account. Indeed, she dropped by my office a few months ago (unscheduled) to talk about her case. I told her in person that she should go back home because it didn't make sense to put her life on hold fighting Facebook. A woman of conviction, she has held fast. Nevertheless, after this ruling, perhaps she will decide to end her vigil.
Young has bipolar disorder. She sued Facebook for ADA violations for failing to provide adequate customer support to individuals with mental disabilities. The court rules that the ADA is inapplicable to Facebook because it's a website, not a physical place. The court says:
Despite its frequent use of terms such as "posts" and "walls," Facebook operates only in cyberspace, and is thus is not a "place of public accommodation" as construed by the Ninth Circuit. While Facebook's physical headquarters obviously is a physical space, it is not a place where the online services to which Young claims she was denied access are offered to the public.
To get around this, Young argued that some other circuits have directly or impliedly extended the ADA to virtual places. Judge Fogel rejects this as inapplicable in the Ninth Circuit. Young also invoked Judge Patel's troubling opinion in NFB v. Target, arguing that (like Target) Facebook had the requisite "nexus" to a physical place because it sells gift cards in physical retail stores. This argument fails because Facebook doesn't own or control those physical outlets.
The related state claims also fail. The Disabled Persons' Act claim fails for the same reasons as the ADA claim. The Unruh Act claim fails because Young was griping that Facebook's customer support was too hard for someone in her condition to navigate, but she didn't show that Facebook treated bipolar individuals discimrinatorily or that Facebook's policies targets disabled individuals.
Young's breach of contract claim fails because Young never specifically identified a breach, and her negligence claim fails because he didn't allege any source of a duty. Judge Fogel also shuts down the implied good faith obligation bypass. In his prior ruling, he left open the door, saying "[i]t is at least conceivable that arbitrary or bad faith termination of user accounts, or even termination of user accounts with no explanation at all, could implicate the implied covenant of good faith and fair dealing." Young doesn't clear this threshold because the only evidence she cited--Facebook's termination email--expressly explained Facebook's reasons for the termination. (The opinion doesn't tie this knot, but it seems that those expressed reasons didn't show bad faith). Although this isn't expressly connected to the Smith v. TRUSTe ruling, it's interesting that this is the second judge in a few months interested in whether the website told users why they are getting ousted. This is in conspicuous contrast to the pressures coming from Barnes v. Yahoo for websites to tell users less, not more, to avoid promissory estoppel arguments.
The opinion concludes with a little advice for Facebook:
The Court is not without sympathy for Young's plight. Young was understandably frustrated that she could not discuss the termination of her account with a live person, and both this frustration and the loss of her access to Facebook's social network had a particularly acute impact on Young because of her bipolar condition. As customer service functions increasingly are handed over to automated systems, it is important that service providers, such as Facebook, understand the implications that such practices can have for the less sophisticated and more vulnerable. However, because Young's amended complaint does not state a cognizable legal basis upon which relief may be granted, it must be dismissed. Because the amended complaint fails to address many of the issues identified by the Court in its previous order, and because it appears that there is no realistic possibility that further amendment could cure the deficiencies in Young's pleadings, leave to amend will be denied.
A few observations about this result:
* the opinion doesn't mention 47 USC 230(c)(2), although I think the immunity might very well apply to some or all of Young's claims. I will have more to say about that in an upcoming UC Irvine Law Review article.
* whether or not 47 USC 230(c)(2) applies, it almost never makes sense for a user to sue a website over account termination. Those lawsuits are almost always a huge waste of time and money.
* Even though the ADA and related state statutes do not apply to websites, websites often can and should voluntarily do more to accommodate users with various physical and mental challenges. Not only is that often a smart business decision, it's often the right thing to do.
UPDATE: Facebook emailed me the following statement: "We want Facebook to be available to everyone, including people with unique needs, and have worked hard to create tools and resources to educate people about our service and its rules. While we're pleased with the court's decision, we'll continue to invest in this area."
Posted by Eric at 01:29 PM | Content Regulation , Licensing/Contracts | TrackBack
May 18, 2011
Thoughts on the Lawsuit Over the @OMGFacts Twitter Account -- Deck v. Spartz, Inc.
[Post by Venkat Balasubramani]
Deck v. Spartz, Inc., 2:11-cv-01123-JAM-DAD (E.D. Ca.; Apr. 26, 2011) (Complaint) (Agreement)
An Associated Press story reports on the lawsuit over the @OMGFacts Twitter account. (Here's a link to the story with comments from Professor Goldman.)
Background: @OMGFacts is a Twitter account which was created by Adorian Deck. It rose to prominence in 2010. As alleged in the complaint:
In September 2009, [Deck] created a Twitter feed [@OMGFacts]. The feed retrieved and republished titillating, sometimes trivial, factual tidbits about such subjects as celebrities, pop culture, world history and commerce. The feed quickly amassed more than 300,000 followers, including many celebrities. It became the 18th most active Twitter trend in 2009, and remained among the top ten trending terms until January 2010.
Most interesting about this dispute is that Deck was a high school student and a minor when he created the account.
Deck was allegedly approached by Emerson Spartz, who ostensibly agreed to help Deck capitalize on this success. The two entered into an agreement which provided that Deck, who was labeled as a "contractor" in the agreement, would be entitled to 30% of the revenues from the OMGFacts YouTube channel and 100% of the revenues from the sales any "OMG Facts" t-shirts. Under the agreement, Spartz agreed to promote the sale of these t-shirts and deal with the OMG Facts YouTube channel. The agreement also provided that any "documents or records or creations . . . which are made by [Deck]" would be owned by Spartz's company. The agreement also had copyright assignment provisions which purported to assign to Spartz's company "any copyright in any existing or future works . . ." that are created by Deck. The duration of the agreement was one year. Deck had limited termination rights under the agreement, but Spartz's company could extend the term for 10 additional one-year periods.
Complaint: The complaint says that Spartz breached. It alleges:
[Deck has] received less than $100 in compensation from Spartz, and has received no account or other disclosure of the revenues associated with the YouTube channel.
The complaint also alleges false designation of origin and false advertising claims, and it asks for recission of the agreement.
__
Some initial observations about the lawsuit and agreement.
First, with respect to ownership, the agreement focuses on the content. The blogosphere has tackled ad nasuem the issue of whether or not you can copyright a Tweet and who owns the content in a Twitter feed. The complaint contains a small concession or two that could end up being harmful to Deck's copyright claims - it says that the feed consists of "factual tidbits" which are "retrieved and republished" by Deck through the Twitter feed. Small bits of content are not easily the subjects of copyright protection, and if they are factual in nature that raises the bar for copyrightability. If Deck did not come up with the content himself and merely republished content found elsewhere, this also poses a barrier. Still, maybe Deck can argue that the compilation as a whole should be protected. (The agreement also speaks to the Twitter account itself and states that Deck has to keep Spartz apprised of the passwords for the @OMGFacts Twitter account.)
However, as the Associated Press article points out, this lawsuit is not about the content of the Twitter account at all or even over the ownership of it. The core of the dispute is over the @OMGFacts (or OMG Facts) brand, even though the complaint does not expressly alleged a claim for trademark infringement. Unfortunately, the agreement says very little about trademark rights. (Here is a link to the .pdf version of the agreement.) Spartz will argue that he was the one who commercialized the brand in the first place and therefore should own any trademark rights. On the other hand, the agreement provided that Deck will deal with all aspects of the shirt sales and retain 100% of the revenues from it, so Deck may still argue that he was the one who truly commercialized it. Deck can also argue that the hundreds of thousands of followers which he amassed prior to Spartz coming into the picture demonstrate that he already had a brand and had built up common law rights in @OMGFacts and "OMG Facts."
This of course raises the issue of whether someone can establish trademark rights by putting out a Twitter feed. In recent trademark disputes, companies have argued about whether their use on Facebook or Twitter is sufficient to establish trademark rights. Those cases have presented situations where companies have included stray references to products or services on their Twitter feeds, and none of the cases to date approach a situation where someone has amassed a substantial following on Twitter. (The Boathouse v. Tigerlogic dispute over the "POST POST" mark for "social search services" touches on this: "Social Search Services Duel Over "Post Post" Mark -- Boathouse Group v. TigerLogic.")
The equities obviously favor Deck. The agreement is very one-sided and contains an Indiana forum selection clause. When you take into consideration Deck's minority status, I can see a factfinder poking the agreement so full of holes that it becomes the contractual equivalent of swiss cheese. The agreement acknowledges Deck's minority status and includes Deck's mother as a signatory, but given the novelty of the subject matter of the agreement, you can't fault Deck's mother for not negotiating for a clearer and less one-sided agreement--to the extent she even took the agreement seriously. Deck also asks for recission of the contract, citing to a California Code section 6710 which looks like it allows minors to disaffirm contracts they enter into, except as provided by other statutes. I'm not familiar with any statutory exceptions to this rule that restrict the ability of minors to disaffirm contracts, but there must be some limitations on a minor's ability to disaffirm an agreement which the parent or guardian reviews and signs. Either way, even if the court does not end up rescinding the agreement, the agreement does not offer Spartz a definitive win. Nothing in the agreement says that Spartz owns the trademark rights, or even that he or his company have a license to use the marks.
A final comment on the agreement. It's easy to second-guess an agreement after the fact, but joint venture agreements should always deal with trademark rights, and should also provide for some sort of procedure for ownership of the trademark rights when the agreement falls apart. Some sort of formal wind-down procedure is optimal. This is discussed in Professor Goldman's article on Co-Blogging Law, which specifically talks about trademark rights.
Additional coverage:
Hollywood, Esq. (Eriq Gardner): "Teen Who Created OMGFacts Twitter Feed Sues, Claiming Swindle"
Ben Kerschberg (Forbes): "Twitter Brands, @OMGFacts, and an Allegedly “Predatory” Contract"
Emerson Spartz (the defendant): "OMG Fact: There are two sides to every story"
Posted by Venkat at 09:34 AM | Copyright , Licensing/Contracts , Trademark
May 13, 2011
Facebook Scores Initial Win Against Privacy Plaintiffs Over Data Leakage Claims -- In re Facebook Privacy Litigation
[Post by Venkat Balasubramani]
In re Facebook Privacy Litigation, 2011 WL 2039995 (N.D. Cal.; May 12, 2011)
There are so many recent privacy class actions out there, it's become tough to keep track of them all. One of the early lawsuits against Facebook was consolidated in the Northern District of California, in front of Judge Ware. In an order issued yesterday, Judge Ware granted Facebook's motion to dismiss the complaint. Although he granted leave to amend on certain counts, he certainly expressed some skepticism about the overall merits of the case.
As the court summarizes them, the facts boil down to Facebook's transmission to third-party advertisers of the user ID or "username" of Facebook users who clicked on advertisements. This started "no later than February 2010 and ... continued until May 21, 2010." The transmission of this information forms the basis of putative class action claims for violations of the Stored Communications Act and the Electronic Communications Privacy Act, California's anti-hacking law, and a slew of state law claims.
Standing: The court first tackles Facebook's argument that plaintiffs lack Article III standing because they have not suffered "injury in fact." Because plaintiffs have alleged violations under a statute which "can be understood as granting persons in the plaintiff's position a right to judicial relief," the court finds that plaintiffs have standing to sue.
Wiretap Act/Stored Communications Act: With respect to plaintiffs' claims under the Wiretap Act and the Stored Communications Act, court says that:
there are two possible ways to understand Plaintiffs' allegations. On the first view, Plaintiffs alleged that when a user of Defendant's website clicks on an advertisement banner displayed on that website, that click constitutes an electronic communication from the user to Defendant. Under this interpretation, the content of the user's communication with Defendant is a request that Defendant "send [a further] electronic communication to [an] advertiser." On the second view, Plaintiffs allege that when a user of Defendant's website clicks on an advertisement banner, that click constitutes an electronic communication from the user to the advertiser. Under this interpretation, Plaintiffs are merely "asking [Facebook]" to pass the communication along to its intended recipient, who is the advertiser.
The court finds that neither approach states a claim under the Wiretap Act. Citing to the language of the statute, the court notes that it restricts entities who provide electronic communication services from divulging the contents of any communication, other than a communication "to such person or entity or an agent thereof." Similarly, the statute restricts a provider from divulging the content of a communication to any person or entity "other than an addressee or intended recipient of such communication."
The court arrives at a similar conclusion under the Stored Communications Act, which contains an exception for disclosure where the "addressee or intended recipient" consents to the disclosure.
Unfair Competition Claim: The unfair competition claim requires plaintiffs to have "lost money or other property as a result of the unfair competition." The court finds that "personal information" does not constitute "property" for purposes of California's unfair competition law. Plaintiffs cited to the AOL data search case (Does v. AOL, LLC) for the proposition that "personal information" can be property for this purpose, but the court points to a significant difference between the two cases: plaintiffs in the AOL case paid fees for the service. In contrast, plaintiffs in this case used Facebook's service for free. The court footnotes plaintiffs' argument that personal information "constitutes currency" as not being supported by any case law. The unfair competition law claims are dismissed with prejudice.
California Penal Code sec. 502: Plaintiffs brought claims under California anti-hacking statute. This was most recently construed in Facebook v. Power.com, where the same judge said that the words "without permission" should be interpreted to require circumvention of some technological measure and not just access in violation of a website or service terms of use. The court finds that plaintiffs failed to allege that Facebook bypassed any technical barriers in transmitting plaintiffs' personal information. The court dismisses these claims with prejudice, but gives plaintiffs leave to re-allege the claim under subsection (c)(8) of the statute, which covers the introduction of "any computer contaminant into any computer."
Consumer Legal Remedies Act: The court finds that this only applies to individuals who "purchase or lease" goods or services for personal or household use. Plaintiffs have not paid any money to use Facebook. Plaintiffs relied on their "personal information is currency" argument, but the court doesn't give it the slightest credit. This claim is dismissed with prejudice.
Contract Claim: The contract claims fail for lack of any allegation of "actual damages." The court will allow plaintiffs to amend to "allege specific facts showing appreciable and actual damages in support of their claim."
Fraud: No luck on the fraud claim either. Plaintiffs fail to allege reliance on any alleged fraudulent misrepresentations. The court grants leave to allege reliance.
Unjust Enrichment: The court says plaintiffs cannot simultaneously pursue an unjust enrichment claim while simultaneously pursuing a contract claim. This claim is also dismissed with prejudice.
__
Plaintiffs have one more chance with respect to several of these claims, but the court is pretty unimpressed with the lawsuit overall. In the last paragraph of the court's recitation of the facts, it notes plaintiffs "suffered injury." This looks like the judicial version of using air quotes.
I'm somewhat surprised at how easy the court's conclusions seemed on the ECPA and SCA claims. The court's conclusion on these issues is similar to the conclusion from the Doubleclick lawsuit over cookies from 2001 (In re Doubleclick). With respect to California penal code section 502, I don't see how the transmission of information states a claim under this statute. There have not been many rulings construing this statute, but it looks like the Power.com ruling will certainly be a meaningful hurdle for claims under this statute.
The interesting part of the lawsuit is the treatment of personal information as "property." The court is extremely skeptical of this theory. There was speculation as to whether acceptance of the classification of personal information as property for standing purposes would empower privacy plaintiffs when it came to the merits. Only a few results are in, but so far this does not seem to be the case. (See the discussion of Claridge v. RockYou, where this theory seems to have first been given credit for standing purposes: "Judge Recognizes Loss of Value to PII as Basis of Standing for Data Breach Plaintiff.") A lawsuit over flash cookies was recently dismissed for lack of actual harm, and the court in that case also expressed skepticism over the "personal information as valuable property" theory. (See Professor Goldman's post on that case: "Flash Cookies Lawsuit Tossed for Lack of Harm--La Court v. Specific Media.") I don't know if there was a hearing on this particular motion, but if there was, I can see the judge taking off his glasses, looking down at plaintiffs' counsel and giving the "you can't be serious here" look. At least, that's the tone of the order. It's also worth noting that plaintiffs who are subscribers of free services will have challenges bringing claims under some of the state statutes because they are not paying customers. Whatever the viability of the "personal information as valuable property" theory for other causes of action, courts do not appear very willing to treat personal information as the equivalent of money, in order to turn an otherwise free service into a paid service.
I'm with Professor Goldman on these lawsuits. I have a really tough time seeing the harm here. Maybe there's an example out there of a company finding out the identity of someone on Facebook who clicked on their banner ads, and all sorts of real-life negative consequences that flow from this. This sounds implausible enough that plaintiffs should have made some sort of attempt to explain why this is the case or provide an example or two. Judging from the court's order, plaintiffs didn't bother doing this, or did not do so effectively. I haven't even read any newspaper articles which points to any compelling examples of real world harm that resulted from this disclosure of information by Facebook.
Plaintiffs get another chance for some of the claims, but it looks like they have a judge who is going to take a serious look at their claims. It's going to be a long road for these plaintiffs.
Posted by Venkat at 10:09 AM | Licensing/Contracts , Privacy/Security , Trespass to Chattels
May 10, 2011
Twitpic Modifies Terms and Claims Exclusive Rights to Distribute Photos Uploaded to Twitpic
[Post by Venkat Balasubramani]
I posted about the dispute between a photographer and Agence France-Presse over images AFP allegedly downloaded via Twitpic and used without permission. AFP argued that the license terms of Twitter or Twitpic authorized its use of the photos in question. A court rejected that argument. Twitpic has now modified its user agreement to address some of the issues raised by the dispute. The revised terms which were modified on May 4, 2011 would not alter the result between AFP and Morel, but they contain some interesting tidbits. However, the terms are fairly confusing and do not offer much certainty for users or for Twitpic.
Twitpic purports to be the sole point of distribution for photos uploaded to Twitpic: The revised Twitpic terms state that users who upload content:
may not grant permission to photographic agencies, photographic libraries, media organizations, news organizations, entertainment organizations, media libraries, or media agencies to retrieve from Twitpic for distribution, license, or any other use, content you have uploaded to Twitpic.
So this means that if you upload content to Twitpic, you can't license it to third parties?
Use of content within the ecosystem: If you "publish" content uploaded to Twitpic for personal and noncommercial purposes, "you are required to link back to the original content page on Twitpic and attribute credit to Twitpic as the source where you have taken the content." In order to publish content for any commercial purpose or for distribution:
beyond the acceptable Twitter 'retweet' which links back to the original content page on Twitpic . . . you are required to obtain permission from Twitpic in advance of said usage and attribute credit to Twitpic as the source where you have obtained the content.
The terms also provide that "[n]o user may grant a third party permission to copy or save content that has been uploaded to Twitpic." [Does this include the user who originally uploaded the content?]
Retention of ownership: After saying that you will not be able to control the distribution of content uploaded to Twitpic, the terms say that "[y]ou retain all ownership rights to Content uploaded to Twitpic," but grant Twitpic a broad, non-exclusive [??] license to exploit the content "in connection with the [Twitpic] service and Twitpic's (and its successors' and affiliates') business . . . "
__
I'm confused by these terms. On the one hand, Twitpic looks like it wants to be the exclusive point of distribution for content uploaded to Twitpic. On the other hand, it is telling users that they retain "all ownership rights" in photos they upload to Twitpic. To top it all off, the terms state that if you delete any content you upload to Twitpic, the licenses granted to Twitpic terminate.
People have often raised the alarm over ownership of content posted to networks and services. Much of this seemed like paranoia, based on the broad license any intermediary or service would want granted to it. In this instance, it looks like Twitpic is making a power grab, albeit a potentially ineffectual one.
This terms were confusing enough to make me think twice about uploading anything other than throwaway photos to the service, at least until it cleans up it terms.
Update: After initially revising the terms on the May 4, 2011, Twitpic revised its terms again on May 10, 2011, and removed the paragraph which said users could not grant permission "to retrieve from Twitpic" photos from distribution. (See "Your content, your copyrights" (TwitPic Blog); "Twitpic changes its terms of service".) It’s clunky to say the least, but this language arguably applied only to distribution of photos that are "retrieved" from Twitpic. Also, Twitpic looks like it’s distributing photos uploaded to its service. World Entertainment News Network recently announced (after the second round of changes to Twitpic's terms) that WENN entered into a deal with Twitpic which "will give WENN exclusive rights to sell images posted on the TwitPic service." (See British Journal of Photography (May 11, 2011): "TwitPic signs controversial deal with celebrity photo agency.")
Related: "Stars Gain Control of Online Images" (NYT):
While most people on Twitter use a service like TwitPic, Yfrog or Plixi to share photos with their friends and followers, for celebrities, these services can come with strings attached, as they gain ownership rights to uploaded photos and can sell ads alongside them. A company called WhoSay — a little-known start-up with a clientele that is anything but little known — offers similar services, but grants ownership of the images to the stars themselves.
Previous posts:
Court Rejects Agence France-Presse's Attempt to Claim License to Haiti Earthquake Photos Through Twitter/Twitpic Terms of Service
Agence France-Presse Claims Twitter's Terms of Use Authorize Its Use of Photographs Posted to TwitPic
(h/t) Oliver Platz
Posted by Venkat at 12:38 PM | Copyright , Licensing/Contracts
April 26, 2011
Acknowledging Receipt of an Email Doesn't Form a Contract--Stebbins v. Wal-Mart
By Eric Goldman
Stebbins v. Wal-Mart Stores Arkansas, LLC, 2011 WL 1519390 (W.D. Ark. April 14, 2011). Lawsuits like these tend to be associated with repeat users of the judicial process; see the Justia Arkansas page for other lawsuits possibly from this plaintiff.
From the complaint allegations: Stebbins has Asperger's. He applied for a job at Wal-Mart and took a computerized assessment, which he says disproportionately hinders applicants with Asperger's. Despite having "failed" the assessment, he believes there were jobs at Wal-Mart that he could perform, such as janitor or night shelf-stocker. The case doesn't say it explicitly, but I infer Wal-Mart nevertheless dinged his job application.
Stebbins emailed Wal-Mart customer care with the following:
Notice to companies
My name is David Anthony Stebbins, and I live in Harrison, AR. I am sending a link to this webpage to various companies to put you on notice. If you contact me in any way, shape, or form, you hereby acknowledge that you have read, understand, and agree to be legally bound by the terms below.
...
You hereby agree that you, as well as any principal or employer that you are acting on behalf of, will initially attempt to settle all legal disputes, even those not relating to this contract by semi-binding arbitration using the services of www.net-arb.com, where you are bound but I am not.
(You can see the full contract at Stebbins' MySpace page, although recognize that visiting the page might create an extra degree of legal risk. This web page would make an excellent exam Q. Among other contract formation techniques, the terms say "This [contract] will also take effect if I attempt to contact you, and, upon hearing my name, you do not cease communications with me on the spot." Among the contract's terms: "You hereby agree to never: * Interrupt me when I am speaking, for all eternity. * Hang up on me in any phone call, for all eternity. * Block my attempts to communicate with you, for any reason, for all eternity. * Ask me a question that I have previously answered, for all eternity. * Demonstrate any rudeness, annoyance, or disrespect, however petty, against me, for all eternity." The "for all eternity" duration raises some interesting questions about post-mortem breach and enforcement. I also liked this line: "If you even so much as attempt to litigate a case with me, even if that attempt is unsuccessful, you automatically loose that case.")
OK, back to the lawsuit. Wal-Mart's customer care sent an apparently canned reply to Stebbins' email suggesting he contact a different department. Stebbins followed up with this email:
On November 8, 2010, I sent you a formal contract offer, via email. The email stated that, if you initiate communications with me, or if I initiate communications with you, and you entertain said attempt to communicate, you are bound by that contract.
You accepted that offer on November 11, 2010, when I purchased a gallon of milk from you, using a paper check. This check had my name and street address on it, so you knew who I was. Also, your employees asked me to see my ID, and I showed them my driver's license, so you had every opportunity to know who I was, then....
So, now, we must hold all legal disputes via arbitration, whether you like it or not!
Consistent with another provision of his purported contract on MySpace, Stebbins now asserts "since Wal–Mart did not accept the arbitration invitation within twenty-four hours of receiving it, he automatically wins regardless of the merits of the case and is entitled to an award of six-hundred billion dollars."
(Not that it really matters, but Wal-Mart's market capitalization today is $186B. Perhaps Stebbins would have found more litigation success if he had kept his damage request south of 100% of Wal-Mart's market cap. 3X its value was probably too much to ask for.)
Needless to say, Stebbins' attempted contract formation failed. In an unwaveringly straight-laced opinion, the court says:
Plaintiff maintains Wal–Mart accepted the contract by its “act” of replying to his e-mail....The e-mails from Plaintiff are self-serving documents that did not form the basis for any conduct or performance on Wal–Mart's part....In this case, Wal–Mart performed no act. It merely replied to two e-mails by directing the Plaintiff to the correct department. It performed no service and Plaintiff made no promise.
This result reminded me of the tactic used by Suzanne Shell, initially covered in a John Ottaviani blog post. She placed a notice on her website that popped up whenever anyone (including a robot) visited it, purporting to bind visitors simply by visiting her site. A court ultimately rejected this contract formation process. Contract-like terms buried in email footers are similarly ineffective (see also this post).
I like this ruling because it's a good reminder for everyone (especially contracts students prepping for their imminent finals) that courts tend to reject overly formalistic/tendentious approaches to contract formation. A contract does not exist simply because you can see things that you claim are an offer or acceptance. Ultimately, there needs to be a manifestation of assent to bind a party to a contract. A canned reply from a CSR should not manifest such assent, even if it was purportedly bargained for.
Having said that, I wonder if companies would benefit from training their CSRs not to reply to any email that purports to create some obligation simply by replying to the inquiry. I know that a non-response can be a harsh remedy, but companies have already learned the importance of not being too responsive from the Barnes v. Yahoo case. Here, Wal-Mart might have been better off simply deleting an email that contained the threat of contract formation simply by replying. (Of course, Stebbins probably would have still asserted contract formation from his purchase of a gallon of milk, paid by check). As counter-intuitive as it may seem for people in the business of providing customer service, this may be a situation where silence was golden.
Posted by Eric at 02:51 PM | Licensing/Contracts | TrackBack
April 25, 2011
Google Wins Lawsuit Over Unhappy Google Search Appliance Installation--Market America v. Google
By Eric Goldman
Market America, Inc. v. Google, Inc., 2011 WL 1485616 (D. Del. April 19, 2011)
I blogged about this case last year. Market America retained Google and its system integrator LTech to install a Google Search Appliance to support Market America's network. This installation did not go as planned, and eventually it led to this lawsuit. In the prior ruling from August, Google and LTech knocked out a big chunk of the case.
This ruling addresses some remaining consumer protection law claims. It turns out that the claims aren't tenable under the contract's governing law of Delaware, while Market America believed the claims were extra-contractual and should be governed by North Carolina law (Market America's home state). The court concludes that the contract's governing law clause applies to these additional claims, so it grants Google and LTech judgment on the pleadings.
Google's success in this lawsuit is a good outcome legally, but its failure to achieve a successful install for Market America is a less happy result.
Posted by Eric at 08:17 PM | Licensing/Contracts , Marketing | TrackBack
April 19, 2011
Bulk Emailers (Mostly) Lose Three 47 USC 230(c)(2) Rulings--Holomaxx v. Microsoft/Yahoo & Smith v. TRUSTe
By Eric Goldman
I've been so behind that it's taken me until now to blog these cases from last month. All three opinions involve the same basic fact pattern: a bulk emailer gets blocked by an email service provider (relying in part on third party filtering/blocking services) and sues to undo the block. These claims are largely preempted by 47 USC 230(c)(2), and the courts mostly get to the right place with the immunity (although not without small points of drama). The aggressive plaintiffs also assert claims not covered by 47 USC 230(c)(2), but these mostly don't go anywhere either. The lesson is pretty clear: if an email service provider blocks your email, the courts aren't going to help you out.
Holomaxx Technologies v. Microsoft Corp., 2011 WL 865278 (N.D. Cal. March 11, 2011), and
Holomaxx Technologies v. Yahoo, Inc., CV-10-4926-JF (N.D. Cal. March 11, 2011). Venkat's excellent prior blog post on the complaints. These rulings are substantially identical, so I'll discuss them together except where they diverge.
Holomaxx is a bulk email sender upset because Yahoo and Microsoft are blocking its emails based both on IP address blocks and reputation scores (including those provided by third parties). We've heard this refrain before in many cases over the years, and the law is pretty clear about this. Email service providers can't be obligated to carry emails they don't want to carry. There are a number of legal doctrines that help reach this conclusion, but the most salient one is 47 USC 230(c)(2), the immunity for filtering decisions.
In response to Holomaxx's lawsuit over the block, Microsoft and Yahoo interposed the 230(c)(2) defense on a 12(b)(6) motion to dismiss. Holomaxx objected that 230(c)(2) is an affirmative defense and not appropriate response for a 12(b)(6) dismissal motion. This is the issue that vexed the Ninth Circuit in the Barnes v. Yahoo case until they fixed the opinion. In this case, Judge Fogel properly concludes that 230(c)(2) can support a 12(b)(6) motion to dismiss. (He reached the same conclusion in Goddard v. Google).
Holomaxx then argued that 230(c)(2) does not prevent blocking of legitimate email because such a block doesn't fit within 230(c)(2)'s "otherwise objectionable" language. The judge says:
No court has articulated specific, objective criteria to be used in assessing whether a provider’s subjective determination of what is “objectionable” is protected by § 230(c)(2).
And Judge Fogel isn't going to be the first. Instead, he sidesteps the issue, holding that the service providers could deem the emails "harassing" because, even if Holomaxx had a 0.1% error rate, as it claimed in the Yahoo case, that still netted 2M bad emails/year. Therefore, the filtering decisions fit within the other statutory language in 230(c)(2). This is a cute intellectual move which potentially expands the scope of 230(c)(2) by reading "harassing" broadly.
Holomaxx also attacks the "good faith" requirement of 230(c)(2), but does so in a generalized way. The judge rejects the argument, saying (in the Yahoo case):
Holomaxx alleges no facts in support of its conclusory claim that Yahoo!’s filtering program is faulty, nor does it identify an objective industry standard that Yahoo! fails to meet. While it suggests that Yahoo! is “using cheap and ineffective technologies to avoid the expense of appropriately tracking and eliminating only spam email,” it offers no factual support for these allegations. Nor does Holomaxx cite any legal authority for its claim that Yahoo! has a duty to discuss in detail the particular reasons for blocking Holomaxx’s communications or to provide a remedy for such blocking. Indeed, imposing such a duty would be inconsistent with the intent of Congress to “remove disincentives for the development and utilization of blocking and filtering technologies.”
The Microsoft opinion's text is similar. Holomaxx gets another chance to marshal better allegations, but I'm guessing they won't be able to do so.
The court rejects the ECPA claim (which 230(c)(2) doesn’t immunize) because Holomaxx didn't explain clearly enough how the email service provider "intercepted," "used" or "disclosed" Holomaxx's email or how the ESP improperly accessed stored communications. The 17200 claim (which I think should be preempted by 230(c)(2), although that issue isn't discussed) also fails for lack of Holomaxx's specificity. A Microsoft-only defamation claim doesn't survive either:
Holomaxx alleges, on information and belief, that Microsoft "informed Dragon Networks in writing" that it had blocked all IP addresses originating from Dragon Networks because "certain of Holomaxx's .78 addresses had been rejected 'for policy reasons,' and were blocked manually 'or for spamming.'" Holomaxx does not explain how the alleged statement was defamatory or produce a copy of the alleged defamatory correspondence between Microsoft and Dragon Networks. Nor does it explain how the alleged communication amounts to "a statement of fact that is false."
As a result, the judge dismisses the lawsuit but with leave to amend.
Smith v. Trusted Universal Standards in Electronic Transactions, Inc. (d/b/a TRUSTe, Inc.), 2011 U.S. Dist. LEXIS 26757 (D. N.J. March 15, 2011).
Like Holomaxx, Smith sends a lot of email through Comcast. Comcast blocked his outgoing email twice. The first time, Comcast pointed to Microsoft's Frontbridge/Exchange Hosted Services (EHS) quarantine system. The second time, Comcast pointed to Cisco's IronPort/Senderbase blocklist. Smith sued all three entities (and others). Last year, the court rejected a 12(b)(6) motion to dismiss based on 47 USC 230(c)(2).
Ten months later, after presumably lots of wasted effort, the court converts Cisco's and Microsoft's 12(b)(6) motions into a summary judgment motion and grants the dismissal on 230(c)(2) grounds. I'm sure the defendants appreciate the dismissal, but I'm sure they would have been even more appreciative if the court had reached the result on the last go-around. The court still can't let the case go with respect to Comcast, however.
Cisco/SenderBase gets the 230(c)(2) defense as a blocklist provider. This may sound easy, but the statutory drafting makes the court’s analysis more arduous than it ought to be.
Cisco's senderbase.com website constitutes an ICS. This makes Cisco a "user" of an ICS because it uses its website to publish the blocklist. It is also a provider of an ICS because it runs the website. This is the issue that tripped up the court in the last ruling, and although it got to the right result, I don't think the court has fully wrapped its head around the statutory language. I read the court's discussion at least 6 times, and I couldn't make it make sense. Just know that a blocklist provider probably is both a provider and user of an ICS, so this element is met.
The blocklist easily satisfies the requirements of 230(c)(2)(B). As the court notes (citing Zango v. Kaspersky), whether material is "objectionable" is measured subjectively. Thus, the court dismisses Cisco, noting:
The Court notes that Plaintiff's breach of contract and defamation claims are dismissed because they specifically relate to Cisco's SenderBase service. Plaintiff defamation claim is based upon the fact that Cisco publishes IP scores. Plaintiff's breach of contract claim is based on the fact that Cisco refused to provide Plaintiff with the information that it used to calculate the reputation score for the IP address assigned to Plaintiff by Comcast.
Microsoft's EHS quarantine operates in the cloud by routing all email through its servers, which screen out emails based on its blocklist (as modified by customers' parameters). This should be even easier to qualify as a provider/user of an ICS. The court's discussion on this point doesn't make any sense either, but it reached the right result. As with Cisco, the court says the blocklist qualifies for 230(c)(2)(B) and the contract breach claim fails for the same reason.
Comcast doesn't get so lucky. The court once again finds that Comcast could have acted in "bad faith" which could disqualify it from 230(c)(2) coverage:
the Court finds that a reasonable jury could conclude that Comcast acted in bad faith when it failed to respond to Plaintiff's repeated requests for an explanation why it continually blocked Plaintiff's outgoing email...the Court is not convinced that an internet service provider acts in good faith when it simply ignores a subscriber's request for information concerning an allegedly improper email blockage...there is no reason why Comcast could not articulate its immunity (or provide another rationale for the blockage) when asked to do so by a paying customer.
Whoa. Hold on a sec. The court is saying that online providers have to provide explanations to their customers for their back-end choices. First, that's not in the statute. Second, Judge Fogel expressly rejected this argument in his Holomaxx rulings. Third, the court’s position is ridiculous. Being legally obligated to explain business decisions to affected customers would add an extra layer of expense/hassle to everyday business decisions, and the explanations will just become additional grist for the plaintiff's mill (see, e.g., Barnes v. Yahoo and the resulting incentives to tell customers less, not more). I'm 99%+ confident that an appellate court would reverse this judge on this point. I think he went off the rails. As a result, I don't plan to advise clients that they have to provide explanations for their blocking decisions, and I don't recommend you advise otherwise.
Although Comcast doesn't get the 230(c)(2) immunity, the court still ends up granting it summary judgment on all of the claims. There's some interesting discussion there too.
The court rejects Smith's ECPA claims and the substantively identical state claims. Cisco doesn't actually intercept emails, and Microsoft quarantines emails with its customers' consent.
Smith's contract breach and promissory estoppel claims against Comcast fail because Comcast didn't make any promises it failed to keep and because Smith was using a personal account for unpermitted commercial activities. (To me, this is facially inconsistent with any argument that Comcast had bad faith for 230(c)(2) purposes, but the court ignores that implicit contradiction).
Smith's NJ Consumer Fraud Act claim against Comcast also fails because he can't show fraud or ascertainable loss (because he only alleged that he lost time). The court dismisses a couple other claims, too.
Posted by Eric at 11:04 AM | Derivative Liability , Licensing/Contracts , Marketing , Privacy/Security , Spam | TrackBack
April 18, 2011
Judge Recognizes Loss of Value to PII as Basis of Standing for Data Breach Plaintiff -- Claridge v. RockYou
[Post by Venkat Balasubramani with comments from Eric]
Claridge v. RockYou, 2011 WL 1361588 (N.D. Cal.; Apr. 11, 2011)
RockYou is a developer and publisher of applications for use with Facebook, MySpace, hi5, and Bebo. RockYou's applications allow users to share photos, write text on a friend's page, or play games with other users. In order to sign up, users are asked to provide an email address and create a password. Users may also be required to provide their social network user name and passwords. RockYou displays advertisements on the apps. RockYou claims to have "more than 130 million unique customers using its application on a monthly basis."
RockYou was alerted to an alleged security problem with its SQL database in late December 2009 by an online security firm. Plaintiff claims that RockYou failed to act quickly enough to address this problem, and as a result
at least one confirmed hacker known as 'igigi' accessed RockYou's database, and in the process accessed and copied the email and social networking login credentials of at least 32 million registered RockYou users.
Plaintiff sued RockYou in a putative class action, alleging a slew of claims: breach of contract, the Stored Communications Act, negligence, California's anti-hacking statute, and California's unfair competition and consumer protection statutes.
Standing: RockYou argued that plaintiff lacked standing - i.e., that the unauthorized access of plaintiff's login credentials did not cause plaintiff any "concrete, tangible, non-speculative harm." In response, plaintiff argued that:
[RockYou's] customers, including plaintiff, 'pay' for the products and services they 'buy' from [RockYou] by providing their PII, and that the PII constitutes valuable property that is exchanged not only for [RockYou's] products and services, but also in exchange for [RockYou's] promise to employ commercially reasonable methods to safeguard the PII.
The court agreed with plaintiff and found that plaintiff alleged an injury in fact sufficient to confer standing. The court noted that the case law is mixed on the question of whether data breach plaintiffs have standing to sue. The court recognized the novel context in which the claims arose:
the unauthorized disclosure of personal information via the Internet - is itself relatively new, and therefore more likely to raise issues of law not yet settled in the courts.
Although the court expressed "doubts about the plaintiff's ultimate ability to prove [plaintiff's] damages theory," the court declines to dismiss on the basis of standing.
Contract Claims: The court initially rejects RockYou's request to dismiss the contract claims (based on a breach of RockYou's privacy policy) on the basis that plaintiff did not lose anything of value. For pleading purposes,
plaintiff . . . sufficiently alleged a general basis for harm by alleging that the breach of his PII has caused him to lose some ascertainable but unidentified 'value' and/or property right inherent in the PII.
RockYou argued that the privacy policy terms expressly provided that it could not be held liable for any unauthorized third party access to users' personal information, but the court disagrees, citing to RockYou's privacy policy. The policy disclaims liability where a third party accesses user information contained in RockYou's "secure servers," but the court notes that RockYou's servers were not in fact secure. The court also cites to flowery language in RockYou's privacy policy to the effect that RockYou takes "commercially reasonable . . . safeguards" to protect user information.
Consumer Protection Claims: Plaintiff loses on his California consumer protection act claims. With respect to his claim under California's unfair competition law, one of the two requirements is that the plaintiff has to have lost "money or other property" in order to bring a claim. The court holds that the UCL's standing requirements are stricter than Article III standing requirements, and require the plaintiff to have paid money or "parted with some particular item of property he formerly possessed." The court does not buy plaintiff's novel theory that plaintiff's "PII constitutes 'currency'" under the statute. No luck for plaintiff under the UCL.
Similarly, the court rejects plaintiff's claim under the California Consumer Legal Remedies Act, because the statute only applies to plaintiffs who "purchase or lease" goods or services for "personal, family, or household purposes." Here, plaintiff has not purchased or leased any goods or services.
__
Plaintiff's other claims received mixed results. The court dismissed the Computer Fraud and Abuse Act claim with leave to amend (plaintiff admitted that it cited the wrong statutory provision), found that RockYou was not liable under California's anti-hacking statute (section 502), and found that plaintiff adequately stated a negligence claim.
Data breach cases have uniformly rejected the claims of plaintiffs who have not actually lost any money out of pocket. Some cases have done so on the merits, and other cases have done so on the basis of standing (some cases, such as Krottner v. Starbucks, have rejected the claims on the merits but have expressly found standing). The big question is whether this ruling moves the needle in any way. I'm inclined to say no, but the way in which the plaintiff cast his claim and the court characterized it is interesting.
The privacy policy / breach of contract analysis was also interesting. There is case law expressing skepticism as to whether a privacy policy is even a contract that can support a breach of contract action ("When Does a Privacy Policy Breach Support a Breach of Contract Claim?"), but courts lately don't think twice about analyzing privacy policy claims under the breach of contract framework. Companies (for whatever reason) continue to include flowery language in their privacy policies that courts latch on to when putting them on the hook for privacy foibles.
Related posts:
9th Circuit Affirms Rejection of Data Breach Claims Against Gap -- Ruiz v. Gap
Acxiom Not Liable for Security Breach--Bell v. Acxiom
The [Non]enforceability of Privacy Promises--Pinero v. Jackson Hewitt
Claims Brought by Express Scripts Data Breach Plaintiffs Rejected on Standing Grounds -- Amburgy v. Express Scripts, Inc.
__
Eric's comments
There is a lot to dislike about this opinion.
First, RockYou's privacy policy promised "RockYou! uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information..." This is industry-standard fluff language in a privacy policy. I bet we could find tens of thousands of privacy policies with similar language. I believe the prevailing view among lawyers is that this language couldn't be actionable. It doesn't promise security or integrity; it just promises the company will deploy *some* safeguards. Further, the efforts are only supposed to be "commercially reasonable"--language which many lawyers believe is equivalent to "we'll try."
Here, the plaintiff attacks the language by arguing that RockYou didn't encrypt its data. Now, I recommend to clients that they encrypt their databases of user data in all circumstances, but is it commercially unreasonable to do so? The defendant doesn't get the decisive win it expected on that point. (The plaintiff also asserts that the defendant was derelict in patching a security flaw that allowed the bad guys to do an SQL injection attack, so the two arguments may have reinforced each other enough to convince the judge there may be something to this case). As Venkat suggests, it's time to cut the fluffy language from privacy policies. Courts and plaintiffs are overresponding to it.
Second, the court's decision not to use Article III standing to kick out the case was unfortunate. Although I am sympathetic that Article III standing dismissals are harsh on plaintiffs--they never get a chance to say anything--the doctrine has been very useful at squelching unmeritorious privacy cases early. This case is effectively indistinguishable from the other cases where Article III standing has been used; it's a garden-variety security breach with no known tangible consequences (other than lawyers looking for a little gravy). Based on the precedent, an Article III standing dismissal would have been a logical outcome.
The court's acquiescence to the plaintiff's argument ("defendant’s customers, including plaintiff, “pay” for the products and services they “buy”from defendant by providing their PII, and that the PII constitutes valuable property") smacks of the old academic debates in the late 1990s/early 2000s about whether personal data should be propertized. It was a weird debate because many of the academics who oppose copyright doctrinal expansion were simultaneously advocating for increased propertization of personal data as a privacy/anti-advertising technique. Personally, I had hoped all of those theories had been lost in the dustbins of history. Instead, this court moves in that direction. Privacy advocates might rejoice, but be careful what you wish for.
The court's embrace of a "novel" theory is especially frustrating because the court goes on to say that it has doubts about the plaintiffs' ability to prove damages in the end. So instead of doing the socially optimal thing--killing a meritless lawsuit early--the court embraces a theory likely to fuel privacy advocates to bring other meritless cases; while keeping this case open may very well cause both parties to spend a lot of money only to kill a meritless case later. This may be a situation where the judge is being just a bit too careful.
Third, assuming that personal data is "property," this isn't a situation where the vendor sold the data or misused it for advertising. Instead, there was no impairment to the users' "property right"; it was a security breach. So this is a particularly poor case for the personal-data-as-property meme.
One small piece of good news from this opinion: the court interprets California Penal Code Sec. 502 narrowly and effectively prevents the plaintiffs from converting it into a sword to be used against companies that get hacked. We don't have many Penal Code 502 rulings, but most of the extant rulings read the statute pretty broadly. I'm glad to see the court was more circumspect on that point.
Posted by Venkat at 09:19 AM | Internet History , Licensing/Contracts , Marketing , Privacy/Security , Trespass to Chattels | TrackBack
March 29, 2011
Court Rules That Instant Message Conversation Modified the Terms of a Written Contract -- CX Digital v. Smoking Everywhere
[Post by Venkat Balasubramani with a few comments from Eric]
CX Digital Media, Inc. v. Smoking Everywhere, Inc., 09-62020-CIV-Altonga (S.D. Fl.; Mar. 23, 2011)
As contract cases go, this one is interesting. It's more than interesting, it's awesome! The court held that an instant message exchange effectively modified a written agreement which contained a "no-oral modification clause." This resulted in a judgment in favor of a marketing agency against the seller of electronic cigarettes to the tune of $1,235,655 (along with fees, costs, and interest)!
Smoking Everywhere sells e-cigarettes through its website. It contracted with CX Digital, which ran an affiliate marketing network. CX's affiliates run websites or campaigns and, when they refer a sale to CX's clients, CX is paid a referral fee by the client (and CX pays a portion to its affiliates). Smoking Everywhere and CX signed an insertion order under which CX would get paid $45 per "sale" of "Gold E-Cigarette Kit Free-Trials." Sale was specifically defined as filling out a one page registration form and submitting credit card information. The insertion order contained a limit of 200 sales per day.
The parties signed the insertion order in August 2009. In August, CX generated 670 sales. It invoiced Smoking Everywhere $25,150 for these sales. It was never paid for this invoice. In early September, the parties have an instant message conversation which covered a variety of topics. CX asks Smoking about removing the 200 sale per day limit:
[CX] (2:50:08 PM): We can do 2000 orders/day by Friday if I have your blessing
[CX] (2:52:13 PM): those 2000 leads are going to be generated by our best affiliate and he's legit
[Smoking Everywhere]: is available (3:42:42): I am away from my computer right now
[CX] (4:07:57 PM): And I want the AOR when we make your offer #1 on the network
[Smoking Everywhere] (4:43:09 PM): NO LIMIT
[CX] (4:43:21 PM): awesome!
In September, CX's referrals went through the roof and it was referring an average of 1,244 sales per day. The parties had some discussions and quibbles about whether CX was referring potential sales to the correct version of Smoking Everywhere's landing page. (Apparently, an older version of the site promoted e-cigarettes as a smoking cessation device as recommended by doctors, and Smoking Everywhere changed this practice. The written agreement referred to the old version of the site.) Smoking Everywhere did not pay the August invoice, and CX put the Smoking Everywhere campaign on hold. When Smoking Everywhere declined to pay CX's August and September invoices, CX sued. Following a bench trial, the court rules for CX.
Modification of the Agreement: One of the key issues was whether CX could invoice Smoking Everywhere for the multitude of referrals, despite the 200 sales per day limit in the insertion order. The other issue was whether CX was entitled to the referral fees despite sending referrals to a link other than the one listed in the insertion order. There was a final issue as to whether the sales were fraudulently procured.
The issue of fraudulent sales: Smoking Everywhere tried to argue that many of the sales were "fraudulent," but the insertion order contained language that was favorable to CX on this point. Smoking Everywhere would be relieved of its obligation to pay for sales only if it provided documentation "beyond a reasonable doubt" within five days of the sale, with time being "of the essence." Smoking Everywhere failed to procure this evidence so it lost its fraud argument.
Whether traffic was sent to the correct link: On the issue of whether the traffic was sent to the appropriate link, the court says that the instant message conversation clearly demonstrated an intent to agree on a different link:
A close reading of the instant messages and careful consideration of the behavior of the parties during the conversation indicate clear assent on the part of both parties to stop sending traffic to the 'old' ecig link and to begin sending the traffic to the two new URLs.
The representatives of Smoking Everywhere and CX exchanged links (via email) that went to the new ecig langing page and both ran tests on the new links to make sure they were coded to track referrals from CX affiliates.
The modification of the 200 sale per day term: The court finds that the instant message conversation around modifying the 200 sale per day limit was equally definitive. CX asks about whether CX can refer 2000 referrals per day and asks for Smoking Everywhere's "blessing." In response, Smoking Everywhere says "NO LIMIT." (caps in original). The court finds that CX's suggestion of a 2000 sale per day limit was an offer of a new term. Smoking Everywhere's response of "NO LIMIT" was a counter-offer which suggested a new term, which varied the terms of the original offer. CX accepts this counter-offer by signifying assent - i.e., saying "awesome!" Smoking Everywhere tried to argue that its counter-offer of "NO LIMIT" could have been referring to another term of the agreement (and didn't necessarily refer to the sale per day limit) but the court does not buy this. Smoking Everywhere was unable to come up with a credible explanation of what other terms it could have been referring to.
The Signed Writing Clause: Smoking Everywhere also argued that a term in the insertion order which provided that it could only be "changed . . . by a subsequent writing signed by both parties" barred modification of the agreement by the exchange of instant messages. The court held that the instant message exchange was not oral (it was in writing) but it wasn't signed by both parties. However, under Delaware law, conduct or statements could modify a written contract with a signed writing clause, and therefore, an unsigned writing could as well. CX changed its position in reliance of the modification (and based on Smoking Everywhere's statements) by agreeing to pay its downstream affiliates for referrals. In these circumstances, Smoking Everywhere was estopped from asserting the signed writing clause as a defense.
Did the Vice President of Advertising Have the Authority to Bind Smoking Everywhere: Smoking Everywhere also argued that Nick Touris, the VP of advertising - who engaged in the instant message conversation with CX - did not have the requisite authority to bind Smoking Everywhere. The court held that Touris had apparent authority to bind Smoking Everywhere, and CX reasonably relied on this authority. There was plenty of indicia of Touris's authority: (1) he was the VP of marketing; (2) he negotiated the insertion order; and (3) he personally implemented the URL change. Smoking Everywhere argued that Touris informed CX that Touris could not get agreements signed without the approval of Smoking Everywhere's president, but Smoking Everywhere failed to come through and provide solid evidence on this point. Touris testified on the final day of trial that CX was aware that Smoking Everywhere could not enter into agreements without the permission of Smoking Everywhere's president, but the court was concerned about "the comportment of [Touris]" and the fact that the testimony was procured at the request of Smoking Everywhere's counsel, after he requested a recess during closing argument.
___
From the practitioner's standpoint, this looks like a significant ruling (or at least a good reminder that informal communications can modify written agreements). Written contracts are the currency of business dealings, and as a standard term, written contracts contain provisions that say they cannot be modified without a signed writing (signed by authorized representatives). Business representatives increasingly engage in informal communications and most people would reduce any later agreement to a writing in the form of an addendum. Here, the parties did not do that, and in the short time after the conversation in question, CX acted in reliance of the modification, and as a result Smoking Everywhere ends up with a whopping judgment against it. Yikes!
I'm guessing there is a body of case law to the effect that email exchanges can effect a modification of a signed contract, but this case is a useful reminder that even more informal communications such as instant message conversations can do the same.
Smoking Everywhere may appeal, and a footnote from the court's order indicates that its ultimate ruling on the no modification without a signed agreement clause came as a surprise to counsel for Smoking Everywhere, but the larger takeaway from the case (regardless of how it resolves) is that informal exchanges can result in the modification of written agreements.
______
Eric's comments:
It doesn't get more awesome than to have a contract counter-offer given a million dollar consequence through an IM saying, in total, "awesome!" Well, maybe it would be more awesome if he had scribbled the word "awesome!" on a bar napkin while he was high as a Georgia pine. (See Lucy v. Zehmer).
It's standard for contracts to restrict oral amendments. It's also standard for business partners to "talk" using email, IM, text messages, Twitter @replies, comments to Facebook status reports, etc., etc. The default rules should be that all of these electronically-mediated communications qualify as writings. (But see John O's post on an odd case from last summer). If you fear the legal effects of these communications, you could try to restrict contract amendments to terms printed on a piece of paper mutually signed in ink. But I think lawyers are fighting an uphill battle trying to denigrate the legal effect of these electronic communications. They are an integral part of the relationship, and there's not much we as lawyers can do to change that.
Posted by Venkat at 01:29 PM | Licensing/Contracts | TrackBack
March 27, 2011
Another Advertiser Class Action Lawsuit Filed Against Google--Woods v. Google
By Eric Goldman
Woods v. Google Inc., 5:11-cv-01263-HRL (N.D. Cal. complaint filed March 15, 2011)
Since Google settled its click fraud lawsuits in 2006 and the CLRB Hanson case in 2009, it's been a little quiet on the advertiser-vs.-Google class action lawsuit front. This lawsuit breaks that calm. It's a 300 paragraph broadside against many of Google's advertising practices that lead to alleged overcharges, which the complaint characterizes as click fraud.
A quick note about the named plaintiff: he describes himself in the complaint (para. 16) as "an Arkansas attorney advertising his legal services." (Is this him?) What is it with lawyers who sue Google as plaintiffs? I previously noted how lawyers suing for their own account were unusually common plaintiffs against Google.
Beneath the bloated and mind-numbing prose in the complaint, there could be some potentially juicy allegations here. Unfortunately, weak drafting prevents me from fully understanding the plaintiffs' beefs. It appears to have something to do with Google's AdSense terms restricting certain publisher behavior, which the complaint appears to treat as promises to advertisers that they would not be charged for such behavior. If I'm reading this correctly, the plaintiffs' complaints are predicated on the unfortunately all-too-common but nevertheless obviously flawed logic that Z's negative behavioral covenants with party X are Z's affirmative promises to party Y that such behavior won't occur. See, e.g., para. 70, which tries to convert the AdSense terms into affirmative promises to advertisers. More typically, Y tries to take advantage of X's negative behavioral covenants by claiming to be a third party beneficiary of the Z-X contract, but those arguments rarely work, and the plaintiffs don't try them here.
As a specific application of the flawed logic about advertisers as beneficiaries of the Google AdSense terms, the plaintiffs appear to be unhappy that Google cut special deals with big advertising distribution partners (such as IAC and Infospace) who were governed by different (and less advertiser-friendly) ad display rules than rank-and-file AdSense publishers. I believe this gripe is predicated an implicit assumption among advertisers that the published AdSense contract is the only rules that govern AdWords distribution. The cloak-and-dagger stuff about special partners having favorable hidden deals can be pretty interesting, but the complaint's assumption that advertisers didn't know that some AdSense publishers had customized terms seemed dubious to me.
The complaint also goes into some detail about Google's "Smart Pricing" mechanism and argues that it didn't work properly. The complaint gives some examples where the advertiser's bids allegedly were inflated because Smart Pricing wasn't turned on as it expected. I must confess that I find Google's explanation of this mechanism pretty opaque (the explanations talk about "business results," whatever that means), so I had a tough time evaluating the significance of the complaint's gripes.
Based solely on the complaint, it's virtually impossible to gauge the likelihood of the plaintiffs getting a payoff here. There are the usual challenges to class certification, including commonality/predominance of class issues. In this case, there's the additional variables of how the prior class action settlements might limit this complaint, plus the overlay of any statute of limitations (a number of citations were to 2007 publications). And, as usual, so much depends on discovery (if the plaintiffs survive the inevitable motion to dismiss)--can they find smoking guns, or will their arguments remain mostly conjecture and assumptions? Despite all of these potential impediments, I can't imagine Google is thrilled to be wrangling with a lawsuit like this.
Posted by Eric at 10:12 AM | Licensing/Contracts , Marketing , Search Engines | TrackBack
March 15, 2011
Intelius May be Liable for Deceptive Online Marketing Practices Based on Third Party Transaction at Checkout -- Keithly v. Intelius
[Post by Venkat Balasubramani]
Keithly v. Intelius, No. C09-1485RSL (W.D. Wash.; Feb. 08, 2011)
A district court judge in Washington held that Intelius could potentially be held liable for allegedly deceptive marketing practices based on its making available third party services as part of the online checkout process.
Background: Intelius offers "background check" and look-up services to customers on the web. Customers brought a putative class action alleging that they were deceived during the online check-out process into buying third party subscription services.
The plaintiffs' experiences varied slightly, but some of the plaintiffs alleged that after they selected the desired services from Intelius, they were offered these services for $49.95, but were also presented with an option to enroll in a "mysterious 'Identity Protect'" service and pay $39.95 (i.e., get a $10 discount on the product which they ordered). These customers were taken through several pages which mention the basic and add-on services, and in one of the pages, the customer was informed that enrolling in 'Identity Protect' would result in the customer's credit card being billed monthly (if the customer did not cancel after the seven day free trial).
At this point the customers could complete the order, but another group of customers were told that they could take a "Community Safety Survey," and receive $10.00 cash back, when they tried the "Family Safety Report." Customers who responded favorably to this were then presented with a survey - one of the questions is related to community safety, and the other question is billing related. Here, the customer is again presented with (what the court describes as) confusing options, one of which allows the customer to complete his or her order, and the other which sends the customer further down the path which ultimately results in the purchase of the "Family Report" service. As the court describes it, "[n]o information is provided regarding the company that is offering this service."
As alleged by plaintiffs, the services are offered after the customer has input his or her payment information and were offered by third party defendant Adaptive Marketing. [Intelius settled with the Washington AG's office in late 2010 around marketing practices that look similar to those alleged here. Adaptive parent's company was also recently hit with a big ($32.6 million) judgment in Iowa: "Judge hands down $32.6 million consumer protection verdict; hundreds of thousands of Iowans could receive restitution."]
Washington Consumer Protection Act: Defendants argued that the complaint failed to adequately allege deceptiveness. In order to satisfy the deceptiveness element, a plaintiff "need not show that defendants intended to deceive or defraud, but only that the practice had the capacity to deceive a substantial portion of the purchasing public." Additionally, deception (which is evaluated by the "net impression" created by the solicitation) "may result from the use of statements not technically false or which may be literally true." Under this standard, the court finds that two of the three marketing techniques were deceptive.
Identity Protect Plaintiffs: This group of plaintiff selected the background report for purchase. They had to click two different "continue" buttons to complete the transaction, and in between the two steps, "Identity Protect" was added to their orders, "without any meaningful disclosure regarding the service or its price." At some point down the road (in step 4), the pricing details of "Identity Protect" were revealed, but they were the least conspicuous elements on the page. As described by the court:
[t]he elements that are most noticeable at Step 4 convey the impression that the consumer is purchasing a background report for $39.95 (a savings of $10.00) and that Identity Protect costs nothing. A reasonable consumer in Keithly's position could believe that clicking the red "Continue" button would answer his every need: it would allow him to purchase the product he wanted for a total of $39.95. Nothing about the key design elements would suggest that Keithly should be hunting for other terms and conditions and, and even if he did, the details of the offer blend in with the description of "Identity Protect Benefits" and the site security information to such an extent that he could miss them. The consumer could reasonably believe that clicking "Continue" would complete the order he had initiated at least four screens ago.
After step four, these consumers were not presented with any opportunities to remove Identity Protect, despite the transaction running the course of "ten screens." Similarly, after step four, there were no other disclosures regarding the pricing or terms for the Identity Protect service. In fact, "every order summary presented between Step 4 and the end of the transaction indicated that Identity Protect would cost $0.00." The court does note that not everyone would be fooled by this marketing technique:
[s]ome individuals would understand that obtaining something for nothing is a rare event and, at Step 3, would decline the offer of a $10.00 discount on the assumption that there was a catch. Others would take the time to read every word of the screen shot labeled Step 4 and realize that the advertised $0.00 price tag for Identity Protect would jump to $19.95 per month after the first seven days. But not everyone is so wary and/or detail-oriented, nor is the CPA designed to protect only those who need no protection. The capacity of a marketing technique to deceive is determined with referenced to the least sophisticated consumers among us. The FTC has noted that on-line consumers do not read every word on a webpage and advises advertisers that they must draw attention to important disclosures to ensure that they are seen.
[emphasis added]
In other words, online retailers should not hide the ball as to what is being purchased, or as to the terms of the purchase. This applies to the text of the webpage, but also applies to the checkout process itself. If the process is confusing, it does not matter is the text is technically accurate! Consumers should be able to assume that they can "safely complete an uncomplicated internet transaction without fear of being swindled or saddled with unwanted goods and services if her reviews the order summary and clicks on the link or button that purportedly completes the purchase."
The court ruled with respect to a second group of Identity Protect plaintiffs that the practices were - as a matter of law - not deceptive because there was a disclosure on every screen that Identity Protect could be cancelled any time, but that "[a]fter [the] trial, [the consumer] will be billed $19.95 per month."
Family Safety Report Plaintiffs: The court similarly finds that the Family Service Report transactions could be deceptive. After the consumer bought the report from Intelius (and after the consumer clicked on the "show my report button") the consumer is presented with an option to "take the 2008 Community Safety Survey and claim $10.00 CASH BACK when you try Family Safety Report." Here the consumer is presented with a choice to try the Family Safety product or not, but the option to try the Family Safety Report is more prominently presented. If the customer clicks on the "Yes" button and provides his or her email address, the customer actually authorizes Intelius to "transfer" the customer's account information to the undisclosed third party who is offering the service. The court points to the design elements on the page that all fail to highlight that the consumer is actually signing up for something that he or she will be on the hook for:
None of the normal cues related to a consumer transaction are presented: no product is selected, no order summary is provided, no payment information is exchanged, and no confirmation of the transaction is generated. By providing an email address and clicking the red button, the consumer will have purchased an on-going service from an undisclosed entity. Unless the consumer had the forethought to print the webpage before moving on, he will have no idea how to contact the purveyor of the service once the subscription fee starts showing up on his account statement.
__
I blogged about the VistaPrint case where the plaintiffs argued that they were improperly signed up for a rewards program. There the district court and Firth Circuit both found that a disclaimer and the language of the transaction effectively undermined the claims. The court in this case disagrees with the approach in VistaPrint, noting that such "a truncated analysis is improper under Washington [law]" because the court should look at the transaction as a whole. Aside from the deference given to any disclaimers or disclosures, the processes in VistaPrint and in this case appear fairly different. There the customers had to check the box saying they agreed to the terms, enter their email address twice, and most importantly, the rewards program offer was presented after the transaction with VistaPrint.
In contrast, in this case, the court intimates that the merchant was doing everything it could to thwart the effective completion of the transaction, and the consumer is guided through a maze of steps where the merchant or third party tries to add an unwanted product into the consumer's shopping cart at each step. A big takeaway is that the flow of the transaction and overall impression to the consumer is equally as important to the text, and if the overall process is viewed as deceptive, a few disclaimers will not save you. Here, it was obvious that (taking the plaintiffs' allegations as true), customers were being put through a maze of a checkout process, with numerous traps along the way.
The practice of injecting third party service (with recurring billing) into a transaction has drawn the ire of regulators. State AG's have gone after companies, and recently President Obama signed the Restore Online Shopping Confidence Act. (Here's an interesting background article on this statute: "How an Oil Baron's Heir Cleaned Up a $1.4 Billion Internet Scam.") The act covers sales by "third party sellers," and prohibits the data pass that the plaintiffs are complaining about here. The act requires the third party seller to disclose the terms, and the fact that the third party seller is not affiliated with the merchant. The act also requires the third party seller to obtain "the express informed consent" for the charge by obtaining the account number, name and address, and a means to contact the consumer from the consumer, and requiring the consumer to check the box of perform some other affirmative act to indicate consent. It looks like the transactions in question would have been covered by the statute. The act is intended to be enforced by the FTC and the State Attorneys General, but it does not rule out private enforcement, and I'm sure plaintiffs will be citing it aplenty.
Previous posts:
"Fifth Circuit Blesses Vistaprint's Rewards Program Sign-Up Process -- Bott v. Vistaprint USA Inc."
"Internet Rewards Program Class Action Survives Initial Motion to Dismiss -- In re Easysaver Rewards"
Posted by Venkat at 04:39 PM | E-Commerce , Licensing/Contracts
March 14, 2011
Court Refuses to Set Aside Order Requiring Disclosure of Twitter Users' IP Addresses
[Post by Venkat Balasubramani with some comments by Eric]
In re: sec. 2703(d) Order; 10GJ3793; Miscellaneous Case No. 1:11dm00003 (E.D. Va. March 11, 2011) [pdf]
A federal magistrate judge refused to vacate a previously issued order granting the government's request to reveal information regarding various Twitter accounts for people allegedly associated with Wikileaks.
On December 14, 2010, at the government's ex parte request, the court entered a sealed order granting the government's request for the following information associated with the Twitter accounts of WIkileaks, rop_g, ioerror, birgittaj, Julian Assange, Bradley Manning, Rop Gonggrijp, and Birgitta Jonsodottir:
1. subscriber names, user names, and identities;
2. physical addresses, email addresses, and other contact information;
3. "connection records," records or session times and durations;
4. length of service and the types of service utilized;
5. "telephone or instrument number or other subscriber number or identity, including any temporarily assigned network addresses";
6. means and source of payment for service.
The order also required disclosure of all records and other information relating to these accounts, including the timing and method of connections, data transfer volumes, and "source and designation" IP addresses; "non-content information" associated with any communications, such as "source or destination email addresses and IP addresses;" and correspondence and notes of records relating to the accounts.
Twitter sought to have the order partially unsealed and give an opportunity for the affect account-holders to contest the order. (Kudos to Twitter for taking this step. ("Why Twitter Was the Only Company to Challenge the Secret WikiLeaks Subpoena.")) Several interested parties (Applebaum, Jonsdottir, Gonggrijp), represented by the ACLU and EFF, filed a motion seeking to vacate the order, but they were unsuccessful.
Standing Under the Stored Communications Act:
The first question was whether the moving parties had standing to challenge the order under the provisions of the Stored Communications Act. The court says that standing to challenge under section 2704(b)(1) is restricted to those customers who can show that the "contents" of their electronic communications have been sought. "Contents" are defined in the statute as information "concerning the substance, purport, or meaning" of the communications, and the court finds that the government did not seek the contents of any communication. [The court notes here that the moving parties face difficulties in challenging the application because they have not seen a copy of it - the application is under seal.]
First Amendment Arguments:
The First Amendment arguments centered around free association and the chilling effects that would result from the government being able to "create a 'map of association'" from obtaining the information in question. The court is unpersuaded by the First Amendment association argument, partially because the moving parties had "made their Twitter posts and associations publicly available." The court does not specify whether the accounts were set to private, but I assume if any of them were, the court would have mentioned it.
Fourth Amendment Arguments:
Finally, the moving parties made a Fourth Amendment argument that the disclosure order should have been vacated because it amounted to a warrantless search in violation of the Fourth Amendment. In particular, the moving parties argued that they had a privacy interest in their IP address information, and argued that requiring Twitter to produce IP address details for specific dates and times would be "'intensely revealing' as to location, including the interior of a home." The court is not sold on this argument. The court cites to a slew of federal appellate cases (including US v. Bynum, which was the subject of a brief post: "4th Cir.: No Expectation of Privacy in Internet and Phone Subscriber Info") holding that there is no privacy interest in an ISP subscriber's information. The moving parties argued that they never voluntarily conveyed their IP address to Twitter, but the court disagrees, and points to Twitter's privacy policy:
[b]efore creating a Twitter account, readers are notified that IP addresses are among the kinds of "Log Data" that Twitter collects, transfers, and manipulates . . . . Thus, because petitioners voluntarily conveyed their IP addresses to Twitter as a condition of use, they have no legitimate Fourth Amendment privacy interest.__
I had not followed the goings on closely, but the moving parties had an uphill battle given that the government did not seek the contents of any communications. This is a fact that is sometimes obscured in media reports, which often paint the picture of the government getting access to sensitive and private communications. That isn't the case. The fact that the accounts in question were not set to private did not help either. (Also, in the consumer context, courts have held that IP addresses are not personally identifiable information. See "Court: IP Addresses Are Not 'Personally Identifiable' Information.")
On the expectation of privacy issue, Chris Soghoian makes a good point that I've alluded to before - it's awkward to measure the consumer's expectation of privacy based on the language of a privacy policy because people rarely read the policies: "Federal judge in Twitter/Wikileaks case rules that consumers read privacy policies." That said, most people would expect services like Twitter to collect and use IP addresses. It's just a question of how long Twitter may retain this information for and under what circumstances it would turn this information over. On this issue, the privacy policy was of no help.
[As a side note, I think this may be somewhat indicative of how many of the Facebook privacy lawsuits may shake out. Those lawsuits are heavily dependent on federal statutes which grant protection to the contents of communications, and if all that's being collected and used is the parameters of a person's internet activity, the plaintiffs will have a tough time arguing that any statutory violations occurred.]
EFF & the ACLU plan to appeal, so this isn't the last word.
Other coverage:
EFF: "Court Rules Against Privacy in Battle Over Twitter Records"
cnet (Declan M.): "DOJ wins access to WikiLeaks-related Twitter accounts"
Wired (Threat Level): "Judge Won’t Stop WikiLeaks Twitter-Records Request"
Chris Soghoian: "Federal judge in Twitter/Wikileaks case rules that consumers read privacy policies"
_______________
Eric's comments: In my recap of top cyberlaw issues from 2010, I ranked Wikileaks as the #1 issue of the year and wrote:
Wikileaks finally forces us to confront many of the cyberspace governance issues we were debating in 1996. I'm sad to say that our government, and many private businesses, failed the test.
This ruling appears to be another datapoint in support of that assessment. The government's request for Wikileaks-related information from Twitter very well may be lawless, but this judge--like so many others confronted with Wikileaks-related issues--is willing to roll with it using highly formalist reasoning. In this respect, Wikileaks may be the new Napster--whenever its name is invoked, the rule of law gets suspended in an overall effort to kick the unwanted enterprise out of the ecosystem; and everyone who touches Wikileaks gets tarred with the taint-by-association brush.
The court's ruling on 2704 standing to challenge a 2703(c) request is a fine example of the problem. The court says that, based on the statutory wording, the affected subscribers lack standing to challenge the records request. OK, but when do the affected subscribers have standing to challenge a 2703(c) request? According to this ruling, the answer may be never. That can't be right. Surely we as citizens have some way to fight back against overreaching government requests for non-public information about us...don't we?
We encounter the same problem with the court's discussion regarding IP addresses. The court makes a troubling categorical statement: "petitioners have no Fourth Amendment privacy interest in their IP addresses." As with the 2703(c) records request, is there any circumstance where a subscriber could prevent his/her IP address from being disclosed to the government? According to this court, the answer may be no.
Overall, the court seems tone-deaf about the possible consequences of revealing the information to the government. We've made a lot of progress striking a balance regarding unmaskings in the civil context; here, the court doesn't consider the possibility of balancing at all.
I'd like to think the Wikileaks participants used anonymizers for their IP addresses. If you are doing anything likely to incur the wrath of the US government, consider this a cautionary warning of the need to use good anonymizers for your activity.
For Twitter, there is a silver lining to the ruling. In a footnote, the court says "By clicking on "create my account", petitioners consented to Twitter’s terms of use in a binding “clickwrap” agreement to turn over to Twitter their IP addresses and more." Surely Twitter likes a judicial vote in favor of its online contract formation. However, the court's citation of Twitter's privacy policy reinforces that privacy policies are not just about the private arrangements between sites and their users. The government will trawl through a site's privacy policy to cite terms against the site's users as part of the government's rapacious desire to know everything about its citizens. As drafters of privacy policies, we might consider how we balance our clients' needs for information flexibility with the fact that the government will abuse that same flexibility for its own possibly lawless interests.
UPDATE: Jennifer Granick's post on the opinion.
Posted by Venkat at 11:43 AM | Licensing/Contracts , Privacy/Security
February 17, 2011
eBay's Venue Selection Clause Upheld in Missouri--Earll v. eBay
By Eric Goldman
Earll v. eBay, 2011 WL 497781 (W.D. Mo. Jan. 4, 2011). The initial complaint.
Earll, who is deaf, sued eBay for violations of the Americans with Disabilities Act (ADA) and the CA state law analogue. Her complaint relates to the fact that eBay telephonically confirms sellers, which poses a problem for deaf sellers. As part of the signup process, Earll clicked on eBay's user agreement, which included eBay's standard venue selection clause specifying its home court as the mandatory venue for lawsuits. eBay invoked the clause against Earll to move the suit there.
Earll tries to knock out the user agreement by arguing that it was fatally defective for not disclosing the telephonic verification requirement. The court deems that omission immaterial.
Earll then argues that the venue selection clause covers only a subset of claims a plaintiff might bring, and therefore it does not apply to her civil rights claim. The court rejects the argument because her claims "relate to her inability to sell items on eBay's website."
Earll then argues that some courts have rejected venue transfers in disability-related cases where a transfer would prevent disabled people from litigating, and thus undermining the law's policy objectives. Acknowledging that, the court says that Earll never indicated that she would abandon her claim if it was transferred, and California courts are just as capable of adjudicating ADA claims as the Missouri courts.
Having rejected Earll's arguments, the court orders the venue transfer. This is a nice win for eBay on two fronts. First, it's yet another case upholding its venue selection clause. I just blogged on a similarly favorable case (Evans v. Linden Research) where Second Life, invoking a clause copied from eBay's, also successfully invoked the clause. In light of the confusion we had after Comb v. PayPal, it's nice to see more predictable contract interpretation results.
Second, ADA claims are very dangerous for online sites. See, e.g., the NFB v. Target case. Having the case in eBay's home court surely helps eBay's odds of success in a risky case.
Related blog posts:
* eBay Venue Selection Clause Upheld in Texas
* Terminated eBay Vendor Gets Day in Court Against eBay--Crawford v. Consumer Depot
* Note about Tricome v. eBay
* Note about Universal Grading Service v. eBay
* eBay User Agreement Upheld, Part II--Durick v. eBay
* eBay User Agreement Upheld--Nazaruk v. eBay (upheld on appeal)
Posted by Eric at 10:39 AM | E-Commerce , Licensing/Contracts | TrackBack
February 09, 2011
Second Life Forum Selection Clause Upheld--Evans v. Linden
By Eric Goldman
Evans v. Linden Research, Inc. (E.D. Pa. Feb. 3, 2011)
This lawsuit is similar to the Bragg lawsuit from a few years ago, which argued that land purchases in Second Life were equivalent to real property purchases (due to marketing representations made by Second Life), so Second Life couldn't unilaterally reclaim land from its users. In 2007, Bragg won a favorable jurisdictional ruling, defeating Second Life's invocation of the forum selection clause in its user agreement. See Bragg v. Linden Research, Inc., 487 F. Supp. 2d 593 (E.D. Pa. 2007). The parties subsequently settled. Now, another group of plaintiffs are taking a run at Second Life on the same basic theories.
I don't normally blog on forum selection clause cases any more, but this case is interesting because Second Life changed its fate. In contrast to the Bragg ruling, this opinion upheld Second Life's forum selection clause, shipping the case from ED Pa. to ND Cal. The new case involves the same basic arguments as the Bragg case, filed in the same court against the same defendant, and the decisions were written by the same judge. How did Second Life work this turnaround?
After the Bragg ruling, Second Life changed its user agreement's forum selection clause to basically mimic the approach eBay uses in its user agreement: mandatory jurisdiction/venue in Second Life's home court except for permissive virtual arbitration for low-dollar-value disputes. eBay adopted this structure in the early 2000s after it got a scary ruling in Comb v. PayPal, and since then eBay has had some litigation success with its new clause. Here, Second Life changed its contract from a mandatory arbitration clause--which failed--to eBay's mandatory jurisdiction/venue + permissive arbitration approach--which works. Nicely done.
(Personnel note: Second Life's mimicry of eBay's user agreement probably isn't an accident. Second Life's General Counsel at the relevant times, Marty Roberts, previously did a tour of duty as an in-house lawyer at eBay. See Marty's LinkedIn profile).
The court does not clearly explain how Second Life successfully amended its user agreement for any users who initially signed up under the old contract. (As I've previously blogged, retroactive contract amendments are tricky). The court says tersely "The information provided shows that each Plaintiff agreed to the March, 2010 TOS at some point before this action was brought." I would have loved to see the court explain in more detail how Second Life successfully moved everyone onto the new contract.
There are two very practical implications from this ruling:
1) If your mass-market online user agreement still contains a mandatory arbitration clause, you are playing with fire.
2) I have been recommending an eBay-style forum selection clause to my clients for many years now. Given that it is battled-tested in court, you might consider if the clause would be a useful starting point for you.
Posted by Eric at 09:27 AM | Licensing/Contracts , Virtual Worlds | TrackBack
January 27, 2011
Top 5 Cyberlaw Developments of 2010, Plus a 2010 Year-in-Review
By Eric Goldman
Earlier this Fall, I posted my top 8 trends in Internet law, and that's a good place to start if you want to see how I think things are developing. Because of that post, this year I'm shaking up the format of my year-end recap post a little bit. We'll start with the top 5 Cyberlaw events of 2010, but then we'll move to other topics. (This is a variation of my post to InformIT on Tuesday).
Top 5 Legal Developments
#5: Google pulls out of China. China's native search engines rejoice, but is this really a win for China's long term prospects? Meanwhile, I keep hoping Google will do the same in the EU too given how much the EU regulators hate Google.
#4: COICA and the pre-enactment COICA workaround, ICE's lawless seizure of 82 supposedly pirate-oriented domain names. Showing once again that domain name censorship is irresistible to government regulators.
#3: Righthaven goes on a litigation frenzy on behalf of newspapers. Which do you think will happen first--bloggers stop discussing newspaper articles for fear of being sued, or newspapers go out of business? What's amazing is that newspapers don't realize that the first will accelerate the second.
#2: Oracle gets $1.4B+ from SAP for competitive scraping. Oracle hit a grand slam with the damages in this case, ranking highly on several all-time-largest-awards charts.
And the top cyberlaw story of the year goes to...
#1: Wikileaks. Wikileaks finally forces us to confront many of the cyberspace governance issues we were debating in 1996. I'm sad to say that our government, and many private businesses, failed the test.
Other Key Developments
* Tiffany v. eBay. The Second Circuit thumps Tiffany's pathetic arguments and gives eBay a clean bill of trademark health. However, this ruling just preserved the status quo, so for my money, the much more important secondary trademark rulings involved providing other services to alleged counterfeiters. See Gucci v. Frontline, potentially exposing credit cards and other payment service providers to secondary liability for providing payment services to alleged counterfeiters, and Roger Cleveland Golf v. Price, potentially exposing SEOs/web designers to secondary liability as well.
* Viacom v. YouTube and Arista v. Limewire. These companion cases told us what we already knew: YouTube + 512(c) defense = good, P2P file sharing software vendor - DMCA safe harbor = bad.
* Sony v. Tenenbaum. I'm still waiting to see if this case is a blip or a watershed. It has the potential to make every copyright statutory damages case into a constitutional due process inquiry.
* Legally, it was a good year for Google. Google got a favorable trademark ruling in the ECJ. Google got a decisive win in its Rosetta Stone AdWords trademark case (and, as mentioned before, the YouTube case as well). Most of the other trademark plaintiffs lost or simply gave up.
* Legally, it was a lousy year for Google. Everyone in the world seems to be considering if they can run Google's algorithms better than it can: EU antitrust regulators, French antitrust regulators, the Texas AG, private plaintiffs, the New York Times and so many more. Google got trapped in a dangerous antitrust litigation in the unfavorable venue of Ohio state court. Google Street View has been a legal train wreck world-wide. The DOJ busted up a possible hiring cartel among Silicon Valley companies, and Google almost immediately handed out 10% pay raises for everyone. Buzz was a lousy product with a horrible launch, and it led to a multi-million dollar litigation kicker.
* It was a quiet year for 47 USC 230 litigation. From my perspective, quiet is good! The biggest defense win of the year: Milgram v. Orbitz. The biggest plaintiff win of the year: Swift v. Zynga.
* Perfect 10 v. Google. Google gets yet another win in this case, this time on 512(d)--one of the few cases interpreting the 512(d) safe harbor for linking to infringing content.
Notice I didn't put *any* of the Ninth Circuit Internet law jurisprudence on the list. There were plenty of interesting rulings this year: Krottner v. Starbucks, MDY v. Blizzard, Vernor v. Autodesk, DSPT v. Nahum, the Freecycle naked licensing case, Advertise.com v. AOL, Toyota v. Tabari, Visa v. JSL, CRS Recovery v. Laxton, Office Depot v. Zuccarini. However, I have lost all faith that 3 judge panel decisions by the Ninth Circuit have any binding precedential on other panels, so every case is effectively a one-off.
Less-Heralded But Nevertheless Interesting Disputes of the Year
Some under-the-radar legal disputes that I thought were more interesting than the overhyped stories:
* Barclays v. theflyonthewall. A brokerage house gets an injunction against the republication of its stock recommendations based on a hot news doctrine. The case is now on appeal to the Second Circuit. The case exposes the precarious business model of brokerage houses: they are content publishers trying to monetize via a commodity service, and brokerage house stock recommendations were exactly the kind of information John Perry Barlow explored in his 1994 Economy of Ideas article. Will the hot news doctrine prop up a doomed business model?
* Anderson v. Bell. Electronic signatures count towards the requirements for an election petition. This could launch a new era of citizen petitioning of the government.
* Snap-on v. O'Neil. A company can't scrape its own data from its outsourced vendor, seemingly authorizing the vendor to play hold-up games for companies that don't handle the contract correctly. The Eventbrite v. Cvent case provided some interesting contrast.
* Goforit v. Digimedia. A court upholds domain name wildcarding and says the TM owner/plainitff pursuing those wildcarded domain names may have engaged in reverse domain name hijacking.
* Lara Jade Coton v. TVX. The blog post title said it all: "Tip for Clean Living: Don't Use a 14 Year Old's Self-Portrait in Advertising for Porn."
Most Overhyped Stories
This year, for the first time, I'm separately breaking out a category for most overhyped stories of the year.
* Craigslist shuts down its adult services category. A toxic mix: Craigslist took a legally defensible but nevertheless obstinate position, and state AGs love to show their constituents how much they hate the Internet. When Craigslist finally gave in and shut down its adult services category (with a whining F-U), people went crazy.
* Borings get $1 for their trespassing claim. Google's Street View contractors made a mistake, drove up a private driveway, and captured what they saw. Google posted the photos until it got a complaint, then the homeowners with the odd surname ("Boring") went on a litigation frenzy. Their payoff for several years of litigation? $1. Not even enough for extra foam on a Starbucks mochachino.
* The Supreme Court's tech docket. Several fizzled out non-decisions from SCOTUS this year: Bilski, Quon, Costco. The Supreme Court is taking a steady diet of tech-related cases, but they are gun-shy about actually resolving them.
* Mark Hurd. Mark Hurd, Hewlett Packard's CEO, had an inappropriate relationship with an HP contractor/former B-list softcore porn actress and maybe fudged his expense reports. When he tried to take a job at HP's frenemy Oracle, HP got litigious, but it turns out their fur can be smoothed for a few million.
* Lost iPhone Prototype. Stop me if you've heard this joke before: an engineer walks in a bar and...loses a super-stealthy prototype of one of the most important new consumer technology launches ever...? I realize it's an uber-cool phone, but still, IT'S A PHONE, PEOPLE!
Our Snarkiest Company-Specific Posts
Occasionally, we get snarky about specific companies' practices. It's not our norm, but these posts sure do boost traffic. Companies in our crosshairs this year:
* The Problems With Google House Ads. Google's response to this post was pathetic and embarrassing.
* Scribd Puts My Old Uploads Behind a Paywall and Goes Onto My Shitlist. I still use Scribd, but I have zero loyalty.
* Hypocrisy Alert?! Expedia, a "FairSearch" Member, Marginalizes American Airlines in Its Search Results. If you're going to wave the "Search Neutrality" flag, please keep it hypocrisy-free.
* Facebook pulls a rare hat trick of snark this year: Q2 2010 Quick Links Part 3 (Special Facebook Edition), Facebook's Anti-Spam Filter Blocks Legitimate Conversations about Power.com, Distrust in the Cloud Part #2: Facebook Blocks J.mp Links and Takes Down Lots of Status Updates in the Process. I'm officially no longer in love with Facebook. I post the exact same content to Twitter and Facebook, so please follow me at Twitter instead.
* My RapLeaf Profile is Amusingly Mistaken. This is What the Fuss is All About?. In response to an article in the Wall Street Journal's "What They Know"/privacy plaintiffs lawyers full-employment series of articles.
Most Popular Blog Posts of the Year
1) Scribd Puts My Old Uploads Behind a Paywall and Goes Onto My Shitlist. Nearly 2X the traffic of #2. Putting profanity in the post title still works as a traffic booster.
2) Deleted Facebook and MySpace Posts Are Discoverable--Romano v. Steelcase (Topsy 100). I still can't figure out why this post was so popular; it just reminded us of something we already knew. See also the related but overreaching Millen v. Hummingbird Speedway.
3 & 5) #3: Twitter Clarifies Usage Rules, but AFP Still Claims Unbridled Right to Use Content Posted to "Twitter/TwitPic". Venkat also had an end-of-the-year hit with the #5 post, "Court Rejects Agence France-Presse's Attempt to Claim License to Haiti Earthquake Photos Through Twitter/Twitpic Terms of Service -- AFP v. Morel." Both posts were Topsy 100.
4) Viacom v. YouTube Summary Judgment Motions Highlights. Not surprisingly, the gossip about the lawsuit is way more popular than the blog post on the actual ruling.
One other post reached Topsy 100: "Ripoff Report Defeats Extortion Claim, But Plaintiffs Keep Trying--AEI v. Xcentric."
Lists of Yore
Previous top 10 lists from 2009, 2008, 2007 and 2006. Before that, John Ottaviani and I put together a list of top Internet IP cases for 2005, 2004 and 2003.
Posted by Eric at 06:56 AM | Content Regulation , Copyright , Derivative Liability , Domain Names , Evidence/Discovery , Internet History , Licensing/Contracts , Search Engines , Trademark , Trespass to Chattels | TrackBack
January 07, 2011
TweetPhoto (now Plixi) To Start Charging For Twitter Celeb's Pics
[Post by Venkat Balasubramani]
I posted last week about the AFP/Morel Haiti photo debacle where the court rejected AFP's arguments that it had a license to photos posted to Twitpic by virtue of the Twitter & Twitpic terms of service. Two quick follow up points to that post.
First, Joe Mullin covered the story at paidContent ("Court To AFP: Pics Aren’t Free Just Because They’re On Twitter"), and AFP's lawyers made some striking comments:
AFP’s attorney, Joshua Kaufman of Venable LLP, contacted me today and said his client will continue to litigate this case. AFP’s fundamental position—that uploading pictures to TwitPic makes them available for other parties to use—hasn’t changed. And it’s common practices for news services to use such images, added Kaufman, saying: “If you look in magazines, there are hundreds of pictures a week that are taken off of TwitPic.” That’s because when a user agrees to Twitter’s terms of service (which all TwitPic users must do), the user agrees that Twitter, its partners, “and others” have the right to re-broadcast content, according to Kaufman. (The Twitter terms of use appear to have changed since this all occurred in January 2010.) “AFP certainly believes they acted appropriately, within the terms of the license,” he said.
Yikes! If this is a "common practice," it looks like there could be other lawsuits out there. What's striking about this comment isn't that AFP's legal position is off-base (it is). What's most striking is that AFP is the same organization that sued Google for linking to AFP's stories. (See "AFP Gets Confused As To How The Internet Works.") Something tells me that a ruling in AFP's favor in this case could undercut their future position as a plaintiff.
Second, the New Statesman reports that TweetPhoto (now Plixi) has agreed to license celebrity photos which are posted on Plixi ("News agency seeks to cash in on celeb Twitter pics"). (h/t TweetSmarter) As the story notes, Plixi signed a deal with WENN, which will now start charging publishers for use of celebrity images. Plixi is in a different position than AFP. Plixi (like Twitter) could claim a broad license to exploit content uploaded to the service; unlike Plixi, AFP is a third party that's coming along and saying it can exploit the content. However, interestingly, Plixi's user agreement does not seem to convey such broad rights to Plixi (See section 15 of Plixi's Terms of Service). The terms only allow Plixi to use the photos for the purpose of promoting Plixi:
Plixi does not claim ownership of Content you submit or make available for inclusion on the Service. However, with respect to Content you submit or make available for inclusion on publicly accessible areas of the Service, you grant Plixi the following worldwide, royalty-free and non-exclusive license(s), as applicable:
With respect to Content you submit or make available for inclusion on publicly accessible areas of Plixi, the license to use, distribute, reproduce, modify, adapt, publicly perform and publicly display such Content on the Service solely for the purposes of providing and promoting Plixi to which such Content was submitted or made available. This license exists only for as long as you elect to continue to include such Content on the Service and will terminate at the time you remove or Plixi removes such Content from the Service.
Maybe Plixi has separate deals with celebrities regarding the rights in celebrity photos?
Added: Additional coverage and link to the original story from Press Gazette: "News agency seeks to cash in on celeb Twitter pics"
Posted by Venkat at 11:55 AM | Copyright , Licensing/Contracts
January 01, 2011
Nov.-Dec. 2010 Quick Links, Part 4
By Eric Goldman
Blogs and Boards
* Reuters on the wild-and-wooly world of investor message boards.
* KingCast.net v. Friends of Kelly Ayotte, 2010 WL 4683829 (D.N.H. Nov. 2, 2010). Blogger's unsuccessful lawsuit to gain mandatory access to a candidate's campaign events as a journalist.
* Mealer v. GMAC Mortg. LLC, 2010 WL 4586183 (D. Ariz. Nov. 2, 2010). A lawsuit against General Motors for an employee's allegedly disparaging blog post is dismissed because the new GM isn't liable for the old GM's activities.
* ABA Journal: some attorneys are using independent contractors to “ghost write” blog posts for them. This seems like a practice filled with legal landmines.
Contracts
* Florencia Marotta-Wurgler, Does Disclosure Matter? The abstract:
Disclosure has long been the preferred regulatory approach to curtail one-sided standard form contract terms....The appeal of disclosure is that it is relatively low cost, improves consumer decision-making and preserves consumer choice. For disclosure to be effective, however, it must increase readership and understanding of contracts to a meaningful rate, and, conditional on readership, contract content must be relevant to purchase decisions. This paper tests both these necessary conditions. We follow the clickstream of 47,399 households to 81 Internet software retailers to measure contract readership as a function of disclosure. We find that making contracts more prominently available does not increase readership in any significant way. In addition, the purchasing behavior of those few consumers who read contracts is unaffected by the one-sidedness of their terms. The results suggest that mandating disclosure online should not on its own be expected to have large effects on contract content.
* S. 3386, Restore Online Shoppers' Confidence Act, signed into law Dec. 29, 2010. The bill prevents online merchants from passing shoppers' credit card numbers to other merchants without requisite consent. It also restricts negative option sales without adequate disclosure, consent and ability to terminate.
Jurisdiction
* Penachio v. Benedict, 2010 WL 4505996 (S.D.N.Y. Nov. 9, 2010). "Defendants are not subject to personal jurisdiction in this Court. The preparation and dissemination of the defamatory material occurred outside of New York. Although the [YouTube] videos bear a relationship to the proceedings in New York and Defendants' alleged commercial interest in New York, Defendants' interaction with New York during the publication of the videos is too marginal to rise to the level of purposeful availment."
* Miller v. Kelly, 2010 WL 4684029 (D. Colo. Nov. 12, 2010). "Defendant's LiveJournal blog appears to the Court to have been merely a passive website that allowed internet users to access and view information posted by Defendant. Accordingly, the Court finds that Defendant's authorship of a LiveJournal blog is an insufficient basis for the exercise of general personal jurisdiction over her....the Defendant's authorship of an entry on the blog was not an act purposefully directed at Colorado. Although the blog entry was allegedly accessed by Plaintiff in Colorado, no allegation or evidence has been presented to indicate that Defendant expressly aimed the entry at Colorado."
* State v. Pierce, 2010 WL 4941473 (Minn. App. Ct. Dec. 7, 2010). A man was ordered not to contact his ex-girlfriend. He violated the order by sending her a MySpace message, but prosecutors could not establish that he sent or she received the message in their county, so the conviction was reversed.
Posted by Eric at 01:14 PM | Content Regulation , E-Commerce , Licensing/Contracts | TrackBack
December 29, 2010
Court Rejects Agence France-Presse's Attempt to Claim License to Haiti Earthquake Photos Through Twitter/Twitpic Terms of Service -- AFP v. Morel
[Post by Venkat with a few comments from Eric]
Agence France Presse v. Morel, 10 Civ. 2730 (WHP) (S.D.N.Y.; Dec. 23, 2010)
The Southern District of New York issued an order denying AFP's request to dismiss photographer Daniel Morel's copyright claims, rejecting AFP's argument that uploading pictures to Twitter/Twitpic granted third parties (including AFP) a broad license to exploit this content. The result is not surprising from a legal standpoint, but should allow photographers (and others who upload content into Twitter's ecosystem) to breathe a sigh of relief.
The court recaps in detail the factual background underlying the dispute in its order. In a nutshell, Morel took what turned out to be iconic photographs in the aftermath of the Haiti earthquake. He uploaded the photos to his Twitpic account and linked to them via his Twitter account. Shortly after Morel uploaded his photographs, Lisandro Suero copied the photographs and posted them to Suero's own Twitpic page. Suero did not attribute the photographs to Morel. The facts are somewhat murky, but it does not seem disputed that AFP downloaded the photographs from Suero's account, marketed and distributed the photographs, and initially credited Suero with taking the photographs. Ultimately, Morel cried foul, and AFP filed a declaratory judgment lawsuit saying it did not infringe. [Some of the discussions between AFP and Suero took place on Twitter, and make for interesting reading. I wonder if the casual nature of Twitter and email discussions contributed to AFP's foibles here.] [Also, the photos were broadly distributed and licensed downstream, so there are a slew of defendants. I've mostly omitted discussion of the various defendants, focusing on AFP.]
Copyright Claim: AFP's primary argument was that (1) "[it] had an express license to use Morel's images [by virtue of the Twitter or Twitpic terms]" or (2) that it was a third party beneficiary of the agreement between Morel and Twitter. The court rejects this argument:
[b]y their express language, Twitter's terms grant a license to use content only to Twitter and its partners. Similarly, Twitpic's terms grant a license to use photographs only to Twitpic.com or affiliated sites. . . . the provision that Twitter 'encourage[s] and permit[s] broad re-use of Content' does not clearly confer a right on others to re-use copyrighted postings
The court also rejects the argument that AFP was a third party beneficiary to the Twitter license agreement, since AFP was not a "partner or sublicensee" of Twitter - AFP acknowledged that it was only a "user."
Contributory/Vicarious Infringement: With respect to the contributory infringement claim, the court held that Morel's allegations were sufficient:
Morel's allegations that AFP and Getty knew that the images where his, disregarded his rights, and licensed his images to third parties are sufficient to plead knowledge and inducement of infringement.
The court similarly rejects AFP's and Getty's request to to dismiss the vicarious infringement claim. (The court does grant the request by CBS and CNN to dismiss the vicarious infringement claim because Morel failed to plead any "direct financial interest" in the exploitation of images by the affiliates of CBS and CNN.)
DMCA Copyright Management Information Claims: Morel's DMCA claims against AFP were premised on AFP's miscrediting of the images. AFP did not contest that the credit lines constituted "copyright management information" (as defined in section 1202), and the court finds that AFP acted with the requisite knowledge and intent. Interestingly, with respect to AFP, the court notes that Morel alleged that:
an AFP photo editor viewed [Morel's] photos before asking about identical photos on Suero's Twitpic page, and that when Morel failed to respond to the editor's email, AFP downloaded the pictures from Suero.
Morel brought a second 1202 claim based on AFP's "removal or alteration" of CMI, or distributing copyrighted material "knowing that CMI has been removed or altered." The crux of Morel's argument seems to be that he had posted CMI on his Twitpic page (e.g., by including "by photomorel," "daniel morel," and "morel") next to the photos when he uploaded them, and AFP violated section 1202 when it distributed photos downloaded from Suero's Twitpic account (which did not contain this information). The court construes the term CMI broadly, rejecting AFP's argument that CMI must be contained on the photograph itself. In the court's view, the information attached to Morel's Twitpic account constitutes CMI, and Morel's allegations regarding AFP's distribution of the photo which did not contain this CMI was sufficient to state a claim.
AFP argued that CMI is limited to a "component of an automated copyright protection or management system" (i.e., a technological measure that controls access and reproduction), but the court rejects this argument, and the line of cases which take this approach.
Lanham Act: The court rejects Morel's Lanham act claim as being foreclosed by Dastar, a case in which the Supreme Court rejected Lanham Act claims with respect to communicative products (finding that these claims should be brought under copyright law and allowing Lanham act claims would impermissibly broaden the scope of copyright protection).
__
As I mentioned in a previous post, AFP's position was a stretch, and it's nice to have some clarity that uploading content into the Twitter ecosystem does not grant third parties a license to use that content outside the ecosystem. (Nor does sharing and encouraging others to share result in a license to third parties.) Twitter and its partners have a broad license, but that's different from a random third party coming along, and claiming rights to the content. Photographers can rest easy!
The court construes Morel's 1202 arguments broadly, and as Professor Goldman notes below, this is equally interesting (if not more so) than the Twitter/Twitpic license issue. This looks like a boon to content providers - almost any sort of notation which indicates that the content is yours can be copyright management information (under the court's definition), and disseminating the content without this information (or after having removed it) can cause someone to incur 1202 liability. It seems like the court's reading of section 1202 (although it is supported by the language of the statute) allows a plaintiff to assert exactly the type of claim the Supreme Court negated in Dastar.
Earlier posts:
"Twitter Clarifies Usage Rules, but AFP Still Claims Unbridled Right to Use Content Posted to 'Twitter/TwitPic'" (I blogged that AFP's position was a stretch, but this post at duckrabbit contains a link to the oral argument, which will give you a flavor of how incredulous the court was at AFP's argument that it had a license through the Twitter or Twitpic terms: "AFP, CNN, Getty, ABC, V Morel, why this case matters to all professional photographers or why Getty could be selling your photos without you even knowing …")
Earlier coverage of the dispute:
* paidContent: "Lawsuit Tests Whether Twitter Pictures Are Free For The Taking"
* ReadWriteWeb: "Agence France-Presse: "All Your Twitpics Are Belong to Us"
* Techdirt: "AFP Still Not Giving Up On Its Bizarre Claim That Twitpic Images Are Freely Licensed To Anyone"
______
Eric's comments:
This case is a clusterf**k. AFP made numerous mistakes that resulted in infringing photos being injected into the news coverage of a major world crisis, which inadvertently tainted a variety of downstream media properties--all of whom, due to copyright's strict liability standard, are likely to write checks to Morel. AFP and its unfortunate partners should end their likely-futile and sometimes-silly defense and settle up with Morel so that everyone can move on to more productive endeavors.
Even though the Twitter/Twitpic discussion will get the most attention, I think the court's discussion about the 1202 liability is the opinion's most noteworthy aspect. There has been an ongoing schism in the 1202 jurisprudence about whether or not it's a 1202 violation to copy a copyrighted work without retaining the CMI located somewhere other than in the work itself. This case is a fine example of the problem: when people copied Morel's photos, they didn't go back to Twitpic to see what additional CMI might have been presented on the pages alongside the images. Some courts, recognizing the potential trap this creates, have read the 1202 statute narrowly, basically saying that metadata not in the file itself can't trigger a 1202 violation. I've been skeptical about the statutory fidelity of those rulings, but I've applauded their efforts to keep 1202 from becoming a backdoor Dastar as Venkat calls it. Other cases, including this one, have rejected these narrow readings of 1202 and indicated that failing to capture and republish metadata outside the file itself could violate 1202. Should more courts jump on this bandwagon, expect 1202 to become the copyright plaintiff's favorite new toy in 2011.
Posted by Venkat at 06:10 AM | Copyright , Derivative Liability , Licensing/Contracts
December 24, 2010
Deep Packet Inspection (NebuAd) Litigation: Court Dismisses ECPA Claim but CFAA Claim Continues
[Post by Venkat with comments by Eric]
Mortensen v. Bresnan Comm., CV 10-13-BLG-RFC (D. Mont. Dec. 13, 2010)
A district court in Montana hearing one of the many NebuAd "deep packet inspection" lawsuits partially granted a defendant's motion to dismiss. This lawsuit arises out of NebuAd's alleged attempt to monitor and use an end user's internet activity for advertisement targeting purposes - i.e., not using cookies or other tracking, but actually routing the communications themselves through NebuAd's "appliance." There have been a slew of lawsuits out of this practice; this lawsuit involved claims against Bresnan Communications, an Internet access provider, who is accused of letting NebuAd install the appliance for its profit.
Electronic Communication Privacy Act Claims: Bresnan first argued that it did not engage in any interception itself, so it could not be held liable under the ECPA. The court rejects this argument on the basis of plaintiff's allegation that Bresnan "allowed" NebuAd to install its device on Bresnan's network, and but for the appliance, the monitoring would not have occurred.
However, the court accepts Bresnan's argument that the plaintiffs agreed to the interception based on disclosures in the terms of service and elsewhere. The court quotes from Bresnan's "Online Privacy Notice," which says:
the equipment used to provide the service collects information . . . [including] information about . . . 'electronic browsing,' and the text of email or other electronic communications the [users] send or receive using [the] services.
The notice also references that the information that is collected will be disclosed to third parties. Bresnan's "Online Subscriber Agreement" contained similar disclosures. Finally, the court notes that Bresnan alleges that it provided customers "specific notice" and a link to opt-out from information collections.
Shockingly, plaintiffs did not contest that "they agreed, by way of Bresnan's Privacy Notice and Subscriber Agreement to the interception." (??) Instead, plaintiffs quibble with the scope of the documents in question and argued that Bresnan construes plaintiffs' consent "cavalierly." The court rejects plaintiffs' argument, and grants Bresnan's motion to dismiss the ECPA claim on the basis of consent.
Invasion of Privacy Claims: Plaintiffs brought a common law invasion of privacy claim. The court finds that the notice and disclosure (discussed above) undermines any expectation of privacy plaintiffs had in their use of the service. This ends the court's discussion.
Computer Fraud and Abuse Act Claims: Although the court rejects plaintiffs ECPA claim, the court allows plaintiffs' Computer Fraud and Abuse Claim to go forward. The court concludes (based on Bresnan's disclosures to its customers) that Bresnan's access of plaintiffs' computers had some authorization. Nevertheless, the court finds that Bresnan may have exceeded the authorization that was initially granted. The court bases this conclusion on the fact that the notices provided by Bresnan did not clearly apprise plaintiffs that "their computer settings were to be actively altered or tampered with by Bresnan." The court concludes that for purposes of surviving a motion to dismiss, plaintiffs have sufficiently alleged that:
Bresnan's act of tampering with the security and privacy protocols exceeded any authorization that Plaintiffs may have given.
The court also addresses the jurisdictional damage requirement, under which a CFAA plaintiff must show that the unauthorized access caused $5,000+ in damages. The court notes that plaintiffs' allegations of emotional distress are not compensable, since only economic losses are recoverable under the CFAA. However, the court finds that plaintiffs satisfy the jurisdictional damage threshold since they allege they were "forced to mitigate Bresnan's invasive actions by expending time, money and resources to investigate and repair their personal computer's diminished performance."
Trespass to Chattels: Finally, the court allows plaintiffs' trespass to chattel claims to go forward. With respect to the trespass claim, the court says that the plaintiffs sufficiently alleged an interference with their chattel (their computers).
__
Venkat's Comments:
This is one of many privacy lawsuits that are percolating through the courts right now. I think this one differs qualitatively from many of the others in that here, there is an allegation of improper monitoring of the contents of the plaintiffs' communications. It's one thing to surreptitiously find out what websites someone has been visiting or leak someone's unique user ID. It's another thing entirely to read their email and the contents of what they access while browsing. This is an important distinction to keep in mind. I don't think you can necessarily extrapolate a tentative result in the other cases based on this result. Apart from the damages issue (discussed below) a key unknown in the pending cases is to what extent the information that is captured or disclosed are covered by the statutes in question.
I was somewhat surprised to see little or no discussion from the court on whether the policies were presented in a "leak proof" manner, or whether the disclosure satisfied FTC standards. Was there evidence that plaintiffs could not access the service without encountering the policy? (See Prof. Goldman's post on that topic: "Clickthrough Agreement With Acknowledgement Checkbox Enforced.")
The court's conclusion on the consent issue is also somewhat perplexing, in light of the exact same judge's earlier order denying Bresnan's request to compel arbitration, which you can access here. BNA recaps the decision denying Bresnan's request to subject the claims to arbitration as follows: "A mandatory arbitration clause in an internet service provider's terms of service—which was presented in capitalized text in the ninth paragraph of the unsigned document—was an inconspicuous part of a contract of adhesion and unenforceable under Montana law."
On the other hand, if plaintiffs conceded the consent/disclosure issue, then the court did not need to get into it. [What were the plaintiffs thinking, conceding this? If you are bringing this type of a lawsuit, you have to be able to put together enough allegations of no-consent to get past the motion to dismiss stage.]
At the end of the day, if consent is going to be the basis to defend against these types of privacy claims, defendants would be well advised to really be thorough in procuring this consent. In fact, I'm surprised that Bresnan - given that it is an IAP allegedly engaging in gray area practices - didn't just secure written consent at the time it first provided the service.
I'm also surprised at the court's conclusion on the Computer Fraud and Abuse Act damage issue, given its conclusion on the ECPA issue. If it was going to split hairs on the notice and consent (as it did with respect to the CFAA claims), it could have probably done so on the ECPA claims as well. Courts often keep in claims they may otherwise dismiss if they decided that some claims are going to survive. Also, some cases construe the CFAA narrowly as requiring damage to the protected computer (or an interruption in data). It's conceivable that plaintiffs could have suffered the requisite loss (which can be aggregated in the class action context), but the court's discussion of plaintiffs' allegations made the damage allegations seem awfully light. (Two posts from Nick Akerman look at some recent CFAA dismissals and discuss the restrictive approach taken by some courts with respect to the CFAA's jurisdictional damage requirement: "Dismissal of CFAA Claim for Lack of Jurisdiction" and "Why Two District Courts Dismissed Valid Computer Fraud and Abuse Claims for Lack of Jurisdiction.")
The dismissal of the ECPA claim as opposed to the CFAA claim could have some ramifications on the damages front. Statutory damages are available under the ECPA, but not under the CFAA. For what it's worth, there's conflicting authority on the issue of whether non-economic damages are recoverable under the CFAA. (See Garland-Sash v. Lewis, 348 Fed. Appx. 639 (2d Cir. 2009) (construing the phrase "compensatory damages" - which was added to a provision of the CFAA after the DoubleClick case came down - to include damages for pain, suffering, and other emotional harms").) Even if for some reason the court decides that plaintiffs are entitled to non-economic damages, it will be interesting to see how plaintiffs prove up these damages.
The trespass claim is a bonus claim, but again, the court doesn't dig in to the damage issue with respect to common law trespass. Although the court cites to California law, the court does not discuss damage or slowdown to the machine in question as articulated by the California Supreme Court in Intel v. Hamidi (an email bombardment case) or as interpreted by the Fourth Circuit in the Omega v. Mummagraphics case.
I'm not sure how much light this ruling will shed on the many pending privacy lawsuits that involve things like surreptitious tracking, sniffing, and leakage of personal information. Damages issues aside, the ruling may highlight the importance of choice, consent, and the requirement that any disclosures or disclaimers be conspicuous, all issues the FTC seems to frequently opine on and issue reports about.
(h/t Wendy Davis)
__
Eric's Comments:
As Venkat notes, this ruling is an inconsistent mix of formalism and realism. In light of the judge's ruling last month that Bresnan made inadequate disclosures to uphold an arbitration clause, it's odd for the judge to now find that Bresnan made adequate disclosures to wipe away the ECPA and privacy invasion claims via dense/buried EULA language plus an opt-out notice; while that same consent wasn't good enough to wipe away the CFAA and Trespass to Chattels claim. The CFAA ruling on damages was also oddly formalist given the consent ruling. I respect formalist judges for being careful and methodical, but it would have been nice if this judge had been a little more aggressive about calling a spade a spade.
I am not a fan of deep packet inspection (DPI) by IAPs done on anything but an opt-in basis. We're basically back to the old battles about unwanted adware/spyware getting onto users' hard drives as part of some bundle. Sure, the adware vendors could claim user consent through a formalist reading of the contracts, but there wasn't true consumer consent, and we all knew it. I'm reminded a little of the FTC's bust of Sears for its trackware installations--Sears paid people for the installation, but the software did things far beyond anything users might have expected, even though these attributes were putatively explained deep in the EULA. If you're an IAP trying to implement DPI on an opt-out basis, bonne chance, and don't expect a lot of friends to rally around your cause.
At the same time, I'll be interested to see if the plaintiffs can marshal any true evidence of harm. If the plaintiffs are advancing a recycled version of the old, tired and completely laughable arguments that installing cookies on a user's computer creates cognizable harm, I hope this judge will quickly give them the boot they deserve. In that respect, I'm disappointed the judge didn't more aggressively police the trespass to chattels claim on the harm requirement per Hamidi. Personally, I think these plaintiffs should have been forced to put-up-or-shut-up on the harm issue early. Then again, this case came out the day before the Ninth Circuit's recent Starbucks case, but perhaps it's consistent with it.
Overall, this ruling is just another small data point in a much larger struggle over targetable consumer data. My Coasean Analysis of Marketing article doesn't directly address DPI by IAPs, but the article tells the story of how different intermediaries are fighting with each other to capture better datasets of targetable consumer behavior. After the flameout of the early 2000s model of adware, IAPs are trying to squeeze into the middle by using their more favorable position (compared to websites) to see more complete consumer data. Similarly, Facebook is trying to use tools like Beacon nee Instant Personalization to sweep up targetable consumer data from throughout the web, not just the smaller dataset it can capture at facebook.com. Meanwhile, Google is trying to move onto the desktop (the toolbar, Desktop, Chrome and its various OSes) to let it get closer to the honeypot of consumer data residing there, rather than just rely on the data it can get at google.com properties. Adware circa 2005 may be dead, but battles between different intermediaries fighting to get the good stuff is a perennial. For more, see my posts Adware is Dead and Relevancy Trumps Creepiness.
Posted by Venkat at 09:00 AM | Derivative Liability , Licensing/Contracts , Privacy/Security , Publicity/Privacy Rights , Spam , Trespass to Chattels
December 21, 2010
Ninth Circuit's Mixed Opinion in Glider/WoW Bot Case -- MDY Industries v. Blizzard
[Post by Venkat, with comments from Eric]
MDY Industries, LLC v. Blizzard Entertainment, Nos. 09-15932 & 16044 (9th Cir. Dec. 14, 2010)
The Ninth Circuit issued its opinion in the Blizzard Glider "bot" case, which is one of three cases in the Ninth Circuit that tackle the license vs. sale issue and what conditions the licensor can put in place. Vernor v. Autodesk, was the first, and Augusto v. BMG is still pending. The Blizzard ruling also covers some other ground in addition to the license vs. sale issue, including: (1) what parts of a licensing agreement support infringement claims (as opposed to breach of contract claims) and (2) the scope of a DMCA claim under section 1201. It will be interesting to see the effect of the case on two big cases from the Federal Circuit: Jacobsen v. Katzer (an open source case involving model train sets) and The Chamberlain Group v. Skylink Technologies (a garage door opener DMCA case). It took me a couple of times to read this case - it made my head spin!
The crux of the Blizzard dispute is that MDY made available a "bot" which World of Warcraft players could use to advance through levels without actually playing the game. Blizzard alleged that players' use of the Glider "bot" infringed on Blizzard's copyright (because the end user agreement contained a restriction on playing the game using a bot or other automated means), and Blizzard asserted claims for secondary infringement against MDY based on this. Blizzard also implemented measures (a software program ominously called the "Warden") to detect Glider's operation, which MDY allegedly circumvented. Blizzard asserted a DMCA claim based on this.
Copyright Infringement: Blizzard argued that MDY was secondarily liable for infringement by the players who used the bot. Blizzard's claims of infringement focused on the RAM copy made in the course of playing the game. If the transaction between Blizzard and the players was a sale, the players could take advantage of the "essential step defense," under which there is no infringement for copies that are created and used "as an essential step in the [use] of the program." (section 117(a)) The threshold question was whether WoW players were licensees or owners of the particular copies of the software that they had purchased. Applying Vernor v. Autodesk, the court concludes that the players are licensees and therefore, the RAM copies may be infringing unless they are licensed.
WoW License Agreement: Whether or not the bot-using players infringed turns on the terms of the WoW EULA. The court runs through the EULA process (which looks leak-proof) and then turns to the question of whether a violation of the no-bot provision of the license constitutes infringement. The court distinguishes between "covenants" and "conditions" -- violations of covenants are actionable as breaches of contract and violations of conditions are actionable as infringement. (A copyright infringement lawsuit has obvious advantages, such as statutory damages and injunctive relief, and in this case, infringement would have been a hook for Blizzard to hold MDY derivatively liable.) Ultimately, the court concludes that infringement by breach of a condition occurs only where the licensee:
exceeds the scope of the license in a manner that implicates one of the licensor's exclusive statutory rights.
With respect to Glider, the court holds: "Glider does not infringe any of Blizzard's exclusive rights. For instance, the use does not alter or copy WoW software." End result, no infringement by end users and no liability for infringement to MDY. But that wasn't the end of the story.
Blizzard's DMCA Claims: Although the court took a restrictive view of what violations of a license constitute copyright infringement, the court took an opposite approach with respect to Blizzard’s DMCA claim. The key question here was whether the cause of action created under section 1201(a) was "linked" to copyright infringement, or whether it created a totally separate cause of action. Blizzard implemented measures which prevented access to the game while the bot was in operation, but these measures did not prevent copyright infringement by the players (per the court's conclusion on the covenant/condition issue discussed above). The court concludes that regardless of whether the underlying use is infringing, anti-circumvention of a measure that restricts mere access to a work can support DMCA liability under section 1201. The court repudiates the Federal Circuit's approach in Chamberlain, the infamous garage door case, and concludes that:
a fair reading of the statute . . . indicates that Congress created a distinct anti-circumvention right under section 1201(a) without an infringement nexus requirement.
According to the court, Glider violated 1201(a) with respect to WoW's "dynamic non-literal elements" -- i.e. "the real-time experience of traveling through different world, hearing their sounds, viewing their structures, encountering their inhabitants and monsters, and encountering other players." The court found no violation with respect to the source code or actual audiovisual elements of the game because the anti-circumvention measures implemented by Blizzard did not effectively restrict access to these.
__
This case made my head spin. Eric discusses more of the opinion's messiness below, but I wanted to offer a few quick comments.
1. Application of Autodesk to determine sale/license: the Ninth Circuit recently decided Vernor v. Autodesk where it ruled that Autodesk CAD software was licensed and not sold to its clients. One question the Autodesk decision raised is how the analysis would play out in other contexts -- i.e., where the software is less expensive, off-the-shelf, and looks more like a license. Surprisingly, the court here didn't spend much time on this, giving just one page to the treatment of the license/sale issue.
2. RAM copies and the essential step defense: The court's opinion contains this zinger:
Since WoW players, including Glider users, do not own their copies of the software, Glider users may not claim the essential step defense. 17 U.S.C. § 117(a)(1). Thus, when their computers copy WoW software into RAM, the players may infringe unless their usage is within the scope of Blizzard’s limited license.
Whether it's a matter of clunky legislative drafting or otherwise, the conclusion that people who purchase copies of software can be held liable for RAM copies that are necessary to utilize the program (i.e., "an essential step in the utilization of the computer program") is remarkable. If you were to accept the court's conclusion, I don't see much utility for section 117(a)(1) at this point. If section 117(a)(1) is not available to licensees, not many people are going to be able to take advantage of it.
3. The covenant/condition distinction: The court's conclusion that a breach of a license agreement term can constitute copyright infringement only where the licensee exceeds the scope of the license "in a manner that implicates . . . the licensor's exclusive statutory rights" drastically narrows the scope of available claims for copyright infringement in the licensing context. One big question this raises is how this squares with Jacobsen v. Katzer [pdf] where the federal circuit held that a failure to comply with certain open source attribution and "modification transparency" requirements constitute copyright infringement. The Ninth Circuit's opinion in Blizzard contains some pretty restrictive language with respect to the covenant/condition issue (the breach of license must be "in a manner that implicates one of the licensor's statutory rights"). Katzer, in contrast, referenced the fact that the requirements would inform downstream users and generate awareness for the incubation page which would further the "economic goal" of the copyright holder. How would Jacobsen have fared under the Ninth Circuit's standard in Blizzard? A 2008 EFF blog post by Michael Kwun flags the tension between the two decisions: "Condition or Covenant, and Why Should You Care?"
4. The DMCA Claim: What the Ninth Circuit taketh away with the copyright analysis, it giveth back with the DMCA analysis. After concluding that use of Glider while playing WoW does not cause the players to infringe, the court concludes that MDY violated the DMCA when it circumvented Warden. Here is the crux of Chamberlain [pdf]:
the anticircumvention provisions convey no additional property rights in and of themselves; they simply provide property owners with new ways to secure their property.
The obvious concern here is that the parade of horribles (and absurd claims) that Chamberlain warns of will come to pass if courts allow anti-circumvention claims that are divorced from copyright claims, as the court did here.
Related posts:
"Vernor v. Autodesk--Does the Right to Possession Distinguish Between Sales and Licenses?"
"Software Vendor Trumps First Sale Doctrine via License--Vernor v. Autodesk"
Other coverage:
paidContent: "New Ruling Will Impact Software Licensing Agreements"
Wired: "Court Upholds Ban on World of Warcraft Bot"
_______________
Eric's comments:
Before I go off the rails here, let me start with the only piece of good news: I think the court reached the right result in finding for Blizzard and against MDY. I'll probably get some flack for that position, but I thought it was reasonably clear that MDY could not do what it did. As a result, if the panel had simply affirmed the lower court per curiam and vacated the lower court's opinion, I would have viewed this outcome as appropriate.
(This assessment differs from my normative view. I understand that Glider posed some potential problems for WoW gameplay, but I think Blizzard overreacted. At minimum, Blizzard should thank MDY for showing the existence of an underserved market segment worth millions of dollars. The fact that Blizzard doesn't directly capitalize on that market demand, such as by setting up a “fast play” WoW on servers separate from the normal WoW, puzzles me).
Unfortunately, the Ninth Circuit panel attempted to explain *why* it was ruling for Blizzard, and everything went to hell.
Nevertheless, I'd be more upset about this opinion if I actually believed it. The Ninth Circuit clearly makes up Internet law with each new case and each new panel, so I have no reason to think this opinion will stick any more than the dozens of other implicitly reversed Internet law opinions from the Ninth Circuit over the past 15 years. Because I think this opinion's predictive power for the next opinion is so low, I don't really believe this panel means what it says. At least, I choose not to believe it. This would be a great opinion to take en banc, although that would probably only further solidify the doctrinal disasters lurking in this opinion.
The opinion gets itself into trouble for a number of reasons, but the biggest reason IMO is that the opinion dances around the seminal cyberlaw issue of whether web browsing is infringement. We all know what copyright law says, and should say, about browsing. So long as copies into RAM are putatively infringing unless there's a defense, current copyright law says browsing can be infringement. Copyright law *should* say that browsing isn't infringement, which would eliminate some pressure that caused the court to engage in doctrinal gymnastics here.
This was not exactly a browsing-as-infringement case because Blizzard also licensed client-side software that facilitated player access to the copyrighted materials on WoW servers. However, as more websites load client-side software as part of web browsing, that distinction may be diminishing. Plus, Glider didn't modify Blizzard's client-side software; it only interacted with Blizzard's servers. As a result, Glider was part of the way players browsed Blizzard's web service.
Perhaps in response to the problems of treating browsing as copyright infringement, the court makes it clear that violating a website's EULA by browsing would most likely just be a breach of contract, not a copyright infringement. Eliminating browsing as infringement would clean up the problems applying 1201(a) because it would not treat browsing as "accessing" copyrighted works on web pages. To take this issue off judges’ minds, we would benefit from a statutory amendment saying that web browsing isn't infringement.
Treating a software license breach as sometimes creating copyright infringement and other times creating solely a breach of contract isn't new legal doctrine, but it's problematic. It does ameliorate concerns about oppressive but marginally relevant license terms buried in EULAs; in many cases, this opinion says those terms can’t be enforced via the coercive power of copyright remedies. However, trying to cleave between infringement-related and other contract restrictions sounds like a litigation morass; and I'm unclear if fancy drafting (e.g., stating that all EULA covenants are conditions on the software license) is an all-too-easy workaround. See, e.g., the provision where the court says "Although ToU § 4 is titled, 'Limitations on Your Use of the Service,' nothing in that section conditions Blizzard’s grant of a limited license on players’ compliance with ToU § 4’s restrictions." By inference, simple changes in EULA drafting could change this calculus.
I also wonder how this ruling affects open source licenses. The Jacobsen v. Katzer case held that an open source license was a condition on the enjoyment of the copyrighted software. The Jacobsen case didn't directly address the fact that the open source license failed to meet basic contract formation requirements. To the extent this case indicates that some software license agreement breaches are only contract breaches, not conditions on the enjoyment of copyright, this case leads to one of two outcomes, both of which are weird. Either (a) the "conditions" in open source licenses are not subject to the rules in this case, in which case provisions not included in a binding contract will be more enforceable than provisions in properly formed software license agreements (a result that can't be right), or (b) conditions in open source licenses are equally enforceable as software license agreements, in which case some provisions of open source licenses are enforceable only as contract breaches--but since open source licenses usually aren't properly formed as contracts, those provisions will be effectively unenforceable. Either result seems like a catalyst for anarchy.
In addition to these issues, I'll reiterate two other obvious areas of mischief noted by Venkat:
1) By reiterating Vernor's standards for ownership vs. license of material, this case does not reduce the risks that copyright owners will contractually eliminate the first sale doctrine for copyright-containing chattels (such as books) by characterizing the copyrighted material transfer as a license. I'm still hoping the UMG v. Augusto case gives us some better news on this front.
2) The court's standards for a 1201(a) circumvention raise all of the anti-competitive concerns we feared with the Chamberlain case where two independently manufactured chattel (which contain software) need to make an electronic handshake with each other. This happens all the time for interoperability purposes, including the sale of replacement or complementary goods. The court punts on the antitrust issue:
Concerning antitrust law, we note that there is no clear issue of anti-competitive behavior in this case because Blizzard does not seek to put a direct competitor who offers a competing role-playing game out of business and the parties have not argued this issue. If a § 1201(a)(2) defendant in a future case claims that a plaintiff is attempting to enforce its DMCA anti-circumvention right in a manner that violates antitrust law, we will then consider the interplay between this new anti-circumvention right and antitrust law.
Only time, and future Ninth Circuit panel flip-flops, will tell us if these fears will come to pass.
Posted by Venkat at 09:41 AM | Copyright , Derivative Liability , Licensing/Contracts , Virtual Worlds
November 30, 2010
Another Ruling Challenging "Check the Website for Amendments" Contract Provisions--Roling v. E*Trade
By Eric Goldman
Roling v. E*Trade Securities LLC, 2010 WL 4916401 (N.D. Cal. Nov. 22, 2010).
The plaintiffs are suing over E*Trade's allegedly unilateral imposition of an account maintenance fee for folks who didn't make at least one quarterly trade. The plaintiffs further allege that E*Trade would liquidate account assets to cover the fee if the account didn't have enough cash. For a very long time I was a E*Trade customer, but I got tired of their frequently imposed and often surprising fees, so I finally moved elsewhere and improved my overall happiness. In light of their abysmal treatment of a longtime customer with not-inconsequential assets (at least, before the markets melted down), I have no love lost for E*Trade's business practices.
This is a Judge Patel opinion. Other well-known opinions by her include the Napster district court rulings and the NFB v. Target ruling about the ADA's applicability to websites. Judge Patel is known for quirky opinions, and this one doesn't disappoint. She discusses E*Trade's contract amendment process while discussing the unjust enrichment claim. Wait, what? Presumably if the contract fails completely, the plaintiffs may have a claim for quasi-contract restitution, but the court's opinion doesn't connect those dots clearly.
However she gets there, she addresses the crucial topic of unilateral contract amendments. She describes E*Trade's agreement as follows:
The brokerage agreement states that “E*TRADE Securities may modify the fee structure at any time by posting a modified structure on its Web site.” Brokerage Agreement § 4(b). The agreement also requires plaintiffs to check E*Trade’s website for modifications to the agreement:
I understand that this Agreement may be amended from time to time by E*TRADE Securities, with revised terms posted on the E*TRADE Financial Web site. I agree to check for updates to this Agreement. I understand that by continuing to maintain my Securities Brokerage Account without objecting to revised terms of this Agreement, I am accepting the terms of the Revised Agreement and I will be legally bound by its terms and conditions.
Judge Patel continues: "plaintiffs allege that E*Trade’s unilateral ability to change contract terms, without notice, and the requirement that they periodically check the terms of the contract is problematic. Although magic words are not used, the allegations are sufficient to allege a claim for unenforceability."
Oddly, Judge Patel does not cite Douglas v. Talk America, the directly applicable Ninth Circuit case on point that seems to support her position. This may reflect her attempts to apply New York law rather than CA law, but even so, it would have been an appropriate citation. She also does not cite the highly relevant Texas district court opinion in Harris v. Blockbuster, which also would have supported her conclusion.
She does attempt to distinguish several cases cited by E*Trade to support the unilateral amendment clause, mostly on the grounds that the other provisions required the web vendors to notify their users before the amendment applied while this case relates to allegedly unannounced fee changes. This, for example, described her treatment of TradeComet v. Google. As I mentioned in my post on that case, I think the TradeComet ruling makes more sense as a B2B ruling, so the discussion doesn't fit B2C contracts very well. Judge Patel also tries to distinguish MySpace v. theglobe, although I thought her treatment of that case was weak; she should have just gone ahead and say the case reached the wrong result (which I think it did).
As a net effect, the court puts E*Trade behind the eight ball because it used a contract provision that allowed it to make unilateral changes simply by posting them to its website. In my Harris v. Blockbuster blog post from a year and a half ago, I wrote:
STOP PUTTING CLAUSES INTO YOUR CONTRACTS THAT SAY YOU CAN AMEND THE CONTRACT AT ANY TIME IN YOUR SOLE DISCRETION BY POSTING THE REVISED TERMS TO THE WEBSITE
This language has a significant risk of killing the entire contract, which would strip away a lot of very important provisions that should be/need to be in the contract. So far Blockbuster has only lost its mandatory arbitration clause, but it's possible other important risk management clauses (warranty disclaimer, liability limits, dollar caps, etc.) will similarly fall. If those clauses fail, let the plaintiff feasting begin!
I'm pretty sure some readers of this blog have resisted my exhortations because, as I discussed in the Harris post, the options for web vendors to manage their business over time without such a flexible clause aren't great. But, you are not doing your clients any favors by taking this approach. Instead, you are leaving your clients vulnerable to crafty plaintiffs' lawyers who may shred your contract formation process, leaving your client very, very exposed. It's high time to evaluate alternative amendment process options.
Although it might be tempting to read the opinion this way, I don't think it stands for the proposition that websites can't unilaterally change the fees they charge to customers. Websites presumably need to give customers adequate advance notice of such fee increases (and, presumably, the chance to bail out) before charging the new fee, but that seems like a logical customer relations approach even if not required by law. Note, however, in this case, E*Trade's ability to change its fees was coupled with a clause saying it could amend its agreement unilaterally by posting the changes to the website. In my opinion, it's that additional provision that creates the problem for E*Trade. We'd have to see what a court did with a website's unilateral fee increase not coupled with the broader contract amendment clause. That isn't the case before this judge.
Posted by Eric at 07:24 AM | Licensing/Contracts | TrackBack
November 17, 2010
Anti-Bot Restrictions Aren't Copyright Misuse--Oracle v. Rimini Street
By Eric Goldman
Oracle USA, Inc. v. Rimini Street, Inc., 2:10-CV-00106-LRH-PAL (D. Nev.). Decision on Rimini Street's motion to dismiss, Aug. 13, 2010. Decision on Oracle's motion to dismiss Rimini Street's counterclaims, Oct. 29, 2010.
As the world watches the Oracle v. SAP spectacle, a very similar Oracle enforcement action is playing out more quietly. The commonalities are not an accident; one of the principals from TomorrowNow, Seth Ravin, subsequently started up defendant Rimini Street and allegedly has engaged in the same shenanigans that got TomorrowNow and its parent SAP into so much trouble. As the court recaps things, "Plaintiffs allege that Rimini Street illegally downloaded Oracle's software and support materials by logging on to Oracle's password protected websites using a customer's individual login credentials, and downloading materials in excess of that customer's authorized license agreement....Further, Rimini Street allegedly copied this software, in order to offer low-cost support to other Oracle customers and induce them to cancel their support contracts with Oracle in favor of Rimini Street."
In August, the court ruled on the defense's motion to dismiss most of the claims, which goes almost nowhere. The court ends the negligent interference with prospective economic advantage but all of Oracle's other challenged claims survive, including the CFAA, Cal. Penal Code 502, Nevada computer crimes, and trespass to chattels claims (the latter because Oracle "alleged facts indicating that Defendants' conduct, including use of search crawlers, impaired the ability of Oracle America's network systems and information databases to function properly"). The court rejected Rimini Street's "we're just a proxy of our customers" defense in upholding the contract breach inducement claim based on getting customer passwords and rooting around Oracle's customer support database.
In October, the court knocked out most of Rimini Street's counterclaims against Oracle. The most interesting discussion relates to Rimini Street's allegations that Oracle engaged in copyright misuse based on two facts: (1) Oracle's license agreement restricts customers from automated downloads of customer support materials, and (2) Oracle's public website of customer support materials is so poorly designed that customers need the paid maintenance program to find the materials they actually need. The court rejects these arguments. It says:
The alleged limits on massive automated downloads of Oracle Software and Support materials falls squarely within the scope of Oracle's right to control reproduction and distribution of copyrighted works....Further, the alleged limitation of crawlers and other automated search tools, which are the core of Rimini Street's business activities, is only a limitation on third-party business models and is not a restriction on Oracle customers. The licensing agreement does not preclude a customer from using either a competing company or no company at all to access its support materials. As such, it does not constitute copyright misuse.
This seems like an odd distinction to make, but it's a sign the judge isn't really interested in Rimini Street's arguments.
I'm not exactly sure I understand Rimini Street's litigation game plan. If Oracle can prove its facts, Rimini Street appears to be in serious legal trouble, and these two rulings are hardly encouraging to Rimini Street. I'm also curious if the DOJ will consider criminal prosecutions here, a possibility that remains open in the SAP/TomorrowNow situation.
Posted by Eric at 09:01 AM | Copyright , Licensing/Contracts , Trespass to Chattels | TrackBack
November 04, 2010
Facebook Not Liable for Account Termination--Young v. Facebook
By Eric Goldman
Young v. Facebook, 2010 WL 4269304 (N.D. Cal. Oct. 25, 2010). The initial complaint.
Kashmir Hill covered the initial complaint filing in this ca